From rforno at infowarrior.org Fri Jan 1 00:11:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 19:11:00 -0500 Subject: [Infowarrior] - TSA drops subpoenas on bloggers Message-ID: <46FE15F2-53B6-4EC4-8B94-F02D30AD0DD3@infowarrior.org> This is the first time I've ever quoted Twitter as a primary source to my mailing lists. Imagine that!!! Happy 2010! http://twitter.com/flyingwithfish/status/7252262983 HAPPY NEW YEAR TO ME! TSA's Dep Chief Counsel for Enforcement just called me to let me know I am in the clear & good to go! Woo Woo #TSAFail http://twitter.com/elliottdotorg/status/7251446330 GOOD NEWS! DHS has withdrawn its subpoena @TSABlogTeam From rforno at infowarrior.org Fri Jan 1 00:16:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 19:16:15 -0500 Subject: [Infowarrior] - TSA nominee gave misleading information to Congress, documents show Message-ID: <5A57967D-D896-4E82-BF42-FDF0BF6E93C4@infowarrior.org> TSA nominee gave misleading information to Congress, documents show By Robert O'Harrow Jr. Washington Post Staff Writer Thursday, December 31, 2009; 6:05 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/12/31/AR2009123102257_pf.html The White House nominee to lead the Transportation Security Administration gave Congress misleading information about incidents in which he inappropriately accessed a federal database, possibly in violation of privacy laws, documents obtained by The Washington Post show. The disclosure comes as pressure builds from Democrats on Capitol Hill for quick January confirmation of Erroll Southers, whose nomination has been held up by GOP opponents. In the aftermath of an attempted airline bombing on Christmas Day, calls have intensified for lawmakers to install permanent leadership at the TSA, a critical agency in enforcing airline security. Southers, a former FBI agent, has described inconsistencies in his accounts to Congress as "inadvertent" and the result of poor memory of an incident that dates back 20 years. He said in a Nov. 20 letter to key senators obtained by The Post that he accepted full responsibility long ago for a "grave error in judgment" in accessing confidential criminal records about his estranged wife's new boyfriend. His letter to Senate homeland security Chairman Joseph I. Lieberman (I- Conn.) and ranking Republican Susan Collins (Maine), which has not been publicly disclosed, attempts to correct statements about the episode that were made in a sworn affidavit on Oct. 22 and have been previously reported. Southers did not respond to a request for an interview, and his wife declined to comment. Southers' admission that he was involved in a questionable use of law enforcement background data has been a source of concern among civil libertarians, who believe the TSA performs a delicate balancing act in tapping into passenger information to find terrorists while also protecting citizens' privacy. Southers first described the episode in his October affidavit, telling the Senate panel that two decades ago he asked a San Diego Police Department employee to access confidential criminal records about the boyfriend. Southers said he had had been censured by superiors at the FBI. He described the incident as isolated and expressed regrets about it. The committee approved his nomination on Nov. 19. One day later, Southers wrote to Lieberman and Collins saying his first account was incorrect. After reviewing documents, he recalled that he had twice conducted the database searches himself, downloaded confidential law enforcement records about his wife's boyfriend and passed information on to the police department employee, the letter said. It is a violation of the federal Privacy Act to access such confidential information without proper cause. The law says that "any person who knowingly and willfully requests or obtains any record concerning an individual from an agency under false pretenses shall be guilty of a misdemeanor and fined not more than $5,000." In his letter, Southers said that he simply forgot the circumstances of the searches, which occurred in 1987 and 1988 when he was worried about his wife and their son, who had begun living with the boyfriend. The letter said that "during a period of great personal turmoil, I made a serious error in judgment by using my official position with the FBI to resolve a personal problem." He did not specify the data system he accessed. "I am distressed by the inconsistencies between my recollection and the contemporaneous documents, but I assure you that the mistake was inadvertent, and that I have at all times taken full responsibility for what I know to have been a grave error in judgment," the letter said. "This incident was over twenty years ago, I was distraught and concerned about my young son, and never in my career since has there been any recurrence of this sort of conduct." Southers' nomination already has been delayed by partisan bickering. Though two Senate committees have endorsed him, and he received recommendations from other law enforcement officials, Sen. Jim DeMint (R-S.C.) recently held up his approval because of concerns that Southers would support the unionization of TSA workers. White House spokesman Nick Shapiro defended Southers and said the changes in his account should not affect his nomination. "Southers has never tried to hide this incident and has expressed that these were errors he made in judgment that he deeply regretted and an error that he made in an account of events that happened over 20 years ago. Senators Lieberman and Collins were satisfied with Southers' letter and voiced their support for him. Southers' nomination has not been held up over this as he has been entrusted with significant and increasing responsibilities in the area of homeland security over the years since, but he is being held up by Senator DeMint over a political issue," Shapiro said. A spokesman said Senate Majority Leader Harry M. Reid (D-Nev.) will work quickly to overcome DeMint's procedural block and force a vote when the Senate reconvenes later this month. People involved in the vetting process for Southers debated the significance of the change in his account. But they concluded that he was still a good choice. In a statement, a spokeswoman for Lieberman said the senator "believes that Erroll Southers is an outstanding candidate to lead the TSA. Twenty-two years ago, Mr. Southers committed a serious error in judgment. He admitted that error and was disciplined for it." "Mr. Southers was forthcoming about his past censure during his nomination process and about errors he made in recalling the details," the statement said. "Senator Lieberman is satisfied that the totality of Mr. Southers' career more than qualifies him for the position to which he was nominated." Civil liberties specialists said that the misuse of databases has been common among law enforcement authorities for many years, despite an array of local, state and federal prohibitions intended to protect personal information. Studies have found that police at every level examine records of celebrities, women they have met and political rivals. Some federal authorities have been jailed for selling records to criminals. Americans seem willing to trade information for more security, but only if there are clear limits on how the information is being used. Several ambitious security programs, including one for aviation screening called CAPPS II (Computer Assisted Passenger Pre-screening System), were sharply curtailed when passengers and Congress concluded that the databases were too intrusive and not properly overseen. The same thing could happen now, after the attempted bombing on Christmas Day, if travelers lose faith in the TSA's ability to protect information about them, said Michael German, policy counsel at the American Civil Liberties Union and a former FBI special agent. "They're saying we have to do it harder and more," German said about the push now for more data surveillance. "The government can only succeed if they have the confidence and support of the American people. Once that confidence is diminished, the government will be in a much tougher position." In questioning before the Senate Homeland Security and Governmental Affairs Committee, Southers has said he understands the need to balance security and privacy. Said Collins: "You have taken responsibility for your actions. You've acknowledged your mistake in the personal conversation that we had in my office. It is important that the public have confidence that government officials will not misuse the authority that they have." She added: "If you're confirmed, you're going to have the access to databases that have personal information on many, many individuals, such as through the secure flight program, and it's going to be important for the public to have confidence that you would not, in any way, misuse your access to the personal information in those databases. So, let me first ask you: Have you ever in the past misused your access to databases that the government maintains, other than this one incident that led to this censure?" "No, Senator, I have not," Southers replied. Collins continued: "Do you commit today that you will respect the privacy and civil liberties concerns that people have with regard to the personal information in those databases?" "Yes, Senator, I do," Southers said. From rforno at infowarrior.org Fri Jan 1 03:35:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 22:35:50 -0500 Subject: [Infowarrior] - 5 myths about keeping America safe from terrorism Message-ID: <3ADDE0E1-D475-4FB1-B7AD-409C12F0C136@infowarrior.org> 5 myths about keeping America safe from terrorism By Stephen Flynn Sunday, January 3, 2010; B03 http://www.washingtonpost.com/wp-dyn/content/article/2009/12/31/AR2009123101159_pf.html With President Obama declaring a "systemic failure" of our security system in the wake of the attempted Christmas bombing of a Detroit- bound airliner, familiar arguments about what can and should be done to reduce America's vulnerabilities are again filling the airwaves, editorial pages and blogosphere. Several of these arguments are based on assumptions that guided the U.S. response to the Sept. 11, 2001, attacks -- and unfortunately, they are as unfounded now as they were then. The biggest whopper of all? The paternalistic assertion that the government can keep us all safe without our help. 1. Terrorism is the gravest threat facing the American people. Americans are at far greater risk of being killed in accidents or by viruses than by acts of terrorism. In 2008, more than 37,300 Americans perished on the nation's highways, according to government data. Even before H1N1, a similar number of people died each year from the seasonal flu. Terrorism is a real and potentially consequential danger. But the greatest threat isn't posed by the direct harm terrorists could inflict; it comes from what we do to ourselves when we are spooked. It is how we react -- or more precisely, how we overreact -- to the threat of terrorism that makes it an appealing tool for our adversaries. By grounding commercial aviation and effectively closing our borders after the 2001 attacks, Washington accomplished something no foreign state could have hoped to achieve: a blockade on the economy of the world's sole superpower. While we cannot expect to be completely successful at intercepting terrorist attacks, we must get a better handle on how we respond when they happen. 2. When it comes to preventing terrorism, the only real defense is a good offense. The cornerstone of the Bush administration's approach to dealing with the terrorist threat was to take the battle to the enemy. But offense has its limits. We still aren't generating sufficiently accurate and timely tactical intelligence to adequately support U.S. counterterrorism efforts overseas. And going after terrorists abroad hardly means they won't manage to strike us at home. Just days before the attempted bombing of Northwest Airlines Flight 253, the United States collaborated with the Yemeni government on raids against al- Qaeda militants there. The group known as al-Qaeda of the Arabian Peninsula is now claiming responsibility for having equipped and trained Umar Farouk Abdulmutallab, who allegedly tried to blow up the flight. The group is also leveraging the raids to recruit militants and mount protests against Yemen's already fragile central government. At the same time, an emphasis on offense has often come at the expense of investing in effective defensive measures, such as maintaining quality watch lists, sharing information about threats, safeguarding such critical assets as the nation's food and energy supplies, and preparing for large-scale emergencies. After authorities said Abdulmutallab had hidden explosives in his underwear, airline screeners held up flights to do stepped-up passenger pat-downs at boarding gates -- pat-downs that inevitably avoided passengers' crotches and buttocks. This kind of quick fix only tends to fuel public cynicism about security efforts. But if we can implement smart security measures ahead of time (such as requiring refineries next to densely populated areas to use safer chemicals when they manufacture high-octane gas), we won't be incapacitated when terrorists strike. Strengthening our national ability to withstand and rapidly recover from terrorism will make the United States a less appealing target. In combating terrorism, as in sports, success requires both a capable offense and a strong defense. 3. Getting better control over America's borders is essential to making us safer. Our borders will never serve as a meaningful line of defense against terrorism. The inspectors at our ports, border crossings and airports have important roles when it comes to managing immigration and the flow of commerce, but they play only a bit part in stopping would-be attackers. This is because terrorist threats do not originate at our land borders with Mexico and Canada, nor along our 12,000 miles of coastline. They originate at home as well as abroad, and they exploit global networks such as the transportation system that moved 500 million cargo containers through the world's ports in 2008. Moreover, terrorists' travel documents are often in perfect order. This was the case with Abdulmutallab, as well as with shoe-bomber Richard Reid in 2001. Complaints about porous borders may play well politically, but they distract us from the more challenging task of forging international cooperation to strengthen safeguards for our global transportation, travel and financial systems. They also sidestep the disturbing fact that the number of terrorism-related cases involving U.S. residents reached a new high in 2009. 4. Investing in new technology is key to better security. Not necessarily. Technology can be helpful, but too often it ends up being part of the problem. Placing too much reliance on sophisticated tools such as X-ray machines often leaves the people staffing our front lines consumed with monitoring and troubleshooting these systems. Consequently, they become more caught up in process than outcomes. And as soon procedures become routine, a determined bad guy can game them. We would do well to heed two lessons the U.S. military has learned from combating insurgents in Iraq and Afghanistan: First, don't do things in rote and predictable ways, and second, don't alienate the people you are trying to protect. Too much of what is promoted as homeland security disregards these lessons. It is true that technology such as full-body imaging machines, which have received so much attention in the past week, are far more effective than metal detectors at screening airline passengers. But new technologies are also expensive, and they are no substitute for well- trained professionals who are empowered and rewarded for exercising good judgment. 5. Average citizens aren't an effective bulwark against terrorist attacks. Elite pundits and policymakers routinely dismiss the ability of ordinary people to respond effectively when they are in harm's way. It's ironic that this misconception has animated much of the government's approach to homeland security since Sept. 11, 2001, given that the only successful counterterrorist action that day came from the passengers aboard United Airlines Flight 93. These passengers didn't have the help of federal air marshals. The Defense Department's North American Aerospace Defense Command didn't intercept the plane -- it didn't even know the airliner had been hijacked. But by charging the cockpit over rural Pennsylvania, these private citizens prevented al-Qaeda terrorists from reaching their likely target of the U.S. Capitol or the White House. The government leaders whose constitutional duty is "to provide for the common defense" were defended by one thing alone -- an alert and heroic citizenry. This misconception is particularly reckless because it ends up sidelining the greatest asset we have for managing the terrorism threat: the average people who are best positioned to detect and respond to terrorist activities. We have only to look to the attempted Christmas Day attack to validate this truth. Once again it was the government that fell short, not ordinary people. A concerned Nigerian father, not the CIA or the National Security Agency, came forward with crucial information. And the courageous actions of the Dutch film director Jasper Schuringa and other passengers and crew members aboard Flight 253 thwarted the attack. Stephen Flynn is the president of the Center for National Policy and author of "The Edge of Disaster: Rebuilding a Resilient Nation." From rforno at infowarrior.org Fri Jan 1 06:22:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Jan 2010 01:22:55 -0500 Subject: [Infowarrior] - =?windows-1252?q?It=92s_Always_the_End_of_the_Wor?= =?windows-1252?q?ld_as_We_Know_It?= Message-ID: January 1, 2010 Op-Ed Contributor It?s Always the End of the World as We Know It By DENIS DUTTON http://www.nytimes.com/2010/01/01/opinion/01dutton.html?hp=&pagewanted=print Christchurch, New Zealand IT seems so distant, 1999. Bill Clinton had survived impeachment, his popularity hardly dented, Sept. 11 was just another date and music fans were enjoying a young singer named Britney Spears. But there was a particular unease in the air. The so-called Y2K problem, the inability of computers to read dates beyond 1999 threatened to turn Jan. 1, 2000 into a nightmare. The issue had first been noticed by programmers in the 1950s, but had been ignored. As the turn of the century loomed, though, it seemed that humankind faced a litany of horrors. Haywire navigation controls might cause aircraft to fall from the skies. Electricity grids, water systems and telephone networks would be knocked out, while nuclear power plants would be subject to meltdown. Savings and pension accounts would be wiped out in a general bank failure. A cascade of breakdowns in communication and commerce would create vast shortages of food and medicine, which would, in turn, produce riots, lawlessness and social collapse. Even worse, ICBMs might rise from their silos unbidden, spreading death across the globe. Y2K problems would not be limited to mainframe computers that governed the information systems of the modern world, but were going to affect millions of tiny computer chips found everywhere. Thanks to these wonky microprocessors, elevators would die, G.P.S. devices would stop working and dishwashers would dry the food onto the plates before trying to rinse it off. Even ordinary cars might spontaneously accelerate to fatal, uncontrollable speeds, with brakes failing to respond. The Y2K catastrophe was promoted with increasing shrillness toward century?s end: headlines proclaimed a ?computer time bomb? or ?a date with disaster.? Vanity Fair?s January 1999 article ?The Y2K Nightmare? caught the sensationalist tone, claiming that ?folly, greed and denial? had ?muffled two decades of warnings from technology experts.? Among the most reviled of the Y2K deniers was Bill Gates, who not only declared that Microsoft?s PCs would take the date turnover in stride, but had the audacity to blame those who ?love to tell tales of fear? for the worldwide anxiety. Mr. Gates?s denialism was ignored as governments and corporations set in place immensely expensive schemes to immunize systems against the Y2K bug. They weren?t the only ones keen to get in on the end-time spirit. The Rev. Jerry Falwell suggested that Y2K would be the confirmation of Christian prophecy, ?God?s instrument to shake this nation, to humble this nation.? The Y2K crisis might incite a worldwide revival that would lead to ?the rapture of the church.? Along with many survivalists, Mr. Falwell advised stocking up on food and guns. So the scene was set here in New Zealand for midnight on Dec. 31, 1999. We are just west of the dateline, and thus would be the first to experience not only popping Champagne corks and fireworks, but the Y2K catastrophe, if any. As clocks hit midnight, Champagne and skyrockets were the only explosions of interest, since telephones, ATMs, cars, computers and airplanes worked just fine. The head of the government?s Y2K Readiness Commission declared victory: ?New Zealand?s investment in planning and preparation has paid off.? Confident that our millions were well spent, we waited for news of the calamities sure to hit countries that had ignored Y2K. Asia, a Deutsche Bank official had predicted, was going to be ?burnt toast? on New Year?s Day ? not just the lesser-developed areas of Vietnam and China, but South Korea, which by 1999 was a highly computer-dependent society. South Korea, one computer expert told me, had a national telephone system similar to British Telecom?s. But where the British had wisely sunk millions of pounds into Y2K remediation, South Korea had done next to nothing. However, exactly 10 years ago today, as the date change moved on through the Far East, India, Russia, the Middle East and Europe, it became apparent that it made little difference whether you lived in Britain, which at great expense had revamped many of its computer systems, or the lackadaisical Ukraine, which had ignored the issue. With minor glitches that would have gone unnoticed any other day of the week, the world kept ticking on. It must have been galling for computer-conscientious Germans to observe how life continued its pleasurable path for feckless Italians, who had generally paid no attention to Y2K. There were problems, to be sure: in Australia, a bus- ticket machine stamped the wrong date, while in Britain a tide gauge in Portsmouth Harbor failed. Still, the South Korean phone system came through unscathed. By the time midnight reached the United States, where upward of $100 billion had been spent on Y2K fixes, there was little anxiety. Indeed, the general health of American information systems, fixed and not, became clearer in the new year. The Small Business Administration calculated that 1.5 million businesses had undertaken no Y2K remediation. On Jan. 3, it received about 40 phone calls from businesses that had experienced minor faults, like cash registers that misread the year ?2000? as ?1900? (which seemed everywhere the single most common error caused by Y2K). KNOWING our computers is difficult enough. Harder still is to know ourselves, including our inner demons. From today?s perspective, the Y2K fiasco seems to be less about technology than about a morbid fascination with end-of-the-world scenarios. This ought to strike us as strange. The cold war was fading in 1999, we were witnessing a worldwide growth in wealth and standards of living, and Islamic terrorism was not yet seen as a serious global threat. It should have been a year of golden weather, a time for the human race to relax and look toward a brighter, more peaceful future. Instead, with computers as a flimsy pretext, many seemed to take pleasure in frightening themselves to death over a coming calamity. No doubt part of the blame must go to those consultants who took businesses and governments for an expensive ride in the lead-up to New Year?s Day. But doom-laden exaggerations about Y2K fell on ears that were all-too receptive. The Y2K fiasco was about more than simple prudence. Religions from Zoroastrianism to Judaism to Christianity to U.F.O. cults have been built around notions of sin and the world?s end. The Y2K threat resonated with those ideas. Human beings have constructed an enormous, wasteful, unnatural civilization, filled with sin ? or, worse in some minds, pollution and environmental waste. Suppose it turned out that a couple of zeros inadvertently left off old computer codes brought crashing down the very civilization computers helped to create. Cosmic justice! The theme of our fancy inventions ultimately destroying us has been a favorite in fiction at least since Mary Shelley?s ?Frankenstein.? We can place alongside this a continuous succession of spectacular films built on visions of the end of the world. Such end-time fantasies must have a profound, persistent appeal in order to keep drawing wide-eyed crowds into movie theaters, as historically they have drawn crowds into churches, year after year. Apocalyptic scenarios are a diversion from real problems ? poverty, terrorism, broken financial systems ? needing intelligent attention. Even something as down-to-earth as the swine-flu scare has seemed at moments to be less about testing our health care system and its emergency readiness than about the fate of a diseased civilization drowning in its own fluids. We wallow in the idea that one day everything might change in, as St. Paul put it, the ?twinkling of an eye? ? that a calamity might prove to be the longed-for transformation. But turning practical problems into cosmic cataclysms takes us further away from actual solutions. This applies, in my view, to the towering seas, storms, droughts and mass extinctions of popular climate catastrophism. Such entertaining visions owe less to scientific climatology than to eschatology, and that familiar sense that modernity and its wasteful comforts are bringing us closer to a biblical day of judgment. As that headline put it for Y2K, predictions of the end of the world are often intertwined with condemnations of human ?folly, greed and denial.? Repent and recycle! Denis Dutton is a professor of philosophy at the University of Canterbury, New Zealand. From rforno at infowarrior.org Fri Jan 1 14:23:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Jan 2010 09:23:54 -0500 Subject: [Infowarrior] - Chertoff's conflict of interest Message-ID: Ex-Homeland Security chief head said to abuse public trust by touting body scanners By Kimberly Kindy Washington Post Staff Writer Friday, January 1, 2010; A07 http://www.washingtonpost.com/wp-dyn/content/article/2009/12/31/AR2009123102821_pf.html Since the attempted bombing of a U.S. airliner on Christmas Day, former Homeland Security secretary Michael Chertoff has given dozens of media interviews touting the need for the federal government to buy more full-body scanners for airports. What he has made little mention of is that the Chertoff Group, his security consulting agency, includes a client that manufactures the machines. The relationship drew attention after Chertoff disclosed it on a CNN program Wednesday, in response to a question. An airport passengers' rights group on Thursday criticized Chertoff, who left office less than a year ago, for using his former government credentials to advocate for a product that benefits his clients. "Mr. Chertoff should not be allowed to abuse the trust the public has placed in him as a former public servant to privately gain from the sale of full-body scanners under the pretense that the scanners would have detected this particular type of explosive," said Kate Hanni, founder of FlyersRights.org, which opposes the use of the scanners. Chertoff's advocacy for the technology dates back to his time in the Bush administration. In 2005, Homeland Security ordered the government's first batch of the scanners -- five from California-based Rapiscan Systems. Today, 40 body scanners are in use at 19 U.S. airports. The number is expected to skyrocket at least in part because of the Christmas Day incident. The Transportation Security Administration this week said it will order 300 more machines. In the summer, TSA purchased 150 machines from Rapiscan with $25 million in American Recovery and Reinvestment Act funds. Rapiscan was the only company that qualified for the contract because it had developed technology that performs the screening using a less-graphic body imaging system, which is also less controversial. (Since then, another company, L-3 Communications, has qualified for future contracts, but no new contracts have been awarded.) Over the past week, Chertoff has repeatedly talked about the need for expanding the use of the technology in airports, saying it could detect bombs like the one federal authorities say Umar Farouk Abdulmutallab, a 23-year-old Nigerian, carried onto the Detroit-bound aircraft. "We could deploy the scanning machines that we currently are beginning to deploy in the U.S. that will give us the ability to see what someone has concealed underneath their clothing," Chertoff said Wednesday in an interview on CNN. The incident on the Detroit-bound plane provided "a very vivid lesson in the value of that machinery," he said. Staff researcher Julie Tate contributed to this report. From rforno at infowarrior.org Sun Jan 3 01:09:04 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Jan 2010 20:09:04 -0500 Subject: [Infowarrior] - Are planned airport scanners just a scam? Message-ID: <96C7FE0B-FAB3-4FFE-B1C3-CDD1E26A94D4@infowarrior.org> January 3, 2010 Are planned airport scanners just a scam? By Jane Merrick http://www.independent.co.uk/news/uk/home-news/are-planned-airport-scanners-just-a-scam-1856175.html New technology that Gordon Brown relies on for his response to the ChristmasDay bomb attack has been tested - and found wanting The explosive device smuggled in the clothing of the Detroit bomb suspect would not have been detected by body-scanners set to be introduced in British airports, an expert on the technology warned last night. The claim severely undermines Gordon Brown's focus on hi-tech scanners for airline passengers as part of his review into airport security after the attempted attack on Flight 253 on Christmas Day. The Independent on Sunday has also heard authoritative claims that officials at the Department for Transport (DfT) and the Home Office have already tested the scanners and were not persuaded that they would work comprehensively against terrorist threats to aviation. The claims triggered concern that the Prime Minister is over-playing the benefits of such scanners to give the impression he is taking tough action on terrorism. And experts in the US said airport "pat-downs" - a method used in hundreds of airports worldwide - were ineffective and would not have stopped the suspect boarding the plane. Umar Farouk Abdulmutallab, 23, allegedly concealed in his underpants a package containing nearly 3oz of the chemical powder PETN (pentaerythritol tetranitrate). He also carried a syringe containing a liquid accelerant to detonate the explosive. Since the attack was foiled, body-scanners, using "millimetre-wave" technology and revealing a naked image of a passenger, have been touted as a solution to the problem of detecting explosive devices that are not picked up by traditional metal detectors - such as those containing liquids, chemicals or plastic explosive. But Ben Wallace, the Conservative MP, who was formerly involved in a project by a leading British defence research firm to develop the scanners for airport use, said trials had shown that such low-density materials went undetected. Tests by scientists in the team at Qinetiq, which Mr Wallace advised before he became an MP in 2005, showed the millimetre-wave scanners picked up shrapnel and heavy wax and metal, but plastic, chemicals and liquids were missed. If a material is low density, such as powder, liquid or thin plastic - as well as the passenger's clothing - the millimetre waves pass through and the object is not shown on screen. High- density material such as metal knives, guns and dense plastic such as C4 explosive reflect the millimetre waves and leave an image of the object. Mr Wallace said: "Gordon Brown is grasping at headlines if he thinks buying a couple of scanners will make us safer. It is too little, too late. Under his leadership, he starved the defence research budget that could have funded a comprehensive solution while at the same time he has weakened our border security. "Scanners cannot provide a comprehensive solution on their own. We must now start to ask if national security demands the use of profiling." Mr Wallace added that X-ray scanners were also unlikely to have detected the Christmas Day bomb. The Government is looking at millimetre-wave scanners for widespread use in British airports as part of Mr Brown's review. They are safer to use than X-ray scanners because they do not emit radiation and do not require passengers' consent. Pregnant women cannot go through X- ray scanners but there are no such health risks with millimetre-wave technology. However, a Whitehall source revealed that the DfT and the Home Office had already tested both the millimetre-wave and X-ray body-scanners as part of an ongoing assessment of airport security and anti- terror measures. But the security scare has caused national governments and airports to renew their interest in body-scanners. Amsterdam's Schiphol airport, where Abdulmutallab changed flights en route from Nigeria to Detroit, is to activate 17 scanners it bought two years ago for flights to the US, despite EU advice that there are privacy and human rights issues. Last week the US Transportation Security Administration ordered $165m- worth of scanners, using both millimetre and X-ray technology, from L-3 Communications. Qinetiq had developed a similar millimetre-wave body scanner, but is now developing a sophisticated "stand-off" scanner which does not pose any privacy issues as it does not show a body image. Materials hidden on a body reflect back signals, showing up as a red alert on screen. Kevin Murphy, product manager for physical security at Qinetiq, admitted this SPO system would also not have picked up the Christmas Day bomb, but insisted that it could be used as part of a "layered approach" to security in mass transportation, which would also include monitoring people's behaviour. Mr Murphy echoed Mr Wallace's doubts over whether the millimetre-wave body scanners being discussed by the Government would have picked up Abdulmutallab's hidden explosive. He said: "It is conjecture whether or not these methods would have seen through clothing. I don't think anyone knows." He added: "The solution is to acknowledge that there isn't a single technology out there that is an answer to the whole problem." Each full body-scanner costs around ?100,000. However, opinion is divided among aviation experts. Writing in The Independent on Sunday, Chris Yates, Aviation Security Editor of Jane's Information Group, says: "Body scanning (whether it be millimetre-wave or X-ray based and manufactured by any of the companies in this sector), has a significant role to play in enhancing UK airport security immediately. "Body scanning is only half the story, though. The Government cannot ignore the liquid aspect any more. Liquid explosive became a high- agenda issue following the thwarted transatlantic bomb plot of 2006 and is clearly implicated in the attempted downing of Northwest Airlines Flight 253. If the Government skirts over this aspect it will be nothing short of a dereliction of duty." On Friday, in an announcement on the Downing Street website, the Prime Minister said an urgent review of security at UK airports would be implemented. Promising to react quickly to the "wake-up" call of last week's attempted atrocity, Mr Brown added: "In co-operation with President Obama and the Americans, we will examine a range of new techniques to enhance airport security systems beyond the traditional measures. These could include advancing our use of explosive trace technology, full body scanners and advanced X-ray technology." A spokesman for BAA, which owns six UK airports, including Heathrow, said on Friday: "Any comprehensive review of airport security should involve government and the aviation industry, and should establish how a combination of technology, intelligence and the profiling of passengers can build a better defence against the unpredictable and changing threat from international terrorism." Responding to Mr Wallace's claims, a DfT spokesman said: "Body- scanners are being assessed urgently as part of a package of measures to respond to the latest incident. Trials of body-scanners have already taken place and these are being assessed urgently as part of an immediate review of airport security." In the US, the "pat-down" search used by security staff was derided as ineffective - because officials are forbidden from frisking sensitive areas. Analyst Michael Boyd said: "To have people hold up their arms and just pat them - like I'm really going to carry a bomb down there. You know where you're going to put it, and no one's going to go there." Mr Brown has also convened a meeting for 28 January on the terror threat posed by Yemen, where Abdulmutallab is alleged to have undergone terrorist training. In a fresh announcement yesterday, Downing Street announced an emergency cabinet committee meeting with senior ministers and intelligence chiefs to discuss the UK's response to the attempted attack. No 10 and the White House have agreed to step up efforts to tackle the emerging threat from Yemen and Somalia. From rforno at infowarrior.org Sun Jan 3 01:43:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Jan 2010 20:43:17 -0500 Subject: [Infowarrior] - NZ's cyber spies win new powers Message-ID: <050DD6AC-B1B1-4165-BAFF-4F29F31CDBD9@infowarrior.org> NZ's cyber spies win new powers By NICKY HAGER - Sunday Star Times Last updated 09:10 03/01/2010 http://www.stuff.co.nz/national/3203448/NZs-cyber-spies-win-new-powers New cyber-monitoring measures have been quietly introduced giving police and Security Intelligence Service officers the power to monitor all aspects of someone's online life. The measures are the largest expansion of police and SIS surveillance capabilities for decades, and mean that all mobile calls and texts, email, internet surfing and online shopping, chatting and social networking can be monitored anywhere in New Zealand. In preparation, technicians have been installing specialist spying devices and software inside all telephone exchanges, internet companies and even fibre-optic data networks between cities and towns, providing police and spy agencies with the capability to monitor almost all communications. Police and SIS must still obtain an interception warrant naming a person or place they want to monitor but, compared to the phone taps of the past, a single warrant now covers phone, email and all internet activity. It can even monitor a person's location by detecting their mobile phone; all of this occurring almost instantaneously. Police say in the year to June 2009, there were 68 interception warrant applications granted and 157 people prosecuted as a result of those interceptions. Police association vice-president Stuart Mills said the new capabilities are required because criminals were using new technologies to communicate, and that people who weren't committing criminal offences had little to fear. However, civil liberties council spokesman Michael Bott said the new surveillance capabilities are part of a step-by-step erosion of civil rights in New Zealand. Police Minister Judith Collins responded to questions from the Sunday Star-Times about the new surveillance capabilities, saying: "I support the rule of law." In last year's budget she approved extra police funds to subsidise companies wiring surveillance devices into their telecommunications networks. The measures are the consequence of a law, the 2004 Telecommunications (Interception Capability) Act, which gave internet and network companies until last year to install devices allowing automated access to internet and cellphone data. Telecom, Vodafone and TelstraClear had earlier 2005 deadlines, and new cellphone provider 2degrees installed the interception equipment before launching last year. Official papers obtained by the Star-Times show that, despite government claims that it was done for domestic reasons, the new New Zealand spying capabilities are part of a push by United States agencies to have standardised surveillance capabilities available for their use from governments worldwide. While US civil liberties groups unsuccessfully fought these surveillance capabilities being used on US citizens, the FBI was lobbying other governments to adopt them. FBI Director Robert Mueller III told a senate committee in March last year that the FBI needs "global reach" to fight cyber-crime and terrorism and that co- operation with "law enforcement partners" gives it "the means to leverage the collective resources of many countries". Auckland lawyer Tim McBride, author of the forthcoming New Zealand Civil Rights Handbook, says our politicians had let down New Zealanders when they yielded to the foreign pressure and imported US- style surveillance into New Zealand. He said "monitoring email, internet chatting and Facebook is like the police and SIS planting bugs in every cafe and park. It would probably help solve a few crimes, but the cost is just too great". The 2004 New Zealand law, which mirrors laws overseas, requires the content of any communication plus "call associated data", such as times, phone numbers, IP addresses and mobile phone locations, to be able to be copied and sent to the police, SIS or Government Communications Security Bureau (GCSB) at the time of transmission or "as close as practicable" to that time. In practice, a specialist said, this means someone's email can be "at the agency within one or two minutes of it actually being on the wires". When the police and SIS were pushing for the interception capability law they argued repeatedly that it would not "change or extend in any way the existing powers". But civil libertarians say that the invisibility of electronic surveillance reduces the opportunity to challenge it. A technician familiar with the developments said the previous surveillance technology dated from the early 1980s when the Telecom phone system went digital. Police bugged individual phones and could request suspects' call logs. More recently police had taken a warrant to telcos and gone away with printed emails, but did it rarely as there were problems using the evidence in court. "This is the first big jump from there," said the technician. "They've never had the powers to force ISPs to build in spying capabilities before now. I imagine law enforcement is very excited about this." From rforno at infowarrior.org Sun Jan 3 15:05:04 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Jan 2010 10:05:04 -0500 Subject: [Infowarrior] - WaPo: Cybercomand Stalls Message-ID: Pentagon computer-network defense command delayed by congressional concerns By Ellen Nakashima Washington Post Staff Writer Sunday, January 3, 2010; A04 http://www.washingtonpost.com/wp-dyn/content/article/2010/01/02/AR2010010201903_pf.html The Pentagon's plan to set up a command to defend its global network of computer systems has been slowed by congressional questions about its mission and possible privacy concerns, according to officials familiar with the plan. As a result, the Defense Department failed to meet an Oct. 1 target launch date and has not held a confirmation hearing for the command's first director. Although officials stress that the cyber command, as it is known, is an effort to consolidate existing offensive and defensive capabilities under one roof and involves no new authorities or broadening of mission, its potential for powerful new offensive capabilities -- some as yet unimagined -- have raised questions on Capitol Hill about its role, according to national security experts familiar with the concerns. Key questions include: When do offensive activities in cyberspace become acts of war? How far can the Pentagon go to defend its own networks? And what kind of relationship will the command have to the National Security Agency? The NSA has the skills and authority to encrypt military secrets and break enemy codes, but its involvement in the controversy over warrantless wiretapping several years ago has raised concerns about any role it will play in a cyber command. Resolving questions about the command's mission are central not only to the effort to defend military networks, which come under assault millions of times a day, but to establishing the Pentagon's cyber strategy as the United States enters an era in which any major conflict will almost certainly involve an element of cyberwarfare. "I don't think there's any dispute about the need for Cyber Command," said Paul B. Kurtz, a cybersecurity expert who served in the George W. Bush and Clinton administrations. "We need to do better defending DOD networks and more clearly think through what we're going to do offensively in cyberspace. But the question is how does that all mesh with existing organizations and authorities? The devil really is in the details." Officials said the initial operating plan for a cyber command is straightforward: to merge the Pentagon's defensive unit, Joint Task Force-Global Network Operations, with its offensive outfit, the Joint Functional Command Component-Network Warfare, at Fort Meade, home to the NSA. The new command, which would include about 500 staffers, would leverage the NSA's technical capabilities but fall under the Pentagon's Strategic Command. The plan also calls for beefing up "intelligence sensing," or the blocking of malicious software and codes entering military networks, officials said. What level of defense? But the plan becomes more complicated as policymakers assess how aggressive to be in their defense of military networks. Data move at the speed of light along channels owned by commercial carriers, entering government networks at "gateways," or at the perimeter. Technology exists to detect malware at the gateways and in the commercial networks, but the ability to use that technology has given rise to policy questions. One senior defense official said officials are trying to figure out, for instance, to what extent it is legal and desirable to remove malware outside the gateways as it heads to military networks. "What can you do at the perimeter?" he said. "What can you do outside the perimeter? We haven't had resolution on that." Privacy advocates are sensitive to government monitoring of communications networks at or just outside the gateways, particularly if the effort involves private Internet carriers, out of concern that purely private, non-government communications could be monitored. But defense officials said they are not contemplating the involvement of private firms. The Pentagon is working with the Justice Department, the Department of Homeland Security, the White House and other agencies to ensure its efforts are legal and synchronized within a national cyber-policy framework, officials said. Congressional buy-in is important, they said. So far congressional staff have been briefed three times, and the Pentagon hopes to brief lawmakers this month. Officials said members of the Senate Armed Services Committee will hold the confirmation hearing for a new director once staff are satisfied they understand the command's purpose and operating plan. "Our goal here is to better protect our forces," said Deputy Assistant Secretary of Defense Robert J. Butler. "If someone can intrude inside the network, it could impair our ability to communicate and operate." President Obama has nominated the director of the NSA, Lt. Gen. Keith B. Alexander, to head the command. Alexander, who would become a four- star general, must be confirmed in that position before the command can launch at "initial operating capability." It is scheduled to become fully operational by Oct. 1. Sen. Bill Nelson (D-Fla.), chairman of the Armed Services emerging threats subcommittee, said that though there are "some policy questions" to be answered, he was confident Alexander would be confirmed. Nonetheless, the NSA's involvement, given the past controversy, has raised questions of oversight. "How do we make sure that if the National Security Agency is involved, that we don't have a problem with people seeing other people's information?" the defense official said, describing one congressional concern. "We've made it very clear. No information will be shared other than to support what we need to defend the networks -- the defense military information networks. The rest of that information, NSA is bound by legal rules" to protect Americans' privacy. Defining 'defense' NSA Deputy Director Chris Inglis said in a recent interview that "90 percent" of the command's focus will be on defensive measures because "that's where we are way behind." "If we led with attack, people would say, 'That's just nuts. That's completely irrational,' " he said. "You've got to be about the defense." Other intelligence experts, however, said that the term "defense" is malleable. They argue that the government is spending a significant amount of money on classified cyber programs to develop offensive capabilities. Beyond a cyber command, the Pentagon is grappling with a dizzying array of policy and doctrinal questions involving cyber warfare. Who should authorize a cyber attack on an adversary that might be capable of undermining the United States' financial system or energy infrastructure? What degree of certainty is needed about an alleged attacker before authorizing a response? When does an effort to defend a U.S. military network cross the line into an offensive action? Many of these questions will be answered down the road, after the command is launched, and perhaps some won't be answered for years, defense officials said. Still, such issues are important ones, said one official familiar with the Pentagon's plans, who was not authorized to speak for the record. "The rules can vary dramatically depending upon under what authority you're doing something," he said. "An offensive action is not a decision that can be taken very lightly. It is an extraordinary action because of the consequences that could result for either DOD or the intelligence community or critical U.S. industries." Post a Comment From rforno at infowarrior.org Sun Jan 3 15:09:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Jan 2010 10:09:31 -0500 Subject: [Infowarrior] - The Cost of High Anxiety About Flying Message-ID: <4AD32589-C06A-424F-A2DB-6AA93AF35F80@infowarrior.org> The Cost of High Anxiety About Flying January 1, 2010 By LIESL SCHILLINGER http://www.nytimes.com/2010/01/03/weekinreview/03schillinger.html Everyone knows that flying in a plane is potentially dangerous ? just as everyone knows that climbing Mount Everest is dangerous. What goes up must come down; and if you put yourself at a great height, you put yourself at risk of falling, though the odds of perishing in a plane crash are one in ten million, whereas for every ten Everest climbers who reach the peak, one dies ... a far less comfortable margin. One reason that airports have bars, and that flight attendants ply passengers with beer, wine and cocktails, is that flight industry higher-ups are well aware that a drink or two can calm the nerves of timorous fliers, and that indeed most of their customers fear air travel to some degree. If you doubt the truth of this, take a look at your seatmates the next time a plane you?re on hits an air pocket and drops before righting itself. You?ll see your fellow passengers (some of them, anyhow) praying ? hoping divine intervention will keep the magical container aloft. Regina Spektor wove this thought into her album, ?Far? last June, in the song ?Laughing With,? which goes, ?No one laughs at God when their airplane starts to uncontrollably shake.? It?s the 21st century, but that doesn?t keep flying from remaining, on one level, an act of faith. Nearly all of the millions of flights that take off and land each year proceed safely, without incident. Any number of accidents can (but rarely do) put a flight in jeopardy: from engine failure, to the sudden apparition of a flock of geese, to electrical storms, to ice, to air pockets. But in the last decade, beginning with the 9/11 attacks, the greatest assault on faith in air travel has come not from accidents but from intentional acts of sabotage by a handful of homicidal malefactors. Statistically, their criminal actions barely register. But the ripple effect of public panic at the notion that any passenger on any plane could be a human time bomb has rattled the airline industry and compromised the freedom of travel that the world?s citizens previously enjoyed. We understand other countries and other peoples best by seeing them; to see them, we must travel; to travel, in any concision of time, we must fly. Last week, one man with a grievance and exploding underpants boarded a plane for Detroit. This week, the nation?s attention and travel plans in the new year are held captive, as the battered American airline industry reels ? this after a few months in which airline stocks had finally climbed out of a deep hole, anticipating the possibility of increased air travel in 2010. The risk of a terrorist disruption of a flight is infinitesimal, but public perception of that risk can be outsize and emotional ... understandably so. Terrorists, like bogeymen, are frightening even when they don?t exist; and when they do appear in broad daylight, citizens who learn that the government failed to shield them from menace feel vulnerable and outraged. In the wake of Umar Farouk Abdulmutallab?s attempted sabotage, government and air travel officials are scrambling to reassure the citizenry ? investigating information-sharing deficits, suggesting rapid deployment of full-body magnetic resonance scans (a controversial and expensive measure) and adding blankets and bathroom visits to the perks that air travelers may no longer expect in the age of high anxiety. And yet, from the point of view of the individual traveler, a risk- free flight has never existed; nor has a risk-free car trip; nor a risk-free ocean liner voyage; nor a risk-free bike ride. To be alive is to face risks. When I was a child in Indiana, about to head to France to live with a French family for a month ? my first foreign trip ? something happened that nearly kept that journey from taking place. On May 25, 1979, a few weeks before my plane was to leave Chicago for Paris, a DC-10 took off from O?Hare, then crashed and exploded, killing all 271 people on board and 2 more on the ground. I didn?t know this at the time, but my grandmother was horrified that my parents went ahead with my trip after the accident. She told them they were sending a little girl to her death (I was just out of elementary school); and though my mother wept with guilt in secret, she protected me from their discord, determined that I have the experience I?d anticipated for two years, a reward for assiduous language study. That summer abroad was the single most formative experience of my young life. I can?t count the number of foreign and domestic flights I made in the ensuing two decades. Including, in 1995, a KLM flight from Africa to America via Amsterdam ? Mr. Abdulmutallab?s itinerary, more or less. Since 9/11/2001, or since 12/22/2001 (when Richard Reid attempted to blow up a Boeing 767 between Paris and Miami by detonating his sneakers), how many grandmothers, how many parents, how many people of whatever age, sex, or familial connection, have avoided air travel out of fear, or cautioned their friends and relatives against it? The risks of air travel continue to be minuscule, even during the War on Terror era, while the advantages of exploring other countries remain precious and inarguable. Still, a fortress mentality settles in each time a new instance of attempted airborne thuggery hits the airwaves. In the wake of alarming headlines, an obstacle course of cumbersome but laudable security precautions unrolls at airports, leading many of the earth?s seven- billion-odd inhabitants to resolve to remain earthbound as much as possible. One goal of terrorists is to make ordinary people afraid to leave their homes and interact with the wider world. Attacks on individual courage may leave no scars, but that does not mean they do no damage. In this last decade, nobody can tally the number of flights not taken, adventures not dared, countries not visited, because of the public?s anxieties about air travel. In 2005, rebelling against my own fears of traveling to sections of the globe that had come to seem perilous, I booked a flight to Syria and Lebanon to visit journalist friends who were living there. Days before my flight left Kennedy Airport, Syria revealed it had halted military and intelligence cooperation with the United States. My adrenalin racing, I packed, in anticipation mingled with dread. In the waiting room at the plane?s gate, as I sat amid women in hijab and children with stuffed animals and pink backpacks, I took half an Ambien to dim my worries. My companion, meanwhile, was watching ?24? on a laptop; and as Kiefer Sutherland blew away one Arab ?bad guy? after another, a family moved a few seats away from us, because we were so scary. I?m grateful that I overcame my cowardice and traveled to Damascus ? the most fascinating, culturally diverse city I?ve ever visited ? and to Baalbek, in Lebanon, which Alexander the Great called Heliopolis and which is now home to the ruins of great temples the Romans erected beginning in the first century B.C. Baalbek, also a stronghold for Hezbollah, is admittedly not the most welcoming destination. All the same, how can such a monument go unseen? It?s hard to assess the cost of the sacrifices an uneasy populace makes to the great idol Safety ? sacrifices that have no sure reward. Steps are already being taken to shore up air security in the aftermath of last week?s breach. But when will the skies again be truly friendly? When will Americans again be free to be curious, flight-miles-earning world citizens? Maybe we already are ? as long as we?re willing to get to the airport a few hours early to run the ever- lengthening security gauntlet. In 2010, potential dangers will attach to every flight, just as they did 10 years ago, 20 years ago, 30 years ago and before. Does that mean everyone should just stay put? For more than three years, the Department of Homeland Security has ranked the threat risk of domestic and international flights at ?Code Orange?? high. But staying in your own house still puts you at ?Code Yellow? ? elevated risk. How, then, to proceed? Perhaps there?s only ever been one trick to keeping one?s cool in challenging circumstances, the same one the British adventurer T. E. Lawrence offers for dealing with pain in David Lean?s film ?Lawrence of Arabia,? set a century ago, in another war. The trick, he says, ?is not minding.? From rforno at infowarrior.org Mon Jan 4 01:37:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Jan 2010 20:37:07 -0500 Subject: [Infowarrior] - New TSA Checks Message-ID: <687DF449-9378-40A8-96F9-25C78572D87C@infowarrior.org> Stepped-up screening targets fliers from 'terror-prone' lands By Carol D. Leonnig Washington Post Staff Writer Sunday, January 3, 2010; 8:08 PM http://www.washingtonpost.com/wp-dyn/content/article/2010/01/03/AR2010010301784_pf.html All travelers flying to the United States from other countries will face increased random screening, and all passengers from more than a dozen terrorism-prone nations will be patted down and have their carry- on bags searched, under new rules the Obama administration said will take effect Monday morning. The changes greatly beef up screening standards for all U.S.-bound travelers and are in response to the attempted bombing of an airliner on Christmas Day. The Nigerian man suspected in the attack boarded an Amsterdam flight headed to Detroit. But in keeping with previous protocols, he and other passengers were screened by a magnetometer, which did not detect the explosives he was allegedly carrying in his underwear. The Transportation Security Administration notified airline carriers Sunday of the changes for all flights entering the United States -- with an emphasis on a "full body pat-down and physical inspection of property" for all people who are citizens of or are flying through or from nations with significant terrorist activity. TSA officials declined to name all the "countries of interest" on Sunday, but confirmed that the directive applies to the State Department's list of state sponsors of terrorism. The department's Web site lists Cuba, Iran, Sudan and Syria as state sponsors of terrorism. A senior administration official identified the following as terrorism-prone nations or countries of interest to U.S. intelligence agencies: Afghanistan, Algeria, Iraq, Lebanon, Libya, Nigeria, Pakistan, Saudi Arabia, Somalia and Yemen. "Today, the Transportation Security Administration (TSA) issued new security directives to all United States and international air carriers with inbound flights to the U.S. effective January 4, 2010," TSA spokesman Greg Soule said. "The new directive includes long-term sustainable security measures developed in consultation with law enforcement officials and our domestic and international partners." In practice, a person with a Yemeni passport or a passenger flying through or from Yemen would be subjected to a body inspection or scan. "Because effective aviation security must begin beyond our borders, and as a result of extraordinary cooperation from our global aviation partners, TSA is mandating that every individual flying into the U.S. from anywhere in the world traveling from or through nations that are state sponsors of terrorism or other countries of interest will be required to go through enhanced screening. The directive also increases the use of enhanced screening technologies and mandates threat-based and random screening for passengers on U.S.-bound international flights," Soule said. TSA officials said screening standards for U.S.-bound passengers are enforced and monitored by TSA personnel and foreign security inspectors around the world. Carriers generally are careful to abide by the rules, to avoid being banned from travel to the United States. From rforno at infowarrior.org Mon Jan 4 01:49:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Jan 2010 20:49:03 -0500 Subject: [Infowarrior] - Resource: Web 2.0 Suicide Machine Message-ID: <38F3DDB3-14E5-4A8D-A05F-1FB424C859BC@infowarrior.org> Wipe The Slate Clean For 2010, Commit Web 2.0 Suicide http://www.techcrunch.com/2009/12/31/web-2-0-suicide/ ...and the site itself... http://suicidemachine.org/ Tired of your Social Network? Liberate your newbie friends with a Web2.0 suicide! This machine lets you delete all your energy sucking social-networking profiles, kill your fake virtual friends, and completely do away with your Web2.0 alterego. The machine is just a metaphor for the website which moddr_ is hosting; the belly of the beast where the web2.0 suicide scripts are maintained. Our service currently runs with Facebook, Myspace, Twitter and LinkedIn! Commit NOW! From rforno at infowarrior.org Mon Jan 4 03:10:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Jan 2010 22:10:36 -0500 Subject: [Infowarrior] - Bono = the next Lars Ulrich? Message-ID: January 3, 2010 4:40 PM PST Bono risks becoming next Lars Ulrich by Greg Sandoval http://news.cnet.com/8301-31001_3-10423544-261.html?part=rss&subj=news&tag=2547-1_3-0-20 Ever since Paul McGuinness, manager of the rock band U2, began lashing out at Internet Service providers two years ago for allegedly profiting from and encouraging illegal file sharing, U2 fans have wondered whether McGuinness spoke for the band. Bono, U2's outspoken frontman, cleared that up this weekend. As part of a op-ed piece in The New York Times, the singer argued that online file sharing is hurting music and film creators and placed much of the blame on bandwidth providers. "A decade's worth of music file-sharing and swiping has made clear that the people it hurts are the creators," Bono wrote, "in this case, the young, fledgling songwriters who can't live off ticket and T-shirt sales like the least sympathetic among us." Bono's comments are surprising. Most artists haven't come close to publicly criticizing file sharing for fear that they could alienate fans the same way that the band Metallica did when the rock group filed a copyright lawsuit against Napster nearly a decade ago. Lars Ulrich, Metallica's drummer, was vocal in his distaste for those who shared Metallica's music without paying for it and the band was widely criticized for their antipiracy stance. U2 has appeared willing the past two years to let McGuinness take the spears and arrows for speaking out against file sharing. In an interview with CNET last spring, McGuinness, the band's manager for more than two decades, riled some of the free-content crowd when he said that "ultimately, free is the enemy of good." McGuinness has typically saved his harshest rebuke for bandwidth providers, who he said "bear a huge responsibility to put things right." Bono also ripped into ISPs for not doing more to help protect copyright. He said the people benefiting most from online piracy are those running telecom and cable companies, "whose swollen profits perfectly mirror the lost receipts of the music business." The film and recorded-music sectors have lobbied and cajoled the top ISPs, which they consider to be in the best position to block pirated material flowing freely through their pipes, to create file-sharing deterrents. The ISPs have appeared reluctant to do much. For example, the Recording Industry Association of America has tried to enlist their help in creating a system whereby participating ISPs would gradually ratchet up pressure on suspected file sharers. The RIAA promised a year ago that it had agreements in place. So far, no partnerships have been announced. Negotiations continue but many in the music industry are weary of the perceived foot dragging of ISPs. Is that the source of Bono's frustration? Bono and McGuinness know how it looks to some fans when the richest band in the world starts complaining about lost profits. But both men say they aren't speaking out for the benefit of U2, which McGuinness acknowledged is rich and makes a load of money off concert tours and merchandise sales. Bono and his band manager suggest that they are arguing on behalf of talented acts that have not yet made a name for themselves but would be harmed by file sharing. "Note to self," Bono wrote in the op-ed piece. "Don't get over- rewarded rock stars on this bully pulpit, or famous actors; find the next Cole Porter, if he/she hasn't already left to write jingles." Greg Sandoval covers media and digital entertainment for CNET News. He is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at http://twitter.com/sandoCNET . From rforno at infowarrior.org Mon Jan 4 03:27:49 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Jan 2010 22:27:49 -0500 Subject: [Infowarrior] - Potentially harmful chemicals kept secret under law Message-ID: Use of potentially harmful chemicals kept secret under law By Lyndsey Layton Monday, January 4, 2010; A01 http://www.washingtonpost.com/wp-dyn/content/article/2010/01/03/AR2010010302110_pf.html Of the 84,000 chemicals in commercial use in the United States -- from flame retardants in furniture to household cleaners -- nearly 20 percent are secret, according to the Environmental Protection Agency, their names and physical properties guarded from consumers and virtually all public officials under a little-known federal provision. The policy was designed 33 years ago to protect trade secrets in a highly competitive industry. But critics -- including the Obama administration -- say the secrecy has grown out of control, making it impossible for regulators to control potential dangers or for consumers to know which toxic substances they might be exposed to. At a time of increasing public demand for more information about chemical exposure, pressure is building on lawmakers to make it more difficult for manufacturers to cloak their products in secrecy. Congress is set to rewrite chemical regulations this year for the first time in a generation. Under the 1976 Toxic Substances Control Act, manufacturers must report to the federal government new chemicals they intend to market. But the law exempts from public disclosure any information that could harm their bottom line. Government officials, scientists and environmental groups say that manufacturers have exploited weaknesses in the law to claim secrecy for an ever-increasing number of chemicals. In the past several years, 95 percent of the notices for new chemicals sent to the government requested some secrecy, according to the Government Accountability Office. About 700 chemicals are introduced annually. Some companies have successfully argued that the federal government should not only keep the names of their chemicals secret but also hide from public view the identities and addresses of the manufacturers. "Even acknowledging what chemical is used or what is made at what facility could convey important information to competitors, and they can start to put the pieces together," said Mike Walls, vice president of the American Chemistry Council. Although a number of the roughly 17,000 secret chemicals may be harmless, manufacturers have reported in mandatory notices to the government that many pose a "substantial risk" to public health or the environment. In March, for example, more than half of the 65 "substantial risk" reports filed with the Environmental Protection Agency involved secret chemicals. "You have thousands of chemicals that potentially present risks to health and the environment," said Richard Wiles, senior vice president of the Environmental Working Group, an advocacy organization that documented the extent of the secret chemicals through public-records requests from the EPA. "It's impossible to run an effective regulatory program when so many of these chemicals are secret." Of the secret chemicals, 151 are made in quantities of more than 1 million tons a year and 10 are used specifically in children's products, according to the EPA. The identities of the chemicals are known to a handful of EPA employees who are legally barred from sharing that information with other federal officials, state health and environmental regulators, foreign governments, emergency responders and the public. Last year, a Colorado nurse fell seriously ill after treating a worker involved at a chemical spill at a gas-drilling site. The man, who later recovered, appeared at a Durango hospital complaining of dizziness and nausea. His work boots were damp; he reeked of chemicals, the nurse said. Two days later, the nurse, Cathy Behr, was fighting for her life. Her liver was failing and her lungs were filling with fluid. Behr said her doctors diagnosed chemical poisoning and called the manufacturer, Weatherford International, to find out what she might have been exposed to. Weatherford provided safety information, including hazards, for the chemical, known as ZetaFlow. But because ZetaFlow has confidential status, the information did not include all of its ingredients. Mark Stanley, group vice president for Weatherford's pumping and chemical services, said in a statement that the company made public all the information legally required. "It is always in our company's best interest to provide information to the best of our ability," he said. Behr said the full ingredient list should be released. "I'd really like to know what went wrong," said Behr, 57, who recovered but said she still has respiratory problems. "As citizens in a democracy, we ought to know what's happening around us." The White House and environmental groups want Congress to force manufacturers to prove that a substance should be kept confidential. They also want federal officials to be able to share confidential information with state regulators and health officials, who carry out much of the EPA's work across the country. Walls, of the American Chemistry Council, says manufacturers agree that federal officials should be able to share information with state regulators. Industry is also willing to discuss shifting the burden of proof for secrecy claims to the chemical makers, he said. The EPA must allow a claim unless it can prove within 90 days that disclosure would not harm business. Meanwhile, the Obama administration is trying to reduce secrecy. A week after he arrived at the agency in July, Steve Owens, assistant administrator for the EPA's Office of Prevention, Pesticides and Toxic Substances, ended confidentiality protection for 530 chemicals. In those cases, manufacturers had claimed secrecy for chemicals they had promoted by name on their Web sites or detailed in trade journals. "People who were submitting information to the EPA saw that you can claim that virtually anything is confidential and get away with it," Owens said. The handful of EPA officials privy to the identity of the chemicals do not have other information that could help them assess the risk, said Lynn Goldman, a former EPA official and a pediatrician and epidemiologist at the Johns Hopkins Bloomberg School of Public Health. "Maybe they don't know there's been a water quality problem in New Jersey where the plant is located, or that the workers in the plant have had health problems," she said. "It just makes sense that the more people who are looking at it, they're better able to put one and one together and recognize problems." Independent researchers, who often provide data to policymakers and regulators, also have been unable to study the secret chemicals. Duke University chemist Heather Stapleton, who researches flame retardants, tried for months to identify a substance she had found in dust samples taken from homes in Boston. Then, while attending a scientific conference, she happened to see the structure of a chemical she recognized as her mystery compound. The substance is a chemical in "Firemaster 550," a product made by Chemtura Corp. for use in furniture and other products as a substitute for a flame retardant the company had quit making in 2004 because of health concerns. Stapleton found that Firemaster 550 contains an ingredient similar in structure to a chemical -- Di(2-ethylhexyl) phthalate, or DEHP -- that Congress banned last year from children's products because it has been linked to reproductive problems and other health effects. Chemtura, which claimed confidentiality for Firemaster 550, supplied the EPA with standard toxicity studies. The EPA has asked for additional data, which it is studying. "My concern is we're using chemicals and we have no idea what the long- term effects might be or whether or not they're harmful," said Susan Klosterhaus, an environmental scientist at the San Francisco Estuary Institute who has published a journal article on the substance with Stapleton. Chemtura officials said in a written statement that even though Firemaster 550 contains an ingredient structurally similar to DEHP does not mean it poses similar health risks. They said the company strongly supports keeping sensitive business information out of public view. "This is essential for ensuring the long-term competitiveness of U.S. industry," the officials said in the statement. Staff researcher Madonna Lebling contributed to this report. From rforno at infowarrior.org Mon Jan 4 03:37:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Jan 2010 22:37:38 -0500 Subject: [Infowarrior] - more on ... Bono = the next Lars Ulrich? References: Message-ID: <9800AF9B-D167-4CFD-9C90-3DE21E43295B@infowarrior.org> Begin forwarded message: > From: xxxxxx > Date: January 3, 2010 10:33:58 PM EST > To: rforno at infowarrior.org > Subject: Re: [Infowarrior] - Bono = the next Lars Ulrich? > > Bono has it all wrong: I haven't bought a U2 album since Achtung > Baby, NOT because of file-sharing (I literally don't possess any CDs > or MP3s of theirs after that album. No, I haven't bought a U2 album > since Achtung Baby because everything of theirs since then, has > kinda' sucked. > > I'm happy to pay for quality. I've been given a rip of a movie here > or there (really the same as borrowing a DVD, which is still > perfectly legal), and if it's good... I'll go out and buy the thing > legit. If it sucks, no money lost on my part. > > Yes, the Internet means some people want everything free. We've also > found with iTunes (among others) and more recently with the > miserably-DRM'd Kindle, that the vast majority of people are willing > to spend their own money to support the RIAA and MPAA - and, on a > smaller scale, the actors and musicians they claim to represent. > > No worthwhile act has gone broke in the Internet Age due to file > sharing. Britney Spears still has loads of cash to roll into $100 > coke straws, George Lucas has made more from the second Star Wars > trilogy than we spend in the entire Middle East in a year (or close > to it), and the RIAA and MPAA still has plenty of cash to pay their > lawyers to sue grandmothers who don't even own computers. > > Blaming ISPs for their users sharing via P2P (or HTTP, or FTP, > or...) is like blaming forks for Rosie O'Donnell being fat. It just > doesn't compute. > > In other words, "hey Bono, pogue mahone!" > -------------- next part -------------- An HTML attachment was scrubbed... URL: https://attrition.org/mailman/private/infowarrior/attachments/20100103/04c827b0/attachment.html From rforno at infowarrior.org Mon Jan 4 04:02:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Jan 2010 23:02:02 -0500 Subject: [Infowarrior] - Infamous TSA agent loses notebook Message-ID: <766C8C07-C891-42FE-BB20-094F8B7B42F8@infowarrior.org> http://www.flightglobal.com/blogs/runway-girl/2010/01/exclusive-tsa-agents-notebook.html What would you say if I told you that one of the federal agents who ventured to travel writer Steven Frischling's house to issue a subpoena and search his electronic equipment for the source of the agency's leaked security directive (SD) also happened to leave his notebook lying in a public place? Would you define such a misstep as complete ineptitude? Would you wonder how the agency protects the information it gleans from other - more important - investigations (you know, ones involving threats against our nation)? A source with knowledge of the situation tells me that one of the two agents tasked with discovering the source of the SD leak left his notebook in a public area. A TSA spokesperson could not be immediately reached for comment. From rforno at infowarrior.org Mon Jan 4 14:33:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jan 2010 09:33:22 -0500 Subject: [Infowarrior] - A better no-fly list Message-ID: A better no-fly list By Justin Florence Monday, January 4, 2010; A13 http://www.washingtonpost.com/wp-dyn/content/article/2010/01/03/AR2010010301811_pf.html In the wake of embarrassing stories a few years ago about members of Congress and babies appearing on the "no-fly" list, the government reduced the number of names drawing extra scrutiny at airports. Federal officials are right to worry about the civil-liberties ramifications of the no-fly list, but the facts surrounding the attempted attack on Northwest Airlines Flight 253 underscore that the wrong approach has been taken. Rather than simply reducing the number of names on the no-fly list or raising the bar for a name to be listed, the government should make it easier for wrongly listed travelers to clear their names. One of the lessons of Sept. 11, 2001, reaffirmed last month, is that it is difficult to keep dangerous items off planes. Watch lists will never replace metal detectors, but they may stop some people who would destroy planes with box cutters or liquid explosives. The no-fly list itself targets potentially dangerous people without the use of racial or religious profiling, and improving it does not require expensive scanning equipment or the hiring of additional screeners. The problem with the no-fly list is not its size but that some individuals appear on it because they share the name of a dangerous person or as a result of bureaucratic accident or thinly sourced and inaccurate intelligence tips. Rather than require the government to be nearly certain that an individual is an actual security threat before initially listing him or her -- and running the risk that the truly dangerous will be left unlisted -- it would make more sense to facilitate the removal of wrongly listed people. To begin, travelers should have a way to determine in advance of a flight whether their names are on the list. That way they won't be surprised when they show up at the airport and are forced to miss a flight. Of course we don't want to have a Web site where people can check their names; that would make it too easy for terrorists to check false identities against the list until they find one that works. A better approach would be to create a system where people can check -- in person -- whether they are on the list. Locations for such checks could be airport security offices, U.S. embassies or other federal buildings. Truly dangerous people are unlikely to identify themselves to security officials to ask whether they are on the list; if they do, they can be questioned or arrested. But people who should not be on the list would have the chance to clear their names before enduring delays or missing flights. For individuals listed by accident or because they share a dangerous person's name, the Transportation Security Administration's ombudsman system could simply update the federal watch list (with more specific identifying data such as date of birth, if necessary). The bigger challenge is people who may well be dangerous but for whom the intelligence community has only a single, classified red flag, perhaps a warning from a concerned parent or intelligence asset. The question becomes whether that tip is an indication of real danger or the result of undue suspicion. To resolve these difficult cases, listed individuals should be given the right to request an administrative hearing. If the government is concerned that sharing secret evidence might reveal intelligence sources and methods, it should provide these individuals with an attorney who has security clearance. These lawyers can review the evidence, clear up confusion and present the individual's best case. (Providing representation would help compensate people for the inconvenience of an erroneous listing.) It is hard to imagine that actual terrorists would request such a hearing to attempt to remove their names from the list. If they did, the government would be able to learn more about them and would be in a position to arrest them when appropriate. But it should not be difficult for innocent people to clear their names with the help of an attorney who has access to secret evidence. Because Umar Farouk Abdulmutallab was listed in a government database but was not on the no-fly list, some have suggested making the revocation of travel privileges more automatic. We should know more soon about where our system broke down and why the warnings from Abdulmutallab's father did not result in greater scrutiny. But whether or not the government expands the no-fly list, federal officials should incorporate ways for wrongly listed travelers to clear their names. This would help the no-fly list keep dangerous people out of our aviation system with minimal inconvenience to the rest of us. The writer is an attorney at a Washington law firm and a fellow at the Georgetown Center on National Security and the Law. He has previously published in the Yale Law Journal on the constitutionality of the no- fly list. From rforno at infowarrior.org Mon Jan 4 15:12:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jan 2010 10:12:18 -0500 Subject: [Infowarrior] - Fwd: DataLossDB Winter Fundraiser References: <26fc42fe1001040708n656a66d9gc80c96ac34fc4300@mail.gmail.com> Message-ID: Begin forwarded message: > From: David Shettler > Date: January 4, 2010 10:08:09 AM EST > > Good morning all. The Open Security Foundation is pleased to > announce that we're kicking off our first public fundraiser. > > The goal is to raise $9500 this quarter. The funds will go to > supporting development of the site over the next few months, as well > as ongoing maintenance, Freedom of Information Act requests, and other > ongoing costs. > > We support Paypal (which accepts all major credit cards) for one-time > and recurring donations. We'd love to see recurring donations. A > gift of $10/month (or even $5 a month) can go a long way! > > Please help us reach our goal and help us continue to build and > enhance the project. You can donate via the link below, and also > read about where your support dollars go. > > http://opensecurityfoundation.org/projects/2-DATALOSSDB > > All donations are made to the Open Security Foundation, a 501(c)(3) > organization. Donations are tax-deductible. > > We also have a similar campaign going for our sister project, the Open > Source Vulnerability Database (OSVDB): > > http://opensecurityfoundation.org/projects/1-OSVDB > > As always, thank you for your support, > > The Open Security Foundation Team > _______________________________________________ > Dataloss Mailing List (dataloss at datalossdb.org) > Archived at http://seclists.org/dataloss/ From rforno at infowarrior.org Mon Jan 4 20:29:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jan 2010 15:29:08 -0500 Subject: [Infowarrior] - TSA tries to assuage privacy concerns about full-body scans Message-ID: <94F94F90-43F1-4C0D-B7C6-D82A59D66496@infowarrior.org> TSA tries to assuage privacy concerns about full-body scans By Philip Rucker Washington Post Staff Writer Monday, January 4, 2010; A03 http://www.washingtonpost.com/wp-dyn/content/article/2010/01/03/AR2010010301826_pf.html# It has come to this. Already shoeless, beltless and waterless, more beleaguered air passengers will be holding their legs apart, raising their arms and effectively baring it all as they pass through U.S. airport security checkpoints. Add the "full-body scan" to the list of indignities that some travelers are confronting in the post-Sept. 11, 2001, era of vigilance. Federal authorities, working to close security gaps exposed by the thwarted Christmas Day terrorist attack on a Detroit-bound airliner, are multiplying the number of imaging machines at the nation's biggest airports. The devices scan passengers' bodies and produce X-ray-like images that can reveal objects concealed beneath clothes. Forty units are in use at 19 airports, including Reagan National and Baltimore-Washington International Marshall airports. The Transportation Security Administration said it has ordered 150 more scanners to be installed early this year and has secured funding for an additional 300. Passengers selected for a full-body scan can decline, but if they do, they must submit to full-body pat-downs by a TSA officer. The technology was introduced a couple of years ago, but U.S. airports have been slow to install the machines, partly because of privacy concerns raised by some members of Congress and civil liberties groups. Seeing passengers beset by years of an ever-evolving airport drill -- at first handing over belts, cellphones and laptops for screening, then shoes, and later, dealing with restrictions on gels and liquids -- some activists and experts are asking how much compliance is too much in the name of homeland security. "The price of liberty is too high," said Kate Hanni, who as founder of FlyersRights.org, an advocacy organization for air passengers, shuttles regularly between her California home and Washington to lobby Congress. Hanni said many of her group's 25,000 members are concerned that "the full-body scanners may not catch the criminals and will subject the rest of us to intrusive and virtual strip searches." To others, however, the scans are not so bad, and the reason is simple: They're virtual. Passengers walk through the machines fully clothed; the resulting image appears on a monitor in a separate room and conceals passengers' faces and sensitive areas. "It covers up the dirty bits," said James Carafano, a homeland security expert at the conservative Heritage Foundation. "I don't think it's any different than if you go to the beach and put on a bikini," said Brandon Macsata, who started the Association for Airline Passenger Rights. Critics talk as if the machines produce images that are "Playboy- centerfold quality," said Jon Adler, head of the Federal Law Enforcement Officers Association. "I don't consider the full-body scanners an invasion of privacy," Adler said. "I think a bomb detonating on a plane is the biggest invasion of privacy a person can experience." Dutch security officials have said that full-body scanners could have detected the explosives that suspect Umar Farouk Abdulmutallab allegedly concealed in his underwear when boarding a Northwest Airlines flight in Amsterdam. But although the city's Schiphol Airport operates more than a dozen such scanners, none was used to check the Nigerian. The Netherlands has since announced that it will require all U.S.