From rforno at infowarrior.org Sun Aug 1 09:28:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Aug 2010 10:28:55 -0400 Subject: [Infowarrior] - Cops love iPhone data trail Message-ID: <1C63AD3F-E952-46A0-9C38-B13BCD2495DB@infowarrior.org> Cops love iPhone data trail EVIDENCE NEVER DELETED | Criminals who use device may be left without alibi http://www.suntimes.com/news/metro/2553828,CST-NWS-iphone01.article August 1, 2010 BY AMBER HUNT Detective Josh Fazio of the Will County Sheriff's Department loves it when an iPhone turns up as evidence in a criminal case. The sophisticated cell phone and mobile computer is becoming as popular with police as it is with consumers because it can provide investigators with so much information that can help in solving crimes. "When someone tells me they have an iPhone in a case, I say, 'Yeah!' I can do tons with an iPhone," said Fazio, who works in the sheriff's department high-tech crimes unit. The iPhones generally store more data than other high-end phones -- and investigators such as Fazio frequently can tap in to that information for evidence. And while some phone users routinely delete information from their devices, that step is seldom as final as it seems. "When you hit the delete button, it's never really deleted," Fazio said. The devices can help police learn where you've been, what you were doing there and whether you've got something to hide. Former hacker Jonathan Zdziarski, author of iPhone Forensics (O'Reilly Media) for law enforcement, said the devices "are people's companions today. They organize people's lives." And if you're doing something criminal, something about it is probably going to go through that phone: ? Every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it. Savvy law-enforcement agents armed with search warrants can use those snapshots to see if a suspect is lying about whereabouts during a crime. ? iPhone photos are embedded with GEO tags and identifying information, meaning that photos posted online might not only include GPS coordinates of where the picture was taken, but also the serial number of the phone that took it. ? Even more information is stored by the applications themselves, including the user's browser history. That data is meant in part to direct custom-tailored advertisements to the user, but experts said some of it could be useful to police. Clearing out user histories isn't enough to clean the device of that data, said John B. Minor, a member of the International Society of Forensic Computer Examiners. Just as users can take and store a picture of their iPhone's screen, the phone itself automatically shoots and stores hundreds of such images as people close out one application to use another. "Those screen snapshots can contain images of e-mails or proof of activities that might be inculpatory or exculpatory," Minor said. ? The keyboard cache logs everything that you type in to learn autocorrect so that it can correct a user's typing mistakes. Apple doesn't store that cache very securely, Zdziarski contended, so someone with know-how could recover months of typing in the order in which it was typed, even if the e-mail or text it was part of has long since been deleted. Sometimes, the phones can help even if the case isn't a matter of life or death. In Kane County, the sheriff's department used GPS information from one of the phones to help reunite a worried father with his runaway daughter, who was staying at a friend's house. "His daughter felt comfortable at the house because she did not think her parents knew where she was, and she actually answered the door. She was a bit surprised as to the fact that [her] dad found her," said Lt. Pat Gengler, a spokesman for the sheriff's department. Gannett News Service with Sun-Times reporter Dan Rozek From rforno at infowarrior.org Sun Aug 1 11:52:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Aug 2010 12:52:39 -0400 Subject: [Infowarrior] - MD police double-standard Message-ID: Key quote: "Remarkably, the state Attorney General has already opined that when police record in public, that is not a private conversation subject to the same laws. In other words, in any public interaction between a police officer and a member of the public in Maryland, it is private for one of them but not the other." Man faces jail for videotaping gun-waving cop http://www.boingboing.net/2010/08/01/man-faces-jail-for-v.html Police officer Joseph Uhler was caught on film charging out of his unmarked car and waving his gun at a unarmed motorcyclist pulled over for speeding. When the footage was uploaded to YouTube, authorities raided Anthony Graber's home, siezed his computers, arrested him, and charged him with "wiretapping" offenses that could land him in jail for 16 years. Glyn writes in: The ACLU of Maryland is defending Anthony Graber, who potentially faces 16 years in prison if found guilty of violating state wiretap laws because he recorded video of an officer drawing a gun during a traffic stop ACLU attorney "To charge Graber with violating the law, you would have to conclude that a police officer on a public road, wearing a badge and a uniform, performing his official duty, pulling someone over, somehow has a right to privacy when it comes to the conversation he has with the motorist ...Indeed, Maryland contends that Uhler had a reasonable expectation of privacy while waving his gun around in public and yelling at a motorist with a giant video camera mounted on the top of his helmet. Remarkably, the state Attorney General has already opined that when police record in public, that is not a private conversation subject to the same laws. In other words, in any public interaction between a police officer and a member of the public in Maryland, it is private for one of them but not the other. "We have looked, and have not been able to find a single court anywhere in the country that has found an expectation of privacy for an officer in such circumstances," writes the ACLU. From rforno at infowarrior.org Sun Aug 1 17:53:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Aug 2010 18:53:30 -0400 Subject: [Infowarrior] - JailbreakMe.com All iOS Device Jailbreak Released for iPhone 4/3GS/3G Message-ID: <38DA10F3-FE42-436C-AAD1-E44DB54A39D1@infowarrior.org> JailbreakMe.com All iOS Device Jailbreak Released for iPhone 4/3GS/3G by Gary on August 1st, 2010 http://www.iphoneincanada.ca/unlocking/jailbreakme-com-all-ios-device-released-for-iphone-4-3gs-3g/ Whoa. This brings back some amazing memories. For those who used the original iPhone and remember using the jailbreak website JailbreakMe.com?it?s back! I used JailbreakMe.com to jailbreak my iPhone on 1.1.1 in December of 2007 (holy that was a long time ago!). The site has been updated by @comex to jailbreak your iPhone 4/3GS/3G on iOS 4.0/4.1 and will even work for your iPad on iOS 3.2/3.2.1. All you have to do is visit the following website within mobile Safari on your iPhone: http://www.jailbreakme.com (seems to be slammed right now by traffic) The following mirror seems to be working: http://www.jailbreakme.modmyi.com/ I haven?t tried this yet. Use at your own risk of course. Some people seem to be stuck at the space wallpaper. But keep up with all the updates in this thread in the iPhoneinCanada.ca Forums! From rforno at infowarrior.org Mon Aug 2 06:56:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Aug 2010 07:56:00 -0400 Subject: [Infowarrior] - Indonesia Finds Banning Pornography Is Difficult Message-ID: <0B3F69F1-4ECA-4AED-8AD7-BD74731B6622@infowarrior.org> Ya THINK???? -rick August 1, 2010 Indonesia Finds Banning Pornography Is Difficult http://www.nytimes.com/2010/08/02/technology/02iht-indoporn02.html By AUBREY BELFORD GILI MENO, INDONESIA ? As one of the heads of the Indonesian Internet Service Provider Association, Valens Riyadi knows he has his work cut out for him. Last month, the country?s information minister, Tifatul Sembiring, said that local service providers would have to start blocking online pornography by the Muslim fasting month of Ramadan, which starts Aug. 11. That deadline is fast approaching, and Mr. Riyadi says he still has no idea how he is going to put a filter in place. ?It?s really a hard thing to do in technical terms,? he said. ?For me, it?s almost an impossible task.? Mr. Sembiring has won plaudits for pledging to curb online pornography in this Muslim-majority democracy of 240 million people, and for following regional peers like China, Thailand and Singapore into the fraught world of Internet screening. But the problem, Mr. Riyadi says, is that the minister?s plan is really no plan at all. No official decree has been issued, no list of banned sites has been published and no details have surfaced on who will pay for monitoring and screening of Web sites. The minister has, however, threatened the roughly 230 Internet service providers in Indonesia with closure if they fail to block pornographic sites for the country?s 40 million Internet users. Mr. Riyadi, laughing with exasperation, said service providers might be able to scrape together a block of ?famous pornographic Web sites? in the coming weeks ? roughly 10 percent of such content. Service providers might be able to block 50 percent of online pornography in the months ahead, he said, if they were lucky. The debate over Internet screening here has been intense. Early this year, Mr. Sembiring proposed a decree that would impose screening of sites with illegal content, including pornography, gambling and blasphemy. He based his proposal in part on two laws concerning information technology and pornography that were passed in 2008, but the announcement led to howls of opposition from secularists and free-speech advocates. The uproar from civil society groups and in the rambunctious Indonesian media, one of the freest in Asia, prompted Indonesia?s president, Susilo Bambang Yudhoyono, to rebuff the plan. But in June, a series of videos emerged online that allegedly showed the popular rock singer Nazril Irham, known as Ariel, having sex with two female celebrities. Amid the wild popularity of the videos and blanket media coverage of the scandal, in which the celebrities and a number of other people were declared suspects accused of breaking laws on criminal pornography and indecency, Mr. Sembiring revived the screening plan ? this time with backing from the president. Mr. Sembiring says the plan will work, and in time for the fasting month. During an interview, he said that service providers would adopt a government keyword filtering system known as Trust Positif, which is already in use in many of the government?s computer networks. ?Not all of the sites, all of the pornographic content, will be gone from the Internet,? said Mr. Sembiring, a politician from the Prosperous Justice Party, a conservative Islamic group that is a member of the president?s governing coalition. ?But step by step, we?re trying to filter pornographic content.? The filter would begin with pornography and would later be expanded to other undesirable sites. Since the keyword list has already been in use for government departments, he said, ?I think after one month, our frequency of updating will be low.? But for Mr. Riyadi, of the I.S.P. association, the plan is simply unworkable. Blocking sites by keywords might be feasible for small networks, but it is a tricky task for larger ones, he said. Service providers would have to collectively spend as much as 500 billion rupiah, or $56 million, to install proxy, or intermediate, servers to house the filters, he said. Mr. Riyadi added that the proxy servers might not even work, and that if they did, it could slow the access to overseas Web sites by 20 percent to 30 percent, he said. Mr. Riyadi said the way forward would be for the government to put together a list of blocked addresses, a laborious process that would involve tens of millions of restricted pages. But such a list has not been made public, despite requests. ?I guess he?s gotten the wrong technical data from his staff,? he said. For Hasan Yahya, a business consultant and blogger, the screening plan threatens both free speech and Indonesia?s Internet industry. Although there are hundreds of service providers in the country, the majority of people are clients of Telkom, the state-linked giant, and a handful of other, private operators. Making service providers assume the burden of screening will squeeze smaller operators hard, Mr. Yahya said. Mr. Sembiring ?is a Taliban copying what he thinks he knows from China,? Mr. Yahya said. ?It?s hardly the example that we want to copy for this young and fragile democracy.? Besides, Mr. Yahya said, the plan is so vague and technically unfeasible that it will probably not even work. Unlike China or Singapore, Indonesia, with its roughly 17,000 islands, has no centralized Web infrastructure and has several links to networks overseas. ?I?d bet you my little finger nobody could make it happen,? Mr. Yahya said. ?Not in the next few months, not in the time frame the minister wants, before Ramadan.? From rforno at infowarrior.org Mon Aug 2 08:00:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Aug 2010 09:00:24 -0400 Subject: [Infowarrior] - Microsoft Quashed Effort to Boost Online Privacy Message-ID: http://online.wsj.com/article/SB10001424052748703467304575383530439838568.html AUGUST 2, 2010 Microsoft Quashed Effort to Boost Online Privacy By NICK WINGFIELD The online habits of most people who use the world's dominant Web browser are an open book to advertisers. That wasn't the plan at first. In early 2008, Microsoft Corp.'s product planners for the Internet Explorer 8.0 browser intended to give users a simple, effective way to avoid being tracked online. They wanted to design the software to automatically thwart common tracking tools, unless a user deliberately switched to settings affording less privacy. That triggered heated debate inside Microsoft. As the leading maker of Web browsers, the gateway software to the Internet, Microsoft must balance conflicting interests: helping people surf the Web with its browser to keep their mouse clicks private, and helping advertisers who want to see those clicks. In the end, the product planners lost a key part of the debate. The winners: executives who argued that giving automatic privacy to consumers would make it tougher for Microsoft to profit from selling online ads. Microsoft built its browser so that users must deliberately turn on privacy settings every time they start up the software. Microsoft's original privacy plans for the new Explorer were "industry-leading" and technically superior to privacy features in earlier browsers, says Simon Davies, a privacy-rights advocate in the U.K. whom Microsoft consulted while forming its browser privacy plans. Most users of the final product aren't even aware its privacy settings are available, he says. "That's where the disappointment lies." Microsoft General Counsel Brad Smith says that in developing the new browsers, the company tried to "synthesize" both points of view about privacy "in a way that advanced both the privacy interests of consumers and the critical role advertising plays in content." Microsoft's decision reveals the economic forces driving the spread of online tracking of individuals. A Wall Street Journal investigation of the practice showed tracking to be pervasive and ever-more intrusive: The 50 most-popular U.S. websites, including four run by Microsoft, installed an average of 64 pieces of tracking technology each onto a test computer. As online advertising grows more sophisticated, companies playing prominent roles in consumers' online experiences have discovered they have access to a valuable trove of information. In addition to Microsoft, such companies include search-engine giant Google Inc., iPhone maker Apple Inc., and Adobe Systems Inc., whose Flash software makes much of the Internet's video, gaming and animation possible. These companies now have a big say in how much information can be collected about individual users. Many also have big stakes in online advertising. Microsoft bought aQuantive, a Web-ad firm, in 2007 for more than $6 billion, to build a business selling ads online. Google, already a giant in online marketing, in September 2008 launched a Web browser, Chrome, that gives it new insight into Internet users' habits. Apple has launched an ad network, iAds, for its iPhone and iPad. And Adobe last year paid $1.8 billion to buy Omniture, which measures the effectiveness of online ads. Executives in Microsoft's new ad business were upset when the designers of Internet Explorer hatched the plan to block tracking activity, say people involved in the debate. At a meeting in the spring of 2008, Brian McAndrews, a Microsoft senior vice president who had been chief executive of aQuantive before Microsoft acquired it, complained to the browser planners. Their privacy plan, he argued, would disrupt the selling of Web ads by Microsoft and other companies, these people say. Mr. McAndrews was taken aback that Explorer planners seemed unwilling to accept input from advertising executives, given that Microsoft had spent $6 billion on a Web-ad firm, according two people who participated in the meeting. Mr. Smith, the general counsel, says Microsoft weighed both sides of the argument in its debate. He says the company was concerned about the effect strict privacy features might have on free sites supported by advertising, including newspaper sites. Such sites, including WSJ.com, use information derived from tracking to sell targeted ads, an important revenue source. Web browsers like Internet Explorer can play an important role in protecting privacy because the software sits between consumers and the array of technologies used to track them online. The best-known of those technologies are browser "cookies," small files stored on users' computers that act as identification tags for them when they visit websites. Some cookies, such as those installed when a user asks a favorite website to remember his password, don't do tracking. Others are installed on computers by companies that provide advertising services to the websites a user visits. These "third-party" cookies can be designed to track a user's online activities over time, building a database of personal interests and other details. The Journal's examination of the top 50 most popular U.S. websites showed that Microsoft placed third-party tracking devices on 27 of the top 46 sites that it doesn't itself own. All the latest Web browsers, including Internet Explorer, let consumers turn on a feature that prevents third-party browser cookies from being installed on their computers. But those settings aren't always easy to find. Only one major browser, Apple's Safari, is preset to block all third-party cookies, in the interest of user privacy. "Only browser developers have the resources and large user bases necessary to create a privacy-friendly version of the Web," says Peter Eckersley, staff technologist with the Electronic Frontier Foundation, a digital-rights advocacy group. Because Internet Explorer is used by so many people?nearly 60% of all Web users?the 2008 decision by planners of the new version to make it easy for users to block tracking could have had a big effect on the marketplace. At the time, the practice of tailoring ads to consumers based on their browsing habits was taking off. Google was in the process of buying DoubleClick Inc., a leader in the placing and tracking of online ads, for $3.1 billion. A coalition of privacy groups was petitioning the Federal Trade Commission to develop stricter policies for preventing advertisers from tracking Web-browsing habits. Companies with stakes in Internet advertising were feeling heat to try to stave off government regulation by voluntarily protecting consumer privacy. Microsoft also was trying to stem the erosion of its browser market share. Internet Explorer, which once had more than 95% of the market, hadn't kept up with competitors. Firefox, a Web browser overseen by the nonprofit Mozilla Foundation, picked up more than 18% of the market by May 2008, helping knock Explorer to 76%, according to NetApplications.com, which tracks browser use. The browser planners at Microsoft believed aggressive new privacy features could help differentiate the new Internet Explorer from rivals, according to several current and former Microsoft executives. The planners, led by Microsoft veteran Dean Hachamovitch, came up with a concept for preventing consumer tracking. A new feature would monitor where each piece of content on a visited Web page was originating on the Internet?every picture, video or chunk of text. The feature would pay special attention to content from "third party" Internet addresses?addresses different from the one a user sees in the address bar at the top of the browser. Some of that third-party content could be innocuous things like YouTube video clips displayed on the Web page, which viewers presumably wouldn't want to block. Other items might be tracking tools such as Web "beacons," snippets of code embedded in the page that can monitor the clicks of visitors, or even record their keystrokes. Users might want such tracking tools blocked automatically. The Internet Explorer planners proposed a feature that would block any third-party content that turned up on more than 10 visited websites, figuring that anything so pervasive was likely to be a tracking tool. This, they believed, was a more comprehensive approach to privacy than simply turning off browser cookies, one that would thwart other tracking methods. The group also planned to design the Internet Explorer set-up process so that it guaranteed the privacy feature would be used by most people. View Full Image When he heard of the ideas, Mr. McAndrews, the executive involved with Microsoft's Internet advertising business, was angry, according to several people familiar with the matter. Mr. McAndrews feared the Explorer group's privacy plans would dramatically reduce the effectiveness of online advertising by curbing the data that could be collected about consumers. He heard about the proposal through back channels rather than directly from the browser planners, these people say, which surprised him given its implications. Some people who worked in the browser group acknowledge that they should have been more upfront about their intentions. Mr. McAndrews later left the company. "We were worried it was going to cause a stampede" away from tracking technologies, says an executive who worked with Mr. McAndrews. "It was an act with the potential to reverberate across the industry." The browser group and its manager, Mr. Hachamovitch, tried to hold their ground. They were reluctant to let advertising executives interfere with the new Explorer design, according to people involved in the debate. Microsoft said that Mr. Hachamovitch and other members of the planning group wouldn't comment on the matter. The debate widened after executives from Microsoft's advertising team informed outside advertising and online-publishing groups of Microsoft's privacy plans for Explorer. Microsoft Chief Executive Steve Ballmer assigned two senior executives, chief research and strategy officer Craig Mundie and the general counsel, Mr. Smith, to help referee the debate, according to Peter Cullen, Microsoft's chief privacy strategist. Surfing the Internet kickstarts a process that passes information about you and your interests to tracking companies and advertisers. See how it works. The two men convened a four-hour meeting in Mr. Mundie's conference room in late spring 2008 to allow outside organizations to voice their concerns, including the Interactive Advertising Bureau, the Online Publishers' Association and the American Association of Advertising Agencies. One of the attendees, Interactive Advertising Bureau Chief Executive Randall Rothenberg, says he was worried that Explorer's proposed privacy features would block not just the collection of consumer data, but also the delivery of some Web advertisements themselves. He says the features "seemed to equate the delivery of advertisements with privacy violations." He was especially troubled, he says, by the prospect of Microsoft turning the features on for all consumers, by default. One other consideration: Some Microsoft executives were concerned that the preset-privacy plan might jeopardize support among ad-industry organizations that Microsoft wanted to rally against a proposed advertising deal between Google and Yahoo Inc., says a former Microsoft executive. A Microsoft spokeswoman declined to comment on that issue. U.S. regulators ended up blocking the deal. The former Microsoft executive says he had never before experienced a debate at Microsoft "so driven by external influences and conflicting priorities to protect users" as the tussle over the Explorer privacy controls. "It was a healthy debate," says Mr. Smith, the general counsel, with "well-informed views by people who are passionate." When Microsoft released the browser in its final form in March 2009, the privacy features were a lot different from what its planners had envisioned. Internet Explorer required the consumer to turn on the feature that blocks tracking by websites, called InPrivate Filtering. It wasn't activated automatically. What's more, even if consumers turn the feature on, Microsoft designed the browser so InPrivate Filtering doesn't stay on permanently. Users must activate the privacy setting every time they start up the browser. Microsoft dropped another proposed feature, known as InPrivate Subscriptions, that would have let users further conceal their online browsing habits, by automatically blocking Web addresses suspected of consumer tracking if those addresses appeared on "black lists" compiled by privacy groups. Mr. Cullen, Microsoft's chief privacy strategist, says the input of outsiders helped Microsoft strike a balance between privacy and advertising interests. The browser, he says, "was a better product than when it came off the drawing-room floor of the Internet Explorer group." Advertising groups say they were pleased, too. "They ended up with something pretty excellent," says Mr. Rothenberg of the Interactive Advertising Bureau. Write to Nick Wingfield at nick.wingfield at wsj.com From rforno at infowarrior.org Mon Aug 2 09:09:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Aug 2010 10:09:32 -0400 Subject: [Infowarrior] - The Web's New Gold Mine: Your Secrets Message-ID: <50A3B271-E2D9-4307-BB69-F5DF8A23EBBE@infowarrior.org> The Web's New Gold Mine: Your Secrets By JULIA ANGWIN http://online.wsj.com/article/SB10001424052748703940904575395073512989404.html?mod=googlenews_wsj Hidden inside Ashley Hayes-Beaty's computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a penny. The file consists of a single code? 4c812db292272995e5416a323e79bd37?that secretly identifies her as a 26-year-old female in Nashville, Tenn. The code knows that her favorite movies include "The Princess Bride," "50 First Dates" and "10 Things I Hate About You." It knows she enjoys the "Sex and the City" series. It knows she browses entertainment news and likes to take quizzes. "Well, I like to think I have some mystery left to me, but apparently not!" Ms. Hayes-Beaty said when told what that snippet of code reveals about her. "The profile is eerily correct." Ms. Hayes-Beaty is being monitored by Lotame Solutions Inc., a New York company that uses sophisticated software called a "beacon" to capture what people are typing on a website?their comments on movies, say, or their interest in parenting and pregnancy. Lotame packages that data into profiles about individuals, without determining a person's name, and sells the profiles to companies seeking customers. Ms. Hayes-Beaty's tastes can be sold wholesale (a batch of movie lovers is $1 per thousand) or customized (26-year-old Southern fans of "50 First Dates"). "We can segment it all the way down to one person," says Eric Porres, Lotame's chief marketing officer. One of the fastest-growing businesses on the Internet, a Wall Street Journal investigation has found, is the business of spying on Internet users. The Journal conducted a comprehensive study that assesses and analyzes the broad array of cookies and other surveillance technology that companies are deploying on Internet users. It reveals that the tracking of consumers has grown both far more pervasive and far more intrusive than is realized by all but a handful of people in the vanguard of the industry. ? The study found that the nation's 50 top websites on average installed 64 pieces of tracking technology onto the computers of visitors, usually with no warning. A dozen sites each installed more than a hundred. The nonprofit Wikipedia installed none. ? Tracking technology is getting smarter and more intrusive. Monitoring used to be limited mainly to "cookie" files that record websites people visit. But the Journal found new tools that scan in real time what people are doing on a Web page, then instantly assess location, income, shopping interests and even medical conditions. Some tools surreptitiously re-spawn themselves even after users try to delete them. ? These profiles of individuals, constantly refreshed, are bought and sold on stock-market-like exchanges that have sprung up in the past 18 months. The new technologies are transforming the Internet economy. Advertisers once primarily bought ads on specific Web pages?a car ad on a car site. Now, advertisers are paying a premium to follow people around the Internet, wherever they go, with highly specific marketing messages. In between the Internet user and the advertiser, the Journal identified more than 100 middlemen?tracking companies, data brokers and advertising networks?competing to meet the growing demand for data on individual behavior and interests. The data on Ms. Hayes-Beaty's film-watching habits, for instance, is being offered to advertisers on BlueKai Inc., one of the new data exchanges. "It is a sea change in the way the industry works," says Omar Tawakol, CEO of BlueKai. "Advertisers want to buy access to people, not Web pages." The Journal examined the 50 most popular U.S. websites, which account for about 40% of the Web pages viewed by Americans. (The Journal also tested its own site, WSJ.com.) It then analyzed the tracking files and programs these sites downloaded onto a test computer. As a group, the top 50 sites placed 3,180 tracking files in total on the Journal's test computer. Nearly a third of these were innocuous, deployed to remember the password to a favorite site or tally most-popular articles. But over two-thirds?2,224?were installed by 131 companies, many of which are in the business of tracking Web users to create rich databases of consumer profiles that can be sold. The top venue for such technology, the Journal found, was IAC/InterActive Corp.'s Dictionary.com. A visit to the online dictionary site resulted in 234 files or programs being downloaded onto the Journal's test computer, 223 of which were from companies that track Web users. The information that companies gather is anonymous, in the sense that Internet users are identified by a number assigned to their computer, not by a specific person's name. Lotame, for instance, says it doesn't know the name of users such as Ms. Hayes-Beaty?only their behavior and attributes, identified by code number. People who don't want to be tracked can remove themselves from Lotame's system. And the industry says the data are used harmlessly. David Moore, chairman of 24/7 RealMedia Inc., an ad network owned by WPP PLC, says tracking gives Internet users better advertising. "When an ad is targeted properly, it ceases to be an ad, it becomes important information," he says. Tracking isn't new. But the technology is growing so powerful and ubiquitous that even some of America's biggest sites say they were unaware, until informed by the Journal, that they were installing intrusive files on visitors' computers. The Journal found that Microsoft Corp.'s popular Web portal, MSN.com, planted a tracking file packed with data: It had a prediction of a surfer's age, ZIP Code and gender, plus a code containing estimates of income, marital status, presence of children and home ownership, according to the tracking company that created the file, Targus Information Corp. Both Targus and Microsoft said they didn't know how the file got onto MSN.com, and added that the tool didn't contain "personally identifiable" information. Tracking is done by tiny files and programs known as "cookies," "Flash cookies" and "beacons." They are placed on a computer when a user visits a website. U.S. courts have ruled that it is legal to deploy the simplest type, cookies, just as someone using a telephone might allow a friend to listen in on a conversation. Courts haven't ruled on the more complex trackers. The most intrusive monitoring comes from what are known in the business as "third party" tracking files. They work like this: The first time a site is visited, it installs a tracking file, which assigns the computer a unique ID number. Later, when the user visits another site affiliated with the same tracking company, it can take note of where that user was before, and where he is now. This way, over time the company can build a robust profile. One such ecosystem is Yahoo Inc.'s ad network, which collects fees by placing targeted advertisements on websites. Yahoo's network knows many things about recent high-school graduate Cate Reid. One is that she is a 13- to 18-year-old female interested in weight loss. Ms. Reid was able to determine this when a reporter showed her a little-known feature on Yahoo's website, the Ad Interest Manager, that displays some of the information Yahoo had collected about her. Yahoo's take on Ms. Reid, who was 17 years old at the time, hit the mark: She was, in fact, worried that she may be 15 pounds too heavy for her 5-foot, 6-inch frame. She says she often does online research about weight loss. "Every time I go on the Internet," she says, she sees weight-loss ads. "I'm self-conscious about my weight," says Ms. Reid, whose father asked that her hometown not be given. "I try not to think about it?. Then [the ads] make me start thinking about it." Yahoo spokeswoman Amber Allman says Yahoo doesn't knowingly target weight-loss ads at people under 18, though it does target adults. "It's likely this user received an untargeted ad," Ms. Allman says. It's also possible Ms. Reid saw ads targeted at her by other tracking companies. Information about people's moment-to-moment thoughts and actions, as revealed by their online activity, can change hands quickly. Within seconds of visiting eBay.com or Expedia.com, information detailing a Web surfer's activity there is likely to be auctioned on the data exchange run by BlueKai, the Seattle startup. Each day, BlueKai sells 50 million pieces of information like this about specific individuals' browsing habits, for as little as a tenth of a cent apiece. The auctions can happen instantly, as a website is visited. Spokespeople for eBay Inc. and Expedia Inc. both say the profiles BlueKai sells are anonymous and the people aren't identified as visitors of their sites. BlueKai says its own website gives consumers an easy way to see what it monitors about them. Tracking files get onto websites, and downloaded to a computer, in several ways. Often, companies simply pay sites to distribute their tracking files. But tracking companies sometimes hide their files within free software offered to websites, or hide them within other tracking files or ads. When this happens, websites aren't always aware that they're installing the files on visitors' computers. Often staffed by "quants," or math gurus with expertise in quantitative analysis, some tracking companies use probability algorithms to try to pair what they know about a person's online behavior with data from offline sources about household income, geography and education, among other things. The goal is to make sophisticated assumptions in real time?plans for a summer vacation, the likelihood of repaying a loan?and sell those conclusions. Some financial companies are starting to use this formula to show entirely different pages to visitors, based on assumptions about their income and education levels. Life-insurance site AccuquoteLife.com, a unit of Byron Udell & Associates Inc., last month tested a system showing visitors it determined to be suburban, college-educated baby-boomers a default policy of $2 million to $3 million, says Accuquote executive Sean Cheyney. A rural, working-class senior citizen might see a default policy for $250,000, he says. "We're driving people down different lanes of the highway," Mr. Cheyney says. Consumer tracking is the foundation of an online advertising economy that racked up $23 billion in ad spending last year. Tracking activity is exploding. Researchers at AT&T Labs and Worcester Polytechnic Institute last fall found tracking technology on 80% of 1,000 popular sites, up from 40% of those sites in 2005. The Journal found tracking files that collect sensitive health and financial data. On Encyclopaedia Britannica Inc.'s dictionary website Merriam-Webster.com, one tracking file from Healthline Networks Inc., an ad network, scans the page a user is viewing and targets ads related to what it sees there. So, for example, a person looking up depression-related words could see Healthline ads for depression treatments on that page?and on subsequent pages viewed on other sites. Healthline says it doesn't let advertisers track users around the Internet who have viewed sensitive topics such as HIV/AIDS, sexually transmitted diseases, eating disorders and impotence. The company does let advertisers track people with bipolar disorder, overactive bladder and anxiety, according to its marketing materials. Targeted ads can get personal. Last year, Julia Preston, a 32-year-old education-software designer in Austin, Texas, researched uterine disorders online. Soon after, she started noticing fertility ads on sites she visited. She now knows she doesn't have a disorder, but still gets the ads. It's "unnerving," she says. Tracking became possible in 1994 when the tiny text files called cookies were introduced in an early browser, Netscape Navigator. Their purpose was user convenience: remembering contents of Web shopping carts. Back then, online advertising barely existed. The first banner ad appeared the same year. When online ads got rolling during the dot-com boom of the late 1990s, advertisers were buying ads based on proximity to content?shoe ads on fashion sites. The dot-com bust triggered a power shift in online advertising, away from websites and toward advertisers. Advertisers began paying for ads only if someone clicked on them. Sites and ad networks began using cookies aggressively in hopes of showing ads to people most likely to click on them, thus getting paid. Targeted ads command a premium. Last year, the average cost of a targeted ad was $4.12 per thousand viewers, compared with $1.98 per thousand viewers for an untargeted ad, according to an ad-industry-sponsored study in March. The Journal examined three kinds of tracking technology?basic cookies as well as more powerful "Flash cookies" and bits of software code called "beacons." More than half of the sites examined by the Journal installed 23 or more "third party" cookies. Dictionary.com installed the most, placing 159 third-party cookies. Cookies are typically used by tracking companies to build lists of pages visited from a specific computer. A newer type of technology, beacons, can watch even more activity. Beacons, also known as "Web bugs" and "pixels," are small pieces of software that run on a Web page. They can track what a user is doing on the page, including what is being typed or where the mouse is moving. The majority of sites examined by the Journal placed at least seven beacons from outside companies. Dictionary.com had the most, 41, including several from companies that track health conditions and one that says it can target consumers by dozens of factors, including zip code and race. Dictionary.com President Shravan Goli attributed the presence of so many tracking tools to the fact that the site was working with a large number of ad networks, each of which places its own cookies and beacons. After the Journal contacted the company, it cut the number of networks it uses and beefed up its privacy policy to more fully disclose its practices. The widespread use of Adobe Systems Inc.'s Flash software to play videos online offers another opportunity to track people. Flash cookies originally were meant to remember users' preferences, such as volume settings for online videos. But Flash cookies can also be used by data collectors to re-install regular cookies that a user has deleted. This can circumvent a user's attempt to avoid being tracked online. Adobe condemns the practice. Most sites examined by the Journal installed no Flash cookies. Comcast.net installed 55. That finding surprised the company, which said it was unaware of them. Comcast Corp. subsequently determined that it had used a piece of free software from a company called Clearspring Technologies Inc. to display a slideshow of celebrity photos on Comcast.net. The Flash cookies were installed on Comcast's site by that slideshow, according to Comcast. Clearspring, based in McLean, Va., says the 55 Flash cookies were a mistake. The company says it no longer uses Flash cookies for tracking. CEO Hooman Radfar says Clearspring provides software and services to websites at no charge. In exchange, Clearspring collects data on consumers. It plans eventually to sell the data it collects to advertisers, he says, so that site users can be shown "ads that don't suck." Comcast's data won't be used, Clearspring says. Wittingly or not, people pay a price in reduced privacy for the information and services they receive online. Dictionary.com, the site with the most tracking files, is a case study. The site's annual revenue, about $9 million in 2009 according to an SEC filing, means the site is too small to support an extensive ad-sales team. So it needs to rely on the national ad-placing networks, whose business model is built on tracking. Dictionary.com executives say the trade-off is fair for their users, who get free access to its dictionary and thesaurus service. "Whether it's one or 10 cookies, it doesn't have any impact on the customer experience, and we disclose we do it," says Dictionary.com spokesman Nicholas Graham. "So what's the beef?" The problem, say some industry veterans, is that so much consumer data is now up for sale, and there are no legal limits on how that data can be used. Until recently, targeting consumers by health or financial status was considered off-limits by many large Internet ad companies. Now, some aim to take targeting to a new level by tapping online social networks. Media6Degrees Inc., whose technology was found on three sites by the Journal, is pitching banks to use its data to size up consumers based on their social connections. The idea is that the creditworthy tend to hang out with the creditworthy, and deadbeats with deadbeats. "There are applications of this technology that can be very powerful," says Tom Phillips, CEO of Media6Degrees. "Who knows how far we'd take it?" ?Emily Steel, Jennifer Valentino-DeVries and Tom McGinty contributed to this report. Write to Julia Angwin at julia.angwin at wsj.com From rforno at infowarrior.org Mon Aug 2 12:44:20 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Aug 2010 13:44:20 -0400 Subject: [Infowarrior] - VA going the way of Arizona? Message-ID: <703A3F93-F5A0-4725-9B72-F49441A04692@infowarrior.org> More fun and games from the whacky VA AG. -rick August 02, 2010 Virginia Attorney General Rules Police Can Check Immigration Status http://www.foxnews.com/politics/2010/08/02/virginia-attorney-general-rules-police-check-immigration-status/ In a decision that could lay the groundwork for an Arizona-style immigration policy, Virginia's attorney general said state officers are allowed to check the immigration status of anyone "stopped or arrested." In a decision that could lay the groundwork for an Arizona-style immigration policy, Virginia's attorney general said state law enforcement officers are allowed to check the immigration status of anyone "stopped or arrested." Attorney General Ken Cuccinelli issued the legal opinion Friday extending that authority to Virginia police in response to an inquiry over whether his state could mirror the policies passed into law in Arizona. "It is my opinion that Virginia law enforcement officers, including conservation officers may, like Arizona police officers, inquire into the immigration status of persons stopped or arrested," he wrote. The decision comes after a federal judge blocked Arizona from implementing its provision that would require law enforcement to check the immigration status of anyone they stop and suspect of being an illegal immigrant. Cuccinelli's ruling could justify that kind of policy in Virginia. However, Cuccinelli reiterated in the opinion a prior finding that while state officers have the authority to arrest suspects on criminal immigration violations, they are advised against arresting over civil immigration violations. Overstaying a visa would fall under the latter category. The state's top attorney wrote the opinion in response to a question from state Del. Bob Marshall, who represents Prince William County. Marshall's county implemented a law that requires police to check the immigration status of everyone they arrest -- but not everyone they come in legal contact with. From rforno at infowarrior.org Mon Aug 2 16:06:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Aug 2010 17:06:23 -0400 Subject: [Infowarrior] - AEI ignorance of the Web Message-ID: <6B9517E6-7566-4E28-B4F6-B1ECD2FBF9E4@infowarrior.org> Some choice extracts from an op-Ed in today's WaPo from a guy at the conservative AEI. I swear, the louder a person screams about something, chances are the less they really know about the matter t hand. Among other things, does anyone (with a clue) really think in the Internet Age, you can "recover the documents" distributed by Wikileaks or anyone else in such decentralised manners? C'mon. I'm surprised this guy does't start asking SECDEF to launch a few Tomahawks at Belgium or Iceland, too. The level of Internet idiocy in this town continues to amaze me. -rick WikiLeaks must be stopped By Marc A. Thiessen Tuesday, August 3, 2010 < - > "Arresting Assange would be a major blow to his organization. But taking him off the streets is not enough; we must also recover the documents he unlawfully possesses and disable the system he has built to illegally disseminate classified information." < - > With the stroke of his pen, the president can authorize USCYBERCOM to protect American and allied forces by eliminating WikiLeaks' ability to disseminate classified information that puts their lives at risk. < - > "WikiLeaks represents a clear and present danger to the national security of the United States. If left unmolested, Assange will become even bolder and inspire others to imitate his example. His group is at this moment preparing to release tens of thousands of documents that will put the lives of our troops and our allies at risk. Will President Obama stop WikiLeaks from doing so -- or sit back and do nothing?" From rforno at infowarrior.org Tue Aug 3 06:38:16 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Aug 2010 07:38:16 -0400 Subject: [Infowarrior] - C&D the best form of advertising Message-ID: <049A8513-39A8-415F-BF6B-343C25F7E6A2@infowarrior.org> Ironic, this situation is. Careful we must threaten in the future, hrmmmmmmm? - Yoda Rick (c/o MC) http://www.cnn.com/2010/TECH/gaming.gadgets/08/02/light.saber.laser/index.html?hpt=C2 Lucasarts does the public CYA, Wicked Lasers gets publicity. Lucasarts publically states that Wicked Lasers is being responsible in their product description and backs "backs down". Wicked Lasers sees big jump in orders, announces expansion of production, and raises the price of their new toy by 50%. Anyone else see a near Lucas-like story here? From rforno at infowarrior.org Tue Aug 3 06:48:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Aug 2010 07:48:26 -0400 Subject: [Infowarrior] - Pillsbury's new C&D Message-ID: <881B1CC2-C6BE-4A87-968C-5FBBBDC3EDE2@infowarrior.org> Why do I envision the Pillsbury Dough Boy's gleeful "hee hee" suddenly turning into a diabolical cackle? Happy to say I don't use any of their products, btw. -rick Pillsbury Sends Cease & Desist To 'Dough Girl' Bakery from the a-recipe-for-doughy-disaaster dept http://techdirt.com/articles/20100802/22585310464.shtml Another day, another story of a questionable trademark nastygram from a big corporation against a small business. The latest involves baked goods giant Pillsbuy (a part of food conglomerate General Mills), who apparently took offense to a small Salt Lake City bakery called "My Dough Girl" and sent a cease & desist. Honestly, it took me a while to make the connection here. Yes, Pillsbury has the "Pillsbury Dough Boy," but that always seems to include the Pillsbury name. The article claims that the owner of the bakery checked on any "copyright infringement," which might explain the problem... this is a trademark issue, not a copyright one (though, I'm guessing this is just confusion on the part of the bakery owner, the reporter, or both). Of course, these sorts of stories show up all the time. There were a couple of interesting elements in this one. While no lawsuit was actually filed, the fear that a legal nastygram from a giant firm can engender in a small business becomes clear. The owner of the store was so afraid of a lawsuit, she wouldn't even talk to reporters. It's not clear why talking to a reporter would make the situation any worse, but it does show how fearful a single letter has made this woman. In fact, a different report claims that General Mills' lawyers told her not to talk to the press. That's pretty ridiculous. Whether or not it's smart to talk to the press, she shouldn't be taking orders from General Mills' counsel. Either way, it looks like the bakery immediately capitulated and agreed to change its name, at a cost of $50,000. Ouch. Even more interesting, though, is the reason this story is getting attention isn't because the bakery is fighting it, but because a bunch of fans of the bakery have used the internet to spread the word about how they really don't appreciate Pillsbury bullying their local bakery, which no one confused with the food giant in the first place. The article above also says that General Mills asked the owner to "kill the Facebook page," even though she didn't create it and has no control over it. In fact, she seems afraid that the Facebook page is making things worse. Still, it's quite a testament to modern technology that this is even possible. Can you imagine patrons of a small business standing up to a giant corporation without the small business' support in the past? However, all it's really doing is calling a lot more attention to incredible bullying by a company like General Mills against a small company that has a legitimate claim to the name. One of these days, perhaps lawyers will realize that legal bullying leads to backlash, but I guess we still haven't reach that point yet. From rforno at infowarrior.org Tue Aug 3 07:01:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Aug 2010 08:01:54 -0400 Subject: [Infowarrior] - FBI gets a lesson from Wikipedia Message-ID: <4D58E832-C692-4B46-82DA-45C6489E6631@infowarrior.org> August 2, 2010 F.B.I., Challenging Use of Seal, Gets Back a Primer on the Law http://www.nytimes.com/2010/08/03/us/03fbi.html?hpw=&pagewanted=print By JOHN SCHWARTZ The Federal Bureau of Investigation has taken on everyone from Al Capone to John Dillinger to the Unabomber. Its latest adversary: Wikipedia. The bureau wrote a letter in July to the Wikimedia Foundation, the parent organization of Wikipedia, demanding that it take down an image of the F.B.I. seal accompanying an article on the bureau, and threatened litigation: ?Failure to comply may result in further legal action. We appreciate your timely attention to this matter.? The problem, those at Wikipedia say, is that the law cited in the F.B.I.?s letter is largely about keeping people from flashing fake badges or profiting from the use of the seal, and not about posting images on noncommercial Web sites. Many sites, including the online version of the Encyclopedia Britannica, display the seal. Other organizations might simply back down. But Wikipedia sent back a politely feisty response, stating that the bureau?s lawyers had misquoted the law. ?While we appreciate your desire to revise the statute to reflect your expansive vision of it, the fact is that we must work with the actual language of the statute, not the aspirational version? that the F.B.I. had provided. Michael Godwin, the general counsel of the Wikimedia Foundation, wrote, ?we are prepared to argue our view in court.? He signed off, ?with all appropriate respect.? An F.B.I. spokesman, William Carter, said that such letters go out ?from time to time? from the office of general counsel. ?You can?t use the F.B.I. seal, by law, unless you have the permission of the F.B.I. director,? he said. Cindy Cohn, the legal director of the Electronic Frontier Foundation, called the dust-up both ?silly? and ?troubling?; Wikipedia has a First Amendment right to display the seal, she said. ?Really,? she added, ?I have to believe the F.B.I. has better things to do than this.? From rforno at infowarrior.org Tue Aug 3 07:06:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Aug 2010 08:06:22 -0400 Subject: [Infowarrior] - Paramedics Will Employ New Therapy in Cardiac Arrest Cases Message-ID: <4E50B015-E2AC-4AE9-887C-D8E817C8E384@infowarrior.org> August 2, 2010 Paramedics Will Employ New Therapy in Cardiac Arrest Cases By KAREN ZRAICK http://www.nytimes.com/2010/08/03/nyregion/03cardiac.html?hpw=&pagewanted=print Paramedics in New York City are being trained in a relatively new cooling therapy that has been shown to increase the chances for cardiac arrest patients to survive and to avoid brain damage, city officials said on Monday. The treatment, known as therapeutic hypothermia, involves lowering a patient?s body temperature in order to slow the brain?s demand for oxygen and prevent damage to cells. The approach is still in development. About 20 city hospitals began to use therapeutic hypothermia ? which can involve simple items like cold packs, injections of chilled saline solution into a vein or bone, as well as more sophisticated equipment ? in January 2009; that number has now grown to 43 of the 50 hospitals participating in the 911 emergency system. The goal is to lower a patient?s body temperature about six degrees for 24 hours. Since the start of the three-year pilot project, about 2,600 cardiac patients were taken to hospitals as potential recipients of the treatment. City officials said on Monday that survival rates for those patients had increased 20 percent last year compared with 2008, a change that they attributed to the cooling therapy. ?We know that cooling your body?s temperature slows everything down,? said Salvatore J. Cassano, the city fire commissioner. ?It brings your body out of that panic mode, and it actually reduces your body?s need for blood. That buys us time.? Now, in the second phase of the project, paramedics in about one-third of ambulances will be trained to administer the treatment. City paramedics respond to about 15,000 calls per year from people with heart attack symptoms; half result in cardiac arrest, according to Fire Department officials. New York is one of the first cities nationwide to use therapeutic hypothermia during cardiac arrest, city officials and medical experts said Monday. It is more commonly used after a patient is revived, to prevent secondary injuries that commonly occur when blood rushes back into the heart. Dr. John Freese, medical director of the Emergency Medical Service for the Fire Department, said the use of the therapy before or during transport was ?the obvious next step? for the department, which has been focused on improving cardiac arrest survival rates for the last seven years. The rate of patients revived after being shocked with a defibrillator increased to 16.7 percent since the project began, up from 10 percent, he said. ?The available science suggests that it?s a safe therapy to augment things we do and may add additional benefits,? Dr. Freese said. Studies have shown that the only notable side effect has been a mild fluid buildup in the lungs, which can be avoided by careful monitoring of patients, he added. The project was organized by the city?s Emergency Medical Service and the Greater New York Hospital Association. When it was initially announced, there was some concern about the possibility of longer patient transport times, as ambulances bypassed some hospitals to reach those that offered cooling therapy. But those worries were largely allayed as more hospitals added the procedure, said Zeynep Sumer, vice president for regulatory and professional affairs for the Greater New York Hospital Association. The participating hospitals have been ?extremely encouraged? by the results so far, Ms. Sumer said. ?We?re seeing a lot of interest in the project from hospitals outside of New York City.? The Buffalo and Albany areas are also participating in the demonstration project, and the State Department of Health is awaiting data on its success there, an agency spokesman said. The treatment is already in use in several cities, including Miami, Boston and Seattle, as well as London and Vienna. Dr. Stephan Mayer, chief of the neurological intensive care unit at NewYork-Presbyterian/Columbia University Medical Center in Manhattan, initially brought the idea for the project to the hospital association. He has been a longtime proponent of cooling therapy, and has been a consultant to two companies that provide equipment used in the treatment. He has divested his holdings in those companies, he said. For New York to use the procedure on such a large scale will be an important test, especially outside of a hospital setting, where there is less data on its use and outcomes, he said. ?New York taking this on is a big deal for the field,? he said. From rforno at infowarrior.org Tue Aug 3 17:54:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Aug 2010 18:54:53 -0400 Subject: [Infowarrior] - For-Profit Colleges Mislead Students, Report Finds Message-ID: For-Profit Colleges Mislead Students, Report Finds By TAMAR LEWIN Published: August 3, 2010 http://www.nytimes.com/2010/08/04/education/04education.html Undercover investigators posing as students interested in enrolling at 15 for-profit colleges found that recruiters at four of the colleges encouraged prospective students to lie on their financial aid applications ? and all 15 misled potential students about their programs? cost, quality and duration, or the average salary of graduates, according to a federal report. The 30-page report, along with an accompanying video, is to be released publicly Wednesday by the Government Accountability Office, the auditing arm of Congress, at an oversight hearing on for-profit colleges by the Senate Committee on Health, Education Labor and Pensions. The report does not identify the colleges involved, but it includes both privately held and publicly traded institutions in Arizona, California, Florida, Illinois, Pennsylvania, Texas and Washington, D.C. According to the report, the colleges in question were chosen because they got nearly 90 percent of their revenues from federal aid, or they were in states that are among the top 10 recipients of Title IV money. The fast-growing for-profit education industry, which received more than $4 billion in federal grants and $20 billion in Department of Education loans last year, has become a source of concern, with many lawmakers suggesting that too much taxpayer money is being used to generate profits for the colleges, instead of providing students with a useful high-quality education. The report gave specific instances in which some colleges encouraged fraud. At one college in Texas, a recruiter encouraged the undercover investigator not to report $250,000 in savings, saying it was ?not the government?s business.? At a Pennsylvania college, the financial representative told an undercover applicant who had reported a $250,000 inheritance that he should have answered ?zero? when asked about money he had in savings ? and then told him she would ?correct? his form by reducing the reported assets to zero, a change she later confirmed by e-mail and voicemail. At a college in California, an undercover investigator was encouraged to list three nonexistent dependents on the financial aid application. In addition to the colleges that encouraged fraud, all the colleges made some deceptive statements. At one certificate program in Washington, for example, the admissions representative told the undercover applicant that barbers could earn $150,000 to $250,000 a year, when the vast majority earn less than $50,000 a year. And at an associate degree program in Florida, the report said, a prospective student was falsely told that the college was accredited by the same organization that accredits Harvard and the University of Florida. According to the report, courses in massage therapy and computer-aided drafting that cost $14,000 at a California for-profit college were presented as good values, when the same courses cost $520 at a local community college. Six colleges in four states told the undercover applicants that they could not speak with financial aid representatives or find out what grants and loans they were eligible for until they completed enrollment forms agreeing to become a student and paid a small application fee. And one Florida college owned by a publicly traded company told an undercover applicant that she needed to take a 50-question test, and answer 18 questions correctly, to be admitted ? and then had a representative sit with her and coach her through the test. A representative at that college encouraged the applicant to sign an enrollment contract, while assuring her it was not legally binding. But in some instances, the report said, the applicants were given accurate and helpful information, about likely salaries and not taking out more loans than they needed From rforno at infowarrior.org Tue Aug 3 18:14:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Aug 2010 19:14:58 -0400 Subject: [Infowarrior] - Fwd: [attrition] Wrath of the Impotent: Frost Bank References: Message-ID: Begin forwarded message: > From: security curmudgeon > Date: August 3, 2010 7:10:21 PM EDT > > http://attrition.org/postal/z/legal/frost_bank/ > > Frost Bank retained the legal firm of Cox Smith to threaten the OSF and DatalossDB over an incident posting. > > [..] From rforno at infowarrior.org Wed Aug 4 11:11:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Aug 2010 12:11:15 -0400 Subject: [Infowarrior] - More on .... JailbreakMe.com All iOS Device Jailbreak Released for iPhone 4/3GS/3G References: Message-ID: <812B009B-614B-4213-9284-3588BE8EE372@infowarrior.org> Yes found out after I posted the original. For those who didn't know, check it out. thx -rick Begin forwarded message: > From: "Lorenz, Jens" > Date: August 4, 2010 12:07:24 PM EDT > Subject: Re: [Infowarrior] - JailbreakMe.com All iOS Device Jailbreak Released for iPhone 4/3GS/3G > > Hi! > > Did you know that the page uses two unpatched vulnerabilities in the iOS for > the hack? > > http://www.vupen.com/english/advisories/2010/1992 > > Jens From rforno at infowarrior.org Wed Aug 4 11:49:16 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Aug 2010 12:49:16 -0400 Subject: [Infowarrior] - Feds admit storing checkpoint body scan images Message-ID: <081BC535-18D5-465C-B9CF-3EC3D54016AD@infowarrior.org> August 4, 2010 4:00 AM PDT Feds admit storing checkpoint body scan images by Declan McCullagh http://news.cnet.com/8301-31921_3-20012583-281.html For the last few years, federal agencies have defended body scanning by insisting that all images will be discarded as soon as they're viewed. The Transportation Security Administration claimed last summer, for instance, that "scanned images cannot be stored or recorded." Now it turns out that some police agencies are storing the controversial images after all. The U.S. Marshals Service admitted this week that it had surreptitiously saved tens of thousands of images recorded with a millimeter wave system at the security checkpoint of a single Florida courthouse. This follows an earlier disclosure (PDF) by the TSA that it requires all airport body scanners it purchases to be able to store and transmit images for "testing, training, and evaluation purposes." The agency says, however, that those capabilities are not normally activated when the devices are installed at airports. Body scanners penetrate clothing to provide a highly detailed image so accurate that critics have likened it to a virtual strip search. Technologies vary, with millimeter wave systems capturing fuzzier images, and backscatter X-ray machines able to show precise anatomical detail. The U.S. government likes the idea because body scanners can detect concealed weapons better than traditional magnetometers. This privacy debate, which has been simmering since the days of the Bush administration, came to a boil two weeks ago when Homeland Security Secretary Janet Napolitano announced that scanners would soon appear at virtually every major airport. The updated list includes airports in New York City, Dallas, Washington, Miami, San Francisco, Seattle, and Philadelphia. The Electronic Privacy Information Center, a Washington, D.C.