- bound passengers to pass through full-body screenings before boarding flights. And Prime Minister Gordon Brown said Sunday that full-body scanners will be introduced in Britain's airports. Last week, the TSA launched a public relations offensive to convince passengers that its latest checkpoint innovation will make airports more secure. "It's a promising technology," spokeswoman Kristen Lee said. "It's designed to detect anomalies." The issue is almost certain to be the subject of debate when Congress reconvenes this month. The House approved a bill in the summer limiting the use of full-body scanners, but the Senate has yet to take up the matter. Critics say expanding the use of the machines is something of a knee- jerk reaction. And, experts say, explosives can go undetected even in a full-body screening if potential terrorists conceal them in body cavities. "It's definitely not a silver bullet," Carafano said. "There's a way to beat it. It's called a 'booty bomb,' where you actually insert the explosive inside the human being and then you detonate the explosive with a cellphone." The TSA has tried to assuage privacy concerns by saying that the digital images produced by the machines would be deleted after passengers clear checkpoints. But critics are not reassured. "TSA has said, 'Trust us, we've put the switch to the "off" position,' " said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "But it's not difficult to imagine a scenario where they might decide to put the switch to the 'on' position." Such concerns are spreading quickly among networks of frequent fliers. Hanni said many of her group's members, particularly women, are "frantic" about the devices. Some women do not want the shape of their naked bodies seen by others. As for Hanni, she said: "I don't mind." "I'm from California. I grew up in a family that doesn't have any particular issues with nudity, so I really don't care if anybody sees the outline of my body," Hanni said. "I've got nothing to hide." From rforno at infowarrior.org Mon Jan 4 20:43:04 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jan 2010 15:43:04 -0500 Subject: [Infowarrior] - Vatican admits what we don't about security Message-ID: <143066D0-7B6F-4B05-981C-98D11AC00F58@infowarrior.org> It's nice to see SOMEONE coming out and saying that enacting Total Security is a fantasy. Unfortunately, here in the USA we say the same thing, but our practices indicate our belief is to the otherwise...we keep trying to 'raise the bar' in our quest to reach Total Security. --rf Vatican admits pontiff vulnerable http://news.bbc.co.uk/2/hi/europe/8430621.stm The Vatican has said it is impossible to protect the Pope from incidents like that on Thursday night, when a woman grabbed him at Christmas Eve Mass. Spokesman Frederico Lombardi said the Pope was regularly surrounded by tens of thousands of people at audiences, Masses, greetings and other events. He said it was unthinkable to create a wall between the Pope and the faithful. Italian PM Silvio Berlusconi, himself recently attacked in public, warned of "hatred and extremism". The Pope was not injured when Susanna Maiolo, 25, hurled herself at him in St Peter's Basilica at the Vatican but an elderly French cardinal standing nearby, Roger Etchegaray, suffered a broken hip. The woman, who tried to throw herself at Benedict at the same Christmas Eve service one year ago, is now receiving psychiatric treatment and Mr Lombardi said he thought she would be dealt with very leniently by the Vatican. 'No hurt intended' Father Lombardi said it was not realistic to think the Vatican could ensure 100% security for the Pope and that security guards appeared to have acted as quickly as possible. ANALYSIS David Willey, BBC News, Rome The problem of providing effective security for the head of the Roman Catholic Church without cutting him off from his flock is a difficult challenge for his Vatican team of security advisers. The Pope uses a specially built armoured vehicle covered with bulletproof glass - the popemobile - at open-air audiences in St Peter's Square when the weather is fine and when he goes on tour abroad. But when he is moving about inside his own sovereign territory, Vatican City State, he walks or travels in a normal limousine. "It seems that they intervened at the earliest possible moment in a situation in which zero risk cannot be achieved," he told the Associated Press news agency. "People want to see him up close and he's pleased to see them closely too. A zero risk doesn't seem realistic in a situation in which there's a direct rapport with the people." Vatican security officials would, the spokesman added, nonetheless review the episode and "try to learn from experience". Mr Berlusconi, who is recovering from a violent attack in Milan earlier in the month, spoke to Italian TV after the attack on the Pope. "We must really fight back against all these manufacturers of lies, extremism and hatred," he said. It is still unclear what had motivated Ms Maiolo, who holds dual Swiss and Italian nationality. She told doctors she had not wanted to hurt the pontiff, Italy's La Repubblica newspaper said in a report on its online edition. The same paper quoted Cardinal Angelo Bagnasco, archbishop of Genoa and head of the Italian bishops' conference, as saying: "Nothing serious happened. It was a woman who tried to greet the Holy Father." However, French Cardinal Paul Poupard, who was with the pontiff at the time of the incident, said it had been "definitely a threat to the Pope". "With hindsight, you would say greater vigilance was needed, so those in charge of security should not let their guard drop even for a second," he added. The Pope is protected by a combination of Swiss Guards, Vatican police and Italian police. The most serious attack on a Pope in modern times was that on Benedict's predecessor, John Paul II, who was shot and seriously wounded by Turkish gunman Mehmet Ali Agca in 1981 as he rode in an open jeep in the Vatican . Full schedule Pope Benedict delivered his traditional Christmas message at the Vatican on Friday, appearing undaunted by the earlier incident. As he emerged on to the balcony overlooking St Peter's Square, some observers said the Pope seemed unsteady on his feet, but he did not waver. The German-born pontiff made no mention of the previous evening's incident during his Christmas Day message and prayers. In his sermon to the world's 1.1 billion Roman Catholics, the Pope focused on the needy and praised the work of the Church in places like the Philippines, Korea and Sri Lanka. Benedict has made it known he intends to carry out in full his schedule of engagements during the remainder of the Christmas and New Year holidays: ? He will appear at his study window overlooking St Peter's square to give his Angelus blessing to pilgrims at midday on Saturday ? After a repeat blessing on Sunday, he will attend a lunch with homeless people at a canteen run by a Catholic community in Trastevere, about 2km from the Vatican ? Next week, he will hold his customary Wednesday general audience inside the Vatican and on Thursday he will take part in a solemn end- of-year religious ceremony inside St Peter's Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/europe/8430621.stm Published: 2009/12/25 23:00:41 GMT ? BBC MMX From rforno at infowarrior.org Mon Jan 4 23:56:20 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jan 2010 18:56:20 -0500 Subject: [Infowarrior] - OpEd: The degrading effects of terrorism fears Message-ID: <735C2863-3336-4A64-B663-B0E7DDF062F7@infowarrior.org> The degrading effects of terrorism fears By Glenn Greenwald http://www.salon.com/news/opinion/glenn_greenwald/2010/01/02/fear (updated below - Update II) I never thought I'd hear myself say this, but David Brooks actually had an excellent column in yesterday's New York Times that makes several insightful and important points. Brooks documents how "childish, contemptuous and hysterical" the national reaction has been to this latest terrorist episode, egged on -- as usual -- by the always-hysterical American media. The citizenry has been trained to expect that our Powerful Daddies and Mommies in government will -- in that most cringe-inducing, child-like formulation -- Keep Us Safe. Whenever the Government fails to do so, the reaction -- just as we saw this week -- is an ugly combination of petulant, adolescent rage and increasingly unhinged cries that More Be Done to ensure that nothing bad in the world ever happens. Demands that genuinely inept government officials be held accountable are necessary and wise, but demands that political leaders ensure that we can live in womb-like Absolute Safety are delusional and destructive. Yet this is what the citizenry screams out every time something threatening happens: please, take more of our privacy away; monitor more of our communications; ban more of us from flying; engage in rituals to create the illusion of Strength; imprison more people without charges; take more and more control and power so you can Keep Us Safe. This is what inevitably happens to a citizenry that is fed a steady diet of fear and terror for years. It regresses into pure childhood. The 5-year-old laying awake in bed, frightened by monsters in the closet, who then crawls into his parents' bed to feel Protected and Safe, is the same as a citizenry planted in front of the television, petrified by endless imagery of scary Muslim monsters, who then collectively crawl to Government and demand that they take more power and control in order to keep them Protected and Safe. A citizenry drowning in fear and fixated on Safety to the exclusion of other competing values can only be degraded and depraved. John Adams, in his 1776 Thoughts on Government, put it this way: Fear is the foundation of most governments; but it is so sordid and brutal a passion, and renders men in whose breasts it predominates so stupid and miserable, that Americans will not be likely to approve of any political institution which is founded on it. As Adams noted, political leaders possess an inherent interest in maximizing fear levels, as that is what maximizes their power. For a variety of reasons, nobody aids this process more than our establishment media, motivated by their own interests in ratcheting up fear and Terrorism melodrama as high as possible. The result is a citizenry far more terrorized by our own institutions than foreign Terrorists could ever dream of achieving on their own. For that reason, a risk that is completely dwarfed by numerous others -- the risk of death from Islamic Terrorism -- dominates our discourse, paralyzes us with fear, leads us to destroy our economic security and eradicate countless lives in more and more foreign wars, and causes us to beg and plead and demand that our political leaders invade more of our privacy, seize more of our freedom, and radically alter the system of government we were supposed to have. The one thing we don't do is ask whether we ourselves are doing anything to fuel this problem and whether we should stop doing it. As Adams said: fear "renders men in whose breasts it predominates so stupid and miserable." What makes all of this most ironic is that the American Founding was predicated on exactly the opposite mindset. The Constitution is grounded in the premise that there are other values and priorities more important than mere Safety. Even though they knew that doing so would help murderers and other dangerous and vile criminals evade capture, the Framers banned the Government from searching homes without probable cause, prohibited compelled self-incrimination, double jeopardy and convictions based on hearsay, and outlawed cruel and unusual punishment. That's because certain values -- privacy, due process, limiting the potential for abuse of government power -- were more important than mere survival and safety. A central calculation of the Constitution was that we insist upon privacy, liberty and restraints on government power even when doing so means we live with less safety and a heightened risk of danger and death. And, of course, the Revolutionary War against the then-greatest empire on earth was waged by people who risked their lives and their fortunes in pursuit of liberty, precisely because there are other values that outweigh mere survival and safety. These are the calculations that are now virtually impossible to find in our political discourse. It is fear, and only fear, that predominates. No other competing values are recognized. We have Chris Matthews running around shrieking that he's scared of kung-fu- wielding Terrorists. Michael Chertoff is demanding that we stop listening to "privacy ideologues" -- i.e., that there should be no limits on Government's power to invade and monitor and scrutinize. Republican leaders have spent the decade preaching that only Government-provided Safety, not the Constitution, matters. All in response to this week's single failed terrorist attack, there are -- as always -- hysterical calls that we start more wars, initiate racial profiling, imprison innocent people indefinitely, and torture even more indiscriminately. These are the by-products of the weakness and panic and paralyzing fear that Americans have been fed in the name of Terrorism, continuously for a full decade now. Ever since I began writing in late 2005 about this fear-addicted dynamic, the point on which Brooks focused yesterday is the one I've thought most important. What matters most about this blinding fear of Terrorism is not the specific policies that are implemented as a result. Policies can always be changed. What matters most is the radical transformation of the national character of the United States. Reducing the citizenry to a frightened puddle of passivity, hysteria and a child-like expectation of Absolute Safety is irrevocable and far more consequential than any specific new laws. Fear is always the enabling force of authoritarianism: the desire to vest unlimited power in political authority in exchange for promises of protection. This is what I wrote about that back in early 2006 in How Would a Patriot Act?: The president's embrace of radical theories of presidential power threatens to change the system of government we have. But worse still, his administration's relentless, never-ending attempts to keep the nation in a state of fear can also change the kind of nation we are. This isn't exactly new: many of America's most serious historical transgressions -- the internment of Japanese-Americans, McCarthyite witch hunts, World War I censorship laws, the Alien and Sedition Act -- have been the result of fear-driven, over-reaction to external threats, not under-reaction. Fear is a degrading toxin, and there's no doubt that it has been the primary fuel over the last decade. As the events of the last week demonstrate, it continues to spread rapidly, and it produces exactly the kind of citizenry about which John Adams long ago warned. From rforno at infowarrior.org Tue Jan 5 14:50:41 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jan 2010 09:50:41 -0500 Subject: [Infowarrior] - UK: Airport scanners and child porn Message-ID: New scanners break child porn laws guardian.co.uk, Monday 4 January 2010 22.14 GMT http://www.guardian.co.uk/politics/2010/jan/04/new-scanners-child-porn-laws The rapid introduction of full body scanners at British airports threatens to breach child protection laws which ban the creation of indecent images of children, the Guardian has learned. Privacy campaigners claim the images created by the machines are so graphic they amount to "virtual strip-searching" and have called for safeguards to protect the privacy of passengers involved. Ministers now face having to exempt under 18s from the scans or face the delays of introducing new legislation to ensure airport security staff do not commit offences under child pornography laws. They also face demands from civil liberties groups for safeguards to ensure that images from the ?80,000 scanners, including those of celebrities, do not end up on the internet. The Department for Transport confirmed that the "child porn" problem was among the "legal and operational issues" now under discussion in Whitehall after Gordon Brown's announcement on Sunday that he wanted to see their "gradual" introduction at British airports. A 12-month trial at Manchester airport of scanners which reveal naked images of passengers including their genitalia and breast enlargements, only went ahead last month after under-18s were exempted. The decision followed a warning from Terri Dowty, of Action for Rights of Children, that the scanners could breach the Protection of Children Act 1978, under which it is illegal to create an indecent image or a "pseudo-image" of a child. Dowty told the Guardian she raised concerns with the Metropolitan police five years ago over plans to use similar scanners in an anti- knife campaign, and when the Department for Transport began a similar trial in 2006 on the Heathrow Express rail service from Paddington station. "They do not have the legal power to use full body scanners in this way," said Dowty, adding there was an exemption in the 1978 law to cover the "prevention and detection of crime" but the purpose had to be more specific than the "trawling exercise" now being considered. A Manchester airport spokesman said their trial had started in December, but only with passengers over 18 until the legal situation with children was clarified. So far 500 people have taken part on a voluntary basis with positive feedback from nearly all those involved. Passengers also pass through a metal detector before they can board their plane. Airport officials say the scanner image is only seen by a single security officer in a remote location before it is deleted. A Department for Transport spokesman said: "We understand the concerns expressed about privacy in relation to the deployment of body scanners. It is vital staff are properly trained and we are developing a code of practice to ensure these concerns are properly taken into account. Existing safeguards also mean those operating scanners are separated from the device, so unable to see the person to whom the image relates, and these anonymous images are deleted immediately." But Shami Chakrabarti, of Liberty, had concerns over the "instant" introduction of scanners: "Where are the government assurances that electronic strip-searching is to be used in a lawful and proportionate and sensitive manner based on rational criteria rather than racial or religious bias?" she said. Her concerns were echoed by Simon Davies of Privacy International who said he was sceptical of the privacy safeguards being used in the United States. Although the American system insists on the deletion of the images, he believed scans of celebrities or of people with unusual or freakish body profiles would prove an "irresistible pull" for some employees. The disclosures came as Downing Street insisted British intelligence information that the Detroit plane suspect tried to contact radical Islamists while a student in London was passed on to the US. Umar Farouk Abdulmutallab's name was included in a dossier of people believed to have made attempts to deal with extremists, but he was not singled out as a particular risk, Brown's spokesman said. President Barack Obama has criticised US intelligence agencies for failing to piece together information about the 23-year-old that should have stopped him boarding the flight. Brown's spokesman said "There was security information about this individual's activities and that was shared with the US authorities." From rforno at infowarrior.org Tue Jan 5 19:28:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jan 2010 14:28:22 -0500 Subject: [Infowarrior] - Apple: So what? Message-ID: What is Apple, becoming the next McDonalds? Billions and Billions of apps downloaded?? Forget the Golden Arches, we've got the Golden Deliciouses now! Yawn. -rick http://www.apple.com/pr/library/2010/01/05appstore.html ?Three billion applications downloaded in less than 18 months?this is like nothing we?ve ever seen before,? said Steve Jobs, Apple?s CEO. ?The revolutionary App Store offers iPhone and iPod touch users an experience unlike anything else available on other mobile devices, and we see no signs of the competition catching up anytime soon.? From rforno at infowarrior.org Tue Jan 5 20:48:49 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jan 2010 15:48:49 -0500 Subject: [Infowarrior] - Sony Won't Support Its Own Movie For An Oscar Message-ID: Sony Won't Support Its Own Movie For An Oscar Over Misplaced Piracy Fears from the that-evil-internet-again dept http://techdirt.com/articles/20091231/1109367563.shtml One of Jack Valenti's final battles while still in charge of the MPAA was his silly, misguided war on DVD screeners. Screeners are copies of the movie (on DVD, obviously) that are sent out to people to view (to "screen") for awards shows and the like. Valenti freaked out that since these screeners went out before the official DVDs were out, they would lead to people uploading them online, creating a piracy problem. Of course, that assumed two incorrect things: that those movies weren't already online and that adding one more copy would create any sort of "problem." Valenti lost his initial battle to forbid studios from sending out DVD screeners, but what came next were a series of convoluted attempts to stop "piracy" via the screeners -- including sending DVDs that could only play in special players. Two years ago, studios finally realized how ridiculous and cumbersome this process was, so it dropped the special DVD player requirement, and instead went with a watermarking option. But that's crazy expensive. Each DVD screener now needs to be individually watermarked and tracked. Given that, it seems that some studios are simply deciding not to support certain movies for the Academy Awards. johnjac points us to the news that folks involved with the movie Moon are pissed off that Sony won't send out DVD screeners for the movie, as they were hoping that actor Sam Rockwell might get an Oscar nod for his part in the movie. Sony claims that it's just too expensive to do the watermarking. It's really no surprise that this comes from Sony Pictures, whose CEO, Michael Lynton, is on record as saying that nothing good has come from the internet, and then when questioned on that statement, stands by it. So I guess that Lynton doesn't use the internet, or he would know, as pointed out in the Slashfilm link above, that perfectly good copies of the movie -- sans watermark -- are already widely available for download. In other words, there's no reason whatsoever to waste money watermarking the DVDs. It won't make a difference. Yet, because of Lynton and his crew's misguided fears, Sony Pictures won't support this particular movie. From rforno at infowarrior.org Wed Jan 6 03:17:49 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jan 2010 22:17:49 -0500 Subject: [Infowarrior] - Cameras Didn't Work At Newark Message-ID: <9905CE3E-FD91-40A6-894B-8B3F4D21FD5F@infowarrior.org> Jan 5, 2010 10:03 pm US/Eastern Comedy Of Errors: Cameras Didn't Work At Newark http://wcbstv.com/local/newark.airport.continental.2.1407062.html It's a tale of shocking ineptitude: CBS 2 has learned a series of missteps unnecessarily added to the mayhem at Newark Liberty International Airport on Sunday. The six-hour delay stranded thousands of people, creating extreme crowding and chaos. The mistakes made at the airport give new meaning to the term "domino effect." It was a cascading series of missteps that cry out for action. The sign at the Transportation Security Administration screening post at Newark read: "Premises Under Constant Video Surveillance." What is should add is: "If We're Lucky." That's because CBS 2 has learned that when an unidentified man breached a secure area at Newark on Sunday night, delaying thousands of passengers for hours, the TSA cameras weren't working. That's right ? they weren't even recording, sources said, and needed a reboot, which the agency apparently didn't ask for. That set off a chain reaction of even more missteps that caused needless chaos and inconvenience for several thousand hapless passengers. With the cameras inoperable, the TSA tried to get a second set of surveillance video from Continental Airlines. But the TSA apparently didn't know the correct telephone number and the specific procedures to get the footage. That caused a two hour delay in identifying the intruder and closing the airport to look for him. When they finally got the footage, they couldn't find the intruder, discovering later that he had slipped out another entrance 20 minutes after he arrived. "The question I would ask is should there be an independent camera system there. Who should be responsible for the law enforcement?" said Sen. Frank Lautenberg. Lautenberg is furious about what happened and he's going to hold hearings to demand answers. "You cannot afford a mistake here anymore than a surgeon in the operating room," he said. "This system was broken." But that's not all. The Edwardes family of Ontario, Canada may have felt the worst of the domino effect. They were finally flying home on Tuesday after being stranded since Sunday. For them, a 90 minute layover to change planes from San Diego to Ontario turned into a two- and-a-half day delay. "We were a minute away from boarding," said Terri Edwardes. "We just want to go home." The family was left to wait for hours and hours with no water, no food, no information about whether their plane would take off, and no hotel. So what did they get from Continental? "They gave us one of these packages with a toothpaste, and a toothbrush, and hairspray in it. And deodorant," said Jake Edwardes. Needless to say, there is a lot of blame, and a lot of finger pointing. But as of now, if it were to happen again, there's no guarantee it would be handled smoothly. From rforno at infowarrior.org Wed Jan 6 03:24:20 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jan 2010 22:24:20 -0500 Subject: [Infowarrior] - Best Buy Optimization Scam Message-ID: Best Buy Optimization Is A Big Stupid Annoying Waste Of Money By Meg Marco on January 4, 2010 8:28 AM 59166 views This "warning" appears on a Geek Squad sales info folder. Over the past year, a number of you have been telling us that, due to "pre-optimization" of computers, it's difficult -- sometimes impossible -- to walk into a Best Buy and leave with the advertised deal (in effect, you would be paying a $39.99 surcharge over the computer's advertised price). We decided to look into your complaints. We sent the Consumer Reports secret shoppers to 18 different Best Buys in 11 states, and one of our shoppers was denied the price advertised for a specific model because only pre-optimized computers were available. When the Consumer Reports engineers compared three "optimized" computers to ones with default factory settings, there was no performance improvement. In one case, an optimized laptop actually performed 32% worse than the factory model. < big snip > http://consumerist.com/2010/01/consumerist-investigation-best-buy-optimization-is-a-big-stupid-annoying-waste-of-money.html From rforno at infowarrior.org Wed Jan 6 04:15:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jan 2010 23:15:32 -0500 Subject: [Infowarrior] - FTC set to examine cloud computing Message-ID: <27CBEBB8-AC93-4BB9-9CB2-4DDAF85B6F4A@infowarrior.org> FTC set to examine cloud computing By Kim Hart - 01/04/10 01:49 PM ET http://thehill.com/blogs/hillicon-valley/technology/74209-ftc-examining-cloud-computing The Federal Trade Commission (FTC) is investigating the privacy and security implications of cloud computing, according to a recent filing with the Federal Communications Commission. The FTC, which shares jurisdiction over broadband issues, says it recognizes the potential cost-savings cloud computing can provide. "However, the storage of data on remote computers may also raise privacy and security concerns for consumers," wrote David Vladeck, who helms the FTC's Consumer Protection Bureau. "For example, the ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities not originally intended or understood by consumers," the filing says. The FTC is also looking at identity management systems ? i.e., how people authenticate their identities when logging into websites ? and how they can better protect citizens' privacy. Both examinations are part of a "broader initiative" to investigate various models for privacy. The agency is holding a roundtable Jan. 28 to focus on privacy protections. It will include specific discussions about cloud computing, identity management, mobile computing and social networking. SearchCloudComputing.com wrote in this post that cloud computing will continue to spread in 2010, but its growth will be relatively incremental. Security continues to be a concern with the technology. From rforno at infowarrior.org Wed Jan 6 14:14:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jan 2010 09:14:14 -0500 Subject: [Infowarrior] - Understanding privacy in the age of Facebook Message-ID: <69B3639F-52F6-4022-BAA0-78212B2EA86E@infowarrior.org> First Monday, Volume 15, Number 1 - 4 January 2010 Home > Volume 15, Number 1 - 4 January 2010 > Raynes-Goldie Aliases, creeping, and wall cleaning: Understanding privacy in the age of Facebook by Kate Raynes-Goldie This paper explores how 20?something Facebook users understand and navigate privacy concerns. Based on a year?long ethnographic study in Toronto, Canada, this paper looks at how ? contrary to many mainstream accounts ? younger users do indeed care about protecting and controlling their personal information. However, their concerns revolve around what I call social privacy, rather than the more conventional institutional privacy. This paper also examines the somewhat subversive practices which users engaged in to enhance their own social privacy, and in some cases, violate that of others. Finally, this paper examines some of the reasons that users may continue using the site, despite privacy concerns. http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2775/2432 From rforno at infowarrior.org Wed Jan 6 14:32:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jan 2010 09:32:38 -0500 Subject: [Infowarrior] - OT: Dem Senators resigning Message-ID: (off-topic but relevant I think. -rf) Top Democrats head for the exits By: Manu Raju and Josh Kraushaar January 6, 2010 04:17 AM EST http://dyn.politico.com/printstory.cfm?uuid=01DFC7F5-18FE-70B2-A8F03C3E0E8C765A The grim outlook for Democrats in the 2010 midterm elections just got a little worse. Four top Democrats?including veteran Sens. Chris Dodd and Byron Dorgan? all prepared to pull the plug on their campaigns in a 24-hour period that began Tuesday, and in the process, offered an unnerving glimpse at the perilous election year ahead. With Dorgan?s stunning retirement announcement Tuesday evening, Democrats are now facing their bleakest election outlook in years?and the very real possibility the party will lose its 60-40 Senate supermajority after the November elections. On the House side, the prospect of heavy 20-30 seat losses is already looking increasingly likely. ?It?s not good news for Democrats,? said Roy Temple, a Democratic strategist. ?The reality is this is going to be challenging year, and this is an additional challenge you would prefer not to have. Because of the success of the last two cycles, there are a lot of seats to defend. This is just an additional complication.? Dorgan?s announcement was accompanied Tuesday by Michigan Democratic Lt. Gov. John Cherry?s decision to end his floundering bid for governor, and by the revelation that both Dodd and Colorado Gov. Bill Ritter would announce Wednesday that they would not seek reelection. There is some silver lining in the Democratic cloud: Ritter, Cherry and Dodd were all struggling to gain traction and their departures could actually increase Democratic chances of holding those offices. Several top-tier prospects immediately surfaced in Colorado as potential Democratic candidates for governor. In Connecticut, Democrats expect that state Attorney General Richard Blumenthal will run in Dodd?s place, providing them with a stronger nominee than the embattled five-term senator. Yet the retirements of two senior Democratic senators, and the suddenly altered landscapes in Michigan and Colorado, continue a wave of Democratic bail outs that began with a burst of retirements by veteran House Democrats representing competitive districts, followed by the stunning late December party switch by freshman Alabama Rep. Parker Griffith. In the meantime, President Obama?s and the Democratic Party?s poll ratings have slipped across the board, generic polling is now generally more favorable to Republicans and a handful of promising Democratic House candidates have abruptly ended their campaigns. Suddenly, the sad sack GOP is looking at its best shot in three election cycles of making serious gains in November. ?Sen. Dorgan?s retirement coupled with the recent spate of retirements by House Democrats show the national mood is swinging against them,? said Carl Forti, a GOP strategist. ?With [Sen. Blanche] Lincoln and others in a precarious position, Democrats will have to thread the needle to get back to 60 seats.? In Dorgan?s case, Republicans now have a very strong chance at picking up his seat in Republican-oriented North Dakota, a state which Barack Obama lost by eight points in 2008 and John Kerry lost by 27 points in 2004. Dorgan said his decision had nothing to do with his re-election campaign, where he had yet to face stiff competition ? though the popular GOP Gov. John Hoeven could have possibly jumped into the race and forced the senator to wage a fierce campaign. In the wake of Dorgan's announcement, North Dakota GOP Chair Gary Emineth told POLITICO that he believes Hoeven is likely to run now. In a memo to staff and later to the press, Dorgan said that he came to his decision over the holiday season and wanted to pursue interests outside of politics, including writing two more books, working on energy policy and teaching. ?[M]y decision has no relationship to the prospect of a difficult election contest this year,? Dorgan said. ?Frankly, I think if I had decided to run for another term in the Senate I would be reelected.? Still, his decision forces Democrats to defend yet another open seat in addition to Delaware and Illinois?two states where Democrats typically run up the score but where the GOP is poised to run competitive candidates this year. And it comes in a year in which Democratic incumbents including Majority Leader Harry Reid, Sen. Arlen Specter, appointed Sen. Michael Bennet and Lincoln are battling weak polling numbers. ?Remember the old Tareyton cigarette slogan? ?I'd rather fight than switch??? said Alex Castellanos, who advises the Republican National Committee. ?Now that the Democrats are expected to drop under 60, we will probably see other retirements as Democrats decide they would retire than fight.? Despite the souring outlook, Democrats are hopeful about their chances in five of the six states where Senate Republicans have their own retirement-related problems? Ohio, New Hampshire, Missouri, Florida and Kentucky. They envision a scenario where the economy will yield job growth heading into the midterms, and expect that public perception of the party will brighten if Congress gives final approval to the Democrats? sweeping health care bill and approves other measures on the ambitious agenda. Some Democrats give little credence to the retirements, noting that they have no broader meaning other than the fact that individual lawmakers chose not to run for reelection. ?These guys quit sometimes,? said Jim Jordan, a Democratic strategist. The timing?the first week of the new year?and the locales of the retirements makes them hard to dismiss as isolated incidents, however. In Colorado, the epicenter of the recent Democratic resurgence in the interior west, it is telling that Ritter, a 53-year-old former Denver prosecutor who cruised to victory in 2006, would unexpectedly pull down the curtain on a promising career and that Bennet, the senator he appointed to a vacant Senate seat, would be in jeopardy of losing it. In Michigan, a state battered by job losses but still a reliable Democratic bulwark in state and federal races in recent years, the heir apparent to two-term Democratic Gov. Jennifer Granholm is similarly quitting before even starting, unable to raise money or get out from under the shadow of what has become a deeply unpopular administration. And back in Washington, Democrats were all but blindsided by Dorgan?s decision to retire rather than seek a fourth term in a seat that only he may be able to hold. Neither the Senate majority leader nor the White House even had a statement prepared. Compounding the problem for Democrats?and spreading the pain to all three Democratic campaign committees Tuesday?the one Democrat who may be able to hold Dorgan?s seat is Rep. Earl Pomeroy. But if he vacates North Dakota?s at-large seat, that would create another problem: Republicans would be positioned for another House pick-up. Discuss this story in The Arena. From rforno at infowarrior.org Wed Jan 6 14:58:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jan 2010 09:58:30 -0500 Subject: [Infowarrior] - How Apple Does Controlled Leaks Message-ID: <6FC895F9-9255-4350-9F45-66926DA253EB@infowarrior.org> How Apple Does Controlled Leaks January 5th, 2010 at 1:22 PM - by John Martellaro http://www.macobserver.com/tmo/article/how_apple_does_controlled_leaks/ Monday's article at the Wall Street Journal, which provided confirmation of an Apple tablet device, had all the earmarks of a controlled leak. Here's how Apple does it. Often Apple has a need to let information out, unofficially. The company has been doing that for years, and it helps preserve Apple's consistent, official reputation for never talking about unreleased products. I know, because when I was a Senior Marketing Manager at Apple, I was instructed to do some controlled leaks. The way it works is that a senior exec will come in and say, "We need to release this specific information. John, do you have a trusted friend at a major outlet? If so, call him/her and have a conversation. Idly mention this information and suggest that if it were published, that would be nice. No e-mails!" The communication is always done in person or on the phone. Never via e-mail. That's so that if there's ever any dispute about what transpired, there's no paper trail to contradict either party's version of the story. Both sides can maintain plausible deniability and simply claim a misunderstanding. That protects Apple and the publication. In the case of yesterday's story, Walt Mossberg was bypassed so that Mr. Mossberg would remain above the fray, above reproach. Also, two journalists at the WSJ were involved. That way, each one could point the finger at the other and claim, "I thought he told me to run with this story! Sorry." Finally, the story was posted online late Monday, eastern time, so no one could ever suggest there was any attempt to manipulate the stock market. The net result is that Apple gets the desired information published by a major Wall Street news outlet, but can always claim, if required, it was all an editorial misunderstanding. The WSJ is protected as well. __________________ Controlled leaks are almost always the solution to a problem. In this case, it could have been that Apple needed to release the tablet information early because they wanted: ? to light a fire under a recalcitrant partner ? to float the idea of the US$1,000 price point and gauge reaction ? to panic/confuse a potential competitor about whom Apple had some knowledge ? to whet analyst and observer expectations to make sure the right kind and number of people show up at the (presumed) January 26 event. Apple hates empty seats and demands SRO at these events. Of course, if Wall Street draws the right conclusions, and AAPL goes up, as it has, then everybody benefits. But the manipulation of stock is never the purpose. It's simply a favorable outcome of the process. Again, Apple is protected. That's how Apple does controlled leaks, and the WSJ article from yesterday was a classic example. From rforno at infowarrior.org Thu Jan 7 17:44:28 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2010 12:44:28 -0500 Subject: [Infowarrior] - OpEd: Terrorized by the media Message-ID: <17FE8EA2-107C-4E9E-A7B1-10DABE5F04C5@infowarrior.org> Terrorized by the media Spare us the sky-is-falling hysteria. If anything, the failed bombing shows how little we need to fear al-Qaida By Gene Lyons http://www.salon.com/news/opinion/feature/2010/01/06/failed_terror_plot/index.html No one can say how America's struggle with Islamic extremism will end, save that it won't be resolved by having Matt Damon kill Osama bin Laden in single combat. And President Obama won't yell "Get off my plane!" before tossing Khalid Sheikh Mohammed to his death. However this conflict ends, Bruce Willis will not be involved. Most Americans understand that the long battle against al-Qaida and related terrorist groups has little in common with a Hollywood plot. Or at least I hope they do. Watching excitable media personalities and the Chicken Little wing of the Republican Party doing everything possible to turn the failed Christmas airline bombing in Detroit into a combination Super Bowl-size ratings bonanza and political opportunity, however, made me wonder: Can't these jokers be serious about anything? TV news broadcasters dote upon melodrama. The fact that would-be Nigerian terrorist Umar Farouk Abdulmutallab struck on Christmas Day, one of the slowest news days of the year, sent the media into overdrive. For CNN, Fox News and the rest, the catastrophe that blessedly didn't happen spurred them to do what they do best: gather a terrific amount of information in a short time and inform us about what happened aboard Northwest Airlines Flight 253 -- and, equally important, what didn't, such as a coordinated attack by multiple terrorists. (Was I the only one who wondered whether the heroism of Dutch tourist Jasper Schuringa, who threw himself on Abdulmutallab, preventing the bomb in his pants from detonating, got relatively short shrift because he wasn't an American?) Moreover, the rapidity with which the media had gathered crucial information about the would-be terrorist only underscored the magnitude of the intelligence failure. How, in the age of Google, can the Transportation Security Administration not have an instantly searchable database containing every suspect who has come to the attention of the CIA or FBI, much less one whose father warned U.S. embassy authorities about his son's growing radicalism? Obama has demanded an answer. Congress needs to make sure Americans get one, even if that means having to endure Sen. John McCain and Holy Joe Lieberman's unique blend of smugness and solemnity for weeks at a time. However, we could all do without the sky-is-falling hysteria. If anything, Abdulmutallab's failed atrocity attempt demonstrates, once again, how little America as a nation actually has to fear from al- Qaida. Everyone reading this column is far more likely to die in an automobile accident or an influenza epidemic than at a terrorist's hands. Islamic extremists can't invade the United States or cripple its armed forces, can't heavily damage the nation's infrastructure or productive capacity, can't impair the nation's functioning nor undermine its government. All they're capable of -- and the Flight 253 episode shows them not terribly good at that -- are mass murder atrocities, the purpose of which is to terrify Americans into doing stupid things that sap our morale and damage ourselves. Things like invading Iraq, resorting to using torture, abandoning the rule of law and demanding authoritarian solutions that provide a false sense of security to people quivering with media-amplified fear. Such as Lt. Gen. Thomas McInerney's demand on (where else?) Fox News that all Muslim men between ages 18 and 28 be strip-searched before boarding airplanes. Only the cravenly politically correct, he thinks, could object. McInerney's idea sounds appropriately tough-minded for the approximately five seconds needed to realize that Muslims come in all possible shapes, sizes and colors, but without labels. Maybe we should just strip-search everybody -- ex-Pentagon officials first. A Washington Post columnist demanded an immediate end to Obama's vacation. On MSNBC, Chris Matthews worried what would happen if al- Qaida started dispatching bombers trained in martial arts. (Maybe we'll need to deploy Matt Damon's stunt double after all.) Scared witless, New York Times columnist Maureen Dowd called for Obama to muster more after-the-fact excitement, lamenting the alleged disappearance (I am not making this up) of America's "Bugs Bunny panache." Really. But the real telltale headline appeared in the Washington Post on Dec. 30: "Republicans see political opportunity in Obama response to failed airplane bomb." Dick Cheney emerged from his bunker to claim it's all the president's fault. "We are at war and when President Obama pretends we aren't, it makes us less safe," he said. "Why doesn't he want to admit we're at war? It doesn't fit with the view of the world he brought with him to the Oval Office." Of course, he's done so many times, but that's not the point. Neoconservative columnist Charles Krauthammer also discerned semantic weakness in Obama's using the term "extremists" where he'd prefer "jihadist." If not for the president's craven refusal to pronounce the Magic Words, in precisely the right order, you see, al-Qaida would no longer exist. ? 2010, Gene Lyons. Distributed by United Feature Syndicate, Inc. From rforno at infowarrior.org Thu Jan 7 18:33:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2010 13:33:01 -0500 Subject: [Infowarrior] - CounterTerrorism in Shambles Message-ID: <708F713B-54B7-4EA7-9545-8304763B948C@infowarrior.org> January 7, 2010 Why? CounterTerrorism in Shambles By RAY McGOVERN and COLEEN ROWLEY Counterpunch http://www.counterpunch.org/mcgovern01072010.html On January 5, a blogger with the PBS? NewsHour asked former CIA analyst Ray McGovern to respond to three questions regarding recent events involving the CIA, FBI, and the intelligence community in general Two other old intelligence hands were asked the identical questions, queries that are typical of what radio/TV and blogger interviewers usually think to be the right ones. So there is merit in trying to answer them directly, such as they are, and then broadening the response to address some of the core problems confronting U.S. counter- terror strategies. After drafting his answers, McGovern asked former FBI attorney/special agent Coleen Rowley, a colleague in Veteran Intelligence Professionals for Sanity (VIPS) to review his responses and add her own comments at the end. The Q & A is below: Question #1 ? What lapses in the American counter terrorism apparatus made the Christmas Day bombing plot possible? Is it inevitable that certain plots will succeed? The short answer to the second sentence is: Yes, it is inevitable that ?certain plots will succeed.? A more helpful answer would address the question as to how we might best minimize their prospects for success. And to do this, sorry to say, there is no getting around the necessity to address the root causes of terrorism or, in the vernacular, ?why they hate us.? If we don?t go beyond self-exculpatory sloganeering in attempting to answer that key question, any ?counter terrorism apparatus? is doomed to failure. Honest appraisals can tread on delicate territory, but any intelligence agency worth its salt must be willing/able to address it. Delicate? Take, for example, what Khalid Sheik Mohammed, the ?mastermind? of 9/11, said was his main motive. Here?s what the 9/11 Commission Report wrote on page 147. You will not find it reported in the Fawning Corporate Media: ?By his own account, KSM?s animus toward the United States stemmed? from his violent disagreement with U.S. foreign policy favoring Israel.? This is not the entire picture, of course. Other key factors include the post-Gulf War stationing of U.S. troops in Saudi Arabia, widely seen as defiling the holy sites of Islam. Add Washington?s propping up of dictatorial, repressive regimes in order to secure continuing access to oil and natural gas?widely (and accurately) seen as one of the main reasons for the invasion of Iraq and Afghanistan. Not to mention the Pentagon?s insatiable thirst for additional permanent (sorry, the Pentagon-preferred term is now ?enduring?) military bases in that part of the world. The writers of the 9/11 Commission Report made a stab at puncturing the myth about ?why they hate us? (and actually succeeded in giving the lie to familiar bromides like ?they? hate us for our democracy, our freedoms, our way of life, and so forth). See, for example, pp 374-376 of the Commission Report. But, you may object, I am not answering the first question posed above; I am, rather, fighting the problem. Not true. I am trying to address the right question?trying to deal with causes, not just symptoms and consequences. The first question, as posed, deals in a familiar way with symptoms of the core problem but not the core itself, and thus tends to obscure the essence of ?why they hate us.? There are over 1.2 BILLION Muslims in the world, many of whom watch nightly TV coverage of the violence resulting from U.S. military and political support for Israel (including, for example, Washington?s acquiescence in the brutal Israeli attacks on civilians in Gaza one year ago) and from U.S. actions in Iraq, Afghanistan, Pakistan, Yemen, and elsewhere. And what is the puerile approach taken by not only the politicians but also by the clueless amateurs who now lead the intelligence community: No problem, they say. Technology permits us to build a database of one billion names?.easy! Right. And how to find needles in that haystack. Easy? A database of ?only? 550,000 names did not prevent the Abdulmutallab caper, did it? Can the prevailing vacuum-up-everything-and-follow-every-lead attitude be chalked up to pure adolescent-type inexperience, innocence, incompetence? Not pure?not by a long shot. One has to ask cui bono? Who profits? It is so painfully obvious. Here, in microcosm, is an example of what Eisenhower warned of when he coined the phrase ?military-industrial complex.? Cui bono? Think the contractors who create marvelous databases?and the mindset of: the-more-contractors-and-databases-the- merrier. Think also of snake-oil salesmen like former Justice Department and Homeland Security guru Michael Chertoff, who could not resist the temptation over the past several days to keep hawking on TV the full-body scanners marketed by one of the Chertoff Group?s clients. 2 ? Has the new intelligence bureaucracy created after the Sept. 11th attacks functioned correctly? How could it be improved, or was it a good idea to create it? The creation of the post of Director of National Intelligence, the National Counterterrorism Center, and the 170,000-person Department of Homeland Security was the mother of all misguided panaceas. Bear in mind that the general election of 2004 was just a few months away when the 9/11 report was published, and lawmakers and administration functionaries desperately needed to be seen to be doing something. And, as is almost always the case in such circumstances, they made things considerably worse. The 9/11 Commissioners had been fretting over the fact that, in their words, ?No one was in charge of coordination among intelligence agencies.? That was true, but only because George Tenet much preferred to cavort with foreign potentates and thugs, than to do the job of Director of Central Intelligence (DCI). It was not a systemic problem, but one of personal irresponsibility. Ignoring that, a new systemic ?solution? was sought, and implemented, where none was needed. By law, the Director of Central Intelligence was responsible precisely for coordinating the work of the entire intelligence community, as the principal intelligence adviser to the President (National Security Act of 1947). This, indeed, was the main reason why Truman created the Central Intelligence Agency and not only put the DCI in charge of the CIA but also gave the DCI wider?and equally important intelligence community- wide responsibilities. The idea was to prevent another Pearl Harbor, where bits and pieces of intelligence lay around with the code-breakers, the Navy, the Army Air Corps, the FBI, Embassy Tokyo, the people monitoring Radio Tokyo, etc., etc. with no central place where analysts could be in receipt of and consider all the evidence. It was abundantly clear to Truman that, had there been such a place in 1941, adequate forewarning of the Japanese attack would have been a no-brainer. As for the situation obtaining in the Washington bureaucracies in mid-2004, the following personal vignette, I believe, speaks volumes: On July 22, the day the 9/11 Commission Report was issued, BBC TV had scheduled me for comment on it, just minutes after its release, at the BBC bureau in Washington. During my ten minutes before the camera I focused mostly on the curious fact that no one, no one, not one solitary soul was being held accountable! As I left the TV studio for the outer room, in walked 9/11 Commissioners Jamie Gorelick and former Senator Slade Gorton (R, Washington) to present their own commentary to BBC viewers. Gorelick went right into the studio; I took advantage of being one-on-one with Sen. Gorton. ?Sen. Gorton,? I asked, ?I don?t quite understand all this talk alleging that ?No one is in charge of the intelligence community.? You are surely aware that, by act of Congress, there is such a person, and right now that happens to be Director of Central Intelligence George Tenet.? The avuncular Gorton tiptoed up to me, put his right hand around my shoulder, and with a conspiratorial whisper said, ?Yes, Ray, Of course I know that. We all know that. But George would not take charge; he would not do what he was supposed to.? True, this was hardly news to me, but coming from a 9/11 Commissioner? I was about to respond with something like, ?So you need to create another layer, a superstructure over existing arrangements, to address that problem?? But, as it happened, just then the BBC studio door opened, Gorelick emerged, and Horton went in. Gorelick was too busy to answer the question I had posed to Horton. The new Director of National Intelligence? This position, created by the post -9/11 ?reforms,? was/is totally unnecessary?and counterproductive. This was entirely predictable. As my former CIA colleague Mel Goodman has written, the DNI superstructure has actually been very destructive of good intelligence?.in more ways than I have space to go into here. The fact that no National Intelligence Estimate has been completed on Afghanistan and Pakistan, for example, is, at this stage, unconscionable. Were Generals David Petraeus and Stanley McChrystal able to head off an NIE, lest its conclusions brand their plans for Afghanistan the ?march of folly? that it is? Ever since President Truman set up the CIA, the preparation of a National Intelligence Estimate has been de rigueur before important the President would make important decisions on foreign, and particularly military, policies. Was the new layer-laden intelligence bureaucracy unable to get its act together in time to give this customary support to the President? The National Counterterrorism Center? Also unnecessary; a benighted idea. The recent attempt by Mr. Abdulmutallab to bring down a Detroit- bound Northwest Airlines flight speaks volumes about the NCTC?s effectiveness and the kind of leadership exercised by John Brennan?a clone of George Tenet. We are told that Brennan is supposed to coordinate things at the National Security Council...or is Director of National Intelligence Admiral Blair supposed to do that??.or Panetta? ...or Janet Napolitano, Secretary of the Department of Homeland Security? ...or maybe the FBI???? Ugh. Can you tolerate still more? This just in. President Barack Obama announced Tuesday that he has appointed John Brennan to lead a ?thorough investigation? into how the people under his general aegis screwed up regarding the Abdulmutallab affair. I do not often quote Ollie North, but ?Hey, is this a great country, or what!? As for the Department of Homeland Security?just look if at what has happened to the Secret Service and to the Transportation Security Administration?not to mention FEMA and Katrina. 3 ? What one reform would you recommend that might improve information sharing among agencies working to prevent terrorist attacks? Hold accountable those responsible. More ?reform? is the last thing we need. And, sorry, but we DO have to look back. The most effective step would be to release the CIA Inspector General report on intelligence community performance prior to 9/11. That investigation was run, and its report was prepared, by an honest Inspector General, it turns out. (Interestingly, he retired almost a year ago and has not been replaced.) Actually, the Inspector General report fixed blame and named names. So it was immediately suppressed by one of those named, then-Acting DCI John McLaughlin?another Tenet-clone. McLaughin?s successors as Director, Porter Goss, Michael Hayden, and now Leon Panetta followed suit. Accountability is key. If there is no accountability, there is total freedom to screw up, and screw up royally, without any thought of possible personal consequences. Not only is it certain that we will face more terrorist attacks, but the keystone-cops nature of recent intelligence operations ?. whether in using cell phones in planning kidnappings in Italy, or in allowing suicide bombers to penetrate CIA bases in Taliban-infested eastern Afghanistan?.will continue. Not to mention the screw-up in the case of Abdulmutallab. Sadly, instead of accountability, there is likely to be misguided?and counterproductive?vengeance. After all, the word in Langley is ?seven of ours? have now been killed. Anonymous intelligence officials are already warning openly about payback! Wasn?t that the base human instinct, the same revenge factor that was played on so deftly by President George W. Bush and Vice President Dick Cheney to ?justify? invading Afghanistan?and then Iraq?right after 9/11? From Coleen Rowley: Launching PR ?wars? on terrorism, drugs, crime, poverty, etc. misleads the average person into believing that these ills can be totally conquered or eliminated. In reality, even if the experts were so enlightened/lucky as to make no mistakes and do everything right, it?s only possible to reduce the frequency of such adverse things. It is possible to make terrorist plots less likely to succeed, but it is not possible to prevent them all. It is much harder for counter-terrorist experts to prevent terrorist plots when, under the law of unintended consequences, U.S. foreign policy contributes to a marked increase in the number of potential terrorists?as it undoubtedly has. The level of terrorism in the world has increased dramatically since 9-11. So a starting place would be to find out where we are now, as compared to 2001, and to evaluate whether U.S. policies might?just possibly might?account for most of the increase. The unrealistic expectation of ?winning? a ?war? against terrorism? that is, preventing all terrorist acts?merely opens the door to crazy ?destroy-the-village-to-save-it? kinds of actions that result in squaring the error. Such actions radicalize greater and greater numbers of people and create still more ?terrorists.? Fear-based expectations also open the door to: (1) Reckless ?pre-emptive? actions based on mere guesswork, hunches, or prior agendas; (2) A penchant for fusing agencies, creating multi-agency ?centers,? and re-naming bureaucracies?all without much thought to finding out what went awry, who was responsible, holding people accountable, and fixing problems; and (3) A surge in the fast growing ?Surveillance-Security Complex,? a highly lucrative business now rivaling the Military Industrial Complex itself. ?Total Information Awareness?-type programs are a sales gimmick that brings dividends only to the contractor-creators. Projects involving billions of pieces of private communications and other data that are vacuumed up and put into newly created, massive databases of individuals are a fool?s errand. No matter how sophisticated or exotic, they are not likely to succeed in helping find needles in haystacks that are constantly being fed more hay. Not this decade, anyway. Keystone Cops and Barney Fife responses are not funny in real life. One only laughs at such travesty for psychological release. The reality is that, in real life, these truly counter-productive responses ?creatures of arrogance, ignorance, and excessive fear?are no laughing matter. No meaningful fixes are possible without accountability for mistakes or wrongdoing. Equally important, those witnessing innocent mistakes and worse problems must be able to avail themselves of some kind of job protection, should they summon enough courage to blow the whistle. Sadly, no ?whistleblower protection? now exists. Thus there is no antidote to the secrecy and job-jeopardy regularly invoked to muzzle employees who witness fraud, waste, abuse, and illegal acts. In recent years these have included heinous behavior like torture, kidnapping, and illegal eavesdropping, as well as untold amounts of misfeasance and other malfeasance that create serious threats and risks to public safety. Ray McGovern and Coleen Rowley are members of the Steering Group of Veteran Intelligence Professionals for Sanity (VIPS). Rowley, a FBI special agent for almost 24 years, was legal counsel to the FBI Field Office in Minneapolis from 1990 to 2003. She came to national attention in June 2002, when she testified before Congress about serious lapses before 9/11 that helped account for the failure to prevent the attacks. She now writes and speaks on ethical decision- making and on balancing civil liberties with the need for effective investigation. McGovern was an Army officer and CIA analyst for almost 30 year. He now serves on the Steering Group of Veteran Intelligence Professionals for Sanity. He is a contributor to Imperial Crusades: Iraq, Afghanistan and Yugoslavia, edited by Alexander Cockburn and Jeffrey St. Clair (Verso). He can be reached at: rrmcgovern at aol.com A shorter version of this article appeared at Consortiumnews.com. From rforno at infowarrior.org Thu Jan 7 20:23:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2010 15:23:01 -0500 Subject: [Infowarrior] - Schneier: Post-Underwear-Bomber Airport Security Message-ID: <1423B15F-99A0-4902-B6F0-3C273751E558@infowarrior.org> Post-Underwear-Bomber Airport Security http://www.schneier.com/blog/archives/2010/01/airport_securit_12.html In the headlong rush to "fix" security after the Underwear Bomber's unsuccessful Christmas Day attack, there's far too little discussion about what worked and what didn't, and what will and will not make us safer in the future. The security checkpoints worked. Because we screen for obvious bombs, Umar Farouk Abdulmutallab -- or, more precisely, whoever built the bomb -- had to construct a far less reliable bomb than he would have otherwise. Instead of using a timer or a plunger or a reliable detonation mechanism, as would any commercial user of PETN, he had to resort to an ad hoc and much more inefficient homebrew mechanism: one involving a syringe and 20 minutes in the lavatory and we don't know exactly what else. And it didn't work. Yes, the Amsterdam screeners allowed Abdulmutallab onto the plane with PETN sewn into his underwear, but that's not a failure either. There is no security checkpoint, run by any government anywhere in the world, designed to catch this. It isn't a new threat; it's more than a decade old. Nor is it unexpected; anyone who says otherwise simply isn't paying attention. But PETN is hard to explode, as we saw on Christmas Day. Additionally, the passengers on the airplane worked. For years I've said that exactly two things have made us safer since 9/11: reinforcing the cockpit door and convincing passengers that they need to fight back. It was the second of these that, on Christmas Day, quickly subdued Abdulmutallab after he set his pants on fire. To the extent security failed, it failed before Abdulmutallab even got to the airport. Why was he issued an American visa? Why didn't anyone follow up on his father's tip? While I'm sure there are things to be improved and fixed, remember that everything is obvious in hindsight. After the fact, it's easy to point to the bits of evidence and claim that someone should have "connected the dots." But before the fact, when there millions of dots -- some important but the vast majority unimportant -- uncovering plots is a lot harder. Despite this, the proposed fixes focus on the details of the plot rather than the broad threat. We're going to install full-body scanners, even though there are lots of ways to hide PETN -- stuff it in a body cavity, spread it thin on a garment -- from the machines. We're going to profile people traveling from 14 countries, even though it's easy for a terrorist to travel from a different country. Seating requirements for the last hour of flight were the most ridiculous example. The problem with all these measures is that they're only effective if we guess the plot correctly. Defending against a particular tactic or target makes sense if tactics and targets are few. But there are hundreds of tactics and millions of targets, so all these measures will do is force the terrorists to make a minor modification to their plot. It's magical thinking: If we defend against what the terrorists did last time, we'll somehow defend against what they do one time. Of course this doesn't work. We take away guns and bombs, so the terrorists use box cutters. We take away box cutters and corkscrews, and the terrorists hide explosives in their shoes. We screen shoes, they use liquids. We limit liquids, they sew PETN into their underwear. We implement full-body scanners, and they're going to do something else. This is a stupid game; we should stop playing it. But we can't help it. As a species we're hardwired to fear specific stories -- terrorists with PETN underwear, terrorists on subways, terrorists with crop dusters -- and we want to feel secure against those stories. So we implement security theater against the stories, while ignoring the broad threats. What we need is security that's effective even if we can't guess the next plot: intelligence, investigation and emergency response. Our foiling of the liquid bombers demonstrates this. They were arrested in London, before they got to the airport. It didn't matter if they were using liquids -- which they chose precisely because we weren't screening for them -- or solids or powders. It didn't matter if they were targeting airplanes or shopping malls or crowded movie theaters. They were arrested, and the plot was foiled. That's effective security. Finally, we need to be indomitable. The real security failure on Christmas Day was in our reaction. We're reacting out of fear, wasting money on the story rather than securing ourselves against the threat. Abdulmutallab succeeded in causing terror even though his attack failed. If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed. From rforno at infowarrior.org Thu Jan 7 20:31:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2010 15:31:15 -0500 Subject: [Infowarrior] - Breaking Up in a Digital Fishbowl Message-ID: <8AAF5E2A-1638-4AA8-8AFB-45AF4D09CD55@infowarrior.org> January 7, 2010 Breaking Up in a Digital Fishbowl By LAURA M. HOLSON http://www.nytimes.com/2010/01/07/fashion/07breakup.html?pagewanted=print THERE is a scene in the movie ?He?s Just Not That Into You? in which Mary, played by Drew Barrymore, laments the numerous technological ways she is being rebuffed by a potential beau. E-mail. Text messages. MySpace. ?It?s exhausting,? she complains. Well, Mary, it?s even worse after the relationship. Ask Kashmir Hill, who was stung one day when she logged into a former boyfriend?s e-mail account ? they had agreed to share passwords ? and read a note he sent his mother explaining why he was no longer in love. The couple shared an online bank account and, for months after the breakup, Ms. Hill pored over the balance as it dwindled to $10. She cried when she finally closed the account. ?It?s enough to get rejected in real life,? said Ms. Hill, 28, who blogs about legal issues and lives in New York. ?But does it have to happen so often in my online world too? It makes me want to keep my digital life separate in future relationships, whomever they are with.? A new dating order has emerged in the era of social media. Couples who used to see each other?s friends only at parties now enjoy 24-hour access to their beloved?s confidants thanks to Facebook. Sharing passwords to e-mail accounts, bank accounts and photo-sharing sites is the new currency of intimacy. And courtship ? however brief or intense ? is wantonly scrutinized by the whole world on Twitter, Tumblr and Facebook. As a result, the idea of what it means to break up is also being redefined. Where once a spurned lover could use scissors (literally) to cut an ex out of the picture, digital images of the smiling couple in happier days abound on the Web and are difficult to delete. Status updates and tweets have a way of wending their way back to scorned exes, thanks to the interconnectedness of social media. And breakups, awkward and drawn-out in person, are even more so online as details are parsed by the curious, their faces pressed against the digital glass. ?When you make a decision to be with a person in cyberspace you are making a commitment to their network of friends and acquaintances,? said Liz Perle, a co-founder of Common Sense Media, a nonprofit watchdog group that studies families and media. ?People have so many online strings that bind them that cutting one does not sever the relationship. There are always more.? One byproduct of the digital revolution is that trust is being assigned new meaning. According to the Internet and American Life Project at the Pew Research Center, one in five teenagers polled shares online passwords as a way to build trust and foster romance. Grown-ups, explained Lee Rainie, the project?s director, are exhibiting similar behavior. And it is not just women affected by changing rules of digital etiquette, but men too. (Several men contacted for this article declined to discuss their breakups publicly.) Some family law practitioners say they are grappling with the complexities of online entanglements in real-world divorce. Randall Kessler, a lawyer in Atlanta, said he advises divorcing clients to change their passwords, stop posting on social networking sites, acquire a new e-mail address, and secure or make copies of whatever is posted about them online. Users, of course, control what they post on private accounts. Where it gets tricky, though, is when photos, videos and comments have been forwarded, retweeted or reposted to friends? accounts or on public Web sites. ?There are whole new rules of digital etiquette we are going to have to figure out,? Mr. Rainie said. ?Right now, we don?t have the tools. That makes it very confusing for most people.? Sam Altman, the chief executive of Loopt, a mobile tracking service that allows users to monitor friends? locations using the G.P.S. software on their cellphones, said he was seeing social mores shift firsthand. About 20 percent of Loopt?s users are couples who buy the service to keep track of each other?s whereabouts. But in the past six months, there has been an increase in the number of customers who use fake locations as a decoy so a person doesn?t know where they are, Mr. Altman said, a service that Loopt offers. He explained that some of those customers have broken up and now want privacy. At the same time, they don?t want to offend an ex by overtly letting them know they have been blocked. ?People who break up always want to change their location immediately,? Mr. Altman said. At the same time, ?unless it was nasty, they don?t want rush to tell everyone they?ve split up either,? he said. ?Better to be cautious than hasty.? The reason is simple: some hope the romance will be rekindled. Similarly, closing a joint bank account or switching to ?single? status on your Facebook page suggests a permanent break. Debora Spencer, a Seattle photographer, split up this summer with a longtime boyfriend with whom she lived for four years. Like many exes, she grappled with whether to remain Facebook friends. ?At first I could not defriend him,? she said. ?It seemed so high school. I mean, I?m 50 years old.? Early in the relationship, Ms. Spencer?s partner had friended many of her Facebook pals so their networks overlapped. After the breakup, she still received his status updates and read comments he posted on her friends? walls. That made her realize that he knew everything she was doing, too. So she defriended him, hoping it would stop the flow of news. It didn?t. One friend continued to forward her ex?s status reports and comments. Another called Ms. Spencer after seeing a photograph of her former boyfriend with another woman. ?It?s not like I wanted to know this,? Ms. Spencer said. Finally, she decided to block her ex completely and asked friends to stop sending updates. ?You learn things so quickly, within minutes,? she said. ?Even if we had lived together in a small town, I don?t think I would have learned half of what I did as quickly as I did on Facebook.? Still, with any failed romance, there is always the temptation to follow up with an ex. And social networks, by design, sate hungry curiosity. Sally Che, a 25-year-old medical student at George Washington University, ended a possible romance three years ago after the man started dating a former girlfriend. (Ms. Che learned about the affair in a status update on his Facebook page.) She hasn?t spoken to him in years and has no desire to restart their relationship. Despite that, the two remain Facebook friends. And, every now and then, and against her better judgment, she said, she trolls his page seeking fresh news. ?The temptation is to look and find out what someone is up to even if it hurts,? Ms. Che said. ?People who you would never talk to again are only a click away. You see where they are traveling. You check out the picture of the new girlfriend to see if he downgraded. There is this fine line between being that crazy girl who de-tags photos and gets rid of every little thing and the one who willingly continues the charade of friendship.? ?It?s hard to figure out the middle ground,? Ms. Che said. ?The thing is you never really get out of the relationship.? Ms. Perle of Common Sense Media told the story of a friend, a Silicon Valley entrepreneur, who broke up recently. Her dilemma was different from Ms. Spencer?s: She wanted to sever ties with the man but not with his children. So she defriended him while remaining friends on Facebook with his children. Still, photographs of the couple during happier days abound online. ?These pictures travel,? said Ms. Perle, as she recently clicked through a Web slideshow of the couple. ?You have no control once they are integrated into other people?s pages.? In other words, she added, ?you cannot de-boyfriend yourself.? From rforno at infowarrior.org Thu Jan 7 20:43:25 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2010 15:43:25 -0500 Subject: [Infowarrior] - Labored Goodbye Led to NJ Airport Breach Message-ID: <2B7D6F44-5DE6-45F2-9A70-4A8AA230FCBA@infowarrior.org> Couple's Labored Goodbye Led to NJ Airport Breach By THE ASSOCIATED PRESS Published: January 7, 2010 Filed at 3:13 p.m. ET http://www.nytimes.com/aponline/2010/01/07/us/AP-US-Newark-Airport-Evacuation.html NEWARK, N.J. (AP) -- Call it the tortured airport goodbye felt around the world. A man struggling to say goodbye to a female companion took advantage of a guard's absence to sneak past a Newark Liberty International Airport security checkpoint Sunday evening, causing a terminal shutdown the delayed flights across the globe and calling into question just how secure the nation's airports really are. The couple's actions emerged in a surveillance video released Thursday by the office of Sen. Frank Lautenberg, D-N.J., who had pushed the Transportation Security Administration to release the footage. The video shows a man embracing a woman before she enters a secured, passengers-only area of the terminal. The man stations himself near an exit lane, where departing passengers pass a security guard to leave the terminal. A minute or so later, after the guard leaves his podium for several seconds, the woman comes back toward the exit and motions to the man, who ducks under the rope and walks into the passenger-only area. During the time the guard was away from his post, dozens of passengers are seen walking out through the exit lane, further obscuring the man and woman. Someone waiting for an arriving passenger notified the security officer. The security officer has been placed on administrative leave while the TSA investigates the breach. One of Newark's terminals was closed for six hours Sunday night, stranding thousands of passengers and wreaking havoc on flight schedules around the world for more than a day. During a news conference at the airport Wednesday, Lautenberg and fellow Sen. Robert Menendez and Rep. Donald Payne, also of New Jersey, criticized the TSA for the actions of the guard and for the revelation that the security camera at the checkpoint was streaming live video but wasn't recording at the time of the incident. That forced TSA officials to seek out footage from security cameras operated by Continental Airlines, which delayed the notification of law enforcement personnel on site for about an hour. Another surveillance camera showed the man leaving by a separate exit about 20 minutes after he entered. He has not been identified or located, but TSA spokeswoman Ann Davis said he would face criminal charges if he is found. Lautenberg wasn't immediately available for comment on the video Thursday, but said in a statement that ''the release of this video will give law enforcement another tool to help find the person who breached the security gate at Newark Liberty Airport. I encourage this individual or anyone with knowledge of his identity to immediately contact law enforcement.'' Davis did not immediately return a message seeking comment on the surveillance video. More Articles From rforno at infowarrior.org Thu Jan 7 20:45:52 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2010 15:45:52 -0500 Subject: [Infowarrior] - Windows 7 "Sins" Message-ID: <0274C3AB-F5F0-4A30-8EC6-8D69134069D1@infowarrior.org> Windows 7 Sins; The case against Microsoft and proprietary software http://en.windows7sins.org/ From rforno at infowarrior.org Fri Jan 8 02:01:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2010 21:01:32 -0500 Subject: [Infowarrior] - Fw: Juniper issues References: <20100108014002.GS22521@reznor.com> Message-ID: <46367DF7-2960-4E17-88BC-65A7533B80AB@infowarrior.org> Begin forwarded message: > From: aj reznor > Date: January 7, 2010 8:40:02 PM EST > > http://ptresearch.blogspot.com/2010/01/juniper-junos-remote-kernel-crash-flaw.html > > "Juniper Networks is warning customers of a critical flaw in its > gateway routers that allows attackers to crash the devices by > sending them small amounts of easily-spoofed traffic." - The > Register news. > > The JunOS kernel will crash (i.e. core) when a specifically crafted > TCP option is received on a listening TCP port. The packet cannot > be filtered with Junos's firewall filter. A router receiving this > specific TCP packet will crash and reboot. > > > One thing is highlighted are these two parts: > > "A Juniper spokeswoman said the bulletin was one of seven > security advisories the company issued under a policy designed to > prevent members of the public at large from getting details of the > vulnerabilities." > > "Because of Juniper's 'Entitled Disclosure Policy,' only our > customers and partners are allowed access to the details of the > Security Advisory," the spokeswoman wrote. > > Based on that the blogged deduced there are only 256 guesses and > provides POC. > > I just found this interesting because: > - I've not seen this anywhere else today (ok, i do live under a rock > and may have missed it) > - The "mum's the word, except for our clients and partners" part, > followed by the : > - "We said just enough to make it obvious, oops" factor. > > Blog post contains link to original Reg article, which I skipped > going to > the source this time around because I found the POC to be more > intersting than > the fact that JNPR's pants are around its ankles :) From rforno at infowarrior.org Fri Jan 8 04:06:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2010 23:06:03 -0500 Subject: [Infowarrior] - 768-bit RSA cracked Message-ID: 768-bit RSA cracked, 1024-bit safe (for now) Researchers have posted a preprint that describes their method for factoring a number used for RSA 768-bit encryption. By John Timmer | Last updated January 7, 2010 5:20 PM http://arstechnica.com/security/news/2010/01/768-bit-rsa-cracked-1024-bit-safe-for-now.ars With the increasing computing power available to even casual users, the security-conscious have had to move on to increasingly robust encryption, lest they find their information vulnerable to brute-force attacks. The latest milestone to fall is 768-bit RSA; in a paper posted on a cryptography preprint server, academic researchers have now announced that they factored one of these keys in early December. Most modern cryptography relies on single large numbers that are the product of two primes. If you know the numbers, it's relatively easy to encrypt and decrypt data; if you don't, finding the numbers by brute force is a big computational challenge. But this challenge gets easier every year as processor speed and efficiency increase, making "secure" a bit of a moving target. The paper describes how the process was done with commodity hardware, albeit lots of it. Their first step involved sieving, or identifying appropriate integers; that took the equivalent of 1,500 years on one core of a 2.2GHz Opteron; the results occupied about 5TB. Those were then uniqued and processed into a matrix; because of all the previous work, actually using the matrix to factor the RSA value only took a cluster less than half a day. Although most people aren't going to have access to these sorts of clusters, they represent a trivial amount of computing power for many organizations. As a result, the authors conclude, "The overall effort is sufficiently low that even for short- term protection of data of little value, 768-bit RSA moduli can no longer be recommended." 1024-bit values should be good for a few years still. Given that these developments are somewhat inevitable, even the authors sound a bit bored by their report. "There is nothing new to be reported for the square root step, except for the resulting factorization of RSA-768" they write. "Nevertheless, and for the record, we present some of the details." Still, they manage to have a little fun, in one place referencing a YouTube clip of a Tarantino film following their use of the term "bingo." From rforno at infowarrior.org Fri Jan 8 04:17:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jan 2010 23:17:10 -0500 Subject: [Infowarrior] - Senator Demands IP Treaty Details Message-ID: Senator Demands IP Treaty Details ? By David Kravets ? January 7, 2010 | ? 5:39 pm | ? Categories: Digital Millennium Copyright Act, intellectual property ? http://www.wired.com/threatlevel/2010/01/senator-demands-details/ That a U.S. senator must ask a federal agency to share information regarding a proposed and ?classified? international anti- counterfeiting accord the government has already disclosed is alarming. Especially when the info has been given to Hollywood, the recording industry, software makers and even some digital-rights groups. Sen. Ron Wyden (D-Oregon) is demanding that U.S. Trade Representative Ron Kirk confirm leaks surrounding the unfinished Anti-Counterfeiting Trade Agreement, being negotiated largely between the European Union and United States. Among other things, Wyden wants to know if the deal creates international guidelines that mean consumers lose internet access if they are believed to be digital copyright scofflaws. He also wants to know whether internet service providers could lose ?safe harbor? protection for failing to police their customers? digital content for copyright infringement violations. Such a move would heap copyright liability onto the ISP, and fundamentally alter U.S. copyright law. What ?legal incentives,? Wyden asked Kirk in a Wednesday letter, would ?encourage Online Service Providers (OSPs) to cooperate with copyright owners to deter the unauthorized storage or transmission of copyrighted materials.? The questions came weeks after leaked documents from the European Union suggested the United States was taking those positions on the accord?s draft internet section. Nefeterius Akeli McPherson, a Kirk spokeswoman, said in an e-mail that the office is ?looking forward to responding? to the letter that was disclosed Thursday by human-rights lobby Knowledge Ecology International. Wyden wrote that the ?objectives behind the negotiations still remain inadequately clear to the American public.? The administration has shared the secret treaty?s internet-section contents with more than three dozen individuals in the private sector, from the left and the right of the copyright debate. Those individuals include Business Software Alliance attorney Emery Simon, Google copyright czar Bill Patry and president of Public Knowledge Gigi Sohn. Lawyers for the movie studios and record labels, which stand to gain the most from the accord, were also given access. All signed confidentiality agreements with Kirk?s office. In response to a Freedom of Information Act claim from Knowledge Ecology International, Kirk?s office declined to divulge the accord?s working draft ? maintaining that the negotiating texts were ?properly classified? national security secrets. Kirk said last month that the international community would walk away from the negotiating table if the public could see the working drafts. The ACTA negotiating nations include Australia, Canada, European Union states, Japan, South Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the United States. They are to meet Jan. 25 in Mexico City. The agreement does not require congressional approval. From rforno at infowarrior.org Fri Jan 8 13:34:41 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jan 2010 08:34:41 -0500 Subject: [Infowarrior] - Google launches a utility as DOE funds data center efficiency Message-ID: <7B62081D-FCE9-4038-AD2F-D87DE4D66232@infowarrior.org> Google launches a utility as DOE funds data center efficiency With opportunities abounding in renewable power and energy efficiency, traditional IT companies are making some rather aggressive moves into this market. This week, Google announced that it will launch its own utility, while Yahoo has found a source of funds for a new data center: the Department of Energy. By John Timmer | Last updated January 7, 2010 12:33 PM http://arstechnica.com/business/news/2010/01/google-launches-a-utility-as-doe-funds-datacenter-efficiency.ars For many traditional IT companies, the lure of energy efficiency efforts is two-fold: data center costs are becoming dominated by power use, so greater efficiency will both save them money and provide them with products and services that they can sell to other companies. These efforts also fall nicely in line with the goals of the Department of Energy, which is now using some of its stimulus money to fund data center efficiency projects from companies like Alcatel- Lucent, Hewlett-Packard, IBM, and Yahoo. Meanwhile, Google has decided it needs greater control over the power coming in, and will be launching its own utility, which will focus on supplying it with renewable energy. The new DOE grants were announced on Wednesday. "By reducing energy use and energy costs for the IT and telecommunications industries, this funding will help create jobs and ensure the sector remains competitive,? stated DOE head Steven Chu. "The expected growth of these industries means that new technologies adopted today will yield benefits for many years to come." The total funding was relatively small, at $47 million, but (like many DOE-funded efforts), it will require matching money from the industry involved, which will bring the total expenditures up to over $100 million. The funding (PDF) will cover the full data center ecosystem, from facility cooling to software that helps cut the drain of idle hardware. Some of them have gone to traditional enterprise research centers. For example, IBM's Thomas J. Watson Research Center has received two awards, one for developing facility-scale liquid cooling, the other for monitoring and controlling cooling systems. Alcatel- Lucent's Bell Labs will get two as well, for developing methods to monitor network-wide traffic flows in order to optimize power use, and another for liquid cooling systems, as well. Hewlett-Packard's award will go towards the development of an integrated, modular server unit that integrates the cooling and power conversion hardware into the unit. Yahoo will get one to help it build one of its passive-cooling data centers, which it described in detail in the past. But some of the more interesting projects are going to smaller companies and the academic world. Santa Clara's SeaMicro will be testing physicalized servers with hundreds of processors that may see a 75 percent energy saving. Caltech will get money to develop software for load balancing across multiple data centers. Columbia University will be getting an award to develop technology for making better use of power once it's on the CPU; the plan is to make better use of the power the CPU receives, cutting losses by 10 percent. Google Energy Google wasn't on the DOE's award list, but the company has done extensive work to optimize the power use of its data centers and obtain renewable energy for its facilities. But the company has gone significantly beyond that, funding a variety of renewable energy technology companies via its Google.org initiative. Apparently, however, the company wants a bit more control over the power it uses, as the company has launched a subsidiary called Google Energy and applied to trade energy on the wholesale market. Essentially, the company is dissatisfied with the renewable offerings being made by its utilities, and wants to make sure it has more options available to it. Presumably, the move will ultimately allow it to buy power from some of the renewable companies that it's funding via Google.org. Right now, it's clear that these enterprise companies see lots of opportunity in the renewable and energy efficiency markets, and are scrambling to take advantage of them (creating some strange bedfellows in the process, like the Yahoo-DOE arrangement). But an interview with Bill Weihl, the Google executive who runs their green energy initiatives, highlights a danger of the current environment: it's highly dependent on the stimulus money. "At the end of 2010, when the stimulus ends, we?re going to drive off the biggest funding cliff the energy field has ever seen," Weihl said. The key question will be whether these companies have made an irreversible commitment to efficiency before we drop off that cliff. From rforno at infowarrior.org Fri Jan 8 15:17:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jan 2010 10:17:13 -0500 Subject: [Infowarrior] - Trouser-bomb clown attacks - how much should we laugh? Message-ID: Original URL: http://www.theregister.co.uk/2010/01/08/mutallab_comment/ Trouser-bomb clown attacks - how much should we laugh? Reg investigates case of the undertotally-pants bomber By Lewis Page Posted in Policing, 8th January 2010 14:37 GMT Comment As the smoke clears following the case of Umar Farouk Abdul Mutallab, the failed Christmas Day "underpants bomber" of Northwest Airlines Flight 253 fame, there are just three simple points for us Westerners to take away. First: It is completely impossible to prevent terrorists from attacking airliners. Second: This does not matter. There is no need for greater efforts on security. Third: A terrorist set fire to his own trousers, suffering eyewateringly painful burns to what Australian cricket commentators sometimes refer to as the "groinal area", and nobody seems to be laughing. What's wrong with us? We'll look at the first part to begin with. In order to destroy an airliner and kill everyone on board, one needs to do a certain amount of damage to it: a lot if it is on the ground without much fuel in it, not so much if it is fuelled up, less yet if it is flying at low altitude, and least of all if it is flying high up. Formerly there was the option of gaining access to the flight deck - perhaps using the aircraft as a weapon, as on 9/11, perhaps to carry out a hostage strategy - but those days are gone. The 9/11 hijackers have seen to it that the best and most effective ways for terrorists to employ airliners are no longer open to them. Pilots will never open flight deck doors again, no matter the threat to hostages in the cabin; passengers will not permit themselves to be dominated; armed sky marshals are back. If all these fail, following the bloodbath at Ground Zero fighter pilots will not hesitate to shoot. So the damage must nowadays be done by other means than crashing, most practically by detonating a charge of high explosives on the plane while in flight. This doesn't need to be too big, especially if the jet is at cruising height so that the explosive effects will be enhanced by depressurisation. This is why airliners are a favourite target: because a fairly small amount of explosive can potentially kill a large number of people in one go, which is not the case under most circumstances. It is an unfortunate and pretty much unavoidable fact that the necessary amount of explosives can easily be carried through any current or likely-future airport security regime, short of universal strip + cavity searches and a total ban on carry-on luggage. Let's consider, for instance, a future security check involving backscatter X-ray-through-clothes perv scans - much more effective than millimetre wave - and X-raying of carry-on bags as is already normal. There are several ways to beat this. Firstly, detonators and firing devices can be disguised within permitted electronic equipment such that they will pass through X- raying without trouble. An AA battery casing full of hexamethylenetriperoxidediamine (HMTD) - or some similar sensitive primary - with a flashbulb filament in it is almost impossible for an X-ray operator to pick out from among others, and can be triggered by the flash circuits of any camera. The difficult bit is the main charge, which needs to be a decent weight and volume of acceptably stable high explosive. But it's not that difficult. Here are just a few ideas: ? Several terrorists - only one of whom would need to go aboard the target flight - could carry permissible amounts of liquid explosives through security, combining them later in the air-side lavatories. ? Readily available plastic explosives can be rolled out into flat, uniform sheets - they can actually be bought in this form, for instance under the name "Sheetex" - and cut to shape with ease. Such sheets can easily be inserted into luggage, where they won't look noticeably different from normal cardboard or plastic structure, partitions etc under X-ray if they aren't too thick. There are many other ploys along these lines; a sensible and well-resourced terror group could probably buy an X-ray machine and develop a bag containing a charge, detonator and firing circuit which looked entirely legit under scan. ? Reasonable amounts of main charge can be carried stuffed into body cavities, undetectable by any body-scan. They would need to be removed before use in order to escape the pronounced dampening effect of the human body, and probably combined with other such payloads to get a bang sure to do the job, but again teamwork and lavatories will see to this. ? There's more scope still for the use of checked baggage. US and many other airports nowadays X-ray this (http://www.kodak.com/global/en/service/tib/tib5201.shtml ), but there are airports which don't. You can easily find out, as a terrorist organisation, routes on which a checked bag won't be X-rayed by packing some unexposed film and making some flights. Once you have identified an airport that doesn't X-ray checked bags, simply put a large time- or barometrically-triggered bomb into a suitcase and have your suicide operative check it before boarding. The list goes on - and on. Any reasonably competent terrorist organisation, with access to funds, capable technical experts and a small number of operatives able to move about the world freely can blow up airliners in flight. You wouldn't even necessarily need suicide volunteers to carry the bombs, if you were cunning: dupes might be convinced that they were smuggling drugs, money or other contraband, or IRA-style "proxy bombers" could be forced to do your bidding by seizing and threatening their families. OMG - why aren't we all already dead? Even if a security miracle occurs and the option of sneaking a bomb onto planes is somehow removed, there still exists the option of shooting planes down. Shoulder-launched homing missiles can be had in some parts of the world. From those same parts of the world, huge tides of illegal immigrants and drugs routinely move into Western nations despite all our governments' efforts to stop them. It would not be hard to move small packages like "double-digit" (SA-14, -16, maybe even -18 if available) anti-aircraft missiles along the same routes. So, assuming a well-funded, numerous, committed, competent terrorist enemy without scruples and with a broad base of support from which to draw numerous recruits, airliner attacks can't practically be prevented. Planes should be exploding every day, really: if not planes then trains, another situation where blast effects can be magnified. If neither should suit, a few men with automatic weapons can bring a city grinding to a halt fairly easily, as the residents of Mumbai will tell you. But the truth of the matter is that there is no such enemy out there. Funds are occasionally available, true; the 9/11 plotters were quite well-backed, and even if a terrorist group has no access to oil or gas revenues there may be the option of dealing in heroin as the Taliban do. (Note that all of these sources of money ultimately come from us.) But people who are willing to kill innocents en masse as a primary goal are fairly rare birds. In Afghanistan you can easily hire large numbers of men for quite small sums of money to do fantastically dangerous things like taking on the British and American armed forces in open combat; some will even cover their own expenses, and a fair few will happily mount a suicide strike against Western troops. In general, just like the Western troops themselves in many instances, these fighting men are quite willing to accept a lot of collateral damage to local people as a cost of doing their main business. But an awful lot of them would no more intentionally blow up an airliner, nightclub or train full of peaceful folk, would no more open fire into a crowd of unarmed civilians, than a Western soldier would. The likelihood of such squeamishness goes up markedly when you're recruiting outside the unruly and often aggrieved warrior tribesmen of central Asia, as you'll probably have to do for operations against the West. Assembling a team of committed, loyal mass-murderers is actually very difficult, then, as such people are rare and hard to find. In fact, as we've pointed out in these pages before, the average size of potential terror cells operating in the UK and known to MI5 is ten members. This strongly suggests that five people or so is the upper safe limit before there's a strong chance of a cell having an informer in its midst or among its acquaintance. It's just about possible then that one might assemble a loyal team of five or a few more and manage to remain, if not off the security services' radar altogether - it normally turns out that successful terrorists were on file somewhere - then far enough down their list to give you some time before you get put under surveillance. "The system worked" - or more accurately, it is working. Just fine It's even remotely possible that this small, dedicated and thus unmonitored organisation may contain a few people with the technical skills or contacts to make or obtain bombs or other weapons which actually work. This is rare: more usually you'll get an embarrassing and often inadvertently-funny failure as in the cases of Richard Reid, the comically inept (http://www.theregister.co.uk/2007/07/02/terror_idiocy_outbreak/ ) UK "car bombers" of 2007, Mr Mutallab this Christmas, etc etc. Sometimes it will be 9/11, and there will be cash in good supply; sometimes it will be 7/7, and competent bomb-making will substitute for money. In neither of those cases, however, was the organisation capable enough to make an effective strike without the use of suicide tactics. Thus those two teams - two of the most serious ever seen in the West under the jihadi banner - wiped themselves out in just one operation. The Madrid bombers, another rare effective group, managed to avoid killing themselves during the operation but were subsequently caught and thus eliminated as a threat just as permanently. So, even in the rare case where an operational jihadi terror unit is small and committed enough to avoid detection and yet has resources enough to make an effective strike, it is almost always out of play after just one operation. This wasn't true with the more effective terror groups of yesteryear, like the Provisional IRA; but their recruiting/commitment issues were easier, as they had a stated policy against mass murder of civilians (and they were riddled with informers anyway). That's why planes and trains aren't blowing up every day; why people aren't opening fire into crowds every week (not even in Israel, quite a lot of the time). Because most people, even people who in all other respects you would describe as fanatical extremists, just aren't mass- murderer material - and those that are tend not to be the brightest or most competent buttons in the box*. That's why the threat of terrorism in general, and airborne terrorism in particular, has been reduced to negligible levels by the measures already in place, and no more are necessary. No, really. Don't worry about terrorism next time you take a flight. There is a very small risk, as an airline passenger, that you will die violently before you land, but it has nothing to do with terrorists. It is entirely down to the chance of an accident. Consider this, if you don't believe it. The year 2001, which saw four entire airliners destroyed with total loss of life on 9/11, was not in fact a particularly dangerous year to go flying. More airline passengers died in the year 2000; nearly as many died in 2002. Twice as many were killed flying in 1972, despite the fact that many fewer people flew back then, because airliners were far less safe. Terrorism simply isn't a visible factor in your chances of dying while flying, or indeed while doing anything else: it is insignificant, a problem that has been almost totally eliminated for Western citizens since its not-very-serious heyday in the 1970s and 80s, and you shouldn't worry about it. It would make absolutely no noticeable difference to your or my chances of violent death/injury if terrorism was eradicated overnight. "The system worked," said US Homeland Security chief Janet Napolitano shortly after the attack, and in the largest sense she was right. Terrorism, like polio, has been effectively stamped out in the developed world - had mostly been so before the Department of Homeland Security was even created, in fact, but that's by the by. Napolitano was subsequently forced into an abrupt volte-face by sectarian US politics and cretinous media-pumped fear, but she was basically right first time. The free world's counterterrorism system as it stands is working as well as anyone could reasonably ask for. In the end, the correct response to efforts like those of Mr Mutallab and his incendiary undergarments is not panic and more security, but laughter - much as one might also laugh at the idiotic bum-kamikaze (http://www.theregister.co.uk/2009/09/21/bum_bombing/ ) whose efforts, erm, backfired so messily in Saudi Arabia last summer. Mr Mutallab should go down in history not as the underpants bomber, but simply as the completely pants bomber. ? *Mutallab, quite apart from having a rubbish bomb which he should have known probably wouldn't work (he didn't study proper engineering as widely reported, but "Engineering with Business Finance") committed several other blunders. He should have tried to blow the plane up at height, not at low level; doubtless the idea was to bring the plane down into an urban area, but if Mutallab had been a real engineer he'd have known his pant-bomb needed all the help it could get from decompression. Then, he shouldn't have triggered his device such that everyone could see what he was doing and that he was responsible for it. He shouldn't have told his family he was off to become an extremist and cut off contact in the first place, which is what led to him being on various security-services lists - much good though that did. All in all, a piss-poor performance even among today's generally rubbish terrorists. Lewis Page went through a lot of quite stressful training and preparation to battle the terrorist threat before being assigned as a military bomb-disposal operator in support of the UK police from 2001-04. He has still never got over the disappointment of finding out just how incredibly rare it is, as a bomb-disposal man in mainland Britain, to encounter a terrorist/criminal bomb of any significance at all, let alone one which has not already either gone off or failed to do so. You get a special tie if you ever do encounter such a device. NB: Any terrorists reading this should be aware that an essential precaution has been left out of all the bombing plans above, without which any attack is 90 per cent or more likely to fail due to a classified security tactic in use by the UK (and presumably the US). From rforno at infowarrior.org Fri Jan 8 15:26:28 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jan 2010 10:26:28 -0500 Subject: [Infowarrior] - Where's the data breach reporting? Message-ID: <785037C4-0D6F-4C71-ACB3-15E9A4902834@infowarrior.org> Where on earth did the breach go? We've asked ourselves, we've asked others, and we've been asked by many. The simple answer is, we don't know! It could be anything, really, that has caused the dramatic decline in reported data loss incidents in 2009. Here are a few ideas: ? The decline is media related. Data breaches are 'pass?'. ? Organizations are implementing better security. ? Organizations aren't reporting incidents. ? Solar Flares None of these, with the exception of solar flares, is likely to be analyzable at first glance. But what about the first bullet? Due to a lack in expertise of space weather, we decided to dive into the Google News archives, and things became interesting. Google News' timeline feature facilitates this kind of analysis. We looked through search result totals matching the query "data breach", per month, for 72 months (2004 through 2009). We then tossed the data into a graph, added a polynomial trend-line with an order of 6, and took a deep breath. < - > http://datalossdb.org/where_did_it_go From rforno at infowarrior.org Fri Jan 8 17:08:49 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jan 2010 12:08:49 -0500 Subject: [Infowarrior] - Mind-reading systems could change air security Message-ID: Mind-reading systems could change air security Jan 8, 6:22 AM (ET) By MICHAEL TARM http://apnews.myway.com/article/20100108/D9D3HB101.html CHICAGO (AP) - A would-be terrorist tries to board a plane, bent on mass murder. As he walks through a security checkpoint, fidgeting and glancing around, a network of high-tech machines analyzes his body language and reads his mind. Screeners pull him aside. Tragedy is averted. As far-fetched as that sounds, systems that aim to get inside an evildoer's head are among the proposals floated by security experts thinking beyond the X-ray machines and metal detectors used on millions of passengers and bags each year. On Thursday, in the wake of the Christmas Day bombing attempt over Detroit, President Barack Obama called on Homeland Security and the Energy Department to develop better screening technology, warning: "In the never-ending race to protect our country, we have to stay one step ahead of a nimble adversary." The ideas that have been offered by security experts for staying one step ahead include highly sophisticated sensors, more intensive interrogations of travelers by screeners trained in human behavior, and a lifting of the U.S. prohibitions against profiling. Some of the more unusual ideas are already being tested. Some aren't being given any serious consideration. Many raise troubling questions about civil liberties. All are costly. "Regulators need to accept that the current approach is outdated," said Philip Baum, editor of the London-based magazine Aviation Security International. "It may have responded to the threats of the 1960s, but it doesn't respond to the threats of the 21st century." Here's a look at some of the ideas that could shape the future of airline security: --- MIND READERS The aim of one company that blends high technology and behavioral psychology is hinted at in its name, WeCU - as in "We See You." The system that Israeli-based WeCU Technologies has devised and is testing in Israel projects images onto airport screens, such as symbols associated with a certain terrorist group or some other image only a would-be terrorist would recognize, said company CEO Ehud Givon. The logic is that people can't help reacting, even if only subtly, to familiar images that suddenly appear in unfamiliar places. If you strolled through an airport and saw a picture of your mother, Givon explained, you couldn't help but respond. The reaction could be a darting of the eyes, an increased heartbeat, a nervous twitch or faster breathing, he said. The WeCU system would use humans to do some of the observing but would rely mostly on hidden cameras or sensors that can detect a slight rise in body temperature and heart rate. Far more sensitive devices under development that can take such measurements from a distance would be incorporated later. If the sensors picked up a suspicious reaction, the traveler could be pulled out of line for further screening. "One by one, you can screen out from the flow of people those with specific malicious intent," Givon said. Some critics have expressed horror at the approach, calling it Orwellian and akin to "brain fingerprinting." For civil libertarians, attempting to read a person's thoughts comes uncomfortably close to the future world depicted in the movie "Minority Report," where a policeman played by Tom Cruise targets people for "pre-crimes," or merely thinking about breaking the law. --- LIE DETECTORS One system being studied by Homeland Security is called the Future Attribute Screening Technology, or FAST, and works like a souped-up polygraph. It would subject people pulled aside for additional screening to a battery of tests, including scans of facial movements and pupil dilation, for signs of deception. Small platforms similar to the balancing boards used in the Nintendo Wii would help detect fidgeting. At a public demonstration of the system in Boston last year, project manager Robert Burns explained that people who harbor ill will display involuntary physiological reactions that others - such as those who are stressed out for ordinary reasons, such as being late for a plane - don't. The system could be made to work passively, scanning people as they walk through a security line, according to Burns. Field testing of the system, which will cost around $20 million to develop, could begin in 2011, The Boston Globe said in a story about the demonstration. Addressing one concern of civil libertarians, Burns said the technology would delete data after each screening. --- THE ISRAELI MODEL Some say the U.S. should take a page from Israel's book on security. At Israeli airports, widely considered the most secure in the world, travelers are subjected to probing personal questions as screeners look them straight in the eye for signs of deception. Searches are meticulous, with screeners often scrutinizing every item in a bag, unfolding socks, squeezing toothpaste and flipping through books. "All must look to Israel and learn from them. This is not a post-911 thing for them. They've been doing this since 1956," said Michael Goldberg, president of New York-based IDO Security Inc., which developed a device that can scan shoes while they are still on people's feet. Israel also employs profiling: At Ben-Gurion Airport, Jewish Israelis typically pass through smoothly, while others may be taken aside for closer interrogation or even strip searches. Another distinquishing feature of Israeli airports is that they rely on concentric security rings that start miles from terminal buildings. Rafi Ron, the former security director at Israel's famously tight Ben Gurion International Airport who now is a consultant for Boston's Logan International Airport, says U.S. airports also need to be careful not to overcommit to securing passenger entry points at airports, forgetting about the rest of the field. "Don't invest all your efforts on the front door and leave the back door open," said Ron. While many experts agree the United States could adopt some Israeli methods, few believe the overall model would work here, in part because of the sheer number of U.S. airports - more than 400, versus half a dozen in Israel. Also, the painstaking searches and interrogations would create delays that could bring U.S. air traffic to a standstill. And many Americans would find the often intrusive and intimidating Israeli approach repugnant. --- PROFILING Some argue that policies against profiling undermine security. Baum, who is also managing director of Green Light Limited, a London- based aviation security company, agrees profiling based on race and religion is counterproductive and should be avoided. But he argues that a reluctance to distinguish travelers on other grounds - such as their general appearance or their mannerisms - is not only foolhardy but dangerous. "When you see a typical family - dressed like a family, acts like a family, interacts with each other like a family ... when their passport details match - then let's get them through," he said. "Stop wasting time that would be much better spent screening the people that we've get more concerns about." U.S. authorities prohibit profiling of passengers based on ethnicity, religion or national origin. Current procedures call for travelers to be randomly pulled out of line for further screening. Scrutinizing 80-year-old grandmothers or students because they might be carrying school scissors can defy common sense, Baum said. "We need to use the human brain - which is the best technology of them all," he said. But any move to relax prohibitions against profiling in the U.S. would surely trigger fierce resistance, including legal challenges by privacy advocates. --- PRIVATIZATION What if security were left to somebody other than the federal government? Jim Harper, director of information policy studies at the Washington- based Cato Institute, a free-market-oriented think tank, says airlines should be allowed take charge of security at airports. Especially since 9/11, the trend has been toward standardizing security procedures to ensure all airports follow the best practices. But Harper argues that decentralizing the responsibility would result in a mix of approaches - thereby making it harder for terrorists to use a single template in planning attacks. "Passengers, too, prefer a uniform experience," he said. "But that's not necessarily the best security. It's better if sometimes we take your laptop out, sometimes we'll pat you down. Those are things that will really drive a terrorist batty - as if they're not batty already." Harper concedes that privatizing airport security is probably wishful thinking, and the idea has not gotten any traction. He acknowledges it would be difficult to allay fears of gaping security holes if it were left to each airline or airport owner to decide its own approach. --- AP writers Glen Johnson in Boston and Josef Federman in Jerusalem also contributed to this report. From rforno at infowarrior.org Fri Jan 8 17:20:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jan 2010 12:20:54 -0500 Subject: [Infowarrior] - Why intelligence-sharing can't always make us safer Message-ID: <177F392D-69A5-4381-AAFC-BA7539339319@infowarrior.org> Why intelligence-sharing can't always make us safer By Jennifer Sims and Bob Gallucci Friday, January 8, 2010; A19 http://www.washingtonpost.com/wp-dyn/content/article/2010/01/07/AR2010010703242_pf.html According to the Obama administration and its critics, U.S. intelligence agencies have a problem with information-sharing. Although this critique appears to have some merit, theory and history suggest our most recent intelligence failure is of another kind. Intelligence-sharing sounds good if we imagine the happy project of dot-connecting. But the concept sounds bad, and risky, if it more resembles the game of Telephone, in which critical information is rather predictably dropped or garbled as it is passed around. The question is: How do we get good, actionable information to the decision maker in time to make a difference? Sharing information is not a cost-free enterprise: It takes time to pass information and time for "the community" to analyze and interpret data. Intelligence succeeds not when it paints a complete picture but when it lubricates choice -- that is, when it helps key policymakers or military officers act faster or smarter than their adversaries. Former director of national intelligence Mike McConnell recognized this point in his strategic document "Vision 2015," issued in July 2008. He identified the intelligence mission as one of gaining competitive advantage, not perfect knowledge of the enemy, an approach his successor has maintained. The purpose is not to know everything -- an impossible goal in any case. The purpose is to win. To win against a networked adversary, the intelligence community must share critical information with decision makers but not always with every element of its own community first. Assembling "puzzles" from many pieces is often necessary for planning and strategy; it takes time and the meticulous management of databases by analytical experts. But for day-to-day operations, decision makers often hold as many or more pieces than intelligence agencies do and certainly know better from moment to moment what knowledge they need to act. In terms of tactical decisions, sharing among intelligence agencies so that an "all source" product can be generated can be a form of hoarding. It can result in finished analyses that are irrelevant, unhelpful or even harmful to national security. To understand why, consider a historical example. During the Civil War, Gen. George McClellan uncharacteristically chased down his adversary before the Battle of Antietam largely because of one soldier's intelligence coup: the discovery of a discarded copy of Confederate Gen. Robert E. Lee's Special Order 191, wrapped around some cigars. This order revealed how Lee intended to divide his forces and where he planned to go. Although McClellan bungled the chase, history records Antietam as a win for the Union. One excellent source delivered by one trusted collector motivated McClellan to act in a way that was not perfect but was more right than wrong. He didn't know everything about Lee's situation, but he knew what he needed to know to act faster than Lee had anticipated. Yet if this instance suggests that single, timely tips can be enough, psychological research suggests that intelligence-sharing can be downright bad. Psychology professor Daniel Gilbert observed in his best-selling book, "Stumbling on Happiness," that the only thing worse than looking for a needle in a haystack is looking for a particular needle in a stack of needles. So when an intelligence establishment composed of at least 16 federal agencies, supported by a raft of state and local law enforcement agencies, mandates an obligation to share information with each other, we shouldn't be surprised when the most critical pieces are harder, not easier, for analysts to identify. This is where proximity to decisions makes a difference. Take, for example, airline ticket agents. They might not judge a father's anxiety about his son enough to stop the son from flying, but knowing this clue when the son offers up cash to fly baggage-free could trigger timely action. Holding up the delivery of the first clue until the arrival of the second cedes decision advantage to the adversary, because the decision is made at the airline counter, not back in Washington. To win in network warfare, then, decision makers must think of themselves as collectors and analysts, too. In real-world terms, this means that ambassadors and intelligence station chiefs who know their sources are good should be able to flag a name for airlines and counselor officers without first circulating information within the intelligence community. It is worth remembering that Gen. Joseph Hooker, a later leader of the Union Army, was the architect of the first all-source intelligence bureau, the Bureau of Military Information, but nonetheless suffered a devastating loss at Chancellorsville. Intelligence-sharing helped him plan that battle and achieve initial surprise, but the all-source analysts couldn't keep up with the wily maneuvers of Stonewall Jackson and Robert E. Lee. For that, Hooker needed a match for Jackson's cavalry, which did intelligence on the fly. He didn't have it, and he lost. Jennifer Sims is a visiting professor at Georgetown University and a senior fellow at the Chicago Council on Global Affairs. Bob Gallucci, president of the MacArthur Foundation, served as an assistant secretary of state in the Clinton administration. Sims has consulted for the Office of the Director of National Intelligence under Dennis C. Blair and Mike McConnell. From rforno at infowarrior.org Fri Jan 8 19:32:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jan 2010 14:32:03 -0500 Subject: [Infowarrior] - Good Luck....France Considers 'Right To Forget' Law Message-ID: France Considers 'Right To Forget' Law, Apparently Not Realizing The Internet Never Forgets Hot on the heels of France considering laws to tax successful internet companies to try to prop up unsuccessful entertainment industry companies, comes a report that France is also considering a special "right to forget" law, which would allow anyone to ask that any information about them be deleted after a certain period of time. At first, I though that they meant content created by the person asking for it to be deleted (like emails), but it sounds like they mean any content about a person. So, say, if you did something embarrassing in college, and your friends put pictures of it online, once the time limit for the "right to forget" law kicked in, you could demand every version of that picture be taken offline. Yeah. Like that will work. Trying to suppress information online doesn't work, no matter what law you put in place. I'm reminded of the convicted German murderer, who is demanding that information on his conviction be removed from Wikipedia under a similar type of law. All that did was call a lot more attention to the story. http://techdirt.com/articles/20100108/0403077673.shtml From rforno at infowarrior.org Sat Jan 9 04:38:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jan 2010 23:38:50 -0500 Subject: [Infowarrior] - Ford launches Tweeting car Message-ID: I shall withold comment on this.....progress. -rf http://www.telegraph.co.uk/technology/ces/6949335/CES-2010-Ford-unveils-Tweeting-car.html CES 2010: Ford unveils Tweeting car By Rupert Neate, Las Vegas Published: 7:00AM GMT 08 Jan 2010 Alan Mulally, Ford's chief executive, said the company will produce a range of vehicles which can read motorist's twitter messages to them as they drive down the street. Drivers may even be able to Tweet replies as the cars will feature voice recognition technology. But composing Tweets will not be possible on the first models, due out in the US later this year, because of safety fears. US Road safety group the AAA warned that the new technology could put lives at risk. "The more things that are going on in a vehicle, the more things can distract a driver," a spokeswoman said. "You only have so much attention to give, and we really want everyone to keep their attention on the roadway for safety reasons." However, Doug VanDagens, Ford's global director of connected services, said people currently read Twitter feeds while they are driving anyway, and the new system would increase road safety by enabling motorists to keep both hands on the wheel. "We take what people do - they talk on the phone, they fumble with mp3 players, they look at maps. We take these activities and make them safer," he said. The tweeter function is part of Ford's plan to connect cars to the internet. Ford said drivers will also be able to stream music live from Panadora, a website similar to Last.fm. The technology, developed in partnership with Microsoft, works by connecting an on-board computer to a mobile phone with 3G internet browsing capabilities. In a speech at the Consumer Electronics Show in Las Vegas said the technology, called Sync, is designed to allow drivers to attend to their social lives, "all while keeping their eyes on the road and their hands on the wheel." From rforno at infowarrior.org Sat Jan 9 04:43:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jan 2010 23:43:38 -0500 Subject: [Infowarrior] - Fox News Sued For Copyright Infringement Message-ID: Quote of the Article -- "Fox sanctimoniously operates unencumbered by the very copyright restrictions it seeks to impose on its competitors," the lawsuit states. --rf Fox News Sued For Copyright Infringement ANTHONY McCARTNEY | 01/ 8/10 01:02 PM http://www.huffingtonpost.com/2010/01/08/fox-news-sued-for-copyrig_n_416347.html LOS ANGELES ? A former adviser to Michael Jackson sued Fox News on Thursday for copyright infringement, claiming the cable channel aired portions of an interview with the singer's ex-wife without proper payment or permission. The lawsuit in federal court by producer F. Marc Schaffel seeks damages from Fox News for airing portions of the 2003 interview with Debbie Rowe after Jackson's death in June. The filing states the interview made up a significant amount of Geraldo Rivera's July 5 show. Schaffel, who once sued Jackson and won a judgment against him, owns the copyright to the Rowe interview. Portions of the interview were aired on the Fox network in 2003 as part of a special intended to balance out a damaging interview aired earlier that year. A spokesman for Fox News, which is owned by Rupert Murdoch's News Corp., said the channel does not comment on pending litigation. The lawsuit states Fox News has claimed a "fair use" right to air the footage as part of news programming. The filing chides Murdoch, who has threatened to sue the British Broadcasting Corp. and others for copyright infringement because he claims they are stealing content from his company's newspapers. "Fox sanctimoniously operates unencumbered by the very copyright restrictions it seeks to impose on its competitors," the lawsuit states. Schaffel owns the copyright to two tapes containing the 2003 interview with Rowe, according to copyright records. Portions of the interview were part of a special titled, "Take Two: The Footage You Were Never Meant to See." It aired on Fox after Disney-owned ABC aired an interview with Jackson by Martin Bashir in which the singer spoke about allowing children to sleep in his bed at Neverland Ranch but that the practice was non-sexual. Schaffel won a split judgment against Jackson in 2006 after suing over work that included producing footage for the 2003 Fox special. A jury awarded Schaffel $900,000, but also awarded the pop singer $200,000 as part of a countersuit. From rforno at infowarrior.org Sat Jan 9 20:30:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Jan 2010 15:30:10 -0500 Subject: [Infowarrior] - OT: 'Lost' v. Obama's SOTU Message-ID: <0C227859-E907-41F8-BC09-EDF27AB250B5@infowarrior.org> (Disclosure: I've never seen 'Lost') ?Lost? episode: Did couch potatoes really bump Obama speech? The White House backed down on the date of Obama's State of the Union address when ?Lost? fans tweeted their outrage. Western civilization and American politics survived. http://www.csmonitor.com/layout/set/print/content/view/print/272888 By Patrik Jonsson Staff writer posted January 9, 2010 at 12:31 pm EST Atlanta ? The decision by the White House Friday to not preempt the season premiere of the psychedelic crash-drama ?Lost? for the State of the Union address reveals the surprising power of that much ridiculed stereotype: the American couch potato. Give ?em a Twitter account, and the President just better back off that remote. ?OBAMA BACKED DOWN!!!! Groundhog Day is OURS!!!!!!! (God Bless America),? wrote one ?Lost? producer on Twitter. Usually presidents, even this one, will steamroll regularly scheduled programming, taking over, as Obama did, ?A Charlie Brown Christmas? on Dec. 1 to announce his new Afghanistan policy. (To the chagrin of some.) But Charlie Brown apparently can?t hold a candle to Jack, Sawyer and Co. The hugely popular ABC drama involves a group of mostly good-looking plane crash survivors who travel through time via a magnetic island ? or something like that. It is gripping TV, if a bit overbearing and unbelievable (a smoke monster?) It has enough mysteries (?Obama in a Dharma jumpsuit!? one fan tweeted hopefully, referencing the mysterious overlord organization that runs the island) and has managed to grip the imagination of a war-weary, economy-clobbered nation looking for relief. (The Toronto Star headline this morning is very telling: ?When it comes to country?s future, Americans would rather be Lost.?) The State of the Union Address is usually held in January. But the White House has signaled it wants to push it back, most likely to make sure congressional Democrats have enough time to polish off a healthcare reform bill. But when Feb. 2 popped up as a possible date, Facebook and Twitter fan groups revolted. One group, ?Americans Against the State of the Union Address on the same night as LOST,? got huge traffic, as did the Twitter hashmark #NoStateOfUnionFeb2. Presidents like John Kennedy and Bill Clinton innately harnessed the power of television like few others, understanding that TV ?changed what presidents do and how they do it ? and affected how and why voters vote and for whom they cast their ballots,? according to an essay by the Museum of Broadcast Communications. Obama, too, is a made-for-TV president, his historic ascent from junior senator to White House occupant played out in countless hours of primetime news coverage. But polls tell us he?s now in hot water with much of his TV constituency. The conclusion for the White House was probably a no-brainer: Why rejigger the ?Lost? universe more than it already is. Whether a president should worry about preempting a show featuring time travel to do that inconsequential little speech called the State of the Union can be debated, but the reality cannot: Couch potatoes rule. ?I don?t foresee a scenario in which millions of people that hope to finally get some conclusion in ?Lost? are pre-empted by the president,? White House spokesman Robert Gibbs glibly said Friday, then requested with a smile that reporters attribute the quote to a ?senior administration official.? In response, ricknroll tweeted: ?TV and Twitter now have more power than POTUS ? Awesome!? ----- From rforno at infowarrior.org Sat Jan 9 20:34:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Jan 2010 15:34:27 -0500 Subject: [Infowarrior] - Privacy threatened by online life Message-ID: <888513EA-9B00-414D-9427-2AA6B7D57328@infowarrior.org> Privacy threatened by online life By Zoe Kleinman Technology Reporter, BBC News People who post intimate details about their lives on the internet undermine everybody else's right to privacy, claims an academic. Dr Kieron O'Hara has called for people to be more aware of the impact on society of what they publish online. "If you look at privacy in law, one important concept is a reasonable expectation of privacy," he said. "As more private lives are exported online, reasonable expectations are diminishing." The rise of social networking has blurred the boundaries of what can be considered private, he believes - making it less of a defence by law. We live in an era that he terms "intimacy 2.0" - where people routinely share extremely personal information online. "When our reasonable expectations diminish, as they have, by necessity our legal protection diminishes." Dr O'Hara, a senior research fellow in Electronic and Computer Science at the University of Southampton, gave the example of an embarrassing photo taken at a party. A decade ago, he said, there would have been an assumption that it might be circulated among friends. But now the assumption is that it may well end up on the internet and be viewed by strangers. Raging debate Privacy has long been a thorny issue but there were very few court cases until that of former motorsport boss Max Mosley in 2008. Mr Mosley sued the News of the World over the publication in the newspaper of explicit photos of him secretly taken during an orgy. He argued that the publication of the photos was an unwarranted breach of his privacy - and won. Mr Mosley had taken steps to keep his private life private but Dr O'Hara's concern is that other people's disregard for privacy online will spill over into other walks of life. As debates continue to rage over whether the new airport body scanners and CCTV are an infringement of privacy or useful protection, some argue that it already has. "Recent security decisions have become a privacy discussion - but if security suffers, the community suffers," Dr O'Hara said. He was due to deliver his research paper at the annual Media Communication and Cultural Studies Association (Meccsa) conference held at the London School of Economics from 6-8 January. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8446649.stm Published: 2010/01/08 11:08:08 GMT ? BBC MMX From rforno at infowarrior.org Sat Jan 9 20:36:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Jan 2010 15:36:23 -0500 Subject: [Infowarrior] - Inovation: Keeping America's Edge Message-ID: <06120B37-2DDD-4624-9AFF-16188DE8BF28@infowarrior.org> Keeping America's Edge JIM MANZI The United States is in a tough spot. As we dig ourselves out from a serious financial crisis and a deep recession, our very efforts to recover are exacerbating much more fundamental problems that our country has let fester for too long. Beyond our short-term worries, and behind many of today's political debates, lurks the deeper challenge of coming to terms with America's place in the global economic order. Our strategic situation is shaped by three inescapable realities. First is the inherent conflict between the creative destruction involved in free-market capitalism and the innate human propensity to avoid risk and change. Second is ever-increasing international competition. And third is the growing disparity in behavioral norms and social conditions between the upper and lower income strata of American society. These realities combine to form a daunting problem. And the task of resolving it turns out not, by and large, to be a matter of foreign policy. Rather, it compels us to consider how we balance economic dynamism and growth against the unity and stability of our society. After all, we must have continuous, rapid technological and business- model innovation to grow our economy fast enough to avoid losing power to those who do not share America's values ? and this innovation requires increasingly deregulated markets and fewer restrictions on behavior. But such deregulation would cause significant displacement and disruption that could seriously undermine America's social cohesion ? which is not only essential to a decent and just society, but also to producing the kind of skilled and responsible citizens that free markets ultimately require. Moreover, preserving the integrity of our social fabric by minimizing the divisions that can rend society often requires government policies ? to reduce inequality or ensure access to jobs, education, housing, or health care ? that can in turn undercut growth and prosperity. Neither innovation nor cohesion can do without the other, but neither, it seems, can avoid undermining the other. Reconciling these competing forces is America's great challenge in the decades ahead, but will be made far more difficult by the growing bifurcation of American society. Of course, this is not a new dilemma: It has actually undergirded most of the key political-economy debates of the past 30 years. But a dysfunctional political dynamic has prevented the nation from addressing it well, and has instead given us the worst of both worlds: a ballooning welfare state that threatens future growth, along with growing socioeconomic disparities... < - > http://www.nationalaffairs.com/publications/detail/keeping-americas-edge From rforno at infowarrior.org Sun Jan 10 04:07:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Jan 2010 23:07:51 -0500 Subject: [Infowarrior] - =?windows-1252?q?_Children_of_Cyberspace=3A_Old_F?= =?windows-1252?q?ogies_by_Their_20=92s?= Message-ID: January 9, 2010 The Children of Cyberspace: Old Fogies by Their 20?s By BRAD STONE http://www.nytimes.com/2010/01/10/weekinreview/10stone.html?hpw=&pagewanted=print My 2-year-old daughter surprised me recently with two words: ?Daddy?s book.? She was holding my Kindle electronic reader. Here is a child only beginning to talk, revealing that the seeds of the next generation gap have already been planted. She has identified the Kindle as a substitute for words printed on physical pages. I own the device and am still not completely sold on the idea. My daughter?s worldview and life will be shaped in very deliberate ways by technologies like the Kindle and the new magical high-tech gadgets coming out this year ? Google?s Nexus One phone and Apple?s impending tablet among them. She?ll know nothing other than a world with digital books, Skype video chats with faraway relatives, and toddler-friendly video games on the iPhone. She?ll see the world a lot differently from her parents. But these are also technology tools that children even 10 years older did not grow up with, and I?ve begun to think that my daughter?s generation will also be utterly unlike those that preceded it. Researchers are exploring this notion too. They theorize that the ever- accelerating pace of technological change may be minting a series of mini-generation gaps, with each group of children uniquely influenced by the tech tools available in their formative stages of development. ?People two, three or four years apart are having completely different experiences with technology,? said Lee Rainie, director of the Pew Research Center?s Internet and American Life Project. ?College students scratch their heads at what their high school siblings are doing, and they scratch their heads at their younger siblings. It has sped up generational differences.? One obvious result is that younger generations are going to have some very peculiar and unique expectations about the world. My friend?s 3- year-old, for example, has become so accustomed to her father?s multitouch iPhone screen that she approaches laptops by swiping her fingers across the screen, expecting a reaction. And after my 4-year-old niece received the very hot Zhou-Zhou pet hamster for Christmas, I pointed out that the toy was essentially a robot, with some basic obstacle avoidance skills. She replied matter- of-factly: ?It?s not a robot. It?s a pet.? These mini-generation gaps are most visible in the communication and entertainment choices made by different age groups. According to a survey last year by Pew, teenagers are more likely to send instant messages than slightly older 20-somethings (68 percent versus 59 percent) and to play online games (78 percent versus 50 percent). Larry Rosen, a professor of psychology at California State University, Dominguez Hills, and the author of the coming ?Rewired: Understanding the iGeneration and the Way They Learn,? has also drawn this distinction between what he calls the Net Generation, born in the 1980s, and the iGeneration, born in the ?90s and this decade. Now in their 20s, those in the Net Generation, according to Dr. Rosen, spend two hours a day talking on the phone and still use e-mail frequently. The iGeneration ? conceivably their younger siblings ? spends considerably more time texting than talking on the phone, pays less attention to television than the older group and tends to communicate more over instant-messenger networks. Dr. Rosen said that the newest generations, unlike their older peers, will expect an instant response from everyone they communicate with, and won?t have the patience for anything less. ?They?ll want their teachers and professors to respond to them immediately, and they will expect instantaneous access to everyone, because after all, that is the experience they have growing up,? he said. ?They should be just like their older brothers and sisters, but they are not.? The boom of kid-focused virtual worlds and online games like Club Penguin and Moshi Monsters especially intrigues Mizuko Ito, a cultural anthropologist and associate researcher at the University of California Humanities Research Institute. Dr. Ito said that children who play these games would see less of a distinction between their online friends and real friends; virtually socializing might be just as fulfilling as a Friday night party. And they would be more likely to participate actively in their own entertainment, clicking at the keyboard instead of leaning back on the couch. That could give them the potential to be more creative than older generations ? and perhaps make them a more challenging target for corporate marketers. ?It?s certainly no longer true that kids are just blindly consuming what commercial culture has to offer,? Dr. Ito said. Another bubbling intra-generational gap, as any modern parent knows, is that younger children tend to be ever more artful multitaskers. Studies performed by Dr. Rosen at Cal State show that 16- to 18-year- olds perform seven tasks, on average, in their free time ? like texting on the phone, sending instant messages and checking Facebook while sitting in front of the television. People in their early 20s can handle only six, Dr. Rosen found, and those in their 30s perform about five and a half. That versatility is great when they?re killing time, but will a younger generation be as focused at school and work as their forebears? ?I worry that young people won?t be able to summon the capacity to focus and concentrate when they need to,? said Vicky Rideout, a vice president at the Kaiser Family Foundation, which will release a sweeping survey on the technology and media habits of children and teenagers this month. Children my daughter?s age are also more likely to have some relaxed notions about privacy. The idea of a phone or any other device that is persistently aware of its location and screams out its geographic coordinates, even if only to friends, might seem spooky to older age groups. But the newest batch of Internet users and cellphone owners will find these geo-intelligent tools to be entirely second nature, and may even come to expect all software and hardware to operate in this way. Here is where corporations can start licking their chops. My daughter and her peers will never be ?off the grid.? And they may come to expect that stores will emanate discounts as they walk by them, and that friends can be tracked down anywhere. ?If it?s something you grow up with, you have a completely different comfort with it than someone who has had to unlearn something about the world,? said Mr. Rainie, of the Pew project. It?s not yet clear whether these disparities between adjacent groups of children and teenagers will simply fade away, as the older groups come to embrace the new technology tools, or whether they will deepen into more serious rifts between various generations. But the children, teenagers and young adults who are passing through this cauldron of technological change will also have a lot in common. They?ll think nothing of sharing the minutia of their lives online, staying connected to their friends at all times, buying virtual goods, and owning one ?ber-device that does it all. They will believe the Kindle is the same as a book. And they will all think their parents are hopelessly out of touch. From rforno at infowarrior.org Sun Jan 10 16:57:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Jan 2010 11:57:42 -0500 Subject: [Infowarrior] - WaPo Called Out for Planted "News" Story Message-ID: <4DF30368-B3D3-4097-AE04-AF6A1680849B@infowarrior.org> Wash Post Called Out for Planted "News" Story from Fiscal Times http://www.prwatch.org/node/8815 From rforno at infowarrior.org Sun Jan 10 17:55:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Jan 2010 12:55:21 -0500 Subject: [Infowarrior] - Good WSJ Op-Ed on Terrorism Message-ID: <33136896-076C-46DF-9731-2524B143D8F5@infowarrior.org> http://online.wsj.com/article/SB10001424052748704130904574644651587677752.html JANUARY 9, 2010 Undressing the Terror Threat Running the numbers on the conflict with terrorists suggests that the rules of the game should change By PAUL CAMPOS ?Paul Campos is a professor of law at the University of Colorado. I'm not much of a basketball player. Middle-age, with a shaky set shot and a bad knee, I can't hold my own in a YMCA pickup game, let alone against more organized competition. But I could definitely beat LeBron James in a game of one-on-one. The game just needs to feature two special rules: It lasts until I score, and when I score, I win. We might have to play for a few days, and Mr. James's point total could well be creeping toward five figures before the contest ended, but eventually the gritty gutty competitor with a lunch-bucket work ethic (me) would subject the world's greatest basketball player to a humiliating defeat. The world's greatest nation seems bent on subjecting itself to a similarly humiliating defeat, by playing a game that could be called Terrorball. The first two rules of Terrorball are: (1) The game lasts as long as there are terrorists who want to harm Americans; and (2) If terrorists should manage to kill or injure or seriously frighten any of us, they win. These rules help explain the otherwise inexplicable wave of hysteria that has swept over our government in the wake of the failed attempt by a rather pathetic aspiring terrorist to blow up a plane on Christmas Day. For two weeks now, this mildly troubling but essentially minor incident has dominated headlines and airwaves, and sent politicians from the president on down scurrying to outdo each other with statements that such incidents are "unacceptable," and that all sorts of new and better procedures will be implemented to make sure nothing like this ever happens again. Meanwhile, millions of travelers are being subjected to increasingly pointless and invasive searches and the resultant delays, such as the one that practically shut down Newark Liberty International Airport last week, after a man accidentally walked through the wrong gate, or Tuesday's incident at a California airport, which closed for hours after a "potentially explosive substance" was found in a traveler's luggage. (It turned out to be honey.) As to the question of what the government should do rather than keep playing Terrorball, the answer is simple: stop treating Americans like idiots and cowards. It might be unrealistic to expect the average citizen to have a nuanced grasp of statistically based risk analysis, but there is nothing nuanced about two basic facts: (1) America is a country of 310 million people, in which thousands of horrible things happen every single day; and (2) The chances that one of those horrible things will be that you're subjected to a terrorist attack can, for all practical purposes, be calculated as zero. Consider that on this very day about 6,700 Americans will die. When confronted with this statistic almost everyone reverts to the mindset of the title character's acquaintances in Tolstoy's great novella "The Death of Ivan Ilyich," and indulges in the complacent thought that "it is he who is dead and not I." Consider then that around 1,900 of the Americans who die today will be less than 65, and that indeed about 140 will be children. Approximately 50 Americans will be murdered today, including several women killed by their husbands or boyfriends, and several children who will die from abuse and neglect. Around 85 of us will commit suicide, and another 120 will die in traffic accidents. No amount of statistical evidence, however, will make any difference to those who give themselves over to almost completely irrational fears. Such people, and there are apparently a lot of them in America right now, are in fact real victims of terrorism. They also make possible the current ascendancy of the politics of cowardice?the cynical exploitation of fear for political gain. Unfortunately, the politics of cowardice can also make it rational to spend otherwise irrational amounts of resources on further minimizing already minimal risks. Given the current climate of fear, any terrorist incident involving Islamic radicals generates huge social costs, so it may make more economic sense, in the short term, to spend X dollars to avoid 10 deaths caused by terrorism than it does to spend X dollars to avoid 1,000 ordinary homicides. Any long-term acceptance of such trade-offs hands terrorists the only real victory they can ever achieve. It's a remarkable fact that a nation founded, fought for, built by, and transformed through the extraordinary courage of figures such as George Washington, Susan B. Anthony and Martin Luther King Jr. now often seems reduced to a pitiful whimpering giant by a handful of mostly incompetent criminals, whose main weapons consist of scary- sounding Web sites and shoe- and underwear-concealed bombs that fail to detonate. Terrorball, in short, is made possible by a loss of the sense that cowardice is among the most disgusting and shameful of vices. I shudder to think what Washington, who as commander in chief of the Continental Army intentionally exposed himself to enemy fire to rally his poorly armed and badly outnumbered troops, would think of the spectacle of millions of Americans not merely tolerating but actually demanding that their government subject them to various indignities, in the false hope that the rituals of what has been called "security theater" will reduce the already infinitesimal risks we face from terrorism. Indeed, if one does not utter the magic word "terrorism," the notion that it is actually in the best interests of the country for the government to do everything possible to keep its citizens safe becomes self-evident nonsense. Consider again some of the things that will kill 6,700 Americans today. The country's homicide rate is approximately six times higher than that of most other developed nations; we have 15,000 more murders per year than we would if the rate were comparable to that of otherwise similar countries. Americans own around 200 million firearms, which is to say there are nearly as many privately owned guns as there are adults in the country. In addition, there are about 200,000 convicted murderers walking free in America today (there have been more than 600,000 murders in America over the past 30 years, and the average time served for the crime is about 12 years). Given these statistics, there is little doubt that banning private gun ownership and making life without parole mandatory for anyone convicted of murder would reduce the homicide rate in America significantly. It would almost surely make a major dent in the suicide rate as well: Half of the nation's 31,000 suicides involve a handgun. How many people would support taking both these steps, which together would save exponentially more lives than even a?obviously hypothetical? perfect terrorist-prevention system? Fortunately, very few. (Although I admit a depressingly large number might support automatic life without parole.) Or consider traffic accidents. All sorts of measures could be taken to reduce the current rate of automotive carnage from 120 fatalities a day ?from lowering speed limits, to requiring mechanisms that make it impossible to start a car while drunk, to even more restrictive measures. Some of these measures may well be worth taking. But the point is that at present we seem to consider 43,000 traffic deaths per year an acceptable cost to pay for driving big fast cars. For obvious reasons, politicians and other policy makers generally avoid discussing what ought to be considered an "acceptable" number of traffic deaths, or murders, or suicides, let alone what constitutes an acceptable level of terrorism. Even alluding to such concepts would require treating voters as adults?something which at present seems to be considered little short of political suicide. Yet not treating Americans as adults has costs. For instance, it became the official policy of our federal government to try to make America "a drug-free nation" 25 years ago. After spending hundreds of billions of dollars and imprisoning millions of people, it's slowly beginning to become possible for some politicians to admit that fighting a necessarily endless drug war in pursuit of an impossible goal might be a bad idea. How long will it take to admit that an endless war on terror, dedicated to making America a terror-free nation, is equally nonsensical? What then is to be done? A little intelligence and a few drops of courage remind us that life is full of risk, and that of all the risks we confront in America every day, terrorism is a very minor one. Taking prudent steps to reasonably minimize the tiny threat we face from a few fanatic criminals need not grant them the attention they crave. Continuing to play Terrorball, on the other hand, guarantees that the terrorists will always win, since it places the bar for what counts as success for them practically on the ground. ?Paul Campos is a professor of law at the University of Colorado. From rforno at infowarrior.org Sun Jan 10 19:37:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Jan 2010 14:37:30 -0500 Subject: [Infowarrior] - Military Deluged in Intelligence From Drones Message-ID: <28844ECD-59B6-477E-B1F2-10912A5E5E36@infowarrior.org> January 11, 2010 Military Is Deluged in Intelligence From Drones By CHRISTOPHER DREW http://www.nytimes.com/2010/01/11/business/11drone.html?hp=&pagewanted=print HAMPTON, Va. ? As the military rushes to place more spy drones over Afghanistan, the remote-controlled planes are producing so much video intelligence that military analysts are finding it more and more difficult to keep up. Air Force drones collected nearly three times as much video over Afghanistan and Iraq last year as they did in 2007 ? about 24 years? worth if watched continuously. That volume is expected to multiply in the coming years as drones are added to the fleet and as some start using multiple cameras to shoot in many directions. A group of young analysts already watch every second of the footage live as it is streamed to Langley Air Force Base here and to other intelligence centers, and they quickly pass warnings about insurgents and roadside bombs to troops in the field. But military officials also see much potential in using the archives of video collected by the drones for later analysis, like searching for patterns of insurgent activity over time. To date, only a small fraction of the stored video has been retrieved for such intelligence purposes. So the Air Force and other military units ? mindful of the post-9/11 criticism that government agencies focused too heavily on collecting data without enough tools to spot patterns ? are turning to the television industry to learn how to quickly share video clips, like the highlight plays in a football game, and display a mix of data in ways that make analysis faster and easier. They are even testing some of the splashier techniques used by broadcasters, like the telestrator that John Madden popularized for scrawling football plays. It could be used to warn troops about a threatening vehicle or circle a compound that a drone should attack. ?Imagine you are tuning into a football game without all the graphics,? said Lucius Stone, an executive as Harris Broadcast Communications, a provider of commercial technology that is working with the military. ?You don?t know what the score is. You don?t know what the down is. It?s just raw video. And that?s how the guys in the military have been using it.? The demand for the Predator and Reaper drones has surged since the terror attacks in 2001, and they have become one of the most critical weapons for hunting insurgent leaders and protecting allied forces. The military relies on the video to catch insurgents burying roadside bombs and to find their houses or weapons caches. Most commanders are now reluctant to send a convoy down a road without an armed drone watching over it. The Army, the Marines and the special forces are also deploying hundreds of smaller surveillance drones. And the Central Intelligence Agency uses drones to