-based advocacy group, has filed a lawsuit asking a federal judge to grant an immediate injunction pulling the plug on TSA's body scanning program. In a separate lawsuit, EPIC obtained a letter (PDF) from the Marshals Service, part of the Justice Department, and released it on Tuesday afternoon. These "devices are designed and deployed in a way that allows the images to be routinely stored and recorded, which is exactly what the Marshals Service is doing," EPIC executive director Marc Rotenberg told CNET. "We think it's significant." William Bordley, an associate general counsel with the Marshals Service, acknowledged in the letter that "approximately 35,314 images...have been stored on the Brijot Gen2 machine" used in the Orlando, Fla. federal courthouse. In addition, Bordley wrote, a Millivision machine was tested in the Washington, D.C. federal courthouse but it was sent back to the manufacturer, which now apparently possesses the image database. The Gen 2 machine, manufactured by Brijot of Lake Mary, Fla., uses a millimeter wave radiometer and accompanying video camera to store up to 40,000 images and records. Brijot boasts that it can even be operated remotely: "The Gen 2 detection engine capability eliminates the need for constant user observation and local operation for effective monitoring. Using our APIs, instantly connect to your units from a remote location via the Brijot Client interface." This trickle of disclosures about the true capabilities of body scanners--and how they're being used in practice--is probably what alarms privacy advocates more than anything else. A 70-page document (PDF) showing the TSA's procurement specifications, classified as "sensitive security information," says that in some modes the scanner must "allow exporting of image data in real time" and provide a mechanism for "high-speed transfer of image data" over the network. (It also says that image filters will "protect the identity, modesty, and privacy of the passenger.") "TSA is not being straightforward with the public about the capabilities of these devices," Rotenberg said. "This is the Department of Homeland Security subjecting every U.S. traveler to an intrusive search that can be recorded without any suspicion--I think it's outrageous." EPIC's lawsuit says that the TSA should have announced formal regulations, and argues that the body scanners violate the Fourth Amendment, which prohibits "unreasonable" searches. For its part, the TSA says that body scanning is perfectly constitutional: "The program is designed to respect individual sensibilities regarding privacy, modesty and personal autonomy to the maximum extent possible, while still performing its crucial function of protecting all members of the public from potentially catastrophic events." Declan McCullagh has covered the intersection of politics and technology for over a decade. E-mail Declan. From rforno at infowarrior.org Wed Aug 4 11:51:57 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Aug 2010 12:51:57 -0400 Subject: [Infowarrior] - Woman Kicked Off Flight After Accusing Pilot of Drinking Message-ID: <863AA637-2048-43CB-9D75-631F9FC56583@infowarrior.org> Woman Kicked Off Flight After Accusing Pilot of Drinking A Southern California woman is kicked off a Delta Airlines flight after reporting that she smelled alcohol on the pilot's breath. By TARA WALLIS-FINESTONE Updated 8:49 AM PDT, Wed, Aug 4, 2010 http://www.nbclosangeles.com/news/local-beat/Woman-Kicked-off-Delta-Flight-After-Accusing-Pilot-Of-Drinking-99890364.html A Toluca Lake woman was recently kicked off a Delta Airlines flight after reporting that she thought she had smelled alcohol on the captain's breath. Cynthia Angel said the incident occurred on July 19 as she was trying to travel home to Southern California from Georgia. She had just spent two weeks visiting her son, an actor, who was shooting a movie near Atlanta. Angel, 51, said the trouble occurred after she and three other passengers had a brief conversation with one of the pilots of Delta Airlines Flight 2355. She learned later that the pilot was actually the captain of the flight. "The flight had been delayed almost an hour," said Angel. "We were in the jetway waiting to get on the flight when the pilot walked by us and I jokingly said, 'Boy you had been here a long time.'" Angel said the captain spoke to her and the three other passengers. After he walked away, said Angel, another passenger asked if they had smelled alcohol on the pilot's breath. "A gentleman standing behind me asked, 'Did anyone smell that? It smelled a little like vodka,'" said Angel. "We all agreed that he did smell alcohol, but we didn't know if he had been drinking or what we should do about it." Angel said she volunteered to talk with the head flight attendant once aboard the plane. "I told her that I didn't know what protocol is, but I believe I smelled alcohol on one of the pilots' breath," said Angel. Angel said the flight attendant immediately talked to another pilot who was in the cockpit getting ready for departure. "He asked me to come inside the cockpit, where he shut the door and asked me about my conversation with the pilot in the jetway," said Angel. "I told him what I had told the flight attendant; that other passengers and I thought we had smelled alcohol on the pilot's breath." Angel said the pilot informed her that it was the captain of the flight who spoke with her. He assured her that the captain had not been drinking. "He said he had been with the captain for several hours before the flight," said Angel. "I was satisfied with the pilot's explanation, thanked him and returned to my seat." But Angel said that 20 minutes later, a Delta Airlines manager came aboard the flight and asked her to follow him off the plane. "The manager wanted to hear what I had told the flight attendant," said Angel. "He then told me the captain took a test that proved he did not have anything to drink." Angel said the manager then thanked her and she returned to her seat on the plane. At this point, she thought it was over. "About 20 minutes later, the Delta manager returned with a female colleague and they asked me to gather my belongings and follow them off the flight," said Angel. "I was so embarrassed." Angel said she followed them back into the airport. She was lead into a nearby office where she was told again that the pilot had tested negatively for alcohol. "They told me they take these accusations very seriously and that the captain and his crew did not want me on his flight," said Angel. Angel said Delta gave her meal and hotel vouchers, and said she could come back in the morning to take another flight back to Los Angeles. "All I did was voice my concerns," said Angel. "I wasn't a threat to anyone and for them to remove me was wrong." "I understand airlines have to have protocol," said Mark Silverman, Angel's Beverly Hills-based attorney who Angel contacted to look into the incident. Silverman said his office has called and written Delta Airlines for a response and to ask the airline to open an investigation into the incident. "She was just trying to be a good citizen. You'd think Delta would thank her for her concern," he said. NBCLA also contacted Delta Airlines for comment. Susan Elliott from Delta's corporate communications office sent this response via e-mail: "Once we have reviewed Mrs. Angel's letter and investigated her claims, we will follow-up with her on our findings." "Making drinking accusations against pilots is a serious matter," said Ross Aimer, CEO of Aviation Experts, LLC. "If you think someone is drunk, you owe it to yourself, your loved ones and other passengers to report it," said Aimer, who is also a retired United Airlines captain. "However, in this case, because the captain had not been drinking, Delta made the right decision by asking her to leave the plane." Aimer explains that in situations like this, flights usually end up delayed or canceled because the captain will take himself off the flight. "It's an either you or me situation," said Aimer. "She had to go because the captain has his crew and hundreds of other passengers to think about." Aimer adds that if he found himself in a similar situation, he'd do the same thing. "The issue of pilots and drinking has become a very big deal, and accusations like that could end your career," Aimer said. From rforno at infowarrior.org Wed Aug 4 16:16:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Aug 2010 17:16:17 -0400 Subject: [Infowarrior] - Google kills 'Google Wave' Message-ID: <5C794817-2ED1-4F13-9940-DF2607B681E0@infowarrior.org> Update on Google Wave 8/04/2010 02:00:00 PM http://googleblog.blogspot.com/2010/08/update-on-google-wave.html We have always pursued innovative projects because we want to drive breakthroughs in computer science that dramatically improve our users? lives. Last year at Google I/O, when we launched our developer preview of Google Wave, a web app for real time communication and collaboration, it set a high bar for what was possible in a web browser. We showed character-by-character live typing, and the ability to drag-and-drop files from the desktop, even ?playback? the history of changes?all within a browser. Developers in the audience stood and cheered. Some even waved their laptops. We were equally jazzed about Google Wave internally, even though we weren?t quite sure how users would respond to this radically different kind of communication. The use cases we?ve seen show the power of this technology: sharing images and other media in real time; improving spell-checking by understanding not just an individual word, but also the context of each word; and enabling third-party developers to build new tools like consumer gadgets for travel, or robots to check code. But despite these wins, and numerous loyal fans, Wave has not seen the user adoption we would have liked. We don?t plan to continue developing Wave as a standalone product, but we will maintain the site at least through the end of the year and extend the technology for use in other Google projects. The central parts of the code, as well as the protocols that have driven many of Wave?s innovations, like drag-and-drop and character-by-character live typing, are already available as open source, so customers and partners can continue the innovation we began. In addition, we will work on tools so that users can easily ?liberate? their content from Wave. Wave has taught us a lot, and we are proud of the team for the ways in which they have pushed the boundaries of computer science. We are excited about what they will develop next as we continue to create innovations with the potential to advance technology and the wider web. Posted by Urs H?lzle, Senior Vice President, Operations & Google Fellow From rforno at infowarrior.org Wed Aug 4 17:27:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Aug 2010 18:27:09 -0400 Subject: [Infowarrior] - Cryptome takes on 'Project Vigilant' Message-ID: <10F57EBD-F3B2-4474-9549-4A43303E0107@infowarrior.org> Project Vigilant Is a Fraud http://cryptome.org/0002/vigilant-fraud.htm Several other related links at Cryptome as well...you be the judge. -rick From rforno at infowarrior.org Wed Aug 4 19:40:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Aug 2010 20:40:42 -0400 Subject: [Infowarrior] - OT: NYC Mayor on religious tolerance Message-ID: <67B455C8-8ACA-4BA2-97D1-A7EA0207CEA8@infowarrior.org> (c/o T.L.) Michael Bloomberg speaks wisdom about religious tolerance... http://www.nydailynews.com/blogs/dailypolitics/2010/08/bloomberg-stands-up-for-mosque.html From rforno at infowarrior.org Wed Aug 4 19:41:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Aug 2010 20:41:46 -0400 Subject: [Infowarrior] - Apple IPhone Security Flaw Highlighted by Symantec, Germany Message-ID: <8C9FA5C5-52B8-4FAA-A130-19908DA23130@infowarrior.org> Apple IPhone Security Flaw Highlighted by Symantec, Germany By Arik Hesseldahl - Aug 4, 2010 http://www.bloomberg.com/news/print/2010-08-04/apple-iphone-security-flaw-found-by-symantec-may-lead-to-information-theft.html Apple Inc.?s newest iPhone has a security flaw that can be exploited by users to install unwanted applications and obtain personal information, software maker Symantec Corp. and the German government said. The vulnerability takes advantage of weaknesses in how certain documents are presented on the iPhone and Apple must take steps to correct it, Symantec said yesterday on its website. Attackers may exploit the gaps to read passwords and e- mails, eavesdrop on phone calls and use built-in cameras, Germany?s Federal Office for Information Security said today. Symantec said the weakness can let an unauthorized user take full control of all aspects of the device, including the ability to install software not offered on Apple?s iTunes store and not approved by Apple. The iPhone was previously criticized for a design flaw in the antenna that Consumer Reports said can lead to diminished network reception. Apple spokeswoman Natalie Harrison said the company is aware of the reports about the security vulnerability and is investigating them. An attacker could use the vulnerability to introduce malicious software to the iPhone, Mountain View, California- based Symantec said. The vulnerability also affects the iPad and the iPod touch, according to Symantec. ?While this is the only currently known exploit for this issue and it is non-malicious, it is quite possible for an attacker to alter the existing payload for a malicious purpose,? Symantec?s director of security response Kevin Haley wrote in a blog post on the Symantec website. Apple, based in Cupertino, California, rose 27 cents to $262.20 at 1:44 p.m. New York time in Nasdaq Stock Market trading. The shares had gained 24 percent this year before today. To contact the reporter on this story: Arik Hesseldahl in New York at ahesseldahl at bloomberg.net From rforno at infowarrior.org Wed Aug 4 19:44:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Aug 2010 20:44:51 -0400 Subject: [Infowarrior] - DRM and Other Forces Overriding the Three Laws of Robotics Message-ID: DRM and Other Forces Overriding the Three Laws of Robotics By HUNG Chao-Kuei on Wednesday, August 4 2010, 07:12 - Permalink Renowned Sci-Fi writer Isaac Asimov had the foresight to propose the Three Laws of Robotics more than half a centry ago. Is Homo Sapiens of the 21st century as a species wise enough to heed his advice and avoid our self-destruction by disobedient Robo Sapiens whose ancestors we are building today? < - > http://blog.ofset.org/ckhung/index.php?post/108a From rforno at infowarrior.org Thu Aug 5 12:47:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Aug 2010 13:47:55 -0400 Subject: [Infowarrior] - Paper on technoratti gullability Message-ID: <5496CF4A-C366-4BE0-BBD0-D77F900F0A2B@infowarrior.org> (c/o IP) http://www.dtc.umn.edu/~odlyzko/doc/mania03.pdf Bubbles, gullibility, and other challenges for economics, psychology, sociology, and information sciences Andrew Odlyzko School of Mathematics and Digital Technology Center University of Minnesota odlyzko at umn.edu http://www.dtc.umn.edu/~odlyzko Preliminary version, August 5, 2010 ABSTRACT Gullibility is the principal cause of bubbles. Investors and the general public get snared by a "beautiful illusion" and throw caution to the wind. Attempts to identify and control bubbles are complicated by the fact that the authorities who might naturally be expected to take action have often (especially in recent years) been among the most gullible, and were cheerleaders for the exuberant behavior. Hence what is needed is an objective measure of gullibility. This paper argues that it should be possible to develop such a measure. Examples demonstrate, contrary to the efficient market dogma, that in some manias, even top-level business and technology leaders do fall prey to collective hallucinations and become irrational in objective terms. During the Internet bubble, for example, large classes of them first became unable to comprehend compound interest, and then lost even the ability to do simple arithmetic, to the point of not being able to distinguish 2 from 10. This phenomenon, together with advances in analysis of social networks and related areas, points to possible ways to develop objective and quantitative tools for measuring gullibility and other aspects of human behavior implicated in bubbles. It cannot be expected to infallibly detect all destructive bubbles, and may trigger false alarms, but it ought to alert observers to periods where collective investment behavior is becoming irrational. The proposed gullibility index might help in developing realistic economic models. It should also assist in illuminating and guiding decision making. From rforno at infowarrior.org Thu Aug 5 15:26:34 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Aug 2010 16:26:34 -0400 Subject: [Infowarrior] - Pentagon Demands WikiLeaks Return Unseen Afghan War Docs Message-ID: (from the "good luck with that" department --rick) - FoxNews.com - August 05, 2010 Pentagon Demands WikiLeaks Return Unseen Afghan War Docs http://www.foxnews.com/politics/2010/08/05/pentagon-demands-wikileaks-return-unseen-afghan-war-docs/ The Pentagon wants WikiLeaks to return the more than 15,000 documents it has but has not yet published, spokesman Geoff Morrell said Thursday. The Pentagon wants WikiLeaks to return the more than 15,000 documents it has but has not yet published, spokesman Geoff Morrell said Thursday. Morrell said returning the unpublished documents would be the right thing for WikiLeaks to do as what's already been made available has created heightened risks around the world, particularly for Afghans who've been helping U.S. forces fight terrorists in Afghanistan. "The longer they hang out there, the more opportunity there is for those who wish us harm -- do us harm to use those documents to their advantage. So we're trying to, as best we can, mitigate the damage caused by this and compel them to take those documents off the Internet and return them to the rightful owner, the United States government," he told reporters. He added that he does not "have a high degree of confidence" that the request will be heeded. "I don't know that we're very confident they'll have a change of heart. They've shown no indication thus far that they appreciate the gravity, the seriousness of the situation they have caused, the lives they have endangered, the operations they have potentially undermined, the innocent people who have potentially been put in harm's way as a result," he said. Morrell said that it's not too late to scrub the site even though the documents have been available to the public for weeks. "The demands we are making of them are entirely possible. They have the ability to erase it from their website and to return whatever is in their possession. So this is a very simple demand that could very easily be complied with," Morrell said. A team of 80 people is working around the clock to review what's in the nearly 100,000 documents already released from the leak site. Morrell said that team -- composed of staff from a variety of Pentagon agencies -- is trying to deduce what's still out there. "We believe we have some idea on what those 15,000 could be, and are reviewing what we believe to be potentially those 15,000. We do not know for sure if the 15,000 we believe they have and are waiting to post are indeed the same documents that they do indeed have and are waiting to post," he said. Morrell added that the Pentagon would like to compel WikiLeaks to remove them, but is not negotiating anything in exchange. The Department of Justice is still reviewing how it wants to proceed as the FBI conducts a criminal investigation. Morrell added that Private Bradley Manning, the intelligence analyst charged with leaking other classified information to the same organization, remains a "person of interest" in the case. Manning is being held in confinement at Quantico Marine base in Virginia. From rforno at infowarrior.org Thu Aug 5 15:27:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Aug 2010 16:27:48 -0400 Subject: [Infowarrior] - FCC Calls Off Net Neutrality Talks Message-ID: <0F808C57-C7E1-40B7-A2F0-09CCA4C00CC4@infowarrior.org> FCC Calls Off Net Neutrality Talks http://online.wsj.com/article/SB10001424052748703748904575411632530886558.html? By AMY SCHATZ WASHINGTON?Federal Communications Commission officials called off closed-door talks with lobbyists aimed at reaching a compromise on new rules to prevent Internet traffic from being blocked or slowed, saying they couldn't reach a workable compromise. FCC Chief of Staff Edward Lazarus, in a statement, said the effort "has been productive on several fronts, but has not generated a robust framework to preserve the openness and freedom of the Internet." He added, "all options remain on the table as we continue to seek broad input on this vital issue." The agency yanked the plug on the private negotiations a day after news broke that Verizon Communications Inc. and Google Inc. had reached a separate agreement which would allow the phone giant to prioritize some broadband traffic. The companies have not announced the agreement yet. Write to Amy Schatz at Amy.Schatz at wsj.com From rforno at infowarrior.org Thu Aug 5 15:51:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Aug 2010 16:51:51 -0400 Subject: [Infowarrior] - Chasing WikiLeaks Message-ID: August 5, 2010 Chasing WikiLeaks Posted by Raffi Khatchadourian http://www.newyorker.com/online/blogs/newsdesk/2010/08/chasing-wikileaks.html Marc Thiessen draws upon my article in The New Yorker to make his case against Julian Assange, the editor of WikiLeaks, and to argue that American ?military assets? could be used ?to bring Assange to justice.? Using the military for this purpose would be a terrible idea. WikiLeaks may not be a conventional news organization, but it is not ?a criminal syndicate,? as Thiessen asserts, and the notion that the Defense Department should go about destroying privately run Web sites (with infrastructure in friendly countries), because of what those sites publish, suggests a gross misuse of military force. Rather than treating WikiLeaks like a terrorist cell, the military is better off accepting that the Web site is a product of the modern information age, and that it is here to stay, in some form or another, no matter who is running it. Thiessen?s argument calls to mind the music industry?s effort to shut down Napster?a Web site where recorded music could be traded and downloaded without regard to copyright?in the nineteen-nineties, in that it loses sight of the broader technological and cultural revolution that the Internet has brought to the exchange of information. In 2001, after a lengthy legal battle, the Recording Industry Association of America succeeded in forcing Napster offline, only to watch Napster?s services move to a number of other Web sites that were structured in a more decentralized way (pdf)?making the piracy of music even more diffuse and difficult to prosecute. Only recently has the industry grudgingly been adapting to file-sharing rather than fruitlessly seeking to eliminate it, and one can now find music executives who even speak of Napster as a lost opportunity for their industry. Shutting WikiLeaks down?assuming that this is even possible?would only lead to copycat sites devised by innovators who would make their services even more difficult to curtail. A better approach for the Defense Department might be to consider WikiLeaks a competitor rather than a threat, and to recognize that the spirit of transparency that motivates Assange and his volunteers is shared by a far wider community of people who use the Internet. Currently, the government has its own versions of WikiLeaks: the Freedom of Information Act and the Mandatory Declassification Review. The problem is that both of these mechanisms can be grindingly slow and inconsistent, in part because the government appears to be overwhelmed by a vast amount of data that should never have been classified to begin with?a phenomenon known as ?overclassification.? Managing so much inaptly classified data comes with certain technical costs, but it presents a very human problem, too: people within the intelligence community will inevitably lose some degree of faith in a system that does not distinguish between genuine secrets and classified material that obviously could be published widely without harm to policy. Such a system devalues secrecy itself, and for all the tough reforms that will likely be implemented after the recent WikiLeaks disclosure of more than seventy thousand classified military reports this July, few will be as effective as combing through the vast and chaotic trove of reflexively classified material and attempting to make large portions of it publicly accessible. It?s worth recalling the first WikiLeaks project to garner major international attention: a video, shot from an Apache helicopter in 2007, in Iraq, that documented American soldiers killing up to eighteen people. For years, Reuters sought to obtain that video through FOIA because two of its staff members were among the victims. Had the military released this footage to the wire service, and made whatever minor redactions were necessary to protect its operations, there would never have been a film titled ?Collateral Murder??the name of WikiLeaks?s package for the video?because there would have been nothing to leak. Even after Assange had published the footage, and even though the events documented in it had been previously revealed in detail by a Washington Post reporter, the military (at least, as of July) has still not officially released it. There is a simple lesson here: whatever the imperfections of WikiLeaks as a startup, its emergence points to a real shortcoming within our intelligence community. Secrets can be kept by deterrence?that is, by hunting down the people who leak them, as Thiessen proposes, and demonstrating that such behavior comes with real costs, such as prison time. But there are other methods: keep far fewer secrets, manage them better?and, perhaps, along the way, become a bit more like WikiLeaks. An official government Web site that would make the implementation of FOIA quicker and more uniform, comprehensive, and accessible, and that might even allow anonymous whistleblowers within federal agencies to post internal materials, after a process of review and redaction, could be a very good thing?for the public, and for the official keepers of secrets, too. From rforno at infowarrior.org Thu Aug 5 17:09:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Aug 2010 18:09:43 -0400 Subject: [Infowarrior] - Pentagon bars staff from visiting WikiLeaks site Message-ID: <6F62AACC-6A09-47C7-AEFF-94B6E49D99D5@infowarrior.org> Pentagon bars staff from visiting WikiLeaks site The Washington Times 11:32 a.m., Thursday, August 5, 2010 http://www.washingtontimes.com/news/2010/aug/5/pentagon-bars-staff-from-visiting-wikileaks-site/print/ The U.S. military is banning personnel from visiting the WikiLeaks website, which recently released more than 70,000 classified diplomatic and military messages on the long war in Afghanistan. "[Department of the Navy] personnel should not access the WikiLeaks website to view or download the publicized classified information," said a July 29 message to sailors from the Navy's national security litigation law division. "Doing so would introduce potentially classified information on unclassified networks." "There has been rumor that the information is no longer classified since it resides in the public domain. This is NOT true," said the message, a copy of which was obtained by The Washington Times. Asked if the Pentagon is making the site off-limits, Pentagon spokesman Bryan Whitman told The Times that all four services "have put out such messages." The orders seem to be the most far-reaching effort by the Pentagon in its ongoing effort to stop the release of classified information. The military is telling the troops they cannot even view what is publicly available, even though the WikiLeaks documents are on hundreds of websites. An Army intelligence analyst is suspected of leaking the classified materials -- Pfc. Bradley Manning, 22, of Potomac, Md., who is being held in a military detention center at Quantico, Va. Days before WikiLeaks posted the documents, Defense Secretary Robert M. Gates sent out a memo threatening personnel with criminal prosecution if they leak secrets. Titled "Wikileaks Website Guidance," the Navy message states: "Government information technology capabilities should be used to enable our war fighters, promote information sharing in defense of our homeland, and to maximize efficiencies in operations. It should not be used as a means to harm national security through unauthorized disclosure of our information on publicly accessible websites or chat rooms." A Marine Corps message threatens to discipline offenders: "By willingly accessing the WIKILEAKS website for the purpose of viewing the posted classified material - these actions constitute the unauthorized processing, disclosure, viewing, and downloading of classified information onto an UNAUTHORIZED computer system not approved to store classified information, meaning they have WILLINGLY committed a SECURITY VIOLATION." "Not only are these actions illegal, but they provide the justification for local security officials to immediately remove, suspend 'FOR CAUSE' all security clearances and accesses. Commanders may press for Article 15 or 32 charges, and USMC personnel could face a financial hardship as civilian and contractor personnel will be placed on 'Administrative Leave' pending the outcome of the [criminal] investigation," the message states. ? Copyright 2010 The Washington Times, LLC. Click here for reprint permission. From rforno at infowarrior.org Fri Aug 6 07:13:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Aug 2010 08:13:55 -0400 Subject: [Infowarrior] - Google accused of betraying internet golden rule in net neutrality row Message-ID: Google accused of betraying internet golden rule in net neutrality row By Andy Bloxham Published: 11:31AM BST 06 Aug 2010 http://www.telegraph.co.uk/technology/google/7929882/Google-accused-of-betraying-internet-golden-rule-in-net-neutrality-row.html Google, the internet giant, has been accused of betraying one of the most widely accepted "laws" of the internet called net neutrality; the principle that everyone has equal access. The firm has admitted that it has been in talks with the US communications provider Verizon and even agreed an outline plan on how internet traffic should be carried over networks. However, many have already voiced fears that if the plan becomes public, it could serve as a blueprint for how to carve up the internet and sell the best performance to the highest bidder. Some critics have described it as "doomsday scenario" that "marks the beginning of the end of the internet as you know it". Google said discrimination is permissible in some circumstances. The principle of net neutrality was one of the founding ideas of the web. Gigi Sohn, president of Public Knowledge, a digital rights campaign group, said: "The deal between Verizon and Google about how to manage internet traffic is deeply regrettable and should be considered meaningless. "The fate of the internet is too large a matter to be decided by negotiations involving two companies." Josh Silver, president of Free Press, a media reform group, wrote a piece in the Huffington Post and warned: "Since its beginnings, the Net was a level playing field that allowed all content to move at the same speed, whether it's ABC News or your uncle's video blog. "That's all about to change, and the result couldn't be more bleak for the future of the Internet, for television, radio and independent voices." Eric Schmidt, the chief executive of Google, said it had been "talking to Verizon for a long time about trying to get an agreement on what the definition of net neutrality is". He added: "People get confused. What we mean is that if you have one data type, like video, you don't discriminate against one person's video in favour of another. It's OK to discriminate across different types." The news of the Google-Verizon deal, despite its detail remaining unclear, came shortly before high-powered talks in the US on regulating the internet concluded at short notice. Earlier this year, the firm Comcast was fined for secretly slowing down the connections of customers who downloaded too much information, although the fine was overturned on appeal. After that judgment it remains unclear what companies can legally do to control access. In the UK, the BBC has been criticised for the popularity of its iPlayer service meaning the Corporation uses too much of the country's communications network. From rforno at infowarrior.org Fri Aug 6 08:34:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Aug 2010 09:34:54 -0400 Subject: [Infowarrior] - Next D.C. career: blogger relations Message-ID: <6CAFD88C-7538-4FFF-A2CF-46A9A861B807@infowarrior.org> Next D.C. career: blogger relations By: Gloria Park August 5, 2010 04:35 AM EDT http://dyn.politico.com/printstory.cfm?uuid=3F152456-18FE-70B2-A85A1078E5A7DCDD Not only is the blogosphere changing how voters consume information, it?s also creating new jobs in politics, policy and online communications consulting. Although there is still no formal job description for ?blogger relations? staffers, these part communications, part research, part online political organizing specialists are a growing industry in the political world. ?It?s becoming as common to have someone managing communications with bloggers as it was to have a press secretary 10 years ago,? said Patrick Hynes, founder and president of Hynes Communications, a social media public affairs agency. Not exactly a press secretary equivalent, this hybrid position requires a number of skill sets, from communications and research to political organizing and an ability to take advantage of a whole slew of social media tools. ?I essentially interfaced with the communications team, the research team, political-delegate teams and the new-media team to be a conduit for the party in working with bloggers,? said Kombiz Lavasany of New Partners, describing his role at the 2008 Democratic National Convention. ?It entails communicating with bloggers and making sure that they?ve got the best, most up-to-date information,? said Liz Mair, who was online communications director for the Republican National Committee in 2008 and is now vice president at Hynes Communications and an online communications consultant for Carly Fiorina?s Senate campaign. Both Lavasany and Mair told POLITICO that they rarely sent e-mail blasts to bloggers, instead opting for more filtered information, at many times tailored for one blogger and his or her area of interest. Prominent bloggers said they get the difference. Ezra Klein, staff writer and policy blogger for The Washington Post, said that, for him, ?knowledge? separates the best blogger relations staffers from the rest. ?I?m not interested in getting a quote or a scoop, so somebody who understands both the issues and motivations for their boss?s effort well enough to explain it is very useful to me. They?re almost more like policy people,? said Klein, who interacts with blogger outreach staff on the Hill and at think tanks. ?The blogger folks are dealing with a mix of reporter-bloggers and activists because the world of bloggers has enlarged,? said Klein. ?Just as blogging has professionalized quite dramatically, this position has had a similar trajectory.? Michelle Malkin, a conservative blogger and author, credited staff at The Heritage Foundation, minority staff at the Senate Environment and Public Works Committee, Senate Judiciary Committee and House Homeland Security Committee and staff in the offices of Rep. John Boehner and Sen. Tom Coburn with excellent blogger management. ?There are some staffers who make the mistake of spamming bloggers with press releases that are not blogworthy,? said Malkin. ?What distinguishes the good outreach is having information that hasn?t already gone out to POLITICO, the wires and everybody else. They understand the power of the collective conservative blogosphere and target not just the highest-traffic bloggers but also the second- and third-tier bloggers.? ?It?s a way of making sure that information gets in the hands of several key constituencies when you run a political campaign,? said Mair. Dealing with bloggers, said the new specialists, can be different from dealing with mainstream reporters. For example, attribution is often handled differently. ?There are some bloggers who don?t necessarily follow the same rules of reporters who try to find both sides of the story. Bloggers tend to come at an issue from a specific perspective, more like op-ed columnists than reporters,? said Katie Harbath, chief digital strategist at the National Republican Senatorial Committee. An upshot of this difference is that campaigns may leave fewer ?fingerprints? in the information they feed to bloggers. The ?mainstream press wants to attribute more, not less. But there are certain bloggers who don?t mind giving off the impression that they had a brilliant idea all on their own, without any information from sources,? said Mair. ?With these bloggers, if you want your candidate?s name on a post, you have to explicitly tell them. The sourcing is different.? Another crucial difference is that some bloggers are or have been political operatives themselves, often providing feedback on what a campaign could be doing differently. ?Many bloggers actually make suggestions for things that they think the campaign could be doing, whether that?s showing up to a particular event or talking about a particular issue more,? said Mair. ?That?s something unique to working with bloggers.? These differences between bloggers and reporters require different approaches in campaigns? outreach strategies to the two groups and, in turn, a staffer devoted exclusively to fielding blogger requests. ?The advantage of a full-time blogger outreach staff is that they can always think about the needs of bloggers,? said Matt Browner Hamlin, who was deputy Internet director for Sen. Chris Dodd?s 2008 presidential campaign and blogged for My Left Nutmeg, a Connecticut community blog. ?When it?s a communications staffer who has to wear other hats in addition to blogger outreach, he or she doesn?t have the same level of focus and dedication to blogger outreach in particular,? Hamlin added. The advent of blogger relations staff is a natural outcome of the democratization of information and communications over the past decade, said Hynes. ?The major media organizations have gotten smaller, and yet there is more media now than ever before. There are more avenues to pitch stories and create narratives that are favorable to your side. Blogs are just one of these avenues.? In some cases, a series of favorable blog posts on a candidate ? or negative posts on an opponent ? may have more impact than an ad blitz by a campaign, said Lavasany. ?There are many examples of Republicans who ended up losing after being defined in a negative light by political bloggers.? Former Virginia Sen. George Allen?s ?macaca? comment in his 2006 Senate race is one example. ?The information that bloggers provided on the origins of the word and other research ended up changing the race in a few weeks ? from Allen winning that race and subsequently running for president to Allen losing the race,? said Lavasany. While campaigns recognize the value of blogger relations, those strapped for resources may be unable to devote a full-time staffer to the position. Especially in congressional campaigns, the press secretary or a new media specialist often takes on blogger engagement responsibilities. Meanwhile, others are outsourcing the job to a new crop of communications firms. The NRSC has hired Hynes Communications for online blogger outreach, said Harbath. There is still little consensus on where this hybrid position should be placed within a staff. ?Every campaign realizes that it needs somebody in the blogger outreach space, but there is no consensus over what the scope of that is, whether that?s in politics, communications or new media,? said Soren Dayton of New Media Strategies. ?The ideological blogger will be handled by someone who is half coalitions and half communications,? said Dayton. He added that the online left has often been treated like a constituency, as it emerged in the early 2000s with a ?unified message and a clear sense of what their issues were and who their opinion leaders were. It looked like an interest group from the outside.? As the position becomes institutionalized, expect to see blogger relations staff playing more visible, active roles in campaigns, said Harbath. ?I think we?re going to start seeing the blogger relations person being another voice in the campaign and posting on Twitter and Facebook, as well as getting information to bloggers,? she said. Note: An earlier version misstated a job held in 2008 by Liz Mair. She worked at the Republican National Committee. From rforno at infowarrior.org Fri Aug 6 11:38:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Aug 2010 12:38:22 -0400 Subject: [Infowarrior] - WSJ: Legacy of the 'Flash Crash': Enduring Worries of Repeat Message-ID: <2015DA44-F334-475E-949D-EA859D74A250@infowarrior.org> Legacy of the 'Flash Crash': Enduring Worries of Repeat By TOM LAURICELLA And SCOTT PATTERSON http://online.wsj.com/article/SB10001424052748704545004575353443450790402.html In the days leading up to the May 6 "flash crash," some stock-market veterans were picking up disturbing rumblings. Philip Vasan, who heads the Credit Suisse prime-brokerage unit catering to hedge funds, began hearing from fund managers who were ratcheting back on trading because, they told him, stocks were behaving strangely. The funds were acting like "a dog that growls before an earthquake," Mr. Vasan told several clients. When the quake hit on the afternoon of May 6, the Dow Jones Industrial Average suffered its biggest, fastest decline ever, and hundreds of stocks momentarily lost nearly all their value. So many things went wrong, so quickly, that regulators haven't yet pieced together precisely what happened. A close examination of the market's rapid-fire unraveling reveals some new details about what unfolded: Stock-price data from the New York Stock Exchange's electronic-trading arm, Arca, were so slow that at least three other exchanges simply cut it off from trading. Pricing information became so erratic that at one point shares of Apple Inc. traded at nearly $100,000 apiece. And computer-driven trading models used by many big investors, apparently responding to the same market signals, rushed for the exits at the same time. Three months later, many market veterans have arrived at a disquieting conclusion: A flash crash could happen again because today's computer-driven stock market is much more fragile than many believed. Many investors, still gun-shy, have been pulling money out of stocks. Track the Dow Jones Industrial Average throughout the day and see how several market components went haywire. "The whole system failed," says John Bogle, founder of fund company Vanguard Group. "In an era of intense technology, bad things can happen so rapidly. Technology can accelerate things to the point that we lose control." 9:30 a.m., Dow opens at 10862.22 Early trading was relatively smooth. Todd Sandoz, co-head of equities in the Americas at Credit Suisse in New York, kept track as clients reduced risk in their portfolios. One way they did it was through trades that would profit if the Standard & Poor's 500-stock index fell: They sold short, or bet against, futures contracts linked to that index. They did the same with exchange-traded funds, which track baskets of stocks. Those kinds of trades can send waves through the market. Brokers on the other side of the trades often hedge their own positions by selling the stocks contained in the index. That morning, Mr. Sandoz heard from his traders that there were relatively few buyers and sellers for some individual stocks?a sign that the market might not be able to smoothly handle big index trades. The market was especially vulnerable because of the trading pullback identified by his colleague Mr. Vasan. The hedge funds that had been pulling back for several days?specialists in a strategy called statistical arbitrage?normally trade so much stock that they are a key source of market liquidity. At about 2 p.m., as protests in Athens over the Greek debt crisis turned violent, the euro fell sharply, especially against the yen. The euro-yen exchange rate is watched widely by traders, with the yen seen as a safe-haven currency, the euro a proxy for riskier investments. The euro's fall triggered concerns that a rush out of stocks was in the works. At Chicago hedge fund Sharmac Capital Management LLC, trader Jason Roney noticed the drop. "Something is wrong, look out!" he recalls shouting to his trading desk. He started shorting S&P 500 futures. Traders across Wall Street were making similar moves, many driven by computer models that have become standard tools at banks, hedge funds and mutual funds. Fund managers at Waddell & Reed Financial Inc. in Overland Park, Kan., moved to hedge their U.S. stock holdings, which total more than $7 billion, by betting that the S&P 500 would fall. Waddell decided on a large short sale of futures contracts known as E-minis, which mimic movement of the S&P 500. As Waddell's computers began parceling out the trade, other investors also were trying to hedge their portfolios, so trading volume in E-minis shot up to six times the usual volume. But liquidity, the ability to buy or sell easily, was drying up. Between about 2:35 and 2:45, the six "market-making" firms that were most active that afternoon in E-mini trading?they step in as buyers or sellers on many trades?cut back their trading. Some pulled out altogether. As a result, traders say, the big Waddell trade accelerated the sell-off. Waddell says it did not intend to "disrupt" the market. Computers started to groan under the weight of the orders and slow by fractions of a second. It became difficult for exchanges and investors to keep track of prices. In recent years, due in part to rules instituted by the Securities and Exchange Commission in 2007, the stock market has been opened to numerous trading venues and has evolved into a high-speed network. The rules stipulate that when an investor trades a stock, the order is routed to the venue with the best price. On the afternoon of May 6, it was difficult for traders to trust the information they were getting, and for buyers and sellers to find each other. Nasdaq OMX Group Inc. operations personnel noticed problems with orders it had routed to Arca, the electronic trading platform of the NYSE, which handles about 12% of U.S. stock-trading volume. It was taking Arca longer to acknowledge receiving some orders. Orders for Nasdaq-listed stocks such as Apple and Amazon.com Inc. were hitting lags of two seconds or more on Arca?an eternity in today's markets. Trading in Apple became especially volatile. At 2:40, its stock began falling swiftly, losing 16% in six minutes. Because Apple is a component of several indexes, weakness in the stock helped drag down the broader market. Concerned about the impact of the delay on orders routed to Arca, Nasdaq officials used a tool called "self help," designed to prevent problems at one exchange from spreading to others. At 2:36:59, Nasdaq stopped routing orders to Arca. Other exchanges, including Chicago Board Options Exchange and BATS Global Markets, an electronic exchange near Kansas City, Mo., did the same. The NYSE says Arca had "minor delays" on a computer server during the period, but says the problems were not significant and didn't add to the market's broader problems. Computer systems at big brokerage firms were straining to keep up with the volume. Dark pools, trading venues that match buyers and sellers away from the major exchanges, had trouble getting accurate information. Some temporarily shut down. 2:40 p.m., Dow down 415 points High-frequency-trading firms, which account for some two-thirds of U.S. stock-trading volume, were having their own problems. Their strategies often involve buying and selling stocks within microseconds?or one-millionth of a second. The market's plunge, along with discrepancies in data feeds from exchanges, scrambled their computer-trading systems. With the Dow industrials down about 500 points, Tradebot Systems Inc., a Kansas City high-speed trading firm that says it can account for up to 5% of daily volume, pulled out. Other such firms did the same. The roar on the floor of the Chicago Mercantile Exchange was deafening as the sell-off accelerated. The E-mini contract suddenly fell a massive 12.75 points in half a second, triggering a CME circuit-breaker that stopped trading for five seconds. The pause gave computerized futures-trading systems time to stabilize. Number of Trades Executing on Each Market 2:20-2:40 p.m. 2:40 - 3 p.m. Number of Broken Trades Total Trades 5,721,383 7,318,675 20,761 Average Trade Size 286.68 282.03 270.33 On NYSE 667,368 1,039,233 0 On Amex 4,154 6,965 4 On ARCA 886,899 1,110,765 4,903 On NASDAQ 1,482,761 2,052,647 12,306 On BATS 988,252 1,177,318 1,094 On CBOE 2,902 4,743 138 On ISE 87,313 171,978 403 On NASDAQ-BX 271,119 401,549 63 On National 35,386 58,085 27 On Chicago 5,845 10,748 7 On ADF/TRF 1,287,489 1,101,252 1,816 Sources: NYSE, NSYEAmex, NYSEARCA, NASDAQ, BATS, CBOE Stock Exchange, ISE, NASDAQBX, National Stock Exchange, Chicago Stock Exchange and FINRA On the floor of the NYSE, the fast declines in some stocks were triggering brief slowdowns in trading, known as "liquidity replenishment points," to allow floor traders to step in and restore order. Other exchanges, such as the Nasdaq, didn't slow trading. Among the problems this caused were "crossed" markets, where offers to buy were at prices higher than orders to sell. Around 2:46, for example, an investor offered to buy Apple for about $218, while another was willing to sell it for about $202. Such nonsensical quotes sent warning signals to computer systems and gave traders yet another reason to pull back. Stocks everywhere started to collapse. Apple lost more than $23 a share, or 10%, between 2:44 and 2:46. Procter & Gamble Co., which had been trading around $61.50, saw huge sell orders hit the NYSE, and the exchange briefly slowed trading in the stock. By 2:47, the market for P&G was in chaos, with orders to buy from NYSE, Nasdaq and the BATS scattered from $39.89 to $44.24. The basic function of the stock market? bringing together buyers and sellers in an orderly fashion?had broken down. Trades flickered across computer screens that made no sense. Shortly after 2:47, shares of Accenture PLC dropped in seconds from about $40 to one penny, then rebounded just as quickly. The explanation surfaced later: Market-making firms?regular buyers and sellers of certain stocks?have to maintain quotes at all times. To fulfill the requirement, they use "stub quotes," dummy quotes they never expect to be executed. But in the absence of buyers on May 6, computers matched automated sell orders with the dummy quotes. Rumors swirled about of an erroneous "fat-finger" order by a trader at Citigroup Inc.?that the trader mistakenly entered extra zeros, turning millions into billions. Citigroup and regulators later said such an errant trade did not appear to have taken place. But the rumor helped stabilize the market. If the massive decline was the result of a mistake and not some terrible news, that meant there were bargains to be had. Top 10 ETFs with Broken Trades by Trading Volume ? May 6 from 2 p.m. to 3 p.m. ETF Ticker Volume iShares Russell 2000 Index IWM 58,392,711 ProShares UltraShort QQQ QID 21,771,521 iShares Russell 1000 Growth Index IWF 3,161,501 iShares Russell 2000 Value Index IWN 2,671,281 Vanguard Total Stock Market ETF VTI 2,472,422 Rydex S&P Equal Weight RSP 2,305,135 ProShares Ultra Real Estate URE 2,193,949 iShares Russell 1000 Value Index IWD 1,707,294 iShares Russell 1000 Index IWB 1,677,658 iShares S&P MidCap 400 Index IJH 1,407,322 Sources: NYSE, NSYEAmex, NYSEARCA, NASDAQ, BATS, CBOE Stock Exchange, ISE, NASDAQBX, National Stock Exchange, Chicago Stock Exchange and FINRA At 2:47, the Dow reached its nadir, down 998.50 points. As trading resumed in the futures market, buyers flooded in and prices started to rebound. Within one minute, the Dow reclaimed 300 points. But the problems weren't over. Exchange-traded funds, or ETFs, are baskets of securities that trade like a stock. NYSE's Arca is usually home to 30% of ETF trading. When other exchanges stopped routing orders to Arca, the normal flow of ETF buyers and sellers was disrupted. Two big hedge-fund and trading firms, D.E. Shaw Group and Citadel Investment Group, detected problems in Arca's ETF computer feed. Citadel asked customers to route orders elsewhere. NYSE officials say they found no problems with Arca's ETF platform on May 6. Some of the biggest ETF traders are firms that try to profit from discrepancies between prices of ETFs and the stocks that they track. But as questions mounted about pricing of individual stocks, these firms pulled back from trading. This hurt small investors who had placed "stop-loss orders," aimed at protecting against big losses by automatically selling once prices fell below a certain level. Those orders hit the market when there were virtually no buyers to be found. At 3:01, Nasdaq once again began routing orders to NYSE's Arca. Executives from several major exchanges joined a conference call to discuss, among other things, whether to declare some trades erroneous. After considerable debate, they decided to cancel trades in stocks and ETFs that had fallen or risen 60% or more. Top 10 Broken Stocks by Trading Volume ? Full Day May 6 Stock Ticker Volume Radian Group RDN 70,612,297 Apple Inc. AAPL 45,923,602 Philip Morris International PM 16,460,300 Exelon Corp EXC 12,426,400 Amylin Pharmaceuticals AMLN 11,626,099 Costco Warehouse COST 11,175,900 International Group of Companies IPG 11,073,400 Accenture, PLC ACN 10,311,600 Amazon AMZN 10,195,600 CenterPoint Energy CNP 9,322,800 Sources: NYSE, NSYEAmex, NYSEARCA, NASDAQ, BATS, CBOE Stock Exchange, ISE, NASDAQBX, National Stock Exchange, Chicago Stock Exchange and FINRA In the final hour, trading remained erratic. At one point, Apple traded for nearly $100,000 a share on Arca, according to NYSE officials, after a buy order for 5,000 shares entered the market and only 4,105 shares were available. When Arca's computers saw that no more shares were available to sell, the system automatically assigned a default price of $99,999 to the remaining 895 shares. Those trades later were cancelled. 4 p.m., Dow closes down 342 points May 6 exposed frailties in U.S. markets that hadn't been seen before. The SEC and Commodities Futures Trading Commission expect to issue a final report on the flash crash within a few months. Regulators have moved to fix some problems revealed that day. New circuit breakers, now in pilot mode, require a five-minute trading halt on S&P 500 stocks that move more than 10% within five minutes. These "collars" could help keep prices from suddenly cascading. But some forces behind the flash crash seem beyond the reach of regulators. Exchanges are unlikely to be able to prevent high-frequency trading firms or statistical-arbitrage firms from bailing out of the market en masse. The challenge for regulators and exchange operators is whether they can find ways to protect investors in a market ever-more defined by high-speed trading. It may be that such a market is inherently vulnerable to high-speed crashes. Write to Tom Lauricella at tom.lauricella at wsj.com and Scott Patterson at scott.patterson at wsj.com From rforno at infowarrior.org Fri Aug 6 12:57:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Aug 2010 13:57:02 -0400 Subject: [Infowarrior] - Pentagon = RIAA on Wikileaks response Message-ID: <78ACBBF0-F83A-42AE-9418-37B01B07BF71@infowarrior.org> How The Pentagon's Reaction To Wikileaks Is Like The RIAA's Reaction To Napster from the and-it'll-work-just-as-well dept Earlier, we wrote about the Pentagon's ridiculous and counterproductive attacks on Wikileaks, noting that it was the exact wrong approach to take. In writing that, I probably should have made the connection to some other, similarly short-sighted "attacks" on something one legacy group felt was a threat, but which actually was probably an opportunity -- and in attacking it, that legacy group only served to (1) draw more attention to it and (2) create even more, harder to work with, clones. I'm talking, of course, about the RIAA and its reaction to Napster... < - > http://techdirt.com/articles/20100806/02073410521.shtml From rforno at infowarrior.org Fri Aug 6 13:28:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Aug 2010 14:28:27 -0400 Subject: [Infowarrior] - The Music-Copyright Enforcers Message-ID: August 6, 2010 The Music-Copyright Enforcers By JOHN BOWE http://www.nytimes.com/2010/08/08/magazine/08music-t.html?hp=&pagewanted=print Few things can make Devon Baker cry. There was the time her pet hamster, Herschel, died. There was the time she was run over by a car. Neither episode provoked tears. Not even close. And yet, on a recent Thursday, as Baker drove down Highway 60, about 55 miles northwest of Phoenix, she had to wonder, Is today one of those days when I?m gonna cry? Baker, who has preternaturally white teeth, green eyes, soft brown hair and a friendly way that she?s the first to describe as ?country,? was on her once-a-month, weeklong road trip. She?d flown to Phoenix to meet with bar and restaurant owners to discuss a rather straightforward business proposal. Off she went on her rounds each day, navigating with a special Microsoft Streets and Trips plan she prepared in advance, with 60 to 80 venues marked with dots, triangles or blue squares, according to size, dollar value and priority, wearing her company badge with photo ID, hoping for a little friendly discussion. Except it didn?t always work out so friendly. Once, a venue owner exploded, kicked her off his property and told her, as she recalled, ?to get the bleep outta here.? Another hissed at her that she was ?nothing more than a vulture that flew over and came down and ate up all of the little people.? It wasn?t fun. It was just the sort of thing, in fact, that could bring Devon Baker to tears. Baker, 30, is a licensing executive with Broadcast Music Incorporated, otherwise known as BMI. The firm is a P.R.O., or performing rights organization; P.R.O.?s license the music of the songwriters and music publishers they represent, collecting royalties whenever that music is played in a public setting. Which means that if you buy a CD by, say, Ryan Adams, or download one of his songs from iTunes, and play it at your family reunion, even if 500 people come, you owe nothing. But if you play it at a restaurant you own, then you must pay for the right to harness Adams?s creativity to earn money for yourself. Which leaves you with three choices: you can track down Ryan Adams, make a deal with him and pay him directly; you can pay a licensing fee to the P.R.O. that represents him ? in this case, BMI; or you can ignore the issue altogether and hope not to get caught. P.R.O.?s like BMI spend much of their energy negotiating licenses with the biggest users of music ? radio stations, TV and cable networks, film studios, streaming Internet music sites and so on. But a significant portion of BMI?s business is to ?educate? and charge ? by phone and in person ? the hundreds of thousands of businesses across America that don?t know or don?t care to know that they have to pay for the music they use. Besides the more obvious locales like bars and nightclubs, the list of such venues includes: funeral parlors, grocery stores, sports arenas, fitness centers, retirement homes ? tens of thousands of businesses, playing a collective many billions of songs per year. Most Americans have no problem with BMI charging for its music ? except when they do. As Richard Conlon, a vice president at BMI in charge of new media, put it: ?A few years back, we had Penn, Schoen and Berland, Hillary?s pollster guys, do a study. The idea was, go and find out what Americans really think about copyright. Do songwriters deserve to be paid? Absolutely! The numbers were enormously favorable ? like, 85 percent. The poll asked, ?If there was a party that wasn?t compensating songwriters, do you think that would be wrong?? And the answer was, ?Yes!? So then, everything?s fine, right? Wrong. Because when it came time to ask people to part with their shekels, it was like: ?Eww. You want me to pay?? ? The day I accompanied her on her rounds, Baker was four days into her trip, on her way to Coyote Flats Cafe and Bar in the hamlet of Aguila. As we drove along Highway 60, the sunlight glared, hawks circled and the temperature was 100 degrees. Saguaro cactuses stood 30, 40-feet tall, stiffly riding up the foothills like porcupine quills. Baker mused about a picture she found online while researching the business. It depicted Coyote Flats?s owner, Dorene Ross, posing with her husband, Jim, for The Arizona Republic. There they were standing behind the cafe counter, she with a .380 Firestorm, he with a 9-millimeter Smith and Wesson. The article was about the lengths they were willing to go to defend their business from local thieves. It wasn?t exactly auspicious, given the volatile nature of Baker?s client interactions. There was, for example, the gentleman at a Kentucky RV resort who told her on the phone that he was going to come into her office and ?spray her down? with a machine gun. Then there was the female punk-rock-club owner in Colorado who ripped up Baker?s licensing agreement, ordered her out of the club, followed her out the door, spit a huge goober on the paperwork and stuck it to Baker?s windshield. Not every experience is awful, she pointed out. She once signed an adult-club licensing agreement on the dance floor, beneath the strippers? poles ? and the strippers themselves, as they danced; it couldn?t have been more pleasant. Not long ago, she visited a manager for a health care chain and walked out half an hour later after a congenial sit-down with a signed agreement and a check for five figures. But it was tough going sometimes, and these positive experiences were all too rare. ?I actually had a guy that I called the other day,? Baker told me, ?and when I asked when he might be sending in his check, he said: ?I don?t know, why don?t you call Obama? Ask him! He runs everything now.? So, I put that in my notes, ?Client referred me to president of United States.? ? Then there was the colleague of Baker?s who got a letter saying, ?Eat you-know-what and die.? When she replied to the client, she got another letter, asking, ?What part of eat you-know-what and die don?t you understand?? During her five years with BMI ? on trips to Texas, Ohio, Florida, Washington ? Baker has learned a lot: managers of adult clubs tend to be polite. People who run coffee shops tend to be difficult. Skating rinks are a pain ? they have the longest outgoing messages in the world. Casinos owned by Indian tribes are tough. Every decision goes to the tribal council, and it can take forever. Arts and crafts festivals, forget it; creative types never have any money. (?You?d think they?d get it,? Baker said, ?But . . . .? She waved her hand.) The most important rule of the road, however, is never ? Baker looked me in the eye ? eat in the venue, even if they invite you. Because God only knows what they might put in your food. Performing rights organizations in the United States came into being in 1914, when a group of musicians, including Victor Herbert, Jerome Kern, Irving Berlin and John Philip Sousa, founded the American Society of Composers, Authors and Publishers, otherwise known as ASCAP, the nation?s first P.R.O., in 1914. It was formed in response to a 1909 amendment to United States copyright law that explicitly provided for performance rights as opposed to mechanical rights (paid to a performer who plays a song, regardless of who wrote it) or sync rights (music synchronized to pictures). The law ? and ASCAP ? were given new force when Herbert, then a celebrity composer for Broadway, sued a New York restaurant called Shanley?s after hearing one of his compositions performed there. The case took a couple of years to wind through the courts, but in the end, Supreme Court Justice Oliver Wendell Holmes decided for Herbert. ?If music did not pay, it would be given up,? Holmes wrote. ?Whether it pays or not, the purpose of employing it is profit and that is enough.? In 1939, radio broadcasters, irked at paying royalties set by ASCAP, which was then a monopoly, founded their own P.R.O., BMI. This they did by rounding up the many songwriters excluded from ASCAP?s umbrella: ?race musicians,? toiling away in the d?class? genres of jazz, country, blues and, later, rock ?n? roll. Today, BMI represents some 400,000 songwriters (ASCAP has 390,000, many of whom are from those formerly d?class? genres), including Willie Nelson, Dave Brubeck, Keith Urban, Lady Gaga, the Beach Boys, Taylor Swift, the Red Hot Chili Peppers, Caf? Tacuba, Kanye West, Shakira, Linkin Park, Mariah Carey, Sheryl Crow and Kid Rock. The songs and compositions written by BMI signatories number some seven million tunes ? about half the music in America ? and bring in close to a billion dollars per year, which is distributed to its artists in quarterly royalty checks. For antitrust reasons BMI operates (as does ASCAP) by consent decree from the Department of Justice. It is privately owned but chartered to operate as a not-for-profit, to guarantee the maximum possible return to its songwriters and publishers (in 2010, it retained 11.6 percent of royalties collected for administrative costs). In the past, BMI had 14 regional offices around the country, with field agents reading local newspapers and scouring the land on foot and by car, ever on the lookout for new bars and restaurants or old ones that aren?t paying for their music. Now those offices are closed, and employees like Devon Baker do much of their work by phone from headquarters in Nashville. But with the Internet, it has never been easier to keep tabs on the nation?s businesses . Venues advertise online which nights they offer live music or karaoke; state governments post liquor-license and corporate registries that give the names and addresses of business owners. Once contacted by BMI, owners are given a worksheet. Does their venue use a radio, CD players, karaoke machine? Do they feature live music? If so, how often? How many people can the venue legally hold? For smaller businesses with low capacity that don?t make much use of music, a license may be as little as $300 a year. For really big operators, the cost might be as much as $9,000 per location per year, the maximum BMI is permitted to charge a single customer. (The fees are distributed to artists based on what BMI calls ?an appropriate surrogate? ? local radio or TV ? that reflects a sampling of bars and restaurants in the area.) All in all, the division Devon Baker works for, General Licensing, accounts for 11 percent of BMI?s revenue. According to Conlon, the struggles that Devon Baker faces on the road are emblematic of the difficulties faced by P.R.O.?s as a whole. ?The dance that happens between the salesperson and a reluctant nightclub owner,? he says, ?is the same dance that happens all the way up the food chain, to the New York boardrooms of the biggest media companies in the world. Where the bar owner might have a shotgun and a dog and say, Beat it! Go away or I?ll shoot you in the head, the more sophisticated iteration is done with teams of lawyers, pitted against each other, quibbling over niceties of copyright law.? The battles can be fierce ? and the outcome uncertain. When ASCAP sued Verizon, claiming it was owed additional royalties on ringtones for which Verizon had already paid a licensing fee, it lost. But when Weigel Broadcasting Company challenged the license rates for two local stations as excessive, they lost and had to pay BMI $1.4 million in back fees. ?The arguments don?t change,? Conlon continued. ?No one?s an eager purchaser. People do believe in copyright. But the tensions in making that money flow are universal and constant. They don?t want to pay!? Devon Baker works alongside about 24 other licensing executives on the fifth floor of an office in Nashville, where most of BMI?s 600 employees are based. It looks, at first blush, like any province in cubicle land. Except the men are all in ties. Facial hair, tattoos, but ties. It?s a throwback, a stipulation from a former president and C.E.O., Frances Preston, that all male BMI representatives respect the line between artists and their representatives. Artists make music; BMI representatives handle money. Collectively, Baker and her colleagues make about a million calls a year. Most of these are repeats, a fact that gets at the firm?s peculiar, slow-boil form of suasion. Rather than initiating legal action, BMI and other P.R.O.?s prefer a kill-them-with-patience approach that can take dozens of phone calls, letters and as long as 10 years. One afternoon, I sat with Baker at her cubicle. Besides pictures of her fianc?, Mike, and her nieces, she also has a smiley-face chart. Her boss made it up for all the licensing executives, to remind them that their moods and their tones will determine their success. The chart is like a traffic light. There?s a green smiley face, a straight face in yellow, then a face in red, frowning. ?You never wanna be on the red,? Baker said. Baker?s computer, which runs on proprietary software, dialed an adult club in Maryland. BMI, she told me, had been pursuing the owner for four years. Over this time, he claimed that the club had no cover charge, that his staff never put money in the jukebox and that there was no drink minimum. ?Which I guess we found is not the case,? Baker said, smiling, referring to a part-time field agent who was unable to corroborate the owner?s claims. Baker straightened her headset. ?I hope we get him on the phone.? He answered. Baker informed him that his previous excuses didn?t hold water. After some squirming, he announced that from now on, he just wouldn?t use BMI?s music ? only ASCAP?s: he was going to remove every BMI song from every karaoke machine, CD and iPod mix that would ever be played in his club. Right. Baker made a note to check back. A few hours later the owner called to say he?d pay. Next, she tried to track down a Utah restaurant owner who has never had the money ? he says ? to pay for a license. Meanwhile, his business has grown from three restaurants to seven. She then called a Mexican restaurant in Georgia. Very polite ? but the owner was not around. Because the owner was never around. Finally, she called a bar owner in Massachusetts. He sounded down on his luck; he said he understood the idea of music rights, and in fact, used to play in bands and even wrote a few songs himself. But unfortunately, he had no money. Baker made a note to call back. The excuses fell like rain. On the road, Baker?s client-management software offers her a list of common excuses ? 