mount missile strikes against Al Qaeda leaders in Pakistan. Air Force officials, who take the lead in analyzing the video from Iraq and Afghanistan, say they have managed to keep up with the most urgent assignments. And it is clear, on a visit to the analysis center in an old hangar here, that they are often able to correlate the video data with clues in still images and intercepted phone conversations to build a fuller picture of the most immediate threats. But as the Obama administration sends more troops to Afghanistan, the task of monitoring the video is only going to grow more challenging. Instead of carrying just one camera, the Reaper drones, which are newer and larger than the Predators, will soon be able to record in 10 directions at once, and then in 30 by 2011 and as many as 65 after that. Even the Air Force?s top intelligence official, Lt. Gen. David A. Deptula, says it could soon be ?swimming in sensors and drowning in data.? He said the Air Force will have to funnel many of those feeds directly to ground troops to keep from overwhelming its intelligence centers. He said it is working more closely with field commanders to identify the most important targets, and it is adding 2,500 analysts to help handle the growing volume of data. With a new $500 million computer system that is being installed now, the Air Force will also be able to start using some of the television techniques and send out automatic alerts when hot information comes in, complete with highlight clips and even text and graphics. ?If automation can provide a cue for our people that would make better use of their time, that would help us significantly,? said General Norton A. Schwartz, the Air Force?s chief of staff. Officials acknowledge that in many ways, the military is just catching up to features that have long been familiar to users of YouTube or Google. John R. Peele, a chief in the counterterrorism office at the National Geospatial-Intelligence Agency, which helps the Air Force analyze videos, said the drones ?proliferated so quickly, and we didn?t have very much experience using them. So we?re kind of learning as we go along which tools would be helpful.? But Mark A. Bigham, an executive at Raytheon, which designed the new computer system, said the Air Force had actually moved more quickly than most intelligence agencies to create Web-like networks where the data could be shared more easily. In fact, it has relayed drone video to the United States and Europe for analysis for more than a decade. The operations, which now include 4,000 airmen, are headquartered at the base here, where three analysts watch the live feed from a drone. One never takes his eyes off the monitor, calling out possible threats to his partners, who immediately pass alerts to the field via computer chat rooms and snap screenshots of the most valuable images. ?It?s mostly through the chat rooms ? that?s how we?re fighting these days,? said Colonel Daniel R. Johnson, who runs the intelligence centers. He said other analysts, mostly enlisted men and women in their early 20s, study the hundreds of still images and phone calls captured each day by other planes and send out follow-up reports melding all the data. Mr. Bigham, the Raytheon executive, said the new system will help speed that process. He said it will also tag basic data, like the geographic coordinates and the chat room discussions, and alert officials throughout the military who might want to call up the videos for further study. But while the biggest timesaver would be to automatically scan the video for trucks and armed men, that software is not yet reliable. And the military has run into the same problem that the broadcast industry has in trying to pick out football players swarming on a tackle. So Joseph Smith, a Navy commander assigned to the National Geospatial- Intelligence Agency, which sets standards for video intelligence, said he and other officials have climbed into broadcast trucks outside football stadiums to learn how the networks tag and retrieve highlight film. ?There are these three guys who sit in the back of an ESPN or Fox Sports van, and every time Tom Brady comes on the screen, they tap a button so that Tom Brady is marked,? Cmdr. Smith said, referring to the New England Patriots quarterback. Then, to call up the highlights later, he said, ?They just type in: ?Tom Brady, touchdown pass.?? Lt. Col. Brendan M. Harris, who is in charge of an intelligence squadron here, said his analysts could do that. He said the Air Force has just installed telestrators on its latest handheld video receiver, and harried officers in the field will soon be able to simply circle the images of trucks or individuals they want the drones to follow. But Colonel Harris also noted that the drones often shoot gray-toned video with infrared cameras that is harder to decipher than color shots. And when force is potentially involved, he said, there will be limits on what automated systems are allowed to do. ?You need somebody who?s trained and is accountable in recognizing that that is a woman, that is a child and that is someone who?s carrying a weapon,? he said. ?And the best tools for that are still the eyeball and the human brain.? From rforno at infowarrior.org Mon Jan 11 13:39:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jan 2010 08:39:31 -0500 Subject: [Infowarrior] - Drew Brees on NFL's Supreme Court case Message-ID: <1EC7773C-4F1A-4EEF-ACEF-32BB806DAF3A@infowarrior.org> Saints' quarterback Drew Brees weighs in on NFL's Supreme Court case By Drew Brees Sunday, January 10, 2010; B02 http://www.washingtonpost.com/wp-dyn/content/article/2010/01/07/AR2010010702947_pf.html As the starting quarterback for the New Orleans Saints, I am used to competing on the football field, not in a courtroom, and I rarely offer a public opinion on complex legal debates. But in a few days, the Supreme Court will hear oral arguments in American Needle v. NFL, a case that could have a profound impact not only on my sport but on all of American professional athletics. So even as the playoffs are beginning, I feel compelled to venture beyond the gridiron to share my thoughts on what is at stake. The case involves a multimillion-dollar deal struck in 2000 between the National Football League and Reebok that grants Reebok the exclusive rights to make hats, sweatshirts and other gear with NFL team logos. What does that deal have to do with the ability of my teammates and me to perform our jobs and entertain football fans around the country? Potentially, quite a bit: The gains we fought for and won as players over the years could be lost, while the competition that runs through all aspects of the sport could be undermined. American Needle is a small manufacturer of hats located in Buffalo Grove, Ill. As a result of the NFL's deal with Reebok, American Needle was excluded from the NFL-branded hat market, so it sued the league and Reebok. American Needle argued that the licensing deal violated antitrust laws because it restricted competition between businesses. The nation's antitrust laws constitute a fundamental part of our economic system and have protected consumers for more than 100 years, providing us with lower prices and fostering innovation. The NFL originally won the case because the lower courts decided that, when it comes to marketing hats and gear, the 32 teams in the league act like one big company, a "single entity," and such an entity can't illegally conspire with itself to restrain trade. The NFL-Reebok deal is worth a lot of money, and fans pay for it: If you want to show support for your team by buying an official hat, it now costs $10 more than before the exclusive arrangement. Amazingly, after the NFL won the case, it asked the Supreme Court to dramatically expand the ruling and determine that the teams act as a single entity not only for marketing hats and gear, but for pretty much everything the league does. It was an odd request -- as if I asked an official to review an 80-yard pass of mine that had already been ruled a touchdown. The notion that the teams function as a single entity is absurd; the 32 organizations composing the NFL and the business people who run them compete with unrelenting intensity for players, coaches and, most of all, the loyalty of fans. I know of this competition because, along with hundreds of other professional football players, I live it every week of the season. I also know about it because in 2006, after five years with the San Diego Chargers, I became a free agent and witnessed firsthand the robust competition among teams for players. Thanks to free agency, I had the opportunity to sign a six-year contract with the New Orleans Saints, and for the past 3 1/2 years, my wife, Brittany, and I have been honored to live in and contribute to the amazingly resilient and welcoming community of New Orleans. We've been privileged to journey with our neighbors on the long road to recovery from the devastation of Hurricane Katrina. I could choose to sign a contract with the Saints because of a crucial player-led antitrust lawsuit in 1993 that secured players' rights to sell our services as free agents. Until that case, team owners had acted together to control players and keep salaries low, while the popularity of the game and teams' revenues grew exponentially. Today, if the Supreme Court agrees with the NFL's argument that the teams act as a single entity rather than as 32 separate, vigorously competitive and extremely profitable entities, the absence of antitrust scrutiny would enable the owners to exert total control over this multibillion- dollar business. What might the owners do? They could agree to end or severely restrict free agency, continue to enter into exclusive agreements that will further raise prices on merchandise, lock coaches into salary scales that don't reward them when they're promoted and set higher ticket prices (including preventing teams from competing through ticket discounts). These and other concerns prompted the NFL Players Association -- along with the players associations of Major League Baseball, the National Basketball Association and the National Hockey League -- to file an amicus brief with the Supreme Court last fall, arguing against the notion of the NFL as a single entity. At the moment, the NFL Players Association and team owners are negotiating over a new collective bargaining agreement, and the threat of a lockout looms over the 2011 season. Historically, players have made significant gains, such as free agency, by challenging the NFL on antitrust grounds. If the Supreme Court rules that the league's 32 organizations constitute a single entity that is exempt from antitrust laws, players will lose this important leverage. In this postseason, my fellow players and I are encouraged and humbled to see that professional football is thriving in our country, even during the most dire recession in decades. Fans continue to express their passion for their teams by spending their limited resources to show their support. Every week during the season, players compete fiercely on the gridiron, and throughout the year, team owners compete to sign the best players and attract fans' loyalty and dollars. I hope that the justices of the Supreme Court recognize and ensure the continuance of the intense competition inherent in this game, and in the business behind the game. As readers of The Washington Post know well, NFL teams such as the Dallas Cowboys and the Washington Redskins are by no means a single entity -- just ask Dan Snyder or Jerry Jones. Drew Brees, the starting quarterback for the New Orleans Saints, serves on the executive committee of the NFL Players Association. From rforno at infowarrior.org Mon Jan 11 13:52:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jan 2010 08:52:51 -0500 Subject: [Infowarrior] - Don't panic. Fear is al-Qaeda's real goal. Message-ID: (Good commentary --- rick) Don't panic. Fear is al-Qaeda's real goal. By Fareed Zakaria Monday, January 11, 2010 http://www.washingtonpost.com/wp-dyn/content/article/2010/01/10/AR2010011002143.html In responding to the attempted bombing of an airliner on Christmas Day, Sen. Dianne Feinstein voiced the feelings of many when she said that to prevent such situations, "I'd rather overreact than underreact." This appears to be the consensus view in Washington, but it is quite wrong. The purpose of terrorism is to provoke an overreaction. Its real aim is not to kill the hundreds of people directly targeted but to sow fear in the rest of the population. Terrorism is an unusual military tactic in that it depends on the response of the onlookers. If we are not terrorized, then the attack didn't work. Alas, this one worked very well. The attempted bombing says more about al-Qaeda's weakened state than its strength. In the eight years before Sept. 11, al-Qaeda was able to launch large-scale terrorist attacks on several continents. It targeted important symbols of American power -- embassies in Africa; a naval destroyer, the USS Cole; and, of course, the World Trade Center. The operations were complex -- a simultaneous bombing of two embassies in different countries -- and involved dozens of people of different nationalities who trained around the world, moved significant sums of money and coordinated their efforts over months, sometimes years. On Christmas an al-Qaeda affiliate launched an operation using one person, with no special target, and a failed technique tried eight years ago by "shoe bomber" Richard Reid. The plot seems to have been an opportunity that the group seized rather than the result of a well- considered strategic plan. A Nigerian fanatic with (what appeared to be) a clean background volunteered for service; he was wired up with a makeshift explosive and put on a plane. His mission failed entirely, killing not a single person. The suicide bomber was not even able to commit suicide. But al-Qaeda succeeded in its real aim, which was to throw the American system into turmoil. That's why the terror group proudly boasted about the success of its mission. Is there some sensible reaction between panic and passivity? Philip Zelikow, the executive director of the 9/11 Commission and later a senior State Department official in the Bush administration, suggests that we should try to analyze failures in homeland security the way we do airplane catastrophes. When an airliner suffers an accident, major or minor, the National Transportation Safety Board convenes a group of nonpartisan experts who methodically examine what went wrong and then issue recommendations to improve the situation. "We approach airline security with the understanding that it's a complex problem, that we have a pretty good system, but that there will be failures -- caused by human beings, technology, or other factors. The point is to constantly fix what's broken and keep improving the design and execution," says Zelikow. Imagine if that were the process after a lapse in homeland security. The public would know that any attack, successful or not, would trigger an automatic, serious process to analyze the problem and fix it. Politicians might find it harder to use every such event for political advantage. The people on the front lines of homeland security would not get demoralized as they watched politicians and the media bash them and grandstand with little knowledge. Overreacting to terrorist attacks plays into al-Qaeda's hands. It also provokes responses that are likely to be large-scale, expensive, ineffective and possibly counterproductive. More screening for every passenger makes no sense. When searching for needles in haystacks, adding hay doesn't help. What's needed is a larger, more robust watch list that is instantly available to all relevant government agencies. Almost 2 million people travel on planes in the United States every day. We need to isolate the tiny percentage of suspicious characters and search them, not cause needless fear in everyone else. As for the calls to treat the would-be bomber as an enemy combatant, torture him and toss him into Guantanamo, God knows he deserves it. But keep in mind that the crucial intelligence we received was from the boy's father. If that father had believed that the United States was a rogue superpower that would torture and abuse his child without any sense of decency, would he have turned him in? To keep this country safe, we need many more fathers, uncles, friends and colleagues to have enough trust in America that they, too, would turn in the terrorist next door. Fareed Zakaria is editor of Newsweek International. His e-mail address is comments at fareedzakaria.com. From rforno at infowarrior.org Mon Jan 11 16:58:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jan 2010 11:58:26 -0500 Subject: [Infowarrior] - More on...Web suicide machines Message-ID: (c/o Seda, with his permission, via another list) On behalf of Facebook, the law firm Perkins Coie has sent a Cease and Desist letter to Mike van Gaasbeekfrom WORM, the Rotterdam-based experimental artscenter of which MODDR_labs, creators of the Web2.0 Suicide Machine , are a part of.. the letter is also made available here: http://suicidemachine.org/download/Web_2.0_Suicide_Machine.pdf more informaiton on what is happening can be found here: http://www.networkworld.com/community/node/49470 more information on the worm lab can be found here: http://agenda.wormweb.nl/home.php?taal=eng this somehow reminds me of the many over-exaggerated reactions that the uebermorgen project usually gets for their interventions (http://www.ubermorgen.com ). over the years uebermorgen has launched arts projects that point to and make public the contradictions that a lot of bigger companies painstakingly hide through their marketing, advertisement and legal departments in order to save themselves from bad reputation due to their aggressive "survival" tactics. this little spectacle with suicidemachine also coincides with zuckerberg's statement that privacy is dead and facebook wants to be more public: http://www.readwriteweb.com/archives/facebooks_zuckerberg_says_the_age_of_privacy_is_ov.php but obviously, facebook does not really want "You [to]... have control over what you share" (facebook privacy policy) they want you to share and from there have facebook stipulate what happens with your sharing. they want facebook to be the ultimate vitrine of profiles. a fan of and researcher working on facebook myself, i really hope that they make some changes with respect to letting their users download their own information (at this point, i cannot even make a back up of my friend's email addresses on my own computer), let people delete their information, if necessary in an automated manner), and allow people to share their information outside of facebook, just like facebook integrates a lot of their services on its platform. if they want to be more public, then maybe this should not only mean more control for facebook itself, but also some control rights to its users beyond the "privacy settings". anyways, may the unrest continue and hoping that the arts initiative does not have too much trouble with the corporate lawyers. From rforno at infowarrior.org Mon Jan 11 18:34:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jan 2010 13:34:06 -0500 Subject: [Infowarrior] - Airport Scanners Can Store, Transmit Images Message-ID: <69C24575-6FA1-4C02-B1B1-A8702B3FFEDD@infowarrior.org> (Since there'd be the likelihood of using such images post-incident, for forensics purposes it makes sense that these devices would store images for SOME duration of time. As such I never bought the fed's story on image-storing. --rick) Threat Level Privacy, Crime and Security Online Airport Scanners Can Store, Transmit Images ? By Kim Zetter ? January 11, 2010 | ? 1:13 pm | ? Categories: Surveillance http://www.wired.com/threatlevel/2010/01/airport-scanners/ Contrary to previous public statements made by the Transportation Security Administration about fully-body airport scanners, the devices do have the ability to store and transmit images, according to documents obtained by the American Civil Liberties Union. The documents, which include technical specifications and vendor contracts, indicate that the TSA requires vendors to provide equipment that can store and send images of screened passengers when in testing mode, according to CNN, which viewed the documents. The TSA has stated publicly on its web site, in videos and in statements to the press that images cannot be stored on the machines and that images are deleted from the scanners once an airport operator has examined them. The administration has also insisted that the machines are incapable of sending images. But a TSA official acknowledged to CNN that the machines do have these capabilities when set to ?test mode.? The official said these functions are disabled before the machines are delivered to airports and that there is no way for screeners in airports to put the machines into test mode to enable the functions. The official, however, would not elaborate on what specific protections, if any, are in place to prevent airport personnel from putting the machines in test mode. The TSA also asserts that the machines are not networked, so they cannot be accessed by hackers. From rforno at infowarrior.org Tue Jan 12 03:40:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jan 2010 22:40:19 -0500 Subject: [Infowarrior] - Apple sits on critical Mac bug for 7 months (and counting) Message-ID: <091ED2E7-86F1-4E3E-8892-B0DDD9ACFD08@infowarrior.org> Apple sits on critical Mac bug for 7 months (and counting) Unix flaw fixed in OpenBSD, not OS X By Dan Goodin in San Francisco ? Get more from this author Posted in Security, 12th January 2010 00:14 GMT http://www.theregister.co.uk/2010/01/12/critical_osx_security_bug/ Researchers have disclosed a critical vulnerability in the latest version of Mac OS X that they say Apple has sat on for almost seven months without fixing. The buffer overflow flaw could be exploited by attackers to remotely execute malicious code, and virtually all Apple devices - including Mac computers and servers, iPhones, and even Apple TV - are susceptible, one of the researchers, Maksymilian Arciemowicz, told The Register. SecurityReason.com, the Poland-based security firm he works for, alerted Apple to the vulnerability in the middle of June and again last month, but the computer maker has yet to patch the bug. By contrast, developers for OpenBSD, NetBSD, FreeBSD, and a variety of Mozilla applications have fixed identical vulnerabilities, in some cases within hours of notification. The bug affects all applications and operating systems that implement gdtoa floating point numbers. "It was not that difficult to patch it," Arciemowicz wrote in an email. "It seems to us that Apple comes from the assumption that when there is no PoC or exploit given that the problem doesn't exist." The OS X bug resides in the libc/strtod(3) and libc/gdtoa function. Arciemowicz said the vulnerability could be remotely exploited using booby-trapped PHP code on a website, among other methods. SecurityReason has posted proof-of-concept code here that shows how the flaw can be exploited to make a machine crash. With additional work - specifically, by manipulating esi and edi registers - it is possible to remotely execute code, Arciemowicz said. Of the 16 applications or systems known to be affected by the bug, only four remain vulnerable. In addition to OS X, they include Mozilla Sunbird, K-Meleon, and the J programming language. ? From rforno at infowarrior.org Tue Jan 12 03:47:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jan 2010 22:47:33 -0500 Subject: [Infowarrior] - The Healing Powers of Facebook Message-ID: <83ABA492-AC9F-4215-88FD-83FACEC8593D@infowarrior.org> The Psychology of the Self and the Public Realm The Healing Powers of Facebook By MIKITA BROTTMAN http://www.counterpunch.org/brottman01112010.html Not long ago, the web was abuzz with the saga of Nathalie Blanchard, a 29-year-old Canadian woman suffering from depression whose benefits were withdrawn when pictures appeared on Facebook showing her ?having fun.? There are many reasons why this story is disturbing?it is scary to think that insurance companies employ representatives to patrol Facebook, for one thing?but perhaps most troublesome is the idea that anyone would believe there to be a direct correlation between a person?s Facebook profile and their inner life. The people I know who spend the most time on Facebook are introverts, who would prefer to leave a message on someone?s ?wall? than risk an encounter in the flesh. Most truly outgoing people, in my experience, are much too busy with work, friends and kids to spend hours sitting around downloading pictures, filling out quizzes and fiddling with apps. In this sense, Facebook is a substitution for a busy social life, not a reflection of it. More often than not, uploading pictures to your profile may be a form of compensation?a way of assuring others (and yourself) that you do, in fact, have friends, with whom you sometimes appear to ?have fun.? In this respect, Nathalie Blanchard?s ?happy? pictures would be a confirmation of her depression, rather than a refutation of it. In this sense, I would argue that Facebook is, socially speaking, highly conservative, in that it encourages the establishment of a stable, orthodox ?public self?. According to Facebook, if you are not ?single,? ?married? or ?in a relationship?, then your only other option is the coy phrase, ?it?s complicated? (and if you change your status to ?single,? the announcement is accompanied by a tacky broken heart). You can be interested in ?friendship,? ?dating,? ?a relationship? or ?networking,? but that?s it?no voyeurism, flings, wife-swapping or morbid curiosity. We are inundated with warnings not to include anything ?remotely inappropriate? in our profiles. Organizations that permit the use of Facebook generally do so with the caveat that you should not post anything you wouldn't want your grandmother, boss or shareholders to see (the family camping trip is fine, but the spree in Vegas is verboten). Most recently, on December 10, the Florida Judicial Ethics Advisory Committee ruled that the state?s judges and lawyers may no longer be Facebook friends, as it ?creates the impression of a conflict of interest.? And creating impressions, of course, is what Facebook is all about. In many ways, the Facebook profile is a return to the Victorian portrait photograph, which was a way for the middle classes to present a version of themselves suitable to the public sphere. Popular until the 1920s among ladies and gents of a certain class, these daguerreotypes were a way of presenting a stage-managed version of themselves as they hoped to be seen (and measured) by others. In other words, their function was just as consciously performative and voyeuristic as the Facebook profile. Subjects would often be photographed wearing a very special item of clothing that they considered represented their essence ?a characteristic fancy hat, for example, or an oriental parasol. The austere clothing, erect backs and humorless expressions of the Victorians may no longer be in fashion, but we still like to see ourselves through other people?s eyes, cuddling our children or pets, showing off a favorite dress or indicative piece of furniture. The keen fisherman will inevitably represent himself with rod and tackle; the pro surfer will stand by the ocean with her board, and the proud gardener will stand among his prize-winning dahlias. Who we are, on Facebook, seems indistinguishable from what we do. Or, at least, what we want to be seen doing. The fact is, we all ?do? countless things, from brushing our teeth and using the toilet to driving, eating and doing our laundry, activities rarely seen in profile pictures. People who spend a lot of time on Facebook may, in fact, devote most of their waking hours to sitting in front of their laptops, but very few people depict themselves this way. Similarly, we each play a number of roles?we are almost all consumers, employees, clients and subjects, for example, but how many of us define ourselves this way on Facebook? Instead, naturally perhaps, we see ourselves in relation to other human beings?our families and friends. Yet as we all know, the Facebook persona is a public facade. However long may be our list of Facebook ?friends?, most of us?according to statistics?are close to our partner (if we have one) and one or two best friends, just as we?ve always been. Still, we all like to maintain the illusion of popularity, so why not advertise the number of people we know, however remotely? In the same way, we are not always happy; we may actually be depressed most of the time, and yet, like Nathalie Blanchard and everyone else, we prefer to display photographs in which we appear to be ?having fun.? It is too easy, then, to criticize Facebook for the false promises of intimacy it holds out, a charge that has now become commonplace. Critic William Deresiewicz, in an essay published recently in the Chronicle of Higher Education, complains: ?The new group friendship, already vitiated itself, is cannibalizing our individual friendships as the boundaries between the two blur.? The most disturbing thing about Facebook, according to Deresiewicz, is ?the extent to which people are willing?are eager?to conduct their private lives in public.? This is the same over-reaching that leads people to believe that, through its infiltration of our homes and its tracing of our personal habits, the Internet has robbed us of our privacy in unprecedented ways, a delusion which evaporates with the briefest glimpse backwards in time. As the author Jonathan Franzen points out, as recently as the early years of the 20th century, the average westerner lived in small town conditions of almost constant surveillance. Not only was every purchase, every appearance, every activity noticed, but it was noticed by people who knew you, and who also knew your parents, spouse, siblings, and children. ?Compared to this,? claims Franzen, ?our lives now are super anonymous, and we live with a striking degree of anonymity. In some ways, in fact, the Internet is the triumph of privacy?. The Internet makes easier than ever, today?and more tempting?to live a very private life. By conducting all major transactions online, we can avoid face-to-face contact with shopkeepers, bank tellers, bureaucrats, service providers and other contingent samples of humanity, including?if we so wish?neighbors, colleagues, lovers, family members, and, yes, even friends. Yet however carefully we may have chosen the lives we now lead, it becomes difficult, as we get older, not to be seduced by the memories of a time when we were less private, and our lives less carefully mediated. It is no surprise that, in middle age (and those over 35 are the fastest growing demographic of Facebook users), many of us develop an obsession with maintaining contact with high school friends and childhood sweethearts. The further distant from them we grow, the more sentimental we tend to feel about our childhood and adolescent years and about our younger peers, even if they were no more than casual acquaintances at the time. This is a natural development; it may also be a response to the way our present-day companions lose their gloss compared to mysterious lost loves of the past. It may also be an attempt to re-connect with images or signifiers of lost years that were ?missed? at the time, due to emotional dissociation or psychological maladjustment. This theme-- the unlived life of the past which still haunts, beckoningly--is the subject of Henry James?s ghost story The Jolly Corner, published in 1908, whose protagonist, Spencer Brydon, returns to his childhood home after more than thirty years abroad. Brydon begins to believe that his alter ego?the ghost of the man he might have been, had he not left at 23 for a life abroad?is haunting the "jolly corner," his nickname for the old family house. His early years become a ?morbid obsession? for Brydon. ?He found all things come back to the question of what he personally might have been, how he might have led his life and ?turned out,? if he had not so, at the outset, given it up.? His speculations are, as he admits, a result of the habit of ?vain egoism,? of ?too selfishly thinking,? the same curiosity?natural and perhaps universal?that fuels the popularity of Facebook, which is certainly founded on narcissism. Rather than accepting this as a pejorative clich?, however, we should stop a moment to recall that a reasonable amount of healthy narcissism is necessary in functioning adults, because it allows us to balance our own needs with those of others. Narcissus learned to see himself as an object of desire only when others, who fell in love with him, had taught him to do so. Like the self-love of Narcissus, the lives we show each other on Facebook are artfully constructed illusions, masquerades of the way we really live. We all know, privately, that we are often unhappy, that all relationships are difficult, that parties can be boring and marriages moribund. Maintaining a public self is one way to redeem our dignity, to keep up the illusion of faith, if not for our own sake, then for the sake of others. In this sense, Facebook returns the psychology of the self to the public realm, away from lonely solipsism and existential angst (I?ll keep the mask over my face, if you keep the mask over yours). In brief, it reinforces the relationship between friendship and good citizenship, reminding us that we are not alone in our lies. Mikita Brottman is a psychoanalyst and chair of the program in humanities & depth psychology at Pacifica Graduate Institute. She can be reached at mbrottman at pacifica.edu From rforno at infowarrior.org Tue Jan 12 15:14:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jan 2010 10:14:07 -0500 Subject: [Infowarrior] - US Matrix-style cyberwar firing range goes to Phase II Message-ID: <35AC1E9E-69D2-42FF-B2D2-AAF16B90D368@infowarrior.org> US Matrix-style cyberwar firing range goes to Phase II Duplicate internet for gov war-malware trials By Lewis Page ? Get more from this author Posted in Government, 12th January 2010 12:54 GMT http://www.theregister.co.uk/2010/01/12/cyber_range_phase_ii/ US plans to develop a virtual network world - to be populated by mirror computers and inhabited by myriad software sim-people "replicants", and used as a firing range in which to develop the art of cyber warfare - have moved ahead. The so-called "National Cyber Range" project will now move forward to Phase II, and a brace of hefty contracts for this were inked yesterday. US killware goliath Lockheed scoops $30.8m and another $24.8m goes to the Johns Hopkins University Applied Physics Laboratory. According to Pentagon officials in charge of the Cyber Range programme, Lockheed and Johns Hopkins boffins will "build on the preliminary design created in Phase I, culminating in the completion of a working prototype that demonstrates the capabilities of the National Cyber Range (NCR)... it is anticipated that the NCR will enable a revolution in the Nation's ability to conduct cyber operations". Previously it has been specified that the Range is to be able to simulate a cyber world on the same scale as the entire internet or the US military Global Information Grid. The Range's unprecedented tech is to be able to create simulated computers, nodes and other network entities of any type - if necessary duplicating a never-before-seen piece of kit "rapidly". Even more resemblance to a Matrix-esque artificial world is to be achieved with the provision in the Range of "replicants" representing human users, sysadmins and so forth, who will show fear and stress just as real humans do - reacting and changing their behaviour as the frightful code pestilences, mutating malware plagues and other cybergeddon phenomena to be tested in the Range sweep through their universe. Among the hapless replicant bystanders will move the very cream of America's combat geeks, armed with "technology thrusts [and] classified cyber programs". Against them will manoeuvre the shadowy OpFor (or Opposing Forces) similarly packing weapons-grade, "nation state quality" warez of the most potent sort. The Range project is at present under the aegis of DARPA, as one might expect: the maverick Pentagon tech bureau is really the only one you'd expect to be in charge of a project to create an entire accurately duplicated internet and simulated IT-using human race purely for the purposes of unleashing cybergeddon upon it. However if the kit moves forward in the way it is expected to, one might expect the new wave of US military cyber forces to spend much time testing their weapons and polishing their skills within the Range. Security operatives of the 688th Information Operations Wing, for instance, might earn their wings sparring there with the crack hackers of the offensively-oriented 67th Network Warfare Wing in exercises before going out into the real internet to do battle against America's unseen online adversaries. Blighty, for its part, is to get a cyber range of its own near Portsmouth courtesy of BT and US defence firm Northrop Grumman. ? From rforno at infowarrior.org Tue Jan 12 15:15:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jan 2010 10:15:39 -0500 Subject: [Infowarrior] - Verizon to double ETFs on FiOS TV Message-ID: <926DFEEC-0B23-4728-B5A4-AC37FCC3A533@infowarrior.org> Verizon to double ETFs on FiOS TV contracts By Ben Drawbaugh posted Jan 12th 2010 2:40AM http://www.engadget.com/2010/01/12/verizon-to-double-etfs-on-fios-tv-contracts/ You might think that if only Verizon's FiOS service was available in your area, then life would be nearly perfect. And although FiOS offers some of the fatest internet in the US as well as some of the highest quality HD and a fantastic selection, it isn't all rosy over there. In fact the service has been riddled with billing issues since its launch in 2005 and in order to take advantage of some of the great promotional offers, you're forced to sign a two year contract. Up until January 16th 2010, that ETF has been $179, and according to DSL Reports on the 17th, that fee is set to go up to $360. That's not it though, as Verizon is expected to raise the price of services another $10 or $20 a month. You can of course avoid this by not signing a contract and going month to month, but of course this'll only work out saving you money if you end up canceling, and really if you had fiber to your home do you really think you'd cancel? Us either. Regardless, if you were thinking of switching to FiOS or taking advantage of a new promotion, we wouldn't waste any time getting it before the terms change next week. And as always be sure to read the fine print before signing anything. From rforno at infowarrior.org Tue Jan 12 15:19:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jan 2010 10:19:08 -0500 Subject: [Infowarrior] - Google double-dipping on Nexus One cancel fees? Message-ID: Google double-dipping on Nexus One cancel fees? updated 08:15 am EST, Tue January 12, 2010 Carrier subsidized Nexus One has two ETFs http://www.electronista.com/articles/10/01/12/carrier.subsidized.nexus.one.has.two.etfs/ Google is making buyers of the subsidized Nexus One pay twice if they cancel early, according to the company's own Terms of Sale. The search company charges an "Equipment Recovery Fee" of $350 for the smartphone if they cancel their service before 120 days have passed. It explicitly warns that the fee is above and beyond whatever T-Mobile might charge and could result in customers effectively buying the Nexus One twice if they leave. The terms justify the secondary charges as compensating for "liquidated damages" to Google when the phone hasn't been in use long enough to recover costs. However, T-Mobile's own Early Termination Fee is intended to cover those losses and again clouds the issue. Google hasn't responded to the concerns as of this writing. Unlocked Nexus Ones aren't affected by the pricing system. The secondary fee is a blow to Google's attempts to position the Nexus One as a new business model, where the company branding the phone, not the carrier, is responsible for sales and support. Others also sell phones directly but either leave all cancellation fees to the carrier, such as with Apple's iPhone, or else are like Nokia and limit the majority of their own sales to full-price, unlocked devices. [via Phandroid] From rforno at infowarrior.org Tue Jan 12 15:20:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jan 2010 10:20:07 -0500 Subject: [Infowarrior] - Stop-and-search use ruled illegal Message-ID: Stop-and-search use ruled illegal Police powers to use terror laws to stop and search people without grounds for suspicion are illegal, the European Court of Human Rights has ruled. The Strasbourg court has been hearing a case involving two people stopped near an arms fair in London in 2003. It said that Kevin Gillan and Pennie Quinton's right to respect for a private and family life was violated. Home Office Minister David Hanson MP said he was "disappointed" and would considering whether to appeal. Section 44 of the Terrorism Act 2000 allows the home secretary to authorise police to make random searches in certain circumstances. But the European Court of Human Rights said the pair's rights under Article 8 of the European Convention on Human Rights had been violated. The court said the stop and search powers were "not sufficiently circumscribed" and there were not "adequate legal safeguards against abuse". It also concluded that "the risks of the discriminatory use of the powers" were "a very real consideration". The pair were awarded 33,850 euros (?30,400) to cover legal costs. They were both stopped outside the Defence Systems and Equipment International exhibition at the Excel Centre in London Docklands in 2003, where there had already been protests and demonstrations. Mr Gillan, 32, from London, was detained by police for about 20 minutes as he was cycling to join the demonstration. Ms Quinton, 39, a journalist from London, was in the area to film the protests. She said she felt she was detained for about 30 minutes, although police records said it was five minutes. Speaking to BBC Radio 4's The World At One, Ms Quinton said she hoped the ruling would lead to the government drawing up a "fairer body of legislation to protect us". She said: "The court hasn't said that there's no longer any scope for stops and searches, but that safeguards need to be in place to prevent misuse of these powers, because right now if somebody is stopped and searched, they have got no redress if they feel they were mistreated during the stop and search process. "It's not about saying that there's no need for stop and search. What we're really saying is people have a right to privacy and there needs to be a balance between police powers to ensure our safety but also our rights to a private life." ? Parliamentarians must finally sort out this mess ? Corinna Ferguson Liberty Mr Gillan said: "It's fantastic news after a long struggle. I look to the government for a strong response." Both were represented by Corinna Ferguson, legal officer for Liberty, who said the pressure group had "consistently warned" the government about the "dangers" of the powers. Ms Ferguson added: "The public, police and Court of Human Rights all share our concerns for privacy, protest, race equality and community solidarity that come with this sloppy law. "In the coming weeks, parliamentarians must finally sort out this mess." But Mr Hanson, the policing and security minister, said he was disappointed at the decision given that the government had won all previous challenges in the UK courts. He said: "Stop and search under section 44 of the Terrorism Act 2000 is an important tool in a package of measures in the ongoing fight against terrorism." 'Balancing exercise' Lord Carlile, the government's independent reviewer of anti-terrorist legislation, told the World At One that the implications of the ruling were potentially "quite serious" and may require a change in the law. He added: "In my view, section 44 is being used far too often on a random basis without any reasoning behind its use. "The fundamental point that the court is making is that it increases the possibility of random interference with the legitimate liberties of the citizen. "On the other hand, we have to be safe against terrorism. There is therefore a very difficult balancing exercise to be done and I'm sure Section 44 will come under intelligent scrutiny in the coming months." The decision overturned a 2003 High Court ruling - subsequently upheld by the Court of Appeal and the House of Lords - that the use of stop and search, and any consequent violation of human rights, was proportionate under the European Convention on Human Rights and justified in the light of the threat of terrorism. The Section 44 search powers have proved controversial, and in May last year the Metropolitan Police in London said they would be scaled back. The force had faced criticism that such searches had been alienating people from ethnic minorities in the capital. Its commissioner, Sir Paul Stephenson, said the powers should be restricted to "iconic" sites, including Parliament and Buckingham Palace. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/uk_news/8453878.stm Published: 2010/01/12 14:39:46 GMT ? BBC MMX From rforno at infowarrior.org Tue Jan 12 18:56:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jan 2010 13:56:42 -0500 Subject: [Infowarrior] - Goldman caught front-running Message-ID: <4336C67B-B47D-40E7-B920-739B539DFC5A@infowarrior.org> (Yet another reason why analysis/calls/'recommendations' from brokers should be avoided for serious trading. If you want to read 'analysis' from brokers - which is always helpful food for thought - ask to see their advice to "institutional" investors instead....and don't be surprised if they are telling institutions to sell something while telling retail investors to buy the same thing. For more info, check out McClellan's "Full of Bull" from Amazon. -rick) Goldman Acknowledges Conflicts With Clients January 12, 2010, 11:30 am http://dealbook.blogs.nytimes.com/2010/01/12/goldman-executive-discloses-conflicts-policy/? A senior Goldman Sachs executive sent an e-mail message to clients on Tuesday disclosing that the firm?s Fundamental Strategies Group might have shared investment ideas with the firm?s proprietary trading group or some clients before sharing them with others. The e-mail message, obtained by DealBook, demonstrates the various conflicts that Goldman and other firms face in balancing the interests of its various clients and its own trading operation. (Read it after the jump.) ?We may trade, and may have existing positions, based on trading ideas before we have discussed those trading ideas with you,? Thomas Mazarakis, head of Goldman?s Fundamental Strategies Group, wrote. The message was meant to clarify the firm?s conflict-of-interest policy. Goldman and other firms have come under criticism for trading ahead of, or at odds, with its own clients. In one such situation, raised in my column on Tuesday, Goldman created and sold bundles of mortgages known as collateralized debt obligations while at the same time selling them short. Lucas Van Praag, a Goldman spokesman, declined to comment. < - > http://dealbook.blogs.nytimes.com/2010/01/12/goldman-executive-discloses-conflicts-policy/ From rforno at infowarrior.org Tue Jan 12 19:33:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jan 2010 14:33:22 -0500 Subject: [Infowarrior] - PBS Show: Copyright Criminals Message-ID: <215A987B-0AA7-4510-8F77-9C451C809A0B@infowarrior.org> January 19 at 10 PM http://www.pbs.org/independentlens/guide.html COPYRIGHT CRIMINALS by Benjamin Franzen and Kembrew McLeod Can you own a sound? As hip-hop rose from the streets of New York to become a multibillion-dollar industry, artists such as Public Enemy and De La Soul began reusing parts of previously recorded music for their songs. But when record company lawyers got involved everything changed. Years before people started downloading and remixing music, hip-hop sampling sparked a debate about copyright, creativity and technological change that still rages today. http://www.pbs.org/independentlens/guide.html From rforno at infowarrior.org Wed Jan 13 01:57:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jan 2010 20:57:10 -0500 Subject: [Infowarrior] - Google to Stop Censoring China Results, May Shut Site Message-ID: Google to Stop Censoring China Results, May Shut Site (Update2) Share Business ExchangeTwitterFacebook| Email | Print | AAA By Brian Womack and Ari Levy http://www.bloomberg.com/apps/news?pid=20601087&sid=aAWT7M2BVSks&pos=1# Jan. 12 (Bloomberg) -- Google Inc., owner of the world?s most popular Internet search engine, plans to stop censoring results on its Chinese site, Google.cn, a move that may lead to shutting down the service. The company said it will discuss the plan with Chinese authorities and is willing to close the site, according to a blog post today. Google also said it has evidence that an attack on its China Web site was aimed at accessing Gmail accounts of Chinese human-rights activists. ?Over the next few weeks, we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all,? the Mountain View, California-based company said. ?We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.? Google has clashed with authorities since it started a censored version of its site four years ago in China, which leads the world in Internet users. The company said today that attacks on its site and surveillance of users prompted it to review its business operations in the country. The move signals that Google is hewing closer to its ?Don?t be evil? motto, said Heath Terry, an analyst at FBR Capital Markets. ?This is their way of opening up this important conversation,? said Terry, who is in New York. ?This is their way of starting to move the conversation forward.? Google is still a ?long way away from getting out of China,? Terry said. The company can threaten to leave the country because China accounts for such a small piece of Google?s sales, he said. Baidu Gains Google?s president of its Chinese operations, Kai-Fu Lee, stepped down in September. The country?s online search market is dominated by Chinese company Baidu Inc. Google fell $10.48, or 1.8 percent, to $580 in extended trading after closing at $590.48 on the Nasdaq Stock Market. The shares have dropped 4.8 percent this year. Baidu?s American Depository Receipts added $13.51, or 3.5 percent, to $400 in extended trading. In investigating the attack on its own site, Google said it discovered that at least 20 other large companies in industries such as finance, technology, media and chemicals had been similarly targeted. Google said it is in the process of notifying those companies and working with the ?relevant U.S. authorities.? Gmail Accounts Dozens of accounts of Gmail users, who are advocates of human rights in the U.S., China and Europe, were accessed, most likely through ?phishing scams or malware placed on the users? computers,? Google said. Only two of those accounts appear to have been accessed and the information gathered was limited to account information, such as the date created and the subject line, not the content of the e-mails, Google said. In June, Google suspended its ?suggest? search prompt feature on its Chinese site after the local-language service was criticized by the government for providing links to pornographic material. China adopted ?punitive measures? against the company?s international site, Foreign Ministry spokesman Qin Gang said on June 25, and the service became inaccessible to Chinese Web users for hours. China has more Internet users than the total population of the U.S., according to the China Internet Network Information Center, a government-backed agency that licenses online domain names. To contact the reporter on this story: Brian Womack in San Francisco at Bwomack1 at bloomberg.net; Last Updated: January 12, 2010 18:47 EST From rforno at infowarrior.org Wed Jan 13 03:05:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jan 2010 22:05:13 -0500 Subject: [Infowarrior] - Documents Send Mixed Signal on Airport Scanners Message-ID: <1DB807BE-AD7E-48B2-8DBA-B9777197455A@infowarrior.org> Documents Send Mixed Signal on Airport Scanners By MATTHEW L. WALD Published: January 12, 2010 http://www.nytimes.com/2010/01/13/us/13scanners.html?hp WASHINGTON ? The Transportation Security Administration has promised not to store or transmit nude images of airline passengers made by whole-body scanners, but when it asked manufacturers to submit bids for such machines, it required that the scanners have exactly those capabilities, according to agency documents obtained in a lawsuit. The bid specifications, obtained by the Electronic Privacy Information Center, also show that companies wanting to sell such machines to the government were required to equip them with ?10 selectable levels of privacy,? although the document, which was partly censored before its release, does not specify what those are. Some of the machines provide blurring, or the electronic equivalent of a G-string over the genitals. The government required that the machines have a testing mode that would allow the ?exporting of image data? and provide ?a secure means for high-speed transfer of image data,? according to the documents. The images to be stored and transmitted are supposed to be of test subjects, not passengers, for training purposes. The agency has said that images of passengers will not be transmitted or stored. The documents make clear that as the images are made, they will be sent to a display screen in a remote room to an operator who cannot see the actual passenger, and that the operator will delete the image after examining it. The machines are supposed to provide ?image filters to protect the identity, modesty and privacy of the passenger,? the companies were told, but the filters have to be modifiable by users with higher-level passwords. The documents were initially marked as ?security sensitive information,? which is a level of secrecy lower than ?classified.? Two T.S.A. officials, speaking on the condition that they not be identified by name, said that the scanners are delivered with the ability to store and transmit images, but that these capabilities are disabled by the agency before the machines are installed at an airport and that officers at the airport cannot re-enable them. The operator, who is forbidden to take a camera into the remote room, must clear one image before the next passenger image can be seen, they said. Critics call the machines the digital equivalent of a strip search and say the machines? ability to record images could be abused by operators. ?This is in direct contradiction to multiple assurances, that they could not capture nor would they store these images,? said Representative Jason Chaffetz, Republican of Utah. ?Obviously, they have a capability of doing both, and the intention of doing both.? Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a research center in Washington that supports greater privacy protection, said that in addition to violating the privacy of travelers, the machines might not achieve their intended purpose, because the documents make no mention of one form of explosives: powders. The machines provide a clear image of passengers under their clothes and are meant to find threats that existing metal detectors cannot, like ceramic knives and bomb components. The T.S.A. initially said the machines would be used only for secondary screening ? that is, when screeners had a special reason to believe that a passenger required closer scrutiny ? but the government now plans to have 450 of them by the end of September and use them as a first-line tool. From rforno at infowarrior.org Wed Jan 13 14:29:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jan 2010 09:29:31 -0500 Subject: [Infowarrior] - Google considers leaving China Message-ID: <84FA632A-284D-442C-9F28-B23EBAF8A006@infowarrior.org> A new approach to China 1/12/2010 03:00:00 PM http://googleblog.blogspot.com/2010/01/new-approach-to-china.html Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different. First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities. Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves. Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers. We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this U.S. government report (PDF), Nart Villeneuve's blog and this presentation on the GhostNet spying incident. We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China's economic reform programs and its citizens' entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today. We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China." These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China. The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far- reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today. We are committed to working responsibly to resolve the very difficult issues raised. Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer From rforno at infowarrior.org Wed Jan 13 14:53:47 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jan 2010 09:53:47 -0500 Subject: [Infowarrior] - China faces backlash from 'netizens' if Google leaves Message-ID: <1A09D2BB-C933-48B2-A0F0-6BD146376BC6@infowarrior.org> China faces backlash from 'netizens' if Google leaves By Steven Mufson Washington Post Staff Writer Wednesday, January 13, 2010; 9:08 AM http://www.washingtonpost.com/wp-dyn/content/article/2010/01/13/AR2010011301168_pf.html BEIJING -- Google's threat to shut down its Chinese Web site and offices over cyber-attacks and censorship puts the government here in the awkward position of choosing between its devotion to restricting information and the possible ire of the roughly 80 million Chinese who use the search engine. Few political and Internet analysts doubt that China's government will stick to its tough stance and reject Google's proposal to stop censoring its Web site. But Google's audience of Chinese "netizens," a few of whom placed flowers outside the company's offices here in Beijing, is large enough to make the government's likely stance a touchy one. "This would adversely affect a lot of people, not just the technorati elite that is Western-oriented anyway," said Kaiser Kuo, a Chinese American Internet expert at Ogilvy China. "The government could face a serious backlash this time." On Wednesday, the Google story was the top trending topic on a Twitter- like microblog situated on the Chinese site Sina.com, with about 60,000 people weighing in, before the conversation was taken down. The overwhelming majority of commenters were upset at the prospect of losing Google's China-based service; some lashed out at the government while others begged Google to stay. A smaller but substantial number wished the company good riddance. "This will make the extent of Chinese censorship a lot clearer even to ordinary Chinese people who are not aware of it," said Jeremy Goldkorn, who does the blog and runs an Internet research firm. He also runs a Web site called danwei.org, which has been blocked since July. "Many people think Google should negotiate with the Chinese government," said Zhou Shuguang, a blogger who has done investigative reporting across the country and has used the name Zola. But he said that "the withdrawal from China will wake up more Chinese and make more people discover that China lacks freedom on the Internet and the government has very strong censorship online. There are no benefits to people at all if Google continues to make concessions with Chinese authorities." The government has backed down once before in the past year when faced with outcries on the Internet. It reversed its insistence that the makers of personal computers sold here install Green Dam, a filtering software. But the software, largely copied from a foreign company, was shown to slow down and damage computers. Huge numbers of people, most apolitical, protested online and the government backed down. Another Internet campaign aimed at getting municipal governments to make their budgets more transparent has made some progress. The city of Guangdong made its budget more open, as did a district of Shanghai, though the Shanghai-wide municipal government refused. But businesspeople in Beijing were pessimistic, as were many people at Google itself, about the prospect of a crack in what is known as the Great Firewall of China. "China can't lose face over this, and it's not going to let anybody run an open search engine," said an industry source close to Google. The government has shut down or blocked thousands of Web sites before. Twitter, YouTube and Facebook are all blocked. Just this week, the General Administration of Press and Publication boasted of taking down 136,000 non-registered Web sites and more than 1.5 million pieces of "bad information." It also said that it shut down 15,000 pornographic Web sites. For now, the government has said only that it would seek more information from Google. Just about the only comment in official channels came in the form of a signed opinion article on the People's Daily Web site, a style of editorial that does not carry the well- considered weight of an unsigned editorial, which is usually vetted by top Chinese leaders. The article compared Google to a "spoiled child" and said that even if it stormed out of China, it would be back because of the importance of the Chinese market. Other pro-government comments online said that Google, which lags far behind the Chinese-based search engine known as Baidu, was simply dressing up a business decision in moral clothing. Baidu has about two- thirds of the market. Some independent analysts have estimated a 30 percent or so market share for Google, but well-placed industry sources said the actual number is closer to 20 percent and has never been more than 26 percent. Dan Brody, who set up Google's China office and who now runs an Internet media investment firm here called Koolanoo Group, estimates that Google has about $300 million to $400 million in revenue in China. Brody said that that revenue pales next to the revenue Google earns elsewhere. Moreover, he said, if Google loses even a small percentage of users in Europe or the United States because it is seen as making too many compromises with China's government, then the company could lose much more revenue than it's earning in China. "From a business and moral perspective, user trust in the West is so important to them," Brody said. Another industry source close to Google said on condition of anonymity that although the firm's market share has lagged, "this isn't something being used as a smokescreen." The company has clashed with the Chinese government since it set up google.cn in 2005. Google agreed to remove information that China's leaders might find too sensitive. But Google and the government differed over what should fall into that category. Last summer the company was sharply criticized in state-run media for providing access to "pornography." The industry source said that in addition to well-publicized incidents, Chinese officials were making weekly demands for items to be removed. He said when the cyber attacks were discovered "it was the last straw." If Google closes down its Chinese site, or if the Chinese government closes it down, Chinese users could still try to use the U.S.-based site. But China's government could impede access. Currently, the U.S. site works more slowly and access to many pages is blocked. Where would that leave the Chinese market and China's estimated 370 million Internet users? The closing of Google's China site would boost Baidu and Sina, most industry analysts said, and hurt Google in the long-running rivalry. Despite expensive outreach campaigns at universities and secondary schools, Google has had trouble catching up to the domestic competitors. Analysts say Chinese Internet users favor the crowded, busy sites of Baidu and Sina to the no-nonsense sparseness of Google's homepage. Baidu and Sina also feature bulletin boards and music downloading services that are not available on Google. Moreover, surveys have shown that most Chinese have trouble spelling Google or don't know its Chinese name, guge, which means valley song. There is also a nationalistic component to the other companies' success. A Baidu ad played on those sentiments by portraying a bumbling foreigner at a wedding speaking Mandarin poorly. A character known as Tang Baihu then talks circles around the foreigner, who is dressed awkwardly in Chinese traditional clothing. Google China, which was based in Beijing's high-tech corridor near the main universities, has also suffered from high turnover over the past five years and the company recently was forced to replace a number of its locally hired, Mandarin-speaking staff with managers from its headquarters in California. The head of Google China, Kai-Fu Lee, who was recruited away from Microsoft, quit in September. Ironically, however, the departure of Google is no guarantee of harmony on the Chinese Internet given the vast scope of content on the Web. This week Baidu's site was attacked by hackers who claimed to be from Iran. "This is a lose-lose solution for both Google and China," said Hu Yong, associate professor specializing in online media at the School of Journalism and Communication at Beijing University. "For Google, China is a huge market with very big business potential because China has a large number of netizens," Hu said. "For Chinese netizens, it's a bad result as well. A search engine is very important for the free transportation of information online. And we need competition," he added, otherwise "the number information sources will decrease." Post researchers Zhang Jie and Wang Juan contributed to this report. From rforno at infowarrior.org Wed Jan 13 14:57:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jan 2010 09:57:26 -0500 Subject: [Infowarrior] - Fallows on Google China Message-ID: (Fallows spent 3 years in China and is one of the most well-informed long-form journalists on the region that I know of. -rick) The Google news: China enters its Bush-Cheney era 12 Jan 2010 11:47 pm http://jamesfallows.theatlantic.com/archives/2010/01/first_reactions_on_google_and.php I have not yet been able to reach my friends in China to discuss this story, and for now I am judging the Google response strictly by what the company has posted on its "Official Blog," here, and my observations from dealing with Google-China officials while overseas. Therefore this will epitomize the Web-age reaction to a breaking news story, in that it will be a first imperfect assessment, subject to revision as new facts come in. With that caveat, here is what I think as I hear this news: - It is a significant development. Significant for Google; and while only marginally significant for developments inside China potentially very significant for China's relations with the rest of the world. - The significance for Google is of the "last straw" variety. For years, the company has struggled to maintain the right path in China. Its policy around the world is that it will obey the law of whatever country it operates in. You might object to that -- until you think about it: in a world of sovereign states, how could a company possibly say, "We'll operate within your borders but won't obey your laws?" (Similarly, Google's national sites in certain parts of Europe obey laws banning neo-Nazi sites and other material that would be permissible in the U.S.) Chinese laws require search engine companies and other Internet operators to censor certain material. Searches conducted by Google.CN -- in Chinese language, mainly for users inside China -- have obeyed those Chinese laws. Meanwhile searches on the main Google.COM have been uncensored for material like "Tiananmen Square" or "Dalai Lama." Anyone who could find a way to get to Google.com - about which more in a moment -- could find whatever he or she wanted. Dealing with those requirements has been part of a non-stop set of difficulties for Google in China. More details about this later on. Like most other Western companies, Google has consistently decided to cope with the difficulties and stay in China. Part of the reason was the obvious commercial potential that the Chinese market has for almost any company in any industry. Another part was Google's argument -- which I basically believe -- that the Chinese public was better off with another source of information, even if constrained, than it would be without that option. But, as reported on Google's site, a latest wave of provocations and intrusions was simply too much. - In terms of information flow into China, this decision probably makes no real difference at all. Why? Anybody inside China who really wants to get to Google.com -- or BBC or whatever site may be blocked for the moment -- can still do so easily, by using a proxy server or buying (for under $1 per week) a VPN service. Details here. For the vast majority of Chinese users, it's not worth going to that cost or bother, since so much material is still available in Chinese from authorized sites. That has been the genius, so far, of the Chinese "Great Firewall" censorship system: it allows easy loopholes for anyone who might get really upset, but it effectively keeps most Chinese Internet users away from unauthorized material. - In terms of the next stage of China's emergence as a power and dealings with the United States, this event has the potential to make a great deal of difference -- in a negative way, for China. I think of this as the beginning of China's Bush-Cheney era. To put it in perspective: I have long argued that China's relations with the U.S. are overall positive for both sides (here and here); that the Chinese government is doing more than outsiders think to deal with vexing problems like the environment (here); and more generally that China is a still-poor, highly-diverse and individualistic country whose development need not "threaten" anyone else and should be encouraged. I still believe all of that. But there are also reasons to think that a difficult and unpleasant stage of China-U.S. and China-world relations lies ahead. This is so on the economic front, as warned about here nearly a year ago with later evidence here. It may prove to be so on the environmental front -- that is what the argument over China's role in Copenhagen is about. It is increasingly so on the political-liberties front, as witness Vaclav Havel's denunciation of the recent 11-year prison sentence for the man who is in many ways his Chinese counterpart, Liu Xiaobo. And if a major U.S. company -- indeed, Google has been ranked the #1 brand in the world -- has concluded that, in effect, it must break diplomatic relations with China because its policies are too repressive and intrusive to make peace with, that is a significant judgment. -- Everything in the paragraph above has the similarity of being based directly or indirectly on recent Chinese government decisions. The government could decide (and probably will) to allow the value of the RMB to float again. The government could decide to throw its weight behind an effective climate agreement -- we'll know by January 31 about its post-Copenhagen proposals. The government could have decided not to prosecute Liu Xiaobo. And -- the indirect part -- presumably it could have worked with Google to address the complaints alleged in the Google statement. In a strange and striking way there is an inversion of recent Chinese and U.S. roles. In the switch from George W. Bush to Barack Obama, the U.S. went from a president much of the world saw as deliberately antagonizing them to a president whose Nobel Prize reflected (perhaps desperate) gratitude at his efforts at conciliation. China, by contrast, seems to be entering its Bush-Cheney era. For Chinese readers, let me emphasize again my argument that China is not a "threat" and that its development is good news for mankind. But its government is on a path at the moment that courts resistance around the world. To me, that is what Google's decision signifies. From rforno at infowarrior.org Wed Jan 13 18:44:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jan 2010 13:44:50 -0500 Subject: [Infowarrior] - What Happens When They Change Targets? Message-ID: Total Security Does Not Exist What Happens When They Change Targets? http://www.counterpunch.org/forno01132010.html By RICHARD FORNO The failed in-flight bombing of a US airliner on Christmas Day 2009 is a reminder that terrorism is still with us. And, just as with the failed in-flight bombing of a US airliner by Richard Reid in 2001, once the 2009 event was foiled, a wave of 'enhanced' aviation security measures were announced to protect the traveling public. These measures ranged from preventing passengers from using pillows during the final hour of the flight and locking lavatories to preventing flight crews from making cabin announcements of geographic points of interest along the flight route. In other words, the response ranged from the sublime to the ridiculous. Thankfully, some of the more idiotic 'enhancements' were softened once it became obvious that both passengers and aircrews believed such lunacy did not 'enhance' anything but their discomfort and confusion while aloft. We know how little it takes to spook the public and lawmakers about aircraft and airport security, even in cases when the vulnerability in question has been remedied. Yet after the Christmas 2009 bombing attempt, pundits and fear-inspiring Congressmen still discuss how easy it would be to commandeer an aircraft in-flight despite reinforced cockpit doors, passengers willing to fight back, and in some cases as a last resort, armed pilots. There is no limit to the real or perceived what-ifs that can drive homeland security policy decisions, it seems. Our adversaries -- be they al-Qaeda or others -- realize this. As such, my question is: Despite the high-profile attraction of passenger aviation, what happens when they change their target? After 9/11, I gave a briefing describing several terrorism scenarios in the United States and the possible outcomes. These examples ranged from 'traditional' ideas like chemical plant attacks and schoolyard shootings to more sinister and subdued schemes. The latter category included synchronized pipe bombs going off in mall garbage cans on the Friday after Thanksgiving, introducing small bombs into commercial office buildings or city busses concealed in consumer electronics and laptops, planting small bombs around key roadway intersections, bridges, or interchanges (think present-day Iraq), and other 'doable' (i.e., simple) possibilities. In each case, I emphasized that wide-scale damage or death was not required to cause significant damage to the American economy and national psyche, and that even failed attacks would yield tangible results for our adversaries by forcing us to spend vast sums to counter those threats and change significantly our mindsets and daily routines. The failed and foiled Christmas 2009 bombing attempt reminds us of this fact. But given the erratic and schizophrenic security responses to terrorism involving aircraft since 9/11, what will be our national response when our adversaries shift their focus towards other non- aviation targets? Here, I refer to things closer to our homes and families, such as schools, movie theaters, and shopping malls. My primary concern is not just the adverse significant impact on the economy or sense of public well-being resulting from such hypothetical events, but the national reaction to these events and their impact on American society and psyche. I worry that such responses will be inconsistent, overly aggressive, and rooted in a fearful, risk-adverse philosophy ... which in turn facilitates and sustains a fearful and risk-adverse society. Such is what Ron Suskind refers to as the 'One Percent Doctrine', or how the previous Administration viewed threats: specifically, that if a threat is believed only to have a one percent chance of occurring, countermeasures to that threat must be enacted as if the threat had a one-hundred percent chance of occurring. Unfortunately, when an adversary can devise new tactics quickly, that's a lot of One Percents requiring defense, even if the actual chances of them occurring are infinitely remote. And that's what is happening now at our airports and on our aircraft. It's both time- consuming and costly, too For aircraft, first it was guns and grenades, then knives, mace, and box-cutters. Then it was liquid explosives in shoes and crotches. Thus we pass through metal detectors and have restrictions on carry-on liquids and gels, shoes being removed and scanned, and now, calls for full-body scanners to detect crotch-bombs. One only wonders what the security 'enhancements' will be for our schools, movie theaters, and shopping malls if they become terror's next target within the American homeland. How will our lives be disrupted then in the name of security? In the security world, we accept risk and realize that Total Security does not exist nor is achievable. However, while Washington politicians might agree with this sentiment in their media interviews (and some have made such statements, ironically) the efforts of the homeland security industrial complex supported by these politicians, is the exact opposite. Thus, again we witness the 'One Percent Doctrine' being used to promote new, 'enhanced' measures that suggest Total Security indeed is doable. It is not -- but for some, it certainly will be profitable. Such is the nature of politicians' logic during times of crisis: something must be done: this is something, so therefore we must do it. Sadly, America must accept a certain amount of risk in its daily life, and recognize the reality that our adversaries can, and will, change tactics and targets to accomplish their nefarious tasks of sowing terror. Certainly, we can, and should, raise the bar where possible and prudent, but not in a knee-jerk manner based on fear rather than objective risk analysis and management. We cannot afford, socially or economically, to let every single failed incident serve as a 'wake up call' that leads to further inconveniencing of the law-abiding citizenry under the rubric of 'enhanced' security. Therefore, the question remains: What Happens When They Change Targets? Richard Forno can be reached through his website: www.infowarrior.org From rforno at infowarrior.org Wed Jan 13 19:23:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jan 2010 14:23:38 -0500 Subject: [Infowarrior] - DOD Guide to Nongovernmental Relief Organization Message-ID: <29ED7726-3BB6-4BF0-86E6-CB745CAEEB9B@infowarrior.org> A Military Guide to Nongovernmental Relief Organizations January 13th, 2010 by Steven Aftergood In an effort to promote cooperation with non-governmental organizations (NGOs) engaged in humanitarian relief operations and to enhance its own emergency response capabilities, the Department of Defense has published a newly updated ?Guide to Nongovernmental Organizations for the Military?. http://www.fas.org/irp/doddir/dod/ngo-guide.pdf From rforno at infowarrior.org Wed Jan 13 21:33:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jan 2010 16:33:36 -0500 Subject: [Infowarrior] - Boston police fight cellphone recordings Message-ID: <02EDE798-D5A4-4967-A1A4-12D89E38810B@infowarrior.org> Police fight cellphone recordings Witnesses taking audio of officers arrested, charged with illegal surveillance By Daniel Rowinski, New England Center For Investigative Reporting | January 12, 2010 http://www.boston.com/news/local/massachusetts/articles/2010/01/12/police_fight_cellphone_recordings Simon Glik, a lawyer, was walking down Tremont Street in Boston when he saw three police officers struggling to extract a plastic bag from a teenager?s mouth. Thinking their force seemed excessive for a drug arrest, Glik pulled out his cellphone and began recording. Within minutes, Glik said, he was in handcuffs. ?One of the officers asked me whether my phone had audio recording capabilities,?? Glik, 33, said recently of the incident, which took place in October 2007. Glik acknowledged that it did, and then, he said, ?my phone was seized, and I was arrested.?? The charge? Illegal electronic surveillance. Jon Surmacz, 34, experienced a similar situation. Thinking that Boston police officers were unnecessarily rough while breaking up a holiday party in Brighton he was attending in December 2008, he took out his cellphone and began recording. Police confronted Surmacz, a webmaster at Boston University. He was arrested and, like Glik, charged with illegal surveillance. There are no hard statistics for video recording arrests. But the experiences of Surmacz and Glik highlight what civil libertarians call a troubling misuse of the state?s wiretapping law to stifle the kind of street-level oversight that cellphone and video technology make possible. ?The police apparently do not want witnesses to what they do in public,?? said Sarah Wunsch, a staff attorney with the American Civil Liberties Union of Massachusetts, who helped to get the criminal charges against Surmacz dismissed. Boston police spokeswoman Elaine Driscoll rejected the notion that police are abusing the law to block citizen oversight, saying the department trains officers about the wiretap law. ?If an individual is inappropriately interfering with an arrest that could cause harm to an officer or another individual, an officer?s primary responsibility is to ensure the safety of the situation,?? she said. In 1968, Massachusetts became a ?two-party?? consent state, one of 12 currently in the country. Two-party consent means that all parties to a conversation must agree to be recorded on a telephone or other audio device; otherwise, the recording of conversation is illegal. The law, intended to protect the privacy rights of individuals, appears to have been triggered by a series of high-profile cases involving private detectives who were recording people without their consent. In arresting people such as Glik and Surmacz, police are saying that they have not consented to being recorded, that their privacy rights have therefore been violated, and that the citizen action was criminal. ?The statute has been misconstrued by Boston police,?? said June Jensen, the lawyer who represented Glik and succeeded in getting his charges dismissed. The law, she said, does not prohibit public recording of anyone. ?You could go to the Boston Common and snap pictures and record if you want; you can do that.?? Ever since the police beating of Rodney King in Los Angeles in 1991 was videotaped, and with the advent of media-sharing websites like Facebook and YouTube, the practice of openly recording police activity has become commonplace. But in Massachusetts and other states, the arrests of street videographers, whether they use cellphones or other video technology, offers a dramatic illustration of the collision between new technology and policing practices. ?Police are not used to ceding power, and these tools are forcing them to cede power,?? said David Ardia, director of the Citizen Media Law Project at Harvard?s Berkman Center for Internet and Society. Ardia said the proliferation of cellphone and other technology has equipped people to record actions in public. ?As a society, we should be asking ourselves whether we want to make that into a criminal activity,?? he said. In Pennsylvania, another two-party state, individuals using cellphones to record police activities have also ended up in police custody. But one Pennsylvania jurisdiction has reaffirmed individuals? right to videotape in public. Police in Spring City and East Vincent Township agreed to adopt a written policy confirming the legality of videotaping police while on duty. The policy was hammered out as part of a settlement between authorities and ACLU attorneys representing a Spring City man who had been arrested several times last year for following police and taping them. In Massachusetts, Wunsch said Attorney General Martha Coakley and police chiefs should be informing officers not to abuse the law by charging civilians with illegally recording them in public. The cases are the courts? concern, said Coakley spokesman Harry Pierre. ?At this time, this office has not issued any advisory or opinion on this issue.?? Massachusetts has seen several cases in which civilians were charged criminally with violating the state?s electronic surveillance law for recording police, including a case that was reviewed by the Supreme Judicial Court. Michael Hyde, a 31-year-old musician, began secretly recording police after he was stopped in Abington in late 1998 and the encounter turned testy. He then used the recording as the basis for a harassment complaint. The police, in turn, charged Hyde with illegal wiretapping. Focusing on the secret nature of the recording, the SJC upheld the conviction in 2001. ?Secret tape recording by private individuals has been unequivocally banned, and, unless and until the Legislature changes the statute, what was done here cannot be done lawfully,?? the SJC ruled in a 4- to-2 decision. In a sharply worded dissent, Chief Justice Margaret Marshall criticized the majority view of a law that, in effect, punished citizen watchdogs and allowed police officers to conceal possible misconduct behind a ?cloak of privacy.?? ?Citizens have a particularly important role to play when the official conduct at issue is that of the police,?? Marshall wrote. ?Their role cannot be performed if citizens must fear criminal reprisals when they seek to hold government officials responsible by recording, secretly recording on occasion, an interaction between a citizen and a police officer.?? Since that ruling, the outcome of Massachusetts criminal cases involving the recording of police by citizens has turned mainly on this question of secret vs. public recording. Jeffrey Manzelli, 46, a Cambridge sound engineer, was convicted of illegal wiretapping and disorderly conduct for recording MBTA police at an antiwar rally on Boston Common in 2002. Though he said he had openly recorded the officer, his conviction was upheld in 2007 on the grounds that he had made the recording using a microphone hidden in the sleeve of his jacket. Peter Lowney, 39, a political activist from Newton, was convicted of illegal wiretapping in 2007 after Boston University police accused him of hiding a camera in his coat during a protest on Commonwealth Avenue. Charges of illegal wiretapping against documentary filmmaker and citizen journalist Emily Peyton were not prosecuted, however, because she had openly videotaped police arresting an antiwar protester in December 2007 at a Greenfield grocery store plaza, first from the parking lot and then from her car. Likewise with Simon Glik and Jon Surmacz; their cases were eventually dismissed, a key factor being the open way they had used their cellphones. Surmacz said he never thought that using his cellphone to record police in public might be a crime. ?One of the reasons I got my phone out . . . was from going to YouTube where there are dozens of videos of things like this,?? said Surmacz, a webmaster at BU who is also a part-time producer at Boston.com. It took five months for Surmacz, with the ACLU, to get the charges of illegal wiretapping and disorderly conduct dismissed. Surmacz said he would do it again. ?Because I didn?t do anything wrong,?? he said. ?Had I recorded an officer saving someone?s life, I almost guarantee you that they wouldn?t have come up to me and say, ?Hey, you just recorded me saving that person?s life. You?re under arrest.? ?? The New England Center for Investigative Reporting at Boston University is an investigative reporting collaborative. This story was done under the guidance of BU professors Dick Lehr and Mitchell Zuckoff. From rforno at infowarrior.org Thu Jan 14 12:58:40 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jan 2010 07:58:40 -0500 Subject: [Infowarrior] - Meet Mikey, 8: U.S. Has Him on Watch List Message-ID: <8A91C6BF-F06F-4608-ACE9-EB7C087583BB@infowarrior.org> January 14, 2010 Meet Mikey, 8: U.S. Has Him on Watch List By LIZETTE ALVAREZ http://www.nytimes.com/2010/01/14/nyregion/14watchlist.html?hp=&pagewanted=print The Transportation Security Administration, under scrutiny after last month?s bombing attempt, has on its Web site a ?mythbuster? that tries to reassure the public. Myth: The No-Fly list includes an 8-year-old boy. Buster: No 8-year-old is on a T.S.A. watch list. ?Meet Mikey Hicks,? said Najlah Feanny Hicks, introducing her 8-year- old son, a New Jersey Cub Scout and frequent traveler who has seldom boarded a plane without a hassle because he shares the name of a suspicious person. ?It?s not a myth.? Michael Winston Hicks?s mother initially sensed trouble when he was a baby and she could not get a seat for him on their flight to Florida at an airport kiosk; airline officials explained that his name ?was on the list,? she recalled. The first time he was patted down, at Newark Liberty International Airport, Mikey was 2. He cried. After years of long delays and waits for supervisors at every airport ticket counter, this year?s vacation to the Bahamas badly shook up the family. Mikey was frisked on the way there, then more aggressively on the way home. ?Up your arms, down your arms, up your crotch ? someone is patting your 8-year-old down like he?s a criminal,? Mrs. Hicks recounted. ?A terrorist can blow his underwear up and they don?t catch him. But my 8- year-old can?t walk through security without being frisked.? It is true that Mikey is not on the federal government?s ?no-fly? list, which includes about 2,500 people, less than 10 percent of them from the United States. But his name appears to be among some 13,500 on the larger ?selectee? list, which sets off a high level of security screening. At some point, someone named Michael Hicks made the Department of Homeland Security suspicious, and little Mikey is still paying the price. (His father, also named Michael Hicks, was stopped for the first time on the Bahamas trip.) Both lists are maintained by the Terrorist Screening Center, which includes the Federal Bureau of Investigation. They are given to the Transportation Security Administration, which in turn sends them to the airlines. A spokesman for the T.S.A., James Fotenos, said that as a rule, ?there are no children on the no-fly or selectee lists,? but would not comment on Mikey?s situation specifically. For every person on the lists, hundreds of others may get caught up simply because they share the same name; a quick scan through a national phone directory unearthed 1,600 Michael Hickses. Over the past three years, 81,793 frustrated travelers have formally asked that they be struck from the watch list through the Department of Homeland Security; more than 25,000 of their cases are still pending. Others have taken more drastic measures. Mario Labb?, a frequent-flying Canadian record-company executive, started having problems at airports shortly after Sept. 11, 2001, with lengthy delays at checkpoints and mysterious questions about Japan. By 2005, he stopped flying to the United States from Canada, instead meeting American clients in France. Then a forced rerouting to Miami in 2008 led to six hours of questions. ?What?s the name of your mother? Your father? When were you last in Japan?? Mr. Labb? recalled being asked. ?Always the same questions in different order. And sometimes, it?s quite aggressive, not funny at all.? Fed up, in the summer of 2008, he changed his name to Fran?ois Mario Labb?. The problem vanished. Several Web sites, including the T.S.A.?s own blog, are rife with tales of misidentification and strategies for solving them. Some travelers purposely misspell their own names when buying tickets, apparently enough to fool the system. Even the late Senator Edward M. Kennedy once found himself on a list. ?We can?t just throw a bunch of names on these lists and call it security,? said Representative William J. Pascrell Jr., a New Jersey Democrat. ?If we can?t get an 8-year-old off the list, the whole list becomes suspect.? Mr. Fotenos, the T.S.A. spokesman, promised improvements in a few months, as the agency?s Secure Flight Program takes full effect. Under the new system, airlines will collect every passenger?s birth date and gender, along with their names. The T.S.A. will cross-check all that with the watch lists. Previously, the airlines cross-checked the lists themselves, using only the names. Certainly, Mikey?s date of birth, less than a month before 9/11, should prevent him from being mistaken as a terrorist. A third grader at a parochial school in Clifton, N.J., Mikey recites the drill like the world-weary traveler he is. Leave early for the airport, always with his passport. Try to get a boarding pass at the counter. This will send up a flag. The ticket agent, peering down at tiny bespectacled Mikey, will apologize or roll her eyes, and call for a supervisor. The supervisor, after a phone call ? or, more likely, a series of phone calls ? will ultimately finagle him onto the plane. But the Hickses are typically the last to select seats and the last to board, which means they sometimes can?t sit together. Mrs. Hicks, a photojournalist who herself got Secret Service clearance to travel aboard Air Force II with then-Vice President Al Gore, anticipated additional chaos following the attempted underwear bombing. Before leaving for the Bahamas on Jan. 2, she reached out to Congressman Pascrell?s office, which then enlisted a T.S.A. agent to meet the family at the airport. Even this did not prevent Mikey from an extra pat-down. On the way home last Friday, Mikey?s boarding pass showed four giant red S?s at the airport in Nassau. ?Oh, random screening,? Mrs. Hicks said. Mikey asked his mother not to worry and said he would use his tae kwon do ? he has a junior black belt ? if needed. Mrs. Hicks said she wanted to take pictures of her son being frisked but was told it was against the rules. Mikey, who would rather talk about BMX bikes and his athletic trophies than airport security, remains perplexed about the ?list? and the hurdles he must clear. ?Why do they think a kid is a terrorist?? Mikey asked his mother at one point during the interview. Mrs. Hicks said the family was amused by the mistake at first. But that amusement quickly turned to annoyance and anger. It should not take seven years to correct the problem, Mrs. Hicks said. She applied for redress in December when she first heard about the Department of Homeland Security?s program. ?I understand the need for security,? she added. ?But this is ridiculous. It?s quite clear that he is 8 years old, and while he may have terroristic tendencies at home, he does not have those on a plane.? From rforno at infowarrior.org Thu Jan 14 15:22:28 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jan 2010 10:22:28 -0500 Subject: [Infowarrior] - Fwd: Demand Real Net Neutrality: Don't Let Hollywood Hijack the Internet References: <24216967.1263481518365.JavaMail.www@app222> Message-ID: Begin forwarded message: > From: Electronic Frontier Foundation > Date: January 14, 2010 10:00:09 AM EST > > Last fall, the Federal Communications Commission proposed rules for > "Net Neutrality" -- a set of regulations intended to help innovation > and free speech continue to thrive on the Internet. > > But is the FCC's version of Net Neutrality the real deal? Or is it a > fake? > > Buried in the FCC's rules is a deeply problematic loophole. Open > Internet principles, the FCC writes, "do not...apply to activities > such as the unlawful distribution of copyrighted works." > > For years, the entertainment industry has used that innocent- > sounding phrase -- "unlawful distribution of copyrighted works" -- > to pressure Internet service providers around the world to act as > copyright cops -- to surveil the Internet for supposed copyright > violations, and then censor or punish the accused users. > > From the beginning, a central goal of the Net Neutrality movement > has been to prevent corporations from interfering with the Internet > in this way -- so why does the FCC's version of Net Neutrality > specifically allow them to do so? > > Go to the Real Net Neutrality petition to tell the FCC that if it > wants to police the Internet, it first needs to demonstrate that it > can protect Internet users and innovators by standing up to powerful > industry lobbyists. Sign your name to demand that the copyright > enforcement loophole be removed: > > http://realnetneutrality.org/ > > Sincerely, > Electronic Frontier Foundation From rforno at infowarrior.org Fri Jan 15 01:21:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jan 2010 20:21:55 -0500 Subject: [Infowarrior] - Google Hack Was Ultra Sophisticated, New Details Message-ID: <3B6287A0-14D4-4623-A36E-BEA8E2852680@infowarrior.org> Threat Level Privacy, Crime and Security Online Google Hack Attack Was Ultra Sophisticated, New Details Show ? By Kim Zetter ? January 14, 2010 | ? 8:01 pm | http://www.wired.com/threatlevel/2010/01/operation-aurora/ Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by researchers at anti- virus firm McAfee. ?We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack,? says Dmitri Alperovitch, vice president of threat research for McAfee. ?It?s totally changing the threat model.? In the wake of Threat Level?s story disclosing that a zero-day vulnerability in Internet Explorer was exploited by the hackers to gain access to Google and other companies, Microsoft has published an advisory about the flaw that it already had in the works. McAfee has also added protection to its products to detect the malware that was used in the attacks and has now gone public with a number of new details about the hacks. Google announced Tuesday that it had been the target of a ?highly sophisticated? and coordinated hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists. The attack had originated from China, the company said. Minutes later, Adobe acknowledged in a blog post that it discovered Jan. 2 that it also had been the target of a ?sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.? Neither Google nor Adobe provided details about how the hacks occurred. The hack attacks, which are said to have targeted at least 34 companies in the technology, financial and defense sectors, have been dubbed ?Operation Aurora? by McAfee due to the belief that this is the name the hackers used for their mission. The name comes from references in the malware to the name of a file folder named ?Aurora? that was on the computer of one of the attackers. McAfee researchers say when the hacker compiled the source code for the malware into an executable file, the compiler injected the name of the directory on the attacker?s machine where he worked on the source code. According to Alperovitch, the attackers used nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks and obscure their activity. ?The encryption was highly successful in obfuscating the attack and avoiding common detection methods,? he said. ?We haven?t seen encryption at this level. It was highly sophisticated.? Although the initial attack occurred when company employees visited a malicious web site, Alperovitch said researchers are still trying to determine if this occurred via a URL sent to employees via e-mail or instant messaging or some other method, such as Facebook or other social networking sites. Once the user visited the malicious site, their Internet Explorer browser was exploited to download an array of malware to their computer automatically and transparently. The programs unloaded seamlessly and silently onto the system, like Russian nesting dolls, flowing one after the other. ?The initial piece of code was shell code encrypted three times and that activated the exploit,? Alperovitch said. ?Then it executed downloads from an external machine that dropped the first piece of binary on the host. That download was also encrypted. The encrypted binary packed itself into a couple of executables that were also encrypted.? One of the malicious programs opened a remote backdoor to the computer, establishing an encrypted covert channel that masqueraded as an SSL connection to avoid detection. This allowed the attackers ongoing access to the computer and use it as a ?beachhead? into other parts of the network, Alperovitch said, to search for login credentials, intellectual property and whatever else they were seeking. McAfee obtained copies of malware used in the attack, and ?quietly? added protection to its products a number of days ago, Alperovitch said, after its researchers were first brought in by hacked companies to help investigate the breaches. Although security firm iDefense told Threat Level on Tuesday that the Trojan used in some of the attacks was the Trojan.Hydraq, Alperovitch says the malware he examined was not previously known by any anti- virus vendors. Once the hackers were in systems, they siphoned off data to command- and-control servers in Illinois, Texas and Taiwan. Alperovitch wouldn?t identify the systems in the U.S. that were involved in the attack, though reports indicate that Rackspace, a hosting firm in Texas, was used by the hackers. Rackspace disclosed on its blog this week that it inadvertently played ?a very small part? in the hack. The company wrote that ?a server at Rackspace was compromised, disabled, and we actively assisted in the investigation of the cyber attack, fully cooperating with all affected parties.? Alperovitch wouldn?t say what the attackers might have found once they were on company networks, other than to indicate that the high-value targets that were hit ?were places of important intellectual property.? iDefense, however, told Threat Level that the attackers were targeting source code repositories of many of the companies and succeeded in reaching their target in many cases. Alperovitch says the attacks appeared to have begun Dec. 15, but may have started earlier. They appear to have ceased on Jan. 4, when command-and-control servers that were being used to communicate with the malware and siphon data shut down. ?We don?t know if the attackers shut them down, or if some other organizations were able to shut them down,? he said. ?But the attacks stopped from that point.? Google announced on Tuesday that it discovered in mid-December that it had been breached. Adobe disclosed that it discovered its breach on Jan. 2. Aperovitch says the attack was well-timed to occur during the holiday season when company operation centers and response teams would be thinly staffed. The sophistication of the attack was remarkable and was something that researchers have seen before in attacks on the defense industry, but never in the commercial sector. Generally, Alperovitch said, in attacks on commercial entities, the focus is on obtaining financial data, and the attackers typically use common methods for breaching the network, such as SQL-injection attacks through a company?s web site or through unsecured wireless networks. ?Cyber criminals are good . . . but they cut corners. They don?t spend a lot of time tweaking things and making sure that every aspect of the attack is obfuscated,? he said. Alperovitch said that McAfee has more information about the hacks that it?s not prepared to disclose at present but hopes to be able to discuss them in the future. Their primary goal, he said, was to get as much information public now to allow people to protect themselves. He said the company has been working with law enforcement and has been talking with ?all levels of the government? about the issue, particularly in the executive branch. He couldn?t say whether there were plans by Congress to hold hearings on the matter. From rforno at infowarrior.org Fri Jan 15 03:28:04 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jan 2010 22:28:04 -0500 Subject: [Infowarrior] - =?windows-1252?q?Obama_staffer_wants_=91cognitive?= =?windows-1252?q?_infiltration=92?= Message-ID: <12CD7E08-921E-4DC1-BD86-08CFB82EDD95@infowarrior.org> Obama staffer wants ?cognitive infiltration? of 9/11 conspiracy groups By Daniel Tencer Wednesday, January 13th, 2010 -- 10:48 pm http://rawstory.com/2010/01/obama-staffer-infiltration-911-groups/ In a 2008 academic paper, President Barack Obama's appointee to head the Office of Information and Regulatory Affairs advocated "cognitive infiltration" of groups that advocate "conspiracy theories" like the ones surrounding 9/11. Cass Sunstein, a Harvard law professor, co-wrote an academic article entitled "Conspiracy Theories: Causes and Cures," in which he argued that the government should stealthily infiltrate groups that pose alternative theories on historical events via "chat rooms, online social networks, or even real-space groups and attempt to undermine" those groups. As head of the Office of Information and Regulatory Affairs, Sunstein is in charge of "overseeing policies relating to privacy, information quality, and statistical programs," according to the White House Web site. Sunstein's article, published in the Journal of Political Philosphy in 2008 and recently uncovered by blogger Marc Estrin, states that "our primary claim is that conspiracy theories typically stem not from irrationality or mental illness of any kind but from a 'crippled epistemology,' in the form of a sharply limited number of (relevant) informational sources." By "crippled epistemology" Sunstein means that people who believe in conspiracy theories have a limited number of sources of information that they trust. Therefore, Sunstein argued in the article, it would not work to simply refute the conspiracy theories in public -- the very sources that conspiracy theorists believe would have to be infiltrated. Story continues below... Sunstein, whose article focuses largely on the 9/11 conspiracy theories, suggests that the government "enlist nongovernmental officials in the effort to rebut the theories. It might ensure that credible independent experts offer the rebuttal, rather than government officials themselves. There is a tradeoff between credibility and control, however. The price of credibility is that government cannot be seen to control the independent experts." Sunstein argued that "government might undertake (legal) tactics for breaking up the tight cognitive clusters of extremist theories." He suggested that "government agents (and their allies) might enter chat rooms, online social networks, or even real-space groups and attempt to undermine percolating conspiracy theories by raising doubts about their factual premises, causal logic or implications for political action." "We expect such tactics from undercover cops, or FBI," Estrin writes at the Rag Blog, expressing surprise that "a high-level presidential advisor" would support such a strategy. Estrin notes that Sunstein advocates in his article for the infiltration of "extremist" groups so that it undermines the groups' confidence to the extent that "new recruits will be suspect and participants in the group?s virtual networks will doubt each other?s bona fides." Sunstein has been the target of numerous "conspiracy theories" himself, mostly from the right wing political echo chamber, with conservative talking heads claiming he favors enacting "a second Bill of Rights" that would do away with the Second Amendment. Sunstein's recent book, On Rumors: How Falsehoods Spread, Why We Believe Them, What Can Be Done, was criticized by some on the right as "a blueprint for online censorship." Sunstein "wants to hold blogs and web hosting services accountable for the remarks of commenters on websites while altering libel laws to make it easier to sue for spreading 'rumors,'" wrote Ed Lasky at American Thinker. From rforno at infowarrior.org Fri Jan 15 03:29:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jan 2010 22:29:36 -0500 Subject: [Infowarrior] - Groups challenge U.S. gov't on seized laptops Message-ID: <1EF04336-9845-4F27-B531-EEE5D6B30EFC@infowarrior.org> Groups seek to challenge U.S. gov't on seized laptops Agam Shah http://www.computerworld.com/s/article/9144579/Groups_seek_to_challenge_U.S._gov_t_on_seized_laptops January 13, 2010 (IDG News Service) The policy of random laptop searches and seizures by U.S. government agents at border crossings is under attack again, with a pair of civil rights groups seeking potential plaintiffs for a lawsuit that challenges the practice. The American Civil Liberties Union is working with the National Association of Criminal Defense Lawyers to find lawyers whose laptops or other electronic devices were searched at U.S. points of entry and exit. The groups argue that the practice of suspicionless laptop searches violates fundamental rights of freedom of speech and protection against unreasonable seizures and searches. The groups have the support of Electronic Frontier Foundation, which has argued in court that laptop searches are invasive because devices like laptops contain personal data, which people should be able to keep private. EFF has also argued that some searches have been conducted without suspicion. "This lawsuit will not seek monetary damages for individuals who have been searched; instead, it will focus exclusively on fixing the unconstitutional policy," wrote Jennifer Granick, civil liberties director and lawyer with the Electronic Frontier Foundation, in a blog entry on Wednesday. NACDL believes the policy "erodes fundamental privacy rights generally," the group said on its Web site. It "has a particularly chilling impact on lawyers who travel abroad with legal documents that are subject to the attorney-client or work-product privileges," NACDL wrote. Last year, a document surfaced on the U.S. Department of Homeland Security's Web site that authorized U.S. agents to seize and retain laptops indefinitely. Government agents belonging to the U.S. Customs and Border Protection, which is a part of DHS, were also authorized to seize electronic devices including portable media players and cell phones and inspect documents in them. The DHS has defended the policy of searching electronic devices, stating that its ability to "inspect what is coming into the United States is central to keeping dangerous people and things from entering the country and harming the American people," according to the agency's Web site. The ACLU is already challenging DHS in court over the issue. In August last year, the group filed a suit against the DHS after it was denied access to documents to learn about the policy. The EFF and the Asian Law Caucus (ALC) also filed a case last year against the DHS after they were denied access to records on questioning and searches of travelers at U.S. borders. From rforno at infowarrior.org Fri Jan 15 03:37:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jan 2010 22:37:48 -0500 Subject: [Infowarrior] - Eye test spots Alzheimer's 20 years before symptoms Message-ID: <6C6737C2-A673-4F85-8C3D-3E9D702E38AB@infowarrior.org> Eye test that spots Alzheimer's 20 years before symptoms: Middle-aged could be screened at routine optician's visit By Fiona Macrae Last updated at 1:27 AM on 15th January 2010 http://www.dailymail.co.uk/news/article-1243181/Simple-eye-test-Alzheimers-catch-disease-crucial-early-stage.html# A test that can detect Alzheimer's up to 20 years before any symptoms show is being developed by British scientists. The simple and inexpensive eye test could be part of routine examinations by high street opticians in as little as three years, allowing those in middle age to be screened. Dementia experts said it had the power to revolutionise the treatment of Alzheimer's by making it possible for drugs to be given in the earliest stages. The technique, being pioneered at University College London, could also speed up the development of medication capable of stopping the disease in its tracks, preventing people from ever showing symptoms. Rebecca Wood, of the Alzheimer's Trust, said: 'These findings have the potential to transform the way we diagnose Alzheimer's, greatly enhancing efforts to develop new treatments.' Alzheimer's and other forms of dementia blight the lives of 700,000 Britons and their families, and the number of cases is expected to double within a generation. More... ? Heart pills may cut risk of cataracts by 40% There is no cure and existing drugs do not work for everyone. Current diagnosis is based on memory tests, and expensive brain scans are also sometimes used. However decisive proof of the disease usually comes from examination of the patient's brain after death. The eye test would provide a quick, easy, cheap and highly-accurate diagnosis. It exploits the fact that the light-sensitive cells in the retina at the back of the eye are a direct extension of the brain. Using eye drops which highlight diseased cells, the UCL researchers showed for the first time in a living eye that the amount of damage to cells in the retina directly corresponds with brain cell death. They have also pinpointed the pattern of retinal cell death characteristic of Alzheimer's. So far their diagnosis has been right every time. With research showing that cells start to die ten to 20 years before the symptoms of Alzheimer's become evident, it could allow people to be screened in middle age for signs of the disease. However, some may not want to know their fate so far in advance. There is also the fear that insurance companies could increase premiums for those who test positive while still young. The experiments, reported in the journal Cell Death & Disease, have been on animals but the team are poised to start the first human trials. Researcher Professor Francesca Cordeiro said: 'The equipment used for this research is essentially the same as is used in clinics and hospitals worldwide. 'It is also inexpensive and non-invasive, which makes us fairly confident that we can progress quickly to its use in patients. 'It is entirely possible that in the future a visit to a high street optician to check on your eyesight will also be a check on the state of your brain.' The technique could also improve the diagnosis of other conditions, including glaucoma and Parkinson's disease. In the short term, an early diagnosis would give patients and their families much more time to prepare for the future. In the longer term, it would allow new drugs that stop the disease in their tracks to reach their full potential. Professor Cordeiro said: 'If you give the treatment early enough, you can stop the disease progressing, full stop.' Dr Susanne Sorensen, of the Alzheimer's Society, cautioned that the test was still experimental but added: 'This research is very exciting. If we can delay the onset of dementia by five years, we can halve the number of people who will die from the disease.' From rforno at infowarrior.org Fri Jan 15 03:50:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jan 2010 22:50:23 -0500 Subject: [Infowarrior] - Facebook requires McAfee for user clean-up Message-ID: <1EB5AC6E-A970-41DD-82DD-A7D195EE9D67@infowarrior.org> (This sounds more to be a marketing deal so Facebook can up-sell Mcafee products to its locked-in users. And no, I am not on Facebook. -rick) Facebook deal with McAfee forces computer clean-up From: AFP January 14, 2010 9:37PM http://www.news.com.au/technology/facebook-deal-with-mcafee-forces-computer-clean-up/story-e6frfro0-1225819430863 FACEBOOK has announced an alliance with internet security firm McAfee to provide users of the world's leading online social network with better protection for their computers. Facebook users whose accounts are breached by malicious software or other cyber attacks will need to have their computers cleansed by McAfee before returning to life in the online community. The users are also being offered free six-month subscriptions to McAfee security software and then discounted prices for continued service. "If we get people's machines this protection, it is better for them, for Facebook and the internet as a whole," Facebook director of communications Barry Schnitt said. Previously, Facebook simply reset passwords of members whose accounts were hit by hacking, phishing, or other cyber-mischief and advised members to have malware purged from their computers. "We found that they wouldn't fix the problems and got infected again," Mr Schnitt said. "Now, we've integrated a solution where they actually have to get machines scanned and cleaned." McAfee and Facebook have collaborated on a free tool for cleaning up infected computers. Facebook said it would not share in any revenue that McAfee makes from security software or services. "The common goal is to help protect users of the Internet globally," said McAfee vice president of marketing Brent Remai. "We are pretty excited about this partnership." Facebook selected McAfee after a competitive review process. McAfee Internet Security Suite software is available to Facebook users in Australia, Britain, Italy, Germany, the Netherlands and the United States. It will be extended to more countries in the coming months. Facebook and McAfee cited research indicating that 78 per cent of computer users do not have updated virus and spyware protections on machines. "By partnering with the market leader McAfee, we are taking an unprecedented step towards making the entire internet more secure and reducing the possibility of threats being brought onto our service by unsuspecting users," said Facebook vice president of global communications Elliot Schrage. "Keeping the internet secure requires that users, security vendors and internet companies all work together." From rforno at infowarrior.org Fri Jan 15 15:01:12 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jan 2010 10:01:12 -0500 Subject: [Infowarrior] - Antittrust case against RIAA reinstated by 2nd Circuit Message-ID: Price fixing case against RIAA reinstated by 2nd Circuit http://recordingindustryvspeople.blogspot.com/#6567482304471093068 Hat tip to @cbcalvin on Twitter, and betanews: In Starr v. SONY BMG Music Entertainment, an antitrust class action against the RIAA, the complaint -- dismissed at the District Court level -- has been reinstated by the Second Circuit. Among other things, the Appeals court noted the following allegations: First, defendants agreed to launch MusicNet and pressplay, both of which charged unreasonably high prices and contained similar DRMs. Second, none of the defendants dramatically reduced their prices for Internet Music (as compared to CDs), despite the fact that all defendants experienced dramatic cost reductions in producing Internet Music. Third, when defendants began to sell Internet Music through entities they did not own or control, they maintained the same unreasonably high prices and DRMs as MusicNet itself. Fourth, defendants used MFNs in their licenses that had the effect of guaranteeing that the licensor who signed the MFN received terms no less favorable than terms offered to other licensors. For example, both EMI and UMG used MFN clauses in their licensing agreements with MusicNet. Fifth, defendants used the MFNs to enforce a wholesale price floor of about 70 cents per song. Sixth, all defendants refuse to do business with eMusic, the #2 Internet Music retailer. Seventh, in or about May 2005, all defendants raised wholesale prices from about $0.65 per song to $0.70 per song. This price increase was enforced by MFNs. From rforno at infowarrior.org Fri Jan 15 15:04:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jan 2010 10:04:05 -0500 Subject: [Infowarrior] - Explanations for ACTA's "shameful secret" Message-ID: <78C3C8CB-4E9B-412A-B1BB-F4C3344217FD@infowarrior.org> Adding up the explanations for ACTA's "shameful secret" A Google-hosted event this week tried to make sense of the secrecy surrounding the Anti-Counterfeiting Trade Agreement (ACTA), but came up empty. If the whole future of our economy depends on protecting the creative industries, as is argued, why are the negotiations to do that treated as a "shameful secret?" By Nate Anderson | Last updated January 15, 2010 8:23 AM http://arstechnica.com/tech-policy/news/2010/01/actas-shameful-secret.ars Why is an intellectual property treaty being negotiated in the name of the US public kept quiet as a matter of national security and treated as "some shameful secret"? Solid information on the Anti-Counterfeiting Trade Agreement (ACTA) has been hard to come by, but Google on Monday hosted a panel discussion on ACTA at its DC offices. Much of the discussion focused on transparency, and why there's so little of it on ACTA, even from an administration that has made transparency one of its key goals. The reason for that was obvious: there's little of substance that's known about the treaty, and those lawyers in the room and on the panel who had seen one small part of it were under a nondisclosure agreement. In most contexts, the lack of any hard information might lead to a discussion of mindnumbing generality and irrelevance, but this transparency talk was quite fascinating?in large part because one of the most influential copyright lobbyists in Washington was on the panel attempting to make his case. Steven Metalitz represents clients like the MPAA and RIAA, and he's quite good at what he does. If there's a copyright-related issue being discussed in DC, he has a hand in it. Over the last year, he has used his position to argue that consumers should have no ability to strip DRM from music or video tracks even if an online store takes down its authentication servers. He has also argued against the Obama administration's stance at the World Intellectual Property Organization, where he opposes a treaty on copyright exemptions for the blind. The reason: international copyright laws should only force copyright protections and enforcement on signers, but exemptions to copyright must never be anything more than "permitted." Metalitz took on three other panelists and a moderator, all of whom were less than sympathetic to his positions, and he made the lengthiest case for both ACTA and its secrecy that we have ever heard. It was also surprisingly unconvincing. Parsing the unknown ACTA is currently being hashed out by 40 countries apart from any existing international process such as WIPO or the WTO. No government will show draft texts of the treaty, though the public looks likely to be offered a draft once negotiations are complete (when it's too late to make substantive changes). Far from covering "counterfeiting," ACTA covers a host of issues that include Internet infringement of copyrighted works. That's key, said Metalitz, because one in ten US jobs depends on copyright protection. A legislative aide for Rep. Zoe Lofgren (D-CA) retorted that the same stats show just how many companies rely on fair use, copyright exceptions, DMCA safe harbors, and Communications Decency Act safe harbors. ACTA "can't just be about going to the max for enforcement," he said. But because it's hard to argue specifics when it comes to ACTA, the talk turned to the question of why we can't see the text. Jamie Love of Knowledge Ecology International, a group which has obtained many of the leaked documents about ACTA, noted that all 40 countries involved could see the text, "every lobbyist in K Street who has the phone number of USTR can get access to what's available in the proposal, any one of the thousand members of the [USTR] advisory boards that are cleared advisors has the right to ask for access to these documents," but voters do not. If the whole future of our economy depends on protecting the creative industries, why is an intellectual treaty being done "as some shameful secret?" Metalitz said that ACTA so far has been more transparent than numerous other trade agreements, but Love pointed out that the major international agreements on these issues (TRIPS and the WIPO treaties) have been far more open. And, under pressure to open up, WIPO and the WTO have both allowed nonprofit civil society groups access to debates and negotiations over the last decade?and, suddenly, the agreements coming out of those bodies became more pro-consumer. WIPO also regularly posts drafts, working papers, and proposals online. Past free trade agreements have been handled in a similar fashion. "Steve's embarrassed by the content of the negotiation or he would be more supportive of transparency," said Love, not one to hold back in his rhetoric. Keeping negotiations secret is how "you get big fees to be a lobbyist," since only the "insiders" have access to the process. Frank discussions Metalitz never provided a cogent case for why it might be acceptable to negotiate such an agreement in secret when so much of the public clearly wants to be involved. When pressed most directly on the issue, he punted, criticizing those who oppose protecting intellectual property. But he also made the fair point that he's not the one doing the negotiating. The US Trade Representative, which handles ACTA, is ultimately responsible. Though it has repeatedly pledged transparency, none has been forthcoming. Canadian law professor Michael Geist, going back through the few documents that we do have, believes that the US is one of the primary obstacles to such transparency. Even the MPAA, one of Metalitz's top clients, has publicly called for transparency on ACTA to remove the "distraction" that the issue has become. Such transparency would require the assent of all the governments involved in the negotiations. As the head of USTR has indicated, the ACTA talks might break down completely without secrecy, and it's clear that many governments don't actually want their own people to see the proposals being made and to shape their outcome. This isn't surprising, of course, since international groups like WIPO and WTO already exist to tackle these kinds of issues. But those groups would be more open than the ACTA process, and they would force countries like US, Canada, Japan, and the EU to involve more countries. Much easier to form a "coalition of the willing" instead. The USTR has claimed that it needs the privacy to have a "frank exchange of views," though WIPO has managed to work on major international IP legislation without such total secrecy. No one argues that every moment of the negotiating sessions needs to go on YouTube, or that there is never a place for an off-the-record exchange of views; but members of Congress like Mike Doyle (D-PA), Sherrod Brown (D-OH), Bernie Sanders (I-VT), and Ron Wyden (D-OR) have all blasted USTR in recent weeks for not taking basic steps, such as offering drafts to the public. Several of the panelists agreed that this might well be because the public wouldn't support what's being done in its name, but all of them, including Metalitz, believe that the transparency issue will eventually put real pressure on the USTR to open up further. When that might happen, however, remains a mystery. From rforno at infowarrior.org Fri Jan 15 18:39:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jan 2010 13:39:13 -0500 Subject: [Infowarrior] - FCC looks at ways to assert authority over Web access Message-ID: <2FD64130-CB39-41D0-90AB-5B7548BC4511@infowarrior.org> FCC looks at ways to assert authority over Web access By Cecilia Kang Washington Post Staff Writer Friday, January 15, 2010; A22 http://www.washingtonpost.com/wp-dyn/content/article/2010/01/14/AR2010011404717_pf.html The Federal Communications Commission is considering aggressive moves to stake out its authority to oversee consumer access to the Internet, as a recent court hearing and industry opposition have cast doubt on its power over Web service providers. The FCC, which regulates public access to telephone and television services, has been working to claim the same role for the Internet. The stakes are high, as the Obama administration pushes an agenda of open broadband access for all and big corporations work to protect their enormous investments in a new and powerful medium. "This is a pivotal moment," said Ben Scott, director of policy at the public interest group Free Press. The government wants to treat broadband Internet as a national infrastructure, he said, like phone lines or the broadcast spectrum. But federal regulators are grappling with older policies that do not clearly protect consumers' access to the Web, their privacy or prices of service. The issue may have reached a turning point last week when a federal appeals court questioned the limits of the FCC's authority in a 2008 case involving Comcast. The agency had ordered the Internet and cable giant to stop blocking subscribers' access to the online file-sharing service BitTorrent. But in an oral hearing last Friday, three judges grilled an FCC lawyer over whether the agency had acted outside the scope of its authority. The appeals court is still hearing the case, but analysts predict that the FCC will lose and that the ruling could throw all of its efforts to oversee Internet access into question. A loss could undermine the legality of FCC Chairman Julius Genachowski's push for policies that would prohibit service providers from restricting customers' access to legal Web content -- the concept known as net neutrality -- and throw into doubt the agency's ability to oversee pricing and competition among Internet service providers. The agency said it will continue to argue that it had the authority to rule against Comcast, but it is making plans to deal with a loss. "If the court removes the legal basis for the current approach to broadband, the commission may be compelled to undertake a major reassessment of its policy framework . . . or Congress will have to act," said Colin Crowell, senior adviser to Genachowski. "Any policies the commission pursues for the broadband marketplace will be rooted in the pro-consumer, pro-competitive structure of the 1996 Telecommunications Act, regardless of how the court ultimately decides." Specifically, that could mean the agency will reverse policies from the past decade that put cable and DSL Internet services in a special category over which the agency has only "ancillary jurisdiction." Those policies were intended to deregulate Internet services in order to promote competition and innovation in the young industry as it developed. Consumer groups argue that they instead reduced competition and drove prices higher. Analysts said the FCC may look to put broadband services back into a category alongside phone services that is clearly under the authority of the government. At issue, some FCC officials say, is the future of how Americans will communicate and receive information. One in five U.S. homes has swapped landline telephone service for wireless. Most of those phones have Web browsers that are fast enough to watch videos and navigate traffic in real time. Consumers are also adopting ultra-high-speed Internet services over fiber and cable for 3-D games and videoconferencing. "While I am still hopeful that we'll win the case, I am absolutely certain that consumers expect protection against gatekeeper control," said Commissioner Michael Copps, a Democrat. "That's why we need to move forward with whatever tools we have at our disposal to ensure an open Internet." A move to reclassify broadband services would almost certainly be opposed. The telephone category is steeped in decades-long rules that are meant to prohibit blocking of services, protect consumer prices and spur competition. Such rules would be a stark change for Internet service providers that invest billions of dollars each year in networks but also receive high rates of consumer complaints over prices and services. "To the extent that we need more regulation, we think less is more," said Kyle McSlarrow, head of the National Cable and Telecommunications Association, a trade group. "The more granular and more regulatory we become with practical and legal issues, we can go too far." The agency also could ask Congress to grant it explicit authority over Internet service providers. But that approach would also face significant barriers, analysts said. "The odds are against it," said Paul Gallant, an analyst at Concept Capital, a research firm. "Net neutrality is the most controversial issue in the telecom media world, and even with a Democratic majority, it's not easy to pass." Post a Comment From rforno at infowarrior.org Fri Jan 15 18:43:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jan 2010 13:43:06 -0500 Subject: [Infowarrior] - Video: ACTA treaty debated in DC: must-see video Message-ID: <4826B8FE-8423-4845-9ED3-FED28B857F6C@infowarrior.org> http://www.boingboing.net/2010/01/15/secret-copyright-tre-2.html The drive to ram through the secret Anti-Counterfeiting Trade Agreement is ramping up, with the next meeting set for the end of this month in Mexico. ACTA is an unprecedented copyright treaty (unprecedented in that it reaches farther than previous copyright treaties, and that it is being negotiated behind closed doors, without any public input or oversight) that will force copyright policing duties on Internet companies (vastly increasing the cost of hosting "user-generated content"); create new penalties for infringement (including Draconian penalties such as disconnection from the Internet on accusations of infringement); and require countries to search hard- drives, personal media players, and other personal data at their borders. Last month, Google's DC office hosted a public debate on ACTA, with Steven J. Metalitz, a lawyer and lobbyist representing the International Intellectual Property Alliance; Jamie Love, an activist with Knowledge Ecology International; Jonathan Band, a lawyer representing a coalition of library groups and a variety of tech and Internet companies and Ryan Clough from Silicon Valley Congresswoman Zoe Lofgren's office; moderated by Washington Post consumer technology columnist Rob Pegoraro. The video runs to 90 minutes. I don't get a lot of 90-minute chunks of time in my life, but I made time for this. It was one of the most spirited -- even heated -- debates I've heard on the subject, and it got into substantive questions of law, jurisdiction, economics and ethics. It was especially interesting to hear Metalitz, the main mouthpiece for the private corporate interests behind this proposal, attempt to defend both the proposal and the secrecy behind it. Two recurring points that Metalitz raised were that the secrecy in the treaty was a requirement of foreign negotiating partners, and the US's hands were tied; and that the treaty wouldn't require any of the "advanced" nations to change their law (he repeated the oft-heard unfounded slur that Canada is a rogue nation when it comes to copyright law). Both of these points are simply wrong. The country demanding that ACTA be kept secret is the good old US of A, whose strategy for this is being driven by former entertainment industry lawyers who have found new homes as senior officials in the Obama government (the Democrats are terrible on copyright, sadly -- we can thank Bill Clinton for the Digital Millennium Copyright Act). These lawyers are Metalitz's old pals, his colleagues in the decades he's spent winning special privileges and public subsidy for his rich clients. Even more ridiculous is the claim that ACTA won't require any changes to law (if that was true, why bother with it?). As the EU's Commissioner-designate for the Internal Market stated, ACTA will trump the democratic law made by elected governments, requiring changes that are created in smoke-filled rooms that only corporate bigwigs get access to. ACTA is a profoundly undemocratic undertaking, as is amply demonstrated in the debate in this video. K-street lobbyists, corporate execs, and other movers and shakers know everything that's going on in the ACTA negotiations, but the public is frozen out of the debate. And as Jamie Love points out, public access to other copyright negotiations -- such as those at WIPO -- have fundamentally changed their directions, because the public doesn't want expensive gags and handcuffs put on the Internet in order to bolster the entertainment industry's profits. Watch this video. It may be the most productive 90 minutes you spend today. From rforno at infowarrior.org Fri Jan 15 21:19:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jan 2010 16:19:00 -0500 Subject: [Infowarrior] - US preps cyber outfit to protect national electric grid Message-ID: <5A08161A-07E9-49D2-9DD3-9CD734F273D3@infowarrior.org> US preps cyber outfit to protect national electric grid DOE group would speed research, bulk up smart grid technologies By Layer 8 on Thu, 01/14/10 - 10:38am. http://www.networkworld.com/community/node/54820 The US Department of Energy said it would spend $8.5 million to set up a "National Energy Sector Cyber Organization" that would help protect the nation's bulk power electric grid and help integrate smart grid technology with the electric grid. The idea is to set up an independent national energy sector cyber security organization that would hopefully speed research, development and deployment priorities, including policies and protocols, the DOE stated. Recently the DOE's acting assistant secretary, Patricia Hoffman stated: "The scope and nature of security threats and their potential impact on our national security require the ability to act quickly to protect the bulk power system and to protect sensitive information from public disclosure. At the same time, we must continue to build long-term programs that improve information sharing and awareness between the public and private energy sector. "The electric system is not the Internet. It is a carefully tended and balanced system that is critical to the Nation and the people. We must continue to strive towards an electric system that can survive an intentional cyber assault with no loss of critical functions," she stated. According to the DOE such an organization could help address a number of key challenges, including: ? Articulating the business case for addressing control system vulnerabilities, threats, technologies, and needs. ? Creating an environment to promote information sharing about real- world, cross-sector attacks. ? Developing and implementing wire encryption technology to protect communication links. ? Continuing funding and use of the National SCADA Test Bed. ? Developing security solutions for legacy systems. ? Identifying best practices for connecting legacy systems to business networks. ? Developing a security plan for incident response and recovery. ? Developing an automated system for managing security events. ? Agreeing on metrics/standards for measuring security. ? Identifying effective gateway security tools. ? Ease of sophisticated attack. Cyber attack tools are becoming more sophisticated, while the knowledge required to use them is decreasing. ? Reliance on commercial software. Many software programs used in control systems are produced outside the US and fail to address US security concerns. ? Evolution toward distributed networks. Interconnected, web-enabled systems provide multiple points of entry for cyber attacks. ? Competitive energy market. Competitive pressures can deter private industry from investing in more secure control systems. ? High performance requirements. The high performance and reliability required of control systems may deter private industry from trying improved software and tools. ? Uneven, fragmented funding and operation. Resources for defining and testing control system vulnerabilities have been limited and inconsistent. It is paramount that smart grid devices and interoperability standards include protections against cyber intrusions and have systems that are designed from the start (not patches added on) that prevent unauthorized persons from gaining entry through the millions of new access points created by the deployment of smart grid technologies, Hoffman stated. From rforno at infowarrior.org Sat Jan 16 06:00:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Jan 2010 01:00:15 -0500 Subject: [Infowarrior] - VZ, AT&T Cut Price on Unlimited Plans Message-ID: <8D74146E-A6FC-4E1D-9F0A-0896EA812FE8@infowarrior.org> (Yep, a new mobile "price war" started this week. -rick) Verizon and AT&T Cut Price on Unlimited Mobile-Calling Plans January 15, 2010, 06:34 PM EST By Amy Thomson http://www.businessweek.com/news/2010-01-15/verizon-and-at-t-cut-price-on-unlimited-mobile-calling-plans.html Jan. 15 (Bloomberg) -- Verizon Wireless and AT&T Inc. cut the price of calling plans with unlimited talk time as competition heats up between the two largest U.S. mobile-phone services. Beginning Jan. 18, both companies will charge $69.99 a month for unlimited talk or $89.99 for a plan with unlimited calls and texts, the carriers said in separate statements today. Verizon moved first to cut the prices earlier today, part of a plan to simplify pricing and encourage more customers to buy data plans that let smartphones access the Internet and download programs. The cheaper, unrestricted plans may persuade subscribers to upgrade, said Jennifer Fritzsche, an analyst at Wells Fargo Securities LLC in Chicago. ?We could see a move upwards rather than downwards,? said Fritzsche, who recommends buying shares of AT&T and Verizon Communications Inc. ?Any kind of voice pricing is very much a commodity. Data is the future.? Verizon?s unlimited voice plan for individuals was $99.99, with unlimited text and video messages costing $119.99, according to the carrier?s Web site. AT&T is cutting the price of its unlimited voice plans from $99.99 a month, according to the Dallas-based company?s Web site. Sprint sells a package of unlimited calls, data and messaging for $99.99. While the company didn?t announce a price change today, it said customers who buy unlimited messaging and data plans will save almost $240 a year over Verizon?s new offering. Reviewing Prices ?We?re always looking at our pricing and evaluating whether changes are needed,? said Emmy Anderson, a spokeswoman for Overland Park, Kansas-based Sprint. ?The plans that we offer right now, we really feel are giving customers the best value in wireless.? Verizon subscribers with phones capable of downloading video and other multimedia content will be required to sign up for a $9.99-per-month data plan. Verizon Communications, which co-owns Basking Ridge, New Jersey-based Verizon Wireless, declined 64 cents to $30.58 today in New York Stock Exchange composite trading. AT&T dropped 40 cents to $25.79, while Sprint rose 13 cents to $3.82. Verizon Communications had revenue of $15.8 billion from its 89 million mobile customers in the third quarter, a 24 percent increase from a year earlier. The wireless unit made up more than half of sales as land-line customers defected. Much of the growth came from data plans, which customers use to access the Internet and download media. Customers? average monthly bills fell 2.2 percent to $51.04, even as payments for data services rose 17 percent, Verizon said in its October report. The company will report fourth-quarter results on Jan. 26. From rforno at infowarrior.org Sat Jan 16 18:39:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Jan 2010 13:39:03 -0500 Subject: [Infowarrior] - IE zero-day code released Message-ID: <3383A6EA-A862-447C-8C47-0F96F24B2ACC@infowarrior.org> The IE exploit reportedly involved in the China-Google spat this week was made public by the Metasploit Project yesterday. Since Metasploit is owned by Rapid7, an infosec vulnerability management company (ie, a "security company") I am sure we'll see another round of heated debate over vulnerability disclosure in the coming days. Exploit: http://www.metasploit.com/redmine/projects/framework/repository/revisions/8136/entry/modules/exploits/windows/browser/ie_aurora.rb Attack code for this thing is publicly available now, too: http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js Also - "Microsoft issued a security advisory on the IE flaw Thursday and has not ruled out the possibility of rushing out an emergency "out- of-cycle" patch to fix it. Microsoft's next set of security patches is due Feb. 9, giving hackers more than three weeks to exploit the flaw." - (http://www.itworld.com/security/93009/attack-code-used-hack-google-now-public ) -rf From rforno at infowarrior.org Sun Jan 17 05:21:28 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Jan 2010 00:21:28 -0500 Subject: [Infowarrior] - Proposed Web video restrictions cause outrage in Italy Message-ID: <8A18C600-7280-4622-AE48-EBD18BA98729@infowarrior.org> Proposed Web video restrictions cause outrage in Italy Philip Willan, IDG News Service01.15.2010 http://www.thestandard.com/news/2010/01/15/proposed-web-video-restrictions-cause-outrage-italy New rules to be introduced by government decree will require people who upload videos onto the Internet to obtain authorization from the Communications Ministry similar to that required by television broadcasters, drastically reducing freedom to communicate over the Web, opposition lawmakers have warned. The decree is ostensibly an enactment of a European Union (EU) directive on product placement and is due to go into effect at the end of January after being subjected to a nonbinding appraisal by parliament. On Thursday opposition lawmakers held a press conference in parliament to denounce the new rules -- which require government authorization for the uploading of videos, give individuals who claim to have been defamed a right of reply and prevent the replay of copyright material -- as a threat to freedom of expression. "The decree subjects the transmission of images on the Web to rules typical of television and requires prior ministerial authorization, with an incredible limitation on the way the Internet currently functions," opposition Democratic Party lawmaker Paolo Gentiloni told the press conference. Article 4 of the decree specifies that the dissemination over the Internet "of moving pictures, whether or not accompanied by sound," requires ministerial authorization. Critics say it will therefore apply to the Web sites of newspapers, to IPTV and to mobile TV, obliging them to take on the same status as television broadcasters. "Italy joins the club of the censors, together with China, Iran and North Korea," said Gentiloni's party colleague Vincenzo Vita. The decree was also condemned by Articolo 21, an organization dedicated to the defense of freedom of speech as enshrined in article 21 of the Italian constitution. The group said the measures resembled an earlier government attempt to crack down on bloggers by imposing on them the same obligations and responsibilities as newspapers. The group launched an appeal Friday entitled "Hands Off the Net," saying the restrictive measures would mark "the end of freedom of expression on the Web." The restrictions would prevent the recounting of the life of the Italians in moving pictures on the Internet, it said. The decree was also criticized by Nicola D'Angelo, a commissioner in the Communications Authority, which would be likely to play a role in policing copyright violations under the new rules. The decree ran contrary to the spirit of the EU directive by extending the rules of television to online video material, D'Angelo said in a radio interview. He also expressed concern at the requirement for government authorization for the uploading of videos to Internet. "Italy will be the only Western country in which it is necessary to have prior government permission to operate this kind of service," he said. "This aspect reveals a democratic risk, regardless of who happens to be in power." Other critics described the decree as an expression of the conflict of interests of Silvio Berlusconi, who exercises political control over the state broadcaster RAI in his role as prime minister and is also the owner of Italy's largest private broadcaster, Mediaset. They said the new copyright regulations would prevent Internet users from sharing snippets of popular TV shows or goals from the Italian soccer league, currently viewed online by millions of people. Mediaset has successfully sued YouTube to obtain the removal of its copyright material, in particular video from the reality show "Big Brother," from the online video-sharing platform. A judge in a Rome civil court ordered the removal of the material last month, and the new decree is seen as providing further protection for Mediaset's online commercial interests. Alessandro Gilioli, who writes a blog on the Web site of the weekly magazine L'Espresso, said the decree was intended to squelch future competition for Mediaset, which was planning to move into IPTV and therefore had an interest in reducing the number of independent videos circulating on the Web. "It's the Berlusconi method: Kill your potential enemies while they are small. That's why anyone doing Web TV -- even from their attic at home -- must get ministerial approval and fulfill a host of other bureaucratic obligations," Gilioli wrote. He said the government was also keen to restrict the uncontrollable circulation of information over the Internet to preserve its monopoly over television news. Paolo Romani, the deputy minister responsible for drafting the decree, insisted the text simply adopted the recommendations of the EU directive but said the government was prepared to discuss modifications. The decree did not intend to restrict freedom of information "or the possibility of expressing one's ideas and opinions through blogs and social networks," Romani told the ANSA news agency. From rforno at infowarrior.org Sun Jan 17 14:59:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Jan 2010 09:59:29 -0500 Subject: [Infowarrior] - WEF: Global Risks 2010 Message-ID: <13A13B91-1986-4350-B5EE-09F6C426FF1E@infowarrior.org> World Economic Forum WEF: Global Risks 2010 A Global Risk Network Report http://www.weforum.org/pdf/globalrisk/globalrisks2010.pdf Three themes provide the backdrop for discussion in this report. As the first chapter discusses, the increase in interconnections among risks means a higher level of systemic riskthan ever before. Thus, there is a greater need for an integrated and more systemic approach to risk management and response by the public and private sectors alike. Second, while sudden shocks can have a huge impact, be they serious geopolitical incidents, terrorist attacks or natural catastrophes, the biggest risks facing the world today may be from slow failures or creeping risks. Because these failures and risks emerge over a long period of time, their potentially enormous impact and long-term implications can be vastly underestimated. These are risks linked to big shifts that are recognized and which will roll out over many years, even decades. For example, global population growth, ageing and the ensuing rise in consumption have implications for This year?s report explores a set of risks that share a potential for wider systemic impact and are strongly linked to a number of significant, long-term trends. First, there are those which feature highly on the Global Risks Landscape and which predated the recession but have been exacerbated by its impact through greater resources constraints or short-term thinking. These include: ?Fiscal crisesand the social and political implications of high unemployment ?Underinvestment in infrastructure, both new and existing, and its consequences for growth, resource scarcity and climate change adaptation ?Chronic diseases and their impact on both advanced economies and developing countries The report also notes how concerns over further asset bubbles remain strong, as indicated by the Global Risk Network Partner?s assessment for the Global Risks Landscape. The other risks discussed in this report are equally systemic in nature and also require better global governance but they currently feature less prominently on the Global Risks Landscape. The report raises these risks to understand if there is an ?awareness gap? around these areas and suggests that they should not be forgotten in the focus on an integrated and longer term view of risks. These risks include: transnational crime and corruption; biodiversity loss; and cyber-vulnerability. http://www.weforum.org/pdf/globalrisk/globalrisks2010.pdf From rforno at infowarrior.org Mon Jan 18 14:55:25 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jan 2010 09:55:25 -0500 Subject: [Infowarrior] - Man arrested over Twitter airport joke Message-ID: <4854557B-7741-47CD-947A-5DE5E39EA5A0@infowarrior.org> Man arrested over Twitter airport joke Jan 18 07:04 AM US/Eastern http://www.breitbart.com/article.php?id=CNG.2a946d8cae075a2d7fa49799423d90f8.421&show_article=1 A man was arrested by anti-terrorism police and suspended from his job after he sent a Twitter message joking that he was going to blow up an airport, a report said Monday. When heavy snow at Robin Hood airport in Doncaster, northern England, threatened to ruin Paul Chambers' plans to fly to Ireland, he vented his frustration by tapping out a message on the social networking site. "Robin Hood airport is closed," he wrote, according to The Independent newspaper. "You've got a week and a bit to get your shit together, otherwise I'm blowing the airport sky high!!" A week after posting the message, Chambers was arrested under anti- terrorism laws at his office after police had apparently received a tip-off. The 26-year-old was questioned for seven hours by officers who failed to see the joke in his message. He has been bailed to February 11 when he will find out if he will be charged with conspiring to create a bomb hoax. He has also been suspended from work pending an internal investigation and banned from the airport for life. Detectives have confiscated his iPhone, laptop and home computer. "I would never have thought, in a thousand years, that any of this would have happened because of a Twitter post," Chambers told The Independent. "I'm the most mild-mannered guy you could imagine." South Yorkshire police confirmed the arrest and said investigations were continuing. Security has been stepped up at airports worldwide since a Nigerian student allegedly tried to detonate explosives concealed in his underwear on a flight from Amsterdam to Detroit on December 25. A man appeared in court last week charged with making a bomb threat and being drunk on board an Emirates flight to Dubai as it sat on the runway at London's Heathrow airport. Copyright AFP 2008, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium From rforno at infowarrior.org Mon Jan 18 17:00:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jan 2010 12:00:01 -0500 Subject: [Infowarrior] - EU's IP Negotiating Strategy With Canada Leaks Message-ID: <968D6E3C-39D7-4FF6-B569-CA7A329C46D8@infowarrior.org> EU's IP Negotiating Strategy With Canada Leaks: Calls 2009 Copyright Consult a "Tactic to Confuse" Monday January 18, 2010 http://www.michaelgeist.ca/content/view/4704/125/ Canada and the European Union resume negotiations on a Canada-EU Trade Agreement (CETA) this week. The second round of talks comes as the EU's proposed chapter for the intellectual property provisions leaked last month, revealing demands for dramatic changes to Canadian intellectual property law. This would include copyright term extension (to life of the author plus 70 years), anti-circumvention rules, resale rights, and ISP liability provisions. Now a second document has leaked, though it is not currently available online. The Wire Report reports that an EU document dated November 16, 2009, features candid comments about Canada and the EU strategy. The document, called a "Barrier Hymn Sheet" leaves little doubt about the EU's objective: Put pressure on Canada so that they take IPR issues seriously and remedy the many shortcomings of their IPR protection and enforcement regime. Having viewed the document, I can report that it goes downhill from there, promoting the key message that Canadian laws are inadequate, while liberally quoting a report from the Canadian IP Council and discredited counterfeiting data. The document states that the trade negotiations are a "unique opportunity [for Canada] to upgrade its IPR regime despite local anti- IPR lobbying." It includes an assessment of recent copyright reform efforts, noting that two bills have died due to "political instability." The document adds that the copyright reform process was revived in 2009 with the national copyright consultation, but notes dismissively it may have been a "tactic to confuse." It ultimately concludes: our objective is to convince Canada to eliminate or reduce these shortcomings, by conducting the necessary legislative or other changes. However, optimism should be tempered since, despite pressure from the USA, high level commitments from Canada, and our commissioner's letter of April 2009, little concrete moves have been observed in recent years. We hope that the negotiation of the bilateral CETA will provide a good opportunity to exert pressure on Canada regarding the upgrade of its IPR regime This document, combined with the leaked draft, provides ample evidence of the intent of the EU to use CETA to pressure Canada to fundamentally reshape our copyright and IP laws. Although the document discloses that IP was not discussed at the first round of negotiations in Ottawa last October, it is clear that it is a high priority future agenda item. Indeed, the Wire Report reports that IP is on the agenda for this week's negotiations. Although the Wire Report quotes a government official as saying that CETA will not override the copyright consultations, when combined with the ACTA talks that resume next week, the prospect of a made-in-Canada approach may be quickly slipping away. From rforno at infowarrior.org Mon Jan 18 17:26:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jan 2010 12:26:50 -0500 Subject: [Infowarrior] - FAA: 747s may be vulnerable to external hacks Message-ID: (This is not very reassuring. -rf) http://www.gpo.gov/fdsys/pkg/FR-2009-10-02/html/E9-23753.htm SUMMARY: This action proposes special conditions for the Boeing Model 747-8/-8F airplane. This airplane will have novel or unusual design features associated with the architecture and connectivity capabilities of the airplane's computer systems and networks, which may allow access to external computer systems and networks. Connectivity to external systems and networks may result in security vulnerabilities to the airplane's systems. The applicable airworthiness regulations do not contain adequate or appropriate safety standards for these design features. These proposed special conditions contain the additional safety standards that the Administrator. < - > The Boeing Model 747-8/-8F airplane will incorporate the following novel or unusual design features: Digital systems architecture composed of several connected networks. The proposed architecture and network configuration may be used for, or interfaced with, a diverse set of functions, including: 1. Flight-safety related control, communication, and navigation systems (aircraft control domain), 2. Airline business and administrative support (airline information domain), 3. Passenger information and entertainment systems (passenger entertainment domain), and 4. The capability to allow access to or by external network sources. Discussion The proposed Model 747-8/-8F architecture and network configuration may allow increased connectivity to and access from external network sources and airline operations and maintenance networks to the aircraft control domain and airline information domain. The aircraft control domain and airline information domain perform functions required for the safe operation and maintenance of the airplane. Previously these domains had very limited connectivity with external network sources. The architecture and network configuration may allow the exploitation of network security vulnerabilities resulting in intentional or unintentional destruction, disruption, degradation, or exploitation of data, systems, and networks critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate these types of airplane system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be exploited by unauthorized access to airplane networks, data buses, and servers. Therefore, these special conditions and a means of compliance are proposed to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections. < - > From rforno at infowarrior.org Mon Jan 18 19:27:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jan 2010 14:27:51 -0500 Subject: [Infowarrior] - U.S. Military Weapons Inscribed With Secret 'Jesus' Bible Codes Message-ID: Agree with the idea or not, it's a cultural 'win' for the enemy and it's own marketing purposes, as the article suggests towards the end. --rf U.S. Military Weapons Inscribed With Secret 'Jesus' Bible Codes Pentagon Supplier for Rifle Sights Says It Has 'Always' Added New Testament References By JOSEPH RHEE, TAHMAN BRADLEY and BRIAN ROSS Jan. 18, 2010 ? http://abcnews.go.com/print?id=9575794 Coded references to New Testament Bible passages about Jesus Christ are inscribed on high-powered rifle sights provided to the United States military by a Michigan company, an ABC News investigation has found. The sights are used by U.S. troops in Iraq and Afghanistan and in the training of Iraqi and Afghan soldiers. The maker of the sights, Trijicon, has a $660 million multi-year contract to provide up to 800,000 sights to the Marine Corps, and additional contracts to provide sights to the U.S. Army. U.S. military rules specifically prohibit the proselytizing of any religion in Iraq or Afghanistan and were drawn up in order to prevent criticism that the U.S. was embarked on a religious "Crusade" in its war against al Qaeda and Iraqi insurgents. One of the citations on the gun sights, 2COR4:6, is an apparent reference to Second Corinthians 4:6 of the New Testament, which reads: "For God, who commanded the light to shine out of darkness, hath shined in our hearts, to give the light of the knowledge of the glory of God in the face of Jesus Christ." Other references include citations from the books of Revelation, Matthew and John dealing with Jesus as "the light of the world." John 8:12, referred to on the gun sights as JN8:12, reads, "Whoever follows me will never walk in darkness, but will have the light of life." Trijicon confirmed to ABCNews.com that it adds the biblical codes to the sights sold to the U.S. military. Tom Munson, director of sales and marketing for Trijicon, which is based in Wixom, Michigan, said the inscriptions "have always been there" and said there was nothing wrong or illegal with adding them. Munson said the issue was being raised by a group that is "not Christian." The company has said the practice began under its founder, Glyn Bindon, a devout Christian from South Africa who was killed in a 2003 plane crash. 'It violates the Constitution' The company's vision is described on its Web site: "Guided by our values, we endeavor to have our products used wherever precision aiming solutions are required to protect individual freedom." "We believe that America is great when its people are good," says the Web site. "This goodness has been based on Biblical standards throughout our history, and we will strive to follow those morals." Spokespeople for the U.S. Army and the Marine Corps both said their services were unaware of the biblical markings. They said officials were discussing what steps, if any, to take in the wake of the ABCNews.com report. It is not known how many Trijicon sights are currently in use by the U.S. military. The biblical references appear in the same type font and size as the model numbers on the company's Advanced Combat Optical Guides, called the ACOG. A photo on a Department of Defense Web site shows Iraqi soldiers being trained by U.S. troops with a rifle equipped with the bible-coded sights. "It's wrong, it violates the Constitution, it violates a number of federal laws," said Michael "Mikey" Weinstein of the Military Religious Freedom Foundation, an advocacy group that seeks to preserve the separation of church and state in the military. 'Firearms of Jesus Christ' "It allows the Mujahedeen, the Taliban, al Qaeda and the insurrectionists and jihadists to claim they're being shot by Jesus rifles," he said. Weinstein, an attorney and former Air Force officer, said many members of his group who currently serve in the military have complained about the markings on the sights. He also claims they've told him that commanders have referred to weapons with the sights as "spiritually transformed firearm[s] of Jesus Christ." He said coded biblical inscriptions play into the hands of "those who are calling this a Crusade." According to a government contracting watchdog group, fedspending.org, Trijicon had more than $100 million in government contracts in fiscal year 2008. The Michigan company won a $33 million Pentagon contract in July, 2009 for a new machine gun optic, according to Defense Industry Daily. The company's earnings from the U.S. military jumped significantly after 2005, when it won a $660 million long-term contract to supply the Marine Corps with sights. "This is probably the best example of violation of the separation of church and state in this country," said Weinstein. "It's literally pushing fundamentalist Christianity at the point of a gun against the people that we're fighting. We're emboldening an enemy." Copyright ? 