24 in all ? to keep track of what she?s told. But in the end, she knows it?s a game, a game she?s going to win. Because after all the phone calls, letters and visits, she possesses a secret weapon: the law. Whether or not a music user believes copyright infringement is a big deal, violators face fines of anywhere from $750 to $150,000 per song. If after several years, a violator refuses to back down, Baker ups the ante and sends what is known in-house as ?the Larry Stevens letter,? named after one of Baker?s bosses, informing them that their case is being referred to BMI?s lawyers. Most but not all cases are settled out of court. That?s because in 51 years, BMI has never lost a single case it has tried. Being a BMI licensing exec is one of the hardest jobs a person can have, Mike O?Neill, senior vice president of repertoire and licensing, told me. ?It?s different from other industries and sales situations,? O?Neill said. ?Clients aren?t deciding whether to pay you so you can send them your product. They?ve already got it.? We have a hard time paying for music, says O?Neill, because most of us grew up listening to it on the radio. It was free then. Shouldn?t it be free now? Of course, music on the radio was, in fact, not free. Radio stations paid licensing fees to BMI and ASCAP and paid for those fees by airing commercials, which took up some 20 percent of airtime. The Internet allows users to download tunes, often without paying for them, avoid annoying commercials and play a song whenever they wish. The ease with which music can be had has contributed enormously to the notion that it?s there for the taking. In 2008, 40 billion songs were downloaded illegally. It is estimated that 95 percent of music tracks are downloaded without payment to the artist or the music company that produced them. Peer-to-peer (P2P) file swapping of movies and music currently accounts for up to 80 percent of Internet traffic. Music sales among American record labels in 2010 are about 42 percent of what they were a decade ago. As an industry report from January of this year states, ?A generation of young music fans is growing up with the expectation that music should be instantly available, with near-limitless choice and access and, of course, free.? Many musicians have coped with downloading by focusing on touring. They have learned to consider their recorded output, formerly their bread and butter, as a form of promotion for live shows. But the rise of musical genres, like northern Brazil?s ?tecno brega? (?cheesy techno?), which remixes and reworks popular songs, offers another, more direct challenge to who should be paid when music is recorded or performed. The producers give away their mixes, so there?s no copyright infringement, then make their money by staging dance parties, to which admission is charged. In the States, producers like Danger Mouse and Girl Talk have created mash-ups of marquee copyrighted material, like Beatles songs, then released them to the general public free, daring authorities to charge them. Most well-known songwriters are reluctant to advocate publicly for copyright law, out of fear of alienating fans. Dolly Parton is not one of them. ?Ain?t nobody got so much money they don?t want all the money that?s coming to them,? she said when I spoke to her recently. Rank-and-file songwriters, whose livelihood can depend desperately on their BMI royalties, are the most likely to express sentiments similar to Parton?s. One day, I visited a Los Angeles DJ and electronica composer named Alex Amato. Amato, as it happens, lives in a converted barn near Vine and Santa Monica that, he said, belonged to the filmmaker Kenneth Anger. Under the name Genuine Childs, Amato composes music with his twin brother, Anthony, which they?ve sold to reality shows like MTV?s ?Real World? and ?Road Rules.? They?ve also composed DVD menu page music for several big studio releases like ?Scarface? and ?The Bourne Identity.? It?s a rarefied niche, but Amato seems happy: his music reaches millions of listeners. Amato also waits on tables and manages a restaurant near his house. His quarterly BMI checks, he insists, are the key to survival. ?It?s like my magical Willy Wonka ticket,? he says. Creating music, Amato points out, costs money. It takes money to rent a space, buy equipment, run the equipment. How does music get made if everything suddenly becomes free? ?There are more people listening to music now than ever before,? he told me. ?But because of this new kind of accessibility, people feel like they don?t have to pay. Why is that? Why does constructor Joe get to build a house, and he gets paid the same as before, but suddenly, there?s this judgment about this one way of earning a living?? It is worth noting that during the years the recording industry lost nearly 60 percent of its income, BMI and its competitor ASCAP had steady increases in profits. BMI has done so by going after how people use music commercially, regardless of medium. As the president and chief executive of BMI, Del Bryant, likes to say, ?You have to be in the future a little bit.? In BMI?s case, this has meant leapfrogging from AM radio to FM, from movies to cable to digital radio to streaming to (once-illegal) downloading companies like Napster. (BMI began working on a deal with Napster about streaming music even before it sorted out its legitimacy.) They also signed with Rhapsody, the online streaming site, when the company was in its infancy. The trick, says Bryant, is to understand the content world as an ecosystem. When a new player comes along, don?t kill it, make a deal with it. With each new medium, he says: ?We made agreements that weren?t that heavily monetized, and not that heavily binding because we didn?t know if it?d be around for long or how it would evolve. They were place keepers, ways to get us working together. And they slowly solidified. It?s all a question of pricing. The system has to serve everyone?s purposes.? Richard Conlon echoed what Del Bryant said. ?We?re not about shutting things down.? he told me. ?We?re about nurturing markets. We don?t want people NOT to use it. We know the market is fractionalizing. You wanna take our music and stream it and have electronic whatevers that play when you stick a chip into something or somebody? Go ahead! Do it! Just pay us!? BMI is rosy about the future. According to Conlon, who spends a lot of time watching how 8-to-15-year-olds use technology, downloading is out, streaming is in. And guess what? Streaming pays ? just like radio. Legally the climate is good too. In May, a federal court found LimeWire, one of the few remaining big free peer-to-peer file-sharing services, guilty of inducing copyright infringement. The company could be fined as much as a billion dollars. While the rest of the content world worries that technology will be the end of content, P.R.O.?s are banking that technology will save it. BMI has developed a system called Blue Arrow that deploys the same technology as iPhone?s Shazam to identify music. (ASCAP uses a similar system called Mediaguide.) These systems can listen to Internet sites, as well as radio and TV stations around the world and identify, in two seconds, virtually any piece of music being played ? not just American, but Turkish, Arabic, Chinese, Korean, Latin, Japanese and so on. The Blue Arrow database has a capacity of 500 terabytes (one thousand gigabytes each) of music, and can recognize eight million songs. About 3,000 new songs are added each day. David DeBusk, who was vice president of business development when I met him this spring but has since left BMI, offered to show me how Blue Arrow works. An employee punched a few keys to find out which radio stations in Germany were playing ?schlager music,? a bizarrely kitschy form of country pop. One tap of the keyboard, and we were listening live: Oom pah pah, oom pah pah. We went on to display all stations, worldwide, playing Swedish death metal. Did I want to see which ones were playing compositions by the composer Milton Babbitt? How about radio stations in Laos? In the old days, P.R.O.?s relied mainly on playlists from radio stations and queue sheets from TV networks to figure out which songs were broadcast each month. Queue sheets were quite precise, listing every song a station broadcast, but playlists were, at best, a sample, an attempt to track the bulk of what got played. With Blue Arrow, however, it is possible to count every song played by a representative sampling of 400 radio stations across the country. Under the old system, hit-makers tended to dominate the machinery of royalty collection and distribution. Now, the ?long tail? can be more effectively monetized: writers with minor hits, older hits, songs played here and there. When DeBusk and his team began to hear the world through Blue Arrow?s ears, one thing they noticed was the number of ?nonsong performances.? Everyone knows that rap music relies on sampled music, some of which should be paid for and isn?t. What surprised DeBusk was how common it was for copyrighted bits of music to be used free in jingles, as station-identification ditties and background music. DeBusk pulled up a screen detailing a list of nonsongs with generic names like ?Graceful Power? and ?Happy Days.? Such compositions, he said, are known as ?production music,? written for ads and station identifications or for TV documentaries, and then sold to music libraries. If producers are looking for something that, say, sounds like boogie woogie or bebop, they go to a music library, listen to a few samples and purchase one. One click with Blue Arrow and we knew that ?Happy Days? was broadcast at five different times that morning on networks in the Southeast. Another click determined that it was used in a commercial for Country Crock margarine. Yet another click located its source: a music library in Atlanta. A few more key punches, and you knew if the library got their fee. It was an awesome (or chilling) glimpse into the future: a world where if it can be tracked ? on TV, on YouTube, in China ? it will be charged for. Lawrence Lessig, a Harvard law professor known for his stance against what he views as an overexpansion of copyright law, is not against BMI?s being paid for its fair share but worries about the slippery slope created by new technologies. ?If technology creates efficient ways to charge commercial users of copyright, then that?s good,? he told me recently, ?but what I fear is that we evolve into a permission culture, where every single use of music creates an obligation to pay. I wish the line could be as clear as commercial exploitation ? you?re running a dance club, using it in a movie. The author ought to have the right to be paid for that. But I don?t think that that right should translate into the right to control whether my kid uses the music for a collage he makes for a class about his trip to Costa Rica!? Friends I talked to had a similar reaction. To a one, they said: ?Jesus. Sounds like Big Brother.? When I mentioned this to DeBusk, he smiled ominously. ?Yes. Well. We?re here to help.? On the road, in Arizona, Devon Baker prepared to arrive in Aguila. More of an outpost than a town, Aguila comprised little more than a gas station, a bar catering to Mexican farmworkers, a small grocery store and a wind-and-sand-bitten motel. When Baker arrived at Coyote Flats, she forgot about the guns immediately. (For legal reasons, I was not allowed to witness the subsequent negotiation, but it was recounted to me later by both parties.) The bar was a big honky-tonk kind of a place, covered in graffiti, with pool tables and a cafe next door. The owner, Dorene Ross, was ready for Baker. Most venue owners, Baker says, are not. Ross, Baker told me, seemed nervous but sweet. She invited Baker to sit down. Dorene Ross is 47. For the last three years, she has run Coyote Flats Cafe and Bar with her husband and a brother who works unpaid, just to keep busy. Their clientele runs mostly to ?ropers? (rodeo gangs), ?snowbirds? and tourists in the summer, driving cross-country. For the past 25 years, in Arizona and Alaska, where she lived until recently, Ross has worked as a bartender and cocktail waitress. Never, she says, did she ever hear anything about anyone paying a single dime for music rights. ?I really didn?t know much about it at all. I never even thought about it.? Last April 15 ? tax day, she noted wryly ? she got a letter from BMI. The letter explained how American copyright law works. It also included a worksheet, which encouraged Ross to indicate if she had karaoke machines, radios and televisions in the bar and how often she used them, how often she has live music and what her operation?s capacity is. Ross filled out the worksheet. This much for the TVs. This much for the CD player. This much for the karaoke machine. That much for the radio. She discovered her yearly license would come out to $865. Ross said, ?My husband was like, ?Well, we ain?t paying that!? ? She laughed. ?Giving away money wasn?t right at the top of my priority list there.? It?s not hard to understand why Ross, a small businesswoman operating in a rural area during a recession, was reluctant to take on another fixed cost. Her insurance runs $400 a month, her electricity $2,000, her mortgage $2,500. Payroll is $2,000 per week, property taxes are $2,500 per year and the liquor license is $585. Add on state and federal taxes and a health-department permit. ?It?s making it hard for us little people. I?m barely making it as it is.? At her last liquor-board review, she heard that more than 200 restaurants in Maricopa County didn?t bother to renew their liquor licenses because of the economic downturn. Each month, Ross said, she was lucky to clear $2,000. But given her kidney problems and $600 a month of medication, she said, ?I?m like one bill away from folding.? She understood why musicians wanted their money, she said, but she didn?t feel too excited about paying her share. Besides, how did anyone know that the songwriters got the money? How did she know this wasn?t some scam? When Devon Baker called to make an appointment, Ross was taken aback. She?d expected Baker to yell at her and say: ?You?re late! You?ve had the paperwork for two months already!? Instead, Baker seemed pleasant. ?If they?d sent some big dude in a trench coat, some mobster type guy,? Ross said, she might have resisted. Instead, here came Baker, all big smile and soft hair. ?I wasn?t expecting some cute little gal from Tennessee with a Southern accent.? Baker accepted Ross?s invitation and sat down in the booth with Ross and her pug, Frank. Out came the checkbook. ?I could tell she was low on money,? Baker told me later. ?I could tell it was hard for her to shell out the money. But I also know music helps her make money. Or she wouldn?t have it. She and I knew she was doing the right thing.? Ross produced her paperwork. She?d already figured it out. $16 a week. She could handle it, she guessed. ?I didn?t want to give her the money. But I knew I had to.? John Bowe is a contributing writer for the magazine. His most recent article was on the Octomom. He is the editor of ?Us: Americans Talk About Love.? From rforno at infowarrior.org Fri Aug 6 14:35:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Aug 2010 15:35:18 -0400 Subject: [Infowarrior] - Twilight Of Network-Centric Warfare Message-ID: <93B40612-314B-4CCB-AA7D-9A7874515461@infowarrior.org> (agree 100% -rick) LexingtonInstitute.org August 6, 2010 Early Warning Blog The Twilight Of Network-Centric Warfare Author: Loren B. Thompson, Ph.D. When a Defense Business Board task force recommended last month that the Office of the Secretary of Defense (OSD) eliminate its networking and information integration secretariat, it signaled just how far from grace the notion of network-centric warfare has fallen. The secretariat was established at the tail-end of the dot.com boom to coordinate the joint force's migration from industrial-age warfare into the era of information warfare. Proponents of network-centric warfare believed new information technologies were so powerful that they could overthrow traditional warfighting concepts if backed up with appropriate military doctrine and organizations. OSD's office of networks and information integration -- NII for short -- was supposed to shepherd this vision into reality by overseeing a raft of multi-billion-dollar investment projects. A decade later, nobody talks about military transformation anymore, and joint initiatives begun under its banner such as the Transformational Communications Satellite and Future Combat System are fading memories. Service-level projects like the Navy's Next-Generation Enterprise Network increasingly look like wasteful efforts to re-invent the wheel -- efforts that are doomed to be canceled as Washington turns to deficit reduction and military budgets shrink. So what went wrong? How is it possible for every policymaker in the five-sided building to embrace a common vision of information-age warfare at the beginning of a decade, and for it all to be forgotten by decade's end? The first thing that went wrong was that threats evolved differently than military planners expected. The authors of network-centric warfare thought that the joint force was in the midst of a prolonged "strategic pause" when the decade began, after which some new peer or near-peer adversary would emerge. That pause ended unexpectedly on 9-11, and America suddenly found itself facing a very different kind of danger. Networks and information technology have certainly proven useful in dealing with elusive new adversaries, but so far they haven't proven to be the winning weapon that visionaries expected. It turns out that all those networks the Pentagon was planning are just conduits, and that what matters more for victory is the accuracy and completeness of the information moving through the networks. The second problem that proponents did not see coming was that the new technology itself might become a source of weakness. Planners implicitly assumed that if the Pentagon invested heavily enough in cutting-edge networks and information applications, it could leverage the warfighting potential of the new technology while staying comfortably ahead of other countries with similar ideas. Well, it hasn't worked out that way. We now know that everybody from the Taliban to Mexican drug cartels can benefit from the reach and richness of wideband networks. Even worse, they can tap into our own networks, as China proves on a daily basis. So the military has had to launch a crash program to prevent its gee-whiz networks from being used against it (incidentally, the Navy is inexplicably trying to replace the one big network that so far has proven largely immune to hostile penetrations, in order to implement a more "advanced" architecture). And then there is the cost of network-centrism. When the decade began, America was basking in the prosperity of the dot.com revolution, generating nearly a third of all global economic output. Since then its economy has swooned and tax receipts have collapsed to a point where over 40 percent of the federal budget is being borrowed. So one by one, all of the big networking initiatives begun during the Bush years are being canceled. That isn't so hard to do since there are no immediate consequences for warfighters and the projects never developed firm political constituencies. The Defense Business Board's proposal to kill the Pentagon's networking shop is just the latest installment in what has become a long-running chronicle of decline. No doubt about, networks have changed the way the world wages war. But network-centric warfare is an idea whose time has passed. From rforno at infowarrior.org Fri Aug 6 16:02:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Aug 2010 17:02:39 -0400 Subject: [Infowarrior] - Appeals Court Rejects Warrantless GPS Tracking Message-ID: August 6th, 2010 Court Rejects Warrantless GPS Tracking http://www.eff.org/press/archives/2010/08/06-0 EFF-ACLU Arguments Against Always-On Surveillance Win The Day Washington, D.C. - The U.S. Court of Appeals for the District of Columbia Circuit today firmly rejected government claims that federal agents have an unfettered right to install Global Positioning System (GPS) location-tracking devices on anyone's car without a search warrant. In United States v. Maynard, FBI agents planted a GPS device on a car while it was on private property and then used it to track the position of the automobile every ten seconds for a full month, all without securing a search warrant. In an amicus brief filed in the case, EFF and the ACLU of the Nation's Capital argued that unsupervised use of such tactics would open the door for police to abuse their power and continuously track anyone's physical location for any reason, without ever having to go to a judge to prove the surveillance is justified. The court agreed that such round-the-clock surveillance required a search warrant based on probable cause. The court expressly rejected the government's argument that such extended, 24-hours-per-day surveillance without warrants was constitutional based on previous rulings about limited, point-to-point surveillance of public activities using radio-based tracking beepers. Recognizing that the Supreme Court had never considered location tracking of such length and scope, the court noted: "When it comes to privacy...the whole may be more revealing than its parts." The court continued: "It is one thing for a passerby to observe or even to follow someone during a single journey as he goes to the market or returns home from work. It is another thing entirely for that stranger to pick up the scent again the next day and the day after that, week in and week out, dogging his prey until he has identified all the places, people, amusements, and chores that make up that person's hitherto private routine." "The court correctly recognized the important differences between limited surveillance of public activities possible through visual surveillance or traditional 'bumper beepers,' and the sort of extended, invasive, pervasive, always-on tracking that GPS devices allow," said EFF Civil Liberties Director Jennifer Granick. "This same logic applies in cases of cell phone tracking, and we hope that this decision will be followed by courts that are currently grappling with the question of whether the government must obtain a warrant before using your cell phone as a tracking device." "GPS tracking enables the police to know when you visit your doctor, your lawyer, your church, or your lover," said Arthur Spitzer, Legal Director of the ACLU-NCA. "And if many people are tracked, GPS data will show when and where they cross paths. Judicial supervision of this powerful technology is essential if we are to preserve individual liberty. Today's decision helps brings the Fourth Amendment into the 21st Century." Attorneys Daniel Prywes and Kip Wainscott of Bryan Cave LLP also volunteered their services to assist in preparing the EFF-ACLU brief. For the full opinion: http://www.eff.org/files/filenode/US_v_Jones/maynard_decision.pdf For more information on the case, formerly known as U.S. v. Jones: http://www.eff.org/cases/us-v-jones Contacts: Kevin Bankston Senior Staff Attorney Electronic Frontier Foundation bankston at eff.org From rforno at infowarrior.org Sat Aug 7 13:42:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Aug 2010 14:42:19 -0400 Subject: [Infowarrior] - 5 Things I Learned Cutting Off IM, Twitter, Email & Facebook Message-ID: <4C1731E7-DB7B-42D6-8C69-9C00B608B21F@infowarrior.org> 5 Things I Learned Cutting Off IM, Twitter, Email & Facebook http://www.openforum.com/idea-hub/topics/lifestyle/article/5-things-i-learned-cutting-off-im-twitter-email-facebook-jean-aw Aug 02, 2010 - Everyone knows the things that literally GRAB your attention often get it. As much as you try to ignore the guy popping into your office, the woman calling non-stop, the screaming child pulling on your leg, those things can end up inadvertently trumping other things you could be doing. But all of those things are REAL world problems... now lets talk digital. The barrage of instant messages bleeping and flashing on your screen, the tweets, the Google alerts, the noise you know means "you've got mail", the buzz of your phone with text messages arriving, a Facebook messaging arriving ... it's amazing people get ANY work done these days! For a lot of us, those so-called distractions are an integral part of our work. For the last 15 years of my life, it's been almost impossible to find me on a laptop yet not online and on instant messenger (with a stack of chats open simultaneously). It keeps escalating, which is to be expected. With more and more streams directed at me, doing what I LOVE -- living my life, exploring, discovering new things, getting inspired and actually making things -- can get lost. So I tried a little experiment, during a WEEKDAY, no less: No instant messenger constantly open; no Tweetdeck constantly feeding me more tweets; no Mail open; no Facebook browsing in my permanently opened tabs. I still couldn't resist spending hours on my laptop, but instead of impulsively checking everything every few MINUTES or keeping everything open, I looked, caught up for a few minutes, then CLOSED them. And here are a few things I learned. 1. It's lonely... at first! I'd find an amazing link, get excited, really want to share it -- too excited to just post it directly to NOTCOT.org. I wanted to tell someone! I'd find myself looking for that buddy list instantly. Then I'd try and fight the urge to tweet it. The strangest thing I did was look around the room, even though I was home by myself. Beyond the moment of loneliness, I found ME. I'd stop and think about what it was that excited me, perhaps delve a bit deeper into the subject, find even cooler details, and end up formulating a bigger feature post to share more thoroughly on NOTCOT. 2. It helps focus! Don't get me wrong, I'm an a huge advocate of multitasking. I used to annoy my roommates in college because I would have the TV on while listening to music, talking on IM, perusing websites, and doing homework -- sometimes while on the phone. I love being surrounded by multiple passive streams while focusing on one (or two?) main tasks. The biggest problem with IM, Twitter, Email, and Facebook is that they aren't nearly passive enough. Somehow the pull of people being able to reach out and scream for your attention so directly (face it, TV just doesn't call you out like a tweet @ you does) changed everything! The extra focus let me enjoy what i was doing even more! 3. Reality changes. Sounds silly, doesn't it? But how many times do you check email and twitter on your phone? You're waiting to meet someone, whether you're early or they're late, what do you do to pass the time? Does the phone come out? Movie just ended, do you instantly see what you missed? Or even worse, when you're out to dinner with someone, do you check in during? Or at a red light? After forcing myself away from that habit for two days, I felt less inclined to need to check everything while I was out. And it was kind of freeing -- gives you even more of a chance to appreciate and discover new things around you. And those people who are on your case for not tweeting them back quickly enough? They can wait. 4. Time slows down, and calm comes. It's better than the kind of calm I get after a good work out. That one is more exhaustion mixed with an adrenaline rush that gets my head racing. This one, I feel more relaxed, at peace with myself, and more in control of my life. Email responses happen when I'm ready. IM conversations take place when I'm open to people talking to me. Twitter and Facebook intake occurs only when I am ready for all the superfluous details of lives of both friends and random interesting folks I followed at some point. Beyond the calm, time begins to slow down, and the unnecessary sense of urgency washes away. And you know what? Somehow I answered even more email that usual. 5. Productivity shifts. Without that constant pull from various directions, inspiration evolved into creation naturally. Being alone in my head and being able to focus let the ideas and opportunities I never had time to fully think through took on lives of their own. And THAT is the rush i missed most as doing what I loved evolved into "work". So, that's my experiment, and I'll definitely be tweaking my laptop habits to allow more of this productive calm into my life. How do you balance your social media monitoring and constant contact as the physical and digital world pull at you? There will always be more IMs, tweets, emails, phone calls, and people than you can possibly handle -- how do you balance it, so as not to lose yourself in it? From rforno at infowarrior.org Sat Aug 7 14:03:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Aug 2010 15:03:00 -0400 Subject: [Infowarrior] - Cisco CSO: Vulnerabilities Will Always Exist Message-ID: www.esecurityplanet.com/features/article.php/3897311 Back to Article Cisco CSO: Vulnerabilities Will Always Exist By Sean Michael Kerner August 6, 2010 With multiple product lines spanning networking gear, unified communications, video and collaboration tools, Cisco has a large footprint that it needs to secure. And that's the job of John Stewart, the chief security officer at Cisco and the man tasked with keeping security front and center. Stewart is now leading a new effort within Cisco to emphasize a secure development lifecycle for all of the networking giant's products -- a need for continuous improvement in security practices that comes as the threat landscape continues to evolve. "I believe we have to live with the idea that vulnerability will always exist," Stewart told InternetNews.com. "So in that construct, we have to design for it, be efficient about handling it and then ensure in the end that we try and avoid it as much as possible -- but adapt to it when it shows up." Stewart described Cisco's approach to security as relying on multiple points of view, including those inside and outside the company, with the idea being that it's not possible for Cisco to know everything and to be able to discover every vulnerability on its own. The other key driver for Cisco's security policy, he said, is to try and find vulnerabilities first -- either on its own or with outside help -- before attackers do. And for both, he stressed that it's critical to always keep looking for security vulnerabilities. "The notion that you're ever done in this industry is a fallacy," Stewart said. "We never stop looking." Secure development lifecycle While security has long been a priority for Cisco, Stewart said that the company is now at an inflexion point. He noted that earlier this year, Cisco publicly disclosed a new approach to how security is baked into the development process. "We call it the Cisco Secure Development Lifecycle (CSDL)," Stewart said. "Microsoft has its Microsoft Secure Development Lifecycle, and our effort is a credit to Microsoft's work. Microsoft, in fact, helped us quite a bit." The Microsoft SDL began in 2003 as a company-wide effort to ensure that security was integrated into the product development process. For Cisco, Stewart said one of the reasons why Cisco is moving to an SDL is to have a more consistent approach to finding and fixing vulnerabilities. Integrating security in every step of the development process is also critical in ensuring that Cisco is a trustworthy vendor for enterprises. "I think there is a certain belief that with IT systems: People will start buying based on trust," Stewart said. "Do you trust that we developed it right, that there won't be problems in the future, and when there are problems, that Cisco will handle them correctly?" Stewart added that while the Cisco Secure Development Lifecycle is now only in its nascent stages, he already has buy-in from his engineering teams and from Cisco's executive leadership. Still, even with the new secure lifecycle approach, Stewart said there won't be any kind of final signoff from his group saying that a product is secure. Instead, he said that he's too cynical to use the word "secure," which he described as having a definition that can change over time. For instance, he added that new flaws and software research occur all the time that can render vulnerable products that had been previously considered secure. "The wrong conclusion is that it's 'secure,'" Stewart said. "I feel that it's very hard to make that happen." Even though a "secure" product remains a moving target, Stewart still aims to have a very real contribution to a product's security, by developing an overview of each product that will show that it has been developed in compliance with Cisco's secure development policies and processes. "If the process isn't perfect, then we'll improve it," Stewart said. "If there is a new wave of vulnerability from something we never thought of, then we'll improve the process. Essentially, the tide shows up and the boats all float." And in doing so, Stewart is betting his work can help Cisco differentiate itself from its competitors based in part on the quality and trustworthiness of its security. "Three years ago, I think we were still having the debate of whether security is an adjective or a noun -- is it embedded or is it separate?" he said. "Now I think it's absolutely expected that security, simplicity and management are three things that have to be part of all technologies." Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals. From rforno at infowarrior.org Sat Aug 7 19:20:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Aug 2010 20:20:33 -0400 Subject: [Infowarrior] - Apple iPhone Exec leaves Message-ID: <6CA7E46C-04D5-4B90-B9DB-A354F14638EF@infowarrior.org> August 7, 2010 Executive Leaves After iPhone Antenna Troubles By MIGUEL HELFT http://www.nytimes.com/2010/08/08/technology/08apple.html?_r=1&pagewanted=print Mark Papermaster, the Apple executive in charge of hardware for the company?s flagship iPhone, has left the company in the wake of widely reported problems with the antenna of the recently introduced iPhone 4. It is not clear if Mr. Papermaster was ousted or left on his own accord. Reached on his cellphone, Mr. Papermaster declined to comment. In a statement, an Apple spokesman, Steve Dowling, confirmed Mr. Papermaster?s departure. Mr. Dowling said Mr. Papermaster ?is leaving the company and Bob Mansfield, senior vice president of Macintosh hardware engineering, is assuming his responsibilities.? Mr. Mansfield already oversees several technologies that are part of the iPhone, including the A4 chip, the retina display and touch screens, Mr. Dowling said. Mr. Papermaster arrived at Apple in 2008, setting off a prominent battle with I.B.M., where in a 25-year-career he had risen to the top levels of management. I.B.M. sued Mr. Papermaster in federal court in an attempt to prevent him from joining Apple, saying that he had signed a noncompete agreement. The parties settled the case after Mr. Papermaster testified in court that he had not revealed any trade secrets. When Steven P. Jobs, the chief of Apple, introduced the iPhone 4, he hailed the design of its antenna, which is built into a steel band that encases the phone. But almost immediately after the iPhone 4 went on sale, consumers began to complain that when they touched a spot on the lower left section of the device, reception would decrease sharply, in some cases resulting in dropped calls. The problems, and Apple?s clumsy response, turned into a public relations mess for the company. Apple first recommended that users hold the phone in a way that avoids contact with the lower left section of the device. The company later said it found a software problem with the signal meter that indicates cellphone reception. Embarrassingly, the company said the problem affected not only the iPhone 4, but also earlier models. While Apple fixed the problem, complaints about the antenna continued to mount. After Consumer Reports shone a spotlight on the problems and said it could not recommend the iPhone 4, Apple called a press conference on July 16 where Mr. Jobs mounted an impassioned defense of the device. Mr. Jobs said other smartphones suffered from similar problems when cradled in certain ways, an assertion that was challenged by several of Apple?s competitors. But in an effort to put the problem behind the company, Mr. Jobs offered free bumpers to all iPhone 4 customers. By insulating the antenna from human touch, the bumpers solve the reception problems. Mr. Jobs also said that the iPhone 4 was the most successful new product introduction in Apple?s history. He said complaints among customers were minimal and he accused the media of blowing the problem out of proportion. Some observers were surprised that Mr. Papermaster was not present at the press conference, which in addition to Mr. Jobs included Tim Cook, the chief operating officer, and Mr. Mansfield. Mr. Papermaster, who was listed as an executive on Apple?s Web site earlier Saturday, had vanished from the site later in the day. From rforno at infowarrior.org Mon Aug 9 14:32:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Aug 2010 15:32:36 -0400 Subject: [Infowarrior] - VZ/GOOG Joint Policy Proposal for an Open Internet Message-ID: <0BDB2247-542A-418C-B234-9C4994433EA5@infowarrior.org> Joint Policy Proposal for an Open Internet http://policyblog.verizon.com/BlogPost/742/JointPolicyProposalforanOpenInternet.aspx Jointly posted by Tom Tauke, Verizon Executive Vice President of Public Affairs, Policy and Communications and Alan Davidson, Google Director of Public Policy. The original architects of the Internet got the big things right. By making the network open, they enabled the greatest exchange of ideas in history. By making the Internet scalable, they enabled explosive innovation in the infrastructure. It is imperative that we find ways to protect the future openness of the Internet and encourage the rapid deployment of broadband. Verizon and Google are pleased to discuss the principled compromise our companies have developed over the last year concerning the thorny issue of ?network neutrality.? In October, our two companies issued a shared statement of principles on network neutrality. A few months later we submitted a joint filing to the FCC, and in an April joint op-ed our CEOs discussed their common interest in an open Internet. Since that time, we have listened to all sides of the debate, engaged in good faith with policy makers in multiple venues, and challenged each other to craft a balanced policy framework. We have been guided by the two main goals: 1. Users should choose what content, applications, or devices they use, since openness has been central to the explosive innovation that has made the Internet a transformative medium. 2. America must continue to encourage both investment and innovation to support the underlying broadband infrastructure; it is imperative for our global competitiveness. Today our CEOs will announce a proposal that we hope will make a constructive contribution to the dialogue. Our joint proposal takes the form of a suggested legislative framework for consideration by lawmakers, and is laid out here. Below we discuss the seven key elements: First, both companies have long been proponents of the FCC?s current wireline broadband openness principles, which ensure that consumers have access to all legal content on the Internet, and can use what applications, services, and devices they choose. The enforceability of those principles was called into serious question by the recent Comcast court decision. Our proposal would now make those principles fully enforceable at the FCC. Second, we agree that in addition to these existing principles there should be a new, enforceable prohibition against discriminatory practices. This means that for the first time, wireline broadband providers would not be able to discriminate against or prioritize lawful Internet content, applications or services in a way that causes harm to users or competition. Importantly, this new nondiscrimination principle includes a presumption against prioritization of Internet traffic - including paid prioritization. So, in addition to not blocking or degrading of Internet content and applications, wireline broadband providers also could not favor particular Internet traffic over other traffic. Third, it?s important that the consumer be fully informed about their Internet experiences. Our proposal would create enforceable transparency rules, for both wireline and wireless services. Broadband providers would be required to give consumers clear, understandable information about the services they offer and their capabilities. Broadband providers would also provide to application and content providers information about network management practices and any other information they need to ensure that they can reach consumers. Fourth, because of the confusion about the FCC?s authority following the Comcast court decision, our proposal spells out the FCC?s role and authority in the broadband space. In addition to creating enforceable consumer protection and nondiscrimination standards that go beyond the FCC?s preexisting consumer safeguards, the proposal also provides for a new enforcement mechanism for the FCC to use. Specifically, the FCC would enforce these openness policies on a case-by-case basis, using a complaint-driven process. The FCC could move swiftly to stop a practice that violates these safeguards, and it could impose a penalty of up to $2 million on bad actors. Fifth, we want the broadband infrastructure to be a platform for innovation. Therefore, our proposal would allow broadband providers to offer additional, differentiated online services, in addition to the Internet access and video services (such as Verizon's FIOS TV) offered today. This means that broadband providers can work with other players to develop new services. It is too soon to predict how these new services will develop, but examples might include health care monitoring, the smart grid, advanced educational services, or new entertainment and gaming options. Our proposal also includes safeguards to ensure that such online services must be distinguishable from traditional broadband internet access services and are not designed to circumvent the rules. The FCC would also monitor the development of these services to make sure they don?t interfere with the continued development of Internet access services. Sixth, we both recognize that wireless broadband is different from the traditional wireline world, in part because the mobile marketplace is more competitive and changing rapidly. In recognition of the still-nascent nature of the wireless broadband marketplace, under this proposal we would not now apply most of the wireline principles to wireless, except for the transparency requirement. In addition, the Government Accountability Office would be required to report to Congress annually on developments in the wireless broadband marketplace, and whether or not current policies are working to protect consumers. Seventh, and finally, we strongly believe that it is in the national interest for all Americans to have broadband access to the Internet. Therefore, we support reform of the Federal Universal Service Fund, so that it is focused on deploying broadband in areas where it is not now available. We believe this policy framework properly empowers consumers and gives the FCC a role carefully tailored for the new world of broadband, while also allowing broadband providers the flexibility to manage their networks and provide new types of online services. Ultimately, we think this proposal provides the certainty that allows both web startups to bring their novel ideas to users, and broadband providers to invest in their networks. Crafting a compromise proposal has not been an easy process, and we have certainly had our differences along the way. But what has kept us moving forward is our mutual interest in a healthy and growing Internet that can continue to be a laboratory for innovation. As policy makers continue to formulate the rules of the road, we hope that other stakeholders will join with us in providing constructive ideas for an open Internet policy that puts consumers in charge and enhances America?s leadership in the broadband world. We stand ready to work with the Congress, the FCC and all interested parties to do just that. From rforno at infowarrior.org Mon Aug 9 14:46:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Aug 2010 15:46:46 -0400 Subject: [Infowarrior] - How The BMI Shakedown Works Message-ID: A Day In The Life Of Legalized Extortion: How The BMI Shakedown Works http://techdirt.com/articles/20100806/15462810537.shtml from the sickening dept A bunch of you sent in this NY Times puff piece that basically follows around a BMI "enforcer," for a day, watching as she tries to get restaurants, clubs, bars, skating rinks, etc. to pay up for playing music in their establishments. It's all legal, but it has all the hallmarks of a pure shakedown -- which is why operations like BMI and ASCAP are notorious for doing more harm than good, by making it much more difficult for up-and-coming musicians to find venues to play in. Many venues simply stop playing music, rather than deal with expensive BMI/ASCAP licenses. On top of that, because of the way these systems work, they tend to funnel money disproportionately to big name artists, again harming less well known songwriters. BMI, in fact, has been particularly obnoxious about this. Last year, when a songwriter who had not received any of the promised royalties was brought up, BMI responded that it wasn't their problem, and "I would like to tell him is that he needs to write a hit song." Nice, huh? The NY Times piece highlights a few interesting points. I don't know if it was on purpose or not, but a VP from BMI in the article refers to one of the large group of folks who call and visit these venues as "salespeople." We've seen this before. The role that is supposed to be an auditor or an investigator is actually defined as a sales role, meaning that they often have a specific stake in squeezing as much money as possible out of the people they talk to. I don't know if BMI's compensation is structured that way, but certainly other Performance Rights Organizations (PROs) are set up that way. As such, it's no surprise that BMI uses cheesey motivational techniques found in sales training: One afternoon, I sat with Baker at her cubicle. Besides pictures of her fiance, Mike, and her nieces, she also has a smiley-face chart. Her boss made it up for all the licensing executives, to remind them that their moods and their tones will determine their success. The chart is like a traffic light. There?s a green smiley face, a straight face in yellow, then a face in red, frowning. "You never wanna be on the red," Baker said. Then there's the new tools that BMI is using to track down everyone who's playing music. It's spying on more and more areas where music is played, and the reporter discussed with a few people, and they all found it creepy. BMI's response? They like that people refer to them as "Big Brother." Friends I talked to had a similar reaction. To a one, they said: "Jesus. Sounds like Big Brother." When I mentioned this to DeBusk, he smiled ominously. "Yes. Well. We're here to help." Finally, the closing vignette is really kinda sickening. The reporter follows the "salesperson" as she goes to talk to a struggling restaurant who has trouble paying the bills. After a bit of "negotiation" she gets them to pay up and then admits she knows she's taking money that the owners really need: Baker accepted Ross's invitation and sat down in the booth with Ross and her pug, Frank. Out came the checkbook. "I could tell she was low on money," Baker told me later. "I could tell it was hard for her to shell out the money." Sickening. This is legalized extortion. And, make no mistake. It's all very legal. But we should be asking why. From rforno at infowarrior.org Mon Aug 9 15:32:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Aug 2010 16:32:15 -0400 Subject: [Infowarrior] - Previewing Goldman: The Movie Message-ID: <109EE9A4-34BC-4707-8C75-3590205BCB48@infowarrior.org> http://www.zerohedge.com/article/previewing-goldman-movie Ric Burns documentary about Goldman Sachs is imminent. Because as the WSJ revealed previously, the fact that Ric Burns is paid by Goldman Sachs to make a film about the discount window backed hegde fund, in which Goldman Sachs maintains complete editorial control, sure seems like yet another PR fiasco waiting to happen, on par with Goldman making money every single trading day in Q1 (at least they learned their lesson there, and theatrically let a few losses slip in). Just like you, we can't wait for the final product to finally boost our opinion of the fixed income OTC market monopolist. In the meantime, we present this appetizer as to what the final video will most likely be, courtesy of Minyanville. http://www.minyanville.com/audiovideo/popbiz/ From rforno at infowarrior.org Mon Aug 9 15:58:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Aug 2010 16:58:22 -0400 Subject: [Infowarrior] - JFCOM and ASD(NII) being eliminated Message-ID: <86B07D6F-9AA2-4780-854C-226F49E0460A@infowarrior.org> (c/o Anonymous) It's official: JFCOM and ASD(NII) are being eliminated. http://www.defense.gov/releases/release.aspx?releaseid=13782 From rforno at infowarrior.org Mon Aug 9 17:36:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Aug 2010 18:36:53 -0400 Subject: [Infowarrior] - =?windows-1252?q?Spinal-Fluid_Test_Is_Found_to_Pr?= =?windows-1252?q?edict_Alzheimer=92s?= Message-ID: <8AD1EC5E-73C5-4B33-A5D4-CF86B5DDCBA2@infowarrior.org> Spinal-Fluid Test Is Found to Predict Alzheimer?s By GINA KOLATA Published: August 9, 2010 http://www.nytimes.com/2010/08/10/health/research/10spinal.html Researchers report that a spinal-fluid test can be 100 percent accurate in identifying patients with significant memory loss who are on their way to developing Alzheimer?s disease. Although there has been increasing evidence of the value of these tests in finding signs of Alzheimer?s, the study, which will appear Tuesday in the Archives of Neurology, shows how very accurate they can be. ?This is what everyone is looking for, the bull?s eye of perfect predictive accuracy,? said Dr. Steven DeKosky, dean of the University of Virginia?s medical school, who is not connected to the new research. The study, said Dr. John Morris, a professor of neurology at Washington University, ?establishes that there is a signature of Alzheimer?s and that it means something.It is very powerful. A lot of work lies ahead, researchers say ? making sure the tests are reliable if they?re used in doctors? offices, making sure the research findings hold up in real life situations, getting doctors and patients comfortable with the notion of spinal taps, the method used to get spinal fluid. But they see a bright future. The new study is part of a tsunami of recent findings on Alzheimer?s disease. After decades when nothing much seemed to be happening, when this progressive brain disease seemed untreatable and when its diagnosis could only be confirmed at autopsy, the field has suddenly woken up. Alzheimer?s, investigators now agree, starts a decade or more before people have symptoms. And by the time there are symptoms it may be to late to save the brain. So the hope is to find good ways to identify people who are getting the disease, and use those people as subjects in studies to see how long it takes for symptoms to occur and in studies of drugs that may slow or stop the disease. Researchers are finding simple and accurate ways to detect Alzheimer?s long before there are definite symptoms ? in addition to spinal fluid tests they also have new PET scans that show the telltale amyloid plaques that are a unique feature of the disease. And they are testing hundreds of new drugs that, they hope, might slow or stop the relentless brain cell death that robs people of their memories and abilities to think and reason. But the PET scans are not yet commercially available, while spinal fluid tests are. So the new results are giving rise to a difficult question: Should doctors offer, or patients accept, commercially available spinal tap tests to find a disease that is, as yet, untreatable? In the research studies, patients are often not told they may have the disease, but in practice in the real world, many may be told. Some say it should be up to doctors and their patients. Others say doctors should refrain from using the spinal fluid test in their practices. It is not reliable enough ? results can vary from lab to lab ? and has only been studied in research settings where patients are carefully selected to have no other conditions, like strokes or depression, that could affect their memories. ?This is literally on the cutting edge of where the field is,? Dr. DeKosky said. ?The field is moving fast. You can get a test that is approved by the F.D.A., and cutting edge doctors will use it.? But, said Dr. John Trojanowski, a University of Pennsylvania researcher and senior author of the paper, given that people can get the test now, ?how early do you want to label people?? Some, like Dr. John Growdon, a neurology professor at the Massachusetts General Hospital who wrote an editorial accompanying the paper, said that decision is up to doctors and their patients. Doctors might want to use the test in cases where they need to be sure a patient with symptoms of severe memory loss and loss of reasoning abilities has Alzheimer?s. And they might want to offer it to people with milder symptoms who really want to know if they have the devastating brain disease. One drawback, though, is that spinal fluid is obtained with a spinal tap, and that procedure makes most doctors and many patients nervous. The procedure involves putting a needle in the spinal space and withdrawing a small amount of fluid. Dr. Growdon and others say spinal taps are safe and not particularly painful for most people. But, Dr. Growdon said, there needs to be an education campaign to make people feel more comfortable about having them. He suggested that, since most family doctors and internists are not experienced with the test, there could be special spinal tap centers where they could sent patients. The new study included more than 300 patients in their seventies, 114 with normal memories, 200 with memory problems, and 102 with Alzheimer?s disease. Their spinal fluid was analyzed for amyloid beta, which forms plaques in the brain, and for tau, another protein that accumulates in dead and dying nerve cells in the brain. To avoid bias, the researchers analyzing the data did not know anything about the clinical status of the subjects. Also, the subjects were not told what the tests showed. Nearly every person with Alzheimer?s had the characteristic spinal fluid protein levels. Nearly three quarters of people with mild cognitive impairment, a memory impediment that can precede Alzheimer?s, had Alzheimer?s-like spinal fluid proteins. And every one of those patients developed Alzheimer?s within five years. And about a third of people with normal memories had spinal fluid indicating Alzheimer?s. Researchers suspect that those people will develop memory problems. The prevailing hypothesis about Alzheimer?s says amyloid and tau accumulation are necessary for the disease and that stopping the proteins could stop the disease. But it is not yet known what happens when these proteins accumulate in the brains of people with normal memories. They might be a risk factor like high cholesterol levels. Many people with high cholesterol levels never have heart attacks. Or it might mean that Alzheimer?s has already started and if the person lives long enough he or she will get symptoms like memory loss with absolute certainty. Many, like Dr. DeKosky, believe that when PET scans for amyloid become available, they will be used instead of spinal taps, in part because doctors and patients are more comfortable with brain scans. And when ? investigators optimistically are saying ?when? these days ? drugs are shown to slow or prevent the disease, the thought is that people will start having brain scans or spinal taps for Alzheimer?s as routinely as they might have colonoscopies or mammograms today. For now, Dr. DeKosky said, the days when Alzheimer?s could be confirmed only at autopsy are almost over. And the time when Alzheimer?s could only be detected after most of the brain damage was done seem to be ending too. ?The new biomarkers in CSF have made the difference,? Dr. DeKosky said. ?This confirms their accuracy in a very big way.? From rforno at infowarrior.org Mon Aug 9 19:39:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Aug 2010 20:39:48 -0400 Subject: [Infowarrior] - 'splain this logic to us, please Message-ID: http://techdirt.com/articles/20100809/00525710543.shtml It seems like Comcast is a bit confused about the technology that it offers to its customers, which involves a generally fat broadband pipe to users, through which they can access all sorts of content, including on demand videos. So, you might think that if Comcast were to team up with a company like Netflix or Blockbuster, it would be to deliver streaming content. Nope. Apparently Comcast has done a deal with Blockbuster to deliver DVDs by mail. That's literally what the two companies are calling the product: "DVDsByMail." It's not like this hasn't been done for ages by both Netflix and Blockbuster. It's not clear what Comcast brings to the table here other than the "um... why?" factor it adds by wondering why Comcast is involved in something that doesn't involved delivering content over its own network, but using the US Postal Service's "network" instead. From rforno at infowarrior.org Tue Aug 10 09:10:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Aug 2010 10:10:08 -0400 Subject: [Infowarrior] - WSJ: Google Agonizes on Privacy as Ad World Vaults Ahead Message-ID: <2FDA51DD-9684-4432-A37E-07DB4E21F486@infowarrior.org> Google Agonizes on Privacy as Ad World Vaults Ahead By JESSICA E. VASCELLARO http://online.wsj.com/article/SB10001424052748703309704575413553851854026.html A confidential, seven-page Google Inc. "vision statement" shows the information-age giant in a deep round of soul-searching over a basic question: How far should it go in profiting from its crown jewels?the vast trove of data it possesses about people's activities? Should it tap more of what it knows about Gmail users? Should it build a vast "trading platform" for buying and selling Web data? Should it let people pay to not see any ads at all? These and other ideas big and small?the third one was listed under "wacky"?are discussed in the document, which was reviewed by The Wall Street Journal and compiled in late 2008 by Aitan Weinberg, now a senior product manager for interest-based advertising. Along with interviews with more than a dozen current and former employees, the vision statement offers a candid, introspective look at Google's fight to remain at the vanguard of the information economy. Google is pushing into uncharted privacy territory for the company. Until recently, it refrained from aggressively cashing in on its own data about Internet users, fearing a backlash. But the rapid emergence of scrappy rivals who track people's online activities and sell that data, along with Facebook Inc.'s growth, is forcing a shift. A person familiar with the matter called the vision statement a "brainstorming document" and said it wasn't presented to senior executives. Some of its ideas are "complete non-starters," this person said. Efforts to reach Mr. Weinberg weren't successful. Still, several have been implemented. Among them: Last year, Google for the first time started collecting a new type of data about the websites people visit, and using it to track and show them ads across the Internet. Worries about the size of Google's data cache are "hypothetical," said co-founder Larry Page last month in response to a reporter's question about privacy. "It is always easy to be fearful of what could happen, right?" Google's Widening Reach As Google changes, it is likely to bring the rest of the online world with it. With more users than any other Internet company, it has an unparalleled ability to make new ad-targeting methods mainstream. The company also actively participates in trade groups that regularly craft new privacy practices among themselves in hopes of thwarting legislation. The Federal Trade Commission said last year that the field can regulate itself as long as companies disclose their practices to users, among other things. Google is overwhelmingly important to online privacy. Roughly 75% of global Internet users, or 943.8 million people, used its services in June, more than any other Web company, according to comScore. The vision statement describes the company's immense search database as "the BEST source of user interests found on the Internet," during a discussion of ways to make ads more relevant to users. "No other player could compete," it says. Later, the document warns that some ideas range from "safe" to "not" safe. The most aggressive ideas would put Google at the cutting edge of the business of tracking people online to profit from their actions. A data-trading marketplace, for instance, would allow personal information from many sources?including Google?to be combined and used for highly personalized tracking of individuals. Tiny companies like BlueKai Inc. and eXelate Media Ltd. already offer some of these services, pressuring Google to match them. A Wall Street Journal investigation, "What They Know," is examining the widening trade in this kind of data and the consequences for individual privacy. Google trails in some of these techniques by choice. Famous for its unofficial corporate motto, "Don't Be Evil," for years it resisted using any method to track people online without their knowledge at the fierce insistence of founders Sergey Brin and Mr. Page. But the two men have gradually decided they can begin exploiting the data their company controls, without exploiting consumers, according to interviews with more than a dozen current and former employees. The founders believe they are improving the Internet user's experience, said Alma Whitten, who leads Google's privacy engineering, in a June interview. "What's good for the consumer is good for the advertiser." A recent Journal examination of the proliferation of online tracking found that Google's tracking code appeared on 45 of the 50 most popular U.S. websites. (For details on those findings, go to WSJ.com/WTK.) The 2008 vision statement along with a dozen other internal documents reviewed by the Journal tell the inside story of how Google dragged its feet while its founders' views evolved. Selling ads is Google's big money-maker, but the online-ad business is broadening away from Google's sweet spot, selling ads tied to the search-engine terms people use. Instead, advertisers want to target people based on more specific personal information such as hobbies, income, illnesses or circles of friends. The changes at Google reflect a power realignment online. For years, the strongest companies on the Internet were the ones with the most visitor traffic. Today, the power resides with those that have the richest data and are the savviest about using it. That has propelled Internet ad companies into an arms race so swift that even Google fears being left behind. One slide from an internal presentation in mid-2008, which was reviewed by the Journal, is headlined bluntly: "Get in the Game." That particular slide describes the importance of breaking into the lucrative business of selling "display" ads, which are larger ads with pictures, as opposed to smaller text ads. Today, Google still trails market leader Yahoo in U.S. display-ad revenue, according to analysts. Google still leads the Internet pack overall, of course. Its revenue, $23.7 billion in 2009, is more than three times Yahoo's, its closest competitor. Its online advertising business is growing faster than those of its publicly held U.S. rivals. But Google's revenue growth has slowed dramatically. And social-networking powerhouse Facebook is a widening threat with its ability to sell highly targeted ads to its more than 500 million users. Facebook fears run deep at Google, which is designing its own social-networking service. In a sign of how quickly things change, the 2008 vision statement scarcely mentioned social networks. Google also plans to go head-to-head with Facebook's "Like" button?a tiny tool on many websites that lets people tell friends they "like" something. Each click gives Facebook valuable, personal data about people's interests. Few online companies have the potential to know as much about its users as Google. Consider 26-year-old Ari Brand, an actor living in Manhattan's East Village. Google has access to the fact he paid $733 for a flat-screen TV, because he uploaded his budget to Google Docs, an online word processor and spreadsheet. It has access to the 23,000 emails he has sent through Gmail. Google also saves searches tied to the network address of Mr. Brand's computer, which it makes anonymous after 18 months. Significantly, however, Google doesn't mix those separate pots of personal data. For instance, it doesn't use data gleaned from a person's Gmail account to target ads to that person elsewhere online. Google's computers do, however, scan Gmail messages to place contextual ads next to the emails themselves. Google also says much of its data can't be tied to a person by name. Executives long considered the privacy risks too great relative to the business rewards. According to people familiar with Google's thinking, they felt the company was being held to a higher standard than less well-known firms, and preferred to let more aggressive rivals test the boundaries. Concerns about antitrust scrutiny also heightened the risk of finding new ways to profit from Google's exclusive data. As recently as 2006 or so, Google's sights weren't set on Facebook?they were set on AOL and Yahoo, which together controlled roughly 40% of the U.S. display-ad business, analysts say. One big obstacle in winning more of that business was Google co-founder Mr. Page, who objected to letting Google's advertising customers work with companies that installed "cookies" on people's computers for purposes of serving ads and tracking their performance. Cookies are little text files that can, among other things, be used to help track people's activities online to show them ads targeted to their interests. Those policies hurt Google's display ad sales because the company wouldn't let advertisers use technology they were used to. Google didn't use ad-targeting cookies itself, either. That meant Google could only sell ads based only on the name or content of a page?for instance, putting a shoe ad on a page about shoes. That is known as "contextual" targeting, and many advertisers consider it less effective than "behavioral" targeting, which identifies specific users and their interests. In 2006, Gokul Rajaram, then a senior Google staffer, and ad-sales executive Tim Armstrong tried to change Mr. Page's mind about letting other companies place cookies. In an interview, Mr. Rajaram recalls that he thought it would be an easy sell. A growing number of advertisers were refusing to buy display ads from Google. Market research showed AOL and Yahoo were trouncing Google in the display market. Messrs. Page and Brin weren't swayed. "I was kind of shocked," Mr. Rajaram says. "They just didn't look at it the same way." As factions inside Google fought over the issue, an opportunity arose. DoubleClick Inc., a giant in the business of placing display ads on websites, put itself up for sale?and Google archrival Microsoft Corp. was circling. Google executives were leery of the way DoubleClick used cookies to track people online, on the principle that many users had no idea they were being tracked, people familiar with the situation say. But an acquisition of DoubleClick would instantly bring in display-advertising expertise and clients, they thought. In 2007, Google agreed to buy DoubleClick for $3.1 billion. At the time, some employees joked Google had to spend billions just to get Mr. Page to like cookies, people familiar with the matter say. Google and DoubleClick executives huddled decide how to blend the two companies' products. They had a lot of ground to make up. According to a resulting presentation slide, dated July 2008?the one headlined "Get in the Game"?Google offered fewer ways to measure an ad's effectiveness than Atlas, a rival owned by Microsoft. And Google had none of the behavioral-targeting capacities of AOL's Tacoda unit?meaning it couldn't target ads to people based on websites they visited. Google executives finally agreed it was cookie time. As a result, every page where Google sold a display ad began installing a DoubleClick cookie on users' computers. For the first time, Google had the ability to deliver ads targeted to individual people's computers. But just because it had the ability, Google didn't start using it. There was still too much internal resistance. Mr. Weinberg, the author of the 2008 "vision statement," came to Google from DoubleClick. He and a small group of product managers and marketing officials began discussing the ways Google could target ads to people more aggressively. His memo, stamped "INTERNAL CONFIDENTIAL," acknowledged the delicateness of the subject. Audience targeting is "of a sensitive nature," it stated in the very first sentence, due to the possibility of "mis-understanding" among users. The memo then went on to outline a sweeping vision in which Google could get other websites from around the Internet to share their data with it for the purpose of targeting ads. The document also says Google could start selling ads across the Web based on the things it knew about people from their Gmail accounts, and also from their use of Google's Checkout service, a PayPal rival. All of that would be a significant change. Currently, although Google places contextual ads within a user's Gmail account, it doesn't follow that person to other websites with those ads. The document shows awareness of the privacy implications. Nothing would happen "without strong consideration of privacy, legal and industry best practices in mind," it states. A goal should be to limit users' feeling of "creepiness" from seeing finely targeted ads, it says. By late 2008, Google executives were preparing to launch ads targeted at users' interests. But the specifics still remained controversial. Tensions erupted during a meeting with about a dozen executives at Google's Mountain View, Calif., headquarters about 18 months ago when Messrs. Page and Brin shouted at each other over how aggressively Google should move into targeting, according to a person who had knowledge of the meeting. "It was awkward," this person said. "It was like watching your parents fight." Mr. Brin was more reluctant than Mr. Page, this person said. Eventually, he acquiesced and plans for Google to sell ads targeted to people's interests went ahead. Google had the ability to deliver ads targeted to individual people's computers. But just because it had the ability, Google didn't start using it. Google launched the new advertising product, "interest-based ads" in March 2009. The service, currently available only to a limited group of advertisers, uses cookies to track any time a user visits one of the more than one million sites where Google sells display ads. To offset the founders' concerns about cookies' secretiveness, Google set up a page, www.google.com/ads/preferences, where people can opt out and see what Google has inferred about their interests. Google adopted other vision-statement ideas. Last September, it launched its new ad exchange, which lets advertisers target individual people?consumers in the market for shoes, for instance?and buy access to them in real time as they surf the Web. Google takes a cut of each ad sale. In short, Google is trying to establish itself as the clearinghouse for as many ad transactions as possible, even when those deals don't actually involve consumer data that Google provides or sees. The further step in that progression would be for Google to become a clearinghouse for everyone's data, too. That idea, also laid out in the vision statement, is still being considered, people familiar with the talks say. That would put Google?already one of the biggest repositories of consumer data anywhere?at the center of the trade in other people's data as well. From rforno at infowarrior.org Tue Aug 10 09:19:12 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Aug 2010 10:19:12 -0400 Subject: [Infowarrior] - US "EMP Attack" Commission Report Message-ID: (h/t JH) Report of the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack http://www.empcommission.org/docs/A2473-EMP_Commission-7MB.pdf From rforno at infowarrior.org Tue Aug 10 12:18:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Aug 2010 13:18:21 -0400 Subject: [Infowarrior] - Ironic: Hotmail problems? MS says to use Chrome for access Message-ID: Irony indeed.... Next week, it may be "Internet not working on your Windows PC? Try Unix." :) Hotmail still not working? Use Chrome to fix it, says MS Advises unhappy users to switch to Google's browser By Kelly Fiveash ? Get more from this author Posted in Applications, 10th August 2010 14:11 GMT http://www.theregister.co.uk/2010/08/10/hotmail_complaints_chrome_fix/ Microsoft has advised Hotmail users struggling to access their email accounts to surf via Google?s Chrome browser in order to successfully connect to the recently overhauled service. The software vendor finally rolled out its latest version of Hotmail to its 350 million users last week, but since then the company has faced plenty of complaints from disgruntled customers unhappy with the new interface. Many have griped that emails have disappeared and that scripting errors in Hotmail prevent them from composing new messages. Others cannot access their accounts at all, and the grumbles are continuing to mount up in the Hotmail forums. Some users are furious at Microsoft for rolling out a buggy product without fully testing it first. Microsoft, via the Hotmail forum, has been advising its customers to stop using Safari 3 and Firefox 2 in order to access its free webmail service. The new Hotmail supports ? unsurprisingly ? various flavours of its own Internet Explorer browser, Firefox 3, Safari 4 and the stable version of Chrome on Windows. Redmond said last week that its product group was looking into complaints from users, who were struggling to view messages. At the time it asked those affected by the Hotmail glitches to tell the firm what type of internet connection and ISP they were using. In the meantime it recommended an interesting workaround: ?Some customers have indicated that if they use Google Chrome to view their Hotmail account they no longer encounter this problem,? said Microsoft. But even that solution isn't satisfying everyone. Hotmail user with the handle 'shelabobby' hit back at Microsoft's suggested fixes and workarounds. "My computer completely stalls when I open my Hotmail. Yes, I have the same issue if I use Firefox, Internet Explorer, or Google Chrome. Yes, I have the same problem if I use another computer, and No, I don't see any script errors because my computer freezes as soon as the window is open," she complained. "I'm not saying I don't like the new features, but I have very important emails I have needed to reply to for three days now. If you're going to keep the features it would be nice if while you are working to fix them you have an option to revert back to the old version till its fixed," she said before signing off as a "Very frustrated user". Others have said they will abandon Hotmail following the revamp, because they feel that Microsoft isn't dealing adequately with their gripes about the service. Meanwhile there were sporadic reports on Twitter overnight that suggested the service was completely down for some users. The Register has asked Microsoft to tell us more about what's gone wrong, but we're still waiting to hear back. ? From rforno at infowarrior.org Tue Aug 10 12:20:57 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Aug 2010 13:20:57 -0400 Subject: [Infowarrior] - OT: Ted Stevens, Sean O'Keefe killed in plane crash Message-ID: <5883E61E-EDA3-4712-9E17-326CEE6F3F51@infowarrior.org> Former Senator Ted Stevens Is in a Plane Crash in Alaska By LIZ ROBBINS http://www.nytimes.com/2010/08/11/us/11crash.html Former United States Senator Ted Stevens was aboard a plane that crashed in southern Alaska on Monday night, a former member of Mr. Stevens?s Congressional staff said on Tuesday. Five of the nine people onboard were believed to have been killed in the crash, the authorities said. The aide, who spoke on condition of anonymity out of respect to the family, said it was still unclear whether anyone had survived the crash. Rescue crews from the Alaska Air National Guard and the United States Coast Guard arrived on the scene more than 10 hours after the crash, hampered by rain and fog in an area of mountains and lakes north of Bristol Bay. The European aerospace firm EADS said that the chief executive of its North American operations, Sean O?Keefe, 54, a former NASA administrator, was also on board. The family of Mr. Stevens issued a statement on Tuesday morning that expressed concern but said nothing about the former senator?s fate: ?The Ted Stevens family offers their prayers for all those on board and for their families. We thank the brave men and women who are working to reach the site. We continue to work with the Alaska National Guard, the U.S. Coast Guard and the Alaska State Troopers. We thank everyone for their support and prayers.? The crash occurred about 320 miles southwest of Anchorage before 8 p.m. Alaska Daylight time, the National Transportation Safety Board said. Another plane spotted the downed aircraft around 7 p.m. and notified authorities, the National Guard said. Mr. Stevens and the other passengers were flying to a lodge near Lake Aleknagik, where he often spent summers fishing. It was unclear why they were headed there. The N.T.S.B. said that the crash was about 10 miles northwest of Lake Aleknagik, and the aircraft was a DeHavilland DHC-3T. The single-engine, high-wing airplane plane is owned by GCI, the Alaskan telecommunications provider, as is the lodge. The plane went undetected by radar because in the area where it went down, about 20 miles north of Dillingham, there is no radar coverage below about 4,000 feet, according to one air traffic control expert familiar with the area. The expert asked not to be identified because the N.T.S.B. is in charge of releasing information. The flight was under visual flight rules, two people familiar with the area said, meaning that it was not being directed by air traffic controllers. The N.T.S.B. said it was sending a team of investigators to the crash site, even though it said it did not know the identity of those on board. The agency does not ordinarily send a board member from Washington to the crashes of private or corporate planes. Mr. Stevens, 86, was the longest-serving Republican senator until he lost his bid for a seventh term in 2008 after he was found guilty of corruption charges. The case was later thrown out because of prosecutorial misconduct. His stature in Alaska seemed to have remained virtually intact despite the scandal, and recently he had been campaigning with the state?s Republican senator, Lisa Murkowski. Sen. Murkowski issued a statement asking Alaskans to pray for those aboard the aircraft. Mr. Stevens survived another plane crash on Dec. 4, 1978, that killed five of seven people on board, including his first wife, Ann. He was traveling on a Lear jet that crashed when landing at Anchorage International Airport, which was renamed Ted Stevens Anchorage International Airport in honor of the senator in 2000. Before that 1978 crash, Mr. Stevens reportedly spoke of a premonition that he would die in a plane crash, a fate that is not unknown to many in Alaska who travel the vast state in small planes. Mr. O?Keefe guided NASA from 2001 to 2005, and was known for his leadership during the shuttle Columbia explosion in February 2003. He resigned on 2005 and became chancellor of the Louisiana State University before joining EADS in November 2009. William Yardley contributed reporting from Fairbanks, Alaska.; Jeff Zeleny and Matthew L. Wald contributed reporting from Washington. From rforno at infowarrior.org Tue Aug 10 13:21:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Aug 2010 14:21:19 -0400 Subject: [Infowarrior] - Plaintiff who challenged FBI's national security letters reveals concerns Message-ID: Plaintiff who challenged FBI's national security letters reveals concerns By Ellen Nakashima Washington Post Staff Writer Tuesday, August 10, 2010; A02 http://www.washingtonpost.com/wp-dyn/content/article/2010/08/09/AR2010080906252_pf.html For six years, Nicholas Merrill has lived in a surreal world of half-truths, where he could not tell even his fiancee, his closest friends or his mother that he is "John Doe" -- the man who filed the first-ever court challenge to the FBI's ability to obtain personal data on Americans without judicial approval. Friends would mention the case when it was in the news and the normally outspoken Merrill would change the subject. He would turn up at the federal courthouse to hear the arguments, and in an out-of-body moment he would realize that no one knew he was the plaintiff challenging the FBI's authority to issue "national security letters," as they are known, and its ability to impose a gag on the recipient. Now, following the partial lifting of his gag order 11 days ago as a result of an FBI settlement, Merrill can speak openly for the first time about the experience, although he cannot disclose the full scope of the data demanded. "To be honest, I'm having a hard time adjusting," said the 37-year-old Manhattan native. "I've spent so much time never talking about it. It's a weird feeling." Civil liberties advocates hope that Merrill's case will inspire others who have received the FBI's letters and have concerns to come forward, and to inform the public debate on the proper scope of the government's ability to demand private data on Americans from Internet and other companies for counterterrorism and intelligence investigations. "One of the most dangerous and troubling things about the FBI's national security letter powers is how much it has been shrouded in secrecy," said Melissa Goodman, a lawyer with the American Civil Liberties Union who helped Merrill sue the government in April 2004 and was one of only a handful of people outside the FBI -- all lawyers -- who knew Merrill had received a letter. The government has long argued, as it did in this case, that "secrecy is often essential to the successful conduct of counterterrorism and counterintelligence investigations" and that public disclosure of the receipt of a letter "may pose serious risks to the investigation itself and to other national security interests." FBI spokesman Mike Kortan said, "The FBI needs the ability to protect investigations, sources and methods." The recent request by the Obama administration to amend the law governing the letters has prompted debate in Congress over which types of electronic records should require a judge's permission before the FBI can seek them, and which types should not, as is the case with national security letters. A letter may be issued by a FBI field office supervisor if they think the data will be relevant to a terrorism probe. The FBI between 2003 and 2006 issued more than 192,500 letters -- an average of almost 50,000 a year. The Justice Department inspector general in 2007 faulted the bureau for failing to adequately justify the issuance of such letters, though progress has been made in cleaning up the process. On a cold February day in 2004, an FBI agent pulled an envelope out of his trench coat and handed it to Merrill, who ran an Internet startup called Calyx in New York. At the time, like most Americans, he had no idea what a national security letter was. The letter requested that Merrill provide 16 categories of "electronic communication transactional records," including e-mail address, account number and billing information. Most of the other categories remain redacted by the FBI. Two things, he said, "just leaped out at me." The first was the letter's prohibition against disclosure. The second was the absence of a judge's signature. "It seemed to be acting like a search warrant, but it wasn't a search warrant signed by a judge," said Merrill. He said it seemed to him to violate the constitutional ban against unreasonable searches and seizures. The letter said that the information was sought for an investigation against international terrorism or clandestine intelligence activities. Merrill said he thought it "outlandish" that any of his clients, many of whom were ad agencies and major companies as well as human-rights and other nonprofit groups, would be investigated for terrorism or espionage. Although Merrill cannot further discuss the types of data sought, he said, "I wouldn't want the FBI to demand stuff like that about me without a warrant." The information an Internet company maintains on customers "can paint a really vivid picture of many private aspects of their life," he said, including whom they socialize with, what they read or write online and which Web sites they have visited. Goodman said Merrill's letter "sought the name associated with a particular e-mail address" and other data that, in a criminal case, likely would require a court order. Merrill confided in his lawyer, who suggested they turn to the ACLU. The civil liberties group decided to file a case, Doe v. Ashcroft, referring to then-Attorney General John Ashcroft. The case yielded two significant rulings. The first was a September 2004 district court decision that the national security letter statute was unconstitutional, which prompted Congress to amend the law to allow a recipient to challenge the demand for records and the gag order. The second was a December 2008 appeals court decision that held that parts of the amended gag provisions violated the First Amendment and that, to avoid this, the FBI must prove to a court that disclosure would harm national security in cases where the recipient resists the gag order. Senior administration officials have said the FBI has adopted that ruling as policy. The FBI withdrew its letter to Merrill in November 2006. From rforno at infowarrior.org Tue Aug 10 15:45:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Aug 2010 16:45:36 -0400 Subject: [Infowarrior] - correction....O'Keefe survives Alaska crash that killed Stevens Message-ID: Ex-NASA chief O'Keefe survives Alaska crash that killed Stevens 03:57 PM http://content.usatoday.com/communities/ondeadline/post/2010/08/ex-nasa-chief-okeefe-survives-alaska-crash-that-killed-stevens/1 Former NASA Administrator Sean O'Keefe has survived the Alaska plane crash that killed former Sen. Ted Stevens, a former space agency spokesman says, according to the Associated Press. O'Keefe's teenage son, Kevin, was also among the four survivors. Both have broken bones and other unspecified injuries, said Glenn Mahone, former NASA spokesman, who spoke to the family. Stevens was among five people who died when their bush plane crashed last night near a remote fishing village in southwestern Alaska, where they were headed for a fishing trip. O'Keefe headed NASA during the shuttle Columbia disaster in February 2003. He resigned in 2005 to become chancellor of Louisiana State University, then joined European military contractor EADS in 2008. From rforno at infowarrior.org Tue Aug 10 22:40:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Aug 2010 23:40:30 -0400 Subject: [Infowarrior] - Meet Project Vigilant--the Wikileaks leak Message-ID: August 10, 2010 4:00 AM PDT Meet Project Vigilant--the Wikileaks leak by Declan McCullagh http://news.cnet.com/8301-31921_3-20013136-281.html In the last week or so, descriptions of a secretive group called Project Vigilant have ranged between dubbing it a hoax and proclaiming it to be the next big threat to Internet privacy. Neither is quite accurate. Highlighting Project Vigilant's role in outing an alleged Wikileaks source, a Salon.com column warned that the organization's members have "extensive, sophisticated expertise in compiling highly invasive data about individuals' Internet activities." It's been labeled a "shadowy spy group" that's "building dossiers" for the feds. To security maven Richard Bejtlich, however, Project Vigilant is nothing but a mere "publicity stunt." Chet Uber, one of the principals of the controversial Project Vigilant. (Credit: Courtesy Chet Uber) The facts paint a bit different and perhaps less intriguing portrait. The project is probably best described as a grand, if somewhat clandestine, idea for how to identify and fingerprint computer-based attacks by enlisting the help of Internet service providers. At the moment, Project Vigilant has scant funding and no paid staff. The man behind Project Vigilant is Chet Uber, 47, who recently spoke with CNET at length about his plans for the organization. Uber is a longtime computer security specialist. I met him around a decade ago when I spoke at an event he organized in Omaha, Neb. I last remember corresponding with him sometime in 2006. Uber has moved back to Omaha from Fort Pierce, Fla., and severe medical problems have put him on disability that he says brings in under $800 a month. He's living a spartan existence; after losing his razor, he said he couldn't afford to buy a new one for a while. "Today I finally got my disability check and I can finally shave," he said. Project Vigilant, too, is run on a shoestring budget. Uber says it brings in and spends about $40,000 a year, not counting noncash donations of server space or forensics software. "We don't need money," Uber said. "Everyone's a volunteer. We don't spend money on stuff...The amount of research we've done on no money is amazing." Mark Rasch, a former Justice Department computer crime prosecutor who has given Uber legal advice at no cost and is listed as the group's general counsel, sums up Project Vigilant more succinctly: "A lot of it is aspirational." Early last week, Uber showed up at the Defcon hacker conference in Las Vegas to announce Project Vigilant's existence. "Defcon was to recruit because in my mind Defcon is a national treasure," he said. "We got about 50 people that want to join." He also got a lot more negative media attention than he had hoped. A 15-minute press conference in a room at the Riviera Hotel and Casino stretched into an hour an a half, with one reporter chasing him all the way to the security line at the airport. Uber says that the journalists misunderstood his idea of attributing electronic attacks and "what we were trying to say we were about was turned into 'spying on Americans.'" A Forbes.com blog post soon appeared with the headline: "Stealthy Government Contractor Monitors U.S. Internet Providers." Another report quoted Uber as bragging that he can quickly reach the "highest level people in the government." Orin Kerr, a law professor at George Washington University, wondered whether Project Vigilant is "violating the law" against wiretapping. If the assembled members of the technology press interpreted Uber's remarks to mean he was taking a page from the National Security Agency's warrantless wiretapping manual, he may have only himself to blame. Uber has a habit of making pronouncements that manage to be both grand and incomprehensible. Two months ago, he sent me an e-mail about Project Vigilant that said, in part: "We do not look at attribution ever as a 100 percent solution. We do see offering a high level of confidence determined by showing correlation that are consistent with perceived events in this time-space model--causality is a bitch--and then based on how that correlation was done and our view of the reliability of the sources and methods used we have a confidence interval." In conversations over the last week, Uber dropped phrases like "we have dozens and dozens of things that are ready to go to patent pending," "we're running hundreds and hundreds of different experiments," "we've developed steganography and compression algorithms and the use of noise," and "we have the capability to monitor up to 250 million IP addresses per day." Following the money But verifying these claims is a different matter. Filing for a patent costs something like $10,000 for software, for instance, and up to $100,000 for worldwide rights. How can an organization with little to no income afford this? Uber said that one of the patents "statistically is an anti-attribution bootable CD" that will "only be supplied to the police, and it will be sold for an amazingly small amount of money." He didn't answer how an organization led by a fellow who rents a room in a five-bedroom house after being homeless for a while (Uber moved back to Omaha because "I knew I could go from couch to couch to couch") and uses a friendly lawyer's office as a mailing address could pay hundreds of thousands of dollars in patent filing fees. Uber also didn't say how Project Vigilant possesses the "capability" to monitor nearly the entire Internet population of the United States. He did stress that "we don't use it without a court order--it's against the law," and said the monitoring devices are in place at two large Internet service providers and a few more with fewer than 5,000 subscribers. "We found ISPs whose EULAs would let us do that. It's no different than if they bought a box from Symantec or McAfee or some other service provider." If this were the extent of Project Vigilant, far fewer people would be interested. But it became an instant point of intrigue in Internet legal circles after it was involved in turning in alleged Wikileaks source Bradley Manning. The Army intelligence specialist has been charged with leaking classified files, including a controversial video posted by Wikileaks showing troops firing on Reuters journalists. Convicted hacker Adrian Lamo, in whom Manning had confided, reported him to the authorities. Lamo said he became Project Vigilant's associate director for adversary characterization about half a year ago. He refused to comment on the group or its activities for this article, repeatedly saying "I'm not authorized to comment on internal operational matters." Rasch, the former Justice Department prosecutor now in private practice, says that Uber has a slew of contacts in and out of governments and elsewhere in the cybersecurity community. But in terms of working with Internet providers to monitor traffic, Rasch acknowledges, "I don't know if he's done this or it's something he's looking to do." To him, Project Vigilant is perfectly legal. People have warned, he said, that "this is Big Brother, blah, blah, blah." But, says Rasch, that criticism is based on the assumption that the information coming from the ISPs is raw data instead of: "'We've found people attacking from Kuala Lumpur. Here's the attack pattern.' There's a huge difference between that and reading e-mails or deep packet inspection." Uber remains optimistic about the future of Project Vigilant and its ability to work closely with the Department of Homeland Security, even though his medical problems remain serious. "I literally take 23 medications a day," Uber says. "My heart's almost gone. I have diabetes. I have asthma. I [had] quadruple-bypass open heart surgery." Even though he wouldn't disclose the identities of any Internet providers that are participating, he did stress that any monitoring is limited: "The only thing we report is threats to national safety." Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site. From rforno at infowarrior.org Thu Aug 12 06:57:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Aug 2010 07:57:54 -0400 Subject: [Infowarrior] - USG fails to secure its websites Message-ID: (c/o RK) US government fails to secure its websites A matter of national hilarity By Lawrence Latif Wed Aug 11 2010, 10:11 http://www.theinquirer.net/inquirer/news/1727426/us-government-fails-secure GUARDIAN OF THE AMERICAN PEOPLE the Department of Homeland Security (DHS) is seemingly unable to set up a secure website correctly. The website for the high profile cabinet department that is supposed to protect the US from terrorists and has a reported budget of $52 billion throws up errors when users try to access the secure site through the HTTPS protocol. Browsers such as Firefox, Safari and Chrome issue warnings suggesting the site is not quite what it seems. The problem is down to the fact that while the certificate was issued for the official DHS domain name, the technological wunderkind in charge of matters forgot that hosting duties are actually farmed out to Akamai. So when the content is loaded from Akamai's servers, which are not covered by the SSL certificate issued for the DHS domain, browsers rightly throw up a warning suggesting something dodgy is going on. While security warnings that the DHS website is some dodgy knock-off might be ironic, in the case of the State Department's website, it's of far greater concern. That site is used by travellers all over the world applying for visas to enter the US. Not surprisingly, those applications require a great deal of personal information to be entered and such a warning is likely to scare users off. In our unscientific tests we found other US government websites with the same problem, including The White House, Internal Revenue Service (IRS) and even the Federal Bureau of Investigation (FBI) all throwing SSL errors. However US citizens can rest easy as the Central Intelligence Agency (CIA) website has been done right. Give the diagnosis is so simple, it beggars belief that such embarrassing mistakes can happen. It seems that the notion of palming off web hosting duties to a commercial entity blinded the bureaucrats in charge into forgetting the trifling matter of ensuring their security. ? From rforno at infowarrior.org Thu Aug 12 09:06:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Aug 2010 10:06:50 -0400 Subject: [Infowarrior] - Security Analysis of Smudges on Smart Phone Touch Screens Message-ID: (c/o Schneierblog) Security Analysis of Smudges on Smart Phone Touch Screens "Smudge Attacks on Smartphone Touch Screens": Abstract: Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred. In this paper we examine the feasibility of such smudge attacks on touch screens for smartphones, and focus our analysis on the Android password pattern. We first investigate the conditions (e.g., lighting and camera orientation) under which smudges are easily extracted. In the vast majority of settings, partial or complete patterns are easily retrieved. We also emulate usage situations that interfere with pattern identification, and show that pattern smudges continue to be recognizable. Finally, we provide a preliminary analysis of applying the information learned in a smudge attack to guessing an Android password pattern. http://www.usenix.org/events/woot10/tech/full_papers/Aviv.pdf From rforno at infowarrior.org Thu Aug 12 14:38:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Aug 2010 15:38:58 -0400 Subject: [Infowarrior] - A War on Wikileaks? Message-ID: <64DB1731-B270-463A-8197-3399CE0E915A@infowarrior.org> Unhinged at the US State Department and Pentagon A War on Wikileaks? By MAXIMILLIAN C. FORTE http://www.counterpunch.org/forte08112010.html In the interest of full disclosure, I am one of Wikileaks? many financial donors. I have downloaded their entire Afghan War Diary, and numerous other documents in the past, and I have shared them. I am also one of the critics of some aspects of the Wikileaks review process. Some might rush to conclude that this puts individuals such as myself in a difficult position. Not from our standpoint. Instead the difficult positions are owned by the U.S. State Department and Pentagon, whose emissions have been chock full of absurd assertions, twisted logic, while appealing to us with as much charm as that of a delinquent about to commit date rape: first the appeal to our good side (ethics), then the threat of destruction (prosecution). The past week has seen a mounting cascade of legal threats against Wikileaks, launched first via the mainstream media, which along with its patron state is clearly smarting from the lash of uncontrolled information access. A Pentagon official reportedly exclaimed, with obvious joy: ?It?s amazing how [Wikileaks? Julian] Assange has overplayed his hand. Now, he?s alienating the sort of people who you?d normally think would be his biggest supporters.? In one step, three fallacies: one, that this story is all about Julian Assange, thus reducing the complex to the personal; two, that supporters of Wikileaks have become antagonistic toward what is an amorphous transnational movement without clear boundaries of membership or location; and three, the implication that support has shifted toward the Pentagon, as if it now has some sort of green light of legitimacy to commit any acts against Wikileaks that it wishes. It?s only at these big historical moments, with so much at stake, with everything seemingly up in the air, that one finds so many people who are so wrong about so much. Let?s review the strategy of intended intimidation. The first step involved the military threatening its own?not in itself illogical, since the leaks emanate from within its ranks. However, the military threatened its own to avoid looking at what is now public. The Department of the Navy, in a message titled ?Wikileaks Website Guidance,? issued the following statement as reported on August 5th: ?personnel should not access the WikiLeaks website to view or download the publicized classified information. Doing so would introduce potentially classified information on unclassified networks. There has been rumor that the information is no longer classified since it resides in the public domain. This is NOT true. Government information technology capabilities should be used to enable our war fighters, promote information sharing in defense of our homeland, and to maximize efficiencies in operations. It should not be used as a means to harm national security through unauthorized disclosure of our information on publicly accessible websites or chat rooms.? A similar message was issued by the Special Security Office of the Marine Corps Intelligence Department addressed to ALCON (all concerned), which threatened to discipline offenders: ?By willingly accessing the WIKILEAKS website for the purpose of viewing the posted classified material?these actions constitute the unauthorized processing, disclosure, viewing, and downloading of classified information onto an UNAUTHORIZED computer system not approved to store classified information, meaning they have WILLINGLY committed a SECURITY VIOLATION. Not only are these actions illegal, but they provide the justification for local security officials to immediately remove, suspend ?FOR CAUSE? all security clearances and accesses. Commanders may press for Article 15 or 32 charges, and USMC personnel could face a financial hardship as civilian and contractor personnel will be placed on ?Administrative Leave? pending the outcome of the [criminal] investigation.? The threat to military personnel is one thing, but it has been done in a manner that threatens a wide array of actors, which theoretically could include independent bloggers, journalists, university librarians, and scholars. Sumit Agarwal, the former Google manager who?take note of the military-new media complex at work?is now serving as the Defense Department?s social media czar, asserted to Wired?s Danger Room that many of us may be guilty of illegal information trafficking (as I said in my last article, we are all hackers now): ?I think of it as being analogous to MP3s or a copyrighted novel online?widespread publication doesn?t strip away laws governing use of those. If Avatar were suddenly available online, would [it] be legal to download it? As a practical matter, many people would download it, but also as a practical matter, James Cameron would probably go after people who were found to be nodes who facilitated distribution. It would still be illegal for people to make Avatar available even if it were posted on a torrent site or the equivalent. With minor changes to what is legal/illegal re: classified material vs a copyrighted movie, doesn?t the analogy hold? One person making it available doesn?t change the laws re: classified material. Our position is simply that service members ought not to use government computers to do something which is still completely illegal (traffic in classified material).? Also on August 5th, the Pentagon issued an outlandish demand, so bizarre that it could not possibly be met with anything less than scorn. Pentagon spokesman Geoff Morrell ordered Wikileaks to ?return? all documents (which are not paper documents, but digital copies, of which countless copies now exist in circulation): ?These documents are the property of the U.S. Government and contain classified and sensitive information. The Defense Department demands that Wikileaks return immediately all version [sic] of documents obtained?.Wikileaks? public disclosure last week of a large number of our documents has already threatened the safety of our troops, our allies and Afghan citizens?.The only acceptable course is for Wikileaks to return all versions of these documents to the U.S. government and permanently delete them from its website, computers and records.? At the same time this indicates one of the main lines of argument that the U.S. would begin to pursue against Wikileaks in earnest, and it is by far the weakest: that the leaked records threaten the safety of its troops and allies. Fox News was eager to dedicate its time and energies to looking for legal loopholes by which to hang Wikileaks. It demonstrated no such concern for the finer points of international law, let alone another country?s domestic laws, when it came to the U.S. invasions of Afghanistan and Iraq. Yet, here is Fox on Wikileaks? trail in Sweden. On August 6th Fox was happy to have surfaced with this report: ?But the law [protecting freedom of expression and the anonymity of sources] only applies to websites or publications that possess a special publishing license granting them constitutional protection, and WikiLeaks has not acquired the requisite paperwork.? Fox?s headline was ?WikiLeaks Website Not Protected by Swedish Law, Legal Analysts Say??no legal analyst was named or quoted in the article. The only reason Fox issued this piece is as part of an effort, combining old media, social media, and the national security state, to draw a tighter noose around Wikileaks? collective neck. At a time when many ?patriotic Americans? are publicly calling for Wikileaks? people to be hunted down and shot, it is interesting to note that Fox is only too happy to reveal the name, location, and photograph of the person hosting Wikileaks? server in Sweden. On August 9th, the Wall Street Journal claimed to have obtained a letter from five human rights organizations that was critical of Wikileaks? failure to redact the names of Afghan civilian informants in the records that were publicly released. The WSJ?s Jeanne Whalen, in language that is strikingly close to that of the unnamed Pentagon official quoted above at the start, wrote: ?The exchange shows how WikiLeaks and Mr. Assange risk being isolated from some of their most natural allies in the wake of the documents? publication.? This could be a problem for Wikileaks, insofar as Julian Assange has effectively conceded the argument in an interview with, among others, The Guardian: ?If there are innocent Afghans being revealed, which was our concern, which was why we kept back 15,000 files, then of course we take that seriously.? The problem is that many such identities are revealed in the files that have already been released. Assange argues that the U.S. military is ultimately to blame for having placed Afghan civilians in danger, and for recording identities that could be revealed. He is not wrong there, and the U.S. was overconfident that its database was beyond any danger of leakage, which is obviously wrong. Perhaps not wanting to engage in cold, bitter irony, Assange did not choose to give back to the state the words it often gives us: ?Mistakes were made. We regret all loss of innocent civilian life. Unfortunately, the enemy chose to embed itself in the civilian population.? Wikileaks, via Twitter, was correct in noting that not once since the recent leaks exploded into public has the Pentagon said it was sorry about all the Afghan civilians it killed, or that it would stop. Now, on August 10th, we are told that the U.S. is urging all of its allies, especially those in NATO and with troops in Afghanistan, to crack down on Wikileaks. An unnamed American diplomat has stated: ?It?s not just our troops that are put in jeopardy by this leaking. It?s U.K. troops, it?s German troops, it?s Australian troops?all of the NATO troops and foreign forces working together in Afghanistan. [Their governments should] review whether the actions of WikiLeaks could constitute crimes under their own national-security laws.? Some U.S. allies, such as Canada, are likely to bolt out of the gate to be the first to do so. The day after the release of the documents, Canadian Foreign Minister Lawrence Cannon insisted, at first, that he would not comment directly on the leaked documents, saying they had ?nothing to do with Canada.? Yet, as if he had suddenly received an automated statement transmitted to a secret implant buried in his head, he said: ?Our government is concerned, obviously, that operational leaks could endanger the lives of our men and women in Afghanistan.? Again, three absurdly contradictory elements bundled together: 1) we are not commenting on the documents; 2) the documents have nothing to do with Canada; and, 3) the documents could endanger our troops. The latter point is likely to be how the U.S. will impress upon allies the need to collaborate in persecuting Wikileaks. The endangering of Afghan civilians cannot, clearly, be a point on which to prosecute a case against Wikileaks, because the irony would be too immense for even the U.S. to try to keep inflated and aloft. The safety of troops is not much less ironic?after all, it was the state that placed those troops in harm?s way, not Wikileaks?but it does play better with a home crowd that has been sufficiently conditioned to thirst for the blood of imagined ?traitors.? The leaders of the chief national security state of the West increasingly sound like angry and desperate bloggers, promising the wrath of god and total vengeance?and it may be because, one, the state is increasingly powerless to deal with transnational, decentralized, non-state phenomena that can fight back on cyber terrain (and win), and two because that crowd of angry, righteous patriots is the one the state is playing to. It would be amazing if the U.S. or an ally ever got to try a case against Wikileaks on the grounds that troops? lives had been endangered. It would be a massive fiasco. The state would need to show?and not just assert, as it does now?exactly how any troops were actually endangered. Which of the rounds received from small arms fire in Afghanistan is a regular ?insurgent? round and which one is a Wikileaks? inspired round? In a war zone, how do you calibrate safety levels such that you can tell when, with Wikileaks, the danger meter went deeper into the red? And since Afghan civilians are already, all too painfully, aware of the damage done by U.S. and NATO forces, how can the release of these records do any greater damage? Did Afghans need a reminder, in print, in another language? If the state fails to make any sense?not surprising?it is because it is has no intention of doing so. The state is appealing to something more visceral with all of this posturing: fear. It wants to strike fear into the minds and bodies of people working with Wikileaks, or anyone else doing such work, and anyone contemplating leaking any classified records. Fear is its greatest weapon of psychological destruction, with proven success at home. And in this case, the danger lies at home. The outcome the state hopes for is greater self-censorship and greater self-monitoring. Bullying Assange, or worse yet, actually capturing him and imprisoning him, will only make Assange into an international hero, the Che Guevara of information warfare. For all those who may be ?alienated,? or who expressed any criticisms, they/we would clearly pick Assange over the Pentagon any day. The U.S. does not want this to be publicly proven on a world stage, so our answers to the question of what the U.S. is up to, and why it seems to have become so utterly unhinged, have to lie elsewhere. I contend that it is fear promotion, as part of a campaign of global counterinsurgency on psychological and emotional levels, to which the best answer is a combination of further tactical innovation, and greater humor. Maximilian C. Forte is a professor in anthropology at Concordia University in Montreal, Canada. He writes at Zero Anthropology. He can be reached at max.forte at openanthropology.org From rforno at infowarrior.org Thu Aug 12 18:37:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Aug 2010 19:37:55 -0400 Subject: [Infowarrior] - Humor: Teaser for Twitter Movie (sorta) Message-ID: The mock-trailer for the fake movie, dubbed The Twit Network, pokes fun at the inanity of some tweets? content, our collective self-absorption, our obsession with celebrities and the painful convention of affixing ?tw-? to beginning of any word related to social media. http://mashable.com/2010/08/12/twitter-movie-parody/ From rforno at infowarrior.org Thu Aug 12 19:33:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Aug 2010 20:33:09 -0400 Subject: [Infowarrior] - Red Cross: 74% of Social Media Users Expect Cries for Help to Be Answered Within an Hour Message-ID: <4967E316-6972-43FD-BE68-9CB1665A0C7C@infowarrior.org> 74% of Social Media Users Expect Cries for Help to Be Answered Within an Hour By Adrianne Jeffries / August 9, 2010 11:47 PM / 9 Comments http://www.readwriteweb.com/archives/74_of_social_media_users_expect_cries_for_help_to.php Web users are increasingly relying on social media for help in the event of disaster, according to a new report by the American Red Cross. Many Web users said they would use social media to seek help for themselves or others during emergencies, the report said, and those users expect first responders to be listening. Almost three out of every four responders said they would expect help to come less than an hour after their first tweet or Facebook post. < -- > From rforno at infowarrior.org Thu Aug 12 21:25:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Aug 2010 22:25:24 -0400 Subject: [Infowarrior] - OT: What made America great is now killing her! Message-ID: Gord Long is a former senior group executive with IBM & Motorola, a principal in a high tech public start-up and founder of a private venture capital fund. His current essay on financial Creative Destruction, is rather thought provoking and includes lots of supporting/historical evidence.... I include the introduction and conclusions as a teaser for those interested. -rick What made America great is now killing her! ("Creative Destruction is Secular not Cyclical") http://home.comcast.net/~lcmgroupe/2010/Article-Innovation-Creative_Destruction.htm What made America great was her unsurpassed ability to innovate. Equally important was also her ability to rapidly adapt to the change that this innovation fostered. For decades the combination has been a self reinforcing growth dynamic with innovation offering a continuously improving standard of living and higher corporate productivity levels, which the US quickly embraced and adapted to. This in turn financed further innovation. No country in the world could match the American culture that flourished on technology advancements in all areas of human endeavor. However, something serious and major has changed across America. Daily, more and more are becoming acutely aware of this, but few grasp exactly what it is. It is called Creative Destruction. It turns out that what made America great is now killing her!' < -- > A STARTING POINT FOR CHANGE ? Gordon?s Top Ten As I said in the beginning the US needs a bold new ?Marshall? plan to fight the new destruction of creative destruction. Here is a starting point for public debate: 1 ? If we can spend $165B bailing out AIG, then we can spend $100B (4 years of college @ 50K/year X 500,000 students) and guarantee everyone in America a college education to compete in the 21st century. Parents will start to spend immediately instead of presently being almost financially paralyzed with skyrocketing education costs. 2- Obama says we need to be leaders in Energy. OK. Where are the programs? Where are the 50,000 new university teaching and research positions ( 50,000 X 75K = $3.8B)? At $3.8B this is a rounding error compared to the banks TARP program. 3- 99% of all jobs in America are created by small business with less than 500 employees. Stop treating them like they are last on the ?to help? list after the banks, financial institutions and S&P 500 but first on the taxation list. S&P 500 paid almost net zero taxes, reduced US hiring, yet received the bulk of the governments bailouts. Small business is the golden goose that every administration seems determine to cook. What has the government done for small business other than burden them with Obamacare and the potential removal of the Bush tax cuts (most small business are directly affected proprietorships)? If you can?t immediately recite what the government has done to help small business as THE US employer (versus what they have done for the bank and financial lobby), then you understand the problem. 4- The number of Government employees, in addition to their salaries and benefits (federal, state & local) can best be described as out of control. According to a new study from the Heritage Foundation, U.S. government workers earn 30 to 40 percent more money than their private sector counterparts on average. So, in essence, the ?servants? make substantially more money than the taxpayers who employ them. Isn?t the system great? In fact, according to the study, if you add in retirement and health care benefits, the average federal employee now earns nearly twice as much as the average private sector employee. 5- Make Social Security and Medicare financially sound so Americas can believe and budget that it will be there for them. The public will spend and invest if they know they have a nest egg that really exists. The government is fooling no one. Kids learn that Social Security and Medicare is unfunded before their college freshman year today. The stark reality of the shift from defined benefits to contributory benefits over the last decade is just now sinking in with the US consumer. They now have no retirement like their parents had. Retirement savings is something when added to college costs is leaving them frightened. Worried people don't spend money and when the economy is 70% consumer spending you have an economic crisis. Political denial and the government attempting to paper it over with policies of extend and pretend are misplaced and will make the inevitability even more difficult to effectively address. 6- When did the American people decide to fund military operations in over 130 countries around the world? With 40.8M people on food stamps, something is seriously out of balance here but there is no public debate thought to be required by either party. 7- The US has no full scale strategic growth programs being initiated by the present administration. We have only financial stimulus or austerity programs. There is a big difference that seems wasted on Washington. 8- Washington and the lobbyists that control it have taken control of our government. Obama campaigned to stop earmarks which ranged in the area of approximately 10,000 annually prior to his presidency. In his first year they increased to the 11,000 range. This is not the change he promised as more pork increasingly flows. 9- For those that actually read it, Obamacare is not a solution for healthcare. It is a stealth income tax we will all soon get hit with. The Dodd-Frank Act is not a fix to what caused the 2008 financial crisis but rather is the most dramatic shift in centralized US government planning and control since the 1930?s. Both these bills were over 2000 pages compared to landmark bills historically being 25 ? 45 pages. Indications are that few of our elected representatives actually read either of these documents. They simply voted party lines. As Sarbanes-Oxley dictates, CEOs must sign their corporate 10-Q reports to the government and are liable for it. It is a felony not to. Every elected official should also sign that he or she has personally read the entire act prior to being allowed to vote on it or it likewise will be a felony. 10- The Supreme Court recently over-turned major elements of the Campaign Contribution Reform bill. Washington and the media have now gone completely mute on this subject as politicians scramble for mid-term campaign money for media expense coverage. Maybe our elected officials should vote with the same urgency on this matter as they are presently on giving billions of ?candy? away almost daily to every financial disruption, state budget problem, unemployment benefit problem or sign of increasing housing default and foreclosure rates during this run up to the fall elections. I could go on, but I think you get the message. America is afraid to be bold! We have no strategy, no plan, no funding and no leadership! In my days as a VP of Engineering you were fired for just one of these shortfalls. From rforno at infowarrior.org Fri Aug 13 06:23:11 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Aug 2010 07:23:11 -0400 Subject: [Infowarrior] - =?windows-1252?q?Rare_Sharing_of_Data_Leads_to_Pr?= =?windows-1252?q?ogress_on_Alzheimer=92s?= Message-ID: (c/o AJM) Rare Sharing of Data Leads to Progress on Alzheimer?s By GINA KOLATA http://www.nytimes.com/2010/08/13/health/research/13alzheimer.html?_r=2&th=&emc=th&pagewanted=print In 2003, a group of scientists and executives from the National Institutes of Health, the Food and Drug Administration, the drug and medical-imaging industries, universities and nonprofit groups joined in a project that experts say had no precedent: a collaborative effort to find the biological markers that show the progression of Alzheimer?s disease in the human brain. Now, the effort is bearing fruit with a wealth of recent scientific papers on the early diagnosis of Alzheimer?s using methods like PET scans and tests of spinal fluid. More than 100 studies are under way to test drugs that might slow or stop the disease. And the collaboration is already serving as a model for similar efforts against Parkinson?s disease. A $40 million project to look for biomarkers for Parkinson?s, sponsored by the Michael J. Fox Foundation, plans to enroll 600 study subjects in the United States and Europe. The work on Alzheimer?s ?is the precedent,? said Holly Barkhymer, a spokeswoman for the foundation. ?We?re really excited.? The key to the Alzheimer?s project was an agreement as ambitious as its goal: not just to raise money, not just to do research on a vast scale, but also to share all the data, making every single finding public immediately, available to anyone with a computer anywhere in the world. No one would own the data. No one could submit patent applications, though private companies would ultimately profit from any drugs or imaging tests developed as a result of the effort. ?It was unbelievable,? said Dr. John Q. Trojanowski, an Alzheimer?s researcher at the University of Pennsylvania. ?It?s not science the way most of us have practiced it in our careers. But we all realized that we would never get biomarkers unless all of us parked our egos and intellectual-property noses outside the door and agreed that all of our data would be public immediately.? Biomarkers are not necessarily definitive. It remains to be seen how many people who have them actually get the disease. But that is part of the research project. The idea for the collaboration, known as ADNI, for Alzheimer?s Disease Neuroimaging Initiative, emerged about 10 years ago during a casual conversation in a car. Neil S. Buckholtz, chief of the Dementias of Aging Branch at the National Institute on Aging, was in Indianapolis, and Dr. William Potter, a neuroscientist at Eli Lilly and his longtime friend, was driving him to the airport. Dr. Potter had recently left the National Institutes of Health and he had been thinking about how to speed the glacial progress of Alzheimer?s drug research. ?We wanted to get out of what I called 19th-century drug development ? give a drug and hope it does something,? Dr. Potter recalled in an interview on Thursday. ?What was needed was to find some way of seeing what was happening in the brain as Alzheimer?s progressed and asking if experimental drugs could alter that progression.? Scientists were looking for biomarkers, but they were not getting very far. ?The problem in the field was that you had many different scientists in many different universities doing their own research with their own patients and with their own methods,? said Dr. Michael W. Weiner of the San Francisco Department of Veterans Affairs, who directs ADNI. ?Different people using different methods on different subjects in different places were getting different results, which is not surprising. What was needed was to get everyone together and to get a common data set.? But that would require a huge effort. No company could do it alone, and neither could individual researchers. The project would require 800 subjects, some with normal memories, some with memory impairment, some with Alzheimer?s, who would be tested for possible biomarkers and followed for years to see whether these markers signaled the disease?s progression. Suddenly, in the car as he drove Dr. Buckholtz to the airport, ?everything just jelled,? Dr. Potter said, adding, ?Maybe this was important enough to get people to work together and coordinate in a way that hadn?t been possible before.? The idea, Dr. Buckholtz said, was that the government?s National Institutes of Health ?could serve as an honest broker between the pharmaceutical industry and academia.? Soon, Dr. Richard J. Hodes, the director of the National Institute on Aging, was on the phone with Dr. Steven M. Paul, a former scientific director at the National Institute of Mental Health who had recently left to head central-nervous-system research at Eli Lilly. Dr. Paul offered to ask other drug companies to raise money. It turned out to be relatively easy to get companies to agree, Dr. Paul said. It had become clear that the problem of finding good diagnostic tools was huge and complex. ?We were better off working together than individually,? he said. A critical aspect of the project was the Foundation for the National Institutes of Health, which was set up by Congress to raise private funds on behalf of the institutes. Dr. Paul was on its board. In the end, the National Institute on Aging agreed to pay $41 million, other institutes contributed $2.4 million, and 20 companies and two nonprofit groups contributed an additional $27 million to get the project going and sustain it for the first six years. Late last year, the institute contributed an additional $24 million and the foundation was working on a renewal of the project for another five years that would involve federal and private contributions of the same magnitude as the initial ones. At first, the collaboration struck many scientists as worrisome ? they would be giving up ownership of data, and anyone could use it, publish papers, maybe even misinterpret it and publish information that was wrong. But Alzheimer?s researchers and drug companies realized they had little choice. ?Companies were caught in a prisoner?s dilemma,? said Dr. Jason Karlawish, an Alzheimer?s researcher at the University of Pennsylvania. ?They all wanted to move the field forward, but no one wanted to take the risks of doing it.? Many people look askance at collaborations with drug companies, and often that attitude is justified, Dr. Karlawish said. But not in this case. To those who are skeptical, he says, ?My answer to them is ?get over it.? ? He went on: ?This one makes sense. The development of reliable and valid measures of Alzheimer?s disease requires such large science with such limited returns on the investment that it was in no one company?s interest to pursue it.? Companies as well as academic researchers are using the data. There have been more than 3,200 downloads of the entire massive data set and almost a million downloads of the data sets containing images from brain scans. And Dr. Buckholtz says he is pleasantly surprised by the way things are turning out. ?We weren?t sure, frankly, how it would work out having data available to everyone,? he said. ?But we felt that the good that could come out of it was overwhelming. And that?s what?s happened.? From rforno at infowarrior.org Fri Aug 13 07:40:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Aug 2010 08:40:07 -0400 Subject: [Infowarrior] - Heartland nailed (again) by card breach References: Message-ID: <7A4F7D14-8F10-4BA2-8538-84BCD238DA4C@infowarrior.org> Company That Had The Largest Ever Credit Card Data Breach... Apparently Breached Again from the hits-you-in-the-heartland dept Remember Heartland Payment Systems? It's the giant credit card clearinghouse that was involved in the largest ever security breach in terms of the number of credit card numbers exposed. They were successfully targeted by the same guys who had also set the previous record for largest credit card data breach, so you could question whether the issue was just a sophisticated group of hackers or poor security at Heartland (or, possibly, a combination of both). Either way, it looks like Heartland may still have some issues. Carlo sends over the news that a new security breach has been discovered at a restaurant in Austin, Texas that appears to involve someone hacking into the network between the restaurant and Heartland. It's not yet clear if this goes beyond that one restaurant, but this can't look good for Heartland. http://techdirt.com/articles/20100812/15223610610.shtml From rforno at infowarrior.org Fri Aug 13 09:02:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Aug 2010 10:02:35 -0400 Subject: [Infowarrior] - OT: Journalism Warning Labels Message-ID: <387B25BC-408E-48EA-8DC6-A5362C59684B@infowarrior.org> (c/o NB) (The same could apply to many government reports and certainly anything coming from one of the Hollywood DRM cartels. -rick) Journalism Warning Labels It seems a bit strange to me that the media carefully warn about and label any content that involves sex, violence or strong language ? but there's no similar labelling system for, say, sloppy journalism and other questionable content. < - > http://www.tomscott.com/warnings/ From rforno at infowarrior.org Sun Aug 15 18:25:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Aug 2010 19:25:18 -0400 Subject: [Infowarrior] - In Google-Verizon Deal, Fears for Privacy Message-ID: In Google-Verizon Deal, Fears for Privacy By NOAM COHEN Published: August 15, 2010 http://www.nytimes.com/2010/08/16/business/media/16link.html WHEN elephants fight, the saying goes, only the grass gets trampled. Last week, two elephants ? Google and Verizon ? came together to propose a vision for the Internet that represented what many characterize as a retreat by Google from its past strict adherence to so-called net neutrality. The phrase net neutrality, really more of a rallying cry than a technical term, describes a policy that would prohibit Internet service providers from exploiting their role in delivering information to favor their own content, or the content of the highest bidders. The two companies were presumed to be on opposite sides of this issue since Google bases its business on an open Internet and Verizon, among other things, sells access to the Internet. For the sake of getting commitments from Verizon to support a ?neutral? Internet delivered on hard wires, Google wrote on one of its blogs, it agreed to some exceptions: no neutrality for the Internet delivered wirelessly and for ?additional, differentiated? online services. But how do things look from the perspective of the grass? Is there reason to worry when two elephants join tails? ? Far below Google and Verizon or Facebook and AT&T on the information network are the small, independent Internet service providers like Riseup.net, a nonprofit collective based in Seattle that hosts e-mail and e-mail lists. As one link in the chain of the Internet, hosts like Riseup already operate at the mercy of the corporations that do most of the moving of packets of information across the Internet. ?Net neutrality would be a good thing, but so many other things would have to happen to level the playing field,? Elijah Saxon, a graduate student in sociology and part of the Riseup collective, said in an interview. The big players have resources ? bigger, faster computers ? that make their services quicker, he said, independent of the speed they are carried along the Internet. ?It is not one of the debates we are involved in,? he added. ?It tends to be between industry titans.? Created in 2000 by anti-globalization advocates, Riseup ?started with a handful of accounts on a few donated PCs stashed in someone?s basement,? Devin Theriot-Orr, an immigration lawyer who is also part of the core group of a dozen or so who run the site, wrote in an e-mail. ?Ten years later, we are still volunteer-driven and have a large user base from all over the world.? Riseup handles hundreds of thousands of e-mails a day, and the groups whose lists it hosts ? animal rights outfits, freegans, guerrilla gardeners, edible-forest enthusiasts, squatters, anarchist-book sellers ? send to three million addresses, Mr. Theriot-Orr said. Riseup was leery of describing the groups: in the possibly overstated words of Mr. Saxon, ?Any group we name would not want to be named.? With Riseup?s connections to political groups, you may think it is most concerned that a nonneutral Internet would be a threat to its often politicized communications; that, in essence, a nonneutral carrier could punish political groups it disagreed with. But both Mr. Saxon and Mr. Theriot-Orr said their bigger fear was the additional level of monitoring ? they call it surveillance ? that an Internet with built-in nonneutrality would require: monitoring so that packets of information can be routed at the agreed-upon speed and that premiums can be charged. ? Yes, even in these politicized times, Internet neutrality has generally been viewed on commercial terms, not political ones. And the surveillance that worries the members of the Riseup collective is now being used to sell products ? and help defray the costs of building the Internet?s infrastructure, their supporters would quickly point out. Without neutrality, say advocates of online privacy, the Internet becomes more like a mall ? where users are from the start viewed as consumers ? and less like a public square. ?The people who are pushing for a nonneutral world are pushing it for monetary purposes,? said Cindy Cohn, legal director of the Electronic Frontier Foundation, which advocates for privacy online. ?Interfering with packets,? she said, echoing Mr. Saxon?s concerns, ?creates the space for this kind of surveillance.? The fact is that monitoring Internet users is increasingly crucial to online business ? whether by e-commerce sites that recommend purchases or by search engines that remember what you looked for in the past to improve results or by e-mail services that place ads based on words in the messages. For a recent series in The Wall Street Journal about how Web sites track their visitors, called ?What They Know,? The Journal studied the top 50 Web sites in the United States to see how many tools they embedded in visitors? computers. Many use more than 100 such tools; only Wikipedia had none. Eben Moglen, a professor at Columbia Law School who is an advocate for free software and online privacy, sees frameworks like the one proposed by Google and Verizon as emphasizing the business of the Internet at the expense of the privacy of the Internet. ?As the network does more to adapt to what commerce needs, it becomes more and more about knowing what?s inside the head of the user, about what the person is doing and buying,? he said. Rather than a neutral Internet ? with its implied competition between rival businesses ? the people at Riseup would seem to be wishing for a ?plain? Internet that would merely facilitate communication and connections, and minimize the role of commerce. Mr. Saxon wrote in an e-mail that it would even be worth a fee: ?If people paid for what they use, rather than having their behavior tracked and monetized to pay for ?free? services, then the small providers stand more of a chance.? Recalling Riseup?s start in an interview, Mr. Saxon went back to 2000. ?Free e-mail that was available had a tag line on the bottom,? he said. ?People would sign up on Hotmail to organize the vegan potluck dinner and the ad would say ?win free steaks.? ? From rforno at infowarrior.org Sun Aug 15 21:09:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Aug 2010 22:09:35 -0400 Subject: [Infowarrior] - Greg's Cable Map Message-ID: Greg's Cable Map is an attempt to consolidate all the available information about the undersea communications infrastructure. The initial data was harvested from Wikipedia, and further information was gathere by simply googling and transcribing as much data as possible into a useful format, namely a rich geocoded format. I hope you find the resource useful and any constructive criticism is welcome. The data is available in ArcGIS .shp file format on request, so long as it's not going to be used for profit. http://www.cablemap.info/ From rforno at infowarrior.org Mon Aug 16 06:14:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Aug 2010 07:14:39 -0400 Subject: [Infowarrior] - Pentagon Wants to Secure Dot-Com Domains of Contractors Message-ID: <0B1D5D8D-C473-4FFC-83B0-633091648771@infowarrior.org> Pentagon Wants to Secure Dot-Com Domains of Contractors Aug 13 2010, 2:30 PM ET | http://www.theatlantic.com/politics/archive/2010/08/nsa-might-monitor-dotcom-domains-for-defense-contractors/61456/ To better secure unclassified information stored in the computer networks of government contractors, the Defense Department is asking whether the National Security Agency should begin to monitor select corporate dot.com domains, several officials and consultants briefed on the matter said. Under the proposal, which is being informally circulated throughout the department and the Department of Homeland Security, the NSA could set up equipment to look for patterns of suspicious traffic at the internet service providers that the companies' networks run through. The agency would immediately notify the Pentagon and the companies if pernicious behavior were detected. The Agency would not directly monitor the content of the data streams, only its meta-data. (A Pentagon spokesperson called later to clarify that it would not be legal for the NSA to "monitor" private networks; rather, "DoD and NSA are seeking to provide technical advice, expertise and information to the defense industrial base.") The proposal originated in the Office of the Secretary of Defense. Because of the sensitivity associated with NSA internet surveillance and capabilities, the fact of the exploratory tasker, as it is known in Pentagon parlance, and details associated with it are being closely held. The new program would apply to the companies that make up the Defense Industrial Base (DIB) and only to the parts of those companies that indigenously store and use sensitive information. As the Department reconfigures its network defenses and the internal structure of its information operation, it continues to deal with a large number of aggressive hacker attacks and data penetrations. Classified information is not supposed to be stored on any dot.mil subdomain that is accessible to outside computer networks. The dot.mil domain is protected by the newly-stood up U.S. Cyber Command, with assistance from NSA, as are domains that process classified information, but most companies that do business with the Pentagon sit on the public dot.com domain, which is the province of DHS. DHS uses an architecture known as "Einstein II" to search for malicious data patterns for non-defense government agencies. "Because of its important partnership with industry, and given that defense contractors have already been targeted for cyber intrusion on their unclassified systems, DoD is concerned about the security of DIB networks," said Lt. Col. Ren? White, a Pentagon spokesperson. "Therefore, DoD has asked NSA to evaluate under what conditions it might be possible for the government to work with the DIB to better protect national security information and interests in the DIB systems." It may not be legal to force companies to submit to NSA monitoring, or even to ask them to voluntarily agree to it, and it might not be politically feasible for companies to accept NSA sensors without disclosing their existence for liability and optical reasons. At least two companies, AT&T and Verizon, have been approached about the idea, government officials said. Representatives for both companies checked with the Pentagon after receiving inquiries and declined to comment. Architecturally, it is easier to detect suspicious behavior above the level of the enterprise, which is why the sensors would have to be set up at the ISPs. If the Defense Department can pitch it to Congress as a small extension of the dot.mil domain to include their private sector partners and no further, it may avoid some of the squeals that would arise from those who would be suspicious of any new monitoring effort by the NSA, which already works with ISPs to gather foreign intelligence information under Foreign Intelligence Surveillance Act rules. "DoD is in the process of evaluating possible options to better protect the DIB and, with DHS, is talking with Industry partners on a purely voluntary basis," White wrote in an e-mail. "It is also important to note that DoD and NSA would not intercept or monitor any private computer networks at any level -- we strictly adhere to both the spirit and the letter of U.S. laws and regulations in performing our missions. " We are working with DHS and the private sector - and leveraging existing collaborative cybersecurity programs with the DIB - to look for appropriate and innovative ways to share our defensive capabilities to protect the DIB," she wrote. Several major defense contractors declined to comment for this story, citing the sensitivity of the idea and saying that they did not want to alienate the Pentagon by expressing public concern. But government officials said that while they could fairly easily make the case in public by giving Congress a sense of how much information is currently lost to hackers or thieves, the private sector would not stand for it. From rforno at infowarrior.org Mon Aug 16 09:47:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Aug 2010 10:47:15 -0400 Subject: [Infowarrior] - Who is an Intelligence Employee? Message-ID: <5406712F-12C8-47C9-A2E3-D0E48FE361EF@infowarrior.org> (c/o RT) Who is an Intelligence Employee? August 16th, 2010 by Steven Aftergood http://www.fas.org/blog/secrecy/2010/08/intel_employees.html Could someone be considered an intelligence community employee even if his salary is not paid out of the intelligence budget? Intelligence officials say yes, claiming that a person?s status as an intelligence employee can be based on an ?assessment of the functions [he] performs.? This novel approach conveniently allows agencies to curtail oversight of such employees? activities. In a letter sent to the Government Accountability Office last year, the Federal Bureau of Investigation articulated its position that the GAO is generally not entitled to review intelligence community information and, in particular, that the GAO would not be granted access to information about vacancies in the FBI counterterrorism program that could be considered intelligence jobs. ?The FBI will provide the GAO with information about FBI-wide vacancies for all ?position types? except those that are defined as being under the combined or shared authority of the Bureau and the Office of the Director of National Intelligence (ODNI),? wrote FBI General Counsel Valerie Caproni on July 28, 2009. A copy of her letter (pdf) was obtained by Secrecy News. But in a remarkable concluding passage, Ms. Caproni went on to argue that the ?definition? of who is an intelligence employee is itself subject to interpretation: ?