2010 ABC News Internet Ventures From rforno at infowarrior.org Mon Jan 18 20:33:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jan 2010 15:33:58 -0500 Subject: [Infowarrior] - ACLU Report: Border laptop searches Message-ID: <54B4170D-AF8A-495E-9367-52FFCE93749B@infowarrior.org> Customs and Border Protection (CBP) First Production Documents January 14, 2010 http://www.aclu.org/national-security/customs-and-border-protection-cbp-first-production-documents In response to the ACLU?s Freedom of Information Act lawsuit seeking documents about the government?s policy of searching travelers? laptops and cell phones at U.S. border crossings without suspicion of wrongdoing, the government has released hundreds of pages of documents about the policy. The records reveal new information about how many devices have been searched, what happens to travelers? files once they are in the government?s possession, and travelers? complaints about how they are treated by border officials. The ACLU's analysis of the first batch of documents released by CBP reveals: ? In a span of just nine months, CBP officials searched over 1,500 electronic devices belonging to travelers. Under the current policy, they were not required to justify a single one of these searches. ? Travelers' laptops are not the only devices at risk of being examined, detained, or seized by the government. In fact, cell phones were the most commonly searched and seized devices between October 2008 and June 2009. ? Other types of devices that were searched and detained during this time period include digital cameras, thumb drives, hard drives, and even DVDs. ? Between July 2008 and June 2009, CBP transferred electronic files found on travelers' devices to third-party agencies almost 300 times. Over half the time, these unknown agencies asserted independent bases for retaining or seizing the transferred files. More than 80 percent of the transfers involved the CBP making copies of travelers' files. From rforno at infowarrior.org Mon Jan 18 23:37:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jan 2010 18:37:09 -0500 Subject: [Infowarrior] - Verizon: "We Record You, but Don't You Dare Record Us!" Message-ID: (c/o IP ... my comment? What's good for the goose must be good for the gander. --rf) January 18, 2010 Verizon: "We Record You, but Don't You Dare Record Us!" -- and a FiOS Order Canceled http://lauren.vortex.com/archive/000671.html Greetings. In FiOS Scamming the Elderly a couple of days ago, I expressed my extreme displeasure at the horrendous (whether legal or not, yet to be determined) sales techniques used to pressure the elderly father of a friend of mine into signing up for FiOS services (on a long-term contract) that he didn't want or need. Since that posting, I've discovered more subterfuge -- they even signed him for FiOS TV after he explicitly told them that he already had cable TV and wanted to stay with it. Today I finally reached Verizon, and after fighting my way through the usual impediments and multiple transfers I successfully canceled the order. I hope. Verizon won't provide written confirmation that the order has been killed, and simply tells you to use the original order number for reference. We'll see if his existing, non-FiOS Verizon phone service ends up being disrupted, and I've told him that if any Verizon crews show up at his house, just send them packing back to the depot. I plan to pursue the issue of the tactics used by the Verizon door-to- door hit squad. Verizon reps I spoke to today refused to reveal whether or not such workers were Verizon employees or (more likely I'll bet) contract workers on commission. There was an amusing aspect to canceling the order. I felt it appropriate to record the call, so that I'd have a proof of this order activity in case there was an "issue" regarding the order's status later on. Complexities of individual state laws regarding notifications of recording aside (one-party vs. two-party states), my policy is to always notify the other party when I'm recording a call. Imagine my surprise when I discovered that the Verizon reps I talked to absolutely and indignantly refused to continue the calls when I told them that I was recording. This despite the fact that virtually the first words out of the Verizon phone system are "call may be monitored or recorded." So, being a law-abiding, ethical citizen, I stopped the recording and so informed the reps. Their hesitation to continue the calls was unmistakable. "Did he really stop recording?" The technical term for this attitude on the part of Verizon is of course referenced by the acronym CYA. They want to record you for their protection, but heaven forbid if you desire to record them for the same reason. But given Verizon's sleazy FiOS sales practices, the fact that they behave similarly disrespectful of their customers' concerns at the call center level shouldn't really surprise anyone. It's almost as if the long gone but widely despised General Telephone sometimes still lives on as a ghostly spirit in aspects of its descendant Verizon. Cue the theremin ... --Lauren-- From rforno at infowarrior.org Tue Jan 19 03:51:56 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jan 2010 22:51:56 -0500 Subject: [Infowarrior] - FBI broke law for years in phone record searches Message-ID: FBI broke law for years in phone record searches By John Solomon and Carrie Johnson Special to The Washington Post Tuesday, January 19, 2010; A01 The FBI illegally collected more than 2,000 U.S. telephone call records between 2002 and 2006 by invoking terrorism emergencies that did not exist or simply persuading phone companies to provide records, according to internal bureau memos and interviews. FBI officials issued approvals after the fact to justify their actions. E-mails obtained by The Washington Post detail how counterterrorism officials inside FBI headquarters did not follow their own procedures that were put in place to protect civil liberties. The stream of urgent requests for phone records also overwhelmed the FBI communications analysis unit with work that ultimately was not connected to imminent threats. < - > FBI General Counsel Valerie Caproni said in an interview Monday that the FBI technically violated the Electronic Communications Privacy Act when agents invoked nonexistent emergencies to collect records. < - > http://www.washingtonpost.com/wp-dyn/content/article/2010/01/18/AR2010011803982_pf.html From rforno at infowarrior.org Tue Jan 19 15:55:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jan 2010 10:55:50 -0500 Subject: [Infowarrior] - MS improves privacy for search Message-ID: (Of course, Google's position is that 18 months is needed to "improve search quality" is really oodespeak for "marketing purposes" --- so kudos to MS here for bowing to EU concerns and using privacy as a customer attraction tool in the search engine wars. -rick) Microsoft to Limit Holding Search Data to Six Months By PEPPI KIVINIEMI http://online.wsj.com/article/SB10001424052748703837004575012443848020502.html BRUSSELS--Microsoft Corp. Tuesday put pressure on Google Inc. in the race to provide more consumer privacy, saying it will eliminate most consumers' search data after six months regardless of what competitors do. The company will "delete the entire Internet Protocol address associated with search queries at six months rather than at 18 months," it said in a blog. The move to grant online users more privacy comes after intense negotiations with European data privacy regulators who have been pushing for all search engines to limit the time they hold personally identifiable search data to six months since early 2008. Microsoft believes that providing users better privacy protection will make the search engine "more attractive" to the customer, said John Vassallo, Microsoft vice-president of EU-affairs. Microsoft's latest search engine, Bing, with 3.3% of the global search market, is lagging far behind market leader Google's engine, which holds some 85% market share globally, according to online marketing company Net Applications. Google currently stores Internet protocol addresses which can be used to identify the computer used for searches for 9 months, and deletes all cookies after 18 months. Although most search engines have significantly reduced the time they hold on to search logs since requests to do so by the European working group?comprising of all 27 national privacy officials?Mr. Vasallo said that there still remained a possibility that the European Union might want to regulate online privacy requirements. Microsoft had earlier said that it was waiting for the industry to move together to reduce the time search queries are held to six months, but it said Tuesday it will now act unilaterally and called on rivals to follow suit. Google maintains that it needs to keep queries for nine-months in order to improve search quality and to fight online fraud, such as companies artificially increasing the cost of online advertising, known as click fraud. "Data from our search queries represents a crucial arm in our battle to protect the security of our services against hacks and fraud. It also represents a critical element allowing us to help users by innovating and improving the quality of our searches," Google said in a statement. Microsoft, meanwhile, is convinced it can "manage the search data" within the six-month time frame both in terms of improving the online search and fighting fraud, Mr. Vasallo said. Yahoo Inc., with about 6.3% of the global search market, cut its data retention to 3 months, from 13 months in late 2008. Microsoft said it will take the company 12 to 18 months to implement the new data privacy provision due to technical demands that would have to be figured out first. The European Commission, the European Union's executive arm, has also recommended that search data be made anonymous after six months. Write to Peppi Kiviniemi at peppi.kiviniemi at dowjones.com From rforno at infowarrior.org Tue Jan 19 18:31:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jan 2010 13:31:26 -0500 Subject: [Infowarrior] - Interesting question.... Message-ID: <585C9FB9-FBFD-4F53-84CB-39C81D2F1610@infowarrior.org> If School Officials Got Confused By Kid's Science Project, Why Does The Kid Need Counseling? http://techdirt.com/articles/20100118/0250237790.shtml From rforno at infowarrior.org Tue Jan 19 23:38:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jan 2010 18:38:27 -0500 Subject: [Infowarrior] - MS Issuing Out-of-Band Patch to Fix IE Hole Message-ID: <6A7E36E2-2050-45A0-8A8C-A721B32C3F04@infowarrior.org> Microsoft to Issue Out-of-Band Patch to Fix IE Hole 01.19.10 by Mark Hachman http://www.pcmag.com/article2/0,2817,2358210,00.asp Microsoft will release an out-of-band patch to resolve the "Aurora" vulnerability that has struck Internet Explorer, the company said on Tuesday. Microsoft said that patch would be released Wednesday, but didn't disclose a time in which it would be made available. The company said that, so far, "very limited, and in some cases, targeted attacks" have been made against Internet Explorer 6. Microsoft had previously concluded Internet Explorer 6 running on Windows XP and possibly Windows 2000 was vulnerable, although later the same exploit was found to also affect IE7 on Windows XP and Vista. The Aurora vulnerability was the vector unknown attackers used to strike Google and a number of other Internet companies; those attacks were originally blamed on a hole in Adobe's products, but were later tied to IE. Reuters later that the attacks may have been assisted by Google employees. The widespread confusion on the issue prompted the out-of-band patch, George Stathakopoulos, general manager of Trustworthy Computing Security, wrote in a blog post on Tuesday. "Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability," Stathakopoulos wrote. "We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time," Stathakopoulos added. Naturally, Microsoft continues to recommend users update their browser to Internet Explorer 8, a practice that some businesses may have not taken because of their dependence on older Web applications. From rforno at infowarrior.org Wed Jan 20 13:58:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jan 2010 08:58:15 -0500 Subject: [Infowarrior] - TSA nominee Erroll Southers withdraws Message-ID: <5DDF98F3-F084-4DAC-8FC9-DCDC1F4E944E@infowarrior.org> TSA nominee Erroll Southers withdraws http://voices.washingtonpost.com/federal-eye/2010/01/tsa_nominee_erroll_southers_wi.html Erroll Southers, President Obama's nominee to lead the Transportation Security Administration, has withdrawn his name from consideration, a Senate aide confirmed Wednesday. Southers's nomination had faced fierce opposition from Republicans, especially since revelations that he may have misled Congress about an incident in the late 1980s involving a background check of the boyfriend of his ex-wife. As The Eye was the first to report in November, Southers told the Senate that he asked a co-worker's husband who worked for the San Diego Police Department at the time to run a background check on his ex-wife's boyfriend. The incident did little to stop his unanimous confirmation by the Senate Homeland Security and Governmental Affairs Committee. But a day after the panel referred his nomination to the Senate, Southers told lawmakers that he twice conducted the database searches himself, downloaded confidential law enforcement records about the boyfriend and then passed the information on to the police department employee. ?I was extremely excited about the opportunity to lead the Transportation Security Administration and fulfill Secretary Napolitano?s objective to develop it into the best organization of its kind in the world," Southers said in a statement released by the White House Wednesday morning. "However, it is apparent that this path has been obstructed by political ideology. I have decided, after deep reflection and in consultation with my family and friends to respectfully withdraw my name from consideration for confirmation as the assistant secretary for the TSA. "It is clear that my nomination has become a lightning rod for those who have chosen to push a political agenda at the risk of the safety and security of the American people," Southers said. "This partisan climate is unacceptable and I refuse to allow myself to remain part of their dialogue. The TSA has important work to be done and I regret I will not be part of their success. I would like to thank the President, Secretary Napolitano and all of the people at the Department of Homeland Security who worked tirelessly to successfully move my nomination through two Senate committees during the past seven months.? "The President believes that Erroll Southers would have been an excellent TSA Administrator but understands his personal decision and the choice he has made," said White House spokesman Nicholas Shapiro. "Southers was uniquely qualified for this job and it is with great sadness that the President accepted Southers' withdrawal. Fortunately the acting TSA Administrator is very able and we have a solid team of professionals at TSA doing vital national security work to keep us safe," Shapiro said. Shapiro could not say when Obama might name a new TSA nominee or if the White House will just nominate Acting Administrator Gale Rossides to the job full-time. From rforno at infowarrior.org Wed Jan 20 17:05:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jan 2010 12:05:18 -0500 Subject: [Infowarrior] - NYT to charge for access Message-ID: <39788283-CA9D-4249-9471-80C28040E2A6@infowarrior.org> January 21, 2010 The Times to Charge for Frequent Access to Its Web Site By RICHARD P?REZ-PE?A http://www.nytimes.com/2010/01/21/business/media/21times.html?pagewanted=print The New York Times announced Wednesday that it intended to charge frequent readers for access to its Web site, a step being debated across the industry that nearly every major newspaper has so far feared to take. Starting in early 2011, visitors to NYTimes.com will get a certain number of articles free every month before being asked to pay a flat fee for unlimited access. Subscribers to the newspaper?s print edition will receive full access to the site. But executives of The New York Times Company said they could not yet answer fundamental questions about the plan, like how much it would cost or what the limit would be on free reading. They stressed that the amount of free access could change with time, in response to economic conditions and reader demand. ?This announcement allows us to begin the thought process that?s going to answer so many of the questions that we all care about,? Arthur Sulzberger Jr., the company chairman and publisher of the newspaper, said in an interview. ?We can?t get this halfway right or three- quarters of the way right. We have to get this really, really right.? Any changes are sure to be closely watched by publishers and other purveyors of online content who scoffed at the notion of online charging until advertising began to plummet in 2007, battering visions of Internet businesses supported solely by ads. Few general-interest publications charge now, but many newspapers and magazines are studying whether to make the switch. Still, publishers fear that income from digital subscriptions would not compensate for the resulting loss of audience and advertising revenue. NYTimes.com is by far the most popular newspaper site in the country, with more than 17 million readers a month in the United States, according to Nielsen Online, and analysts say it is easily the leader in advertising revenue, as well. That may make it better positioned than other general-interest papers to charge ? and also gives The Times more to lose if the move backfires. The Times Company has been studying the matter for almost a year, searching for common ground between pro- and anti-pay camps ? a debate mirrored in dozens of media-watching blogs ? and the system will not go into effect until January 2011. Executives said they were not bothered by the prospect of absorbing barbs for moving cautiously. ?There?s no prize for getting it quick,? said Janet L. Robinson, the company?s president and chief executive. ?There?s more of a prize for getting it right.? This would not be the first time the company has attempted an online pay model. In the 1990s it charged overseas readers, and from 2005 to 2007 the newspaper?s TimesSelect service charged for access to editorials and columns. TimesSelect attracted about 210,000 subscribers who paid $49.95 a year but it was scrapped to take advantage of the boom in online advertising. Company executives said the current decision was not a reaction to the ad recession but a long-term strategy to develop new revenue. ?This is a bet, to a certain degree, on where we think the Web is going,? Mr. Sulzberger said. ?This is not going to be something that is going to change the financial dynamics overnight.? Two specialized papers charge already: The Wall Street Journal, which makes certain articles accessible only to subscribers, and The Financial Times, which allows non-paying readers to see up to 10 articles a month, a system close to what is planned by The Times. Most readers who go to the Times site, as with other news sites, are incidental visitors, arriving no more than once in a while through searches and links, and many of them would be unaffected by the new system. A much smaller number of committed readers account for the bulk of the site visits and page views, and the essential question is how many of them will pay to continue that habit. Executives said the computerized subscription service must work smoothly and communicate seamlessly with the computer systems that handle the database of print subscribers. The Times will not use one of the pay systems being marketed by other companies, like Journalism Online, led by Steven Brill, or the News Corporation, instead choosing to create the system essentially from scratch. ?There?s a lot of technical work that we need to do over the next year to get this right,? said Martin A. Nisenholtz, the company?s senior vice president for digital operations. ?And I think if you were to benchmark this against other, similar implementations, you would find that a year is not excessive.? Bill Keller, the executive editor, embraced the plan. ?It underscores the value of what we do ? trustworthy, aggressively reported professional journalism, which is an increasingly rare and precious thing,? Mr. Keller said. ?And it gives us a second way to sustain that hard, expensive work, in addition to our healthy advertising revenue. Company executives would not release estimates of how many subscribers and how much revenue an online system would attract, how many visitors the site might lose because of it, or how much ad revenue would decline. The Times Company looked at several approaches, including a straightforward pay wall similar to The Journal?s; various ?metered? systems, including the one they chose; a ?membership? format similar to the one used in public broadcasting, with rewards for supporters but little or no limit on access to the site; and a hybrid among those options. The approach the company took is ?the one that after much research and study we determined has the most upside in both? subscriptions and advertising, Mr. Nisenholtz said. ?We?re trying to maximize revenue. We?re not saying we want to put this revenue stream above that revenue stream. The goal is to maximize both revenue streams in combination.? From rforno at infowarrior.org Wed Jan 20 18:21:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jan 2010 13:21:09 -0500 Subject: [Infowarrior] - Hundreds of Netsol Sites Hacked Message-ID: (c/o anonymous) Hundreds of Network Solutions Sites Hacked Web site domain registrar and hosting provider Network Solutions acknowledged Tuesday that hackers had broken into its servers and defaced hundreds of customer Web sites. The hackers appear to have replaced each site?s home page with anti- Israeli sentiments and pictures of masked militants and armed with rocket launchers and rifles, along with the message ?HaCKed by CWkomando.? According to results for that search term entered into Microsoft?s Bing search engine, there may in fact be thousands of sites affected by this mass defacement. One of the defaced pages belonged to Minnesota?s 8th District GOP, according to a story in The Minnesota Independent, which said the Arabic writing that accompanies the defaced pages contains the dedication ?For Palestine,? and the repeated phrase ?Allahu Akbar? [God is great]. Network Solutions said the hackers were able to get in by exploiting a ?file-inclusion? weakness in the company?s Unix servers. So-called remote file inclusion attacks are quite common, and can let attackers insert code that gives them backdoor access to and control over the affected server. Network Solutions said it is in the process of helping customers restore their sites. ?These incidents are regrettable and we apologize for the inconvenience,? the company said in its statement. ?Due to the nature of the web, the race between technology and the bad elements is a challenge that companies face continually.? Network Solutions said there was no danger to customers? ?personally identifiable or secure information? as a result of the incident. Other recent break-ins at NetSol have not been so benign: Last summer, hackers broke into a number of Network Solutions Web servers and planted rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts . Let this be a helpful reminder to all of us who run a Web site that no matter how much you have done to lock down your Web site, a hiccup, server crash or break-in at your hosting provider can deep-six your site in a heartbeat. If you don?t already know how to do so, take some time before it is too late to learn how to backup and restore your site (look for a future blog post for a primer or two on this very topic). From rforno at infowarrior.org Thu Jan 21 16:43:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jan 2010 11:43:18 -0500 Subject: [Infowarrior] - Prayer box mistaken for bomb, forces jet to land in Philly Message-ID: Prayer box mistaken for bomb, forces jet to land in Philly By Peter Mucha Inquirer Staff Report http://www.philly.com/philly/news/breaking/82249402.html?cmpid=15585797 A teenager strapping Jewish religious ritual prayer boxes to his head and arm caused a scare on a plane from New York to Kentucky this morning, prompting the pilot to land in Philadelphia, officials said. Police determined there was no threat and the 17-year-old boy and his 16-year-old sister, who live in White Plains, N.Y., were not held. USA Airways Express Flight 3079 was en route from New York's LaGuardia Airport to Louisville about 8:15 a.m. when a stewardess saw the youth strapping on his tefillin. Tefillin, also known as phylacteries, are leather boxes containing scriptures with leather straps that observant Jews wear on their arms and head during prayer. Philadelphia Police Chief Inspector Joseph Sullivan said the stewardess became concerned and alerted the pilot. "It's something they never seen before," Sullivan said. Taking no chances, the pilot decided to make an unscheduled landing in Philadelphia and reported a man with a device with "wires" on the plane. The wires turned out to be the leather straps, officials said. Police were notified about 8:23 a.m. and federal and city law enforcement vehicles surrounded the plane after it touched down. They took the jet to a remote area and removed the boy and his sister from the plane. The pair explained what the boy was doing with the tefillin, Sullivan said. Police decided by 8:45 a.m. that there was no threat, Sullivan said. A Transportation Safety Administration statement called the unscheduled landing a "disrputive passenger" incident and made no mention of circumstances described by police. U.S. Airways said there 15 passengers on the plane. No one took action against the youth and the plane landed without incident. Passengers continuing to Louisville were being booked on another flight. The boy and his sister reportedly decided to stay behind and were waiting for relatives to arrive from New York to pick them up. From rforno at infowarrior.org Thu Jan 21 17:50:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jan 2010 12:50:45 -0500 Subject: [Infowarrior] - Clinton Speech: Internet Freedom (Text) Message-ID: Internet Freedom The prepared text of U.S. of Secretary of State Hillary Rodham Clinton's speech, delivered at the Newseum in Washington, D.C. JANUARY 21, 2010 http://www.foreignpolicy.com/articles/2010/01/21/internet_freedom Thank you, Alberto for that kind introduction. It's a pleasure to be here at the Newseum. This institution is a monument to some of our most precious freedoms, and I'm grateful for this opportunity to discuss how those freedoms apply to the challenges of the 21st century. I'm also delighted to see so many friends and former colleagues. This is an important speech on an important subject. But before I begin, I want to speak briefly about Haiti. During the last nine days, the people of Haiti and the people of the world have joined together to deal with a tragedy of staggering proportions. Our hemisphere has seen its share of hardship, but there are few precedents for the situation we're facing in Port-au-Prince. Communication networks have played a critical role in our response. In the hours after the quake, we worked with partners in the private sector to set up the text "HAITI" campaign so that mobile phone users in the United States could donate to relief efforts via text message. That initiative has been a showcase for the generosity of the American people and it's raised over $25 million for recovery efforts. Information networks have also played a critical role on the ground. The technology community has set up interactive maps to help identify needs and target resources. And on Monday, a seven-year-old girl and two women were pulled from the rubble of a collapsed supermarket by an American search and rescue team after they sent a text message calling for help. These examples are manifestations of a much broader phenomenon. The spread of information networks is forming a new nervous system for our planet. When something happens in Haiti or Hunan the rest of us learn about it in real time - from real people. And we can respond in real time as well. Americans eager to help in the aftermath of a disaster and the girl trapped in that supermarket are connected in ways that we weren't a generation ago. That same principle applies to almost all of humanity. As we sit here today, any of you - or any of our children - can take out tools we carry with us every day and transmit this discussion to billions across the world. In many respects, information has never been so free. There are more ways to spread more ideas to more people than at any moment in history. Even in authoritarian countries, information networks are helping people discover new facts and making governments more accountable. During his visit to China in November, President Obama held a town hall meeting with an online component to highlight the importance of the internet. In response to a question that was sent in over the internet, he defended the right of people to freely access information, and said that the more freely information flows, the stronger societies become. He spoke about how access to information helps citizens to hold their governments accountable, generates new ideas, and encourages creativity. The United States' belief in that truth is what brings me here today. But amid this unprecedented surge in connectivity, we must also recognize that these technologies are not an unmitigated blessing. These tools are also being exploited to undermine human progress and political rights. Just as steel can be used to build hospitals or machine guns and nuclear energy can power a city or destroy it, modern information networks and the technologies they support can be harnessed for good or ill. The same networks that help organize movements for freedom also enable al Qaeda to spew hatred and incite violence against the innocent. And technologies with the potential to open up access to government and promote transparency can also be hijacked by governments to crush dissent and deny human rights. In the last year, we've seen a spike in threats to the free flow of information. China, Tunisia, and Uzbekistan have stepped up their censorship of the internet. In Vietnam, access to popular social networking sites has suddenly disappeared. And last Friday in Egypt, 30 bloggers and activists were detained. One member of this group, Bassem Samir - who is thankfully no longer in prison - is with us today. So while it is clear that the spread of these technologies is transforming our world, it is still unclear how that transformation will affect the human rights and welfare of much of the world's population. SYNCING PROGRESS WITH PRINCIPLES On their own, new technologies do not take sides in the struggle for freedom and progress. But the United States does. We stand for a single internet where all of humanity has equal access to knowledge and ideas. And we recognize that the world's information infrastructure will become what we and others make of it. This challenge may be new, but our responsibility to help ensure the free exchange of ideas goes back to the birth of our republic. The words of the First Amendment to the Constitution are carved in 50 tons of Tennessee marble on the front of this building. And every generation of Americans has worked to protect the values etched in that stone. Franklin Roosevelt built on these ideas when he delivered his Four Freedoms speech in 1941. At the time, Americans faced a cavalcade of crises and a crisis of confidence. But the vision of a world in which all people enjoyed freedom of expression, freedom of worship, freedom from want, and freedom from fear transcended the trouble of his day. Years later, one of my heroes, Eleanor Roosevelt, worked to have these principles adopted as a cornerstone of the Universal Declaration of Human Rights. They have provided a lodestar to every succeeding generation - guiding us, galvanizing us, and enabling us to move forward in the face of uncertainty. As technology hurtles forward, we must think back to that legacy. We need to synchronize our technological progress with our principles. In accepting the Nobel Prize, President Obama spoke about the need to build a world in which peace rests on the "inherent rights and dignity of every individual." And in my speech on human rights at Georgetown I talked about how we must find ways to make human rights a reality. Today, we find an urgent need to protect these freedoms on the digital frontiers of the 21st century. There are many other networks in the world - some aid in the movement of people or resources; and some facilitate exchanges between individuals with the same work or interests. But the internet is a network that magnifies the power and potential of all others. And that's why we believe it's critical that its users are assured certain basic freedoms. FREEDOM OF EXPRESSION First among them is the freedom of expression. This freedom is no longer defined solely by whether citizens can go into the town square and criticize their government without fear of retribution. Blogs, email, social networks, and text messages have opened up new forums for exchanging ideas - and created new targets for censorship. As I speak to you today, government censors are working furiously to erase my words from the records of history. But history itself has already condemned these tactics. Two months ago, I was in Germany to celebrate the 20th anniversary of the fall of the Berlin Wall. The leaders gathered at that ceremony paid tribute to the courageous men and women on the far side of that barrier who made the case against oppression by circulating small pamphlets called samizdat. These leaflets questioned the claims and intentions of dictatorships in the Eastern Bloc, and many people paid dearly for distributing them. But their words helped pierce the concrete and concertina wire of the Iron Curtain. The Berlin Wall symbolized a world divided, and it defined an entire era. Today, remnants of that wall sit inside this museum - where they belong. And the new iconic infrastructure of our age is the internet. Instead of division, it stands for connection. But even as networks spread to nations around the globe, virtual walls are cropping up in place of visible walls. Some countries have erected electronic barriers that prevent their people from accessing portions of the world's networks. They have expunged words, names and phrases from search engine results. They have violated the privacy of citizens who engage in non-violent political speech. These actions contravene the Universal Declaration on Human Rights, which tells us that all people have the right "to seek, receive and impart information and ideas through any media and regardless of frontiers." With the spread of these restrictive practices, a new information curtain is descending across much of the world. Beyond this partition, viral videos and blog posts are becoming the samizdat of our day. As in the dictatorships of the past, governments are targeting independent thinkers who use these tools. In the demonstrations that followed Iran's presidential elections, grainy cell phone footage of a young woman's bloody murder provided a digital indictment of the government's brutality. We've seen reports that when Iranians living overseas posted online criticism of their nation's leaders, their family members in Iran were singled out for retribution. And despite an intense campaign of government intimidation, brave citizen journalists in Iran continue using technology to show the world and their fellow citizens what is happening in their country. In speaking out on behalf of their own human rights the Iranian people have inspired the world. And their courage is redefining how technology is used to spread truth and expose injustice. All societies recognize that free expression has its limits. We do not tolerate those who incite others to violence, such as the agents of al Qaeda who are - at this moment - using the internet to promote the mass murder of innocent people. And hate speech that targets individuals on the basis of their ethnicity, gender, or sexual orientation is reprehensible. It is an unfortunate fact that these issues are both growing challenges that the international community must confront together. We must also grapple with the issue of anonymous speech. Those who use the internet to recruit terrorists or distribute stolen intellectual property cannot divorce their online actions from their real world identities. But these challenges must not become an excuse for governments to systematically violate the rights and privacy of those who use the internet for peaceful political purposes. FREEDOM OF WORSHIP The freedom of expression may be the most obvious freedom to face challenges with the spread of new technologies, but it is not alone. The freedom of worship usually involves the rights of individuals to commune - or not commune - with their Creator. And that's one channel of communication that does not rely on technology. But the freedom of worship also speaks to the universal right to come together with those who share your values and vision for humanity. In our history, those gatherings often took place in churches, synagogues, temples, and mosques. Today, they may also take place on line. The internet can help bridge divides between people of different faiths. As the president said in Cairo, "freedom of religion is central to the ability of people to live together." And as we look for ways to expand dialogue, the internet holds out tremendous promise. We have already begun connecting students in the United States with young people in Muslim communities around the world to discuss global challenges. And we will continue using this tool to foster discussion between individuals in different religious communities. Some nations, however, have co-opted the internet as a tool to target and silence people of faith. Last year in Saudi Arabia, a man spent months in prison for blogging about Christianity. And a Harvard study found that the Saudi government blocked many web pages about Hinduism, Judaism, Christianity, and even Islam. Countries including Vietnam and China employed similar tactics to restrict access to religious information. Just as these technologies must not be used to punish peaceful political speech, they must not be used to persecute or silence religious minorities. Prayers will always travel on higher networks. But connection technologies like the internet and social networking sites should enhance individuals' ability to worship as they see fit, come together with people of their own faith, and learn more about the beliefs of others. We must work to advance the freedom of worship online just as we do in other areas of life. FREEDOM FROM WANT There are, of course, hundreds of millions of people living without the benefits of these technologies. In our world, talent is distributed universally, but opportunity is not. And we know from long experience that promoting social and economic development in countries where people lack access to knowledge, markets, capital, and opportunity can be frustrating, and sometimes futile work. In this context, the internet can serve as a great equalizer. By providing people with access to knowledge and potential markets, networks can create opportunity where none exists. Over the last year, I've seen this first hand. In Kenya, where farmers have seen their income grow by as much as 30% since they started using mobile banking technology. In Bangladesh, where more than 300,000 people have signed up to learn English on their mobile phones. And in sub-Saharan Africa, where women entrepreneurs use the internet to get access to microcredit loans and connect to global markets. These examples of progress can be replicated in the lives of the billion people at the bottom of the world's economic ladder. In many cases, the internet, mobile phones, and other connection technologies can do for economic growth what the green revolution did for agriculture. You can now generate significant yields from very modest inputs. One World Bank study found that in a typical developing country, a 10% increase in the penetration rate for mobile phones led to an almost one percent annual increase in per capita GDP. To put that in perspective, for India, that would translate into almost $10 billion a year. A connection to global information networks is like an on a ramp to modernity. In the early years of these technologies, many believed they would divide the world between haves and have-nots. That hasn't happened. There are 4 billion cell phones in use today - many are in the hands of market vendors, rickshaw drivers, and others who've historically lacked access to education and opportunity. Information networks have become a great leveler, and we should use them to help lift people out of poverty. FREEDOM FROM FEAR We have every reason to be hopeful about what people can accomplish when they leverage communication networks and connection technologies to achieve progress. But some will use global information networks for darker purposes. Violent extremists, criminal cartels, sexual predators, and authoritarian governments all seek to exploit global networks. Just as terrorists have taken advantage of the openness of our society to carry out their plots, violent extremists use the internet to radicalize and intimidate. As we work to advance these freedoms, we must also work against those who use communication networks as tools of disruption and fear. Governments and citizens must have confidence that the networks at the core of their national security and economic prosperity are safe and resilient. This is about more than petty hackers who deface websites. Our ability to bank online, use electronic commerce, and safeguard billions of dollars in intellectual property are all at stake if we cannot rely on the security of information networks. Disruptions in these systems demand a coordinated response by governments, the private sector, and the international community. We need more tools to help law enforcement agencies cooperate across jurisdictions when criminal hackers and organized crime syndicates attack networks for financial gain. The same is true when social ills such as child pornography and the exploitation of trafficked women and girls migrate online. We applaud efforts such as the Council on Europe's Convention on Cybercrime that facilitate international cooperation in prosecuting such offenses. We have taken steps as a government, and as a Department, to find diplomatic solutions to strengthen global cyber security. Over a half- dozen different Bureaus have joined together to work on this issue, and two years ago we created an office to coordinate foreign policy in cyberspace. We have worked to address this challenge at the UN and other multilateral forums and put cyber-security on the world's agenda. And President Obama has appointed a new national cyberspace policy coordinator who will help us work even more closely to ensure that our networks stay free, secure, and reliable. States, terrorists, and those who would act as their proxies must know that the United States will protect our networks. Those who disrupt the free flow of information in our society, or any other, pose a threat to our economy, our government and our civil society. Countries or individuals that engage in cyber attacks should face consequences and international condemnation. In an interconnected world, an attack on one nation's networks can be an attack on all. By reinforcing that message, we can create norms of behavior among states and encourage respect for the global networked commons. THE FREEDOM TO CONNECT The final freedom I want to address today flows from the four I've already mentioned: the freedom to connect - the idea that governments should not prevent people from connecting to the internet, to websites, or to each other. The freedom to connect is like the freedom of assembly in cyber space. It allows individuals to get online, come together, and hopefully cooperate in the name of progress. Once you're on the internet, you don't need to be a tycoon or a rock star to have a huge impact on society. The largest public response to the terrorist attacks in Mumbai was launched by a 13-year-old boy. He used social networks to organize blood drives and a massive interfaith book of condolence. In Colombia, an unemployed engineer brought together more than 12 million people in 190 cities around the world to demonstrate against the FARC terrorist movement. The protests were the largest anti-terrorist demonstrations in history. In the weeks that followed, the FARC saw more demobilizations and desertions than it had during a decade of military action. And in Mexico, a single email from a private citizen who was fed up with drug-related violence snowballed into huge demonstrations in all of the country's 32 states. In Mexico City alone, 150,000 people took to the streets in protest. The internet can help humanity push back against those who promote violence and extremism. In Iran, Moldova, and many other countries, online organizing has been a critical tool for advancing democracy, and enabling citizens to protest suspicious election results. Even in established democracies like the United States, we've seen the power of these tools to change history. Some of you may still remember the 2008 presidential election... The freedom to connect to these technologies can help transform societies, but it is also critically important to individuals. I recently heard the story of a doctor who had been trying desperately to diagnose his daughter's rare medical condition. After consulting with two dozen specialists, he still didn't have an answer. He finally identified the condition - and a cure - by using an internet search engine. That's one of the reasons why unfettered access to search engine technology is so important. APPLYING PRINCIPLES TO POLICY The principles I've outlined today will guide our approach to the issue of internet freedom and the use of these technologies. And I want to speak about how we apply them in practice. The United States is committed to devoting the diplomatic, economic and technological resources necessary to advance these freedoms. We are a nation made up of immigrants from every country and interests that span the globe. Our foreign policy is premised on the idea that no country stands to benefit more when cooperation among peoples and states increases. And no country shoulders a heavier burden when conflict drives nations apart. We are well placed to seize the opportunities that come with interconnectivity. And as the birthplace for so many of these technologies, we have a responsibility to see them used for good. To do that, we need to develop our capacity for 21st century statecraft. Realigning our policies and our priorities won't be easy. But adjusting to new technology rarely is. When the telegraph was introduced, it was a source of great anxiety for many in the diplomatic community, where the prospect of receiving daily instructions from Washington was not entirely welcome. But just as our diplomats eventually mastered the telegraph, I have supreme confidence that the world can harness the potential of these new tools as well. I'm proud that the State Department is already working in more than 40 countries to help individuals silenced by oppressive governments. We are making this issue a priority in at the United Nations as well, and included internet freedom as a component in the first resolution we introduced after returning to the UN Human Rights Council. We are also supporting the development of new tools that enable citizens to exercise their right of free expression by circumventing politically motivated censorship. We are working globally to make sure that those tools get to the people who need them, in local languages, and with the training they need to access the internet safely. The United States has been assisting in these efforts for some time. Both the American people and nations that censor the internet should understand that our government is proud to help promote internet freedom. We need to put these tools in the hands of people around the world who will use them to advance democracy and human rights, fight climate change and epidemics, build global support for President Obama's goal of a world without nuclear weapons, and encourage sustainable economic development. That's why today I'm announcing that over the next year, we will work with partners in industry, academia, and non-governmental organizations to establish a standing effort that will harness the power of connection technologies and apply them to our diplomatic goals. By relying on mobile phones, mapping applications, and other new tools, we can empower citizens and leverage our traditional diplomacy. We can also address deficiencies in the current market for innovation. Let me give you one example: let's say I want to create a mobile phone application that would allow people to rate government ministries on their responsiveness, efficiency, and level of corruption. The hardware required to make this idea work is already in the hands of billions of potential users. And the software involved would be relatively inexpensive to develop and deploy. If people took advantage of this tool, it would help us target foreign assistance spending, improve lives, and encourage foreign investment in countries with responsible governments - all good things. However, right now, mobile application developers have no financial incentive to pursue that project on their own and the State Department lacks a mechanism to make it happen. This initiative should help resolve that problem, and provide long-term dividends from modest investments in innovation. We're going to work with experts to find the best structure for this venture, and we'll need the talent and resources of technology companies and non-profit organizations in order to get the best results. So for those of you in this room, consider yourselves invited. In the meantime, there are companies, individuals, and institutions working on ideas and applications that could advance our diplomatic and development objectives. And the State Department will be launching an innovation competition to give this work an immediate boost. We'll be asking Americans to send us their best ideas for applications and technologies that help to break down language barriers, overcome illiteracy, and connect people to the services and information they need. Microsoft, for example, has already developed a prototype for a digital doctor that could help provide medical care in isolated rural communities. We want to see more ideas like that. And we'll work with the winners of the competition and provide grant to help build their ideas to scale. PRIVATE SECTOR AND FOREIGN GOVERNMENT RESPONSIBILITY As we work together with the private sector and foreign governments to deploy the tools of 21st century statecraft, we need to remember our shared responsibility to safeguard the freedoms I've talked about today. We feel strongly that principles like information freedom aren't just good policy, they're good business for all involved. To use market terminology, a publicly-listed company in Tunisia or Vietnam that operates in an environment of censorship will always trade at a discount relative to an identical firm in a free society. If corporate decision makers don't have access to global sources of news and information, investors will have less confidence in their decisions. Countries that censor news and information must recognize that, from an economic standpoint, there is no distinction between censoring political speech and commercial speech. If businesses in your nation are denied access to either type of information, it will inevitably reduce growth. Increasingly, U.S. companies are making the issue of information freedom a greater consideration in their business decisions. I hope that their competitors and foreign governments will pay close attention to this trend. The most recent example of Google's review of its business operations in China has attracted a great deal of interest. We look to Chinese authorities to conduct a thorough investigation of the cyber intrusions that led Google to make this announcement. We also look for that investigation and its results to be transparent. The internet has already been a source of tremendous progress in China, and it's great that so many people there are now online. But countries that restrict free access to information or violate the basic rights of internet users risk walling themselves off from the progress of the next century. The United States and China have different views on this issue. And we intend to address those differences candidly and consistently. Ultimately, this issue isn't just about information freedom; it's about what kind of world we're going to inhabit. It's about whether we live on a planet with one internet, one global community, and a common body of knowledge that unites and benefits us all. Or a fragmented planet in which access to information and opportunity is dependent on where you live and the whims of censors. Information freedom supports the peace and security that provide a foundation for global progress. Historically, asymmetrical access to information is one of the leading causes of interstate conflict. When we face serious disputes or dangerous incidents, it's critical that people on both sides of the problem have access to the same set of facts and opinions. As it stands, Americans can consider information presented by foreign governments - we do not block their attempts to communicate with people in the United States. But citizens in societies that practice censorship lack exposure to outside views. In North Korea, for example, the government has tried to completely isolate its citizens from outside opinions. This lop-sided access to information increases both the likelihood of conflict and the probability that small disagreements will escalate. I hope responsible governments with an interest in global stability will work to address such imbalances. For companies, this issue is about more than claiming the moral high ground; it comes down to the trust between firms and their customers. Consumers everywhere want to have confidence that the internet companies they rely on will provide comprehensive search results and act as responsible stewards of their information. Firms that earn that confidence will prosper in a global marketplace. Those who lose it will also lose customers. I hope that refusal to support politically- motivated censorship will become a trademark characteristic of American technology companies. It should be part of our national brand. I'm confident that consumers worldwide will reward firms that respect these principles. We are reinvigorating the Global Internet Freedom Task Force as a forum for addressing threats to internet freedom around the world, and urging U.S. media companies to take a proactive role in challenging foreign governments' demands for censorship and surveillance. The private sector has a shared responsibility to help safeguard free expression. And when their business dealings threaten to undermine this freedom, they need to consider what's right, not simply the prospect of quick profits. We're also encouraged by the work that's being done through the Global Network Initiative - a voluntary effort by technology companies who are working with non-governmental organization, academic experts, and social investment funds to respond to government requests for censorship. The Initiative goes beyond mere statements of principle and establishes mechanisms to promote real accountability and transparency. As part of our commitment to support responsible private sector engagement on information freedom, the State Department will be convening a high-level meeting next month co-chaired by Under Secretaries Robert Hormats and Maria Otero to bring together firms that provide network services for talks on internet freedom. We hope to work together to address this challenge. CONCLUSION Pursuing the freedoms I've talked about today is the right thing to do. But it's also the smart thing to do. By advancing this agenda, we align our principles, our economic goals, and our strategic priorities. We need to create a world in which access to networks and information brings people closer together, and expands our definition of community. Given the magnitude of the challenges we're facing, we need people around the world to pool their knowledge and creativity to help rebuild the global economy, protect our environment, defeat violent extremism, and build a future in which every human being can realize their God-given potential. Let me close by asking you to remember the little girl who was pulled from the rubble on Monday in Port-au-Prince. She is alive, was reunited with her family, and will have the opportunity to help rebuild her nation because these networks took a voice that was buried and spread it to the world. No nation, group, or individual should stay buried in the rubble of oppression. We cannot stand by while people are separated from our human family by walls of censorship. And we cannot be silent about these issues simply because we cannot hear their cries. Let us recommit ourselves to this cause. Let us make these technologies a force for real progress the world over. And let us go forward together to champion these freedoms. From rforno at infowarrior.org Thu Jan 21 18:41:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jan 2010 13:41:24 -0500 Subject: [Infowarrior] - More music industry nuttery Message-ID: <9C2BE9E0-5E49-41B3-A37D-F76E629A539F@infowarrior.org> Prisons And Hair Dressers Latest To Push Back On Ridiculous Collection Society Demands from the pay-to-listen dept http://www.techdirt.com/articles/20100120/1028177833.shtml We've noticed lately that music collection societies have been going overboard in demanding more and more money from pretty much anyone who listens to music, claiming "public performances" and assuming that they're worth a lot more than they really are -- almost everywhere you turn. mikez sent in two new stories about collection societies -- both involving operations pushing back on the demands. The first involves prisons in the UK who are refusing to pay the licensing fees, and thus are telling prisoners (hey look, real thieves!) that they can't listen to music any more in any area where multiple people might be (the kitchen, workshops, restrooms, etc.) since others might overhear it. Yes, listening to music in a prison apparently requires a separate performance license. The second story involves Spanish hairdressers who are similarly refusing to pay and, instead, are telling customers to bring their own MP3 players to listen to their own music, privately. The really ridiculous thing is that in both cases all this is really doing is harming musicians. When places play music, it actually acts as advertising for that music -- and these collection societies are basically demanding to be paid for having people promote the music of various artists. So the artists get less promotion and don't get money from places like the examples above refusing to pay. Everyone loses! From rforno at infowarrior.org Thu Jan 21 19:50:52 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jan 2010 14:50:52 -0500 Subject: [Infowarrior] - Pirate Bay's VPN goes public: Ipredator Message-ID: <66CD31C3-B7C5-453D-864F-59579A0F00AF@infowarrior.org> Pirate Bay's VPN goes public: Ipredator As governments around the world consider proposals to hand surveillance powers to the entertainment industry and twitchy cops, the Pirate Bay is striking back. Its new ?5/month IPRedator service is an encrypted VPN that you can use to hide your traffic (whatever it may contain) from prying eyes. The name comes from Sweden's adoption of IPRED (the "IP Rights Enforcement Directive," a punishing piece of anti-Internet legislation). I've been looking for a reliable VPN to use on public hotspots -- this might just be it. http://www.boingboing.net/2010/01/20/pirate-bays-vpn-goes.html From rforno at infowarrior.org Thu Jan 21 20:02:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jan 2010 15:02:26 -0500 Subject: [Infowarrior] - First Twitter, now Blippy Message-ID: <8612F156-2960-4FCC-B718-70BF85AE5479@infowarrior.org> I see this as either a total waste of a person's time and/or an interesting way to collect data on people. Are we that vain a population that we need this level of communication?? -rick Blippy is a fun and easy way to see and discuss the things people are buying.....http://blippy.com/ From rforno at infowarrior.org Fri Jan 22 00:40:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jan 2010 19:40:58 -0500 Subject: [Infowarrior] - TSA screener punks passenger Message-ID: Daniel Rubin: It was no joke at security gate By Daniel Rubin Inquirer Columnist http://www.philly.com/philly/news/local/20100121_Daniel_Rubin__It_was_no_joke_at_security_gate.html In the tense new world of air travel, we're stripped of shoes, told not to take too much shampoo on board, frowned on if we crack a smile. The last thing we expect is a joke from a Transportation Security Administration screener - particularly one this stupid. Rebecca Solomon is 22 and a student at the University of Michigan, and on Jan. 5 she was flying back to school after holiday break. She made sure she arrived at Philadelphia International Airport 90 minutes before takeoff, given the new regulations. She would be flying into Detroit on Northwest Airlines, the same city and carrier involved in the attempted bombing on Christmas, just 10 days before. She was tense. What happened to her lasted only 20 seconds, but she says they were the longest 20 seconds of her life. After pulling her laptop out of her carry-on bag, sliding the items through the scanning machines, and walking through a detector, she went to collect her things. A TSA worker was staring at her. He motioned her toward him. Then he pulled a small, clear plastic bag from her carry-on - the sort of baggie that a pair of earrings might come in. Inside the bag was fine, white powder. She remembers his words: "Where did you get it?" Two thoughts came to her in a jumble: A terrorist was using her to sneak bomb-detonating materials on the plane. Or a drug dealer had made her an unwitting mule, planting coke or some other trouble in her bag while she wasn't looking. She'd left her carry-on by her feet as she handed her license and boarding pass to a security agent at the beginning of the line. Answer truthfully, the TSA worker informed her, and everything will be OK. Solomon, 5-foot-3 and traveling alone, looked up at the man in the black shirt and fought back tears. Put yourself in her place and count out 20 seconds. Her heart pounded. She started to sweat. She panicked at having to explain something she couldn't. Now picture her expression as the TSA employee started to smile. Just kidding, he said. He waved the baggie. It was his. And so she collected her things, stunned, and the tears began to fall. Another passenger, a woman traveling to Colorado, consoled her as others who had witnessed the confrontation went about their business. Solomon and the woman walked to their gates, where each called for security and reported what had happened. A joke? You're not serious. Was he hitting on her? Was he flexing his muscle? Who at a time of heightened security and rattled nerves would play so cavalierly with a passenger's emotions? When someone is trying to blow planes out of the sky, what is a TSA employee doing with his eyes off the ball? When she complained to airport security, Solomon said, she was told the TSA worker had been training the staff to detect contraband. She was shocked that no one took him off the floor, she said. "It was such a violation," the Wynnewood native told me by phone. "I'd come early. I'd done everything right. And they were kidding about it." I ran her story past Ann Davis, regional TSA spokeswoman, who said she knew nothing to contradict the young traveler's account. Davis said privacy law prevents her from identifying the TSA employee. The law prevents her from disclosing what sort of discipline he might have received. "The TSA views this employee's behavior to be highly inappropriate and unprofessional," she wrote. "We can assure travelers this employee has been disciplined by TSA management at Philadelphia International Airport, and he has expressed remorse for his actions." Maybe he's been punished enough. That Solomon's father, Jeffrey, is a Center City litigator might mean this story isn't over. In the meantime, I think the TSA worker should spend time following passengers through the scanners, handing them their shoes. Maybe he could tie them, too. Update: Ann Davis, the TSA spokeswoman, said this afternoon that the worker is no longer employed by the agency as of today. She said privacy laws prevented her from saying if he was fired or left on his own. From rforno at infowarrior.org Fri Jan 22 03:07:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jan 2010 22:07:31 -0500 Subject: [Infowarrior] - IFPI: Piracy Bad!!! Government Must Fix Because We Don't Want To Adapt Message-ID: <04C82251-474D-4D25-B989-10CE39CA3064@infowarrior.org> IFPI: Piracy Bad!!! Government Must Fix Because We Don't Want To Adapt !from the wake-up-folks dept It's that time of the year when the IFPI comes out with its annual fear-mongering report, and this year's has really gone overboard into the ridiculous. The basics are pretty much what you'd expect ("piracy bad! industry dying! governments must break everything to protect us!"). However, the details are just downright laughable. The entire report seems premised on the idea that direct music sales is the only thing that really matters (a blatant confusion about the difference between the recording industry (which the IFPI represents) and the music industry (which the IFPI pretends to represent). You can read the entire report below, but we'll go through some of the lowlights: < - > http://techdirt.com/articles/20100121/0825147855.shtml From rforno at infowarrior.org Fri Jan 22 03:09:28 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jan 2010 22:09:28 -0500 Subject: [Infowarrior] - UK MPs barred from ACTA talks Message-ID: <2362F5AA-AAC6-4B1E-80A4-62614A5E7894@infowarrior.org> (One really has to wonder how devilish the details of this treaty are if we see this kind of paranoia over the contents being disclosed before it's adopted. Be afraid, be very very afraid. --rf) MPs frozen out of super-secret copyright talks Preferences of foreign governments take precedence By Chris Williams http://www.theregister.co.uk/2010/01/21/acta_lammy/ Posted in Music and Media, 21st January 2010 11:57 GMT The government has refused to give MPs access to papers on international negotiations about copyright enforcement on the internet and at national borders. Junior business minister David Lammy said he could not put documents about the Anti-Counterfeiting Trade Agreement (ACTA) in the House of Commons Library, because other countries wanted to maintain secrecy. Lammy said he was "sympathetic" to calls for more transparency and had told his officials to press the point at the talks, but added: "Disclosure of any documents without the agreement of all our ACTA negotiating partners would damage the United Kingdom's international relations. "This would harm our ability to protect, promote and secure an outcome in the UK's interest, and the premature release of documents that are not agreed and not fully developed may also have a negative effect on the government's reputation." The secrecy surrounding ACTA has prompted speculation the agreement will be favourable to the music and film industries, whose lobbyists are party to the discussions. The European Commission, also involved in negotiations, responded that "ACTA will not go further than the current EU regime for enforcement of intellectual property rights". It also rejected claims that ACTA will mean border guards will search digital devices for pirated material. "EU customs, frequently confronted with traffics of drugs, weapons or people, do neither have the time nor the legal basis to look for a couple of pirated songs on an iPod music player or laptop computer, and there is no intention to change this," the Commission said, claiming talks on border measures concerned controls on conterfeiting. In December, EuroISPA, an ISP trade association, said the ACTA talks could be used to spread disconnection policies for online copyright infringers, already proposed in the UK under the Digital Economy Bill. "If some of the proposals currently under discussion in the context of these trade negotiations are adopted, ISPs will have to implement 'graduated response' measures," EuroISPA said. Others have argued that ACTA will make little difference to copyright enforcement in the UK. The true effect should be clear when the talks are completed this year and the final agreement published. ? From rforno at infowarrior.org Fri Jan 22 15:39:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2010 10:39:14 -0500 Subject: [Infowarrior] - Friday Humor: Creative Commons 'Downfall' video Message-ID: <6CD97A06-33A7-4AF7-9C25-0672A2246615@infowarrior.org> This is the "video that keeps on giving" it seems. From financial meltdowns to real estate crises to the recent Massachusetts election, 'Downfall' never ceases to find new life on the Internet. I figure this particular episode will be of humourous interest to my fellow Netizens. Happy Friday, all. -rick (c/o BoingBoing) Critical Commons has created its own entry in the great Hitler in the bunker remix meme. Steve Anderson sez, "The video is also promoting the fair use advocacy site Critical Commons, which is a fair use advocacy and media sharing site, funded by the MacArthur Foundation. This is currently the most radical media-sharing site on the open internet. Designed for media educators and students, Critical Commons makes high-quality, copyrighted media publicly available by placing it in a critical context and informing users about their rights under fair use." (http://www.boingboing.net/2010/01/22/critical-commons-vs.html ) Direct video link: http://www.youtube.com/watch?v=VREJV--VHSw From rforno at infowarrior.org Fri Jan 22 18:49:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2010 13:49:17 -0500 Subject: [Infowarrior] - Obama approved FBI privacy invasion Message-ID: <4A686F34-60EA-4E81-BB15-ADDCC80D976F@infowarrior.org> FBI, Telecoms Teamed to Breach Wiretap Laws http://www.wired.com/threatlevel/2010/01/fbi-att-verizon-violated-wiretapping-laws/? One of the key takeaways from the article referenced: "But in a surprise buried at the end of the 289-page report, the inspector general also reveals that the Obama administration issued a secret rule almost two weeks ago saying it was legal for the FBI to have skirted federal privacy protections." Yessir, that's change I can believe in. --rick From rforno at infowarrior.org Fri Jan 22 20:36:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2010 15:36:33 -0500 Subject: [Infowarrior] - Judge lowers Jammie Thomas' piracy penalty Message-ID: Judge lowers Jammie Thomas' piracy penalty by Greg Sandoval A U.S. district court has reduced damages for Jammie Thomas-Rasset, the Minnesota woman who was found liable for copyright violations by a jury last year. "The need for deterrence cannot justify a $2 million verdict for stealing and illegally distributing 24 songs for the sole purpose of obtaining free music," wrote Michael Davis, chief judge for the U.S. District Court for the District of Minnesota. An RIAA spokeswoman declined to comment. Last June, a federal jury in Minnesota found Thomas-Rasset liable for willful copyright infringement and ordered her to pay $1.9 million. Davis has ordered Thomas-Rasset to pay $54,000, or $2,250 per song. The Recording Industry Association of America accused Thomas-Rasset in 2007 of illegal file sharing, and after refusing to admit guilt or settle with the RIAA, she became the first person to take her case to court. < - > http://news.cnet.com/8301-31001_3-10439636-261.html From rforno at infowarrior.org Fri Jan 22 20:48:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2010 15:48:37 -0500 Subject: [Infowarrior] - UK terror level raised to 'severe' Message-ID: UK terror threat level 'severe' http://news.bbc.co.uk/2/hi/uk_news/8476238.stm The UK terror threat level is being raised from "substantial" to "severe", the Home Office has said. The new alert level means a terrorist attack is considered "highly likely". It had stood at substantial since July. The decision follows a recommendation from the UK's Joint Terrorism Analysis Centre (JTAC). It is in response to the perceived increased threat from international terrorism following the failed Detroit airliner bombing. The JTAC, which is a unit within the security service MI5, sets the level based on the intelligence available about terrorist intentions and capabilities. There are five levels of terror threat, ranging from low - meaning an attack is unlikely - to critical - when an attack is expected imminently. Severe is the second level on the scale. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/uk_news/8476238.stm Published: 2010/01/22 20:37:33 GMT ? BBC MMX From rforno at infowarrior.org Fri Jan 22 23:01:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2010 18:01:42 -0500 Subject: [Infowarrior] - Pilot's good op-ed on air 'security' Message-ID: <54340D9F-57FD-41EF-8662-FAB52486CB39@infowarrior.org> Thursday, Jan 21, 2010 20:21 EST Ask The Pilot Emergency doors, karaoke bombers and other false alarms When did we become such a nation of scaredy-cats? By Patrick Smith http://www.salon.com/news/air_travel/index.html?story=/tech/col/smith/2010/01/21/american_hysteria This country needs to get a grip. We need a slap in the face, a splash of cold water. On Saturday, 57-year-old Jules Paul Bouloute opened an emergency exit inside the American Airlines terminal at Kennedy airport. Alarms blared and sirens flashed. Bouloute later told police that he'd opened the door by accident. Which is what you'd assume. Sure, the exit was clearly marked, but it happens all the time, does it not? In office buildings, shopping malls, hospitals and airports, well-intended people become distracted and pass through restricted doorways. And you would think our airport security force would keep this in mind and react accordingly, and not with the assumption that every errant traveler is a terrorist poised for mass murder. To the contrary, why in the world would an attacker go around setting off alarms and drawing attention to himself? Unfortunately, this is America 2010, and the response at JFK was neither rational nor surprising. All of Terminal 8 was evacuated for more than two hours. Police then swept through the building with dogs and SWAT teams (because, you see, a terrorist wouldn't quietly drop an explosive device into a trash barrel; he would first set off alarms, in order to...?). Before being allowed back in, thousands of travelers were forced to undergo rescreening at the Transportation Security Administration checkpoints, giving guards a chance to snag any butter knives or 4-ounce shampoo bottles they might have missed the first time. Inbound planes were stranded on the tarmac and departures were delayed for several hours. Mind you, this was the third incident at New York airports in recent weeks in which transgressions resulted in chaos and evacuations. Bouloute, who had just come from Haiti, of all places, was arraigned on charges of first-degree criminal tampering and third-degree criminal trespass. He faces up to seven years in prison. I can't imagine he'll actually be convicted, but the mere fact that we're going through the motions is disheartening and embarrassing enough. But what shocks me the most is that throughout all the coverage of the incident, including numerous interviews with ticked-off passengers and somber-voiced officials, not once has anybody raised the point that maybe ? just maybe ? we overreacted. Everyone, instead, is eager to blame Bouloute. "As a result of the defendant's actions, thousands of people were required to evacuate and to be rescreened by TSA, causing substantial delays in the airlines' schedules," District Attorney Richard Browne said in a statement. No, I'm sorry, Mr. District Attorney, but that's not it. What caused the delays and what hassled so many travelers was not the defendant's actions, but our mindless and hysterical response to them. The media and officials, in all possible gravity, keep describing the incident as a "security breach." Not to harp on semantics, but am I the only person who finds this silly? Granted I'm not privy to every detail, but let me go out on a limb here: It was an accident. A simple and minor accident. As Bouloute's attorney told reporters, "He just walked through the wrong door." How could he have missed all the red signs and placards? Who knows, though bear in mind that Bouloute had come from Haiti, where three days earlier an earthquake had killed or injured hundreds of thousands of people, some of them, we have to presume, Bouloute's friends or family. Let's click our heels together and enjoy a bit of time travel. True story: In 1996 a distracted individual opened a different restricted door at Kennedy airport, setting off an alarm and feeling like fool for doing so. That individual was me, Patrick Smith. Those were my regional pilot days, and I was trying to find my way out to the bus stop from the rat maze that is Kennedy's Terminal 3. It was dark and I was exhausted and, well, pack me off to Gitmo, I pushed on the wrong door. This particular "security breach" didn't make the evening news, however. A guard came over, checked me out, and reset the bell. What has become of us? Are we really in such a confused and panicked state that a person haplessly walking through the wrong door can disrupt air travel nationwide, resulting in mass evacuations and long delays? "The terrorists have won" is one of those waggish catch-alls that normally annoy me, but all too often it seems that way. Our reactionary, self-defeating behavior has put much at stake ? our time, our tax dollars and our liberties. And where is American Airlines in all of this? It has refused to comment, citing the "ongoing investigation." Par for the course. When was the last time you heard a carrier complain publicly about the misguided policies of airport security? And that's a shame. I realize that airlines are in a very tough position. They face extreme liability issues and cannot be seen as lobbying against security, even if what they're complaining about is justified. And the airlines, remember, caught an awful lot of flak, most of it undeserved, in the aftermath of Sept. 11. But at some point they need to stand up. Needless security woes make their customers angry and are one of the prime reasons that many people choose not to fly. At times the industry's silence and squeamishness suggest a business model of masochistic capitulation. In Europe carriers have been feistier. After the foiled liquid bomb plot in London in 2006, British Airways threatened to sue the British Airports Authority over a draconian carry-on ban that resulted in scores of cancellations and massive delays. A group of airlines led by budget carrier Ryanair prepared a half-billion-dollar lawsuit against the British government, hoping the threat of legal action would inspire ministers to rescind some of the luggage restrictions, described by Ryanair as "illogical and unworkable." Eventually the rules were relaxed. Never mind screening delays, how about the cost of unscheduled diversions? Ever since 9/11, skittish fliers have touched off a plague of in-flight false alarms. A passenger looks at somebody the wrong way, and the next thing you know fighter jets are scrambled and you're headed to Newfoundland. Aircraft are evacuated while canine units inspect hundreds of suitcases. For an airline the trickle-down price of such disruptions ? fuel costs, crew costs, passenger misconnects and downstream delays ? can run well into the hundreds of thousands of dollars. Maybe the most appalling diversion story is the one from 2004 involving a United Airlines 747 bound from Sydney, Australia, to Los Angeles. The plane jettisoned thousands of gallons of fuel over the Pacific and returned to Australia because a discarded airsickness bag was discovered with the letters "BOB" scrawled across it. So, you ask, what is so nefarious about the letters "BOB," from the perspective of a crew member who might find such a message? Don't ask me, I'm just an airline pilot. "Baleful Old Bagels"? "Bob O'Brien"? "Bauxite on Board"? I have no idea. United, though, for reasons that defy any precedent or explanation, took the letters to mean bomb on board, and ? I am not making this up ? went all the way back to Sydney. As we know, terrorists are apt to advertise the imminent detonation of an explosive device ahead of time by means of a cryptic acronym scrawled on a barf bag. And so on. How about the time in 2002 when military fighters were scrambled because ? get ready now ? a group of karaoke singers were seen chatting excitedly and pointing at the Manhattan skyline from the window of an Air India 747. This was just one of almost 3,000 military intercepts of civilian jetliners over North America since 2001. I mean ... I just ... It's... Calming down will not make us "less safe," as security zealots are wont to argue. Quite the opposite, it would free up time and resources, allowing us to focus on more credible and potent problems. Meanwhile, somewhat related to all of this, late last week a U.S. missile strike in Pakistan killed a man named Jamal Saeed Abdul Rahim. A former member of the Abu Nidal terror group, Rahim had been one of the FBI's most wanted fugitives, sought for his role in the hijacking of Pan Am Flight 73 in September 1986. Flight 73 had stopped in Karachi when a team of hijackers stormed the Boeing 747. Pakistani security forces rushed aboard in a rescue attempt, and the terrorists began shooting and lobbing grenades. Twenty-two people were killed and more than a hundred injured. Rahim and three accomplices were convicted by Pakistani authorities, but they were eventually released. The Abu Nidal group, today long forgotten, was busy in the mid-1980s. A year before Karachi they killed 20 people in a pair of coordinated ticket-counter assaults at the airports in Vienna and Rome. Also in 1986 was the bombing of TWA Flight 840. As the 727 was on approach into Athens, a bomb went off in the cabin, killing four people. In fact, over the five-year span between 1985 and 1989 we can count at least six high-profile terrorist attacks against commercial planes or airports. In addition to those above were the horrific bombings of Pan Am 103 and UTA 772, the bombing of an Air India 747 over the North Atlantic that killed 329 people, and the saga of TWA Flight 847. Flight 847, headed from Athens to Rome, was hijacked by Shiite militiamen armed with grenades and pistols. The 727 then embarked on a remarkable 17-day odyssey to Lebanon, Algeria, back to Lebanon, and then back to Algeria. At one point passengers were removed, split into groups and held captive in downtown Beirut. The photograph of TWA Capt. John Testrake, his head out the cockpit window, collared by a gun-wielding terrorist, was broadcast worldwide and became an unforgettable icon of the siege. I say "unforgettable," but that's just the thing. How many Americans remember Flight 847? How many remember the Karachi murders? It's astonishing how short our memories are. And partly because they're so short, we are easily frightened and manipulated. Here in this proclaimed new "age of terrorism," we act as if the clock began ticking on Sept. 11, 2001. In truth we've been dealing with this stuff for decades. Not only in the 1980s, but throughout the '60s and '70s as well. Acts of piracy and sabotage are far fewer today. Imagine the Karachi attack happening tomorrow. Imagine TWA 847 happening tomorrow. Imagine six successful terror attacks against commercial aviation in a five-year span. The airline industry would be paralyzed, the populace frozen in abject fear. It would be a catastrophe of epic proportion ? of wall-to-wall coverage and, dare I suggest, the summary surrender of important civil liberties. What is it about us, as a nation, that has made us so unable to remember, and unable to cope? Next time in "Ask the Pilot": Flying in Haiti From rforno at infowarrior.org Sat Jan 23 00:16:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2010 19:16:37 -0500 Subject: [Infowarrior] - Judge Tosses NSA Spy Cases Message-ID: udge Tosses NSA Spy Cases ? By David Kravets ? January 22, 2010 | ? 