[T]he determination of whether an employee works in the Intelligence Community turns not only on the funding mechanism for their positions but on an assessment of the functions the employee performs,? she wrote. Thus it seems that regardless of whether or not an intelligence agency pays someone?s salary, the Administration believes it can label that person an intelligence employee and then deny the GAO access to information about his or her position. The U.S. Senate has yielded to the Obama Administration?s pressure to block congressional use of the GAO as an intelligence oversight tool, and it removed a provision to strengthen GAO oversight authority from the FY 2010 intelligence authorization bill that passed the Senate on August 5. But the question of GAO oversight of intelligence remains a live, unresolved issue in the House. From rforno at infowarrior.org Mon Aug 16 16:19:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Aug 2010 17:19:42 -0400 Subject: [Infowarrior] - iPod fire delays rush-hour Tokyo subway train Message-ID: iPod fire delays rush-hour Tokyo subway train http://www.ipodnn.com/articles/10/08/16/compounds.problems.for.apple.japan/ updated 04:05 pm EDT, Mon August 16, 2010 An unidentified, malfunctioning iPod brought a Tokyo subway train to a halt for an eight minutes during this morning's rush hour, Reuters reports. Around 8:20AM passengers complained about a burning smell, forcing the train to come to a halt while officials went searching for the source. A female passenger then came forward to show that her iPod had burst apart after overheating. Apple has declined to comment. The debacle may only worsen Apple's public image in Japan, which has been marred somewhat by a series of incidents in recent years, involving first-generation Nanos overheating and in some cases producing fire or sparks. The Japanese trade ministry now claims that there have been about 60 such cases, including four that caused minor burns; the number is up from a recent tally of 34. Apple has described the problem as rare, and attributable to a single battery supplier. At the same time, though, the company recently began a replacement program, ordered by the Japanese government. Prior to formal demands, Apple Japan is said to have been unresponsive to pressure to take market steps, such as issuing warnings or a recall. From rforno at infowarrior.org Tue Aug 17 19:32:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Aug 2010 20:32:13 -0400 Subject: [Infowarrior] - The Beloit College Mindset List for the Class of 2014 Message-ID: <1183F29E-46FC-4F2A-88E4-9ED402EB0CC4@infowarrior.org> The Beloit College Mindset List for the Class of 2014 http://www.beloit.edu/mindset/2014.php Most students entering college for the first time this fall?the Class of 2014?were born in 1992. For these students, Benny Hill, Sam Kinison, Sam Walton, Bert Parks and Tony Perkins have always been dead. 1. Few in the class know how to write in cursive. 2. Email is just too slow, and they seldom if ever use snail mail. 3. ?Go West, Young College Grad? has always implied ?and don?t stop until you get to Asia?and learn Chinese along the way.? 4. Al Gore has always been animated. 5. Los Angelenos have always been trying to get along. 6. Buffy has always been meeting her obligations to hunt down Lothos and the other blood-suckers at Hemery High. 7. ?Caramel macchiato? and ?venti half-caf vanilla latte? have always been street corner lingo. 8. With increasing numbers of ramps, Braille signs, and handicapped parking spaces, the world has always been trying harder to accommodate people with disabilities. 9. Had it remained operational, the villainous computer HAL could be their college classmate this fall, but they have a better chance of running into Miley Cyrus?s folks on Parents? Weekend. 10. A quarter of the class has at least one immigrant parent, and the immigration debate is not a big priority?unless it involves ?real? aliens from another planet. 11. John McEnroe has never played professional tennis. 12. Clint Eastwood is better known as a sensitive director than as Dirty Harry. 13. Parents and teachers feared that Beavis and Butt-head might be the voice of a lost generation. 14. Doctor Kevorkian has never been licensed to practice medicine. 15. Colorful lapel ribbons have always been worn to indicate support for a cause. 16. Korean cars have always been a staple on American highways. 17. Trading Chocolate the Moose for Patti the Platypus helped build their Beanie Baby collection. 18. Fergie is a pop singer, not a princess. 19. They never twisted the coiled handset wire aimlessly around their wrists while chatting on the phone. 20. DNA fingerprinting and maps of the human genome have always existed. 21. Woody Allen, whose heart has wanted what it wanted, has always been with Soon-Yi Previn. 22. Cross-burning has always been deemed protected speech. 23. Leasing has always allowed the folks to upgrade their tastes in cars. 24. ?Cop Killer? by rapper Ice-T has never been available on a recording. 25. Leno and Letterman have always been trading insults on opposing networks. 26. Unless they found one in their grandparents? closet, they have never seen a carousel of Kodachrome slides. 27. Computers have never lacked a CD-ROM disk drive. 28. They?ve never recognized that pointing to their wrists was a request for the time of day. 29. Reggie Jackson has always been enshrined in Cooperstown. 30. ?Viewer Discretion? has always been an available warning on TV shows. 31. The first computer they probably touched was an Apple II; it is now in a museum. 32. Czechoslovakia has never existed. 33. Second-hand smoke has always been an official carcinogen. 34. ?Assisted Living? has always been replacing nursing homes, while Hospice has always been an alternative to hospitals. 35. Once they got through security, going to the airport has always resembled going to the mall. 36. Adhesive strips have always been available in varying skin tones. 37. Whatever their parents may have thought about the year they were born, Queen Elizabeth declared it an ?Annus Horribilis.? 38. Bud Selig has always been the Commissioner of Major League Baseball. 39. Pizza jockeys from Domino?s have never killed themselves to get your pizza there in under 30 minutes. 40. There have always been HIV positive athletes in the Olympics. 41. American companies have always done business in Vietnam. 42. Potato has always ended in an ?e? in New Jersey per vice presidential edict. 43. Russians and Americans have always been living together in space. 44. The dominance of television news by the three networks passed while they were still in their cribs. 45. They have always had a chance to do community service with local and federal programs to earn money for college. 46. Nirvana is on the classic oldies station. 47. Children have always been trying to divorce their parents. 48. Someone has always gotten married in space. 49. While they were babbling in strollers, there was already a female Poet Laureate of the United States. 50. Toothpaste tubes have always stood up on their caps. 51. Food has always been irradiated. 52. There have always been women priests in the Anglican Church. 53. J.R. Ewing has always been dead and gone. Hasn?t he? 54. The historic bridge at Mostar in Bosnia has always been a copy. 55. Rock bands have always played at presidential inaugural parties. 56. They may have assumed that parents? complaints about Black Monday had to do with punk rockers from L.A., not Wall Street. 57. A purple dinosaur has always supplanted Barney Google and Barney Fife. 58. Beethoven has always been a dog. 59. By the time their folks might have noticed Coca Cola?s new Tab Clear, it was gone. 60. Walmart has never sold handguns over the counter in the lower 48. 61. Presidential appointees have always been required to be more precise about paying their nannies? withholding tax, or else. 62. Having hundreds of cable channels but nothing to watch has always been routine. 63. Their parents? favorite TV sitcoms have always been showing up as movies. 64. The U.S, Canada, and Mexico have always agreed to trade freely. 65. They first met Michelangelo when he was just a computer virus. 66. Galileo is forgiven and welcome back into the Roman Catholic Church. 67. Ruth Bader Ginsburg has always sat on the Supreme Court. 68. They have never worried about a Russian missile strike on the U.S. 69. The Post Office has always been going broke. 70. The artist formerly known as Snoop Doggy Dogg has always been rapping. 71. The nation has never approved of the job Congress is doing. 72. One way or another, ?It?s the economy, stupid? and always has been. 73. Silicone-gel breast implants have always been regulated. 74. They?ve always been able to blast off with the Sci-Fi Channel. 75. Honda has always been a major competitor on Memorial Day at Indianapolis. From rforno at infowarrior.org Tue Aug 17 21:24:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Aug 2010 22:24:36 -0400 Subject: [Infowarrior] - Is Silicon Valley Focusing Too Much On Consumer Tech? Message-ID: <47064D65-E692-4131-8D41-CDD00ADEB3B5@infowarrior.org> (I agree.....Silicon Valley has lost its focus. The "next big thing" that changes the world in the same way as the Internet is ..... what? Another social networking platform? Yaaawwwwwwn. -rick) Is Silicon Valley Focusing Too Much On Consumer Tech? By Vinnie Mirchandani Aug. 17, 2010, 4:59pm PDT No Comments http://gigaom.com/2010/08/17/is-silicon-valley-focusing-too-much-on-consumer-tech/ I would rather compete with Sony than compete in another product category with Microsoft. Steve Jobs said that to Time magazine soon after launching the iPod in 2001. We didn?t pay much attention back then; after all, Apple was considered a dying vendor. But a decade later, the statement reads as prophetic. It signaled the start of a trend Gartner would later call ?consumerization of technology,? or ?the growing practice of introducing new technologies into consumer markets prior to industrial markets.? Of course, it wasn?t just Apple; Google, Facebook, and a wide range of mobile, GPS, gaming, entertainment and social startups all have contributed to the scenario where consumers in many markets have better technologies than corporate employees. Indeed, if Cardinal Richelieu were alive today he would be tempted to write ?The pen den is mightier than the sword board.? Silicon Valley has been in the middle of all this glorious empowerment of the consumer. A decade later, though, the consumer focus means the antenna problems of the iPhone 4 or privacy flip-flops at Facebook dominate conversation. This when the ?Grand Challenges? facing the world continue to mount. Don?t get me wrong; the Valley obviously does more than just consumer tech. In a recently published book, I showcase Kleiner?s cleantech portfolio companies like Bloom Energy and Silver Spring Networks, cloud vendors like salesforce.com, Netsuite and Workday, genome-focused firms like 23andMe, and many other Valley companies. But the overriding contemporary image of the Valley is it is focused on ?light? innovation. It?s gone Hollywood: focused on the glitz and the superficial, maybe because that?s where the media focus is. Valley-based new media, and bloggers and even older media covering tech like the New York Times and Fortune mostly write about consumer tech. It could be because the grown-up Valley companies like HP and Oracle aren?t innovating much in the enterprise space. It could be because Valley VCs have given way to ?super-seed? funds that parcel out much smaller rounds, and by definition, fund ?lighter? innovation. In the meantime, more complex innovation has been moving elsewhere. The book describes a number of technologies coming out of GE. A GE executive is quoted as saying: < - > http://gigaom.com/2010/08/17/is-silicon-valley-focusing-too-much-on-consumer-tech/ From rforno at infowarrior.org Wed Aug 18 09:31:28 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Aug 2010 10:31:28 -0400 Subject: [Infowarrior] - OT: "Lady Java" video Message-ID: <06D5D3AD-05D9-41C3-9A49-B815950C6EE8@infowarrior.org> Clever web video for Javazon ..... sort of 1950sIBM-meets-Lady Gaga. Semi-SFW. http://www.geeksaresexy.net/2010/08/17/lady-java-video ... and their previous one .... really blasts Windows. Semi-NSFW too. Java 4-Ever Trailer http://jz10.java.no/java-4-ever-trailer.html From rforno at infowarrior.org Wed Aug 18 09:33:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Aug 2010 10:33:17 -0400 Subject: [Infowarrior] - Social Engineering 101 (Q&A) Message-ID: <6A147F13-3DEE-42E1-985F-2BB3A3701FA4@infowarrior.org> August 17, 2010 2:56 PM PDT Social Engineering 101 (Q&A) by Elinor Mills http://news.cnet.com/8301-27080_3-20013901-245.html? One of the more interesting events at this year's Defcon hacker conference in Las Vegas late last month was a social-engineering contest that targeted big companies like Microsoft, Google, and Apple. Participants pretending to be headhunters and survey takers were able to trick employees at the companies into giving out information over the phone that if it landed in the wrong hands could be used to sneak malware onto machines at the company or otherwise get access to the company's data. The contest proved a number of things. That it is easy for strangers to get potentially sensitive information over the phone if they have a good ruse. That workers at companies, even tech companies that spend a lot of time and resources protecting their networks from hackers, were practically handing over the keys to the data storerooms without knowing it. And that humans are the weakest link in the security ecosystem and yet many corporations fail to recognize that. I learned about the risks from social-engineering personally when I worked at a company many years ago that was receiving calls on the main phone line from people who identified themselves as telephone workmen. They would say they needed an outside line to "test the system" and my colleagues would just hit the button to give them an outside line and hang up without a second thought. When I answered one of the calls I asked why it was taking them so long to do their work and the caller hung up. I reported it to the boss and later found out that the calls were made by inmates at a nearby prison who were phoning friends and family around the world for free thanks to the company's lax security. Today, people get duped over the phone, but also over e-mail and via Facebook and other online avenues. In this edited interview CNET talked to Chris Hadnagy, operations manager at Offensive Security, which organized the Defcon social-engineering contest and does security auditing and training for companies, about the risks to this type of attack, what people can do to protect themselves, and why women might be less susceptible. Q: What is social engineering? Chris Hadnagy: We have a different definition than what's out there today. I define social engineering as any act where you try to manipulate a person to accomplish a goal and that that goal may or may not be in the target's interest. I broaden that because I feel that social engineering encompasses not just malicious hackers that are trying to get to your data, but aspects of social engineering are used in therapy, psychology, doctors, counselors, principals, teachers, almost every different field. How has it changed from the days of Kevin Mitnick, when he was calling companies and pretending to be an employee to trick them into giving him passwords and other information? Hadnagy: In his day it was more difficult because he did not have the resources we have today. He had a phone and whatever resources he could gather from public resources which were libraries or public records from the courthouse and once he was able to attain names through a few fake phone calls you kept building on a pretext and this is how his attack vectors went, which was very classy for that day and age. But now things have changed because people use social media to such an extent that their whole lives are on the Web. With sites like Blippy which people can tie into their Twitter and Facebook accounts and it in essence tweets every time you use a credit card or bank account, and it tweets what you've purchased and the amount. So you can go to these sites, find someone on Twitter, link them to a Blippy account and to Facebook and now you have their pictures, what they like to buy, what restaurants they go to, when they leave the house, when they work. And within an hour you can have a very detailed profile of a company or an individual based on the amount of social media they use. I think it makes it easier for professional as well as malicious social engineers today. What other trends do you see in social engineering? Hadnagy: The thing that hasn't changed is the human factor. People are trusting of other people, especially if there is a request for help. One of the biggest things that worked for the Capture the Flag contest at Defcon was a contestant who said "Can you please help me with this?" Asking people for help, the human vulnerability, has not changed over the years from even before Kevin's day. There is an inherent desire for people to help other people. There are trends of a positive nature, but they still get exploited. People are more security conscious today. People are more aware of the obvious attacks, the scamming and phishing. A few years back people were falling for the African 411 scams. Now, few people fall for those. Most people who spend any time online are educated to the simple attacks. The negative is we're so desensitized to certain attacks that we don't take notice to things that are occurring to us right under our nose. Any anecdotes to share about particularly egregious cases? Hadnagy: When the earthquake happened in Haiti, literally about 24 hours after that one of the top-ranking sites in Google was a Web site that was doing malicious phishing. They claimed to have data on the identities of those who lost their lives in the earthquake. If you provide personal information they said they would e-mail you with facts about loved ones in that area. They were asking for detailed information and security questions like first names, last name, date of birth, address, mother's maiden name, and then of course that information was used for identity theft. The odd thing was it was such a well-known scam, but it wasn't all over the news. So, the social engineering is primarily online? Hadnagy: That's probably the largest majority of attacks that are known. The ones that are online and the large phishing scams. But every day people are stealing corporate secrets through dumpster diving and other more direct methods. Is tricking someone over the phone easier or harder than doing it online? Hadnagy: That's a good question. It depends on the information you're trying to gather. In a professional audit we will start off with online information gathering because that's where you can harvest most of the valuable information. There's a case we talk about in our trainings where just doing a little research you can find things online like people using their corporate e-mail addresses on forums to buy or sell things of a personal nature. Those pieces of data are invaluable to a social engineer. If I know you are interested in coin collecting I can set up a fake site about that topic and send you the link and embed it with malicious code. It depends on the goal of your attack whether you use the phone or just Web resources. What else is involved in your audits of companies? Hadnagy: We do training and pen [penetration] testing. When we do pen testing we always offer social engineering as part of the audit. I would say a large majority of the time companies reject the social engineering. And usually it has to do with "we don't fall for that" or "our employees know better." And we just stand back and think to ourselves, man, this is the easiest way in. We go to their Web site, read about their products, their locations, do a Whois lookup to find out about the owners and administrators of the Web site. We have a bunch of different tools that harvest e-mails for the company and get as many e-mail addresses for the company as possible. I use a tool called Maltego that uses open Web resources to find information on the companies. Gathering all that information into one place, allows you to build an attack vector. There was one company I was auditing where 20 employees were part of a fantasy basketball league. Then we cloned the fantasy league site using a misspelling of the real name in the URL and called one of the employees saying we were from the fantasy basketball league and that we were coming out with a new service and we would like them to check it out for free for 30 days. I said I would shoot him an e-mail and he gets the e-mail, clicks on that link and the page looks exactly like his normal fantasy basketball league Web page but there is malicious code embedded in the background and his computer is hacked while he's browsing this Web site. How do you mitigate against that? Hadnagy: You have to keep updated on your browser. If you are going to use Internet Explorer then don't stay with an old version of IE. Another important thing is not allowing employees to do personal activities at work. It's a time waster and a money waster and this is mainly how social engineers will gain access to a company. If I find out you have a hobby that you like to do at work that's my attack vector. I just need to draw you to that Web site and 90 percent of the time you're going to click on it because you're interested in it, it's a hobby. I've heard of people pretending to be a UPS man to get on site. Does that still happen? Hadnagy: It used to be 7 or 8 years ago that you could go online and buy a UPS uniform, on eBay and other Web sites. They were so widely used for social-engineering attacks but you can't find the uniforms now anywhere. That used to be a big vector. Who doubts the UPS guy? If I dress up like a UPS man and grab a dolly and put boxes on it and come wheeling into your office, people will open doors for me and point me in the direction of the back room. That is not as easy now to accomplish unless you can obtain a uniform or make your own. Another vector to use is to pretend to be the tech support guy. That is probably the most widely used disguise. If I come to your business and say I need get in to take care of a server issue, most people don't call the support company to ask if we have an appointment. Once you are in the building you can do a number of different things. One of them is to drop a few USB keys, especially if they are fancy looking, or a blank CD with a label that says "employee bonuses." The USB key or CD is implanted with malicious code that will give you access to their computer and the whole network, most of the time. These are not 007 [James Bond] movie attacks. These are things that occur each and every day. How can consumers and companies protect themselves against these attacks? Hadnagy: There are a few things to mitigate these attacks. Keep your software up to date. If I know that a piece of software is constantly vulnerable and even the updates are vulnerable, I won't use it. But the biggest key is education. Security awareness programs seem to be massively flawed in corporate America. Companies give out posters, but they don't make it personal. After Defcon we decided to launch a security awareness program. We realized that the problem is that people are not aware that telling a stranger on the phone what version of Internet Explorer and Adobe Reader gives an attacker information they need to hack you. With those two pieces of information alone I could own your company. And all you need to do is give me your e-mail address next and it's all over. So that's why we're launching a brand new security awareness program this week. We're going to show them real live attacks. Here's what can happen if you accept a malicious PDF. Hopefully when they see that they will realize that this is not just about corporate data. If attackers can get into my computer they can get to photos of my kids and learn where I live. If I checked my bank account from my company computer then my personal account can be hacked. So, all of the companies targeted in the Defcon contest revealed information to the callers, right? Hadnagy: By the end of the weekend we had called 15 companies and only one company did not falter and the only reason they didn't is because we didn't get a live person on the phone. That statistic really did shock us. We did expect some of the security and tech companies to shut us down. We thought that as soon as we asked a question that sounded at all fishy we would get put away. But that didn't happen. They were more willing in a lot of respects to answer questions than some of the non-tech companies. There were only five people who did not want to answer the questions. All five were women, which I find personally interesting and pleasing. Guys have big egos and so playing on that is easy. You tell him he's great at his job he'll spill the beans. But women are more cautious by nature and that makes them less susceptible to social-engineering attacks. Which companies were targeted? Hadnagy: BP, Shell, Google, Proctor & Gamble, Microsoft, Apple, Cisco, Ford, Coke, Pepsi, Wal-Mart, Symantec, Philip Morris, Dell, and Verizon. And all of them fell and gave out every piece of information we asked for, except for the company where we couldn't get a live person. What types of data did contestants ask for? Hadnagy: There were 30 to 35 different flags, or types of information, sought. These included do you have trash handling and who does it? Do you do off-site backups? What type of PBX system do you have? What operating system, mail client, antivirus, PDF reader, and browser do they use? Do they have a cafeteria and if so who supplies the food? Do you have employee termination and new-hire orientation information available to the public? Do you have shredding or document disposal? Do they have wireless? What brand and type of computers do they have? How long did they have to make the calls? Hadnagy: They could make as many calls as they wanted in 25 minutes. There were probably 140 some-odd phone calls made throughout the weekend. One guy had a survey and then hung up and pretended to be a head hunter. We had some contestants who would call back multiple times and get different pieces of information. Did contestants do anything particularly interesting? Hadnagy: We had one guy who never asked a direct question. If he wanted to know what kind of browser, he didn't ask what type of browser they were using. He would say something like "Have they migrated you to IE 7 yet or are you still on 6?" And one question he asked, they said "We're not on IE at all, we're on another browser." And he did that for every question. He got answers without having to ask the question directly. Did any contestant get all of the flags? Hadnagy: No. We had no one that went through all of the list. Our biggest point value was to get the target to go to our URL. This is the biggest attack vector used by social engineers. You open up a browser and go to a URL that is given the target. If this was a malicious attack then that person would have been hacked. For every contestant that tried that vector it worked. We thought no one would fall for this, make them go to social-engineer.org, our Web site. Then we give them extra points, because we thought no way would it work. We had five or more that drove people to our URL and they went to it and opened it up. One guy was pointed to the name and the target said, "That's a nice logo." You want to chuckle a little bit but at the same time that's scary as heck. What were the questions that led to the hang ups? Hadnagy: Most of the people that put the smack down on us within 20 or 30 seconds of the phone call. One pretext was "Corporate hired us to do an IT survey and I need you to answer a few questions." And the response was, "If corporate hired you why is your number coming from the Bronx?" The person didn't just mindlessly answer the questions. She had looked at the caller ID. Another one who hung up just didn't like the questions. When the contestant asked about the browser, the respondent said "If you're from corporate wouldn't you know what browser I use?" and she hung up on him too. The woman who questioned the number she called back like eight times in a row too. That to me was a great lesson for us because what that showed was that they were not doing their jobs in a mindless way. That is one of the biggest ways in for social engineers. They are hoping that people are being mindless. They noticed every little detail that seemed out of place and that is why they did not fall victim to the contestants. Were any of the contestants women? Hadnagy: We had one woman contestant. I hope we have more next year because personally I think they'd be better at social engineering. Especially if you get a guy on the phone and there's a woman saying "Can you help me with this?" What guy is going to say no to that? What other simple messages do you have to help people not be suckered by social engineers? Hadnagy: We'll have a new Web site launching on Tuesday that will have lots of information about how to be more aware of such attacks. The Social-engineer.org site explains what the attackers are thinking and doing. In addition to not doing your job or your daily routine mindlessly, I would suggest keeping things in context. If I call you and start asking you questions that don't fit your job that should raise a red flag. Ask "Why do you need to know this?" Understand what is being asked of you and question why. You mentioned that you work in a field called "neuro-linguistic hacking." What is that? Hadnagy: Neuro-linguistic hacking is using body language and micro expressions and vocal tones to manipulate a person's emotional state. And if you can make that person enter into an emotional state that you want then it is easier to manipulate that person. As an example, people tend to be more compliant when they're feeling compassion and an emotion strongly linked to compassion is sadness. There has been research where they flashed micro expressions on a screen in like 200 millisecond time frames and used EKG monitors on their face to monitor their muscular movements. And they found that whatever emotion was flashed on the screen that person began to mirror. In essence you can make that person comply with a compassionate response more easily than if you had approached the person in a different state. You've got a book coming out soon, right? Hadnagy: Yes. It's due out in January 2011. It's called "Social Engineering: The Art of Human Hacking." It is a how-to book on social engineering. My approach to the book was thinking that the only way to truly be educated and secure is to know what the bad guys do. If you bury your head in the sand and you're unwilling to learn the methods of the bad guys you're more susceptible to fall for them. Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. From rforno at infowarrior.org Wed Aug 18 20:16:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Aug 2010 21:16:42 -0400 Subject: [Infowarrior] - 30 y/o Cryptosystem Can Resist Quantum-Computing Attacks Message-ID: <400F5F1C-9421-48CF-8318-65A87D6EB8C6@infowarrior.org> Thirty-Year-Old Encryption Formula Can Resist Quantum-Computing Attacks That Defeat All Common Codes http://gizmodo.com/5615939/thirty+year+old-encryption-formula-can-resist-quantum+computing-attacks-that-defeat-all-common-codes The core advantage of quantum computing ? the ability to compute for many possible outcomes at the same time and therefore crunch data much more quickly than classical computers ? also creates a problem for data security. Once the first high-powered quantum computers are functioning, they'll be able to quickly saw through many of our most common data encryption algorithms. But as it turns out, an obscure encryption code created in 1978 is resistant to all known methods of quantum attack. Hang Dinh at the University of Connecticut and a few colleagues figured out that CalTech mathematician Robert McEliece's code is structured in such a way that a quantum computer couldn't just pull it apart, at least not by any known process. Rooted in a mathematical puzzle called the hidden subgroup problem, standard quantum fourier analysis simply can't crack the code. What does all that mean? For a more extensive mathematical explanation, click through to Tech Review's more thorough and astute review of quantum encryption. But in summary, encryption is often conducted using asymmetric codes, meaning there's a public key that anyone can use to encrypt data and a private key for decrypting it. The basis of these encryption schemes is math that flows easily in one direction but not so easily in the other. Such asymmetric code can be tricky for a classical computer to figure out but quantum computers are well suited to such work. To take a simple example, say a message was encrypted using basic multiplication ? one number is multiplied by a number to get a third number. It's not so easy to look at the third number and quickly determine the two numbers that spawned it. In math, the process of doing this is called factorizing, and mathematicians factorize through a quality called periodicity ? the idea that a mathematical entity with the right periodicity will divide an object correctly while others will not. In 1994, a mathematician created an algorithm that does this very well, and that shortcut to finding periodicity has a quantum analogue known as quantum fourier sampling. Using fourier sampling, quantum computers can quickly factorise codes, rendering most of our most common encryption schemes useless. But McEliece's little-used code doesn't rely on factorization, meaning quantum fourier analysis can't break it down. That means it's essentially impervious to all known forms of quantum attack. That's not to say that new modes of quantum hacking won't be developed to decrypt McEliece's system, but it's interesting that while standing at the threshold of a new era of computing power researchers are finding solutions that can keep our data safe more than three decades in the past. [Technology Review] From rforno at infowarrior.org Wed Aug 18 20:55:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Aug 2010 21:55:21 -0400 Subject: [Infowarrior] - New Facebook Location Feature Sparks Privacy Concerns Message-ID: August 18, 2010, 9:44 pm New Facebook Location Feature Sparks Privacy Concerns http://bits.blogs.nytimes.com/2010/08/18/new-facebook-location-feature-sparks-privacy-concerns/ By JENNA WORTHAM Moments after Facebook introduced a new feature called Facebook Places Wednesday that allows its users to share their location and find their friends, advocates raised flags over online privacy. The American Civil Liberties Union of Northern California cited concerns over the new product, saying Facebook neglected to include several crucial privacy features. The organization highlighted the element of the new service that allows users to ?tag? a friend that is with them and post their location to Facebook ? even if the accompanying friend does not have an iPhone, which is currently the only platform the application is available on. ?Places allows your friends to tag you when they check in somewhere, and Facebook makes it very easy to say ?yes? to allowing your friends to check in for you,? read the statement, released late Wednesday night. ?But when it comes to opting out of that feature, you are only given a ?not now? option. ?No? isn?t one of the easy options.? The A.C.L.U. also expressed concern over the integration of Facebook?s Places feature with third-party Web sites and applications. ?Your friends? apps may be able to access information about your most recent check-in by default as soon as you start using Places,? the organization said in a release. ?Even if you?ve already gone through your settings to limit the info that apps can access, you should do it again- you may find that you?ve been defaulted into sharing your location info with apps.? The early stirrings of concern is reminiscent of the Facebook privacy debacle that erupted a few months ago after the company revised its platform that encouraged members to make personal details accessible more broadly on the Internet. After a string of frustrations, the company simplified its privacy settings in an effort to make the controls easier to navigate. During a press conference held at the Facebook offices in Palo Alto, Calif., Mark Zuckerberg, chief executive of the company, sought to reassure users that the service, saying it was a ?really fun and interesting product.? ?The main thing we are doing is allowing our users to share where they are in a really nice and social way,? he said during the media event. ?You can see who is around you and connect in the real world.? From rforno at infowarrior.org Thu Aug 19 08:01:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Aug 2010 09:01:30 -0400 Subject: [Infowarrior] - Intel to Buy McAfee in $7.68 Billion Deal Message-ID: Intel to Buy McAfee in $7.68 Billion Deal By NATHAN BECKER http://online.wsj.com/article/SB10001424052748704476104575439180665843938.html Chip maker Intel Corp. agreed to pay $7.68 billion to acquire computer-security software maker McAfee Inc. It will pay $48 for each share of McAfee, a 60% premium to Wednesday's closing price. The stock last traded at that level in 1999. Shares of McAfee jumped 58% to $47.40 premarket?they were down 28% the past year through Wednesday?while Intel declined 2% to $19.19. In announcing the deal, Intel said current security doesn't fully address mobile, television, ATMs and other Internet-connected devices. McAfee will become part of Intel's software and services division. "With the rapid expansion of growth across a vast array of Internet-connected devices, more and more of the elements of our lives have moved online," said Intel President and Chief Executive Paul Otellini. "In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences." McAfee, best known for its widely popular antivirus software, has recently said it was marshaling more strength to go after the quickly developing mobile market, and it recently announced it was acquiring mobile-device security company tenCube, a move that follows its purchase of Trust Digital, another mobile-security-software firm. Meanwhile, technology companies have been putting some of their bulging cash piles to work lately through acquisitions, suggesting they are taking advantage of low valuations to build their product and service offerings. On Monday, Intel said it would buy Texas Instruments Inc.'s cable-modem product line for an undisclosed amount. The deals come as Intel last month reported its best-ever quarterly results amid an ongoing rebound in the semiconductor space. For its part, McAfee's second-quarter earnings rose 38%, allaying concerns about its business after a weak first quarter. The company said sales grew sharply in North America, one of its key markets. Both boards of directors have unanimously approved the deal. The deal still requires McAfee shareholder approval and regulatory clearances. Intel expects the deal to slightly cut into earnings the first year after closing because of merger-related charges and have little impact on the bottom line in the second year. A slight increase after those charges are seen in the first year. Intel and McAfee are both based in Santa Clara,Calif. Intel was advised on the deal by Goldman Sachs and Morrison & Foerster LLP. McAfee was advised by Morgan Stanley and Wilson Sonsini Goodrich & Rosati. Write to Nathan Becker at nathan.becker at dowjones.com From rforno at infowarrior.org Fri Aug 20 14:01:57 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Aug 2010 15:01:57 -0400 Subject: [Infowarrior] - Apple Patents Security Invention That Recognizes Users Heartbeat... Message-ID: <71B4B005-DBBD-497B-9F8D-53E53519BEFA@infowarrior.org> This is interesting from a behavioural pattern-matching perspective. -rick The U.S. Patent and Trademark Office this week revealed a patent application from Apple entitled "Systems and Methods for Identifying Unauthorized Users of an Electronic Device." The security-centric invention describes methods to identify users through a picture, the sound of their voice, or even their unique heartbeat. "The photograph, recording, or heartbeat can be compared, respectively, to a photograph, recording or heartbeat of authorized users of the electronic device to determine whether they match," the application reads. "If they do not match, the current user can be detected as an unauthorized user." < - > http://www.appleinsider.com/articles/10/08/19/future_iphones_ipads_could_recognize_adjust_for_individual_users.html From rforno at infowarrior.org Fri Aug 20 17:55:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Aug 2010 18:55:46 -0400 Subject: [Infowarrior] - Fwd: Senators ask Marshals Service why it stores images of full-body scans taken at US Fed courthouse Orlando, Fl. References: Message-ID: <38D4AA83-DE82-4D55-B2F3-8825D6B774F8@infowarrior.org> Begin forwarded message: > From: Jonathan Abolins > Date: August 20, 2010 4:44:51 PM EDT > To: Richard Forno > Subject: Senators ask Marshals Service why it stores images of full-body scans taken at US Fed courthouse Orlando, Fl. > > May be of interest > See also this from EPIC: > http://epic.org/2010/08/following-epic-foia-lawsuit-us.html > - Jon > > http://www.nextgov.com/nextgov/ng_20100820_1563.php > << > Senators ask Marshals Service why it stores images of full-body scans > > By Katherine McIntire Peters and Aliya Sternstein 08/20/2010 > > Unhappy Senate lawmakers have asked the U.S. Marshals Service, an arm > of the Justice Department, to explain why it has stored more than > 35,000 whole body imaging scans taken at a federal courthouse in > Florida. > > In an Aug. 19 letter to the agency, Sens. Joe Lieberman, I-Conn., and > Susan Collins, R-Maine, the chairman and ranking member, respectively, > of the Homeland Security and Governmental Affairs Committee, said they > were concerned individuals' privacy might be compromised. The advanced > imaging technology used during security screening procedures at the > federal courthouse in Orlando "are able to scan through clothing and > capture detailed images of the bodies of those who are scanned," the > lawmakers said in the letter. > > Sens. Daniel Akaka, D-Hawaii; Thomas Carper, D-Del.; Saxby Chambliss, > R-Ga.; and Johnny Isakson, R-Ga., also signed the letter. > > Body scan machines came under scrutiny on Christmas Day 2009 after an > alleged terrorist bypassed airport security with an explosive device > concealed in his undergarments in a failed attempt to blow up a > U.S.-bound passenger jet. Privacy advocates say the scanning > technology is invasive and ineffective, while some security > specialists say more devices are necessary to detect weapons that > metal detectors cannot reveal. > > In response to media reports, the Marshals Service issued on Aug. 5 a > statement that said the machine that screens individuals at the > Orlando courthouse is a passive millimeter wave system manufactured by > Brijot Systems, and the pictures are not accessible without an > administrative password. In addition, officials said the service never > accessed the images until the agency received a request for them under > a Freedom of Information Act from the Electronic Privacy Information > Center, a civil liberties group. > > The images "can in no way be described as images of 'naked' or > 'undressed' people. Rather, they are pixilated, chalky and blurred > images," the statement said. "One cannot tell if the subject is male > or female. Privacy is protected while safely and effectively detecting > potential threats and contraband." > > The agency provided a link > to the manufacturer's > website, where similar body scans can be seen. > > "As one can easily see, the scanned images do not reveal anatomical > details. One cannot tell if the subject is male or female," the > statement said. > > Nonetheless, the senators requested "a full explanation" as to why the > service saved the images and asked about other locations where the > images might be stored. > > The lawmakers also urged the agency to adopt stricter privacy > practices and consider employing a software program that automates the > process of screening images, which would eliminate the need for guards > to directly view the depictions. > > The Transportation Security Administration, which also uses whole-body > scanners, has publicized its privacy policies, which ban saving most > full-body images. TSA also prohibits sharing the pictures > electronically. The senators encouraged the U.S. Marshals Service to > adopt similar security practices. > > They also suggested the agency consider switching to a different > technology called automatic target recognition, which uses a machine > instead of employees to examine the images. TSA is contemplating > whether to deploy the software at its checkpoints in U.S. airports. > > "Computer-based autodetection technology, which identifies potentially > threatening objects on a person using a featureless human body outline > to highlight those areas of the individual that may require further > inspection, would go a long way to address the legitimate privacy > concerns many Americans have regarding whole body imaging technology," > the senators wrote. > > On Friday, Marshals Service spokesman Steve Blando had no additional > comment beyond the Aug. 5 statement. He said the agency has received > the senators' letter and will respond appropriately. >>> > From rforno at infowarrior.org Sat Aug 21 07:58:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Aug 2010 08:58:32 -0400 Subject: [Infowarrior] - Assange charged with rape, molestation in Sweden Message-ID: <436705E0-C56D-477B-8F7E-A735C20D0AB5@infowarrior.org> Interesting timing for these charges to be raised .... -rick WikiLeaks founder charged with rape, molestation in Sweden By the CNN Wire Staff August 21, 2010 8:30 a.m. EDT http://www.cnn.com/2010/WORLD/europe/08/21/sweden.wikileaks.charge/index.html WikiLeaks founder and editor Julian Assange at a press conference in London on July 26, 2010. Stockholm, Sweden (CNN) -- The founder and editor of the whistle-blowing website WikiLeaks, Julian Assange, has been charged in Sweden with rape and molestation, a spokeswoman for the Swedish prosecutor's office told CNN Saturday. Spokeswoman Karin Rosander said the charges were filed Friday night in relation to two separate instances, but she didn't have more detail about when the alleged crimes occurred or who the alleged victims are. Assange denied the charges in a posting Saturday on the WikiLeaks Twitter page, saying, "The charges are without basis and their issue at this moment is deeply disturbing." The rape charge carries a possible prison sentence, while the molestation charge would not, Rosander said. The charges are without basis and their issue at this moment is deeply disturbing. --Julian Assange, WikiLeaks on Twitter Video: Wikileaks founder accused of rape RELATED TOPICS ? Wikileaks.org ? Sweden Assange was in Sweden last weekend, but Rosander said it's not clear whether he is still in the country. She said police have been unable so far to make contact with Assange. "The next step is to get in contact with him and interview him," Rosander said. An elusive figure, Assange reportedly lives part-time in Sweden. He told the Swedish newspaper Svenska Dagbladet this week that he chose Sweden to host several servers for WikiLeaks because of the country's privacy laws. He also told the paper, in an interview published Monday, that he had been in Sweden because he wanted a safe place to go after the high-profile leak of U.S. documents related to the war in Afghanistan. WikiLeaks has sparked major controversy by posting some 76,000 pages of those documents online last month, in what was called the biggest leak since the Pentagon Papers about the Vietnam War. U.S. Defense Secretary Robert Gates criticized the leak, saying it would have a significant negative impact on troops and allies, revealing techniques and procedures. Assange has defended the leak by saying it can help shape the public's understanding of the war. He said the material was of no operational significance and that WikiLeaks tried to ensure the material did not put innocent people at risk. Assange reportedly has spent his life developing the tech skills needed to set up WikiLeaks. When he was a teenager in Melbourne, Australia, he belonged to a hacker collective called the International Subversives, according to the magazine Mother Jones. He eventually pleaded guilty to multiple counts of breaking into Australian government and commercial websites to test their security gaps, but was released on bond for good behavior," the magazine said. As WikiLeaks has grown and published increasingly high-profile items, Assange has found himself the target of what he says are many legal attacks -- though not necessarily of the type he now faces in Sweden. "In my role as Wikileaks editor, I've been involved in fighting off many legal attacks," Assange said in an e-mail to the BBC earlier this year. "To do that, and keep our sources safe, we have had to spread assets, encrypt everything, and move telecommunications and people around the world to activate protective laws in different national jurisdictions. "We've become good at it, and never lost a case, or a source, but we can't expect everyone to go through the extraordinary efforts that we do." In a news conference following the release of the Afghan documents, Assange said the site has 800 part-time volunteers and a loose network of 70,000 "supporters." CNN's Bharati Naik in London, England, contributed to this report. From rforno at infowarrior.org Sat Aug 21 10:39:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Aug 2010 11:39:38 -0400 Subject: [Infowarrior] - Report: Sweden cancels Assange warrant Message-ID: <852ABCD4-F835-4B6B-986B-443537A6DDB7@infowarrior.org> Prosecutors cancel arrest warrant for Wikileaks founder: official Reuters, with files from Agence France-Presse ? Saturday, Aug. 21, 2010 STOCKHOLM ? A Swedish arrest warrant for WikiLeaks founder Julian Assange, whose whistle-blowing website caused uproar last month with a leak of secret U.S. military files on Afghanistan, on charges of rape and molestation, has been cancelled, an official said. Mr. Assange, whose whereabouts are unclear, denied the allegations on WikiLeaks? Twitter page.?The charges are without basis and their issue at this moment is deeply disturbing.? < - > http://www.nationalpost.com/news/world/Prosecutors+cancel+arrest+warrant+Wikileaks+founder+official/3427427/story.html From rforno at infowarrior.org Sat Aug 21 14:51:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Aug 2010 15:51:45 -0400 Subject: [Infowarrior] - Malware implicated in fatal Spanair plane crash Message-ID: (c/o JC) Malware implicated in fatal Spanair plane crash Computer monitoring system was infected with Trojan horse, authorities say By Leslie Meredith updated 8/20/2010 4:48:01 PM ET http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security/?gt1=43001 Authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware. An internal report issued by the airline revealed the infected computer failed to detect three technical problems with the aircraft, which if detected, may have prevented the plane from taking off, according to reports in the Spanish newspaper, El Pais. Flight 5022 crashed just after takeoff from Madrid-Barajas International Airport two years ago today, killing 154 and leaving only 18 survivors. The U.S. National Transportation Safety Board reported in a preliminary investigation that the plane had taken off with its flaps and slats retracted ? and that no audible alarm had been heard to warn of this because the systems delivering power to the take-off warning system failed. Two earlier events had not been reported by the automated system. The malware on the Spanair computer has been identified as a type of Trojan horse. It could have entered the airline's system in a number of ways, according to Jamz Yaneeza, head threat researcher at Trend Micro. Some of the most likely ways are through third party devices such as USB sticks, Yaneeza said, which were responsible for the International Space Station virus infection in 2008, or through a remote VPN connection that may not have the same protection as a computer within the enterprise network. Opening just one malicious file on a single computer is all it takes to infect an entire system. "Any computer that is connected to a network is vulnerable to a malware infection," O. Sami Saydjari, president of Cyber Defense Agency, told TechNewsDaily. "Standards have not been set to protect critical infrastructure." An incident like this could happen again, and most likely will, according to Saydjari. A judge has ordered Spanair to provide all of the computer's logs from the days before and after the crash.The final report from crash investigators is not due to be presented until December. From rforno at infowarrior.org Sun Aug 22 08:30:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Aug 2010 09:30:53 -0400 Subject: [Infowarrior] - Virgin Mobile to have $40 true unlimited data plan Message-ID: <1311D54C-396C-4132-9472-5E89F76C2E77@infowarrior.org> Virgin Mobile to have $40 true unlimited data plan updated 12:10 am EDT, Sun August 22, 2010 http://www.electronista.com/articles/10/08/22/virgin.mobile.to.land.unlimited.data/ Virgin Mobile this weekend prematurely confirmed a major revamp of its Broadband2Go data plans that could see a return to real unlimited data. Rather than the four plans offered today, it would simplify to just a $40 unlimited monthly plan and a $10, 100MB 10-day plan. IntoMobile has added through a leaked memo that the changes will go live on August 24. Both MiFi routers and modems should work with the cap-free access. The switch would escalate the competition among carriers for mobile data. Clear and Virgin's US parent Sprint offer unlimited Internet, but only for their still-rare WiMAX services. On 3G, Sprint as well as AT&T, T-Mobile and Verizon all have caps of 5GB or less for Internet-only plans. Frequent travellers have often complained regarding the limits as they can be broken quickly with significant media streaming or for more than a few days of use. With the new unlimited plan, customers could have a true substitute for a home connection and would have a particular edge with a MiFi, since multiple users could share service without risking overage fees. From rforno at infowarrior.org Sun Aug 22 17:53:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Aug 2010 18:53:27 -0400 Subject: [Infowarrior] - US Prosecutors Eye WikiLeaks Charges Message-ID: <22ACEF54-7237-48E8-9AA4-B90A3D0BCF9C@infowarrior.org> ? POLITICS ? AUGUST 21, 2010 Prosecutors Eye WikiLeaks Charges By ADAM ENTOUS and EVAN PEREZ http://online.wsj.com/article/SB10001424052748704488404575441673460880204.html WASHINGTON?Pentagon lawyers believe that online whistleblower group WikiLeaks acted illegally in disclosing thousands of classified Afghanistan war reports and other material, and federal prosecutors are exploring possible criminal charges, officials familiar with the matter said. A joint investigation by the Army and the Federal Bureau of Investigation is still in its early stages and it is unclear what course the Department of Justice will decide to take, according to a U.S. law-enforcement official. He said WikiLeaks founder Julian Assange had not been identified by the FBI as a target of the probe. WikiLeaks in late July posted on its website some 76,000 classified military documents, the largest such disclosure since the release of the Pentagon Papers in 1971. It has promised to publish another 15,000 documents from the cache it obtained. The disclosure infuriated the Pentagon, which warned that the release could endanger allies in Afghanistan and undercut the war effort. Several officials said the Defense and Justice departments were now exploring legal options for prosecuting Mr. Assange and others involved on grounds they encouraged the theft of government property. Bringing a case against WikiLeaks would be controversial and complicated, and would expose the Obama administration to criticism for pursuing not just government leakers, but organizations that disseminate their information. The increasingly confrontational tone could be part of Pentagon efforts to dissuade WikiLeaks from posting online the yet-to-be-published documents in its possession. "It is the view of the Department of Defense that WikiLeaks obtained this material in circumstances that constitute a violation of United States law, and that as long as WikiLeaks holds this material, the violation of the law is ongoing," Defense Department General Counsel Jeh Charles Johnson wrote in a letter this week to a WikiLeaks lawyer. The letter did not spell out what those circumstances were. People familiar with the matter said investigators and government lawyers were looking at whether WikiLeaks pressed or encouraged army intelligence analyst Pfc. Bradley Manning to leak the Afghan war logs after the army private provided the group with a classified Iraq video. Such a finding could increase the chances that prosecutors will pursue charges against WikiLeaks, legal experts said. Steven Aftergood, head of the project on government secrecy at the Federation of American Scientists, said U.S. law gives prosecutors a number of tools they could use to prosecute WikiLeaks, such as alleging the group was an accessory to a crime or had unlawfully taken possession of stolen property. If WikiLeaks actively encouraged the transfer of classified documents, the government could allege the group was part of a conspiracy, he said. At issue is whether WikiLeaks should be afforded the same legal protections as a traditional media outlet. Legal experts said the government may view WikiLeaks differently because of the way it gathers and publishes information. Its website actively solicits classified material and promises leaking is "safe, easy and protected by law." When established news organizations obtain classified information, they rarely publish it wholesale or without first consulting the government to authenticate the information and to ensure it doesn't compromise national security. WikiLeaks' model eschews that step. "If WikiLeaks thought it would make the last move and the government would not respond, they may be mistaken," said Mr. Aftergood. "But it would be a terrible new precedent if these legal options were actually employed against a publisher, even a disreputable one. Once such measures were used against WikiLeaks, it would only be a matter of time until they are used against other media outlets and individuals." Pentagon Press Secretary Geoff Morrell declined to comment on the investigation but said, "We believe at a minimum that WikiLeaks has behaved in a reckless and irresponsible manner." The Army unit conducting the investigation and the FBI declined to comment. The lawyer working with WikiLeaks, Timothy Matusheski, said he had been told by a member of the Army Criminal Investigative Division unit investigating the case that Mr. Assange?an Australian national ?"was not a subject or target of any investigation." The U.S. law-enforcement official said that Mr. Assange was not a target, but Mr. Johnson's letter may signal a shift, at least in terms of the Pentagon's thinking, Mr. Matusheski said. "They accuse him of breaking the law," he said of Mr. Assange. "But they haven't said what law." Pfc. Manning, a 22-year-old private, worked in intelligence operations in Baghdad. He was supposed to be examining intelligence relevant to Iraq, but defense officials said Pfc. Manning used his "Top Secret/SCI" clearance to tap into documents around the world. Pfc. Manning was charged by the military in July with illegally taking secret State Department files and disseminating the classified video, later released by WikiLeaks, showing a U.S. military helicopter firing on a group of people in Baghdad. Two Reuters journalists and seven other people were killed in the 2007 incident. Going after WikiLeaks or Mr. Assange personally would be complicated. Not only is Mr. Assange not an American, but "I don't know WikiLeaks has a presence in the United States except for a website," Mr. Matusheski said. The classified documents cover the Afghan war from 2004 through 2009. The Pentagon this week rebuffed a WikiLeaks request for help reviewing the remaining documents, demanding that the group instead return all of the logs to the U.S. government. The Pentagon said the 15,000 additional documents, like the initial batch, contained the names of Afghans who have helped the U.S. war effort and who could be targeted by the Taliban if their identities were made public. But officials have played down the impact of the leak on military strategy, saying they revealed little new. Write to Evan Perez at evan.perez at wsj.com From rforno at infowarrior.org Sun Aug 22 18:22:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Aug 2010 19:22:35 -0400 Subject: [Infowarrior] - Apple applies for patent to kill jailbroken devices Message-ID: August 22, 2010 10:46 AM PDT Apple applies for patent to kill jailbroken devices by Steven Musil http://news.cnet.com/8301-13579_3-20014356-37.html A browser-based iPhone 4 jailbreak was released just days after the U.S. Copyright Office ruled that such bypasses were legal. Apple is apparently ramping up its battle to prevent iPhone and iPod owners from jailbreaking their devices. The company has applied for a patent, titled "Systems and Methods for Identifying Unauthorized Users of an Electronic Device," that covers a series of security measures to automatically protect devices from thieves and other "unauthorized users." Unauthorized users apparently applies to those who engage in jailbreaking, which allows devices to run apps not approved by the company producing the operating system--such as Apple, the main target of such bypasses. The application, which was filed in February 2009 and published Thursday, describes measures to identify "particular activities that may indicate suspicious behavior," so that "safety measures" can be taken to restrict the device's functions. Those activities include the "hacking, jailbreaking, unlocking, or removal of a SIM card," according to the application. Apple also intends to send warnings to owners via e-mail or text message when such activity is detected. The application also describes a variety of measures that could be used to help identify the unauthorized user, including the activation of a camera that could capture and geotag the device's surroundings, and perhaps current user, and transmit that information to a remote device: In some embodiments, an unauthorized user can be detected by comparing the identity of the current user to the identities of authorized users of the electronic device. For example, a photograph of the current user can be taken, a recording of the current user's voice can be recorded, the heartbeat of the current user can be recorded, or any combination of the above. The photograph, recording, or heartbeat can be compared, respectively, to a photograph, recording, or heartbeat of authorized users of the electronic device to determine whether they match. If they do not match, the current user can be detected as an unauthorized user. When unauthorized use has been detected, "access to particular applications can be restricted, access to sensitive information can be restricted, sensitive information can be erased from the electronic device...," the application states, effectively wiping and bricking the device. Apple representatives did not immediately respond to a request for comment. In July, U.S. Copyright Office ruled that bypassing a manufacturer's protection mechanisms to allow "handsets to execute software applications" no longer violates federal copyright law. However, while the U.S. Copyright Office has declared the software legal, Apple has repeatedly discouraged users from loading such a bypass, reminding them that doing so will void their device's warranty. "As we've said before, the vast majority of customers do not jailbreak their iPhones as this can violate the warranty and can cause the iPhone to become unstable and not work reliably," Apple said in a statement in response to the ruling. From rforno at infowarrior.org Sun Aug 22 19:17:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Aug 2010 20:17:35 -0400 Subject: [Infowarrior] - OT: Geek Humor on a Post-It Message-ID: <7C41560A-A835-4D82-95AD-9E94EBF2ECAA@infowarrior.org> Post-It note showing all of Chewbacca's dialogue from Star Wars http://www.savagechickens.com/chewbacca .. sorry, just too amusing not to pass along to lighten up the start of the week! -rick From rforno at infowarrior.org Mon Aug 23 09:34:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 10:34:00 -0400 Subject: [Infowarrior] - DOJ Seeks Ebonics Experts Message-ID: <0313A018-1081-4BE3-9623-73A8CBAE4919@infowarrior.org> Justice Department Seeks Ebonics Experts DEA wants ?Black English? linguists to decipher bugged calls http://www.thesmokinggun.com/documents/bizarre/justice-department-seeks-ebonics-experts AUGUST 23--The Department of Justice is seeking to hire linguists fluent in Ebonics to help monitor, translate, and transcribe the secretly recorded conversations of subjects of narcotics investigations, according to federal records. A maximum of nine Ebonics experts will work with the Drug Enforcement Administration?s Atlanta field division, where the linguists, after obtaining a ?DEA Sensitive? security clearance, will help investigators decipher the results of ?telephonic monitoring of court ordered nonconsensual intercepts, consensual listening devices, and other media? The DEA?s need for full-time linguists specializing in Ebonics is detailed in bid documents related to the agency?s mid-May issuance of a request for proposal (RFP) covering the provision of as many as 2100 linguists for the drug agency?s various field offices. Answers to the proposal were due from contractors on July 29. In contract documents, which are excerpted here, Ebonics is listed among 114 languages for which prospective contractors must be able to provide linguists. The 114 languages are divided between ?common languages? and ?exotic languages.? Ebonics is listed as a ?common language? spoken solely in the United States. Ebonics has widely been described as a nonstandard variant of English spoken largely by African Americans. John R. Rickford, a Stanford University professor of linguistics, has described it as ?Black English? and noted that ?Ebonics pronunciation includes features like the omission of the final consonant in words like ?past? (pas? ) and ?hand? (han?), the pronunciation of the th in ?bath? as t (bat) or f (baf), and the pronunciation of the vowel in words like ?my? and ?ride? as a long ah (mah, rahd).? Detractors reject the notion that Ebonics is a dialect, instead considering it a bastardization of the English language. The Department of Justice RFP does not, of course, address questions of vernacular, dialect, or linguistic merit. It simply sought proposals covering the award of separate linguist contracts for seven DEA regions. The agency spends about $70 million annually on linguistic service programs, according to contract records. In addition to the nine Ebonics experts, the DEA?s Atlanta office also requires linguists for eight other languages, including Spanish (144 linguists needed); Vietnamese (12); Korean (9); Farsi (9); and Jamaican patois (4). The Atlanta field division, one of the DEA?s busiest, is the only office seeking linguists well-versed in Ebonics. Overall, the ?majority of DEA?s language requirements will be for Spanish originating in Central and South America and the Caribbean,? according to one contract document. The Department of Justice RFP includes a detailed description of the crucial role a linguist can play in narcotics investigations. They are responsible for listening to ?oral intercepts in English and foreign languages,? from which they provide verbal and typed summaries. ?Subsequently, all pertinent calls identified by the supervising law enforcement officer will be transcribed verbatim in the required federal or state format,? the RFP notes. Additionally, while ?technology plays a major role in the DEA?s efforts, much of its success is increasingly dependent upon rapid and meticulous understanding of foreign languages used in conversations by speakers of languages other than English and in the translation, transcription and preparation of written documents.? (11 pages). From rforno at infowarrior.org Mon Aug 23 09:39:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 10:39:07 -0400 Subject: [Infowarrior] - Potential Treatment For Ebola Announced Message-ID: Potential Treatment For Ebola Announced Posted on: Monday, 23 August 2010, 06:20 CDT http://www.redorbit.com/news/science/1907166/potential_treatment_for_ebola_announced/ Ebola may soon be easier to fight thanks to a new treatment being tested by US scientists. A treatment administered to rhesus monkeys within an hour of being incepted by the deadliest strain of Ebola was 60 percent effective, and a companion drug was 100-percent effective. The U.S. Food and Drug Administration (FDA) said they have given the green light for trials on a small group of human volunteers. The Ebola virus is part of a family of so-called filoviruses, which cause hemorrhagic fever -- a disease that has a 90 percent mortality rate. The drugs are a compound called phosphorodiamidate morpholino oligomers (PMO). They are designed to stop the viral cells from replicating, helping to buy time for the immune system to fight off the infection. The U.S. Army Medical Research Institute of Infectious Diseases conducted the research in collaboration with a Washington-based biotech firm, AVI BioPharma. The Pentagon helped fund the research for a vaccine and treatment for Ebola-type viruses. Filoviruses are on the list of pathogens like anthrax, which are considered tempting sources for biological warfare. A team at the U.S. National Emerging Diseases Laboratory Institute at Boston University Medical School designed drugs with small interfering RNAs, or siRNAs, which hamstring reproductive enzymes. Experts say that despite this progress, there is still more work to be done before any treatment is licensed for humans. According to the U.N.'s World Health Organization (WHO), about 1,850 cases of Ebola have occurred since 1976. Those cases led to about 1,200 deaths. The virus has a natural reservoir in several species of African fruit bat. Gorillas and other non-human primates are also susceptible to the disease. From rforno at infowarrior.org Mon Aug 23 11:26:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 12:26:46 -0400 Subject: [Infowarrior] - Does technology pose a threat to our private life? Message-ID: Does technology pose a threat to our private life? This week Google's Eric Schmidt suggested we may need to invent new identities to escape embarrassing online pasts ? while Facebook launched a tool to share users' locations. So does technology pose a threat to private life? http://www.guardian.co.uk/technology/2010/aug/21/facebook-places-google/print ? Jemima Kiss ? The Guardian, Saturday 21 August 2010 ? larger | smaller ? Article history Are you in a relationship? What are your political views? And where did you go for breakfast this morning? What would once have been details of our lives known only by those we know and trust, many of us now willingly display online. From the surveillance entertainment of Big Brother to CCTV and celebrity magazines, the boundaries of what is regarded as appropriate to put in the public domain are shifting dramatically. But nothing is challenging our notion of privacy more than social networking, with 26 million of us using Facebook to share the minutiae of our lives every month in the UK alone. Facebook has proved irresistible to many because we are lured into joining by friends and family. Browsing, reading, comparing and nosing is instinctive, impulsive and reflects our tendencies offline, our "social graph", as Facebook founder Mark Zuckerberg likes to call it. Having executed the social networking business idea better than its rivals ? MySpace, Bebo, Friendster and Hi5 have been left for dust ? Facebook has seen astonishing growth, from a Harvard dorm project in 2003 to a global phenomenon that had 500 million monthly users by July this year. That's already one in 13 people on Earth, and Zuckerberg recently predicted it was "almost a guarantee" that his site would reach 1 billion users, with growth in relatively untapped markets such as Russia, Japan and Korea "doubling every six months". On Thursday, Facebook unveiled its latest gambit in the battle to remain top of the social networking heap with a move into geolocation services, which harness the GPS functionality of increasingly powerful mobile smartphones. Facebook Places will launch first in the US and later in the UK, allowing users, if they choose, to share their location with friends on the site by checking into public venues. Sensitive to intense public scrutiny of its privacy controls, Facebook was careful to make the service opt-in but every geolocation service ? including Google's Latitude, Gowalla and Foursquare ? has prompted renewed debate about the protection of personal details online. "This is a seminal moment where we're seeing new thinking and new practice starting to emerge around the issue of privacy," says Stephen Balkam, chief executive of the Family Online Safety Institute and member of Facebook's safety advisory board. "The battle lines are being drawn between generations. Facebook is headed by someone who hasn't hit 30 yet, but has very different perceptions and assumptions about what is private and what is not. We need to recognise that with social networking, geolocation and digital technology, the privacy bar is being reset." Facebook has come under significant pressure to make its site safer for users. Incidents of serious crimes facilitated by the internet such as the murder of British teenager Ashleigh Hall by Peter Chapman earlier this year, are tragic but rare. More common is the embarrassment from a compromising tagged photo of a drunken night out. The rapid pace of development by technology companies often throws up new cultural and ethical challenges. Google's Street View has frequently been challenged by privacy campaigners who question whether the logistical and commercial benefits of making every property in every street visible on the web are worth the sacrifice of the individual's right to privacy. Facebook users first raised their pitchforks in 2006 when the site introduced a news feed for each user, summarising their friends' activity. More recently it came under pressure to simplify its privacy controls with some high-profile commentators and groups ? organised on Facebook pages, naturally ? encouraging others to remove their profiles. It responded in May with simplified privacy settings. Richard, now Lord, Allan is a former Liberal Democrat MP and Facebook's European policy director. "The internet is here to stay as a ubiquitous way for every individual citizen to capture and share information. The challenge is how you manage that increasing flow of information and that's where Facebook is at the bleeding edge, allowing people to navigate that world. Expressions of concern and criticisms are really of that direction of travel, rather than any particular product, like Facebook." Allan thinks it is an exaggeration to characterise privacy as a natural state of man, citing societies before mass transport where a large community would know every intimate detail of each other's lives. The modern sense of privacy came much later, with modern transport and cities. "Notably with new technology, you end up with a utopian viewpoint and a dystopian viewpoint, but a lot of things those dystopians feared did not come true. To say you're 'living in Facebook rather than the real world' is a complete misreading of what's happening. The reason it is so compelling is because it is so connected to the real world. With every wave of technology we need to get used to it." Our personal information can broadly be categorised as trivial data such as music preferences, behavioural information about our activity and connections, and confidential information including credit card numbers. But even seemingly innocuous information can be used against us, says security expert Rik Ferguson of Trend Micro. "In isolation, much of this data may be trivial but from a hacker's perspective, any information is good information," he says. "Use search engines to discover the extent of your online footprint and tailor it. Keep tabs on yourself before anyone else does." Balkam describes the internet's two biggest privacy problems as reputational damage ? inadvertently posting drunken photos that your boss might see, for example ? and physical safety, the latter being the issue for women particularly wary of location tools. Burglary is another concern, when users of location services announce they are out of the house; in February three developers built PleaseRobMe.com to raise awareness about the implications of broadcasting location to a public audience. Currently location games such as Foursquare, where users check in at public venues to earn points and prizes, tend to have a small, enthusiastic and largely trustworthy group of dedicated users comprised of so-called "early adopters". For them, this period of intensive invention and opportunity is a golden age. Christian Payne ? who describes himself as a "social technologist" ? abandoned a career as a photographer in early 2008 when he had a "car crash epiphany". Within minutes of tweeting a video of his crashed Land Rover, he had an offer of help from a local crane operator, his AA membership number sent to him and a call from BT asking for the serial number of the telegraph pole he'd crashed into. He worries that spirit of helpfulness will dilute as social media becomes more commercialised, and its users more sceptical. "We'll never see it like we do now ? more nefarious people will come later," he says. "But it would be more risky for me not to take the chance of building meaningful connections with acquaintances who then become friends when one of you needs some help." Payne seems to put a lot of intimate information into the world, but still skillfully manages to keep his personal life, and that of his partner and son, almost completely private. It's up to the user to decide what they want to keep private, he says, though he's uncomfortable with the idea that he is unknowingly creating a public persona for himself. "I'd hope I'm doing this naturally and not thinking about it. But then asking me that is like taking me out of the play I'm acting in as myself ? and asking me to direct it." Online privacy is intrinsically linked to identity. Author Peggy Orenstein wrote in the New York Times recently that her reflexive compulsion to tweet a pleasant moment with her daughter had also spoilt the moment, and mused that our online personas are elaborate constructs that we, knowingly or unknowingly, craft into an identity we want the world to see. The internet has provided a platform that seems to challenge us to present a single identity to the world, yet we struggle to balance the profiles we share with family, friends and work colleagues. Stories of employers sacking staff for drunken Facebook photos will be replaced by an acceptance that drunken university pictures are the norm, says Dr Joss Wright, Fresnel research fellow at the Oxford Internet Institute. He hopes sites will develop more intuitive ways to share information with the appropriate people; when his grandmother joined Facebook it "severely curtailed" what he could share with his friends. "I'd like to believe people will learn how to guard their privacy, but we're more likely to see societal shifts in what is seen as acceptable for privacy," Wright adds. "Privacy has tended to be something quite intrinsic, and there hasn't been a mechanism for privacy violation in general society until the arrival of the internet. The rise of Facebook and Foursquare show we don't really understand privacy or what it means to preserve it, and don't have an ability to understand the consequences of violating it either." Regulators struggle to keep up with the pace of technology and enforcement of what rules there are is weak, meaning the onus for education should be on the services themselves, says Wright, who doesn't think they are closely scrutinised enough. Though sites like Facebook have a duty of care, "the economics are against that, because their entire business model is built around getting us to share as much information as possible". But there are upsides, too. Sharing personal information is beneficial in giving insights into different aspects of society. "If you can see the details of people's lives, when you can see someone's actual persona, it's harder to be biased and bigoted," said Wright. "But a balance has to be struck between the amount we share for the positive and negative." Eric Schmidt, Google chief executive, recently reiterated his suggestion that internet users may one day be able to change their identities in order to distance themselves from personal information shared so freely in their formative years. "I don't believe society understands what happens when everything is available, knowable and recorded by everyone all the time," he told the Wall Street Journal. Zuckerberg takes a different tack. "You have one identity. The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly ? Having two identities for yourself is an example of a lack of integrity," he was quoted as saying in David Kirkpatrick's book, The Facebook Effect. Part of Facebook's success has been to demand people's real identities. In that way, it represents the maturation of the internet where the previous norm had been a wisecrack pseudonym and a world of "trolling", where faceless, nameless commenters could easily post abusive messages and attack each other. The improvement in the quality of communication and debate online is in no small part down to the trend towards using real identities. However, anonymity still has its role in whistleblowing sites such as Wikileaks, or in debates where a contributor to a discussion on rape, for example, deserves protection. If you think the current internet landscape is frightening, don't think too much about what's coming next. Already served with targeted ads based on keywords in our Google email, or picked out by our age and interests on Facebook, the future is more personalised still. "Sites will get much better at filtering information and predicting our behaviour, serving us what we want to buy and finding new ways to share information, like location. Three years ago, people wouldn't even have dreamed of sharing their location," says Wright. While the sensitivities and sensibilities of managing our online data still need to be clarified, there will be benefits in personalisation, which promises more meaningful, relevant advertising for consumers and consequently, for advertisers, far more effective bang for their buck. So what next? Three years ago, rival social networking site MySpace seemed invincible. Could Facebook still lose its edge? Anything is possible. Balkam recently suggested Facebook recruit a philosopher to help interpret some of the demanding and unprecedented ethical and sociological challenges it faces. "No company in the world has ever attracted 500 million users, and they are having to come to terms, at lightning speed, with what is good and what is abhorrent behaviour. Aristotle and Plato struggled with that ? and the average age at Facebook is 28." Where the Twitterati draw the line Zoe Margolis, blogger While I'm very active on social networking sites such as Twitter and Facebook, I have so far avoided all the location-based tools on my phone. Primarily, this is because I do not want to publicly announce where I am - I wish to protect my privacy and safety - but also because I don't want to bombard people with incessant, dull, information; I've unfollowed people on Twitter and Facebook due to their too-frequent (and, might I say, very annoying) Foursquare updates being fed through to their timelines.I can see the point of location tools ? they're an easy way to connect people who might otherwise be unaware of their proximity to their friends ? but given the amount of information we already share using social networking sites, it almost seems like overload to add yet another method of input, and it's pretty much redundant if not all of your friends/social circle are using the same tool. I have some major concerns with Facebook Places though and believe it is a huge threat to people's privacy. It is already live in users' settings(though the feature has not yet been rolled out in the UK) and while there is the option of limiting the location info to friends only, they have to de-select the automatically enabled "Include me in 'People Here Now' after I check in" box in order to opt out of their location being included on a public list for all to see. In addition to this, people's friends can "check' " them into locations, so even if someone has limited the information about themselves that they are sharing, there might still be a breach of their privacy from others. Most of my friends on Facebook have never heard of Foursquare or Gowalla, let alone used a location-based tool on their mobile phones; I assume the majority of people who use Facebook are similar. Given this, it concerns me that Facebook Places appears to be lacking transparency about privacy. The ability to change the settings to ensure personal information is protected seems more geared to the tech-savvy, than the lay-person; I fear many people will discover their privacy has been breached only after the event. Privacy on any social networking site or location-sharing tool should start off being intact: 100% protection, with the chance to opt-in to less privacy, should you wish to share information with others. Facebook seems to take the opposite view, making the default position little/no privacy with the need to opt-out; I won't be using Facebook Places any time soon. David Nobbs I don't believe total privacy is possible so I never telling anybody anything on line that I wouldn't be happy for the nation to know (if it was interested!). I think some people are so hungry for celebrity they're happy not to have a private life at all. I'm very careful with my tweets. People can never be quite sure whether they're true or false, and I never reveal when I'm going to be away. Sorry this is so short but I'm off to Portugal now for five months. Only joking. Max Tundra, musician I probably spend too much time online, sharing details about my life with anyone who has the remotest interest in my music. I don't like the idea of letting people know exactly where I am right this second, but as my fans tend to be fairly sane and unstalkerish, I feel comfortable letting them know what I'm up to in a general sense. I don't use Foursquare or any applications which might reveal my geographical co-ordinates, although I am often easily locatable, as I play advertised concerts. I did, however, recently delete my personal Facebook profile, as that seemed to be a cluster of unnecessarily pertinent information about my life and the people I share it with, as well as being a colossal waste of time which could be better spent telling people on Twitter that I prefer the Henry vacuum cleaner to the Dyson. Graham Linehan, comedy writer: I always hated Facebook because it made me very uncertain about what I was and wasn't sharing with the world. The privacy settings were, famously, a bit of a maze, and seemed subject to sudden changes that you hadn't agreed to. I felt like one day I might open up the site to see a picture of myself in bed asleep with my wife, like in Hidden'. Twitter is different because it forces you to be very selective with what you choose to share, and so forces social media back to a more private place. I personally don't tweet much stuff about my home life, because I don't want to accidentally tweet something stupid like "Holiday starts tomorrow!" along with a geotag to my home address. So my tweets are generally links to things I find funny or interesting, and my home life only gets a look-in when something truly interesting or funny happens. Once I made a mistake and posted my home number while trying to send a direct (private) message to someone and we had to change it, but that was a valuable lesson to learn early on, because now I'm a lot more careful with what I put out there. It wasn't too much of a problem, though. We only got two or three callers who hung up as soon as my wife said "Hello, Dreambeds". I asked her who Dreambeds were and she said "Dunno. I suppose they sell beds." I think people should start to claw back as much privacy as they can. Services such as Twitter show that it's possible to share selectively. Sharing selectively should be the default setting on every social network service. Which, again, is why you won't see me on Facebook any time soon. John Prescott, politician Twitter has been a revelation. In the past if I needed to get message out I'd have to convince a paper to publish it. Now I can tweet my thoughts and, if interesting, it'll get pick up. My Milburn tweet was running on rolling news within 10 minutes. I share a lot of content like my blogs and vlogs along with links to stories and virals from others I like. Twitter is also great to run campaigns and organise tweetups. We did the first pastiche of the Cameron airbrushed posters, which then inspired mMyDavidCameron.com. Suddenly hundreds of thousands of people were doing their own versions. It destroyed Ashcroft's poster campaign and cost nothing. And when the founder of the National Bullying Helpline said people were bullied in No10, someone tweeted me a link to the industrial tribunal which proved she was accused of bullying herself! It killed the story within 24 hours. I've found Twitter to be a fantastic way to communicate, learn from others and show the real me, not the distorted view peddled by the media. But I'm not convinced about geolocation applications. You have to have some privacy. Suzanne Moore, journalist Don't mistake personal information for honesty. Personas are created and people play as well as tweet their hearts out. If you don't want to bare your soul you don't have to, but the dividing line between public and private is now generational, one that neither mainstream culture nor government appears to understand. I don't much care what people think of me and was wondering who some guy on MasterChef was the other day on Twitter and wondering if I had slept with him. Turns out I hadn't which was a relief. And a joke! From rforno at infowarrior.org Mon Aug 23 11:32:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 12:32:24 -0400 Subject: [Infowarrior] - Android 2.2 Froyo for DroidX Message-ID: <3BA4A5AA-8C48-46DF-AAAD-BEE60750786A@infowarrior.org> For those interested, here's the reported Android 2.2 Froyo upgrade for the Moto DroidX. (You can find instructions for upgrading your device elsewhere on the net.) I'm not a smartphone person (yet!) so I can't comment on this thing other than to reiterate the age-old geekish admonition to use at your own risk! http://www.infowarrior.org/users/mirrors/streissand-effect-in-action-again/froyo22droidx.zip -rick From rforno at infowarrior.org Mon Aug 23 11:51:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 12:51:14 -0400 Subject: [Infowarrior] - WH Announces High-Priority IT Projects Message-ID: Obama Administration Seeking Savings in $30 Billion of Technology Projects http://www.bloomberg.com/news/2010-08-23/obama-administration-targets-30-billion-in-technology-projects-for-cuts.html Project List... http://itdashboard.gov/?q=content/highpriority-projects From rforno at infowarrior.org Mon Aug 23 12:21:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 13:21:54 -0400 Subject: [Infowarrior] - Copyrighting yoga Message-ID: <71DB2993-A564-4F96-8473-D8BAA8AD6F2B@infowarrior.org> (As opposed to copyrighting "Yoda" -- I think he's already claimed. *g* -rick) 'Yoga wars' spoil spirit of ancient practice, Indian agency says By Emily Wax Monday, August 23, 2010; A06 http://www.washingtonpost.com/wp-dyn/content/article/2010/08/22/AR2010082203071_pf.html# NEW DELHI -- Heard of Naked Yoga? Kosher Yoga? Yoga for Carpal Tunnel Syndrome? More than 30 million Americans practice some sort of yoga in an ever-expanding industry generating an estimated $6 billion in the United States alone. But in the birthplace of yoga, an Indian government agency is fighting what it calls "yoga theft" after several U.S. companies said they wanted to copyright or patent their versions. Yoga is a part of humanity's shared knowledge, the agency says, and any business claiming the postures as its own is violating the very spirit of the ancient practice. India's Traditional Knowledge Digital Library has gathered a team of yogis from nine schools and 200 scientists to scan ancient texts, including the writings of Patanjali, thought to be the original compiler of yoga sutras. The group is documenting more than 900 yoga postures and making a video catalogue of 250 of the most popular ones, from sun salutation to downward-facing dog. The catalogue will be released next month and given to the international patent system, which yoga gurus in India say is essential in an age when cultural traditions can cross borders instantaneously. "Yoga is collective knowledge and is available for use by everybody no matter what the interpretation," said V.K. Gupta, head of the digital library, which was set up by the ministries of health and science. "It would be very inappropriate if some companies try to prevent others from any yoga practice, even if they call it some other name. So we wanted to ensure that, in the future, nobody will be able to claim that he has created a yoga posture which was actually already created in 2500 B.C. in India." The library has documented other traditional Indian knowledge, including ayurvedic treatments and homeopathy. Tens of thousands of yoga postures have been compiled, but many are not widely practiced. "This collection is very successful in preventing wrong patent information, but it is available in 34 million pages," Gupta said with a chuckle. "We are trying to shorten the yoga catalogue to make it very easy for the world to understand." The poses, now listed in Sanskrit, will be translated into English, German, French, Spanish and Japanese. Gupta's library has agreements with U.S. and European patent offices, and Gupta said he hopes that U.S. patent officers will refer yoga studios directly to his information. Popularized in the United States by Beatles guitarist George Harrison, yoga has moved into the mainstream and now includes yoga vacations, children's camps, retreats, books, magazines, CDs, trendy clothing, pricey jewelry, cookbooks and even dating services. Yoga wars, as they are known, started in 2004 in Beverly Hills when Calcutta-born yoga master Bikram Choudhury claimed as his intellectual property a sequence of 26 postures that his students performed in a room heated to 105 degrees. He attempted to collect money from smaller studios offering "Hot Yoga" classes. Open Source Yoga Unity, a San Francisco-based nonprofit group of yoga enthusiasts, filed a federal lawsuit against Choudhury's patent. The lawsuit resulted in a confidential settlement agreement. Today, Choudhury's form of yoga is taught at more than 400 centers from Washington to Paris. His net worth is unofficially estimated at $7 million. The U.S. Patent and Trademark Office has granted at least 131 patents on the subject of yoga, most for books and yoga mats. The database of registered and pending trademarks lists 3,700 trademarks but no specific patents on postures or variations of postures, the government agency said. In India, yoga used to be free, practiced in public parks and ashrams. It was typically part of a Hindu religious commitment to an austere life and seen as a practice for ash-smeared holy men in loincloths who were vegetarians, abstained from alcohol, and prayed, meditated and chanted for more than four hours a day. But yoga has entered the mainstream in India, and millions of people practice in studios. The government has encouraged the army to teach supple poses to stressed-out officers in the disputed region of Kashmir. Hundreds of Mumbai residents practiced outside in a show of unity after the 2008 terrorist attack. Prisoners in the state of Madhya Pradesh can receive an early release if they complete a meditative breathing and stretching yoga course, which is said to be excellent for anger management. At her popular Iyengar yoga class at her home in New Delhi, instructor Nischint Singh, 42, said that yoga was originally meant to soothe shattered souls and teach breathing known as pranayama, and that she always thought it should be open to everyone. "Yoga is for developing a connection with yourself. It's meant to be meditative," she said before a recent class. "But today it's being sold as a way of weight loss and a way to look younger. The actual originators of yoga are not even alive. Everything people are doing today is just following them." Special correspondent Ayesha Manocha contributed to this report. From rforno at infowarrior.org Mon Aug 23 13:25:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 14:25:24 -0400 Subject: [Infowarrior] - Philly requiring bloggers to pay $300 for a business license Message-ID: <29A0B381-5F2B-4123-85A9-191358A458C2@infowarrior.org> Philly requiring bloggers to pay $300 for a business license By: Mark Hemingway Commentary Staff Writer 08/22/10 5:10 PM EDT http://www.washingtonexaminer.com/opinion/blogs/beltway-confidential/philly-requiring-bloggers-to-pay-300-for-a-business-license-101264664.html It looks like cash hungry local governments are getting awfully rapacious these days: Between her blog and infrequent contributions to ehow.com, over the last few years she says she?s made about $50. To [Marilyn] Bess, her website is a hobby. To the city of Philadelphia, it?s a potential moneymaker, and the city wants its cut. In May, the city sent Bess a letter demanding that she pay $300, the price of a business privilege license. ?The real kick in the pants is that I don?t even have a full-time job, so for the city to tell me to pony up $300 for a business privilege license, pay wage tax, business privilege tax, net profits tax on a handful of money is outrageous,? Bess says. It would be one thing if Bess? website were, well, an actual business, or if the amount of money the city wanted didn?t outpace her earnings six-fold. Sure, the city has its rules; and yes, cash-strapped cities can?t very well ignore potential sources of income. But at the same time, there must be some room for discretion and common sense. When Bess pressed her case to officials with the city?s now-closed tax amnesty program, she says, ?I was told to hire an accountant.? She?s not alone. After dutifully reporting even the smallest profits on their tax filings this year, a number ? though no one knows exactly what that number is ? of Philadelphia bloggers were dispatched letters informing them that they owe $300 for a privilege license, plus taxes on any profits they made. Even if, as with Sean Barry, that profit is $11 over two years. To say that these kinds of draconian measures are detrimental to the public discourse would be an understatement. From rforno at infowarrior.org Mon Aug 23 18:21:44 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 19:21:44 -0400 Subject: [Infowarrior] - Today's WTF moment....RIAA: U.S. copyright law 'isn't working' Message-ID: <3810EC1E-2060-43CD-88EB-EA7A31EDF238@infowarrior.org> If you look up "chutzpah" in the dictonary, you'll find the RIAA. You can't make this stuff up!!! August 23, 2010 2:48 PM PDT RIAA: U.S. copyright law 'isn't working' by Declan McCullagh http://news.cnet.com/8301-13578_3-20014468-38.html ASPEN, Colo.--The Recording Industry Association of America said on Monday that current U.S. copyright law is so broken that it "isn't working" for content creators any longer. RIAA President Cary Sherman said the 1998 Digital Millennium Copyright Act contains loopholes that allow broadband providers and Web companies to turn a blind eye to customers' unlawful activities without suffering any legal consequences. "The DMCA isn't working for content people at all," he said at the Technology Policy Institute's Aspen Forum here. "You cannot monitor all the infringements on the Internet. It's simply not possible. We don't have the ability to search all the places infringing content appears, such as cyberlockers like [file-hosting firm] RapidShare." The complex--and controversial--1998 law grew out of years of negotiations with broadband providers, Internet companies, and content industries. One key section says companies are generally not liable for hosting copyright-infringing materials posted by their companies, as long as they follow certain removal procedures, once contacted by the owner. In response to a question from CNET, Sherman said it may be necessary for the U.S. Congress to enact a new law targeting intermediaries such as broadband providers, Web hosts, payment processors, and search engines. The RIAA would strongly prefer informal agreements inked with intermediaries, Sherman said: "We're working on [discussions with broadband providers], and we'd like to extend that kind of relationship--not just to ISPs, but [also to] search engines, payment processors, advertisers." But, Sherman said, "if legislation is an appropriate way to facilitate that kind of cooperation, fine." Lance Kavanaugh, product counsel for YouTube, disagreed that copyright law is broken. "It's our view that the DMCA is functioning exactly the way Congress intended it to," he said. The United States leads the world in the creation of innovative new Web ideas, Kavanaugh said, in part as a result of the compromises made when drafting that law: "There's legal plumbing to allow that to happen, to allow those small companies to innovate without [the] crushing fear of lawsuits, as long as they follow certain rules. Congress was prescient. They struck the right balance." Last week, the RIAA and a dozen other music industry groups called on Google and Verizon to crack down on piracy, saying in a letter that "the current legal and regulatory regime is not working for America's creators." Sherman acknowledged on Monday that YouTube is now doing a fine job of filtering and removing copyright-infringing videos. But, he said, Google "could stop filtering tomorrow and have no liability," as long as its YouTube subsidiary replied promptly to notifications. And, he suggested, it could do far more: "If you enter in 'Beyonce MP3,' chances are, the first thing you'll see is illegal sites." Disclosure: McCullagh is married to a Google employee not involved with this topic. From rforno at infowarrior.org Mon Aug 23 18:29:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 19:29:48 -0400 Subject: [Infowarrior] - ACLU Report: Spying on Free Speech Nearly At Cold War Lev Message-ID: <3C9A4160-65BC-4D93-9108-F0CA3B696AF1@infowarrior.org> ACLU Report: Spying on Free Speech Nearly At Cold War Level Political spying is nearly as bad now as it was during the Cold War. The ACLU reports that Americans are harrassed and under surveillance for exercising their First Amendment rights. By Ms. Smith on Mon, 08/23/10 - 12:02pm. http://www.networkworld.com/community/blog/aclu-report-spying-free-speech-nearly-cold-wa The American Civil Liberties Union (ACLU) released numerous reports of increased government spying on American citizens. Once upon an unhappy time, U.S. law enforcement agencies, from the FBI to local police, had a history of political spying during the Cold War. The ACLU said that the old political spying tendencies are running high again. Individuals and groups are being monitored and harassed for "little more than peacefully exercising their First Amendment rights." One ACLU report, Policing Free Speech: Police Surveillance and Obstruction of First Amendment-Protected Activity (.pdf), reveals that, in recent years, Americans have been put under surveillance or harassed by law enforcement agencies in 33 states plus the District of Columbia. What horrific acts did these Americans commit? Organizing, marching, protesting, supporting unusual viewpoints, and engaging in "normal, innocuous behaviors such as writing notes or taking photographs in public." The map below show states where the ACLU uncovered incidents of political spying: In California, there were 22 reports of spying. One such example is the Los Angeles Police Department Reporting Policy which included 65 behaviors LAPD officers were required to report. "The list includes such innocuous, clearly subjective, and First Amendment-protected activities as, taking measurements, using binoculars, taking pictures or video footage 'with no apparent esthetic value,' drawing diagrams, taking notes, and espousing extremist views." 13 incidents in Colorado were reported, including one when FBI Joint Terrorism Task Force (JTTF) agents opened "domestic terrorism" investigations after the Colorado American Indian Movement, peace groups, and environmental groups posted notices on websites. The announcements were of an anti-war protest in Colorado Springs and a protest against Columbus Day in Denver. In Georgia, among seven spying reports the ACLU uncovered, a vegetarian activist was arrested for writing down the license plate of a Department of Homeland Security agent who had been photographing her and others during a peaceful protest outside a Honey Baked Ham store. In Chicago, Illinois, the FBI JTTF conducted a three-day manhunt searching for a Muslim man due to him clicking a hand counter during a bus ride. The investigation revealed he was using the hand counter to keep track of his daily prayers. In Maine, the FBI intercepted and stored e-mails planning peaceful protests. In Massachusetts, a "plain-clothes Harvard University detective was caught photographing people at a peaceful protest for 'intelligence gathering' purposes. Protesters who then photographed the officer were arrested." In North Carolina, an honorably discharged U.S. Army woman, whose husband is on active duty, was put under Pentagon surveillance for participating in a protest at Fort Bragg. Meanwhile, in Maryland, the "Maryland State Police spied on more than 30 activist groups, mostly peace groups and anti-death penalty advocates, and wrongly indentified 53 individual activists and about two dozen organizations as terrorists." DHS further disseminated e-mails from one of the peace groups. There are many such surveillance reports on a national level as well. An example is when a DHS contractor reported environmental groups like the Sierra Club, the Humane Society, and the Audubon Society as ?mainstream organizations with known or possible links to eco-terrorism." An intelligence bulletin, from a DHS-supported North Central Texas Fusion System, was distributed to over 100 different agencies. It described a "purported conspiracy between Muslim civil rights organizations, lobbying groups, the anti-war movement, a former U.S. Congresswoman, the U.S. Treasury Department, and hip hop bands to spread tolerance in the U.S." Once you unfortunately land on some kind of watchlist, it's unlikely you will ever have your name removed. One example was a Kentucky minister who had never been arrested, had never been charged with a crime, and had never participated in a protest. During a sightseeing trip, he was detained by Canadian border officials. The ministered learned he was under federal scrutiny because, immediately after September 11, he ordered books over the Internet about the Islamic religion, like the Koran, to help his congregation better understand that faith. Does this make you sick or does it make you mad? Does this even slightly sound like America, the land of the free? From rforno at infowarrior.org Mon Aug 23 18:45:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 19:45:53 -0400 Subject: [Infowarrior] - Researchers hope to quell a surge of Alzheimer's cases with new diagnostic tools Message-ID: <02955197-1A9B-4FD9-8C44-BBB71E04A7EC@infowarrior.org> Researchers hope to quell a surge of Alzheimer's cases with new diagnostic tools By Aaron James Special to The Washington Post Tuesday, August 24, 2010; HE01 http://www.washingtonpost.com/wp-dyn/content/article/2010/08/23/AR2010082302872_pf.html "We have a tsunami coming at us, and we're sitting in a rowboat," says neurologist Richard Mayeux of New York's Columbia University. The surge that worries Mayeux is Alzheimer's disease: In 2050, 13.5 million Americans may have it, at an annual health-care cost of more than $1 trillion, according to the Alzheimer's Association. "Alzheimer's could bankrupt Medicare and Medicaid," says Howard Fillit of the Alzheimer's Drug Discovery Foundation. The impending epidemic, combined with emerging technologies, is driving a transformation in the fight against the disease: Instead of beginning treatment after symptoms appear, the idea is to detect and respond to the disease in the earliest, previously undetectable stages, before it can irretrievably ravage the brain. Researchers say that, based on current estimates of life expectancy, delaying the onset of Alzheimer's by an average of five years could reduce the number of patients by half. "People take Lipitor because it lowers the risk of heart disease. We want to find the same thing for Alzheimer's," Mayeux says. The new approach is made possible by recently developed methods to detect and measure Alzheimer's biomarkers, the biological indicators of the disease. New brain-scanning techniques, tests for "suspect" genes and measures of certain telltale proteins in spinal fluid probably won't benefit patients for years, but they're giving researchers a more sophisticated picture of the disease's pathology. At the Banner Alzheimer's Institute in Phoenix, researchers Eric Reiman and Pierre Tariot are leading the Alzheimer's Prevention Initiative, a collaborative effort by scientists, academics and the pharmaceutical industry. "We want to help launch the era of Alzheimer's prevention research," Reiman says. "It's a true collaboration between stakeholders, the people afflicted, the families and people at risk." The institute is developing two studies, to begin in 2012, that will treat apparently healthy people who show the highest genetic risk for developing the disease. "They will be more or less free of symptoms when we begin," Tariot says. The researchers will use brain imaging and cognitive tests to track the impact of experimental drugs. "The hypothesis is that if we give pre-symptomatic people these treatments we should be able to see some evidence of the effects," Tariot says. One study, to take place in the region around Medellin, Colombia, will focus on 2,000 members of 25 extended families who share a common ancestry and whose members carry a gene that leads some to develop Alzheimer's while they're still in their 40s. Though early-onset Alzheimer's is rare, the underlying mechanisms are thought to be quite similar to those that appear when the disease typically emerges, usually in the 70s and 80s. For the second study, to be conducted in the United States, researchers will screen 50,000 people ages 60 to 80 to see if they carry two copies of a gene, ApoE4, that evidence suggests is linked to Alzheimer's. Of those who do, Reiman expects 400 to be enrolled in the study. Half the participants in each study will receive an experimental drug and half will receive placebos; then they will be monitored for two years. If the drug doesn't seem to have a protective effect, the investigators will try another drug, looking for one to help prevent onset. Reiman says they have not yet decided which drugs will be tested. Ethical questions Giving experimental therapies to healthy people raises ethical questions. But researchers, physicians and pharmaceutical executives say the urgency of the problem justifies taking a certain amount of risk, which they will disclose to everyone participating in the studies. "We need to be able to say, 'Here is what we know and here is what we don't know about this drug,' " Tariot says. New brain-imaging technologies will help the researchers evaluate the drugs' efficacy. For example, Avid Radiopharmaceuticals of Philadelphia has developed a new dye, AV45, that binds with amyloid proteins, which create the plaques in the brain that are Alzheimer's hallmarks. The dye makes the plaques visible on a PET scan. "This is a compound that sees amyloid in the brain," says Michael Weiner of the Alzheimer's Disease Neuroimaging Initiative, who was not involved with the dye's development but intends to use it in future studies. "Another way of saying it is that it sees Alzheimer's in the brain." Before the advent of amyloid imaging technologies, the only way to see amyloid plaques and therefore obtain a definitive Alzheimer's diagnosis was to do an autopsy after the patient died. AV45 is not the first amyloid dye, but it represents an important advance because researchers can use it for about two hours before it degrades. Earlier amyloid dyes were limited because their fleeting radioactivity -- they were effective for only 20 minutes -- meant they had to be made on-site and used immediately. "This tracer can be used much more broadly," researcher Susan Landau of the University of California at Berkeley, says of AV45. Landau is leading a study that seeks to determine which biomarkers can best predict Alzheimer's. Her work has shown that a particular PET scan, which measures overall brain function, used in conjunction with memory tests, can distinguish which patients with mild cognitive impairment (an early Alzheimer's symptom) will go on to develop Alzheimer's and which won't. "Overall, in the field, there's the hope that we will be able to predict it before symptoms appear," Landau says. To date, remedies for Alzheimer's remain frustratingly limited. Once Alheimer's symptoms appear, the disease has already disrupted the brain's communication system of neurons, synapses and neurotransmitters. The drugs so far approved by the Food and Drug Administration include acetylcholinesterase inhibitors such as Aricept, Razadyne and Exelon, which aim to reduce the breakdown of acetylcholine, a key neurotransmitter. Another medication, Namenda, works to reduce the excessive amount of the neurotransmitter glutamate produced by Alzheimer's brains; too much glutamate results in cell death. These drugs don't cure Alzheimer's; they only treat the symptoms and are effective for a few years, if at all. Some patients report improved memory and cognitive function with the treatments; others see no improvement. More than 150 Alzheimer's drugs are in development. Building momentum As enthusiastic as researchers are, they face a long road. Even if they determine which biomarkers are best at predicting the disease and discover drugs that slow the progress of those biomarkers, there's no guarantee that the drugs will arrest the cognitive decline. Recent experimental drugs have been effective in removing amyloid from patients' brains, for example, but produced no change in their symptoms. That has fueled debate whether the telltale amyloid plaques may be only a sign of the underlying disease, not its cause. "Amyloid plaques may be like gravestones that signify the end stage of the disease," Tariot says. "The toxicity may have occurred long before the plaques appear." "Creating knowledge is a long way from making drugs," acknowledges Fillit of the Alzheimer's Drug Discovery Foundation, which invests in start-up biotech firms, existing companies and academic research. It can cost $1.2 billion to bring a new drug to market, Fillit says. "We give this money for a very specific purpose, and we want specific milestones," Fillit said. "The only way out of this conundrum is to find new drugs." In a report last year, the Alzheimer's Study Group, a panel co-chaired by former House speaker Newt Gingrich and former senator Bob Kerrey, warned that the Alzheimer's epidemic will progress like the disease itself: slowly. But if we ignore it, the group said, it could have the same disastrous consequences as ignoring the levees in New Orleans or looking the other way as subprime loans subverted the financial system. The convergence of technological innovation and an enormous population at risk has made Alzheimer's a higher national priority for researchers. "We're excited about this change of momentum," Tariot said. "We've captured people's imagination and attention." James, a senior at the University of Nebraska at Lincoln, is a fellow of the News21 program at the Columbia University Graduate School of Journalism. http://columbia.news21.com. From rforno at infowarrior.org Mon Aug 23 19:37:20 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 20:37:20 -0400 Subject: [Infowarrior] - Litigating Lexmark at it again Message-ID: <7AD39F8C-9BD1-4C94-9E51-91801EF34A06@infowarrior.org> August 23, 2010 2:58 PM PDT Lexmark sues 24 cartridge makers over patents by Erica Ogg http://news.cnet.com/8301-31021_3-20014467-260.html Printer manufacturer Lexmark is suing replacement cartridge makers that it says are infringing on its patents. The Lexington, Ky.-based company on Friday filed a patent infringement complaint with the U.S. International Trade Commission and the U.S. District Court for the Southern District of Ohio. Both suits accuse 24 companies that import replacement cartridges for Lexmark laser printers of violating 15 patents owned by Lexmark. Both suits name the same 24 defendants. The ITC complaint--the now-standard venue for taking patent disputes against companies that import goods to the United States--asks that the defendants' products be banned from import and sale in the States. The federal lawsuit asks for an injunction on sales of the disputed products, as well as monetary damages. This is not the first time Lexmark has battled the aftermarket-printing industry. In 2003, Lexmark famously tried to invoke the Digital Millennium Copyright Act in an attempt to block a toner refill company from making replacement cartridges for Lexmark products. Lexmark ultimately lost the case, but it hasn't been alone in its fight against cartridge makers. Hewlett-Packard has been similarly protective of its patents on ink formulas, filing several lawsuits over the past few years against third-party cartridge refill makers. From rforno at infowarrior.org Mon Aug 23 19:42:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Aug 2010 20:42:39 -0400 Subject: [Infowarrior] - Defend Yourself Against High-Pressure Persuaders Message-ID: <88CBF14B-7500-4796-8308-E1E8C3305889@infowarrior.org> Defend Yourself Against High-Pressure Persuaders http://www.creditbloggers.com/2010/08/defend-yourself-against-highpressure-persuaders.html Have you ever bought something from a door-to-door salesperson, or donated money to someone soliciting funds for a charitable cause, only later to wonder why you willingly forked over your hard-earned money for something you didn't want or didn't care about? I have, and I always kick myself for getting suckered. How is it that door-to-door salespeople, marketers, car dealers, politicians, strangers, con artists, and cult leaders are able to persuade people to do things that they wouldn't ordinarily do? That's the question Robert B. Cialdini asked himself after falling victim to a huckster's influence one time too many. But instead of shrugging his shoulders, this professor of psychology decided to study the phenomenon and find out if there is a set of common techniques used to convince people to hand over their money or time against their better judgment. And he discovered that indeed there was, and wrote a book about it called Influence: The Psychology of Persuasion. The book covers the six methods used to influence people to do things that aren't necessarily in their best interest. They are: 1. Reciprocity -- People tend to return favors out of a sense of obligation. Influencers exploit this by extending a small favor (buying them a Coke from a vending machine) in order to get a bigger favor back (having you buy a car from them). 2. Scarcity -- When people are made to believe something is rare ("a limited time offer!"), they will desire it more. In Influence, Cialdini writes about an Indian jewelry store that attempted to get rid of a line of jewelry by lowering the price. Nobody bought it even though the store lowered the price again and again. But when a new salesperson misread the price tags and told customers that the jewelry cost 10 times as much, the items quickly sold out. 3. Liking -- People like other people who are members of their "tribe." Influencers seek to find common interests with their victims, tell jokes, and pay compliments. Flattery, Cialdini found, will get you everywhere. 4. Authority -- Influencers who convince their clients, customers, or marks that they are authorities or experts can gain control over them. That's why they hang diplomas (not always genuine) and pictures of themselves posing with famous people on their walls. 5. Social proof -- People are herd animals. They copy each other. When a magazine salesman came to my door a few years ago, he showed me a stack of subscriptions cards that "people in the neighborhood" had filled out. He pointed out that most people bought subscriptions to three different magazines. Fortunately I had recently read Cialdini's book and I knew he was using the "social proof" technique. I didn't buy anything. (And I'll bet most of the subscription cards were fake.) 6. Commitment/consistency -- People like to behave in a consistent manner. Cialdini recounts a personal experience he once had with a young woman with a clipboard who approached him and asked him if he was a patron of the arts. He said yes. She then said she was selling membership to a club that offered discounts to different kinds of artistic events. Cialdini wrote, "I bought the entertainment package, even though I knew I had been set up. The need to be consistent with what I had already said snared me." Influence is a user's manual for survival in a hard-sell, high-pressure society. Filled with lucid examples and colorful anecdotes, Influence is not only profoundly insightful, it's a lot of fun to read. From rforno at infowarrior.org Tue Aug 24 06:59:59 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Aug 2010 07:59:59 -0400 Subject: [Infowarrior] - More on ...Today's WTF moment....RIAA: U.S. copyright law 'isn't working'] References: Message-ID: <3917A2BF-12C5-41E7-9570-AB4E93276560@infowarrior.org> Begin forwarded message: > From: bobr at bobrosenberg.phoenix.az.us > Date: August 24, 2010 1:02:24 AM EDT > To: "Dave Farber" > Cc: "Richard Forno" > Subject: [Fwd: [IP] Today's WTF moment....RIAA: U.S. copyright law 'isn't working'] > > Hi Dave Hi Rick > > What of a coincidence! Just last night, I watched Larry Lessig discuss this very > subject. I watched it on my computer. It was in streaming video. I hasten to > assure the RIAA that I was *NOT* stealing any content by downloading this video for > *FREE*. > > Here's what Larry had to say: > > Larry Lessig on laws that choke creativity | Video on TED.com > > * Larry Lessig, the Net?s most celebrated lawyer, cites John Philip Sousa, celestial > copyrights and the "ASCAP car... > * > http://www.ted.com/talks/lang/eng/larry_lessig_says_the_law_is_strangling_creativity.html > > > After larry, I also watched David Pogue, NYT tech columnist, discuss the selfsame > subject. > > > David Pogue on the music wars | Video on TED.com > > * New York Times tech columnist David Pogue performs a satirical mini-medley about > iTunes and the downloading wars, borrowing a few notes from Sonny and Cher and the > Village People. > * http://www.ted.com/talks/lang/eng/david_pogue_on_the_music_wars.html > > My best wishes to the RIAA, and I hope they, one day, come to the point of using > ration as a thought process (personal opinion of this author). > > Cheers, > Bob > From rforno at infowarrior.org Tue Aug 24 16:37:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Aug 2010 17:37:39 -0400 Subject: [Infowarrior] - Pre-Crime Technology To Be Used In Washington D.C. Message-ID: Pre-Crime Technology To Be Used In Washington D.C. http://www.prisonplanet.com/pre-crime-technology-to-be-used-in-washington-d-c.html Computers predict what crime will be committed where, by who and when Steve Watson Infowars.net Tuesday, Aug 24th, 2010 Law enforcement agencies in Washington D.C. have begun to use technology that they say can predict when crimes will be committed and who will commit them, before they actually happen. The Minority Report like pre-crime software has been developed by Richard Berk, a professor at the University of Pennsylvania. Previous incarnations of the software, already being used in Baltimore and Philadelphia were limited to predictions of murders by and among parolees and offenders on probation. According to a report by ABC News, however, the latest version, to be implemented in Washington D.C., can predict other future crimes as well. ?When a person goes on probation or parole they are supervised by an officer. The question that officer has to answer is ?what level of supervision do you provide??? Berk told ABC News, intimating that the program could have a bearing on the length of sentences and/or bail amounts. The technology sifts through a database of thousands of crimes and uses algorithms and different variables, such as geographical location, criminal records and ages of previous offenders, to come up with predictions of where, when, and how a crime could possibly be committed and by who. The program operates without any direct evidence that a crime will be committed, it simply takes datasets and computes possibilities. ?People assume that if someone murdered then they will murder in the future,? Berk also states, ?But what really matters is what that person did as a young individual. If they committed armed robbery at age 14 that?s a good predictor. If they committed the same crime at age 30, that doesn?t predict very much.? Critics have urged that the program encourages categorizing individuals on a risk scale via computer mathematics, rather than on real life, and that monitoring those people based on such a premise is antithetic to a justice system founded on the premise of the presumption of innocence. Having A Supply Of Healthy Foods That Last Just Makes Sense (Ad) Other police departments and law agencies across the country have begun to look into and use similar predictive technologies. The Memphis Police Department, for example uses a program called Operation Blue CRUSH, which uses predictive analytics developed by IBM. Other forms of pre-crime technology in use or under development include surveillance cameras that can predict when a crime is about to occur and alert police, and even neurological brain scanners that can read people?s intentions before they act, thus detecting whether or not a person has ?hostile intent?. It is not too far fetched to imagine all these forms of the technology being used together in the future by law enforcement bodies. The British government has previously debated introducing pre-crime laws in the name of fighting terrorism. The idea was that suspects would be put on trial using MI5 or MI6 intelligence of an expected terror attack. This would be enough to convict if found to be true ?on the balance of probabilities?, rather than ?beyond reasonable doubt?. The government even has plans to collect lifelong records on all residents starting at the age of five, in order to screen for those who might be more likely to commit crimes in the future. Another disturbing possibility for such technology comes in the form of a financial alliance of sorts between Internet search engine giant Google and the investment arm of the CIA and the wider U.S. intelligence network. Google and In-Q-Tel have recently injected a sum of up to $10 million each into a company called Recorded Future, which uses analytics to scour Twitter accounts, blogs and websites for all sorts of information, which is used to ?assemble actual real-time dossiers on people.? The company describes its analytics as ?the ultimate tool for open-source intelligence? and says it can also ?predict the future?. Recorded Future takes in vast amounts of personal information such as employment changes, personal education and family relations. Promotional material also shows categories covering pretty much everything else, including entertainment, music and movie releases, as well as other innocuous things like patent filings and product recalls. Those detached from any kind of moral reality will say ?If you?ve got nothing to hide then what is the problem with being scanned for pre-crime? If it keeps us all safe from murderers, rapists and terrorists I?m all for it?. How far towards a literal technological big brother police state will we slip before people wake up to the fact? ??????????????????????- Steve Watson is the London based writer and editor at Alex Jones? Infowars.net, and regular contributor to Prisonplanet.com. He has a Masters Degree in International Relations from the School of Politics at The University of Nottingham in England. From rforno at infowarrior.org Tue Aug 24 20:10:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Aug 2010 21:10:38 -0400 Subject: [Infowarrior] - Defense official discloses cyberattack Message-ID: Defense official discloses cyberattack By Ellen Nakashima Tuesday, August 24, 2010; 8:31 PM http://www.washingtonpost.com/wp-dyn/content/article/2010/08/24/AR2010082406154_pf.html Now it is official: The most significant breach of U.S. military computers was caused by a flash drive inserted into a U.S. military laptop on a post in the Middle East in 2008. In an article to be published Wednesday discussing the Pentagon's cyberstrategy, Deputy Defense Secretary William J. Lynn III says malicious code placed on the drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military's Central Command. "That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," he says in the Foreign Affairs article. "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary." Lynn's decision to declassify an incident that Defense officials had kept secret reflects the Pentagon's desire to raise congressional and public concern over the threats facing U.S. computer systems, experts said. Much of what Lynn writes in Foreign Affairs has been said before: that the Pentagon's 15,000 networks and 7 million computing devices are being probed thousands of times daily; that cyberwar is asymmetric; and that traditional Cold War deterrence models of assured retaliation do not apply to cyberspace, where it is difficult to identify the instigator of an attack. But he also presents new details about the Defense Department's cyberstrategy, including the development of ways to find intruders inside the network. That is part of what is called "active defense." He puts the Homeland Security Department on notice that although it has the "lead" in protecting the dot.gov and dot.com domains, the Pentagon - which includes the ultra-secret National Security Agency - should support efforts to protect critical industry networks. Lynn's declassification of the 2008 incident has prompted concern among cyberexperts that he gave adversaries useful information. The Foreign Affairs article, Pentagon officials said, is the first on-the-record disclosure that a foreign intelligence agency had penetrated the U.S. military's classified systems. In 2008, the Los Angeles Times reported, citing anonymous Defense officials, that the incursion might have originated in Russia. The Pentagon operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyberdefense strategy, Lynn said. In November 2008, the Defense Department banned the use of flash drives, a ban it has since modified. Infiltrating the military's command and control system is significant, said one former intelligence official who spoke on the condition of anonymity because of the sensitivity of the matter. "This is how we order people to go to war. If you're on the inside, you can change orders. You can say, 'turn left' instead of 'turn right.' You can say 'go up' instead of 'go down.' " In a nutshell, he said, the "Pentagon has begun to recognize its vulnerability and is making a case for how you've got to deal with it." From rforno at infowarrior.org Wed Aug 25 07:55:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Aug 2010 08:55:06 -0400 Subject: [Infowarrior] - RFI: Android smartphones Message-ID: I think my beloved-though-aging Moto RAZR is approaching its sunset months. ;( Curious anyone's thoughts / comments / recommendations on Android-based smartphones/carriers. HTC EVO2 or such. Pros, cons, etc. Esp. interested in battery life issues. And FYI, unless you make a strong recommendation for it, I'm really not interested in iPhone. Thx! -rick From rforno at infowarrior.org Wed Aug 25 08:40:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Aug 2010 09:40:32 -0400 Subject: [Infowarrior] - USG's New Right to Track Your Every Move With GPS Message-ID: The Government's New Right to Track Your Every Move With GPS http://news.yahoo.com/s/time/08599201315000 By ADAM COHEN Adam Cohen ? 