2:27 pm | ? Categories: Cover-Ups, Surveillance, privacy http://www.wired.com/threatlevel/2010/01/nsa-spy-cases-tossed/ A federal judge is dismissing lawsuits accusing the government of teaming with the nation?s telcos to funnel Americans? electronic communications to the National Security Agency without warrants. U.S. District Judge Vaughn Walker?s decision was a major blow to the two suits testing warrantless eavesdropping and executive branch powers implemented following the 2001 terror attacks. The San Francisco judge said the courts are not available to the public to mount that challenge. ?A citizen may not gain standing by claiming a right to have the government follow the law,? (.pdf) Walker ruled late Thursday. He noted that the plaintiffs include most every American connected to the internet or to have used a telephone ? meaning the lawsuits boil down to a ?general grievance? and are barred. The decision came days after a government audit showed the telecom companies and FBI collaborated for four years, between 2003 and 2007, to violate federal wiretapping laws. Judge Walker said that the lawsuits, in essence, cannot be brought because they are ?citizen suits seeking to employ judicial remedies to punish and bring to heel high-level government officials for the allegedly illegal and unconstitutional warrantless electronic surveillance program or programs now widely, if incompletely, aired in the public forum.? Cindy Cohn, the legal director of the Electronic Frontier Foundation that brought one of the cases, said the decision means ?when you?re trying to stop the government from doing something illegal, and if the government does it to enough people, the courts can?t fix it.? The Electronic Frontier Foundation, which said it would appeal Walker?s order, and others originally brought suit against AT&T and other telecommunication companies in 2006. That was a month after President George W. Bush acknowledged a Terror Surveillance Program after it was disclosed in The New York Times. The EFF, based on a former AT&T?s documentation, claims the program was, and continues to be a dragnet where carriers funnel customer communications to the National Security Agency without warrants. Bush, however, acknowledged the program as one in which his war powers granted him the authority to monitor American?s telecommunications without warrants if the subject was communicating with somebody overseas and was suspected of terrorism Walker tossed the case against the telecommunication carriers (.pdf) in June, after Congress ? with then-Sen. Barack Obama?s vote ? immunized the carriers from being sued for their alleged conduct. The 2008 legislation also authorized the Terror Surveillance Program as outlined by Bush. That decision by Walker, which is on appeal, gave new focus to the two lawsuits targeting the government that Walker tossed Thursday. The Obama administration argued that the case decided Thursday should be dismissed on grounds it threatened to expose government secrets, a legal privilege judges routinely rubber stamp. The government also asserted ?sovereign immunity,? a principle in which the government cannot be sued unless it has given consent. Walker declined to rule on those arguments. The ruling also elevates the importance of another lawsuit testing the president?s authority to spy on Americans without warrants. That suit involves two American lawyers accidentally given a ?top secret? document showing they were eavesdropped on by the government when working for a now-defunct Islamic charity in 2004. That case is pending before Walker. From rforno at infowarrior.org Sat Jan 23 00:18:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jan 2010 19:18:46 -0500 Subject: [Infowarrior] - MPAA Head Stepping Down Message-ID: <600427CC-CF44-4CA2-9909-DFF3D8660A42@infowarrior.org> Film Industry Head Glickman Leaves To Head Refugee Organisation http://www.ip-watch.org/weblog/2010/01/22/film-industry-head-glickman-leaves-to-head-refugee-organisation/ Motion Picture Association of America head Dan Glickman is moving from protecting intellectual property rights to protecting the rights of displaced people worldwide. Glickman announced today he will leave his position as chairman and CEO of the MPAA on 1 April. Glickman will make the leap to become president of Refugees International, an advocacy organisation for refugees worldwide. Glickman is no stranger to broad career changes, having come to the movie industry after serving as President Clinton?s agriculture secretary. Glickman had previously stated he would not seek renewal of his contract in September 2010. Bob Pisano, MPAA president and chief operating officer since 2005, will become interim CEO, and the search for Glickman?s replacement continues. Pisano came to MPAA after heading the Screen Actors Guild, and serving at several major movie production companies. Glickman replaced the vitriolic Jack Valenti in 2004. The full press release is on the MPAA website, here. From rforno at infowarrior.org Sat Jan 23 15:42:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Jan 2010 10:42:29 -0500 Subject: [Infowarrior] - 'Shadow Elite': Information Is Power And Who's Controlling Our Information? Message-ID: <46477119-4BE3-4CC7-92B8-95A3C4EF7B58@infowarrior.org> Gary Lyndaker Posted: January 22, 2010 10:45 AM 'Shadow Elite': Information Is Power And Who's Controlling Our Information? Janine Wedel's "Shadow Elite"--particularly her chapter on "U.S. Government, Inc."-- struck a familiar chord with me. She writes that our national and public interests risk being sold out because core government functions like running intelligence operations, controlling homeland security databases, and managing federal taxpayer monies doled out under the stimulus plans and bailouts are being outsourced to private contractors. Contracting is rampant: Today three-quarters of people working for the U.S. government are not government employees but private contractors. And it is no longer just printing and cleaning and food services that are being contracted out; it is the primary work of government. Working for the last 17 years in information technology organizations for Missouri state government, I have seen a similarly alarming (and growing) trend on the state level. Over 25 years, as an information systems developer, manager, and administrator in both state and private organizations, I have increasingly come to the conclusion that we are putting our state's operations at risk and compromising the trust of the people of our state by outsourcing core government functions. And outsourcing does not come cheaply. Let me explain from inside the world of IT. You might think that IT is one of those things like food services that can be easily spun off. Not so. When we talk about information systems and IT, we are not just speaking of geek technology. We are talking about the detailed mapping of an agency's operations into data and automated processes, which then embody and implement the functions of government. Information systems--encompassing software development, maintenance, and operations--hold the government's data, as well as the rules applied to that data and the business processes that make up government functions and services. These systems are also the source for most decision-making reports and analyses that guide decisions (other than those driven by politics or other power struggles). Almost always the analysts, designers, and programmers responsible for the software know the organization's business operations better than anyone else in the organization. When the IT function is outsourced, governments are put at risk. And so is the public's interest. Here's why. In many of our agencies, at least one key software system was developed by an external organization with little substantial involvement from the state's IT staff. Once these systems are in place, there may be no one in the state's IT organization who knows the system well enough to maintain it. Thus I've witnessed, with alarm, such instances as these: ? Missouri's Medicaid agency has one of the largest budgets in the state. Beginning more than two decades ago, the agency outsourced the development and maintenance of the Medicaid payment system. The system is maintained through a contract that has to be rebid periodically, putting its operation at risk each time the contractor changes. Moreover, the maintenance cost for this system is disguised from public view (because its cost is recorded as a "Program Service," not as an "IT Service") and I believe it is much more costly to taxpayers than doing this work in-house would be. In FY 2009 this cost taxpayers over $55 million--far more than was spent by any other agency on information systems. ? Across the state, other key systems have been developed or configured by external companies and the dependence on those contractors periodically comes to the surface. After only about six years of operation of the state's accounting and human resources system, the contractor that was originally paid tens of millions of dollars announced that it was moving to a new technology and would no longer support our installed version. It has taken threats and negotiations to maintain support by the contractor for the last few years. There is still no long-term solution--and this is the state accounting system! ? After an unfavorable audit a few years ago, the Department of Health and Senior Services found itself in a crisis situation. The department's core public health system had been developed almost completely by contracted programmers and funding for most of those positions was cut off as a result of the audit. The agency had to scramble to create state IT positions so they could retain some of the development staff and their knowledge of the system. Had we lost those individuals, the Department would have struggled to manage the primary public health database in the state. ? The Missouri Department of Revenue, which has been more "political" than most departments, has a history of contracting for the development of information systems, including vital tax systems. Some of their development contractors are no longer in business, leaving the agency with programs they can maintain only with difficulty. At least one contractor knew it had the state in a compromised position and made an exorbitant bid for a system upgrade. Another tax system is running on a version of server software that is more than a decade old. Others of their systems still require desktop software that is out of date and cannot be supported much longer. Overall, it is hard to justify the condition of the systems in this department and, of course, the public has no idea of this situation. ? Most recently, the Office of Administration acquired a software system for tracking federal stimulus funds distributed through the state. For a few months this system appeared to be the most politically visible program in the state. The software package was configured and installed by a local contractor and subcontractor. They did an excellent job considering the deadlines they had to meet. As in most outsourcing situations, however, there was no time, and no dedicated staff, to assure that in-house IT staff understood exactly how to maintain the system. For any critical change or failure in that system, the state has to rely on the original contractor and sub- contractor to make corrections in a timely manner. But, the right people may not be available when they are needed. Their first obligation is to their business, not to the government. Amazingly, Missouri was one of only three states given an ?A? in management of information by Governing Magazine in their 2008 state rankings, so one can imagine the situation in most other states. Missouri?s current IT leaders have indicated some intent to rely more on in-house IT staff and are making other attempts to improve control of IT systems. In addition, Missouri has often been fortunate to work with reliable IT contractors who employ local people, including some who have been state employees for part of their career, so the expertise stays ?local? and some loyalty to the state may be preserved. But, if outsourcing expands or if different contractors are chosen, our current good fortune may end. Tight budgets and political forces are driving Missouri and other state governments toward operating in an emergency mode and we respond by privatizing more government work. As illustrated by the examples given here, an increasing number of the people performing IT work are not state employees and therefore do not possess the unique knowledge of government functions and data and do not have the same priorities and loyalties. In the long run, this can't help but undermine the integrity and reliability of our government. http://www.huffingtonpost.com/gary-lyndaker/shadow-elite-information_b_432889.html From rforno at infowarrior.org Sun Jan 24 14:53:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Jan 2010 09:53:07 -0500 Subject: [Infowarrior] - Microsoft, Aurora: Forest & Trees Message-ID: <9BF94B74-A282-4110-AB51-860FA086EC6A@infowarrior.org> Microsoft, Aurora and something about forest and trees? Posted by jericho 3 hours ago Perhaps it is the fine tequila this evening, but I really don't get how our industry can latch on to the recent 'Aurora' incident and try to take Microsoft to task about it. The amount of news on this has been overwhelming, and I will try to very roughly summarize: News surfaces Google, Adobe and 30+ companies hit by "0-day" attack Google uses this for political overtones Originally thought to be Adobe 0-day, revealed it was MSIE 0-day Jan 14, confirmed it is MSIE vuln, shortly after dubbed "aurora" Jan 21, uproar over MS knowing about the vuln since Sept Now, here is where we get to the whole forest, trees and some analogy about eye sight. Oh, i'll warn (and surprise) you in advance, I am giving Microsoft the benefit of the doubt here (well, for half the blog post) and throwing this back at journalists and the security community instead. Let's look at this from a different angle. The big issue that is newsworthy is that Microsoft knew of this vulnerability in September, and didn't issue a patch until late January. What is not clear, is if Microsoft knew it was being exploited. The wording of the Wired article doesn't make it clear: "aware months ago of a critical security vulnerability well before hackers exploited it to breach Google, Adobe and other large U.S. companies" and "Microsoft confirmed it learned of the so-called 'zero- day' flaw months ago". Errr nice wording. Microsoft was aware of the vulnerability (technically), before hackers exploited it, but doesn't specifically say if they KNEW hackers were exploiting it. Microsoft learned of the "0-day" months ago? No, bad bad bad. This is taking an over-abused term and making it even worse. If a vulnerability is found and reported to the vendor before it is exploited, is it still 0-day (tree, forest, no one there to hear it falling)? Short of Microsoft admitting they knew it was being exploited, we can only speculate. So, for fun, let's give them a pass on that one and assume it was like any other privately disclosed bug. They were working it like any other issue, fixing, patching, regression testing, etc. Good Microsoft! Bad Microsoft! But, before you jump on the bandwagon, bad journalists! Bad security community! Why do you care they sat on this one vulnerability for six months? Why is that such a big deal? Am I the only one who missed the articles pointing out that they actually sat on five code execution bugs for longer? Where was the out pour of blogs or news articles mentioning that "aurora" was one of six vulnerabilities reported to them during or before September, all in MSIE, all that allowed remote code execution (tree, forest, not seeing one for the other)? < - more - and some pretty tables too -> http://blog.osvdb.org/2010/01/24/microsoft-aurora-and-something-about-forest-and-trees# From rforno at infowarrior.org Sun Jan 24 15:56:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Jan 2010 10:56:23 -0500 Subject: [Infowarrior] - Schneier: U.S. enables Chinese hacking of Google Message-ID: <34A851B9-3F98-470C-92D5-D3A4DA4ABC74@infowarrior.org> http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/ U.S. enables Chinese hacking of Google By Bruce Schneier, Special to CNN January 23, 2010 5:20 p.m. EST Editor's note: Bruce Schneier is a security technologist and author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." Read more of his writing at www.schneier.com. (CNN) -- Google made headlines when it went public with the fact that Chinese hackers had penetrated some of its services, such as Gmail, in a politically motivated attempt at intelligence gathering. The news here isn't that Chinese hackers engage in these activities or that their attempts are technically sophisticated -- we knew that already -- it's that the U.S. government inadvertently aided the hackers. In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access. Google's system isn't unique. Democratic governments around the world -- in Sweden, Canada and the UK, for example -- are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell. Many are also passing data retention laws, forcing companies to retain information on their customers. In the U.S., the 1994 Communications Assistance for Law Enforcement Act required phone companies to facilitate FBI eavesdropping, and since 2001, the National Security Agency has built substantial eavesdropping systems with the help of those phone companies. Systems like these invite misuse: criminal appropriation, government abuse and stretching by everyone possible to apply to situations that are applicable only by the most tortuous logic. The FBI illegally wiretapped the phones of Americans, often falsely invoking terrorism emergencies, 3,500 times between 2002 and 2006 without a warrant. Internet surveillance and control will be no different. Official misuses are bad enough, but it's the unofficial uses that worry me more. Any surveillance and control system must itself be secured. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and by the people you don't. China's hackers subverted the access system Google put in place to comply with U.S. intercept orders. Why does anyone think criminals won't be able to use the same system to steal bank account and credit card information, use it to launch other attacks or turn it into a massive spam-sending network? Why does anyone think that only authorized law enforcement can mine collected Internet data or eavesdrop on phone and IM conversations? These risks are not merely theoretical. After September 11, the NSA built a surveillance infrastructure to eavesdrop on telephone calls and e-mails within the U.S. Although procedural rules stated that only non-Americans and international phone calls were to be listened to, actual practice didn't match those rules. NSA analysts collected more data than they were authorized to and used the system to spy on wives, girlfriends and notables such as President Clinton. But that's not the most serious misuse of a telecommunications surveillance infrastructure. In Greece, between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government: the prime minister and the ministers of defense, foreign affairs and justice. Ericsson built this wiretapping capability into Vodafone's products and enabled it only for governments that requested it. Greece wasn't one of those governments, but someone still unknown -- A rival political party? Organized crime? Foreign intelligence? -- figured out how to surreptitiously turn the feature on. And surveillance infrastructure can be exported, which also aids totalitarianism around the world. Western companies like Siemens and Nokia built Iran's surveillance. U.S. companies helped build China's electronic police state. Just last year, Twitter's anonymity saved the lives of Iranian dissidents, anonymity that many governments want to eliminate. In the aftermath of Google's announcement, some members of Congress are reviving a bill banning U.S. tech companies from working with governments that digitally spy on their citizens. Presumably, those legislators don't understand that their own government is on the list. This problem isn't going away. Every year brings more Internet censorship and control, not just in countries like China and Iran but in the U.S., the U.K., Canada and other free countries, egged on by both law enforcement trying to catch terrorists, child pornographers and other criminals and by media companies trying to stop file sharers. The problem is that such control makes us all less safe. Whether the eavesdroppers are the good guys or the bad guys, these systems put us all at greater risk. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in. And it's bad civic hygiene to build technologies that could someday be used to facilitate a police state. The opinions expressed in this commentary are solely those of Bruce Schneier. From rforno at infowarrior.org Sun Jan 24 16:08:56 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Jan 2010 11:08:56 -0500 Subject: [Infowarrior] - Full-body scanner blind to bomb parts Message-ID: <0DE3DC47-96FE-4E0C-9C75-1B8117573C06@infowarrior.org> Full-body scanner blind to bomb parts Todger, yes. Combustibles, no By Rik Myslewski in San Francisco ? Get more from this author Posted in Security, 24th January 2010 11:02 GMT http://www.theregister.co.uk/2010/01/24/body_scanner_fail/ Most of the uproar over full-body scanners has focused on privacy concerns. There's one larger question, however, that hasn't received much scrutiny by the chattering classes: do the damnable things work? One German TV station says "Nein." By way of Americablog comes a video of a man easily concealing the makings of high-temperature combustibles in a manner that evaded a full-body scanner. As the blogger writes: "Even if you don't understand German, it's easy enough to follow how this physicist beat the system." First the World's Ugliest Man forced us all to remove our shoes when going through airport security. Now the Nigerian crotchbomber has upped the ante, forcing us to leave our dignity at home. And for what? So that few hundred million taxpayer dollars can be spent slowing our boarding even longer while producing images that some of the more-squeamish members of the public have likened to child porn and which can't detect bomb ingredients? As the video shows, the concealment of materials sufficiently incendiary to melt a frying pan is no big deal. But perhaps we should be even more distressed by what the only English speaker in the video - who appears to be pro-scanner - says about four and a half minutes into the demo: "No system is perfect." Unarguable. And distressing on a number of different levels, from exploring aircraft to exploding security costs. ? From rforno at infowarrior.org Sun Jan 24 20:19:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Jan 2010 15:19:42 -0500 Subject: [Infowarrior] - Google's Nexus One censors cuss word Message-ID: Not sure I appreciate the carrier or device censoring the user's remarks, even in limited functions. --rick January 23, 2010 11:33 AM PST How Google's Nexus One censors cuss words by Chris Matyszczyk http://news.cnet.com/8301-17852_3-10440115-71.html?part=rss&subj=news&tag=2547-1_3-0-20 Some of you who have been basking in the beauty of your new Nexus One Googlephone may not have tried out all of its delightful features. And what I am about to tell you may lead you to utter some naughty words. Please, go ahead. I have heard them all, in several different languages. And I respect the vehemence of the vernacular. However, your Nexus One will not be so charmed by the vigor of your tongue. It will, dare I utter the word when referring to a product from the newly emancipated Google, censor you. You see, the pungently polite people at Reuters were playing with their Nexus One when they noticed something about its built-in voice- to-text feature. Every time they said something naughty into the phone, the naughty word came out as "####"--and not just "f---." It even censored the "S" part of BS. Reuters immediately called Google and screamed at them: "What the #### are you miserable ############# playing at?" Oh, perhaps I have stretched the boundaries of possibility with that heartening notion. They probably asked a little more politely, given that they secured a really quite ingenious reply from a Googleperson. Apparently, the censorship is not because Google is trying to clean up the world and turn it into the nicest parts of Alabama. No, the company is worried about what might be transcribed. "We filter potentially offensive or inappropriate results because we want to avoid situations whereby we might misrecognize a spoken query and return profanity when, in fact, the user said something completely innocent," Google told Reuters. Yes, the technology isn't quite perfect, so even the potential of a misplaced curse is being avoided at all costs. What interests me most is how Google chooses its list of naughty nuances. Is there some poor engineer over at the Googleplex whose sole task was to write software that immediately identifies expletive expressions? Do they take account of those who swear in Spanish, Italian, or, like me, Polish? And if you say "For crying out loud" a little too quickly, might the transcription come out with a four letter f-word (or rather four hash marks) at the beginning? One other thing. I have a Croatian friend. If I ever got a Nexus One, I would like to be able to address him by his name. His name is Fuk. Would his name be transcribed, every time, as ###? How sad. From rforno at infowarrior.org Mon Jan 25 00:53:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Jan 2010 19:53:03 -0500 Subject: [Infowarrior] - SEC mulled national security status for AIG details Message-ID: SEC mulled national security status for AIG details Matthew Goldstein NEW YORK Sun Jan 24, 2010 3:04pm EST http://www.reuters.com/article/idUSTRE60N1S220100124 NEW YORK (Reuters) - U.S. securities regulators originally treated the New York Federal Reserve's bid to keep secret many of the details of the American International Group bailout like a request to protect matters of national security, according to emails obtained by Reuters. The request to keep the details secret were made by the New York Federal Reserve -- a regulator that helped orchestrate the bailout -- and by the giant insurer itself, according to the emails. The emails from early last year reveal that officials at the New York Fed were only comfortable with AIG submitting a critical bailout- related document to the U.S. Securities and Exchange Commission after getting assurances from the regulatory agency that "special security procedures" would be used to handle the document. The SEC, according to an email sent by a New York Fed lawyer on January 13, 2009, agreed to limit the number of SEC employees who would review the document to just two and keep the document locked in a safe while the SEC considered AIG's confidentiality request. The SEC had also agreed that if it determined the document should not be made public, it would be stored "in a special area where national security related files are kept," the lawyer wrote. In another email, a New York Fed official said the SEC suggested in late December 2008, that AIG file the document under seal and then apply to the regulatory agency for so-called confidential treatment, if central bankers wanted to stop the information from becoming public. The emails were included in the mountain of documents the New York Fed turned over last week to the House Committee on Oversight and Government Reform, which will hold a hearing Wednesday into the AIG bailout and the New York Fed's role in trying keep the specific terms of that Fed-engineered rescue in November 2008, from being made public. More than a year later, the Fed's bailout of AIG remains controversial because it funneled nearly $70 billion to 16 big U.S. and European banks that had bought credit default swaps from AIG. Banks like Goldman Sachs Group Inc, Societe Generale and Deutsche Bank had bought those insurance-like derivatives to guard against defaults on hundreds of securities backed by subprime mortgages. 'BACKDOOR BAILOUT' Lawmakers on Capitol Hill have labeled the AIG bailout, in which the New York Fed created a special entity to purchase those securities from the banks at essentially their face value, a "backdoor bailout" for the 16 financial institutions. The new batch of emails, along with others that have become public in recent weeks, reveal that some at the New York Fed had gone to great lengths to keep the terms of the bailout private and the SEC may have played a role in contributing to some of the secrecy surrounding the AIG rescue package. "The New York Fed was orchestrating what can only be characterized as an extreme effort to ensure that details of the counterparty deal stayed secret," Rep. Darrell Issa from California, the ranking Republican on the House Oversight Committee, said through a spokesman. "More and more it looks as if they would've kept the details of the deal secret indefinitely, it they could have." In March, some of the secrecy surrounding the AIG bailout began to fall away when the insurer, under pressure from Congress and the SEC, agreed to publicly name the 16 banks that got money in the rescue package and how much each received. But AIG, largely at the prodding of the New York Fed, refused to make public all of the information in the controversial document, officially called "Schedule A -- List of Derivative Transactions," according to the emails turned over by the central bank to Capitol Hill. AIG continued to seek confidential treatment from the SEC for the redacted portions of the five-page filing. Last May, the SEC did grant AIG's request for confidential treatment for the remaining redacted portions of the Schedule A filing. The redacted parts include the CUSIP, or trading ID, number for each security on which AIG wrote a CDS contract, as well as the face value of each individual security that AIG had insured against default. The SEC agreed to let AIG keep that information confidential until November 2018 -- or the 10th anniversary of the bailout. Critics contend that without the redacted information, it is difficult to determine which of the 16 banks had held the worst-performing securities, and which banks originated the worst of the troubled securities. GEITHNER UNDER MICROSCOPE The New York Fed has argued the information needs to remain confidential to enable BlackRock Inc, which manages the portfolio of securities bought from the banks, to compete with hedge funds on an even playing field. U.S. Treasury Secretary Timothy Geithner, who has drawn fire for his role in the bailout, was set to testify before the House Oversight Committee on Wednesday. Geithner, who led the New York Fed at the time of the AIG bailout, has said he was not privy to the discussions about what information AIG should or should not release to the public and the SEC. New York Fed spokeswoman Deborah Kilroe said on Friday that the more than 250,000 pages of documents provided by the central bank to Congress "demonstrate that the FBNY's actions assisted AIG in ensuring the accuracy of its disclosures and protected important U.S. taxpayer interests." For its part, SEC has said it pushed AIG to make public the list of banks getting bailout money and only signed off on the request for confidential treatment after the insurer released that information. SEC spokesman John Nestor said: "The SEC required AIG to make public all of the information in Schedule A that was material to an investor in AIG." But this latest round of emails reveals that it was an official with the SEC in December 2008 who recommended that AIG and the New York Fed could seek confidential treatment for the Schedule A document as an alternative to making the entire document public. In November, a New York Fed lawyer, in another email, had said he thought it was "highly unlikely" the SEC would grant confidential treatment for the document. AIG and the New York Fed took the SEC's advice and filed a heavily redacted version of the Schedule A on January 14, 2009, and at the same time requested confidential treatment for the redacted portions. The emails also discuss that BusinessWeek magazine had submitted a Freedom of Information Act request for the document and the confidential treatment request was a way of dealing with that and other possible requests by the media for the document. (Reporting by Matthew Goldstein; Editing by Maureen Bavdek) From rforno at infowarrior.org Mon Jan 25 02:40:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Jan 2010 21:40:05 -0500 Subject: [Infowarrior] - 'Proof of Life' services, among others... Message-ID: <2C6A3CEB-31F3-4377-8BE6-F029FFEAB1AD@infowarrior.org> The issue of what-to-do with digital data and accounts is the subject of this WaPo article. One of the more interesting ideas I cut below.... of course, there wil be security/privacy/resilience consideraions ... ranging from 'who watches the watchers' to issues of the 'watchers' going bankrupt or having their systems compromised. But interesting idea anyway. -rf Web sites let online lives outlast the dearly departed By Michael S. Rosenwald Washington Post Staff Writer Monday, January 25, 2010; A01 < - > The new sites, with such names as DataInherit, Entrustet, Parting Wishes, VitalLock, My Last Email and If I Die, deliver the bad news in novel ways. With deathswitch.com, if users don't respond to regular e- mails to confirm that they are still alive, the site gets increasingly worried about them, sending notes that nearly beg for a reply: "Please log on using the link below to demonstrate that you are still alive." If users don't respond within a set period of time, "postmortem" e- mails stored in their account are delivere < - > http://www.washingtonpost.com/wp-dyn/content/article/2010/01/24/AR2010012402886_pf.html From rforno at infowarrior.org Mon Jan 25 19:52:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2010 14:52:26 -0500 Subject: [Infowarrior] - Mozilla leader worries about Internet limits Message-ID: <73CA3AC9-DA14-44B2-BB7E-92ADE326FF22@infowarrior.org> http://finance.yahoo.com/news/Mozilla-leader-worries-about-apf-712012919.html?x=0&.v=3 Mozilla leader worries about Internet limits Mozilla leader worries that legal restrictions could limit Internet growth By Edith M. Lederer, Associated Press Writer , On Monday January 25, 2010, 10:02 am EST MUNICH, Germany (AP) -- The leader of the Mozilla Project, whose Firefox Web browser now has 350 million users, said Sunday that she is concerned that legal restrictions could limit Internet expansion. Mitchell Baker said she worried about "the increase in laws that make it difficult to run an open network," especially rules about content. "You suddenly become liable for anything that gets downloaded, whether it's legal or not," she said. "If you said to a municipality, if you build a road, you have to guarantee nothing illegal happens on it -- that's what's happening on the Internet now. So that's the kind of regulatory disruption that's going to have some long-term consequences." Baker spoke at an opening panel of a three-day conference on digital innovation and creative ideas. The DLD conference -- which stands for Digital-Life-Design -- is chaired by Hubert Burda of Germany, owner of Hubert Burda Media, and digital investor Yossi Vardi, who co-pioneered instant messaging and chaired the panel, titled "Disruptive." Niklas Zennstrom, co-founder of Skype which now has over 500 million users, said successful companies can't become complacent and must continue to make improvements and not be afraid "of disrupting themselves." Vardi asked J.P. Rangaswami, chief scientist of the BT Group in Britain, what he thought of what Skype was doing to telecommunications companies like his. "Watch this space," Rangaswami replied cryptically. Vardi then asked Rangaswami whether he sees the industry following Skype's efforts to set minimal charges for phone calls around the world. "I think those parts of the industry that don't follow what Niklas is doing will either find themselves out of a job or working for him," he replied. American entrepreneur Jimmy Wales, whose nonprofit charity founded Wikipedia, the free online encyclopedia that has 350 million users, said it was a "very, very bad business" to try to compete against because the reference work is offered for free. He ruled out advertising on the site for now -- but left open the possibility it could happen sometime in the future to raise money for the charity. Moderator Vardi expressed amazement that the Internet companies had small work forces despite their vast number of users. Skype has just over 600 employees, Mozilla about 250, and Wikipedia just 30. What advice would the three give to companies trying to get 100 million users? "Stay out of software first of all," said Mozilla's Baker. "Go to Web sites and services." Wales said, "Have a very pure, simple vision that everyone can understand immediately." Zennstrom said the idea should also "make consumers' lives easier." And, he stressed, "don't do a copycat of someone else." BT's Rangaswami said he believes the Web in the past 20 years has made people more willing to collaborate, to work together. The emphasis is on online data "because it's through that that people can do things," he told The Associated Press. Ranjaswami said the key is transparency. "So I think all the data.gov initiatives are very, very important because that's laying the foundations of the next generation -- how we use that transparency of public information to start really making change as a result of community," he said. Yves Daccord, director-general of the International Committee of the Red Cross, said in a video presentation that Twitter and the social media have been very important in mobilizing a response to the earthquake in Haiti and giving the people "the sense that we are very close." In the future, he said, he expects victims of disasters to use social media more effectively to communicate their needs so humanitarian organizations can deliver better services and reunite families. From rforno at infowarrior.org Mon Jan 25 20:59:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2010 15:59:46 -0500 Subject: [Infowarrior] - The ACTA Guide, Part One: The Talks To-Date Message-ID: <46097FF4-5149-4E40-9990-B616CBBC2743@infowarrior.org> The ACTA Guide, Part One: The Talks To-Date The 7th round of Anti-Counterfeiting Trade Agreement negotiations begins tomorrow in Guadalajara, Mexico. The negotiation round will be the longest to-date, with three and a half days planned to address civil enforcement, border measures, the Internet provisions, and (one hour for) transparency. Over the next five days, I plan to post a five-part ACTA Guide that will include sourcing for much of the discussion on ACTA, links to all the leaked documents, information on the transparency issue, and a look at who has been speaking out. I start today with a lengthy backgrounder for those new to ACTA or looking to catch up on recent developments. There are several ways to get up-to-speed. The recent Google-sponsored debate was very informative, particularly on the transparency issue. There has been some helpful mainstream media coverage from the Washington Post (Copyright Overreach Takes a World Tour, Q & A on ACTA) and the Irish Times (Secret agreement may have poisonous effect on the net). The Command Line ran a podcast on the topic last week and I've posted interviews on ACTA I did with Search Engine and CBC's As It Happens. Last last year I also created a timeline that tracks the evolution of ACTA and I gave a talk on ACTA last November that highlights the major developments in about 20 minutes (embedded below). < - > http://www.michaelgeist.ca/content/view/4725/125 From rforno at infowarrior.org Tue Jan 26 01:09:57 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2010 20:09:57 -0500 Subject: [Infowarrior] - USAF cyber unit reaches IOC Message-ID: <1E429476-E704-45C4-A483-6851232F70F4@infowarrior.org> Air Force cyber unit reaches operating capacity By John Reed - Staff writer Posted : Monday Jan 25, 2010 18:34:50 EST http://www.airforcetimes.com/news/2010/01/airforce_cyber_unit_012510w/ The Air Force announced Monday that its cyber fighting arm, the 24th Air Force, reached its initial operating capability less than one year after its stand-up at Lackland Air Force Base, Texas. ?This milestone designation means that 24 AF is capable of performing critical elements of its mission,? a service announcement said. The 24th Air Force?s IOC is the culmination of years of sometimes controversial work by the service to establish an effective cyber fighting command. In 2007, the service announced that it was aiming to establish a full major command dedicated to cyberwarfare, even releasing television ads depicting the service as the country?s only line of defense from cyber attack. Many saw this move as a turf grab by the air service and its former leaders, Air Force Secretary Michael Wynne and Chief of Staff Gen. T. Michael Moseley. However, soon after Wynne and Moseley were fired by Defense Secretary Robert Gates in the summer of 2008, new Air Force Chief of Staff Gen. Norton Schwartz announced that the service was suspending its pursuit of establishing a cyber MAJCOM. That fall, Schwartz announced that the Air Force would instead establish a numbered air force reporting to Air Force Space Command that would focus on cyber warfare. In August 2009, the service stood up 24th Air Force. Service leaders say that the numbered air force will serve as the air service?s contribution to U.S. Cyber Command when that organization is stood up. For now, however, 24th Air Force reports to AFSPACE. Although Air Force officials have long acknowledged that 24th Air Force?s mission will be to operate and defend Air Force computer networks, they remain cryptic about the unit?s offensive mission, saying only that it will ?provide full spectrum capabilities for the joint war fighter.? From rforno at infowarrior.org Tue Jan 26 03:49:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jan 2010 22:49:23 -0500 Subject: [Infowarrior] - U.S. Studies the New Art of Cyberwar Message-ID: <787233A3-E837-4D05-ACF6-E4237FC3C9DE@infowarrior.org> January 26, 2010 Cyberwar In Digital Combat, U.S. Finds No Easy Deterrent By JOHN MARKOFF, DAVID E. SANGER and THOM SHANKER http://www.nytimes.com/2010/01/26/world/26cyber.html?hp=&pagewanted=print This article was reported by John Markoff, David E. Sanger and Thom Shanker, and written by Mr. Sanger. WASHINGTON ? On a Monday morning earlier this month, top Pentagon leaders gathered to simulate how they would respond to a sophisticated cyberattack aimed at paralyzing the nation?s power grids, its communications systems or its financial networks. The results were dispiriting. The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What?s more, the military commanders noted that they even lacked the legal authority to respond ? especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war. What some participants in the simulation knew ? and others did not ? was that a version of their nightmare had just played out in real life, not at the Pentagon where they were meeting, but in the far less formal war rooms at Google Inc. Computers at Google and more than 30 other companies had been penetrated, and Google?s software engineers quickly tracked the source of the attack to seven servers in Taiwan, with footprints back to the Chinese mainland. After that, the trail disappeared into a cloud of angry Chinese government denials, and then an ugly exchange of accusations between Washington and Beijing. That continued Monday, with Chinese assertions that critics were trying to ?denigrate China? and that the United States was pursuing ?hegemonic domination? in cyberspace. These recent events demonstrate how quickly the nation?s escalating cyberbattles have outpaced the rush to find a deterrent, something equivalent to the cold-war-era strategy of threatening nuclear retaliation. So far, despite millions of dollars spent on studies, that quest has failed. Last week, Secretary of State Hillary Rodham Clinton made the most comprehensive effort yet to warn potential adversaries that cyberattacks would not be ignored, drawing on the language of nuclear deterrence. ?States, terrorists and those who would act as their proxies must know that the United States will protect our networks,? she declared in a speech on Thursday that drew an angry response from Beijing. ?Those who disrupt the free flow of information in our society or any other pose a threat to our economy, our government and our civil society.? But Mrs. Clinton did not say how the United States would respond, beyond suggesting that countries that knowingly permit cyberattacks to be launched from their territories would suffer damage to their reputations, and could be frozen out of the global economy. There is, in fact, an intense debate inside and outside the government about what the United States can credibly threaten. One alternative could be a diplomatic d?marche, or formal protest, like the one the State Department said was forthcoming, but was still not delivered, in the Google case. Economic retaliation and criminal prosecution are also possibilities. Inside the National Security Agency, which secretly scours overseas computer networks, officials have debated whether evidence of an imminent cyberattack on the United States would justify a pre-emptive American cyberattack ? something the president would have to authorize. In an extreme case, like evidence that an adversary was about to launch an attack intended to shut down power stations across America, some officials argue that the right response might be a military strike. ?We are now in the phase that we found ourselves in during the early 1950s, after the Soviets got the bomb,? said Joseph Nye, a professor at the Kennedy School at Harvard. ?It won?t have the same shape as nuclear deterrence, but what you heard Secretary Clinton doing was beginning to explain that we can create some high costs for attackers.? Fighting Shadows When the Pentagon summoned its top regional commanders from around the globe for meetings and a dinner with President Obama on Jan. 11, the war game prepared for them had nothing to do with Afghanistan, Iraq or Yemen. Instead, it was the simulated cyberattack ? a battle unlike any they had engaged in. Participants in the war game emerged with a worrisome realization. Because the Internet has blurred the line between military and civilian targets, an adversary can cripple a country ? say, freeze its credit markets ? without ever taking aim at a government installation or a military network, meaning that the Defense Department?s advanced capabilities may not be brought to bear short of a presidential order. ?The fact of the matter,? said one senior intelligence official, ?is that unless Google had told us about the attack on it and other companies, we probably never would have seen it. When you think about that, it?s really scary.? William J. Lynn III, the deputy defense secretary, who oversaw the simulation, said in an interview after the exercise that America?s concepts for protecting computer networks reminded him of one of defensive warfare?s great failures, the Maginot Line of pre-World War II France. Mr. Lynn, one of the Pentagon?s top strategists for computer network operations, argues that the billions spent on defensive shields surrounding America?s banks, businesses and military installations provide a similarly illusory sense of security. ?A fortress mentality will not work in cyber,? he said. ?We cannot retreat behind a Maginot Line of firewalls. We must also keep maneuvering. If we stand still for a minute, our adversaries will overtake us.? The Pentagon simulation and the nearly simultaneous real-world attacks on Google and more than 30 other companies show that those firewalls are falling fast. But if it is obvious that the government cannot afford to do nothing about such breaches, it is also clear that the old principles of retaliation ? you bomb Los Angeles, we?ll destroy Moscow ? just do not translate. ?We are looking beyond just the pure military might as the solution to every deterrence problem,? said Gen. Kevin P. Chilton, in charge of the military?s Strategic Command, which defends military computer networks. ?There are other elements of national power that can be brought to bear. You could deter a country with some economic moves, for example.? But first you would have to figure out who was behind the attack. Even Google?s engineers could not track, with absolute certainty, the attackers who appeared to be trying to steal their source code and, perhaps, insert a ?Trojan horse? ? a backdoor entryway to attack ? in Google?s search engines. Chinese officials have denied their government was involved, and said nothing about American demands that it investigate. China?s denials, American officials say, are one reason that President Obama has said nothing in public about the attacks ? a notable silence, given that he has made cybersecurity a central part of national security strategy. ?You have to be quite careful about attributions and accusations,? said a senior administration official deeply involved in dealing with the Chinese incident with Google. The official was authorized by the Obama administration to talk about its strategy, with the condition that he would not be named. ?It?s the nature of these attacks that the forensics are difficult,? the official added. ?The perpetrator can mask their involvement, or disguise it as another country?s.? Those are known as ?false flag? attacks, and American officials worry about being fooled by a dissident group, or a criminal gang, into retaliating against the wrong country. Nonetheless, the White House said in a statement that ?deterrence has been a fundamental part of the administration?s cybersecurity efforts from the start,? citing work in the past year to protect networks and ?international engagement to influence the behavior of potential adversaries.? Left unsaid is whether the Obama administration has decided whether it would ever threaten retaliatory cyberattacks or military attacks after a major cyberattack on American targets. The senior administration official provided by the White House, asked about Mr. Obama?s thinking on the issue, said: ?Like most operational things like this, the less said, the better.? But he added, ?there are authorities to deal with these attacks residing in many places, and ultimately, of course, with the president.? Others are less convinced. ?The U.S. is widely recognized to have pre- eminent offensive cybercapabilities, but it obtains little or no deterrent effect from this,? said James A. Lewis, director of the Center for Strategic and International Studies program on technology and public policy. In its final years, the Bush administration started a highly classified effort, led by Melissa Hathaway, to build the foundations of a national cyberdeterrence strategy. ?We didn?t even come close,? she said in a recent interview. Her hope had been to recreate Project Solarium, which President Dwight D. Eisenhower began in the sunroom of the White House in 1953, to come up with new ways of thinking about the nuclear threats then facing the country. ?There was a lot of good work done, but it lacked the rigor of the original Solarium Project. They didn?t produce what you need to do decision making.? Ms. Hathaway was asked to stay on to run Mr. Obama?s early review. Yet when the unclassified version of its report was published in the spring, there was little mention of deterrence. She left the administration when she was not chosen as the White House cybersecurity coordinator. After a delay of seven months, that post is now filled: Howard A. Schmidt, a veteran computer specialist, reported for work last week, just as the government was sorting through the lessons of the Google attack and calculating its chances of halting a more serious one in the future. Government-Corporate Divide In nuclear deterrence, both the Americans and the Soviets knew it was all or nothing: the Cuban missile crisis was resolved out of fear of catastrophic escalation. But in cyberattacks, the damage can range from the minor to the catastrophic, from slowing computer searches to bringing down a country?s cellphone networks, neutralizing its spy satellites, or crashing its electrical grid or its air traffic control systems. It is difficult to know if small attacks could escalate into bigger ones. So part of the problem is to calibrate a response to the severity of the attack. The government has responded to the escalating cyberattacks by ordering up new strategies and a new United States Cyber Command. The office of Defense Secretary Robert M. Gates ? whose unclassified e- mail system was hacked in 2007 ? is developing a ?framework document? that would describe the threat and potential responses, and perhaps the beginnings of a deterrence strategy to parallel the one used in the nuclear world. The new Cyber Command, if approved by Congress, would be run by Lt. Gen. Keith B. Alexander, head of the National Security Agency. Since the agency spies on the computer systems of foreign governments and terrorist groups, General Alexander would, in effect, be in charge of both finding and, if so ordered, neutralizing cyberattacks in the making. But many in the military, led by General Chilton of the Strategic Command and Gen. James E. Cartwright, the vice chairman of the Joint Chiefs of Staff, have been urging the United States to think more broadly about ways to deter attacks by threatening a country?s economic well-being or its reputation. Mrs. Clinton went down that road in her speech on Thursday, describing how a country that cracked down on Internet freedom or harbored groups that conduct cyberattacks could be ostracized. But though sanctions might work against a small country, few companies are likely to shun a market the size of China, or Russia, because they disapprove of how those governments control cyberspace or use cyberweapons. That is what makes the Google-China standoff so fascinating. Google broke the silence that usually surrounds cyberattacks; most American banks or companies do not want to admit their computer systems were pierced. Google has said it will stop censoring searches conducted by Chinese, even if that means being thrown out of China. The threat alone is an attempt at deterrence: Google?s executives are essentially betting that Beijing will back down, lift censorship of searches and crack down on the torrent of cyberattacks that pour out of China every day. If not, millions of young Chinese will be deprived of the Google search engine, and be left to the ones controlled by the Chinese government. An Obama administration official who has been dealing with the Chinese mused recently, ?You could argue that Google came up with a potential deterrent for the Chinese before we did.? From rforno at infowarrior.org Tue Jan 26 16:40:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2010 11:40:46 -0500 Subject: [Infowarrior] - Google Toolbar Tracks Browsing Even After Users Choose "Disable" Message-ID: <699EE062-AF7E-4EF7-B369-44057A16CB8C@infowarrior.org> Google Toolbar Tracks Browsing Even After Users Choose "Disable" Ben Edelman January 26, 2010 Run the Google Toolbar, and it?s strikingly easy to activate ?Enhanced Features? -- transmitting to Google the full URL of every page-view, including searches at competing search engines. Some critics find this a significant privacy intrusion (1, 2, 3). But in my testing, even Google?s bundled toolbar installations provides some modicum of notice before installing. And users who want to disable such transmissions can always turn them off ? or so I thought until I recently retested. In this article, I provide evidence calling into question the ability of users to disable Google Toolbar transmissions. I begin by reviewing the contents of Google's "Enhanced Features" transmissions. I then offer screenshot and video proof showing that even when users specifically instruct that the Google Toolbar be ?disable[d]?, and even when the Google Toolbar seems to be disabled (e.g., because it disappears from view), Google Toolbar continues tracking users? browsing. I then revisit how Google Toolbar's Enhanced Features get turned on in the first place ? noting the striking ease of activating Enhanced Features, and the remarkable absence of a button or option to disable Enhanced Features once they are turned on. I criticize the fact that Google?s disclosures have worsened over time, and I conclude by identifying changes necessary to fulfill users? expectations and protect users? privacy. < - > http://www.benedelman.org/news/012610-1.html From rforno at infowarrior.org Tue Jan 26 18:24:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2010 13:24:07 -0500 Subject: [Infowarrior] - ACTA Guide, Part Two: The Documents (Official and Leaked) Message-ID: ACTA Guide, Part Two: The Documents (Official and Leaked) Tuesday January 26, 2010 http://www.michaelgeist.ca/content/view/4730/125/ Negotiations in the 7th round of the ACTA talks open this morning in Mexico with civil enforcement issues on the agenda. Yesterday I posted on the developments to-date, including a chronology of talks, issues, and leaks that have led to this week's round of discussions. Part Two of the ACTA Guide provides links to the underlying documentation. Governments have been very tight lipped about the talks. Initially, only a brief summary following the conclusion of each round of the talks was provided. More recently, the agenda of each meeting is disclosed and a summary document (largely confirming Internet leaks) has been provided. Links to each of these documents is posted below. ? The official agenda for the 7th round of negotiations in Guadalajara, Mexico ? Statement on 6th round of negotiations in Seoul, Korea ? Statement on 5th round of negotiations in Rabat, Morocco ? Statement on 4th round of negotiations in Paris, France ? Statement on 3rd round of negotiations in Tokyo, Japan ? Statement on 2nd round of negotiations in Washington, DC ? Statement on 1st round of negotiations in Geneva, Switzerland ? The Anti-Counterfeiting Trade Agreement - Summary of Key Elements Under Discussion Of far greater importance are the leaked documents. These have confirmed how the Anti-Counterfeiting Trade Agreement is designed to extend far beyond counterfeiting and how it would reshape domestic law in many countries, including Canada. Links to all the leaks are posted below. Note that many are dated and therefore reflect initial thinking but may have changed over the course of recent discussions. ? Confidentiality statement: terms of confidentiality for ACTA documents (U.S.) ? Business Group demands for ACTA ? 2007 Outline Proposal for ACTA ? EU Analysis of the ACTA Internet chapter ? EU Advance Summary of the ACTA Internet chapter ? Canadian non-paper on Institutional arrangements ? Definitions (U.S.) ? Border Measures Chapter (U.S. and Japan) ? Criminal Provisions Chapter (U.S. and Japan) ? Civil Enforcement Chapter (U.S. and Japan) http://www.michaelgeist.ca/content/view/4730/125/ From rforno at infowarrior.org Tue Jan 26 18:25:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2010 13:25:09 -0500 Subject: [Infowarrior] - ACTA: International Harmonization at What Cost? Message-ID: ACTA: International Harmonization at What Cost? Legal Analysis by Gwen Hinze The next round of negotiations on ACTA start today in Guadalajara, Mexico. This week?s negotiations will apparently focus on civil enforcement, border measures, and enforcement procedures in the digital environment, and briefly, transparency. One of the main goals of ACTA is creating new harmonized international IP enforcement standards above those in the 1994 TRIPs agreement. Thirty-seven countries with 37 different national laws are negotiating ACTA, so reaching agreement on new substantive IP enforcement standards will inevitably involve compromises. Some countries will be required to change their national law to bring them closer to other countries' approaches to IP regulation. Since two of the major powers negotiating ACTA are the US and the European Union (and its 27 Member States), there is much scope for different approaches and disagreements to arise. This is particularly true for Internet intermediary liability ? where laws in the US and the various EU Member States take quite different approaches. Which country prevails in this battle of legal wills will have tremendous consequences for citizens' access to knowledge and the future of the Internet as a powerful tool for communication, cross- border collaboration and a platform for innovation. The EU has indicated that it is unwilling to agree to anything that requires changes to European Community law. EU negotiators would probably not be able to do so under their (still secret) negotiation mandate. On January 14, EU Commissioner-delegate for the Digital Agenda, Neelie Kroes stated that "The objective of ACTA negotiations is to provide the same safeguards as the EU did in the telecoms package... So we stick to our line and that's it." For its part, the USTR has repeatedly said that ACTA will only "color within the lines of existing US law". Indeed, this is the justification for negotiating ACTA as a sole Executive Agreement, therefore bypassing the checks and balances of the usual Congressional oversight process applied to other recent free trade agreements, such as the US-South Korea FTA. Given this, it is interesting to reflect on the leaked European Commission?s analysis of the US's Internet Chapter. Although draft text of the Internet chapter has not yet surfaced, the EU analysis discloses what the chapter covers: increased Internet intermediary liability, three strikes Internet disconnection obligations for ISPs, and civil and criminal technological protection measure laws modeled on the US DMCA. (More after the Jump ..) http://www.eff.org/deeplinks/2010/01/acta-international-harmonization-what-cost From rforno at infowarrior.org Tue Jan 26 18:55:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2010 13:55:23 -0500 Subject: [Infowarrior] - Navy Next-Gen Network Looks Highly Vulnerable To Cyber Attack Message-ID: <3D775A82-9C6C-40E9-87AE-BBD7AACCDE9A@infowarrior.org> (Having done security reviews on NMCI years ago, I don't see the NextGen navy network faring any better than NMCI on the infosec front. I was not impressed back then with how infosec, among other things, were handled on NMCI --rick) LexingtonInstitute.org January 26, 2010 Navy Next-Gen Network Looks Highly Vulnerable To Cyber Attack Author: Loren B. Thompson, Ph.D. http://www.lexingtoninstitute.org/navy-next-gen-network-looks-highly-vulnerable-to-cyber-attack?a=1&c=1171 The Navy Marine Corps Intranet (NMCI) is the biggest intranet in the world. With 800,000 users, some people say the only network that's bigger is the Internet itself. But NMCI has spawned more than its share of controversy, because the Navy awarded a huge contract to Electronic Data Systems to run every facet of the program for ten years. The contractor's role was so expansive that it even owned the computers sailors used to access the intranet. EDS made a lot of money on the program, but because it was responsible for everything, it also got blamed for everything -- even when problems were the inevitable result of the way the sea services operate. So now that the ten-year contracting period is drawing to a close, the Navy wants to take a different approach. The Navy wants to unbundle various pieces of its intranet and parcel them out to best-of-breed suppliers. Thus, the company running the help desk might be completely different from the company providing the software. The Navy would integrate the whole system, thereby eliminating the overbearing influence of EDS (which, incidentally, is now part of tech giant Hewlett Packard). It calls the new approach the Next Generation Enterprise Network, or NGEN, and it plans to transition from NMCI to the successor system over the next few years. Unfortunately, NGEN is a cyber disaster waiting to happen. The basic defect of the NGEN architecture is that every time you add another contractor to the mix of suppliers, you introduce seams and discontinuities into the system that can be exploited by intruders. Standards and practices will vary from company to company, and clever hackers can figure out how to leverage those difference to corrupt the system. For example, the company operating the NGEN servers might ban portable storage devices or social networking portals from its work environment, while the company running the help desk might allow them. But a clever hacker could use a single cracked door anywhere in the system to thoroughly penetrate the whole network. And once they're in the system, rooting them out will be made harder by the diversity of companies supporting NGEN. Of course, the Navy has all sort of smart ideas for how to maintain security across a system of system suppliers. But the simple truth is that the more players there are, the harder it will be to enforce standards and prevent intrusions. That's just common sense. For all of its supposed faults, the current Navy Marine Corps Intranet is a remarkably secure network, and that security is undoubtedly traceable in part to the fact that one company oversees the whole enterprise. Breaking it up and parceling out the pieces seems like a foolish idea at a time when everyone else in the government is preoccupied with making information networks less vulnerable to intrusion. From rforno at infowarrior.org Tue Jan 26 19:12:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2010 14:12:03 -0500 Subject: [Infowarrior] - =?windows-1252?q?Pentagon_Searches_for_=91Digital?= =?windows-1252?q?_DNA=92_to_Identify_Hackers?= Message-ID: Pentagon Searches for ?Digital DNA? to Identify Hackers ? By Noah Shachtman ? January 26, 2010 | ? 10:40 am | ? Categories: Info War http://www.wired.com/dangerroom/2010/01/pentagon-searches-for-digital-dna-to-identify-hackers/ One of the trickiest problems in cyber security is trying to figure who?s really behind an attack. Darpa, the Pentagon agency that created the Internet, is trying to fix that, with a new effort to develop the ?cyber equivalent of fingerprints or DNA? that can identify even the best-cloaked hackers. The recent malware hit on Google and other U.S. tech firms showed once again just how hard it is to pin a network strike on a particular person or group. Engineers are pretty sure the attack came from China, and it sure was sophisticated enough to come from a state military like China?s. But it?s hard to say conclusively that the People?s Liberation Army launched the strike. It?s the kind of problem Darpa will try to solve with its ?Cyber Genome? project. The idea ?is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from collected digital artifacts of software, data, and/or users,? the agency announced late Monday. These ?digital artifacts? will be collected from ?traditional computers, personal digital assistants, and/or distributed information systems such as ?cloud computers?,? as well as ?from wired or wireless networks, or collected storage media. The format may include electronic documents or software (to include malicious software - malware).? Ultimately, Darpa wants to develop the ?digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.? ?In other words,? The Register?s Lew Page notes, ?any code you write, perhaps even any document you create, might one day be traceable back to you - just as your DNA could be if found at a crime scene, and just as it used to be possible to identify radio operators even on encrypted channels by the distinctive ?fist? with which they operated their Morse keys. Or something like that, anyway.? The Cyber Genome project kicks off this week with a conference in Virginia. From rforno at infowarrior.org Tue Jan 26 19:12:59 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2010 14:12:59 -0500 Subject: [Infowarrior] - =?windows-1252?q?Pentagon_Report_Calls_for_Office?= =?windows-1252?q?_of_=91Strategic_Deception=92?= Message-ID: <9BBE1AB1-FB33-4150-A7B3-DD0EC94BD3CF@infowarrior.org> Pentagon Report Calls for Office of ?Strategic Deception? ? By Noah Shachtman ? January 26, 2010 | ? 12:54 pm | ? Categories: Spies, Secrecy and Surveillance http://www.wired.com/dangerroom/2010/01/pentagon-report-calls-for-office-of-strategic-deception/ The Defense Department needs to get better at lying and fooling people about its intentions. That?s the conclusion from an influential Pentagon panel, the Defense Science Board, which recommends that the military and intelligence communities join in a new agency devoted to ?strategic surprise/deception.? Tricking battlefield opponents has been a part of war since guys started beating each other with bones and sticks. But these days, such moves are harder to pull off, the Defense Science Board (DSB) notes in a January report first unearthed by InsideDefense.com. ?In an era of ubiquitous information access, anonymous leaks, and public demands for transparency, deception operations are extraordinarily difficult. Nevertheless, successful strategic deception has in the past provided the United States with significant advantages that translated into operational and tactical success. Successful deception also minimizes U.S. vulnerabilities, while simultaneously setting conditions to surprise adversaries.? The U.S. can?t wait until it?s at war with a particular country or group before engaging in this strategic trickery, however. ?Deception cannot succeed in wartime without developing theory and doctrine in peacetime,? according to the DSB. ?In order to mitigate or impart surprise, the United States should [begin] deception planning and action prior to the need for military operations.? Doing that will not only requires an ?understanding the enemy culture, standing beliefs, and intelligence-gathering process and decision cycle, as well as the soundness of its operational and tactical doctrine,? the DSB adds. Deception is also ?reliant? on the close control of information, running agents (and double-agents), and creating stories that adversaries will readily believe.? Such wholesale obfuscation can?t be done on an ad-hoc basis, or by a loose coalition of existing agencies. The DSB writes that ?to be effective, a permanent standing office with strong professional intelligence and operational expertise needs to be established.? I wonder: what would you call that organization? The Military Deception Agency? Or something a bit more? deceptive? From rforno at infowarrior.org Tue Jan 26 21:44:11 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2010 16:44:11 -0500 Subject: [Infowarrior] - Let's Hear it For Paywalls... Message-ID: After Three Months, Only 35 Subscriptions for Newsday's Web Site By John Koblin January 26, 2010 | 3:04 p.m In late October, Newsday, the Long Island daily that the Dolans bought for $650 million, put its web site, newsday.com, behind a pay wall. The paper was one of the first non-business newspapers to take the plunge by putting up a pay wall, so in media circles it has been followed with interest. Could its fate be a sign of what others, including The New York Times, might expect? So, three months later, how many people have signed up to pay $5 a week, or $260 a year, to get unfettered access to newsday.com? The answer: 35 people. As in fewer than three dozen. As in a decent- sized elementary-school class. That astoundingly low figure was revealed in a newsroom-wide meeting last week by publisher Terry Jimenez when a reporter asked how many people had signed up for the site. Mr. Jimenez didn't know the number off the top of his head, so he asked a deputy sitting near him. He replied 35. Michael Amon, a social services reporter, asked for clarification. "I heard you say 35 people," he said, from Newsday's auditorium in Melville. "Is that number correct?" Mr. Jimenez nodded. Hellville, indeed. The web site redesign and relaunch cost the Dolans $4 million, according to Mr. Jimenez. With those 35 people, they've grossed about $9,000. < - > http://www.observer.com/2010/media/after-three-months-only-35-subscriptions-newsdays-web-site# From rforno at infowarrior.org Tue Jan 26 22:27:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2010 17:27:24 -0500 Subject: [Infowarrior] - U.S. school bans the dictionary Message-ID: <3AC6C8FC-A355-49FC-BF98-A7A539340293@infowarrior.org> Paging Mrs. Lovejoy.... ---rf U.S. school bans the dictionary Published On Tue Jan 26 2010 Cathal Kelly Staff Reporter http://www.thestar.com/news/world/article/755936--u-s-school-bans-the-dictionary A Southern California school board has pulled the Merriam-Webster dictionary off its shelves after a parent complained about the entry ?oral sex.? The collegiate-level dictionary was being used in grade four and five classrooms. The school now promises to begin a thorough scouring of the dictionary for other offensive entries. ?It?s hard to sit and read the dictionary, but we?ll be looking to find other things of a graphic nature,? Menifee Union School District spokesperson Betti Cadmus told the local The Press-Enterprise newspaper. Merriam-Webster defines oral sex as ?oral stimulation of the genitals.? The dictionaries were originally intended for use by children working at advanced reading levels. Now the California town, pop. 70,000, looks like the staging ground for a First Amendment battle. ?If a public school were to remove every book because it contains one word deemed objectionable to some parent, then there would be no books at all in our public libraries,? said Peter Scheer, executive director of the California First Amendment Coalition, told The Press- Enterprise. ?I think common sense seems to be lacking in this school.? A spokesperson for Merriam-Webster pointed out that they also publish dictionaries for elementary- and intermediate-level readers, dictionaries that don?t include sexually explicit explanations. ?We are a bit surprised to hear about the controversy,? Merriam- Webster spokesperson Meghan Lieberwirth told thestar.com Tuesday. ?The job of the dictionary is to reflect language. Unfortunately, some of those words are going to be the sort you don?t want grade-school kids using ... We don?t recommend the use of our college-level dictionary at the grade-school level.? Nonetheless, the decision has divided parents. While some supported the idea of an ?age appropriate? reference book, others saw the decision in terms of free speech. ?Censorship in the schools, really?? Emanuel Chavez, the parent of second- and sixth-grade students, said to the Press Enterprise. ?Pretty soon the only dictionary in the school library will be the Bert and Ernie dictionary.? From rforno at infowarrior.org Wed Jan 27 02:05:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2010 21:05:51 -0500 Subject: [Infowarrior] - Children's TV Stars Face Anti-Terror Quiz Message-ID: <8B66CC2A-3FB7-4436-92DE-562774FE55DB@infowarrior.org> Children's TV Stars Face Anti-Terror Quiz 1:31pm UK, Tuesday January 26, 2010 Hannah Stott, Sky News Online http://news.sky.com/skynews/Home/UK-News/TV-Presenters-Anna-Williamson-And-Jamie-Rickers-Held-By-Police-Under-Under-Anti-Terror-Powers/Article/201001415536056 Two children's TV presenters have revealed they were held by police under anti-terrorism powers after being stopped while running around with hairdryers in London. Anna Williamson and Jamie Rickers, who front ITV1's hit show Toonattik, were filming a sketch for the programme on London's South Bank wearing combat gear and armed with children's walkie-talkies and glitter-covered hairdryers. Their fake fatigues aroused the suspicions of patrolling police, who stopped and questioned them. Williamson, 28, said: "We were filming a strand called Dork Hunters, which is to do with one of the animations we have on the show. "We were out and about doing 'dork hunting' ourselves on the streets of London. "Jamie and I were kitted out in fake utility belts. We've got hairdryers in our belt, a kids' walkie-talkie, hairbrushes and all that kind of stuff, and we were being followed by a camera crew and a boom mike and we get literally pulled over by four policemen and we were issued with a warning 'under the act of terrorism'." Rickers, 32, added: "We were stopped, not arrested, but they had to say 'we are holding you under the Anti-Terrorism Act because you're running around in flak jackets and a utility belt', and I said 'and please put spangly blue hairdryer' and he was, like, 'all right'." The presenting duo also hit the headlines in 2008 when Rickers, re- enacting a scene from The Emperor's New Clothes, appeared to strut around the studio naked, although it was later revealed he was wearing a flesh suit from the waist down. The morning programme, which provides light-hearted links in between cartoons such as Ben 10: Alien Force and Dork Hunters From Outer Space, attracts around 616,000 viewers each weekend morning, making it the most popular terrestrial programme of its kind. From rforno at infowarrior.org Wed Jan 27 02:18:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jan 2010 21:18:09 -0500 Subject: [Infowarrior] - 'Aurora' code circulated for years on English sites Message-ID: <8ECF7A71-A99D-4136-B5F6-C5D03DD46D4A@infowarrior.org> 'Aurora' code circulated for years on English sites Where's the China connection? By Dan Goodin in San Francisco ? Get more from this author Posted in Security, 26th January 2010 11:02 GMT http://www.theregister.co.uk/2010/01/26/aurora_attack_origins/fit Updated An error-checking algorithm found in software used to attack Google and other large companies circulated for years on English- speakinglanguage books and websites, casting doubt on claims it provided strong evidence that the malware was written by someone inside the People's Republic of China. The smoking gun said to tie Chinese-speaking programmers to the Hydraq trojan that penetrated Google's defenses was a cyclic redundancy check routine that used a table of only 16 constants. Security researcher Joe Stewart said the algorithm "seems to be virtually unknown outside of China," a finding he used to conclude that the code behind the attacks dubbed Aurora "originated with someone who is comfortable reading simplified Chinese." "In my opinion, the use of this unique CRC implementation in Hydraq is evidence that someone from within the PRC authored the Aurora codebase," Stewart wrote here. In fact, the implementation is common among English-speaking programmers of microcontrollers and other devices where memory is limited. In 2007, hardware designer Michael Karas discussed an almost identical algorithm here. Undated source code published here also bears more than a striking resemblance. The method was also discussed in W. David Schwaderer's 1988 book C Programmer's Guide to NetBIOS. On page 200, it refers to a CRC approach that "only requires 16 unsigned integers that occupy a mere 32 bytes in a typical machine." On page 205, the author goes on to provide source code that's very similar to the Aurora algorithm. "Digging this a little deeper though, the algorithm is a variation of calculating CRC using a nibble (4 bits) instead of a byte," programmer and Reg reader Steve L. wrote in an email. "This is widely used in single-chip computers in the embedded world, as it seems. I'd hardly call this a new algorithm, or [an] obscure one, either." Two weeks ago, Google said it was the victim of highly sophisticated attacks originating from China that targeted intellectual property and the Gmail accounts of human rights advocates. The company said similar attacks hit 20 other companies in the internet, finance, technology, media and chemical industries. Independent security researchers quickly raised the number of compromised companies to 34. But Google provided no evidence that China was even indirectly involved in the attacks targeting its source code. During a conference call last week with Wall Street analysts, CEO Eric Schmidt said only that that world's most populous nation was "probably" behind the attacks. One of the only other reported links between China and the attacks is that they were launched from at least six internet addresses located in Taiwan, which James Mulvenenon, the director of the Center for Intelligence Research and Analysis at Defense Group, told The Wall Street Journal is a common strategy used by Chinese hackers to mask their origin. But it just as easily could be the strategy of those trying to make the attacks appear to have originated in China. The claim that the CRC was lifted from a paper published exclusively in simplified Chinese seemed like the hard evidence that was missing from the open-and-shut case. In an email to The Register, Stewart acknowledged the CRC algorithm on 8052.com was the same one he found in Hydraq, but downplayed the significance. "The guy on that site says he has used the algorithm, didn't say he wrote it," Stewart explained. "I've seen dates on some of the Chinese postings of the code dating back to 2002." Maybe. But if the 16-constant CRC routine is this widely known, it seems plausible that attackers from any number of countries could have appropriated it. And that means Google and others claiming a China connection have yet to make their case. The lack of evidence is important. Google's accusations have already had a dramatic effect on US-China relations. If proof beyond a reasonable doubt is good enough in courts of law, shouldn't it be good enough for relations between two of the world's most powerful countries? ? This article was updated to include details from Schwaderer's book. Thanks to Philippe Oechslin, of OS Objectif S?curit? SA for alerting us to its contents. From rforno at infowarrior.org Wed Jan 27 15:04:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jan 2010 10:04:09 -0500 Subject: [Infowarrior] - iTablet -- Rick's Prediction and Comment Message-ID: <4D804210-0624-411C-94D4-FA3E4B31D49C@infowarrior.org> If the Apple "tablet computer" is nothing more than an expanded iPhone/ iPod with some PSP-ish and Kindle-esque features thrown in, they can count me out as a prospective buyer. Why? It's just another consumer "gadget". Of course, if it becomes the latest Apple device requiring authorization through (or software only uploaded by) the iTunes Music Store/App Store, count me out right now. Rest assured, if this is what the device turns out to be, the media will fawn breathlessly about it as "groundbreaking" and "evolutionary." When in reality, it isn't. That said, give me a tablet computer with those specs running OSX and does not require integration with the iTMS -- ie, it's a COMPUTER and not a SEMI-DUMB SLAVE DEVICE RESIDING WITHIN AN ELECTRONIC GATED COMMUNITY and I'd strongly consider it at some point. We'll see later today! -rick From rforno at infowarrior.org Wed Jan 27 15:55:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jan 2010 10:55:54 -0500 Subject: [Infowarrior] - EFF: Comparing iTunes Terms of (Ab)Use Message-ID: <7F46A898-DAE2-4B1F-8056-BCAE62D3D592@infowarrior.org> Terms of (Ab)Use: US and UK Consumers Dance to Different iTunes Commentary by Ed Bayley http://www.eff.org/deeplinks/2010/01/terms-ab-use-dancing-different-itunes-differences- Too often, online services draft their "Terms of Service" (TOS) agreements in ways that are one-sided and overreaching. In Europe, however, regulators are beginning to step in to protect consumers. In late November, the U.K.'s Office of Fair Trading (or OFT) announced that Apple, Inc. agreed to change the terms and conditions for its popular iTunes online music store in the United Kingdom. In particular, according to the statement from the OFT, the changes make the iTunes terms "clear, fair and easy to understand," and, more importantly, give consumers "clear and accurate information about their [] rights in case things go wrong." The OFT took action following a similar intervention by the Norwegian Consumer Council. In the U.S., by contrast, there has been little regulatory attention paid to protecting consumers from overreaching TOS agreements. Thanks to a history of deference to "freedom of contract" in the U.S., along with a dearth of consumer protection laws that apply to online services, U.S. consumers often lack adequate protections from unfair "terms and conditions." On this point, a comparison of the new U.K. iTunes TOS ("U.K. Terms") and the original U.S. iTunes TOS ("U.S. Terms") on which they were based is illuminating. While the majority of the language in the both versions is identical, the differences between them are important, and illustrate that service providers can make things more fair for consumers, if they are forced to do so. For example, as with many TOS agreements, the iTunes U.S. Terms purport to allow Apple to terminate any part of the service, including access to any music or other content available through iTunes, at any time without warning. The U.K. Terms step back from that extreme position. In particular, the U.K. Terms do not allow Apple to affect a user's access to content already purchased. Furthermore, before terminating a user's access to iTunes, the U.K. Terms require there at least be "strong grounds," rather than mere "suspicion," to believe the user has violated the agreement, and also obligates iTunes to provide notice of any planned modification, suspension, or termination to the extent possible. In other words, the U.K. Terms provide customers at least some guidance as to the grounds for termination, rather than leave them to worry their access to iTunes can be terminated at any moment for any reason. Another area where the new U.K. Terms make progress is in placing restrictions on Apple's ability to modify terms for existing customers. Many TOS agreements, including the iTunes U.S. Terms, claim the right to modify terms unilaterally, at any time, and without notice to the customer. It is refreshing to see the U.K. Terms require notice of the new terms before they become effective, as well as an opportunity to reject the changes without affecting purchases already made. The UK approach makes much more sense than the U.S. Terms' insistence on allowing Apple to act unilaterally without notice. And the fact that Apple can do it for customers in the UK means they can and should do it for customers elsewhere. The new U.K. Terms also depart from the common abusive practice of trying to completely insulate the service provider from any and all liability to customers whatsoever, regardless of fault. The U.S. Terms, for example, include repeated pronouncements that the service is not guaranteed to work and that the service provider will not be liable for damages caused by defects in the product, use of the service, or even by actions taken by the service provider. In contrast, the U.K. Terms promise to provide the service "with reasonable care and skill." The U.K. Terms also go out of their way to say that Apple cannot disclaim liability for fraud or harm that results from its own negligence, which seems like common sense. In addition, rather than make a broad declaration that Apple can never be liable for anything, the U.K. Terms present specific instances where Apple will not be liable. Interestingly, the U.K. Terms and U.S. Terms also appear to take different approaches regarding what you get when you buy from the iTunes Store. The U.S. Terms repeatedly refer to the acquisition music or movies through the store as "purchases." At the same time, however, the terms impose on the "purchaser" a set of "Usage Rules"?such as deciding how many and what devices the content may play on?that muddy the waters about the nature of your ownership. By contrast, the U.K. Terms state that the iTunes store provides only a "license for digital content." Also, the U.K. Terms tend to emphasize iTunes as a "Service," while the U.S. Terms speak in reference to the "Products" acquired through it (suggesting that you own your downloads the same way you own a music CD). The pro-consumer elements of the U.K. Terms demonstrate that service providers can provide more fairness to customers in their TOS agreements without destroying their bottom line. This underscores that most overreaching provisions in TOS agreements today are the product, not of business necessity, but of overzealous anti-customer lawyering. Hopefully, as regulators around the world begin stepping in on behalf of consumers, we may start seeing progress toward a more reasonable standard TOS agreement. From rforno at infowarrior.org Wed Jan 27 16:11:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jan 2010 11:11:54 -0500 Subject: [Infowarrior] - ACTA Guide, Part Three: Transparency and ACTA Secrecy Message-ID: ACTA Guide, Part Three: Transparency and ACTA Secrecy Wednesday January 27, 2010 http://www.michaelgeist.ca/content/view/4737/125/ Part Three of the ACTA Guide (Part One on the agreement itself, Part Two on the official and leaked documents) focuses on the issue that has dogged the proposed agreement since it was first announced - the lack of transparency associated with the text and the talks. As yesterday's public letter from NDP MP Charlie Angus and the UK cross- party motion highlight, elected officials around the world have latched onto the transparency issue and demanded that their governments open ACTA to public scrutiny. Reviewing the ACTA transparency issue involves several elements: the public concern with ACTA secrecy, the source of the secrecy, and the analysis of whether ACTA secrecy is common when compared to other intellectual property agreements. 