24 mins ago Government agents can sneak onto your property in the middle of the night, put a GPS device on the bottom of your car and keep track of everywhere you go. This doesn't violate your Fourth Amendment rights, because you do not have any reasonable expectation of privacy in your own driveway - and no reasonable expectation that the government isn't tracking your movements. That is the bizarre - and scary - rule that now applies in California and eight other Western states. The U.S. Court of Appeals for the Ninth Circuit, which covers this vast jurisdiction, recently decided the government can monitor you in this way virtually anytime it wants - with no need for a search warrant. (Read about one man's efforts to escape the surveillance state.) It is a dangerous decision - one that, as the dissenting judges warned, could turn America into the sort of totalitarian state imagined by George Orwell. It is particularly offensive because the judges added insult to injury with some shocking class bias: the little personal privacy that still exists, the court suggested, should belong mainly to the rich. This case began in 2007, when Drug Enforcement Administration (DEA) agents decided to monitor Juan Pineda-Moreno, an Oregon resident who they suspected was growing marijuana. They snuck onto his property in the middle of the night and found his Jeep in his driveway, a few feet from his trailer home. Then they attached a GPS tracking device to the vehicle's underside. After Pineda-Moreno challenged the DEA's actions, a three-judge panel of the Ninth Circuit ruled in January that it was all perfectly legal. More disturbingly, a larger group of judges on the circuit, who were subsequently asked to reconsider the ruling, decided this month to let it stand. (Pineda-Moreno has pleaded guilty conditionally to conspiracy to manufacture marijuana and manufacturing marijuana while appealing the denial of his motion to suppress evidence obtained with the help of GPS.) In fact, the government violated Pineda-Moreno's privacy rights in two different ways. For starters, the invasion of his driveway was wrong. The courts have long held that people have a reasonable expectation of privacy in their homes and in the "curtilage," a fancy legal term for the area around the home. The government's intrusion on property just a few feet away was clearly in this zone of privacy. The judges veered into offensiveness when they explained why Pineda-Moreno's driveway was not private. It was open to strangers, they said, such as delivery people and neighborhood children, who could wander across it uninvited. (See the misadventures of the CIA.) Chief Judge Alex Kozinski, who dissented from this month's decision refusing to reconsider the case, pointed out whose homes are not open to strangers: rich people's. The court's ruling, he said, means that people who protect their homes with electric gates, fences and security booths have a large protected zone of privacy around their homes. People who cannot afford such barriers have to put up with the government sneaking around at night. Judge Kozinski is a leading conservative, appointed by President Ronald Reagan, but in his dissent he came across as a raging liberal. "There's been much talk about diversity on the bench, but there's one kind of diversity that doesn't exist," he wrote. "No truly poor people are appointed as federal judges, or as state judges for that matter." The judges in the majority, he charged, were guilty of "cultural elitism." The court went on to make a second terrible decision about privacy: that once a GPS device has been planted, the government is free to use it to track people without getting a warrant. There is a major battle under way in the federal and state courts over this issue, and the stakes are high. After all, if government agents can track people with secretly planted GPS devices virtually anytime they want, without having to go to a court for a warrant, we are one step closer to a classic police state - with technology taking on the role of the KGB or the East German Stasi. Fortunately, other courts are coming to a different conclusion from the Ninth Circuit's - including the influential U.S. Court of Appeals for the District of Columbia Circuit. That court ruled, also this month, that tracking for an extended period of time with GPS is an invasion of privacy that requires a warrant. The issue is likely to end up in the Supreme Court. In these highly partisan times, GPS monitoring is a subject that has both conservatives and liberals worried. The U.S. Court of Appeals for the D.C. Circuit's pro-privacy ruling was unanimous - decided by judges appointed by Presidents Ronald Reagan, George W. Bush and Bill Clinton. Plenty of liberals have objected to this kind of spying, but it is the conservative Chief Judge Kozinski who has done so most passionately. "1984 may have come a bit later than predicted, but it's here at last," he lamented in his dissent. And invoking Orwell's totalitarian dystopia where privacy is essentially nonexistent, he warned: "Some day, soon, we may wake up and find we're living in Oceania." Cohen, a lawyer, is a former TIME writer and a former member of the New York Time From rforno at infowarrior.org Wed Aug 25 08:47:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Aug 2010 09:47:02 -0400 Subject: [Infowarrior] - Oz Teacher Assigns Students To Plan Terror Attack Message-ID: <88A03FC7-DE72-443F-A9AD-BB5EBE73AAFC@infowarrior.org> On one hand, I think this is an interesting idea to get "fresh" or "unconventional" thinking. However, I think it would have been more appropriate at the advanced undergraduate or graduate level as opposed to high school. But I do realise this can generate a strong reaction to the negative. Interesting idea, though. -rick Teacher Assigns Students To Plan Terror Attack Updated: Wednesday, 25 Aug 2010, 6:20 AM EDT Published : Wednesday, 25 Aug 2010, 6:16 AM EDT http://www.myfoxny.com/dpp/news/international/teacher-assigns-students-to-plan-terror-attack-20100825-newscore NewsCore - Students at an Australian school were asked to plan a terrorist attack "to kill the MOST innocent civilians in order to get your message across" as part of a class assignment, Australian Associated Press (AAP) reported Wednesday. The society and environment teacher at Kalgoorlie-Boulder Community High School in Western Australia asked Year 10 students -- aged about 16 -- to pretend they were a terrorist planning a chemical or biological attack in Australia. One parent, who lost a family member among the 202 killed in the 2002 Bali bombings, complained to the local newspaper in the township of 30,000 people that the assignment was "offensive." Grades were to be allocated based on students' ability to analyze information they had learned on terrorism and chemical and biological warfare and apply it to a real-life scenario. Terry Marino, the principal of the school -- which is about 370 miles east of Perth -- said the assignment was inappropriate, and that the remorseful teacher was inexperienced and had no intention of offending, Australian public broadcaster ABC reported. "The teacher, who is relatively inexperienced, made a well-intentioned but misguided attempt to engage the students in an assignment on contemporary conflict and how beliefs and values influence the behaviors and motives of individuals," Martino told the local newspaper. Martino said he withdrew the assignment as soon as he heard of it. Australia has lost more than 100 citizens in terrorist attacks overseas, mostly in Indonesia. In recent years, it has uncovered two major terrorist plots and arrested a dozen people on terrorism and conspiracy charges. From rforno at infowarrior.org Wed Aug 25 10:56:16 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Aug 2010 11:56:16 -0400 Subject: [Infowarrior] - Cleared jobs = big bucks in DC (like, duh) Message-ID: Fairs help job-seekers with security clearances connect with intelligence firms By Dana Hedgpeth Washington Post Staff Writer Tuesday, August 24, 2010; 9:39 PM http://www.washingtonpost.com/wp-dyn/content/article/2010/08/24/AR2010082406545_pf.html Outside a hotel ballroom near Baltimore-Washington International Marshall Airport, about three dozen men and a handful of women lined up one recent morning to get a colored dot - green, blue or red - affixed to their suits and dresses. The colors were key to what's known as the "meal ticket" for getting a job in the intelligence community: a top-secret clearance. It was TechExpo Top Secret, a job fair run by a New York-based firm that specializes in helping those with clearances connect with companies doing intelligence work under U.S. government contracts. At a check-in booth, organizers asked, "What's your clearance level?" and passed each candidate an appropriately colored sticker. Each color represented a level of clearance. But organizers declined to reveal which color meant "top secret" and which was the sought-after "top-secret/SCI with a full scope polygraph." That, of course, was secret - as were the full names of most attendees. "You've got to be a part of the club," said a middle-aged man who gave only his first name, Ben, as he stuck a blue dot on his nametag. One recruiter called a top-secret clearance "priceless." A 41-year-old man with a blue sticker on his dark-gray suit who was looking for a job shouted one word for its worth: "Gold!" Since the attacks of Sept. 11, 2001, there has been a major increase in government jobs and contractor positions that require secret clearances, from janitors at spy agencies to specialized computer technicians and software developers. A Washington Post series called Top Secret America examined the buildup in the country's national security and found that 854,000 Americans have top-secret clearances, nearly a third of whom work for private contractors. Job fairs such as the TechExpo, which is one of several that are run each month around the D.C. area, open a window into a vast, secretive economy that has helped keep the broader Washington region afloat, adding jobs and propping up home sales while unemployment surged and the housing market sank in other parts of the country. Although Defense Secretary Robert M. Gates recently said he plans to cut back funding to contractors doing intelligence work, there was no sign of a slowdown at TechExpo's recent events - one near Fort Meade and the other in Reston. At the fairs, the demand drives up the value of the highest clearances. One job recruiter offered free iPads for referrals. For recruiters, hiring a person who has a top-secret clearance saves time and money. The Government Accountability Office has put the Pentagon on its high-risk list because of major delays in issuing clearances, which some recruiters say can take six months to a year. "There's been an increasing demand for people and they're needed right away," said Jim Gattuso, director of recruiting for CSC, a major defense contractor. He's looking to fill about 100 jobs that require cleared personnel for a variety of contract work for the Pentagon and intelligence agencies. "You don't have time to go to the marketplace and find people who have the technical skills but don't have clearances because that takes too long," he said."You get task orders from the government and they want them filled -- and fast - so that puts all the contractors under some degree of pressure to get staff quickly. It creates a supply and demand inequity and it means paying a premium." People with security clearances are in the top 10 percent of wage earners in the country, according to ClearanceJobs.com, a job board for those with security clearances. Typically, the higher the clearance level, the higher the pay. Those with the much sought after top-secret/SCI level, the Pentagon's highest issued clearance, earn $94,282 a year -$10,000 more than those who have a low-level secret clearance.Virginia, with its high concentration of federal agencies and defense contractors in wealthy counties such as Fairfax and Arlington, ranks second in the country for average pay for employees with security clearances, at $98,658, according to ClearanceJobs. It follows only California, where cleared personnel earn $98,968. The District and Maryland rank third and fourth, at $98,542 and $94,398, respectively. Private companies tend to pay more than government agencies. Contractor employees with clearances in the D.C. region earn, on average, $99,174 - an 8 percent premium over their government counterparts, according to ClearanceJobs, which surveyed 3,600 security-cleared workers. Economists say the high salaries and the demand for cleared personnel has helped buoy the D.C. area's economy. "Other metropolitan areas don't have this kind of business anywhere near to the same degree we do," said Stephen Fuller, a local economist. "This has emerged since 9/11 and the main benefit of it is the boost of payroll." At the TechExpo fairs, most of the job-seekers were men, and ranged from military personnel in their early 30s to mid-40s who were nearing retirement to computer tech experts in their 50s and early 60s - some of whom were retired from the military and looking for second careers. Some had recently lost their jobs when government contracts ended.A few came from as far as Fredericksburg and Virginia Beach. Recruiters paid $2,500 to $6,000 for a booth and got a lunch of crab cakes and beef, plus an "afternoon breakout room" featuring pineapple, strawberries and marshmallows to dip into a three-foot-tall chocolate-fondue stand. The list of companies included smaller players such as Intelligent Decisions of Columbia and Blue Canopy of Reston and giant defense contractors such as L-3 Communications, Lockheed Martin, TASC, ManTech and Northrop Grumman. Recruiters in booths offered candidates free pens, yo-yos, lip balm, hand sanitizer, plastic cups, recyclable bags and little wind-up robots. They jockeyed to lure the most prized candidates - those with TS/SCI, full-scope polygraph clearances. That means the person has access to "sensitive compartmented information" and has gone through two types of polygraphs and answered a range of questions about everything from family relationships to drug and alcohol abuse and knowledge of espionage against the United States. "It's a small pool of people who have the high-level clearances," said Christina Thomas, a senior technical recruiter for FGM, a Reston-based defense contractor seeking 20 to 25 software engineers and developers for homeland security work. "We're all trying to fight for the same people. It's like battle." Anthony Vrsalovich, director of recruiting for Freedom Consulting, stood behind his table with a sign that read in big, red letters: "All positions require a full scope polygraph." He watched a middle-aged man in a navy blue sport jacket glance at his sign and whispered under his breath, "Don't even bother," noting the color of the man's sticker, which showed he had only a top-secret clearance. The man paused, read the sign and kept walking. "With a full-scope polygraph, you could be asked to work the country's inner most secrets," Vrsalovich said. "We're all in a feeding frenzy because we're competing for the same fully cleared person." Tracy Stancil, who is active duty in the Air Force doing signal analysis and is planning to retire soon, took an hour to check out the booths at the BWI job fair. "I want to stay where the money is," said Stancil, who has a high-level clearance. L-3 recruiter Meagan Leddick recognized one of the candidates from a previous job. "You're looking again?" she asked the 43-year-old man, who is a database administrator with more than 20 years of experience and an MBA. He spoke on the condition of anonymity because he worried that using his name would jeopardize his clearance and job search. He told Leddick that the contract he was on as a database administrator at the CIA was about to end. He had received six possible job leads but no firm offers. Leddick ticked off a series of questions. Are you a Unix, Windows or Linux guy? Any, he answered. Experience with virtualization? Yes. Within minutes she steered him toward two possible jobs online. "Good luck," she said. TechExpo's defense job fairs make about $2 million a year in revenue, according to Bradford Rand, the company's chief executive. He does a show a month in Maryland and Virginia, plus ones in the District, Colorado Springs and Huntsville, Ala., which are hot spots for defense contractors. Other organizations sponsor similar events, including The Washington Post, which has held job fairs over the years that include areas for job-seekers with active security clearances. Rand said he doesn't guarantee job-seekers success but estimated that 25 percent of his attendees land a job. His two most recent fairs near BWI and Reston drew about 400 job candidates and nearly 100 employers. By 2:30 p.m., organizers deemed the event a success. They helped waiters pass out champagne to the recruiters. hedgpethd at washpost.com From rforno at infowarrior.org Wed Aug 25 16:27:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Aug 2010 17:27:03 -0400 Subject: [Infowarrior] - Micros used in retro programming class Message-ID: <21407FB2-98F6-48D6-A236-15350E43E3C5@infowarrior.org> 25 August 2010 Last updated at 04:02 ET http://www.bbc.co.uk/news/technology-10951040 Tech Know: BBC Micros used in retro programming class By Mark Ward Technology correspondent, BBC News Computer history is cruel. It is a story of the old constantly being pushed aside for the newer, the faster, the smaller, the shinier. Those old machines are rarely allowed a graceful retirement. Cast aside, they end their days in the dark ,fit only to be homes for spiders in lofts and cupboards. But one lucky flock of BBC Micros is getting another lease of life by helping to educate students in the art of rigorous programming. The National Museum of Computing (TNMOC) at Bletchley Park has started letting a few lucky A-level students loose on the machines to hone their programming skills. "The computing A-level is about how computers work and if you ask anyone how it works they will not be able to tell you," said Doug Abrams, an ICT teacher from Ousedale School in Newport Pagnell, who was one of the first to use the machines in lessons. For Mr Abrams the old machines have two cardinal virtues; their sluggishness and the direct connection they have with the user. In one of the first lessons held at TNMOC the lucky Ousedale students programmed a venerable PDP-8 machine by flicking the switches set on its front panel to set the binary values in its memory. And an interface does not get more direct than that. "Modern computers go too fast," said Mr Abrams. "You can see the instructions happening for real with these machines. They need to have that understanding for the A-level." Cranking code The second time the students got to use the BBC Micros they were given three hours to create a simple 8-bit game. Tech Know was there to record what happened. The BBC Micro has an unforgiving interface Prior to the lesson Mr Abrams had produced 100 lines of code that created a rough version of the game pitting a battleship against a bomber. The students' task was to refine the game by introducing a scoring system, improving its looks and introducing new elements such as a hunter-killer submarine. Two students tackled the bugs and refinements, two the graphics and sounds and the remaining student got to work typing the program onto other machines so testing could get going. The five soon discovered that just because a program was simple did not mean the underlying code was straight-forward. To make matters more testing, the BBC Micro offers a very unforgiving programming environment. For much of their A-level, the students had been using Visual Basic - a breeze by comparison. "Because there's no copy and paste, if you do something wrong it takes time to go back and fix it," said Joe Gritton. "You cannot take out sections and move them around." Be the machine Perry Gemmell lamented the lack of friendly interface on the BBC Micro, which presents users with a screen full of text. "It's easier to find bugs in Visual Basic," he said. "It helps you as you go along." The BBC ran programmes showing how to program the Micro Visual Basic suggests words while a coder types, highlights syntax errors and makes bug hunts easier by jumping straight to the problematic code - even when the error is one of logic rather than letters. By contrast, the BBC Micro is a study in imperious indifference. Get something wrong and the program will crash and perhaps throw up an error message. Worse are the cases when it works but not in the way expected leaving the programmer to scratch their head and try to work out why. The machines also enforced a parsimonious programming style. A memory of only 32K is a shoebox in comparison to the Lordly halls of memory available on the average 21st-Century desktop. The simple program that the students were working on threw up some real problems. Mr Gritton and partner Callum Adams were given the task of adding a submarine. But, they realised, the introduction of the torpedo-firing sub would spell the end of the game, as the ship had no way to avoid it. Changing one element in the simple game kicked off the need to solve lots of separate problems - it was a real exercise in creative coding. The students had their eyes on the screen and their hands in the bits. "We're learning a lot," said Callum Adams. "It makes you realise how difficult it is making real video games." The day of study had begun with what must be the ultimate hands-on technology experience: Mr Abrams got the students to be a computer. They each took on the role of a different part of the machine - CPU, accumulator, RAM and program counter - and simulated the passage of instructions through the hardware. The five shuffled data around, wrote it to memory, carried out computations and inserted them into the right places in the store. It was a noisy, confusing and funny simulation and, once everyone knew what they were doing, managed to reach a maximum clock speed of about one instruction per minute. And even the BBC Micro, for all its age, can beat that. From rforno at infowarrior.org Wed Aug 25 16:30:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Aug 2010 17:30:08 -0400 Subject: [Infowarrior] - Pirate Bay Receives Notice To Keep a Torrent Message-ID: <6B36C49C-802A-4D34-B82D-B942B6D3A04E@infowarrior.org> Pirate Bay Receives Notice To Keep a Torrent Written by Ernesto on August 25, 2010 The founder of the small software company Coding Robots was shocked when he found out that one of his works had been cracked and shared on The Pirate Bay. However, instead of asking The Pirate Bay to remove the torrent the company?s founder did quite the opposite. He sent a ?Notice of Ridiculous Activity? because the crack didn?t live up to his expectations..... < - NSFW TEXT -> http://torrentfreak.com/pirate-bay-receives-notice-to-keep-a-torrent-100825/ From rforno at infowarrior.org Thu Aug 26 06:10:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Aug 2010 07:10:51 -0400 Subject: [Infowarrior] - =?windows-1252?q?Gov=92t_hype_surrounds_=94Operat?= =?windows-1252?q?ion_Buckshot_Yankee=94?= Message-ID: <1E883886-598E-4F33-A3AF-54B13AE701F6@infowarrior.org> Gov?t hype surrounds ?Operation Buckshot Yankee? Reporters tout the U.S. Deputy Secretary of Defense like he's the world's #2 hacker Written by Rob Rosenberger http://vmyths.com/2010/08/26/oby/ Let?s cut to the chase. U.S. Deputy Defense Secretary William J. Lynn III wrote an op-ed for a commercial publication in which he claims a single USB thumb drive caused the worst military data breach in history. And according to Wikipedia, that one little USB stick led to the creation of the Pentagon?s new Cyber Command. Why did it take this guy nine years to hear a ?wake-up call?? Breathless reports like this one say this single specific tiny little USB thumb drive got infected with agent.btz, a tiny little chunk of malware the antivirus world has known about since, what, 2008? Yet it took at least 14 months for the Pentagon to clean it up. Come on, people ? fourteen months?!? The antivirus experts dismiss agent.btz as banal, not brilliant. I?ll bet it took so long only because it was a classified operation. This malware would have blown over in a week if DoD-CERT had issued an email saying ?hey, there?s a new virus running around, please scan your PCs for agent.btz.? {sniff} I can definitely smell a lot of groupthink here. Not to mention hype, which goes hand in hand with groupthink. Lynn suffers from a short memory span. We know this because he thinks the Pentagon got ?a wake-up call? when agent.btz slithered into classified networks. If Lynn?s brain had more RAM, he would recall the Melissa virus did EXACTLY the same thing in 1999. It infected classified U.S. networks at a depth & scope even I myself would label ?impressive.? ?Rob, how do you know the Melissa virus invaded classified networks in 1999?? I know it because (here comes an atomic bomb!) I received an Air Force Outstanding Volunteer Service Medal for all the community service I provided to the U.S. intelligence community in the 1990s (back when Vmyths was known as the Computer Virus Myths Home Page). You can see the original framed medal, with citation, hanging on my wall in this video. Did Gil Grissom lift a thumb print off that USB thumb drive? I can?t wait to see an ?FBI most wanted? poster with that finger print on it? I voluntarily wore my civilian hat countless times to quash the many virus hoaxes that raged deep within the U.S. intelligence community in the 1990s. Why did I wear my civilian hat when I could have worn my Air Force uniform? The answer is simple: most fools in the intelligence community won?t listen to DoD virus experts. So they called on me. A lot. And then they praised me with an Air Force Outstanding Volunteer Service Medal. You know, I should plow through my personal email archives to see if Lynn got duped by a virus hoax in the 1990s. It wouldn?t surprise me if he did. His writing style exhibits just a hint of gullibility? Okay, let?s get back on track. You can see I?ve got a healthy dose of skepticism over Lynn?s ?Buckshot Yankee? revelation. And I?m not alone: Wired filed a story with the headline ?Insiders Doubt 2008 Pentagon Hack Was Foreign Spy Attack.? Waitaminit. GCN?s breathless story includes the phrase ?Lynn said Wednesday in a teleconference with reporters.? You mean to say he gabbed with the media on top of all the hype he wrote in an official capacity for a commercial publication? {sniff} I smell a book deal in the works when Lynn?s boss retires next year. Memo to William J. Lynn III: an SES-4 nominated me for that Air Force medal, you know? From rforno at infowarrior.org Thu Aug 26 09:54:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Aug 2010 10:54:19 -0400 Subject: [Infowarrior] - More on ... USG's New Right to Track Your Every Move With GPS References: Message-ID: <6474FE12-5092-4A1C-84C3-2B98E3F1483C@infowarrior.org> Begin forwarded message: > From: Jonathan Abolins > Date: August 26, 2010 8:37:56 AM EDT > To: rforno at infowarrior.org > Subject: Re: [Infowarrior] - USG's New Right to Track Your Every Move With GPS > > Rick, > > FWIW, Chief Judge Kozinki's dissent in US vs. Juan Pineda-Moreno can be read at > http://www.ca9.uscourts.gov/datastore/opinions/2010/08/12/08-30385.pdf > > Quite interesting argument against the majority's arguments shrinking > the areas of one's property where one has a reasonable expectation of > privacy. > > The majority report... eh... opinon can be read at > http://www.ca9.uscourts.gov/opinions/view_subpage.php?pk_id=0000010204 > > As the areas of reasonable expectations of privacy get whittled down, > someday we might find ourselves in a situation like the tagged bear in > this Gary Larson Far Side comic strip: > http://img.photobucket.com/albums/v644/engrtobe/bear.jpg , only the > tagging might not be as visible. Some court might argue that if > anybody saw you naked, if any doctor examined you, or if you had gone > through an airport full body scanner, your have no more expectation of > privacy than does your car in the driveway. > > Regards, > Jon > > On 25 August 2010 09:40, Richard Forno wrote: >> The Government's New Right to Track Your Every Move With GPS >> >> http://news.yahoo.com/s/time/08599201315000 From rforno at infowarrior.org Thu Aug 26 17:08:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Aug 2010 18:08:24 -0400 Subject: [Infowarrior] - Pentagon's cybersecurity plans have a Cold War chill Message-ID: <49AE37BF-9707-45EC-A355-2B9F68A60515@infowarrior.org> Pentagon's cybersecurity plans have a Cold War chill By David Ignatius Thursday, August 26, 2010; A13 http://www.washingtonpost.com/wp-dyn/content/article/2010/08/25/AR2010082505962_pf.html With little fanfare, the Pentagon is putting the finishing touches on a new strategy that will treat cyberspace as a domain of potential warfare -- and apply instant "active defense" to counter attacks that, in theory, could shut down the nation's transportation and commerce. Even though it deals with a distinctly 21st-century problem, the strategy has echoes of the Cold War: America's closest allies would be drawn into an early-warning network of collective cybersecurity; private industry would be mobilized in a kind of civil defense against attackers; and military commanders would be given authority to respond automatically to electronic invaders. In place of "massive retaliation" against attackers whose country of origin may be unclear, the strategy proposes an alternative concept of deterrence based on making America's infrastructure robust and redundant enough to survive any attack. The Department of Homeland Security would oversee this hardening of infrastructure, with help from the National Security Agency. William J. Lynn III, the deputy secretary of defense, explained the new approach, known as "Cyberstrategy 3.0" within the Pentagon, in an interview this week and in an article that appears in the new issue of Foreign Affairs. The formal policy should be completed by December, he said; meanwhile, the Pentagon's new "Cyber Command" will have responsibility for "active defense" starting Oct. 1. Lynn's proposals are provocative. But the strategy could be costly and perhaps cumbersome, and it involves threats that aren't well understood by the public -- even by many of the companies that could be targets of attacks. So the first order of business should be more public information: Everyone needs to understand the risks of attack, and the costs and benefits of mobilizing against it. Talking with Lynn, I was struck by the gap between the way defense experts see cyberspace -- as a source of potentially crippling assault -- and the public's view of an Internet that is a generally benign companion. Although Lynn speaks of cyberspace as a "domain" that can be protected, such as airspace, it may be closer to the oxygen we breathe. The Pentagon is already recruiting allies on cybersecurity. Lynn has shared ideas with America's longtime partners on signals intelligence -- Britain, Canada and Australia. He plans to meet with a wider circle of NATO allies next month. One topic will be surveillance against cyberattacks -- a sort of Internet version of the old "DEW Line" radar network or the undersea listening devices that monitored Soviet submarines. Lynn's defense scheme would be "part sensor, part sentry, part sharpshooter." The first two are noncontroversial, but I asked him what he meant by "sharpshooter." He explained that if Cyber Command detected an incoming attack, it would instantly "quarantine the malicious code" by "diverting it into a place where it would be harmless." The challenge, he said, was to stop the attack without doing "collateral damage," such as disrupting global commerce. Lynn wouldn't talk much about America's offensive weapons in cyberspace, except to say that "we have developed a wide range of capabilities." The United States is probably more vulnerable to such attacks than other countries because our economy is more wired. But Lynn rejected the idea of banning cyberweapons, through a new version of arms control, because it would be so easy for others to cheat. In cyberplanning, the phrase "military-industrial complex" has special resonance. Since at least 2007, the Pentagon has been informing defense contractors about hostile penetrations of their networks. This has evolved into the "Enduring Security Framework," a partnership that includes CEOs of many of the big technology and defense companies. Lynn said the Pentagon is working with contractors to protect their systems from cyberattack. An intriguing aspect of cyberstrategy is that it turns "globalization" inside out. A U.S. laptop maker that once would have boasted that its components were assembled in 50 countries must now worry about 50 points where an intruder could plant malicious code. The Defense Department calls this problem "supply chain vulnerability." Lynn said he hopes companies will monitor their plants and suppliers to reduce the risk that products sent to the United States are contaminated, but he conceded that "you can't build everything inside a fence." In the debate about cyberstrategy, I hope officials will recognize the dangers of militarizing the global highway for commerce and communication. Of course we want to protect ourselves against threats. But as with human viruses, hostile computer bugs will evade our best efforts at quarantine. A new (and expensive) obsession with cybersecurity is not what this traumatized country needs. davidignatius at washpost.com From rforno at infowarrior.org Fri Aug 27 06:19:57 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Aug 2010 07:19:57 -0400 Subject: [Infowarrior] - =?windows-1252?q?Today=92s_DEPSECDEF_plagiarized_?= =?windows-1252?q?his_predecessor=92s_=94wake-up_call=94?= Message-ID: <322DDB8F-50D4-498B-A1F0-A4602241C919@infowarrior.org> Today?s DEPSECDEF plagiarized his predecessor?s ?wake-up call? This proves the Pentagon hit the snooze button for eleven years Written by Rob Rosenberger http://vmyths.com/2010/08/27/oby-2/ The U.S. Deputy Secretary of Defense elected to declassify a horrifying cyber-attack that took place against the Pentagon. We learned that he?d given the president of the United States a series of briefings as the attack unfolded. We learned he reorganized the military as a direct result of this attack. Upon declassification, he publicly labeled it ?the most organized and systematic attack? the Pentagon had ever seen. Skeptics quickly ridiculed his claims. In his call to arms, he warned that ?without achieving Information Superiority we will, very simply, not be able to achieve the goals established in Joint Vision 2010.? ?Yes, Rob, we know all about William J. Lynn III. Get to your point.? Wrong! I?m talking about Lynn?s predecessor, John J. Hamre, who in 1998 went off the deep end after three teenagers tried to hack their way into the Air Force Information Warfare Center. These boys picked on what was (arguably?) the best-defended network in USAF ? yet the antics of these ?Li?l Rascals? convinced Hamre to give the president himself a series of briefings. Hamre tried for awhile to defend his absurd panoply in a vain attempt to protect his ego. In the end, though, he gave up the fight. The Pentagon promptly hit the snooze button on Hamre?s ?wake-up call.? Flash forward eleven years to the next event. The U.S. Deputy Secretary of Defense came out to announce a devastating cyber-attack had taken place against the Pentagon. He labeled it? ?ah, but I repeat myself. You see, William Lynn plagiarized John Hamre?s Banana Splits script. We can expect Lynn will quickly rise up to defend his absurd panoply in a vain attempt to protect his ego. It only remains for the Pentagon to hit the snooze button on Lynn?s ?wake-up call.? Only then will Lynn?s plagiarism be complete. Let me sidetrack to explain why someone like Hamre or Lynn would brief the president and reorganize the Pentagon over such a silly event. Believe it or not, absurdities like this happen from time to time. I?ll give you a perfect example: What we know today as Saudi Arabia came about because Ibn Saud took twenty men into the city of Riyadh to claim a land he felt belonged to his family. The Rashidi governor capitulated because he couldn?t believe a man in his right mind would storm the gates with less than two dozen soldiers at his side. He figured Ibn Saud had a full army waiting outside the city, so he gave up the keys to the kingdom and died while trying to flee. Now, we Americans don?t like to believe a government as advanced and as powerful and as republican as ours ? that men with literal access to the nuclear button ? would do something so insanely foolish. And yet you can?t help but stare in disbelief at the cyber escapades of William Lynn & John Hamre. They?re the U.S. version of the Rashidi governor. Time for me to login to Craigslist. ?Critic seeks twenty loyal men who will join quest to hit the Pentagon?s snooze button?? From rforno at infowarrior.org Fri Aug 27 09:23:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Aug 2010 10:23:58 -0400 Subject: [Infowarrior] - =?windows-1252?q?Caregiver=92s_Bookshelf=3A_The_B?= =?windows-1252?q?eginnings_of_Alzheimer=92s?= Message-ID: <4F88737C-F70D-4DE2-B805-2E8AB40E8508@infowarrior.org> August 27, 2010, 9:00 am The Caregiver?s Bookshelf: The Beginnings of Alzheimer?s By PAULA SPAN http://newoldage.blogs.nytimes.com/2010/08/27/the-caregivers-bookshelf-the-beginnings-of-alzheimers/?hp It?s been nearly 30 years since Johns Hopkins psychiatrist Peter Rabins and co-author Nancy Mace published ?The 36-Hour Day,? the best known guide to caring for someone with Alzheimer?s disease. Now in its fourth edition, it remains a trusted source of information and support. But the landscape of dementia ? its diagnosis, its treatment, how much neuroscience has advanced, how much the public understands ? has changed dramatically, as Gina Kolata has been reporting in The Times. As she also points out, this progress in diagnosing Alzheimer?s will mean that families are likely to face tough decisions sooner than ever. ?The book was a landmark twenty-some years ago when people were being diagnosed with what we?d call moderate to end-stage dementia,? said Dr. P. Murali Doraiswamy, a prominent researcher on the aging brain at Duke University Medical Center. ?Now, people are being diagnosed much earlier, when they?re still functioning well, and there?s a push to diagnose at even earlier stages.? With more medications available, with better understanding of the non-Alzheimer?s dementias, ?people want to be more proactive,? Dr. Doraiswamy said. ?They want to join clinical trials. They want ways to protect their brains.? So Dr. Doraiswamy, with social worker Lisa Gwyther, who directs Duke?s Alzheimer?s family support program, and science writer Tina Adler, intend for their book, ?The Alzheimer?s Action Plan,? to fill a gap. ?It?s essentially a book about the early stage of the disease,? Dr. Doraiswamy said. These authors dispute the notion that since there?s no cure for Alzheimer?s, diagnosis and treatment are pointless. ?Studies suggest that people who start treatment early usually remain better off than those who start treatment months later,? they write. So they?ve mapped out strategies for seeking a diagnosis and maximizing the usefulness of a doctor?s appointment. They explain conditions that can masquerade as Alzheimer?s but aren?t. They offer very specific advice on medications, not only Alzheimer?s drugs but antidepressants and antipsychotics. An analysis of the pro?s and con?s of participating in clinical drug trials even includes ? a bonus from Dr. Doraiswamy ? a sample consent form, annotated to translate its medicalese into intelligible English. At some point, given Alzheimer?s inexorable (for now) progression, caregivers will likely need to graduate to Dr. Rabins? book. But when they?re at the bewildering beginning of the process, when it?s not even clear exactly what an elder is dealing with, ?The Alzheimer?s Action Plan? will be extremely helpful. Paula Span is the author of ?When the Time Comes: Families With Aging Parents Share Their Struggles and Solutions.? From rforno at infowarrior.org Fri Aug 27 09:30:11 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Aug 2010 10:30:11 -0400 Subject: [Infowarrior] - followup: Smartphone RFI Message-ID: <6FB9586F-879E-4048-97BE-5F21BE0006B8@infowarrior.org> FYI the comments received to my RFI the other day were varied and general in nature. Comments were rather supportive of the Android platform. Sprint received high marks for coverage and competivie pricing for smartphone plans. Some wished GSM-based T-Mobile had better Android offerings and were considering switching carriers to get a better phone. Several folks were attracted to the physical, if not also more open, nature of the Android hardware and environment as well. As for me, I'm looking at the HTC Epic or EVO2 on Sprint, and the rumoured G2 on T-Mobile. *shrug* -rick From rforno at infowarrior.org Fri Aug 27 11:00:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Aug 2010 12:00:32 -0400 Subject: [Infowarrior] - OT: Friday humour Message-ID: <5388EFB4-5ECB-4C3F-A48A-3D526B75CBAE@infowarrior.org> Okay. FINALLY, Jar-Jar brings a smile to my face. (H/T to JM for this one.) "Who's on Force?" Edited by Ray Chung http://www.youtube.com/watch?v=ZoaQYL8ylms (I think the audio is taken from a USG conference room somewhere in DC. But it could come from anywhere, actually.....) Happy Friday! From rforno at infowarrior.org Fri Aug 27 13:47:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Aug 2010 14:47:55 -0400 Subject: [Infowarrior] - Virginia Does Another Oops Message-ID: <6B870DD2-9B6F-4CA8-8B9B-B159192E8F9D@infowarrior.org> Quoth PM: "Some days life just gives you too much material...." http://it.slashdot.org/story/10/08/27/1541238/State-of-Virginia-Technology-Centers-Down "Some rather important departments (DMV, Social Services, Taxation) in the state of Virginia are currently without access to documents and information as a technology meltdown has caused much of their infrastructure to be offline for over 24 hours now. State CIO Sam Nixon said, 'A failure occurred in one memory card in what is known as a "storage area network," or SAN, at Virginia's Information Technologies Agency (VITA) suburban Richmond computing center, one of several data storage systems across Virginia.' How does the IT for some of the largest departments in a state come to a screeching halt over a single memory card? Oh, and also, the state is paying Northrup Grumman $2.4 billion over 10 years to manage the state's IT infrastructure." From rforno at infowarrior.org Fri Aug 27 19:03:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Aug 2010 20:03:02 -0400 Subject: [Infowarrior] - Federal Judge Sanctions Tech Company Over Handling of E-Discovery Message-ID: <0FA126E3-6F31-4205-9D93-41C2AAEAAF09@infowarrior.org> (c/o dissent) Federal Judge Sanctions Tech Company Over Handling of E-Discovery Daniel Wise New York Law Journal August 27, 2010 http://www.law.com/jsp/article.jsp?id=1202471160961 A federal judge has sanctioned a leading developer of "flash drive" technology for its mishandling of electronic discovery in what the judge called a "David and Goliath-like" struggle. Southern District Judge William H. Pauley ruled that he would instruct the jury to draw a negative inference from the fact that SanDisk Corp., a company with a market capitalization of $8.7 billion, had lost the hard drives from laptop computers it issued to two former employees who are the plaintiffs in Harkabi v. Sandisk Corp., 08 Civ. 8230. SanDisk must be "mortif[ied]" by the ex-employees' argument that the company, as a leading purveyor of electronic data storage devices, cannot claim that it made an "innocent" mistake in losing the hard-drive data, Pauley wrote. That argument is on target, the judge concluded, noting that SanDisk's "size and cutting edge technology raises an expectation of competence in maintaining its own electronic records." Pauley also awarded $150,000 in attorney's fees to the two plaintiffs, Dan Harkabi and Gidon Elazar, because of delays the company caused in producing their e-mails during the 17 months they worked for SanDisk. In 2004, the plaintiffs sold a software company they had founded in Israel to SanDisk for $10 million up front. An additional $4 million was to be paid depending on the level of sales SanDisk realized over the next two years on products "derived" from technology developed by the Israeli company. As part of the deal, Harkabi and Elazar moved to New York and began working for SanDisk. At the end of the two-year period, SanDisk contended the threshold for the Israeli software developers to claim their "earn-out" fee had not been met, and offered them $800,000. When the developers continued to demand the full $4 million, SanDisk ended their employment. One of the key issues in the suit is whether a SanDisk flash drive called "U3" contained software "derived" from a product the two plaintiffs developed in Israel. Flash drives are compact data storage devices about the size of a stick of gum used to transport data from one computer to another. The Israeli company had developed software that could be used to encrypt flash drives so the data would be secured for personal use only. The owner would not be able to transfer copyrighted data such as movies, computer applications, books or other materials. The two developers claim that SanDisk sold 15 million U3 flash drives. Under their contract, SanDisk had to sell 3.2 million flash drives utilizing an encryption system derived from the product plaintiffs had developed in Israel. The developers contend that the U3 is derived from the Israeli product. SanDisk disputes any connection. As the dispute began to heat up in 2007, the developers' lawyers at the time asked SanDisk to preserve information on their client's laptops. SanDisk's in-house counsel issued a "do-not-destroy" letter, and the two laptops were stored in a secure area for more than a year. But at some point a decision was made to re-issue the two laptops to other employees after the data from the hard drives had been separately preserved. SanDisk's response in the initial round of electronic discovery was a declaration from an in-house lawyer that "I have no reason to believe" the April 2007 "do-not-destroy" memo "was not fully complied with." SanDisk also produced 1.4 million documents, which it described as "everything" found in response to the developers' electronic discovery demands. Six weeks later, however, the company acknowledged it was unable to retrieve the data from the laptops' hard drives. But the two developers created their own software to analyze the 1.4 million documents received in discovery and concluded that much of their e-mail correspondence had not been turned over, according to the opinion. SanDisk subsequently conceded that it had not turned over all of the developers' e-mails, but has since begun the process of retrieving the missing e-mails from backup files. A negative inference with regard to the data on the lost hard drives, Pauley concluded, is warranted because "the undisputed facts reveal a cascade of errors, each relatively minor," which added to a significant discovery failure. The loss of the hard-drive data has deprived the two developers of the opportunity to present "potentially powerful evidence" on the key issue of whether the U3 flash drive was derived from encryption software developed by the pair in Israel. Although the missing e-mails eventually will be available at trial, Pauley concluded, SanDisk should nonetheless pay the developers $150,000 to cover their added legal costs for discovery. SanDisk's "misrepresentations" about its initial electronic document production, he wrote, "obscured the deficiencies and stopped discovery in its tracks." He added, "But for plaintiffs' forensic analysis and their counsel's persistence those deficiencies may not have come to light." Charles E. Bachman, of O'Melveny & Myers, who represented SanDisk, said the company would have no comment. Harkabi and Elazar were represented by Charles A. Stillman and Daniel V. Shapiro of Stillman, Friedman & Shechtman. From rforno at infowarrior.org Fri Aug 27 19:11:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Aug 2010 20:11:45 -0400 Subject: [Infowarrior] - 1/2: Colonel Kicked Out of Afghanistan for Anti-PowerPoint Rant Message-ID: <96E8FED7-BC1D-498D-A26F-0B4E53D5D445@infowarrior.org> Colonel Kicked Out of Afghanistan for Anti-PowerPoint Rant ? By Spencer Ackerman ? August 27, 2010 | ? 8:58 am | ? Categories: Info War http://www.wired.com/dangerroom/2010/08/anti-powerpoint-rant-gets-colonel-kicked-out-of-afghanistan/ Consider it a new version of death by PowerPoint. The NATO command in Afghanistan has fired a staff officer who publicly criticized its interminable briefings, its over-reliance on Microsoft?s slide-show program, and what he considered its crushing bureaucracy. Army Col. Lawrence Sellin, a 61-year old reservist from New Jersey who served in Afghanistan and Iraq prior to this deployment, got the sack Thursday from his job as a staff officer at the International Security Assistance Force Joint Command in Kabul. The hammer fell barely 48 hours after United Press International ran a passionate op-ed he wrote to lament that ?little of substance is really done here.? He tells Danger Room, ?I feel quite rather alone here at the moment.? The colonel?s rant called into question whether ISAF?s revamped command structure, charged with coordinating the day-by-day war effort, was much more than a briefing factory. Or, as Sellin put it, ?endless tinkering with PowerPoint slides to conform with the idiosyncrasies of cognitively challenged generals in order to spoon-feed them information.? According to Sellin, when his commanding general (whom he doesn?t want to name) saw that Sellin described IJC as a blinkered bureaucracy, he informed the colonel that it was time to pack his things. ?He was very polite and shook my hand and wished me luck,? Sellin says. A spokesman for the command cited the specific regulation that sealed Sellin?s fate: NATO Directive (95-1); failure to clear ?written or oral presentations to the media? through a designated public-affairs officer. ?His comments do not reflect the reality of the work done every day at IJC,? says its director of public affairs, Colonel Hans Bush. ?His insights are his own, however, his duty position and responsibilities did not offer him the situational awareness needed to validate his postings to the media.? Effectively, that means enlisted men and officers are freer to speak their minds in front of embedded reporters than they are while serving on headquarters staff. Additionally troops are basically free to provide their opinions on a blog ? as long as it doesn?t violate operational security, and as long as they don?t claim to be speaking for the Defense Department officially. Had Sellin blogged or tweeted his critique rather than published it through a wire service, maybe he?d still have his job. Sellin says he tried to send constructive criticism up the chain before he typed out his UPI piece. He gave his superiors a briefing on ?proven organizational methodologies? to streamline IJC, but it went nowhere. ?It was only my rant that everyone read,? he says. ?My hope is that after they stop being angry at me, maybe they will take a serious look at how they operate.? The irony? His briefing was a five-slide PowerPoint. Apparently, not everyone at IJC was as gracious as Sellin?s boss when the op-ed began to circulate. Sellin says that a two-star general ? whom he declines to name ? told him ?I was a coward, unpatriotic, ignorant, petty and that he had no respect for me.? Sellin gauges that lieutenant colonels and lower-ranked officers support him, as do a few colonels. ?In regard to most of the other colonels,? he concedes, I have marks all over me from where they have been touching me with ten-foot poles.? Sellin is going to head home to Finland, where he?s worked for the past several years for an information-technology company that he asks me not to name. He doesn?t wish any of his now-former colleagues in IJC any ill will. But he wonders if recently-admitted problems training the Afghan security forces ? the U.S.?s ultimate ticket out of the ten-year old war ? is going to yield any greater sense of urgency from IJC. ?Mine is not an indictment of people or am I questioning their intentions, just some judgments that are being made and the methods that are being used,? he says. ?It can be done better. We can fulfill our national security needs and get out.? Update: Sellin wrote a lot more for UPI than just his thoughts on PowerPoint. Check out his full archive of columns here. From rforno at infowarrior.org Fri Aug 27 19:12:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Aug 2010 20:12:30 -0400 Subject: [Infowarrior] - 2/2: Army colonel: PowerPoints 'R' Us Message-ID: <7C5D6C46-26A6-4C2E-8E30-FE1A94FFC2E6@infowarrior.org> Outside View: PowerPoints 'R' Us Aug 24 10:19 AM US/Eastern http://www.spacewar.com/reports/Outside_View_PowerPoints_R_Us_999.html KABUL, Afghanistan, Aug. 24 (UPI) -- Throughout my career I have been known to walk that fine line between good taste and unemployment. I see no reason to change that now. Consider the following therapeutic. I have been assigned as a staff officer to a headquarters in Afghanistan for about two months. During that time, I have not done anything productive. Fortunately little of substance is really done here, but that is a task we do well. We are part of the operational arm of the International Security Assistance Force commanded by U.S. Army Gen. David Petraeus. It is composed of military representatives from all the NATO countries, several of which I cannot pronounce. Officially, IJC was founded in late 2009 to coordinate operations among all the regional commands in Afghanistan. More likely it was founded to provide some general a three-star command. Starting with a small group of dedicated and intelligent officers, IJC has successfully grown into a stove-piped and bloated organization, top-heavy in rank. Around here you can't swing a dead cat without hitting a colonel. For headquarters staff, war consists largely of the endless tinkering with PowerPoint slides to conform with the idiosyncrasies of cognitively challenged generals in order to spoon-feed them information. Even one tiny flaw in a slide can halt a general's thought processes as abruptly as a computer system's blue screen of death. The ability to brief well is, therefore, a critical skill. It is important to note that skill in briefing resides in how you say it. It doesn't matter so much what you say or even if you are speaking Klingon. Random motion, ad hoc processes and an in-depth knowledge of Army minutia and acronyms are also key characteristics of a successful staff officer. Harried movement together with furrowed brows and appropriate expressions of concern a la Clint Eastwood will please the generals. Progress in the war is optional. Each day is guided by the "battle rhythm," which is a series of PowerPoint briefings and meetings with PowerPoint presentations. It doesn't matter how inane or useless the briefing or meeting might be. Once it is part of the battle rhythm, it has the persistence of carbon 14. And you can't skip these events because they take roll -- just like gym class. The start and culmination of each day is the commander's update assessment. Please ignore the fact that "update assessment" is redundant. Simply saying commander's update doesn't provide the possibility of creating a three-letter acronym. It also doesn't matter that the commander never attends the CUA. The CUA consists of a series of PowerPoint slides describing the events of the previous 12 hours. Briefers explain each slide by reading from a written statement in a tone not unlike that of a congressman caught in a tryst with an escort. The CUA slides only change when a new commander arrives or the war ends. The commander's immediate subordinates, usually one- and two-star generals, listen to the CUA in a semi-comatose state. Each briefer has approximately 1 or 2 minutes to impart either information or misinformation. Usually they don't do either. Fortunately, none of the information provided makes an indelible impact on any of the generals. One important task of the IJC is to share information to the ISAF commander, his staff and to all the regional commands. This information is delivered as PowerPoint slides in e-mail at the flow rate of a fire hose. Standard operating procedure is to send everything that you have. Volume is considered the equivalent of quality. Next month IJC will attempt a giant leap for mankind. In a first-of-its-kind effort, IJC will embed a new stovepipe into an already existing stovepipe. The rationale for this bold move resides in the fact that an officer, who is currently without one, needs a staff of 35 people to create a big splash before his promotion board. Like most military organizations, structure always trumps function. The ultimate consequences of this reorganization won't be determined until after that officer rotates out of theater. Nevertheless, the results will be presented by PowerPoint. -- (Lawrence Sellin, Ph.D., is a colonel in the U.S. Army Reserve and a veteran of the conflicts in Afghanistan and Iraq. He is currently serving his second deployment to Afghanistan. The views expressed are his own and do not necessarily reflect those of the U.S. Army or U.S. government.) -- From rforno at infowarrior.org Fri Aug 27 21:32:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Aug 2010 22:32:48 -0400 Subject: [Infowarrior] - =?windows-1252?q?Facebook_trying_to_trademark_the?= =?windows-1252?q?_word_=91face=92?= Message-ID: Facebook?s now trying to trademark the word ?face? By CNN Posted today at 11:42 a.m. http://chicagobreakingbusiness.com/2010/08/facebooks-now-trying-to-trademark-the-word-face.html Facebook CEO Mark Zuckerberg. (Justin Sullivan/Getty Images) Facebook, which has gone after sites with the word ?book? in their names, is also trying to trademark the word ?face,? according to court documents. But the social networking site has met with a familiar foe. As TechCrunch first reported, Aaron Greenspan has asked for an extension of time to file an opposition to Facebook?s attempt. Greenspan is the president and CEO of Think Computer, the developer of a mobile payments app called FaceCash. Greenspan, also a former Harvard classmate of Facebook chief executive Mark Zuckerberg, claimed he had a hand in developing the social networking giant. The case was settled last year. In an interview with CNNMoney.com, Greenspan said the two extensions he filed now give him until September 22 to oppose the ?face? trademark attempt. The original deadline was June 23. ?If you search the patent database, there are thousands of marks that contain the word ?face,?? Greenspan said. ?I understand where Facebook is coming from, but this move has big implications for my company and for others.? Greenspan said he hasn?t yet decided whether he will file a formal opposition, but he wanted extra time because ?tech is a very fast-paced industry. You never know what will develop during the additional time.? Court documents show Greenspan has a long history of taking action to protect his trademarks, so Facebook could have a tough battle ahead. Facebook?s separate fight over ?book,? on the other hand, has been more of a David vs. Goliath saga. As reported this week, Facebook is suing start-up site Teachbook.com ? which claims it is merely a teacher?s community. The social networking giant also forced the travel site PlaceBook to change its name to TripTrace earlier this month. ?Honestly, to most people ?Facebook?s claims? wouldn?t make a big difference,? Greenspan said. ?Facebook is enforcing their rights, but maybe some they don?t have.? From rforno at infowarrior.org Sun Aug 29 10:36:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Aug 2010 11:36:32 -0400 Subject: [Infowarrior] - OT: Hunker Down Message-ID: <317F96C6-D416-4846-A66E-7362D3A11AB4@infowarrior.org> This morning, someone who wishes to remain anonymous sent me a video by (believe it or not) motivational speaker Tony Robbins discussing the current financial markets -- where we were, where we are, and where we're likely to head, and why. I'm passing it along because he pretty much much echoes what market realists (myself included) have been saying for a while now. I think it's good analysis and prudent advice...it's also *not* what you're likely to hear on CNBC, either. No, he's not selling anything --- it's just a simple podcast. However, he puts some of the macro market concerns into 'plain English' that the average retail investor can understand. If you're "in the markets" I encourage you to watch the video when you get a chance. At the very least, it'll give you some calm, objective food for thought. (The 'meat' of the video begins around 09:30 or so.) http://www.metatube.com/en/videos/37911/An-Important-Note-Of-Caution-By-Tony-Robbins/ In the spirit of disclosure, for several months now, I've been taking slow, methodical steps to protect the longer-term investments I manage against what I suspect will be some very rocky conditions in the global economic markets for at least the next 2-5 years, if not longer. That doesn't mean I'm just "selling and heading for the hills" -- but rather, am taking controlled measures to manage risk and prepare for possible future opportunities. As I said, it's food for thought. We now return you to your regularly scheduled Sunday. - Rick From rforno at infowarrior.org Sun Aug 29 11:23:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Aug 2010 12:23:55 -0400 Subject: [Infowarrior] - Pew Internet: Older Adults and Social Media Message-ID: <0CC0FC2E-899F-43D2-AE5A-87A377EEB8D3@infowarrior.org> Older Adults and Social Media by Mary Madden Aug 27, 2010 http://pewinternet.org/Reports/2010/Older-Adults-and-Social-Media.aspx Overview While social media use has grown dramatically across all age groups, older users have been especially enthusiastic over the past year about embracing new networking tools. Social networking use among internet users ages 50 and older nearly doubled?from 22% in April 2009 to 42% in May 2010. ? Between April 2009 and May 2010, social networking use among internet users ages 50-64 grew by 88%--from 25% to 47%. ? During the same period, use among those ages 65 and older grew 100%--from 13% to 26%. ? By comparison, social networking use among users ages 18-29 grew by 13%?from 76% to 86%. ?Young adults continue to be the heaviest users of social media, but their growth pales in comparison with recent gains made by older users,? explains Mary Madden, Senior Research Specialist and author of the report. ?Email is still the primary way that older users maintain contact with friends, families and colleagues, but many older users now rely on social network platforms to help manage their daily communications.? ? One in five (20%) online adults ages 50-64 say they use social networking sites on a typical day, up from 10% one year ago. ? Among adults ages 65 and older, 13% log on to social networking sites on a typical day, compared with just 4% who did so in 2009. At the same time, the use of status update services like Twitter has also grown?particularly among those ages 50-64. One in ten internet users ages 50 and older now say they use Twitter or another service to share updates about themselves or see updates about others. About the Survey This report is based on the findings of a daily tracking survey on Americans' use of the Internet. The results in this report are primarily based on data from telephone interviews conducted by Princeton Survey Research Associates International between April 29 and May 30, 2010, among a sample of 2,252 adults, age 18 and older. Interviews were conducted in English. A combination of landline and cellular random digit dial (RDD) samples was used to represent all adults in the continental United States who have access to either a landline or cellular telephone. For results based on the total sample, one can say with 95% confidence that the error attributable to sampling and other random effects is plus or minus 2.4 percentage points. For results based Internet users (n=1,756), the margin of sampling error is plus or minus 2.7 percentage points. In addition to sampling error, question wording and practical difficulties in conducting telephone surveys may introduce some error or bias into the findings of opinion polls. For more information, please see the Methodology Section. From rforno at infowarrior.org Sun Aug 29 11:40:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Aug 2010 12:40:22 -0400 Subject: [Infowarrior] - U.S. Eyes Preemptive Cyber-Defense Strategy Message-ID: <95A08FD0-837C-4E56-B2C8-10673EB7402F@infowarrior.org> Washington Post August 29, 2010 U.S. Eyes Preemptive Cyber-Defense Strategy By Ellen Nakashima http://www.washingtonpost.com/wp-dyn/content/article/2010/08/28/AR2010082803849.html The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary's computer network overseas - but it is still wrestling with how to pursue the strategy legally. The department is developing a range of weapons capabilities, including tools that would allow "attack and exploitation of adversary information systems" and that can "deceive, deny, disrupt, degrade and destroy" information and information systems, according to Defense Department budget documents. But officials are reluctant to use the tools until questions of international law and technical feasibility are resolved, and that has proved to be a major challenge for policymakers. Government lawyers and some officials question whether the Pentagon could take such action without violating international law or other countries' sovereignty. Some officials and experts say they doubt the technology exists to use such capabilities effectively, and they question the need for such measures when, they say, traditional defensive steps such as updating firewalls, protecting computer ports and changing passwords are not always taken. Still, the deployment of such hardware and software would be the next logical step in a cyber strategy outlined last week by Deputy Secretary of Defense William J. Lynn III. The strategy turns on the "active defense" of military computer systems, what he called a "fundamental shift in the U.S. approach to network defense." Though officials have not clearly defined the term and no consensus exists on what it means, Lynn has said the approach includes "reaching out" to block malicious software "before they arrive at the door" of military networks. Blocking bad code at the border of its networks is considered to be within the Pentagon's authority. On the other hand, destroying it in an adversary's network in another country may cross a line, and officials are trying to articulate a clear policy for such preemptive cyber activity. "We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us," Gen. Keith Alexander, the head of the Pentagon's new Cyber Command, told an audience in Tampa this month. The command - made up of 1,000 elite military hackers and spies under one four-star general - is the linchpin of the Pentagon's new strategy and is slated to become fully operational Oct. 1. Military officials have declared that cyberspace is the fifth domain - along with land, air, sea and space - and is crucial to battlefield success. "We need to be able to protect our networks," Lynn said in a May interview. "And we need to be able to retain our freedom of movement on the worldwide networks." Another senior defense official said, "I think we understand that in order for us to ensure integrity within the military networks, we've got to be able to reach out as far as we can - once we know where the threat is coming from - and try to eliminate that threat where we can." One senior defense official said that active defense is akin to being in a battle zone when someone is firing a machine gun at you, detecting the bullets, putting up a shield and knocking down the bullets. "Wouldn't it be a far better idea to get the machine gun? So that's an extension of a real-time defense - just shut the threat down." Perhaps the most difficult issues are technological and operational. Because the precise configuration of an adversary's computer is difficult to discern through the Internet, it can be very difficult to, for example, disrupt that computer's ability to attack without affecting other computers that might be connected to it. The military's dismantling in 2008 of a Saudi Web site that U.S. officials suspected of facilitating suicide bombers in Iraq also inadvertently disrupted more than 300 servers in Saudi Arabia, Germany and Texas, for example, and the Obama administration put a moratorium on such network warfare actions until clear rules could be established. "Why are you talking yourself into this massive debate when no one has said this works 100 percent of the time and it's worth the fight?" said an industry official who formerly worked at the Pentagon. But a senior defense official familiar with state-of-the-art technology said, "I would tend to say that we can be much more precise than people could imagine." The official, like others quoted for this story, was not authorized to speak on the record. Alexander, who also heads the National Security Agency, which was set up in 1952 to spy electronically overseas, acknowledged in Tampa that offensive capabilities must be based on "the rule of law," according to the Military Tech blog Cnet News. And that is the crux of the debate. For the better part of a year, defense officials have been discussing the options with the White House, Justice Department, Department of Homeland Security and Congress. "I have seen clearly changes in the last two or three months where there's willingness of the senior leaders to start thinking through those scenarios, and that's something I don't think we were seeing a year ago," said a military official who was not authorized to speak for the record. Still, taking action against an attacker's computer in another country may well violate a country's sovereignty, experts said. And government lawyers have questioned whether the Pentagon has the legal authority to take certain actions - such as shutting down a network in a country with which the United States is not at war. The CIA has argued that doing so constitutes a "covert" action that only it has the authority to carry out, and only with a presidential order. Policymakers also are grappling with questions of international law. "We are having a big debate about what constitutes the use of force or an armed attack in cyberspace," said Herbert S. Lin, a cyber expert with the National Research Council of the National Academy of Sciences. "We need to know where those lines are so that we don't cross them ourselves when we conduct offensive actions in cyberspace against other nations." The senior defense official who spoke about the military's capabilities said if cyber operators detected that some attacker was about to issue a network command to a device installed somewhere in the United States that would have "a disastrous effect" causing mass destruction, "I'm hard pressed to imagine that anyone would argue you shouldn't preempt that - even if it was sitting on neutral territory." But short of that, noted a military official, "there's a lot of reluctance to go into foreign cyberspace and take actions that are preemptive." Officials have noted they can use other non-cyber options, including diplomatic action, to respond to threats. The United States might approach a foreign government for help in blocking a threat, using the appeal that "it might be aimed at us now, it could be aimed at you later, it might be aimed at us collectively" in terms of the instability it induces in the global networks, said the senior defense official. "That's an approach that is often ignored." The industry official said his concern is "the militarization" of the international dialogue. "Any time Pentagon leaders start using the terms 'active defense,' " he said, "then my concern is that foreign countries use that as a basis for their doctrine, starting a cycle of tit for tat." The Pentagon has standing rules of engagement for network defense, such as the right of self-defense. But the line between self-defense and offensive action can be difficult to discern. "This is a big, big problem," said one former intelligence official who noted that it took years to develop nuclear deterrence doctrine. "We are just at the beginning of figuring this out." From rforno at infowarrior.org Sun Aug 29 17:53:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Aug 2010 18:53:00 -0400 Subject: [Infowarrior] - MS Security Development Lifecycle under CC Message-ID: <7B86B8E7-AB3D-4F68-99BE-B308937167FA@infowarrior.org> Microsoft's Security Development Lifecycle under Creative Commons License http://www.h-online.com/open/news/item/Microsoft-s-Security-Development-Lifecycle-under-Creative-Commons-License-1068172.html Microsoft is to change the license for its process for developing secure software. In future, the company's Security Development Lifecycle (SDL) will be available under a Creative Commons license (Attribution-NonCommercial-ShareAlike 3.0 Unported). This should make it easier for others to use and distribute the principles behind SDL and for programmers to integrate SDL components into their own development processes. This has not previously been possible, as documentation and other SDL materials were under an exclusive Microsoft license which precluded such use. The company hopes that the change will lead to more developers utilising the Microsoft process for developing software more securely across the entire product lifecycle. SDL can trace its origins back to a 2002 Bill Gates memo on "trustworthy computing". The resulting programme was intended to make security an integral part of the company's software development process and make its products more persistently secure. All Microsoft software since Windows Vista has been developed in accordance with SDL. David Ladd, Principal Security Program Manager at Microsoft, has announced that the first two documents to be placed under the new license will be a white paper entitled "Simplified Implementation of the Microsoft SDL" and "Microsoft Security Development Lifecycle (SDL) ? Version 5.0", a guide to how the company uses SDL in its product development. These can be expected within the next few weeks. According to Ladd, the company will also be going through other content on the SDL portal and relicensing it as appropriate. SDL tools are not affected by the licensing change, but will continue to use Microsoft license From rforno at infowarrior.org Sun Aug 29 18:32:11 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Aug 2010 19:32:11 -0400 Subject: [Infowarrior] - =?windows-1252?q?MySpace=3A_A_place_for=85_what?= =?windows-1252?q?=2C_again=3F?= Message-ID: <953FCD9E-D19A-4893-A8A4-A4591C74A1D6@infowarrior.org> MySpace: A place for? what, again? http://tech.fortune.cnn.com/2010/08/26/myspace-the-place-for-what-again Posted by JP Mangalindan August 26, 2010 3:32 PM With declining ad sales, a stagnant user base, and a creaky interface, the once-mighty social network has a redesign on deck, but is it enough to save the site? Visit the MySpace offices in the News Corp. complex in Beverly Hills, and you won't see a company in crisis. Underneath the company sign, a dry-erase board reads "A place for..." with scribbled Mad Lib-esque responses like, "Soy Milk Ecstasy" and "Trolling." Employees in baggy t-shirts and jeans make wisecracks while getting grub from the second-floor cafe. Elsewhere, four guys play a quick round of ping-pong in the atrium area. They're hooting and hollering as they swat the ball back-and-forth. One of them sports a black shirt covered with the slogan, "Your mom is on Facebook." Everyone loves a comeback story: the rise, the fall, the unexpected reversal of fortune. But despite the jovial atmosphere in its offices, MySpace is still neck-deep in the second act. And although it's trying mightily to complete the reversal, the odds are stacked against it. At its peak in July 2006, MySpace was the most-visited Web site in the U.S., pulling in 4.5% of all traffic. The first crop of American teens to embrace the expanding community earned the nickname "Generation MySpace." Even more than Friendster, which it was based on, the social network founded by Chris DeWolfe and Tom Anderson in January 2004 blurred the lines between online social interaction and the real world. Users could search out one another online by common interests, like favorite band, and meet-up face-to-face. "It presented a set of features that nobody else on the Internet had," recalls Forrester analyst Augie Ray. "At the time, Facebook was a closed network for college students, so I think people gravitated to MySpace so they could do easy sharing." By 2005, MySpace had become so righteously hip, even Rupert Murdoch wanted in, and News Corp. (NWSA) scooped up MySpace's parent company Intermix Media for a cool $580 million. Murdoch had acquired the web's hottest property, and the sky seemed the limit. What he and MySpace didn't anticipate was just how ephemeral being on top can be. How MySpace lost face Once Facebook, with its more elegant user interface and more intuitive sharing features, realized its larger ambitions and expanded beyond being a hub for college students, it surpassed MySpace to become the largest social network in April 2008. It also didn't help that MySpace lost sight of its mission, a truth even President Mike Jones will admit. "MySpace expanded into areas it probably shouldn't have gone," he says. "I mean, yes, it had a photo uploading system. But I don't think it's about sharing baby photos. Yes, you could 'friend' anybody on there. But I don't think it's a place where you want to 'friend' your mom." In effect, Jones believes MySpace diluted the brand, widening the opportunity for Facebook to siphon users, which it has: MySpace now recognizes 120 million users worldwide, while Facebook claims more than four times that number. In the years since, the company's top ranks have thinned out. Like an executive-level game of musical chairs, executive after executive has left for one reason or another. In April 2009, DeWolfe quit his CEO post, to be replaced by former Facebook COO Owen Van Natta, who laid off more than 400 workers before reportedly being fired himself several months later. Co-presidents Mike Jones and Jason Hirschhorn* stepped in this past February, but five months later, Hirschhorn resigned. Jones now runs MySpace solo. He won't comment on the departures, only to say that he's committed to the foundational work he and his predecessors laid out for the future. And MySpace's only revenue source, advertising, is suffering, too. Analysts expect the social network's ad sales will drop from 32% of overall U.S. social network ad spending in 2009 to just 19% in 2010. Compare that to Facebook's rapidly increasing share: 36% in 2009 to 50% this year, and it's clear where things are headed. MySpace's solution Given MySpace's troubles, it's easy to compare it to Bebo, the overvalued social network acquired by AOL in 2005 for $850 million that reportedly sold five years later for less than $10 million. Rumors circulated that Murdoch was considering selling MySpace to a private equity firm. While nothing more than speculation, that kind of talk can't be good for a company's rep. No, if MySpace has any hope of growing and connecting with new users -- and that hope seems to be declining as quickly as its revenue stream -- it needs a reboot. A major one. One so radically different from the MySpace and well, Facebook, of today so as to be viewed by the malleable public, and even cynics, as a veritable brand rebirth, a must-have product. "MySpace really needs a product reset," says Jones. "It needs a new visual skin, a new visual platform, that allows users to really discover these new products we're releasing. Until we do something like that, it's really hard to market." This fall, MySpace will relaunch with a visual makeover and a new mobile product suite. Based on limited user previews, the interface will be cleaner and less cluttered with a wider activity feed, a new "MyStuff" module that will allow quick access to user photos, videos and music on the homepage, and a simplified recommendations box. Also expected: "Topics" pages that will group news, images, music and other media when users search for say, a band or an actor. Beyond that, the company remains mum on visual tweaks. MySpace's proposed new home page design Ray isn't convinced that putting a new skin on the same tried-and-true product will be enough. "I think it's certainly an improvement, and I think people who have seen it think it's an improvement," he says. "But if they're looking to draw people away from Facebook and new users to MySpace, the redesign isn't really going to contribute significantly to that." Apparently just as important for the company is mobile, a phenomenon that News Corp. digital chief Jon Miller told Fortune at this year's Brainstorm Tech conference caught the company by surprise. Right now, MySpace has one mobile app, which replicates the MySpace desktop experience on mobile devices. A group of designers in the company's first-floor design studio are toiling away on a suite of mobile apps that will act as MySpace "lenses" and be rolled out every month through the rest of the year. Each one will focus on different elements of MySpace: presumably photos, music, and so on. The first such app out of the gate is Romeo, essentially a Pandora for music videos. Romeo allows users to choose one of 13 moods like "naughty," "aggressive," and "studying" and one of 15 music genres. Once selected, videos automatically play, and users can "like," "hate," "share," and "forward." Romeo adjusts the video playlist based on user choices; short ads play every 15 minutes or so. Initially available for the iPad and desktops, Jones promises such MySpace apps will eventually appear on the iPhone, Android handsets and Windows platforms. While it's certainly a fun app, it feels more like an added perk than a must-have product. Unlike the hugely-popular streaming music app, Pandora, which it resembles conceptually, it's hard to imagine mobile users draining smart phones for hours on end, watching random music videos. MySpace's mobile Romeo app. Unless MySpace has more groundbreaking products in the works ? and at this point, we don't know that it does -- it might find itself continuing to tread water as a second-class citizen at best, and at worst, witnessing a further decline into oblivion. Indeed, MySpace just released a not-cheap looking video with a Steve Slater look alike parading around the offices spouting marketing copy and cringe-inducing jokes as the erstwhile JetBlue flight attendant meets the staff and redesigns his now-famous MySpace profile. The fact that Slater or any public figure had a MySpace profile, five years ago, would've been completely unremarkable. Now it's apparently so novel that the company thought a six-minute video parodying a user was a good use of the time and talents of its executives and marketing staff. Slapping on a new visual skin and releasing niche, albeit fun, products won't likely fool a social media-savvy public who've long since left for greener online pastures. *An earlier version of this story used an incorrect first name for former President Jason Hirschhorn. From rforno at infowarrior.org Sun Aug 29 18:39:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Aug 2010 19:39:45 -0400 Subject: [Infowarrior] - Hackers blind quantum cryptographers Message-ID: Hackers blind quantum cryptographers Lasers crack commercial encryption systems, leaving no trace. Zeeya Merali http://www.nature.com/news/2010/100829/full/news.2010.436.html A way to intercept photons of light to create a security leak has been discovered.Punchstock Quantum hackers have performed the first 'invisible' attack on two commercial quantum cryptographic systems. By using lasers on the systems ? which use quantum states of light to encrypt information for transmission ? they have fully cracked their encryption keys, yet left no trace of the hack. Quantum cryptography is often touted as being perfectly secure. It is based on the principle that you cannot make measurements of a quantum system without disturbing it. So, in theory, it is impossible for an eavesdropper to intercept a quantum encryption key without disrupting it in a noticeable way, triggering alarm bells. Vadim Makarov at the Norwegian University of Science and Technology in Trondheim and his colleagues have now cracked it. "Our hack gave 100% knowledge of the key, with zero disturbance to the system," he says. In standard quantum cryptographic techniques, the sender ? called 'Alice' for convenience ? generates a secret key by encoding classical bit values of 0 and 1 using two different quantum states of photons, or particles of light. The receiver, 'Bob', reads off these bit values using a detector that measures the quantum state of incoming photons. In theory, an eavesdropper, 'Eve', will disturb the properties of these photons before they reach Bob, so that if Alice and Bob compare parts of their key, they will notice a mismatch. In Makarov and colleagues' hack, Eve gets round this constraint by 'blinding' Bob's detector ? shining a continuous, 1-milliwatt laser at it. While Bob's detector is thus disabled, Eve can then intercept Alice's signal. The research is published online in Nature Phototonics today1. Breaking the rules The cunning part is that while blinded, Bob's detector cannot function as a 'quantum detector' that distinguishes between different quantum states of incoming light. However, it does still work as a 'classical detector' ? recording a bit value of 1 if it is hit by an additional bright light pulse, regardless of the quantum properties of that pulse. That means that every time Eve intercepts a bit value of 1 from Alice, she can send a bright pulse to Bob, so that he also receives the correct signal, and is entirely unaware that his detector has been sabotaged. There is no mismatch between Eve and Bob's readings because Eve sends Bob a classical signal, not a quantum one. As quantum cryptographic rules no longer apply, no alarm bells are triggered, says Makarov. "We have exploited a purely technological loophole that turns a quantum cryptographic system into a classical system, without anyone noticing," says Makarov. Makarov and his team have demonstrated that the hack works on two commercially available systems: one sold by ID Quantique (IDQ), based in Geneva, Switzerland, and one by MagiQ Technologies, based in Boston, Massachusetts. "Once I had the systems in the lab, it took only about two months to develop a working hack," says Makarov. This is the latest in a line of quantum hacks. Earlier this year, a group led by Hoi-Kwong Lo at the University of Toronto in Ontario, Canada, also showed that an IDQ commercial system could be fully hacked. However, in that case, the eavesdropper did introduce some noticeable errors in the quantum key2. Gr?goire Ribordy, chief executive of IDQ, says that the hack of Makarov and his group is "far more practical to implement and goes further than anything that has gone before". Both IDQ and MagiQ welcome the hack for exposing potential vulnerabilities in their systems. Makorov informed both companies of the details of the hack before publishing, so that patches could made, avoiding any possible security risk. "We provide open systems for researchers to play with and we are glad they are doing it," says Anton Zavriyev, director of research and development at MagiQ. Ribordy and Zavriyev stress that the open versions of their systems that are sold to university researchers are not the same as those sold for security purposes, which contain extra layers of protection. For instance, the fully commercial versions of IDQ's system also use classical cryptographic techniques as a safety net, says Ribordy. Makarov agrees that the hack should not make people lose confidence in quantum cryptography. "Our work will ultimately make these systems stronger," he says. "If you want state-of-the-art security, quantum cryptography is still the best place to go." ? References ? Lydersen, L. et al. Nature Photonics advance online publication doi:10.1038/NPHOTON.2010.214 (2010). ? Xu, F., Qi, B. & Lo, H.-K. Preprint at http://arxiv.org/abs/1005.2376v1 (2010). From rforno at infowarrior.org Sun Aug 29 20:05:59 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Aug 2010 21:05:59 -0400 Subject: [Infowarrior] - Jordan amends cyber crimes law after media outcry Message-ID: <6E6F7450-EF34-40E9-8841-3DD761563994@infowarrior.org> Jordan amends cyber crimes law after media outcry Aug 29 01:49 PM US/Eastern Comments (0) Email to a friend Share on Facebook Tweet this http://www.google.com/hostednews/afp/article/ALeqM5g3dhjRdgi7tZLBh17MMUrxnQFrzQ Jordan on Sunday approved a temporary law on cyber crimes after amending it to appease the fury of journalists who said the legislation was a means to control local news websites. The law had initially allowed the authorities to raid and search offices from which websites are published and to access computers without prior approval from public prosecutors. But under the new amendments approved by the government, searching such offices requires court permission and enough evidence that these places are used to commit cyber crimes, Information Minister Ali Ayed said. Journalists have complained that one of the articles of the law banned sending or posting data on the Internet or any information system that involves defamation or contempt or slander, without defining such crimes. "That article was removed because these crimes have been already tackled in other laws," said a statement posted on local news websites, adding that "the amendments came in line with King Abdullah II's directives." "Other changes removed all parts that could be used to affect press freedom and freedom of expression." The statement quoted Ayed as telling a group of journalists that the law "never targeted local news websites and that the amendments came to clarify things, remove any misunderstanding and make sure the law is implemented the right way." "The government has consulted several experts, including the National Centre for Human Rights and the Jordan Bar Association, before amending the law." International and local rights organisations had added their voices to journalists and opposition parties, including the Islamist movement, in harshly criticising the new law before its amendment. The New York-based Committee to Protect Journalists (CPJ) had urged King Abdullah II to veto the law, saying it gave authorities "sweeping powers to restrict the flow of information and limit public debate." Copyright AFP 2008, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium From rforno at infowarrior.org Sun Aug 29 20:39:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Aug 2010 21:39:37 -0400 Subject: [Infowarrior] - Bothersome online friends have spawned blocking apps - and etiquette dilemmas Message-ID: <8806EA85-EDEF-4A53-A98E-84377DA8C505@infowarrior.org> Bothersome online friends have spawned blocking apps - and etiquette dilemmas By Michael S. Rosenwald Sunday, August 29, 2010; 6:02 PM http://www.washingtonpost.com/wp-dyn/content/article/2010/08/29/AR2010082902447_pf.html Esthela Gonzalez's friends are talking to her, but she's not listening. The chatter is coming at Gonzalez not over a cup of coffee or at Five Guys, but through her iPhone, on Twitter. Gonzalez, bored by some of her friends' blabbering, has quietly put a few of them on the social networking equivalent of time out. Using a $4.99 iPhone application called Twittelator Pro, the 36-year-old from Chantilly simply tapped a button that says "mute" and, voila, her friends' tweets are blocked. Best of all, they're totally oblivious that they have just been silenced. "When I saw this feature, it was like a choir of angels coming out to greet me," Gonzalez said. The age of social media has made it easier than ever to stay connected with the people you know, but it has also made it almost inevitable that users will come to feel overwhelmed by interruptions, updates and status reports. So now, the technology that turned people into 24/7 communicators has spawned a tool kit that discreetly lets users be just a tad antisocial on their own networks. This is the digital equivalent of walking down a back hallway to avoid the talkative colleague who's always boasting about his latest sale. With more than 500 million people connected on Facebook, 190 million on Twitter, and zillions more scattered on other social networks around the world, users are embracing new ways to politely ignore friends and family, just as they do in the analog world. "The problem with one big water cooler is that you don't always want to be at the water cooler with everyone all the time," said Bretton MacLean, a Toronto developer of a popular iPhone app called TweetAgora, which lets users block unwanted tweets without the tweeter ever knowing. As the company puts it, "Some people are great in real life but just plain suck at Twitter." Programmers such as MacLean say they are racing to meet user demand for discreet ways to avoid people technologically. Besides muting on Twitter, other emerging services include Ex-Blocker, created by web design firm Jess3, which blocks social networking posts from ex-girlfriends, -boyfriends, and other undesirables. Avoidr, developed by a San Francisco techie, promises to "keep your friends close and your enemies at that bar down the street." The service uses information from Foursquare, the social network on which users share their location with friends, to tell people which establishments to avoid to dodge someone who has moved to their zero list. Those seeking a more exclusive world than Facebook can instantly start private social networks using The Fridge. "All fridges are private," the company says. "Invite only. Safe from the parents, boss, or those pesky stalkers." Even the lowly voice mail is evolving with the avoidance times: Slydial lets more than 10,000 people a day leave cellphone messages without the receiver's phone ever ringing. A senior State Department official cops to using it, though not by name for fear of blowing his cover. Still, he professes to have not a shred of guilt about avoiding direct contact even with the people he values most. "In the course of things I do in the day that I have to feel bad about," he said, "this doesn't rank in the top five." How can the aide and Gonzalez claim to be guilt-free about cutting off their friends? Experts in the social dynamics of the new media say those who use avoidance technologies are simply being human in ways that social network creators didn't foresee when they built these supercharged ways to connect family, friends, friends of friends, and friends of friends of friends. "When these social networks came along, the founding premise seemed to be to just connect everyone," said Duncan Watts, a senior research fellow at Columbia University and director of the Human Social Dynamics Group at Yahoo. "My first reaction: Why would anyone think that's a good idea? We spend a lot of time making sure everyone doesn't know everything, and now we are collectively bumping up against this issue of people wanting to avoid people." On most social networks, after "friending" someone else, the default mode is to exchange every possible kind of information and message. (Washington Post Co. chairman Donald Graham is on the board of Facebook, the world's largest online social network.) If John follows Jane on Twitter, John sees everything Jane writes, even if John couldn't care less about Jane's endless posts on "American Idol." This could leave John needlessly annoyed by Jane, a discontent that could seep into their otherwise healthy face-to-face relationship. The same goes for Facebook: John and Jane might be decent friends, but does Jane really care about John's pictures of his new deck? No, she does not. John's and Jane's options, if they don't want to go hunting around Twitter and Facebook to figure out complicated privacy settings, have until now been dire: Just about the only way to rid themselves of a torrent of annoying posts was to drop each other from their friend lists. But in the face-to-face world, John and Jane would never drop each other over such trivial annoyances. Rather, if John knew Jane always wanted to talk about "American Idol" over lunch in the cafeteria on Thursdays, he would simply avoid her table on those days. The new services seek to re-create that easy, unhurtful form of avoidance online. "This is all really a question about how to best be polite online," said Danah Boyd, a social media scholar at Microsoft Research. "This etiquette is just starting to evolve. People are trying to find new ways to appear friendly when they don't really like what you're saying at all." Just about everyone -- users, programmers, big thinkers -- agrees that the new avoidance services require a certain amount of deception, but they argue that these tools, and more subtle ones that will be developed down the road, are needed to avoid hurt feelings ("You dropped me? Dropped?") and are essentially no different from pretending to need a freshened-up drink to escape from boring cocktail party chatter. "I would never want to unfollow them," Gonzalez said of the friends she has muted on Twitter. "You don't want to offend your real-life friends. That would be a terrible thing to do." But she also shudders to think what would happen if her friends found out that she had turned off their flow of tweets. "Oh, God, no," she said when asked about such a possibility. But won't Gonzalez's friends figure out that she's not seeing their posts on, say, a new movie they saw? No problem: If the friend sees Gonzalez face to face and reminds her of his latest brilliant online movie critique, Gonzalez can simply say, "Oh, I must have missed that." Or, "Oh, you know, I follow so many people, stuff falls through the cracks." Such excuses never fail. "It's plausible deniability," said Boyd, the Microsoft researcher. "The more technology is fallible and has some holes, the more you can blame it for your failure to do something that is socially appropriate. That makes it much easier to use all these blocking and muting services, because otherwise people will not have the ability to pull this off." So when the senior diplomat leaves someone a Slydial message, he can, if he chooses, add a casual aside: "Oh, that's so weird -- your phone never rang." And when an Ex-Blocker user bumps into an ex-girlfriend who has just gotten engaged, he smoothly says, "Oh, I totally must have missed that on Facebook. Congrats!" The upside of all this deception, at least for Gonzalez, is that her Twitter experience has become much more enjoyable. "Muting people is very discreet," she said. "I like it better this way." Then she paused, and something seemed to dawn on her: "I wouldn't be completely surprised if someone has muted me." rosenwaldm at washpost.com Post a Comment From rforno at infowarrior.org Mon Aug 30 08:27:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Aug 2010 09:27:23 -0400 Subject: [Infowarrior] - Entertainment Industry Propaganda Campaign Against Limewire Fails; FTC Drops ID Fraud Investigation Message-ID: Entertainment Industry Propaganda Campaign Against Limewire Fails; FTC Drops ID Fraud Investigation from the so-much-for-that dept While Limewire is facing a difficult future after losing its lawsuit to the major record labels, the company was also the target of a ridiculous propaganda campaign over the years, orchestrated by a few entertainment industry organizations, which tried to connect Limewire to identity fraud, by claiming that people were putting personal data into shared folders... and this was somehow Limewire's fault. Either way, the FTC stepped in to investigate and has now dropped the investigation, saying that, while the company could still do a better job educating users on how not to inadvertently share information, it didn't see anything that was actionable against Limewire. http://techdirt.com/articles/20100827/03184710792.shtml From rforno at infowarrior.org Mon Aug 30 13:27:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Aug 2010 14:27:09 -0400 Subject: [Infowarrior] - Yoran: Focus on Secrecy Could Hamper Pentagon's Cybersecurity Plans Message-ID: Focus on Secrecy Could Hamper Pentagon's Cybersecurity Plans By Paul Roberts Created 08/30/2010 - 12:49pm http://threatpost.com/en_us/print/6420 The former head of the Department of Homeland Security's Cyber Security Division warns that the U.S. military's preoccupation with secrecy could hamper efforts to get the upper hand in cyber security. An article last week by the U.S Deputy Secretary of Defense put the U.S. military's cybersecurity plans in the spotlight. Writing for the magazine Foreign Affairs, William J. Lynn III confirmed that a 2008 security breach resulted in a malicious code infection that touched both classified and unclassified intelligence networks and prompted a ground-up rethinking of the Pentagon's approach to cyber security. Lynn painted a mostly optimistic picture of the Military's about face on cybersecurity [1], which culminated in the creation of a Cyber Command, under the direction of a four star general and with a direct line of communication to the Secretary of Defense and Commander in Chief. Lynn also declared a new era in the arena of computer intrusions and defense [2], with cyber a new theater of warfare in need of a tried and true approach: Cold War style alliances with allies and the private sector to spot and thwart emerging threats. What does it all mean? To get a better understanding of what's really changed, Threatpost.com sat down with Amit Yoran, CEO of Netwitness and a former head of the Department of Homeland Security's Cyber Security Division [3] to talk about cybersecurity, federal policy and what the country really needs to do to secure its critical infrastructure. ThreatPost (TP): Deputy Secretary of Defense Lynn's article generated a lot of press coverage, but how much of what he revealed was really news? Amit Yoran (AY): The way I looked at this is that Deputy Secretary of Defense Lynn said classified networks were compromised as part of an infestation. If that's the story that's out there, then that's pretty significant. Its not that there haven't been incidents involving unclassified information and networks. We know about thousands of incidents involving military and Pentagon networks and elsewhere. But there haven't been disclosures about incidents on classified networks. So that's a pretty significant precedent, by the mere fact that information that travels on classified networks has the potential to have grave consequences for national security if it's disclosed. So that's newsworthy and, as we work through our cyberstrategy, a significant data point. The other issue is that the Deputy Secretary of Defense made the point that this was a nation-state sponsored attack. Now you can question the quality of analysis, and its not that mistakes don't happen. But with an issue like this that is so highly visible, for the Deputy Secretary of Defense to write that a foreign intelligence service is behind the incident, we should asssume that a fair bit of analysis has been done to come to that conclusion. TP: Do you find it at all surprising that a pretty typical virus infection, circa 2008 (Agent.btz), was attributed with delivering the 'wake up call' to the Pentagon? Doesn't that strike you as a bit late in the day for a wake up call? AY: I think it shows you that not everything has to be an original exploit to bypass signature based platforms. Attackers can modify known pieces of malware that are not detectable by traditional AV products. That's something that's not as well known in the market. We hear a lot about "advanced persistent threats," but its not really "advanced" its, maybe, "reasonably advanced." TP: Deputy Secretary Lynn's piece is fairly optimistic. He talks a lot about the changes that were made in the way the military addresses cyber threats - notably: the creation of a unified Cyber Command. Do you feel like advances have been made? AY: I think it would be difficult to claim victory at this point. I think the reorganization has been successful and Cyber Command is off and running. So "yes," there has been progress. There's more awareness. But if you ask "Is the response sufficient or adequate to address the threat or commensurate with the need?" I'm not convinced that the answer is "Yes." I think its too early to tell. Looking at it from the outside, I think we continue to fall further behind in the cyber domain. A lot of activity is still occurring at the classified level and that's unfortunate for many reasons. Our reliance on classified information is problematic from a public policy, privacy and legal perspective. That doesn't mean that the classified program is illegal, but the legal analysis of it is classified, too. If you don't have even the legal analysis done in the open, you're really operating on very thin ice. You don't have the best legal minds and scholars. You don't have an appropriate, critical eye. You end up with a terror screening program and the legal challenges that occurred with that. I think what we've got is very reminiscent of Bush-era intelligence activities. There's a public policy dialog that's crippled by the classified nature of these programs. The other issue, when we discuss the level of conversation, is that we get into scenarios where few people know what's going on. When you have information that's tightly controlled, you don't have the type of information sharing broadly among different operators. So the intelligence community isn't sharing information with the folks who run systems or with the private sector and people are at a loss - they don't understand the threat environment and what they need to do to protect themselves. They're uniformed about risk management practices. The results is that they get compromised and leak intellectual property. So, at a policy level, that's difficult. At an operational level, you have IP addresses and information about exploits that are classified and can't be uploaded to unclassified systems for analysis. That's a very sensitive issue that hasn't been significantly changed since the Bush era. The question that's unanswered here really is "What is the role of government in detecting, preventing and responding to attacks against private industry in the U.S.?" "Who has authority to monitor all communications and, if they're monitoring, do they have the right to defend and protect those communications? Are they accountable if they do it? What if they alter packets that have financial impact to a trading firm?" There's a lot of very complex legal and policy issues and operational issues that need to be discussed openly, but they aren't because of the nature of these programs and the classification issues. TP: One of the suggestions in Deputy Secretary of Defense Lynn's article is an expanded role for the NSA that might include more domestic monitoring... AY: That's a reason why we need transparent public debate about the proposal. Clearly, the NSA is one of the most significant resources the government has and it has some of the most powerful capabilities and assets in the cyber domain. As a national policy, do we want to see them evolving beyond signals intelligence and deeper into cyber? That makes a lot of sense. Cyber is pervasive around the world, so having NSA maintain superiority in that domain is critical to our national interests. But when you get to questions like what the role of the NSA will be and how involved it will be in monitoring, or what organizational structure will be for different missions? Those are questions that need tremendous and healthy public policy debate. In any attack scenario you have questions about collateral damage to organizations that are not targeted but that have been compromised. Perhaps you have data that's valid, but that includes some encapsulated malware or payload or other issue. Is the NSA going to block it or delay it or screen that traffic? Is the NSA going to make that determination for American businesses? These are not trivial legal and policy issues that require a significant public debate, or we could find ourselves with a very different culture and different set of challenges facing the nation ten or 20 years from now. TP: Deputy Secretary of Defense Lynn uses the analogy of the Cold War to describe the U.S.'s new approach to fighting the cyber threat, by which he means that the U.S. will leverage its allies and strategic partnerships to try to contain the cyber threat and anticipate new threats. What do you think of that analogy? AY: When you're in a broad domain like cyber, it can be difficult to come up with an appropriate analogy. As for the cyberwar - Cold War analogy, I think there's some validitiy to it, but some gaps as well. For one, (cyber war) is clearly not a matter of traditional warfare in the sense of government versus government and military versus military. Its more of a matter of economic advantage and attacks are frequently done by non-state actors. So if you don't take into account the international nature of business today, -- its reliance on information flows, whose assets are what and how they're intertwined, then there are a lot of flaws to the warfare analogy. Its not that its not applicable, but it has limitations. TP: One of the significant challenges Deputy Secretary Lynn points out is in the arena of human resources - keeping parity with other developing nations in areas like engineering. You served as the Department of Homeland Security's Cyber Security Division during part of the Bush Administration, what are your thoughts on what the country needs to do to succeed in the cyber arena? AY: I think the American character is what makes us successful elsewhere and is our greatest asset in the cyber domain, as well. American entrepreneurship, ingenuity and creativity. If you think about how cyber is done, engineering disciplines are important and I would certainly say we need to support programs that encourage the development of those skills. But in and of themselves, they're not the only factors for success. You're going to have a healthy amount of creativity and entrepreneurship to address gaps in the market where people aren't able to accurately defend themselves. One thing you need is transparency: a clear articulation of the threat so people can analyze it and address and better mitigate the risks they have. As I've said, I worry that this is being crippled by the reliance on classification, so until we have more transparency I worry that we'll continue to fall short in areas like product requirements and functionality that allow people to better protect themselves. If we continue to rely on the NSA and the classified intelligence community, we'll continue to have businesses that suffer from the gross inability to defend themselves. Like it says in the Bible, you've got to teach people how to fish. The government has a responsibility to create transparency around the threat, and we won't be broadly successful as a nation until they do so. From rforno at infowarrior.org Mon Aug 30 17:29:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Aug 2010 18:29:55 -0400 Subject: [Infowarrior] - Facebook "Like Farms" Are Spamming Up Your News Feed Message-ID: <24C92678-9F9A-4809-8323-0260F4317A28@infowarrior.org> I'll take the article at its word -- I'm not on FB and have no desire to be! -rick Facebook "Like Farms" Are Spamming Up Your News Feed Nick Saint | Aug. 30, 2010, 1:39 PM | 1,140 | 1 http://www.businessinsider.com/facebook-like-buttons-spawn-a-new-form-of-spam-2010-8 One of the bigger announcements to come out of Facebook's controversial keynote at its developer conference last spring was the introduction of "Like buttons" that can be placed anywhere on the web, allowing people to register their approval of content on third-party sites without leaving them. It's a big part of Facebook's push to put its brand everywhere on the Internet, and to make being logged into the social network central to users' experience of just about everything online. It's also the basis for a new type of business: the like farm. By default, when one of your Facebook friends like something, it shows up in your news feed. Recently, we've noticed that our feeds are clogged with dozens of weird likes from just a couple of friends, like the ones shown here. They look like links to blog posts or articles, but in fact, the title is the content. Each of these updates links to an entry on one of dozens of like farms, where any user can submit these updates, and pump them into Facebook by liking them. These sites are entirely comprised of pithy updates, like buttons, and, of course, ads: Basically, these sites are enabling the equivalent of Twitter hash tag jokes on Facebook; people see funny sentences pop up in their streams, and indicate their approval by liking them. This is the Facebook equivalent of retweeting, since all of your friends are notified that you liked the blurb. Many of these entries have been liked by tens of thousands of users, all of whose friends see the updates, which links to the sites, so this is no doubt generating non-negligible ad revenue despite requiring zero effort on the part of the sites' creators. The biggest we've seen, Likey.net, is already seeing over a million uniques per month. Once an update has enough likes, it can spread entirely on Facebook. But to get the process started, someone has to have gone to the site and submitted it in the first place. It's hard to say why -- unlike on Twitter, the original poster of these updates isn't referenced or credited in any way. And the sites look and feel extremely spammy. At least one of them has already been flagged as an attack site by Google, though it's not clear whether the site is itself malicious, or merely the target of third-party attacks. Facebook has tried for a long time now to make its news feeds a Twitter-killer, but despite its much larger user base, it hasn't had much success there. The success of these like sites shows that there is some real hunger among some Facebook users for Twitter-style communication, and that Facebook isn't doing a good enough job enabling it on its own. The result isn't pretty. From rforno at infowarrior.org Mon Aug 30 18:49:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Aug 2010 19:49:36 -0400 Subject: [Infowarrior] - WH to loosen rules on technology exports Message-ID: <047E1EDF-F207-4797-9B5E-156B1E6F2530@infowarrior.org> Obama to loosen rules on technology exports By Howard Schneider Washington Post Staff Writer Monday, August 30, 2010; 7:19 PM http://www.washingtonpost.com/wp-dyn/content/article/2010/08/30/AR2010083004278_pf.html The Obama administration is overhauling the decades-old rules for the export of sensitive military and other technology, jettisoning what industry groups criticize as an antiquated "Cold War" set of regulations for a more streamlined approach. After a year-long review by officials at the State, Defense and Commerce departments, President Obama is scheduled to announce plans Tuesday to consolidate some enforcement activities in a single agency and develop a clearer list of products whose sale is restricted. U.S. export controls cover tens of thousands of products and services and are overseen by three agencies. It is a system U.S. businesses say often leaves them hamstrung, even when it comes to selling less-sensitive items that are readily available in other industrialized countries. Over the years, different parts of the federal government have developed "very different control lists, with agencies fighting over who has jurisdiction," Obama said in remarks released by the White House and scheduled to be delivered by video to an export conference Tuesday. "Decisions were delayed, sometimes for years, and industries lost their edge or moved abroad." The key departments - State and Commerce - are developing lists that better define restricted products and technologies and classify them in one of three tiers based on sensitivity. An initial government evaluation of one category, military vehicles, found that about three quarters of the 12,000 items identified would be less strictly regulated under the new approach, and one-third could be freely exported, according to information provided by the White House. The issue of controls sits at a sensitive juncture between the administration's push to boost exports during weak economic growth and desire to maintain the country's technical edge in key battlefield and intelligence technologies. Federal regulations include a long list of weapons and military equipment whose export is restricted - from small arms and ammunition to strategic ballistic missiles and nuclear submarine parts. The regulations govern the export of sensitive computer equipment, cryptographic software, and technologies such as the "low-observable" materials and manufacturing techniques used in stealth aircraft - things the United States has a vested interest in protecting or exporting to allies in only an adulterated form. But a fact sheet released by the administration Monday described how the regulations could prove onerous and self-defeating by, for example, impeding the export of routine equipment such as heavy brake pads widely used on fire trucks and other large vehicles just because they could also be used on an M1A1 tank. Obama said the aim of the new system is "to build higher walls around the export of our most sensitive items while allowing the export of less critical ones under less restrictive conditions." Business and industry groups, which have long argued for changes to the export control rules, welcomed the president's announcement. The administration has set a goal of doubling U.S. exports, and industry groups say changes to the export control rules might produce tens of billions of dollars in additional sales. "We have so many goods that are subject to this regime," said John Murphy, vice president of international affairs for the U.S. Chamber of Commerce. "If everything is a priority, then nothing is a priority." From rforno at infowarrior.org Mon Aug 30 22:10:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Aug 2010 23:10:03 -0400 Subject: [Infowarrior] - UK, France to share aircraft carriers Message-ID: <10C94DB9-F22E-45E3-9E42-B8C27CA9619F@infowarrior.org> UK, France to share aircraft carriers http://www.thesun.co.uk/sol/homepage/news/3118476/UK-and-France-tobr-share-aircraft-carriers.html BRITAIN and France are preparing to reveal unprecedented plans to share the use of their aircraft carriers in a controversial step to maintain military power in an era of cost-cutting. In a potential threat to thousands of shipyard jobs, the move would make it easier for Britain to scrap or downgrade one of the two replacement carriers which are already under construction at a cost of ?5.2billion. David Cameron and President Sarkozy are expected to outline the proposal in a November summit, which will lead to British and French flagships working together and protecting the interests of both countries. The arrangement, expected to come into force soon after the announcement, would ensure that one of three ships - one French, two British - was always on duty patrolling the seas. At present, there are periods when both ageing British vessels - HMS Ark Royal and HMS Illustrious - are in dock. Critics questioned the viability of such a partnership, noting British and French interests historically differ. Gwyn Prins, a research professor at the London School of Economics, said: "At first glance it may seem sensible to pool aircraft carriers with the French. But a moment's reflection in the light of past history and of modern geopolitics shows why that is unwise." The plan comes as the Armed Forces are under pressure to cut costs and continue to protect Britain's national interests, as part of the defence review. A final decision on the future of the replacement carriers will come in October in the Comprehensive Spending Review. One carrier could be scrapped, built to a lower specification, or even sold to another nation. Liam Fox, the Defence Secretary, meets French counterparts on Friday, having repeatedly visited Paris for discussions before the election. Advertisement A Whitehall source said: "Liam has made it clear that we want more co-operation as we have to face up to the world we are living in. The advantage is that if we are going to have one carrier, then at least we can project our power on the sea even if we go down to a single carrier." Discussions are under way to devise a protocol in case a British interest, such as the Falkland Islands, comes under threat when the French are in charge. Each carrier would remain within its domestic chain of command, with the British vessels only taking orders from Royal Navy officers. President Sarkozy told ambassadors last week: "France is prepared to undertake concrete projects. I heard our British allies' statements on bilateral co-operation with France. We will discuss this with them without taboos and take important decisions in November." Sources close to the National Security Council, the new Cabinet group which decides the direction of British foreign policy, said that Dr Fox was minded to give the go-ahead to both carriers, but the second may have its capability downgraded. A cut-down carrier would be able to carry an army brigade and could be used as a base for a troop landing, which would mean it could take helicopters rather than jets. However, the fast jets envisaged for the new British carriers would not be able to fly off the French version and French aircraft would be unable to use the British model. A Navy source said that the plan would add welcome flexibility to combined operations, but added: "Using each other's carriers would require decisions to be made at the strategic level so that national aims on any given operation would be the same." From rforno at infowarrior.org Tue Aug 31 05:16:49 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Aug 2010 06:16:49 -0400 Subject: [Infowarrior] - =?windows-1252?q?HP_Holds_Navy_Network_=91Hostage?= =?windows-1252?q?=92_for_=243=2E3_Billion?= Message-ID: <5AA1C623-11DD-4B25-8F23-5338F62C68A4@infowarrior.org> HP Holds Navy Network ?Hostage? for $3.3 Billion ? By Noah Shachtman ? August 31, 2010 | ? 12:04 am | ? Categories: Navy http://www.wired.com/dangerroom/2010/08/hp-holds-navy-network-hostage/ Someday, somehow, the U.S. Navy would like to run its networks ? maybe even own its computers again. After 10 years and nearly $10 billion, many sailors are tired of leasing their PCs, and relying on a private contractor to operate most of their data systems. Troops are sick of getting stuck with inboxes that hold 150 times less than a Gmail account, and local networks that go down for days while Microsoft Office 2007 gets installed ? in 2010. But the Navy just can?t quit its tangled relationship with Hewlett-Packard. The admirals and the firm recently signed another $3.3 billion no-bid contract that begins Oct. 1st. It?s a final, five-year deal, both sides promise, to let the Navy gently wean itself from its reliance on HP. But that?s what they said the last time, and the time before that. It?s become a Washington clich? that the military and the intelligence community rely too much on outside contractors. Everyone from President Obama to Defense Secretary Robert Gates has promised to cut back on Pentagon outsourcing. But the Navy?s ongoing inability to separate itself from Hewlett-Packard ? after years of trying ? shows how difficult that withdrawal is going to be. Just to make sure its core networks keep running ? to make sure marines and sailors can keep e-mailing each other on Oct. 1st ? the Navy is paying Hewlett Packard $1.788 billion. (Booz Allen Hamilton, another outside contractor, handled the negotiations with Hewlett-Packard for the military.) The service will spend another $1.6 billion to buy from HP the equipment troops have worked on for years, and to license the network diagrams and configuration documents, so that the Navy can begin to plan for a future in which they?re not utterly reliant on HP for their most basic communications. In essence, the Navy is paying to look at the blueprints to the network it has been using for a decade. ?HP is holding the Navy hostage, and there isn?t a peep about it,? one Department of the Navy civilian tells Danger Room. ?We basically had two recourses: pay, or send in the Marines.? The initial idea behind the project, called the Navy Marine Corps Intranet, was to combine a hodgepodge of 15,000 different systems into a single, manageable network. A single IT company, Electronic Data Systems, would own all the gear ? from the routers to the servers to the mice ? and operate it all for the Navy. That way, the sailors wouldn?t need to count on the military?s Paleolithic purchasing system for their tech. And they?d get the benefit of a proven sysadmin who was smarter, faster, more efficient and more flexible than any lumbering government bureaucracy. Original cost: $4.1 billion for five years. Since then, NMCI has grown to become the second largest network in the world, trailing only the internet itself. More than 700,000 sailors, marines and civilians on nearly 400,000 computers in 620 locations throughout the United States, Japan and Cuba are connected. NMCI?s 4,100 servers handle more than 2.3 petabytes of data. And, in some ways, the project has to be counted as a success: All those old networks have been merged into one, and that one centrally-controlled network is far easier to operate and secure than the tangled messes you find in most military commands. But the flexibility the Navy hoped for? Well, let?s just say NMCI operates with all the agility and responsiveness you?d expect from a centrally-managed, self-policing monopoly. ?When our computers are not being crippled by updates, and as long as we don?t have to call the help desk for anything (i.e. we don?t have any computer problems) then NMCI has somewhat stabilized,? another Navy civilian e-mails Danger Room. Worse, HP ? which acquired Electronic Data Systems and its Navy contract in 2008 ? still operates under performance metrics set a decade ago. A typical workstation on the network costs the Navy $2,490.72 per year. That includes an e-mail inbox with a 50-MB capacity (Gmail?s: 7,500 MB), and 700 MB of network storage (compared to Evernote?s unlimited, free plan). Anything above that is extra. A year?s use of a ?high-end graphics? workstation sets the Navy back $4,085.64. Extra applications on a laptop or desktop computer can run anywhere from $1,006.68 to $4,026.72 annually. A classified Ethernet port ? $9,300 to $28,800 per year, depending on where it?s located. What?s more, HP isn?t required to take security measures like hard disk encryption, threat heuristics, and network access control that are common today, but were exotic in 2000. ?Anti-spam services? runs the Navy $2.7 million per year under the contract. Cleaning up a ?data spillage? ? classified information that got placed an unclassified network ? costs $11,800 per incident. In 2008, the Navy paid about $5 million to wipe the data from 432 compromised computers. That?s ?almost 10 times the cost of simply destroying the affected machines and replacing them with new ones,? the Washington Times reported. HP executive director Randy Dove calls the project the ?most secure, flexible and functional network within the Department of Defense.? Dove?s company claims 87.5 percent of NMCI users surveyed said they?re happy with the service. But among sailors and marines, NMCI?s many alternate acronyms tell a different story: ?No More Contracted Infosystems,? ?Non Mission-Capable Internet,? ?Never Mind Crash Imminent.? Sailors and marines complained of long network down times, waits of hours and days for technical support ? and even longer for pauses for BlackBerries and other gear. The NMCI contract wasn?t supposed to last a whole decade, originally. But the job of consolidating networks and keeping up with the Navy?s wartime data needs kept getting bigger and more complex. And once the Navy started counting on an outside contractor to keep its information flowing, the harder it became to part ways ? despite the complaints from the troops and from independent auditors. Current program manager Capt. Captain Scott Weller insists that ?the Navy always had full command and control over NMCI.? But Navy officials like retired Adm. John Gauss provides a different perspective. ?We gave up far too much control under NMCI,? he admits. Yet the NMCI contract was revamped over and over again, each time for more time and more money. ?After investing about 6 years and $3.7 billion on NMCI, the Navy has yet to meet the program?s two strategic goals ? to provide information superiority and to foster innovation,? the Government Accountability Office concluded in 2006 (.pdf). A few months earlier, the Navy decided to extend the contract through 2010. In 2008, Navy officials declared their intention to finally assume day-to-day control of their networks. Then they quickly reconsidered. Military leaders wondered whether they had the expertise to manage such a complex IT project. Contractors working on the Navy?s behalf shared those concerns. The Navy might be able to build an aircraft carrier, say. But those ships take a decade or more to build. Something as fast moving as IT? That requires a different metabolism, a different workforce and a different set of skills. Then there was the question of intellectual property. HP owned all of NMCI?s designs. Without that information, the Navy couldn?t really begin to plan for the Navy?s Next Generation Enterprise Network, or NGEN. (The new network had to be based on the old one, after all.) Which meant the military needed yet another agreement with Hewlett-Packard if they ever hoped to separate from the company. ?Without access to the infrastructure and technical data associated with NMCI, we can?t hold an open competition,? Capt. Tim Holland, NGEN program manager, told an interviewer. A Department of the Navy civilian is more blunt: ?On Oct. 1st, NMCI becomes NGEN ? provided we meet HP?s list of terrorist demands.? ? with additional reporting by Zach Gottlieb From rforno at infowarrior.org Tue Aug 31 06:43:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Aug 2010 07:43:18 -0400 Subject: [Infowarrior] - Wrongfully Accused Of File-Sharing? File For Harassment Message-ID: <666B0A2F-5B15-4D22-8153-4815B1AF5F99@infowarrior.org> Wrongfully Accused Of File-Sharing? File For Harassment Written by enigmax on August 31, 2010 http://torrentfreak.com/wrongfully-accused-of-file-sharing-file-for-harassment-100831 There are tens of thousands of people out there receiving letters from lawyers which demand payments to make potential copyright infringement lawsuits go away. Those wrongfully accused have been fighting back in a number of ways, and not without success. Now a team of lawyers is offering to coordinate a group action, with the aim of gathering compensation for victims through harassment claims. Last month it was revealed that ACS:Law, the now infamous one-man law firm that has sent out tens of thousands demands for cash settlements to make supposed copyright infringement lawsuits go away, has been referred to the Solicitors Disciplinary Tribunal on allegations of misconduct. This referral, achieved through the tireless work of those wrongfully accused and consumer groups such as Which? and BeingThreatened.com, was much-welcomed news. But the wheels of justice can turn very slowly. It could take months, maybe more than a year, for the authorities to do their work. This is a serious problem for those still affected by the actions of ACS:Law principal Andrew Crossley. Make no mistake, this is not going away soon. Crossley is regularly going to court and gaining the identities of thousands more individuals he says are infringing his clients? copyrights, yet he has no solid proof in almost any instance that this is the case. As a result of flawed evidence, huge numbers of people say they have been accused in error. Noticing this apparent failing, a team of lawyers in the north of England have announced that they are pursuing a group action and are urging people to come forward to participate. Noting that Crossley has been referred to the SDT for ?bullying and excessive conduct?, Ralli Solicitors say that letter recipients may be entitled to compensation for harassment. ?It can be incredibly upsetting for people to receive such letters and they may well have a claim for harassment against ACS Law so I am urging them to come forward,? says Michael Forrester of Ralli?s Intellectual Property and Harassment Law team. Ralli appears to have considerable experience in this field, having represented several police officers in their claims of harassment made against the Chief Constable of Northumbria Police in 2009. TorrentFreak contacted Ralli to find out more about the company?s offer. Why does the law firm feel that letter recipients may have been harassed? ?It appears people have been harassed as they have been alarmed and distressed by these letters,? Ralli?s Robert Illidge explained. ?A course of conduct which amount to harassment, including alarming and/or distressing a person, is prohibited by the law.? So what conditions must be met for a letter recipient to be considered eligible for inclusion in the group action? According to Illidge, not many. ?A receipt of correspondence from ACS law, or another firm, falsely accusing a person of infringement,? he told us. While in some cases the reasons why people are being wrongfully identified may never be known, it is clear that in untold cases innocent bill payers who have carried out no file-sharing at all are getting multiple letters from ACS:Law. Their claims of innocence are going ignored. The law says that in order to have infringed copyright, bill payers must have either shared files themselves or explicitly authorized someone else to do the act. Since ACS:Law cannot possibly know who is sat at a computer keyboard at any particular time, they wrongfully suggest that the bill payer is the infringer or it is their responsibility to say who did the alleged file-sharing. They are wrong on both counts and people who fall into this category might well consider a claim. As is common with most cash demands sent to alleged copyright infringers, the settlement amount required by the likes of ACS:Law is carefully weighted. Not too much so that the majority simply can?t pay, and just low enough to make investing in a lawyer to shout their corner an unattractive proposition. So how much will it cost to file for harassment with Ralli? ?Our aim is for the actions to cost claimants nothing,? Illidge told us. ?It depends on who is involved, how many claims and how the cases are presented. There are a number of ways of funding group action litigation such as the ?no win, no fee? basis.? So, if successful in their action, what could participants hope to achieve? ?If successful, participants can expect to receive damages for the financial loss and anxiety the letters and other correspondence have caused,? says Illidge. ?The law also allows individuals to obtain injunctions in certain specific circumstances, which, if obtained would prevent the harassment from continuing.? TorrentFreak can?t vouch for Ralli, but with our experience of these actions our friendly advice to bill payers is simple. If you receive a letter addressed to you and you didn?t do what these people say you did, don?t pay. With an eye on the excellent Speculative Invoicing Handbook from BeingThreatened.com, write a single firm but brief letter denying the accusations. If you are harassed again, write to the SRA ? they know Mr Crossley very well. By all means see what Ralli have to offer too. ?No Win, No Fee? is just right, but if it?s going to cost much more than a few pounds, don?t bother. ACS:Law have a track record of leaving people alone who have the nerve to stand up to them ? you can do that yourselves. Anyone seeking additional information can contact Michael Forrester or Clare Perchal on 0161 832 6131 or by emailing harassment at ralli.co.uk. From rforno at infowarrior.org Tue Aug 31 18:00:28 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Aug 2010 19:00:28 -0400 Subject: [Infowarrior] - Telecoms Force Customers to Pay for Nothing Message-ID: Telecoms Force Customers to Pay for Nothing http://www.prwatch.org/node/9404 Source: Los Angeles Times, August 31, 2010 Time Warner Cable has figured how to make customers pay more for a "service" that consists of doing absolutely nothing: it doubled its fee to not print customers' names in the phone book. Time Warner now charges $1.99 a month, or almost $24 a year, for an unlisted number. Verizon charges $1.75 a month not to list your name in its phone book, and AT&T charges $1.25 a month not to provide the same service. Why charge a fee every month, when the request is made once, carried out with a few keystrokes, and then is done? Jim Gordon, a spokesman for Time Warner, says "It's a recurring service that you're provided throughout the month." This means Time Warner charges customers for a service that consists of doing nothing, and since they don't do anything month after month, they keep charging you for a "recurring service." Even worse, Time Warner doesn't even print its own phone book. It pays Sprint to compile its customers' names and numbers, and then give them to companies that do print directories. So Time Warner is charging people $1.99 a month not to be in a book they don't even produce. In 2009, a California State Senator introduced legislation to prohibit telecom companies from charging fees for unlisted numbers, arguing that it should not cost customers more to protect their privacy, but the legislator abandoned the bill after phone and cable companies lobbied against it. From rforno at infowarrior.org Tue Aug 31 18:05:56 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Aug 2010 19:05:56 -0400 Subject: [Infowarrior] - Why is this news? Message-ID: <48C0E266-438C-4B53-8330-C9ABEE7A276E@infowarrior.org> well zip-a-dee-doo-dah.......I've seen this reported so many places today you'd think it was earth-shattering ground-breaking breakthrough. Like, slow news week? Apple expected to boost iTunes song samples to 60 seconds http://www.appleinsider.com/articles/10/08/30/apple_expected_to_boost_itunes_song_samples_to_60_seconds.html