1. The Public Concern Over the course of the two years since ACTA was first publicly announced (it was secretly discussed for about two years before the public unveiling), there have been repeated calls from elected officials and public interest groups to address the transparency concerns. In fact, each time portions of the ACTA text leak, the concerns grow stronger. For example, a sampling of the global call from politicians for greater transparency includes: ? Senators Bernie Sanders and Sherrod Brown, United States ? Rep. Mike Doyle, United States ? Rep. Zoe Lofgren, United States ? Nicolas Dupont-Aignan, France ? Tom Watson (Labour), John Whittingdale (Conservative), Lindsay Hoyle (Labour), and Don Foster (Lib Democrats), United Kingdom ? Minister ?sa Torstensson, Sweden ? MEP Jens Holms, Sweden ? MEP Axel Voss, Germany ? MP Clare Curran, New Zealand ? Peter Dunne, New Zealand ? MP Charlie Angus, Canada Moreover, the European Parliament has voted for a proposal to bring more transparency and public access to documents. The resolution includes specific language about the Anti-Counterfeiting Trade Agreement. In particular, it states: Acting in accordance with Article 255(1) of the EC Treaty, the European Commission should immediately make all documents related to the ongoing international negotiations on the Anti-Counterfeiting Trade Agreement (ACTA) publicly available. The justification for the language is: The Anti-Counterfeiting Trade Agreement (ACTA) will contain a new international benchmark for legal frameworks on what is termed intellectual property right enforcement. The content as known to the public is clearly legislative in character. Further, the Council confirms that ACTA includes civil enforcement and criminal law measures. Since there can not be secret objectives regarding legislation in a democracy, the principles established in the ECJ Turco case must be upheld. In addition to elected officials and parliamentary resolutions, numerous public interest groups from around the world have joined the call for greater ACTA transparency (current joint declaration is one example). Business groups have also attacked the secrecy associated with the talks. 2. The Sources of ACTA Secrecy Identifying the sources of ACTA secrecy are alternately easy and difficult. The confidentiality statement that forms the basis of ACTA confidentiality has been leaked and makes it clear that the U.S. set the initial terms of secrecy. A more detailed discussion can be found in several documents responding to access to information/freedom of information requests. For example, the Declaration of Stanford McCoy of the USTR on ACTA disclosure of documents provides the U.S. perspective, while European Council response on ACTA transparency and disclosure of documents provides the EU view (second EU document here). While those are the official positions, some countries have provided limited access to "ACTA Insiders." The U.S. made the Internet chapter available under non-disclosure agreement to 42 ACTA insiders in 2009. Canada intended to create an insider advisory group, but abandoned those plans after details of the possible members was obtained under the Access to Information Act and reported in the press. More difficult is to identify who currently supports ACTA secrecy. According to an article in the EU Observer, roughly half of the 27 EU Member States support increased ACTA transparency, suggesting that making content publicly available would increase public confidence. There have been similar reports in the UK, New Zealand, Australia, and Canada. That still leaves the Asian countries and the U.S. as potential holdouts (USTR head Ron Kirk has reportedly said that countries would walk away from the treaty if the text were made available). 3. Is ACTA Secrecy Standard? The third major issue is whether the ACTA secrecy is commonplace. Last fall, the ACTA partners released a joint statement arguing that "it is accepted practice during trade negotiations among sovereign states to not share negotiating texts with the public at large, particularly at earlier stages of the negotiation." Yet a closer examination of similar international IP negotiations reveals that the ACTA approach is not standard. U.S. NGO groups have made a strong case for how ACTA's lack of transparency is out-of-step with many other global norm setting exercises. With regard to international fora, they note that the WTO, WIPO, WHO, UNCITRAL, UNIDROIT, UNCTAD, OECD, Hague Conference on Private International Law, and an assortment of other conventions have all been far more open than ACTA. For example, the WIPO Internet treaties, which offer the closest substantive parallel to the ACTA Internet provisions, were by comparison very transparent: The two WIPO Internet Treaties (WCT and WPPT) were negotiated in a completely open meeting at the Geneva Convention Center. The public was allowed to attend without accreditation. The draft texts for the WCT and the WPPT were public, and the U.S. government requested comments on the draft texts, which were available, among other places, from the U.S. Copyright Office. Two other documents offer similar reviews of the transparency of negotiation documents and opportunities for public participation. Moreover, Jamie Love recently posted a comparison of the level of transparency during the FTAA negotiations with the ACTA talks. Several drafts of the FTAA agreement were released to the public as the negotiations were ongoing. The inescapable conclusion is that the ACTA approach is hardly standard. Rather, it represents a major shift toward greater secrecy in the negotiation of international treaties on intellectual property in an obvious attempt to avoid public participation and scrutiny. From rforno at infowarrior.org Wed Jan 27 17:58:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jan 2010 12:58:31 -0500 Subject: [Infowarrior] - Report: WH to Outsource Space Flight Message-ID: <682E70F4-85DB-4CCB-8CAF-0C89BF691C1E@infowarrior.org> White House to Outsource Space Flight http://www.foxnews.com/scitech/2010/01/27/white-house-outsource-space-flight/ NASA's Constellation program should replace our aging fleet of space shuttles, which make their last flight in July. But reports indicate Obama may eliminate the program entirely, leaving the U.S. relying on Russian vehicles for space transportation. NASA's Constellation program should replace our aging fleet of space shuttles, which make their last flight in September. But reports indicate Obama may eliminate the program entirely, leaving the U.S. relying on Russian vehicles for space transportation. Under the Constellation umbrella, NASA has been building the Ares I and Ares V launch vehicles, the Orion crew capsule and the Altair Lunar Lander. The space agency successfully test-launched Ares 1-X on Oct. 28, 2009. The spacecraft were supposed to be perform a variety of missions, from International Space Station resupply to lunar landings. SLIDESHOW: The Ares Rocket But according to a report in the Orlando Sentinel, the forthcoming budget ? which the president will announce in detail during tonight's State of the Union address ? will include no funding for lunar landers, no moon bases, and no Constellation program at all. Once the shuttle completes its final mission, NASA will have no way of its own to bring men into space or supplies to the Space Station ? arguably a hole in our ability to remain competitive in the field of space exploration. At that point, NASA intends to buy rides for its astronauts on Russian Soyuz vehicles until a new service ? either commercial or government ? materializes. The Russian government charges NASA $51 million for each seat on its Soyuz vehicles. Last May, NASA announced that the new contract allows it to buy 6 seats on Soyuz craft in 2012 and 2013 for a total of $306 million. A number of private companies have been competing to build next- generation vehicles capable of transporting humans into space and to the International Space Station. Armadillo Aerospace, Virgin Galactic, SpaceX and others are vying to be the first commercial spacecraft ? mainly concentrating on the lucrative space tourism industry. The budget will include funding for those private companies to develop capsules and rockets that can be used as space taxis, reports the Sentinel. These companies may take astronauts on fixed-price contracts to and from the International Space Station ? a major change in the way the agency has done business for the past 50 years. NASA contractors have already been quietly planning on the end of Ares I, reports the Sentinel, noting that the program is already "years behind schedule and millions of dollars over budget." NASA has already spent more than $3 billion on Ares I and more than $5 billion on the rest of Constellation." NASA's budget, just over $18.7 billion this year, is still expected to rise again in 2011, reports Space.com, though by much less than the $1 billion increase NASA and its contractors have been privately anticipating since mid-December. A White House-appointed panel, led by former Lockheed Martin chief Norm Augustine, urged these changes on the administration in December. The panel also said a worthwhile manned space exploration program would require Obama to budget about $55 billion for human spaceflight over the next five years, some $11 billion more than he included in the 2011-2015 forecast he sent Congress last spring. The Aerospace Safety Advisory Panel's report also cautioned the United States against halting work on the Ares rocket in favor of unproven commercial alternatives. "To abandon Ares I as a baseline vehicle for an alternative without demonstrated capability nor proven superiority (or even equivalence) is unwise and probably not cost-effective," the report stated. A senior administration official told Fox News that rather than space programs, the president plans to use the address to renew his focus on jobs, calling for swift action on lagging bills providing tax cuts for job creation, new equipment purchases and the elimination of capital gains for small businesses. The Indian government announced plans this morning to step up its schedule for manned missions to space, targeting 2016 for its first manned launch. From rforno at infowarrior.org Wed Jan 27 18:41:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jan 2010 13:41:48 -0500 Subject: [Infowarrior] - iTablet -- Rick's Prediction and Comment In-Reply-To: <4D804210-0624-411C-94D4-FA3E4B31D49C@infowarrior.org> References: <4D804210-0624-411C-94D4-FA3E4B31D49C@infowarrior.org> Message-ID: Yep. iPad is an iTouch/Phone on steroids. Despite the Jobsian RDF and breathless media hype in recent days, there's nothing revoutionary or magical here at al from what I can tell thus far. Move along, nothing more to see here....it's just another iLife-y gadget. Yawn? -rf On Jan 27, 2010, at 10:04 AM, Richard Forno wrote: > > If the Apple "tablet computer" is nothing more than an expanded > iPhone/iPod with some PSP-ish and Kindle-esque features thrown in, > they can count me out as a prospective buyer. Why? It's just > another consumer "gadget". Of course, if it becomes the latest > Apple device requiring authorization through (or software only > uploaded by) the iTunes Music Store/App Store, count me out right > now. Rest assured, if this is what the device turns out to be, the > media will fawn breathlessly about it as "groundbreaking" and > "evolutionary." When in reality, it isn't. > > That said, give me a tablet computer with those specs running OSX > and does not require integration with the iTMS -- ie, it's a > COMPUTER and not a SEMI-DUMB SLAVE DEVICE RESIDING WITHIN AN > ELECTRONIC GATED COMMUNITY and I'd strongly consider it at some point. > > We'll see later today! > > -rick > From rforno at infowarrior.org Wed Jan 27 20:30:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jan 2010 15:30:43 -0500 Subject: [Infowarrior] - Jammie Thomas rejects RIAA's $25, 000 settlement offer Message-ID: <9A264EB9-8F8C-40D9-B8E5-7FF384CEFAB3@infowarrior.org> Yes, the RIAA is getting desperate -- it's not the money, but rather due to the precedent it would create they do NOT want the judge's decision to stand!!!! -rf Jammie Thomas rejects RIAA's $25,000 settlement offer by Greg Sandoval http://news.cnet.com/8301-31001_3-10442482-261.html?part=rss&subj=news&tag=2547-1_3-0-20 Update 3 p.m. PT: To include quotes from Joe Sibley, one of Jammie Thomas-Rasset's attorneys The four top recording companies on Wednesday made a settlement offer to Jammie Thomas-Rasset, the Minnesota woman who was found liable last summer of willful copyright infringement and ordered by a jury to pay $1.92 million in damages. And attorneys working for Thomas-Rasset wasted little time in rejecting the offer. Days after a federal court judge reduced the damage amount to $54,000, the Recording Industry Association of America forwarded settlement terms to her attorneys, according to a copy of the letter obtained by CNET. The RIAA, the trade group representing the four largest record labels, informed Thomas-Rasset that it would accept $25,000--less than half of the court-reduced award--if she agreed to ask the judge to "vacate" his decision of last week, which means removing his decision from the record. The RIAA said in the letter to Kiwi Camara and Joe Sibley, attorneys for Thomas-Rasset, that the $25,000 she would paid would go to a musician's charity. The RIAA said that if Thomas-Rasset declined the offer, the group would challenge the judge's ruling to lower her damages. That's what the music industry will have to do, Joe Sibley, one of Thomas-Rasset's attorneys, told CNET. This means the Jammie Thomas case will go on. Sibley and Camara had already said that they planned to challenge even the lowered amount set by the court. Sibley told CNET last week they have always sought a $0 award. "My clients have pursued this case to establish that the defendant was in fact responsible for the infringements alleged and that there were serious damages to them and to their artists as a result," wrote Timothy Reynolds, one of the RIAA's outside counsel. "Two juries resoundingly agreed. We do not believe embarking on a third trial is in anyone's interest." Over the past four years, since Thomas-Rasset was first accused of illegally sharing more than a 1,000 songs, she has become deeply embedded into the debate over copyright and illegal file sharing. To some, Thomas-Rasset is the Joan of Arc of peer-to-peer. To others, she is a crook who denied sharing music but was contradicted by overwhelming evidence and eventually ordered to pay whopping damages by two separate juries. My sources in the music sector predicted last week that the RIAA would try to settle. After Michael Davis, chief judge for the U.S. District Court for the District of Minnesota, lowered the damages amount, my sources said the big labels were satisfied to walk away after winning two trials and seeing Davis order Thomas-Rasset to pay a significant damage amount in $54,000. RIAA managers believe they have achieved whatever deterrent value the case can provide, the sources said. By the looks of the RIAA's offer, it's apparent that they don't want Davis' decision left on the books and is willing to take less damage money from Thomas-Rasset in exchange for her help in removing the ruling. More to come From rforno at infowarrior.org Wed Jan 27 20:54:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jan 2010 15:54:09 -0500 Subject: [Infowarrior] - Panopticlick: Help EFF Research Web Browser Tracking Message-ID: <8D636003-1160-45D2-B937-E191F4D089C7@infowarrior.org> Help EFF Research Web Browser Tracking Announcement by Peter Eckersley What fingerprints does your browser leave behind as you surf the web? Traditionally, people assume they can prevent a website from identifying them by disabling cookies on their web browser. Unfortunately, this is not the whole story. When you visit a website, you are allowing that site to access a lot of information about your computer's configuration. Combined, this information can create a kind of fingerprint ? a signature that could be used to identify you and your computer. But how effective would this kind of online tracking be? EFF is running an experiment to find out. Our new website Panopticlick will anonymously log the configuration and version information from your operating system, your browser, and your plug-ins, and compare it to our database of five million other configurations. Then, it will give you a uniqueness score ? letting you see how easily identifiable you might be as you surf the web. Adding your information to our database will help EFF evaluate the capabilities of Internet tracking and advertising companies, who are already using techniques of this sort to record people's online activities. They develop these methods in secret, and don't always tell the world what they've found. But this experiment will give us more insight into the privacy risk posed by browser fingerprinting, and help web users to protect themselves. To join the experiment: http://panopticlick.eff.org/ From rforno at infowarrior.org Thu Jan 28 14:09:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2010 09:09:30 -0500 Subject: [Infowarrior] - Oz bans a female body form Message-ID: <3EE21CB4-5B86-41E8-9F6D-C7E4623F182F@infowarrior.org> Probably best to let you decide if you want to read this @ work or not. Nothign profane, but prolly will trip a few overly-repressive keyword filters if I post the full article. Aussie censor balks at bijou b----bs Gets confused about other female bits also < - more that may be NSFW under the cut - > http://www.theregister.co.uk/2010/01/28/australian_censors/ From rforno at infowarrior.org Thu Jan 28 14:34:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2010 09:34:46 -0500 Subject: [Infowarrior] - US House of Reps hacked Message-ID: http://www.politico.com/huddle/ HACK ATTACK: Hackers infiltrated House web sites overnight, as Erin McPike reports in CongressDaily: ?Hackers struck at least 10 House websites overnight, substituting expletives aimed at Pres. Obama just hours after his State of the Union address. ?The hackers targeted many House Dem freshmen, including Reps. Ben Ray Lujan (D-NM), Harry Teague (D-NM), John Boccieri (D-OH) and Steve Driehaus (D-OH), as well as at least 5 other more senior Dems and the site owned by GOPers on the House Oversight Committee. "F--- OBAMA!! Red Eye CREW !!!!! O RESTO E HACKER!!! by HADES; m4V3RiCk; T4ph0d4 -- FROM BRASIL," the messages read.? From rforno at infowarrior.org Thu Jan 28 15:44:56 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2010 10:44:56 -0500 Subject: [Infowarrior] - ACTA Guide: Part Four: What Will ACTA Mean To My Domestic Law? Message-ID: ACTA Guide: Part Four: What Will ACTA Mean To My Domestic Law? Thursday January 28, 2010 http://www.michaelgeist.ca/content/view/4741/125/ Questions about ACTA typically follow a familiar pattern - what is it (Part One of the ACTA Guide), do you have evidence (Part Two), why is this secret (Part Three), followed by what would ACTA do to my country's laws? This fourth question is the subject of this post, Part Four of the ACTA Guide. The answer is complex since the impact of ACTA will differ for each participating country: some will require limited reforms, others very significant reforms, and yet others (particularly those not even permitted to participate) complete overhauls of their domestic laws. That is not the answer that the participating countries have been providing. Instead, most have sought to dampen fears by implausibly claiming that ACTA will not result in any domestic changes in their own country. With that in mind, we get: ? the European Union stating "ACTA will not go further than the current EU regime for enforcement of IPRs" ? the USTR maintaining that ACTA will not rewrite U.S. law ? Australia's DFAT confirming they do not expect to see major domestic changes to Australian law as a result of the ACTA ? New Zealand stating "ACTA will not change existing standards" ? Canadian Industry Minister Tony Clement assuring the House of Commons that ACTA will be subservient to domestic rules Of course, if all of this is true, skeptics might reasonably ask why ACTA is needed at all. The truth is that ACTA will require changes in many countries that ratify the agreement. The EU Commissioner- designate for the Internal Market, Michel Barnier, recently acknowledged precisely that during hearings in Brussels. Meanwhile, U.S. lobby groups have stated that they view ACTA as a mechanism to pressure Canada into new copyright reforms. While Canadian officials may put on a brave face regarding the prospect of ACTA-inspired domestic reforms, the reality is that behind- the-scenes this has been a major concern for officials since before ACTA was officially unveiled. I recently obtained under the Access to Information Act a copy of a response to the U.S. ACTA discussion paper from 2007 written by Doug George, who until recently led Canada's delegation on ACTA at DFAIT. George's response takes great pains to emphasize the differences between countries and the need to take this into account: While there may be a need to coordinate our efforts at the international level to fight counterfeiting and piracy, including through the negotiation of an ACTA, countries have implemented different systems and legislation to address this issue. This needs to be taken into account in our discussions. For instance, the role of governments versus rights holders in enforcing IPR can vary greatly among the various systems, and specific systems for implementation have developed in different directions. Canada's fears have quite obviously been realized as the vision of ACTA proponents is a one-size fits all solution based on the U.S. model of IP enforcement. This will, by its very definition, require domestic change in many countries. As for the specifics of domestic reforms, they depend on the country. Countries without statutory damages would need to add those to their laws. Countries without DMCA-style anti-circumvention rules or a notice-and-takedown system would require those changes. Countries without anti-camcording rules or new border enforcement measures or a host of other ACTA-related provisions would need to address those concerns. There has been some preliminary analysis of possible changes in various countries. These include: ? Global (Gwen Hinze) ? Global (Hinze) ? Global (Hinze and Eddan Katz) ? United States (Katz) ? United States (Jamie Love) ? European Union (FFII) ? European Unon (FFII) ? Australia (Kim Weatherall) ? New Zealand (Jonathon Penney) ? New Zealand (Cyberlaw.org) ? Canada (CIPPIC) ? Canada (CIPPIC) Not to be forgotten are those countries that are not part of the ACTA discussions. The exclusion of many major trading partners (and the alleged leading sources of counterfeit products) are a major story since those countries will likely also face pressure to implement ACTA despite not having had the opportunity to participate in the talks. I discussed that issue - and the need for developing countries to demand a seat at the table - last year in this piece. From rforno at infowarrior.org Thu Jan 28 19:14:52 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2010 14:14:52 -0500 Subject: [Infowarrior] - IFPI's Magic Disconnector Message-ID: <08192266-B9A6-4A95-AEE1-F68DDE2301C3@infowarrior.org> Note the last paragraph: Tell me how this magic works.....IFPI has a magic wand that will disconnect little Susie but leave her brother and parents still connected on the same Internet connection? Huh? -rf Wednesday, January 27, 2010 Strikes' Policies For Infringers Debated By Juliana Gruenwald http://techdailydose.nationaljournal.com/2010/01/strikes-policies-for-infringer.php As more countries weigh whether to punish serial copyright infringers by taking away their Internet access, critics debated Wednesday whether such efforts have a deterring effect. A panel discussion at the Congressional Internet Caucus' State of the Net conference examined such laws as one awaiting final approval in France that give infringers three chances to stop before their Internet access is cut off by a court and legislation working its way through the British Parliament that would impose graduated levels of notice against infringers with the ultimate sanction being a cutoff of Internet service. John Morris of the Center for Democracy of Technology argued that given the importance of the Internet to education, business and other aspects of society, cutting off Internet access goes too far, saying the actions of a child could harm the entire family. "The response is disproportionate" to the crime, he argued. He said a more appropriate penalty would be a lawsuit. The Computer & Communications Industry Association's Matthew Schruers added that more focus should be placed on "notice," when an Internet service provider or someone else notifies a user that he or she may be infringing copyrighted materials. "Notice is very effective in getting people to stop" infringing, he said, pointing to Canada's notice regime as being particularly effective. But Shira Perlmutter of the International Federation of the Phonographic Industry, which represents record companies around the world, argued that "notice doesn't really work," adding there needs to be "some sort of meaningful consequences." She also said that in most cases, Internet access would be suspended to only one account and may not affect a whole family. Perlmutter added that Internet service providers cut off service to customers now if they are abusing the ISP's services. But Schruers said those are voluntary actions, while the proposed laws would require ISPs to cut off a user's access. From rforno at infowarrior.org Thu Jan 28 19:50:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2010 14:50:36 -0500 Subject: [Infowarrior] - RIP JD Salinger Message-ID: <326396DD-97AD-4D21-A5A2-D90E551504EE@infowarrior.org> Goodbye, Holden Caulfied (and fellow 'Pency' alum!) -rick ?Catcher in the Rye" author J.D. Salinger dies Writer who shunned the world he shocked died in his isolated home at 91 The Associated Press updated 1:38 p.m. ET, Thurs., Jan. 28, 2010 http://today.msnbc.msn.com/id/35127071/ns/today-today_books/?GT1=43001 NEW YORK - J.D. Salinger, the legendary author, youth hero and fugitive from fame whose "The Catcher in the Rye" shocked and inspired a world he increasingly shunned, has died. He was 91. Salinger died of natural causes at his home on Wednesday, the author's son said in a statement from Salinger's literary representative. He had lived for decades in self-imposed isolation in the small, remote house in Cornish, N.H. Immortal anti-hero "The Catcher in the Rye," with its immortal teenage protagonist, the twisted, rebellious Holden Caulfield, came out in 1951, a time of anxious, Cold War conformity and the dawn of modern adolescence. The Book-of-the-Month Club, which made "Catcher" a featured selection, advised that for "anyone who has ever brought up a son" the novel will be "a source of wonder and delight ??? and concern." Enraged by all the "phonies" who make "me so depressed I go crazy," Holden soon became American literature's most famous anti-hero since Huckleberry Finn. The novel's sales are astonishing ??? more than 60 million copies worldwide ??? and its impact incalculable. Decades after publication, the book remains a defining expression of that most American of dreams ??? to never grow up. Salinger was writing for adults, but teenagers from all over identified with the novel's themes of alienation, innocence and fantasy, not to mention the luck of having the last word. "Catcher" presents the world as an ever-so-unfair struggle between the goodness of young people and the corruption of elders, a message that only intensified with the oncoming generation gap. Novels from Evan Hunter's "The Blackboard Jungle" to Curtis Sittenfeld's "Prep," movies from "Rebel Without a Cause" to "The Breakfast Club," and countless rock 'n' roll songs echoed Salinger's message of kids under siege. One of the great anti-heroes of the 1960s, Benjamin Braddock of "The Graduate," was but a blander version of Salinger's narrator. The cult of "Catcher" turned tragic in 1980 when crazed Beatles fan Mark David Chapman shot and killed John Lennon, citing Salinger's novel as an inspiration and stating that "this extraordinary book holds many answers." By the 21st century, Holden himself seemed relatively mild, but Salinger's book remained a standard in school curriculums and was discussed on countless Web sites and a fan page on Facebook. Other works Salinger's other books don't equal the influence or sales of "Catcher," but they are still read, again and again, with great affection and intensity. Critics, at least briefly, rated Salinger as a more accomplished and daring short story writer than John Cheever. The collection "Nine Stories" features the classic "A Perfect Day for Bananafish," the deadpan account of a suicidal Army veteran and the little girl he hopes, in vain, will save him. The novel "Franny and Zooey," like "Catcher," is a youthful, obsessively articulated quest for redemption, featuring a memorable argument between Zooey and his mother as he attempts to read in the bathtub. "Everyone who works here and writes here at The New Yorker, even now, decades after his silence began, does so with a keen awareness of J.D. Salinger's voice," said David Remnick, editor of The New Yorker, where many of Salinger's stories appeared. "In fact, he is so widely read in America, and read with such intensity, that it's hard to think of any reader, young and old, who does not carry around the voices of Holden Caulfield or Glass family members." "Catcher," narrated from a mental facility, begins with Holden recalling his expulsion from a Pennsylvania boarding school for failing four classes and for general apathy. He returns home to Manhattan, where his wanderings take him everywhere from a Times Square hotel to a rainy carousel ride with his kid sister, Phoebe, in Central Park. He decides he wants to escape to a cabin out West, but scorns questions about his future as just so much phoniness. "I mean how do you know what you're going to do till you do it?" he reasons. "The answer is, you don't. I think I am, but how do I know? I swear it's a stupid question." "The Catcher in the Rye" became both required and restricted reading, periodically banned by a school board or challenged by parents worried by its frank language and the irresistible chip on Holden's shoulder. "I'm aware that a number of my friends will be saddened, or shocked, or shocked-saddened, over some of the chapters of 'The Catcher in the Rye.' Some of my best friends are children. In fact, all of my best friends are children," Salinger wrote in 1955, in a short note for "20th Century Authors." "It's almost unbearable to me to realize that my book will be kept on a shelf out of their reach," he added. Salinger also wrote the novellas "Raise High the Roof Beam, Carpenters" and "Seymour ??? An Introduction," both featuring the neurotic, fictional Glass family which appeared in much of his work. His last published story, "Hapworth 16, 1928," ran in The New Yorker in 1965. By then he was increasingly viewed like a precocious child whose manner had soured from cute to insufferable. "Salinger was the greatest mind ever to stay in prep school," Norman Mailer once commented. In 1997, it was announced that "Hapworth" would be reissued as a book ? ?? prompting a (negative) New York Times review. The book, in typical Salinger style, didn't appear. In 1999, New Hampshire neighbor Jerry Burt said the author had told him years earlier that he had written at least 15 unpublished books kept locked in a safe at his home. "I love to write and I assure you I write regularly," Salinger said in a brief interview with the Baton Rouge (La.) Advocate in 1980. "But I write for myself, for my own pleasure. And I want to be left alone to do it." ???Ego of cast iron??? Jerome David Salinger was born Jan. 1, 1919, in New York City. His father was a wealthy importer of cheeses and meat and the family lived for years on Park Avenue. Like Holden, Salinger was an indifferent student with a history of trouble in various schools. He was sent to Valley Forge Military Academy at age 15, where he wrote at night by flashlight beneath the covers and eventually earned his only diploma. In 1940, he published his first fiction, "The Young Folks," in Story magazine. He served in the Army from 1942 to 1946, carrying a typewriter with him most of the time, writing "whenever I can find the time and an unoccupied foxhole," he told a friend. Returning to New York, the lean, dark-haired Salinger pursued an intense study of Zen Buddhism but also cut a gregarious figure in the bars of Greenwich Village, where he astonished acquaintances with his proficiency in rounding up dates. One drinking buddy, author A.E. Hotchner, would remember Salinger as the proud owner of an "ego of cast iron," contemptuous of writers and writing schools, convinced that he was the best thing to happen to American letters since Herman Melville. Praise and condemnation Holden first appeared as a character in the story "Last Day of the Last Furlough," published in 1944 in the Saturday Evening Post. Salinger's stories ran in several magazines, especially The New Yorker, where excerpts from "Catcher" were published. The finished novel quickly became a best seller and early reviews were blueprints for the praise and condemnation to come. The New York Times found the book "an unusually brilliant first novel" and observed that Holden's "delinquencies seem minor indeed when contrasted with the adult delinquencies with which he is confronted." But the Christian Science Monitor was not charmed. "He is alive, human, preposterous, profane and pathetic beyond belief," critic T. Morris Longstreth wrote of Holden. "Fortunately, there cannot be many of him yet. But one fears that a book like this given wide circulation may multiply his kind - as too easily happens when immortality and perversion are recounted by writers of talent whose work is countenanced in the name of art or good intention." Seeking seclusion The world had come calling for Salinger, but Salinger was bolting the door. By 1952, he had migrated to Cornish. Three years later, he married Claire Douglas, with whom he had two children, Peggy and Matthew, before their 1967 divorce. (Salinger was also briefly married in the 1940s to a woman named Sylvia; little else is known about her). Meanwhile, he was refusing interviews, instructing his agent to forward no fan mail and reportedly spending much of his time writing in a cement bunker. Sanity, apparently, could only come through seclusion. "I thought what I'd do was, I'd pretend I was one of those deaf- mutes," Holden says in "Catcher." "That way I wouldn't have to have any ... stupid useless conversations with anybody. If anybody wanted to tell me something, they'd have to write it on a piece of paper and shove it over to me. I'd build me a little cabin somewhere with the dough I made." Although Salinger initially contemplated a theater production of "Catcher," with the author himself playing Holden, he turned down numerous offers for film or stage rights, including requests from Billy Wilder and Elia Kazan. Bids from Steven Spielberg and Harvey Weinstein also were rejected. Salinger became famous for not wanting to be famous. In 1982, he sued a man who allegedly tried to sell a fictitious interview with the author to a national magazine. The impostor agreed to desist and Salinger dropped the suit. Five years later, another Salinger legal action resulted in an important decision by the U.S. Supreme Court. The high court refused to allow publication of an unauthorized biography, by Ian Hamilton, that quoted from the author's unpublished letters. Salinger had copyrighted the letters when he learned about Hamilton's book, which came out in a revised edition in 1988. In 2009, Salinger sued to halt publication of John David California's "60 Years Later," an unauthorized sequel to "Catcher" that imagined Holden in his 70s, misanthropic as ever. The curtain parts Against Salinger's will, the curtain was parted in recent years. In 1998, author Joyce Maynard published her memoir "At Home in the World," in which she detailed her eight-month affair with Salinger in the early 1970s, when she was less than half his age. She drew an unflattering picture of a controlling personality with eccentric eating habits, and described their problematic sex life. Salinger's alleged adoration of children apparently did not extend to his own. In 2000, daughter Margaret Salinger's "Dreamcatcher" portrayed the writer as an unpleasant recluse who drank his own urine and spoke in tongues. Ms. Salinger said she wrote the book because she was "absolutely determined not to repeat with my son what had been done with me." Copyright 2010 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. URL: http://today.msnbc.msn.com/id/35127071/ns/today-today_books/?GT1=43001 From rforno at infowarrior.org Thu Jan 28 19:52:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2010 14:52:18 -0500 Subject: [Infowarrior] - Obama Cyber Czar Digs in For Long Haul Message-ID: <3E43D305-ECF7-4884-9C87-96393E4984EF@infowarrior.org> www.esecurityplanet.com/news/article.php/3861231 Obama Cyber Czar Digs in For Long Haul By Kenneth Corbin January 27, 2010 WASHINGTON--Barely one month into the job, Howard Schmidt is getting an idea of just how big a task he has ahead of him. Schmidt, whom President Obama tapped late last year to serve as the administration's senior director for cybersecurity, today laid out an ambitious agenda for revamping the government's approach to shoring up the country's digital infrastructure. For the seven months that the position remained unfilled, observers opined about the difficulty the individual selected would encounter in trying to bring together the various federal agencies, Congress and the military to develop a coherent cybersecurity strategy. But Schmidt, a former top executive at Microsoft (NASDAQ: MSFT) and eBay (NASDAQ: EBAY) who has also headed up cybersecurity under the Bush administration, made it plain today that he has the mandate to do the job. "The president's been very, very clear in designating me as his lead policy official in cyberspace security in the federal government," Schmidt said in a speech here at the State of the Net conference, an annual tech policy event hosted by the Congressional Internet Caucus. In large measure, Schmidt's address today mirrored the plan Obama laid out in May, when he released the results of a sweeping cybersecurity review he commissioned early in his tenure and announced his plans to create the cyber coordinator position. Like Obama, Schmidt stressed that cybersecurity is as much a security priority as it is an economic one, particularly as digital networks increasingly become the backbone for global commerce. That belief is reflected in Schmidt's dual reporting structure, as he serves on both the National Economic Council and national security staff. As Schmidt circulates around Washington taking in briefings and meeting with agency and legislative staffers, he is laying the groundwork for what is intended to be a coordinated defense and response plan. He said he hopes to ensure that plan "also includes making sure we translate the strategy from the high-level points in any strategy to how do we execute." A part of that execution strategy will be a vigorous public education campaign to promote cybersecurity awareness. Schmidt also said the administration is taking a particularly hard look at the supply chain in an effort to firm up U.S. systems, describing the complex global network through which electronic components-which could come pre-loaded with vulnerabilities-enter the country as a "spider web." But at the same time, he is pragmatic enough to acknowledge that words like "perfect" or complete" don't apply to cybersecurity. "We will never have 100 percent absolute security and still have an open society," Schmidt said. "There's no way you can look at absolutes in this space." In addition to coordinating among government institutions, Schmidt is also trying to widen the bridge between the public and private sectors. That includes devising new methods for sharing threat information and pooling resources, as well as outreach programs to ensure that businesses of all sizes are taking security seriously without breaking their budgets just to shore up their systems. Schmidt also spoke of the administration's commitment to protect digital infrastructure without compromising citizens' privacy. "Privacy and security are two sides of the same coin," he said. "Without security we have no privacy." From rforno at infowarrior.org Thu Jan 28 20:34:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2010 15:34:05 -0500 Subject: [Infowarrior] - The 3 Facebook Settings Every User Should Check Now Message-ID: January 20, 2010 The 3 Facebook Settings Every User Should Check Now By SARAH PEREZ of ReadWriteWeb http://www.nytimes.com/external/readwriteweb/2010/01/20/20readwriteweb-the-3-facebook-settings-every-user-should-c-29287.html In December, Facebook made a series of bold and controversial changes regarding the nature of its users' privacy on the social networking site. The company once known for protecting privacy to the point of exclusivity (it began its days as a network for college kids only - no one else even had access), now seemingly wants to compete with more open social networks like the microblogging media darling Twitter. Those of you who edited your privacy settings prior to December's change have nothing to worry about - that is, assuming you elected to keep your personalized settings when prompted by Facebook's "transition tool." The tool, a dialog box explaining the changes, appeared at the top of Facebook homepages this past month with its own selection of recommended settings. Unfortunately, most Facebook users likely opted for the recommended settings without really understanding what they were agreeing to. If you did so, you may now be surprised to find that you inadvertently gave Facebook the right to publicize your private information including status updates, photos, and shared links. Want to change things back? Read on to find out how. 1. Who Can See The Things You Share (Status Updates, Photo, Videos, etc.) Probably the most critical of the "privacy" changes (yes, we mean those quotes sarcastically) was the change made to status updates. Although there's now a button beneath the status update field that lets you select who can view any particular update, the new Facebook default for this setting is "Everyone." And by everyone, they mean everyone. If you accepted the new recommended settings then you voluntarily gave Facebook the right to share the information about the items you post with any user or application on the site. Depending on your search settings, you may have also given Facebook the right to share that information with search engines, too. To change this setting back to something of a more private nature, do the following: ? From your Profile page, hover your mouse over the Settings menu at the top right and click "Privacy Settings" from the list that appears. ? Click "Profile Information" from the list of choices on the next page. ? Scroll down to the setting "Posts by Me." This encompasses anything you post, including status updates, links, notes, photos, and videos. ? Change this setting using the drop-down box on the right. We recommend the "Only Friends" setting to ensure that only those people you've specifically added as a friend on the network can see the things you post. 2. Who Can See Your Personal Info Facebook has a section of your profile called "personal info," but it only includes your interests, activities, and favorites. Other arguably more personal information is not encompassed by the "personal info" setting on Facebook's Privacy Settings page. That other information includes things like your birthday, your religious and political views, and your relationship status. After last month's privacy changes, Facebook set the new defaults for this other information to viewable by either "Everyone" (for family and relationships, aka relationship status) or to "Friends of Friends" (birthday, religious and political views). Depending on your own preferences, you can update each of these fields as you see fit. However, we would bet that many will want to set these to "Only Friends" as well. To do so: ? From your Profile page, hover your mouse over the Settings menu at the top right and click "Privacy Settings" from the list that appears. ? Click "Profile Information" from the list of choices on the next page. ? The third, fourth, and fifth item listed on this page are as follows: "birthday," "religious and political views," and "family and relationship." Locking down birthday to "Only Friends" is wise here, especially considering information such as this is often used in identity theft. ? Depending on your own personal preferences, you may or may not feel comfortable sharing your relationship status and religious and political views with complete strangers. And keep in mind, any setting besides "Only Friends" is just that - a stranger. While "Friends of Friends" sounds innocuous enough, it refers to everyone your friends have added as friends, a large group containing hundreds if not thousands of people you don't know. All it takes is one less-than- selective friend in your network to give an unsavory person access to this information. 3. What Google Can See - Keep Your Data Off the Search Engines When you visit Facebook's Search Settings page, a warning message pops up. Apparently, Facebook wants to clear the air about what info is being indexed by Google. The message reads: There have been misleading rumors recently about Facebook indexing all your information on Google. This is not true. Facebook created public search listings in 2007 to enable people to search for your name and see a link to your Facebook profile. They will still only see a basic set of information. While that may be true to a point, the second setting listed on this Search Settings page refers to exactly what you're allowing Google to index. If the box next to "Allow" is checked, you're giving search engines the ability to access and index any information you've marked as visible by "Everyone." As you can see from the settings discussed above, if you had not made some changes to certain fields, you would be sharing quite a bit with the search engines...probably more information than you were comfortable with. To keep your data private and out of the search engines, do the following: ? From your Profile page, hover your mouse over the Settings menu at the top right and click "Privacy Settings" from the list that appears. ? Click "Search" from the list of choices on the next page. ? Click "Close" on the pop-up message that appears. ? On this page, uncheck the box labeled "Allow" next to the second setting "Public Search Results." That keeps all your publicly shared information (items set to viewable by "Everyone") out of the search engines. If you want to see what the end result looks like, click the "see preview" link in blue underneath this setting. Take 5 Minutes to Protect Your Privacy While these three settings are, in our opinion, the most critical, they're by no means the only privacy settings worth a look. In a previous article (written prior to December's changes, so now out-of- date), we also looked at things like who can find you via Facebook's own search, application security, and more. While you may think these sorts of items aren't worth your time now, the next time you lose out on a job because the HR manager viewed your questionable Facebook photos or saw something inappropriate a friend posted on your wall, you may have second thoughts. But why wait until something bad happens before you address the issue? Considering that Facebook itself is no longer looking out for you, it's time to be proactive about things and look out for yourself instead. Taking a few minutes to run through all the available privacy settings and educating yourself on what they mean could mean the world of difference to you at some later point...That is, unless you agree with Facebook in thinking that the world is becoming more open and therefore you should too. Note: Other resources on Facebook's latest changes worth reading include MakeUseOf's 8 Steps Toward Regaining your Privacy, 17 steps to protect your privacy from Inside Facebook, the ACLU's article examining the changes, and DotRights.org's comprehensive analysis of the new settings. If you're unhappy enough to protest Facebook's privacy update, you can sign ACLU's petition. The FTC is also looking into the matter thanks to a complaint filed by a coalition of privacy groups, led by the Electronic Privacy Information Center. You can add your voice to the list of complaints here. Copyright 2010 ReadWriteWeb. All Rights Reserved. From rforno at infowarrior.org Fri Jan 29 00:06:44 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2010 19:06:44 -0500 Subject: [Infowarrior] - Security researchers blast credit card verification system Message-ID: Security researchers blast credit card verification system By Ryan Paul | Last updated January 28, 2010 1:20 PM http://arstechnica.com/secu Some credit card companies use a system called 3-D Secure (3DS) that adds an extra step to transactions that are carried out on the Internet. Visa and MasterCard tout their security, but researchers are questioning their efficacy. When making a purchase, online shoppers are confronted with a validation check that requires them to supply a password?in addition to the standard security code that is on the card itself?in order to prove that they are the real owner of a credit card. Systems built on 3DS are better known by their brand names, which include Verified by Visa and MasterCard SecureCode. Security researchers say that these validation systems?which are used by over 200 million cardholders?suffer from serious security deficiencies. Although the failings of 3DS and its lack of conformance with best practices are well-documented, it has still been widely adopted by online retailers because it allows them to deflect the liability for fraud back to the credit card companies. Some of the credit card companies take advantage of 3DS by wrapping their implementations of the validation system in draconian terms of service that force users to agree to accept full liability for credit card fraud. To make matters worse, some retailers don't allow consumers to opt out. The 3DS Activation During Shopping (ADS) functionality often ropes in users and gets them to sign up without fully realizing that they are doing. In a paper presented at the Financial Cryptography conference, researchers Ross Anderson and Steven Murdoch reveal the dark underbelly of 3DS and show how the service is detrimental to consumers. "From the engineering point of view, [3DS] does just about everything wrong, and it's becoming a fat target for phishing," wrote Anderson in an entry at the University of Cambridge security research blog. "This is yet another case where security economics trumps security engineering, but in a predatory way that leaves cardholders less secure." The standard method of integrating 3DS verification in a website involves using HTML iframes. This is highly problematic, because it means that users won't be able to rely on the security features of their browser?such as certificate highlighting in the browser URL bar? to easily distinguish between phishing sites legitimate 3DS verification. The inability to visually ascertain whether the certificate is valid exposes users to the possible risk of man-in-the- middle attacks. Another problems with 3DS that is highlighted in the report is that it fails to specify a consistent mechanism for verification. Individual implementors are free to determine the means for verification on their own, and often make really poor choices. For example, the report says that one bank requires cardholders to enter their ATM PIN during the verification process. This is a pretty shoddy security practice that encourages consumers to engage in risky practices that will expose them to significant risk from phishing scams. Fixing the problems The widespread and growing adoption of 3DS is difficult to combat because it offers built-in incentives for merchants and banks by making it easy for them to shift liability to the consumer. The researchers say that the time has come for better technology and regulatory intervention. Financial institutions have aggressively embraced the concept of electronic passwords in some countries?such as the UK?because passwords aren't covered by the laws that protect consumers from the consequences of transactions that are carried out with forged signatures. The security researchers say that the banks should only get to shift the liability to the consumer when transactions are validated by a trustworthy payment device?a piece of hardware, similar to a CAP calculator, that connects to the user's computer and implements a two-factor authentication model. From rforno at infowarrior.org Fri Jan 29 01:19:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2010 20:19:01 -0500 Subject: [Infowarrior] - How a stray mouse click choked the NYSE & cost a bank $1 Message-ID: How a stray mouse click choked the NYSE & cost a bank $150K By Jon Stokes | Last updated January 27, 2010 8:51 PM http://arstechnica.com/business/news/2010/01/how-a-stray-mouse-click-choked-the-nyse-cost-a-bank-150k.ars fat fin?ger |fat 'fi NG g?r |, verb, to enter a trade order incorrectly into an electronic stock trading system: He fat-fingered that sell order by accidentally adding two zeroes. The term comes from the idea of a clumsy, "fat-fingered" typist, who presses extra keys without being aware of it. As the practice of high-frequency trading continues to become more widespread, concerns are growing that erroneous trades carried out by "algos gone wild"?a sort of digitally amplified version of the "fat finger" phenomenon?could cause a market crash at Internet speed, a meltdown that no one could stop. Two recent market glitches could provide a preview of what's to come. Double-click of death: the Credit Suisse fiasco Like Goldman, Sachs and other large banks, Credit Suisse has a proprietary trading desk?i.e., a division of the bank that trades stocks and derivatives in order to make money for the bank itself (instead of for the bank's customers). And, like other banks in its class, much of this proprietary trading is now done entirely by computers that execute trades by the millisecond based on tiny, fleeting fluctuations in a stock's price. On November 14, 2007 at 3:20pm one of Credit Suisse's trading algorithms suddenly went haywire, and, in a few moments, sent hundreds of thousands of bogus requests to the exchange. This sudden surge of requests, which were cancellations for a large batch of orders that the machine had never actually sent out, acted like a denial-of- service attack on some parts of the New York Stock Exchange. The messages clogged the tubes and caused parts of the exchange to freeze up, affecting trading in 975 stocks. After an extensive investigation, the NYSE assessed a $150,000 fine for Credit Suisse's "failing to adequately supervise the development, deployment and operation of a proprietary algorithm, including a failure to implement procedures to monitor certain modifications made to the algorithm." The exchange's filing, released a little over a week ago, has the details of precisely what drove the algorithm haywire?it was a trader who accidentally double-clicked an icon in a trading program's interface, when he should've single-clicked. No, I am not making that up. And you thought butterfly ballots were bad UI design The algorithm that choked is part of a program called SmartWB, and it was designed to spit out a constant stream of trading orders all day long, using a set of fixed parameters. These orders would be transmitted to the NYSE, where they would go into a queue and wait to be executed. A few days prior to the incident, a programmer took it upon himself to unilaterally improve SmartWB by adding a new user input feature, which would let a trader change a certain parameter on-the-fly. When a user changed the parameter, all the new orders that came out of SmartWB would reflect the change, and all of the existing orders in the queue waiting to be executed would instead be cancelled and replaced with otherwise identical orders that contained the tweaked parameter. The interface for inputting this new parameter was really simple?and really, really stupid. There was a box for the trader to enter a number, and a pair of arrows next to the box: "up" and "down." Pressing the "up" arrow would revise the parameter upwards by the amount in the box, and pressing the "down" arrow would revise it downwards. After you clicked an arrow button, the new parameter would instantly take effect for all new orders, and all existing, queued orders would be cancelled and replaced with orders that reflected the change?no "Are you sure?" dialog box or any other form of sanity check, just instant execution. The lack of feedback and "forgiveness" in the interface element would have been bad enough, but there was another problem, and one that would have been uncovered during testing... if there had been any testing, which there had not. On November 14, a few seconds after 3:20, a trader put a number in the box and then double-clicked the "up" arrow. This double-click was interpreted by SmartWB as two separate clicks, so the system dutifully sent out a second batch of cancel/replace orders in addition to the batch that was intended by the trader. This sudden flood of cancel/ replace orders, half of which were requesting cancellation of orders that had never been sent, overwhelmed the system and backed up five of the posts on the NYSE trading floor. The incident wasn't a major catastrophe by any measure?it cost money, and overloaded a few posts near the close of the trading day, but otherwise it had no lasting effects. And the errors involved?a stray click, a bad UI decision, failures of testing and oversight?were all human errors, albeit amplified many times over by the speed and power of the network. You might even say that trader's the stray click was like the proverbial flutter of a butterfly's wing in China, except it didn't quite cause a hurricane in the Atlantic?just a nasty downpour. Since 2007, our markets have moved drastically further in the direction of complete automation. But it's not clear that Wall Street's programmers have made correspondingly large leaps in testing, UI design, and version control. Indeed, on message boards and blogs, day traders who follow the market tick-by-tick swap stories of huge swings in a stock price, where a stock plunges or spikes but then corrects in a few minutes, after the exchange realizes there was an error and cancels the trades. These glitches are typically attributed to high-frequency trading algorithms gone temporarily insane?"algos gone wild" is the preferred phrase. It is suspected that Rambus's stock was the victim of of an algorithm-driven selloff early this year. The Rambus incident On the afternoon of January 4, 2010, Rambus's stock lost 35 percent of its value in a matter of seconds. NASDAQ ended up canceling all trades at or below $20.73, and blamed the error on some unspecified trader's "fat finger." Anecdotally, bizarre market action like this is becoming a fact of life for day traders, who now have to take extra measures to guard against being hurt by these moves. For instance, many day traders use automated "trailing stops" if they're going to be away from a terminal for a few hours?these stops dictate that if a stock drops by a certain amount, then the trader's platforms should put in an automated sell order to dump the security before it goes down even further. If a trader was using an automated trailing stop on Rambus on January 4th, his system would've dumped the stock automatically, incurring a trading fee and possibly even losing money, only to see the stock jump back up again. Of course, the fact that such computer-driven volatility hurts day traders matters little to long-term investors. But the fear is that these glitches are fleeting indications that the system as a whole is vulnerable and unstable, and that the right combination of circumstances could cause what happend to RMBS to happen on a wider scale. This is especially true as even more of the trading activity, even among individual traders, shifts to automated platforms. Epilogue: From mainframe to PC One trend of the past year that has been covered at the Financial Times and other outlets is the democratization of computer-automated trading. Small two- and three-person trading shops, manned by a laid- off quant or two and a programmer, are cropping up all over the country and combining the latest gaming-oriented GPU and CPU hardware with standard electronic trading accounts to do algorithmic trading on a small scale. Because these groups are using commodity gaming hardware to generate "buy" and "sell" orders that are then transmitted to the market using standard retail trading software, there's no way to tell them apart from normal (human) day traders. Thus, there's absolutely no way to gauge how large of a phenomenon this actually is. The Obama administration's efforts to rein in high-frequency trading by eliminating flash orders and banning proprietary trading (much of which is HFT-based) from large banks will probably have the effect of leveling the playing field a bit for these smaller algo shops. As Matthew Goldstein at points out in his Reuters article on the topic, the prop desks may disappear, but the software and expertise will not. Instead of being concentrated at a few large banks, algo trading will just spread, as the talent behind it either jumps to new funds or goes solo. And if, thanks to further government intervention, the big boys ultimately lose some of the latency advantage that their deep pockets buy them, then the future of the market could well belong to hundreds of thousands of small trading operations who, instead of playing Crysis on their top-of-the-line Alienware systems, use them to print money instead. From rforno at infowarrior.org Fri Jan 29 03:51:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jan 2010 22:51:39 -0500 Subject: [Infowarrior] - WH moving 9/11 trials from NYC? Message-ID: <01644743-AC21-4522-8586-73F022BA48F7@infowarrior.org> White House orders Justice Department to look for other places to hold 9/11 terror trial BY Kenneth R. Bazinet, Adam Lisberg and Samuel Goldsmith DAILY NEWS STAFF WRITERS Originally Published:Thursday, January 28th 2010, 8:04 PM Updated: Thursday, January 28th 2010, 9:14 PM http://www.nydailynews.com/news/ny_crime/2010/01/28/2010-01-28_white_house_orders_justice_department_to_look_for_other_places_to_hold_911_terro.html The White House ordered the Justice Department on Thursday night to consider other places to try the 9/11 terror suspects after a wave of opposition to holding the trial in lower Manhattan. The dramatic turnabout came hours after Mayor Bloomberg said he would "prefer that they did it elsewhere" and then spoke to Attorney General Eric Holder. "It would be an inconvenience at the least, and probably that's too mild a word for people that live in the neighborhood and businesses in the neighborhood," Bloomberg told reporters. "There are places that would be less expensive for the taxpayers and less disruptive for New York City." State and city leaders have increasingly railed against a plan to try Khalid Shaikh Mohammed in Manhattan federal court since Holder proposed it last month. Sen. Chuck Schumer said he was "pleased" by the decision and said the White House also told him Thursday night it backs a possible move. Earlier in the day, Schumer spoke "with high-level members of the administration and urged them to find alternatives," said the senator's spokesman, Josh Vlasto. The order to consider new venues does not change the White House's position that Mohammed should be tried in civilian court. "President Obama is still committed to trying Mohammed and four other terrorist detainees in federal court," spokesman Bill Burton said yesterday. "He agrees with the attorney general's opinion that ... he and others can be litigated successfully and securely in the United States of America, just like others have," Burton said. Burton referred questions about the location debate to the Justice Department. While not commenting publicly, a department official disputed the characterization that the White House ordered the possible move. But another insider told The News that Justice officials have been caught off guard by the fiery opposition in New York. "They're in a tizzy at Justice over Bloomberg," a federal law enforcement official said. "It's like a half-baked souffle - the plan is collapsing." Julie Menin, the chairwoman of Community Board 1 who helped rally opposition to the plan, called the shift "a step in the right direction." "I'm thrilled the White House is reconsidering," Menin said. "The trial has to be moved out of New York City." Meanwhile, a source told The News that Police Commissioner Raymond Kelly was the driving force behind the push by Manhattan business leaders to change the mayor's mind on the trial. Kelly made an "extremely powerful" speech to a roomful of 150 prominent business leaders about how disruptive and costly the trial would be for lower Manhattan at an annual police charity event on Jan. 13, the source said. "What turned this around was when Ray made a presentation to the Police Foundation," the source said. "Everyone went from thinking, 'Justice will be served' to thinking 'We are screwed.'" What followed was a barrage of complaints to the mayor from some of New York's most powerful tycoons - part of a tide of pressure that led Bloomberg to turn against hosting the trial. Estimates put the cost of a multiyear terror trial in lower Manhattan at about $200 million a year. Leaders have suggested other venues for the trial, such as the Military Academy at West Point or Stewart Air National Guard Base in upstate Newburgh. The federal government has said they would reimburse the city for the costs, most of which cover overtime for increased security, but they won't reimburse business owners for lost revenue during the chaos, said Steven Spinola, president of the heavyweight business group Real Estate Board of New York. "Is the federal government going to give the city $1 billion plus the cost of propping up businesses? I don't think so," Spinola said. "The mayor clearly has been thinking about this. The tide is turning," He said. With Kenneth Lovett, James Gordon Meek and Rocco Parascandola From rforno at infowarrior.org Fri Jan 29 14:21:41 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2010 09:21:41 -0500 Subject: [Infowarrior] - DC Panel: Secrecy and Physics Message-ID: Bulletin of the American Physical Society APS April Meeting 2010 Volume 55, Number 1 Saturday?Tuesday, February 13?16, 2010; Washington, DC http://meetings.aps.org/Meeting/APR10/SessionIndex2/?SessionEventID=116241 Session B5: Secrecy and Physics Show Abstracts Sponsoring Units: FHP FPS AAPT Chair: Peter Galison, Harvard University Room: Thurgood Marshall West From rforno at infowarrior.org Fri Jan 29 14:23:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2010 09:23:06 -0500 Subject: [Infowarrior] - UK spawns new unit to expand internet surveillance Message-ID: <8B5844AF-B577-408D-B8AC-B6B18C7A0626@infowarrior.org> Home Office spawns new unit to expand internet surveillance By Chris Williams Posted in Government, 28th January 2010 12:02 GMT http://www.theregister.co.uk/2010/01/28/imp_ccd/ Exclusive The Home Office has created a new unit to oversee a massive increase in surveillance of the internet, The Register has learned, quashing suggestions the plans are on hold until after the election. The new Communications Capabilities Directorate (CCD) has been created as a structure to implement the ?2bn Interception Modernisation Programme (IMP), sources said. The CCD is staffed by the same officials who have have been working on IMP since 2007, but it establishes the project on a more formal basis in the Home Office. It is not yet included on the Home Office's list of directorates. The intelligence and law enforcement agencies have pushed hard for new laws to force communications providers to store details of who contacts whom, when, where and how via the internet. However, following a consultation last year, when the Home Office's plans were heavily criticised by ISPs and mobile companies, it was widely assumed progress on IMP would slow or stop. The CCD has continued meeting with industry to try to allay concerns about the project's costs, effect on customer privacy and technical feasibility. "The Home Office has long been working with communications service providers to take forward legislation providing for the retention of communications data," a Home Office spokesman said. "That is continuing." "More recently, we have been considering how, in a changing communications environment, lawful acquisition of communications data and interception of communications can continue to save lives, to counter terrorism, to detect crime and prosecute offenders, and to protect the public." Officials envisage communications providers will maintain giant databases of everything their customers do online, incluing email, social networking, web browsing and making VoIP calls. They want providers to process the mass of data to link it to individuals, to make it easier for authorities to access. Access to communications data is currently governed by the Regulation of Investigatory Powers Act. Under European legslation ISPs are required to retain basic information about what their customers do online, but not to open their data packets to record who they contact on Facebook, for example. The Home Office spokesman added: "This is a diverse range of activity now organised within a single Communications Capabilities Directorate with its focus on work under current legislation. "The Directorate will continue to consider the challenges posed by new technologies, working closely with communications service providers and others to bring forward proposals that command public confidence and demonstrate an appropriate balance between privacy and security." Work is also continuing at GCHQ in Cheltenham on its classified Mastering the Internet programme, which is developing systems and methods for extracting intelligence from the huge volumes of new surveillance data online services can generate. ? From rforno at infowarrior.org Fri Jan 29 15:25:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2010 10:25:48 -0500 Subject: [Infowarrior] - ACTA Guide, Part Five: Speaking Out Message-ID: ACTA Guide, Part Five: Speaking Out Friday January 29, 2010 http://www.michaelgeist.ca/content/view/4742/125/ The 7th round of ACTA negotiations will conclude around lunch time today in Mexico. If past meetings are any indication, a few hours later the participating countries will issue a bland statement thanking the host Mexican government, discussing the progress on civil enforcement, border measures, and the Internet as well as noting the transparency discussions and the continued desire to address the issue. The release will then conclude by looking forward to the next meeting in Wellington, New Zealand in April. As this five part series (Part One on substance, Part Two on leaks, Part Three on transparency, and Part Four on local implementations) demonstrates, however, there are ongoing concerns with both the process and substance of ACTA. From a process perspective, the negotiations remain far more secretive than other international agreements. From a substantive viewpoint, ACTA could result in dramatic reforms in many participating countries. Countering the momentum behind ACTA will require many to speak out. This admittedly feels like a daunting task given the powerful interests that are committed to seeing ACTA through. That said, many have begun to speak out. This last post starts with links to a sampling of the politicians and groups that have already made ACTA one of their issues: Elected Officials ? Senator Ron Wyden, United States ? Senators Bernie Sanders and Sherrod Brown, United States ? Senators Pat Leahy and Arlen Specter, United States ? Rep. Mike Doyle, United States ? Rep. Zoe Lofgren, United States ? Nicolas Dupont-Aignan, France ? MP Tom Watson, United Kingdom ? UK Liberal Democrats party ? Minister ?sa Torstensson, Sweden ? European Parliament Resolution ? MEP Jens Holms, Sweden ? MP Clare Curran, New Zealand (second time) (third time) ? Peter Dunne, New Zealand ? MP Charlie Angus, Canada (editorial) Public Interest Group Letters ? Library Content Alliance ? Oxfam ? EFF, Essential Action, KEI, PK, Salud y Farmacos, TACD, UAEM, PIRG ? Worldwide NGO Coalition ? European Telecommunications Network Operators' Association ? KEI and PK ? KEI So what can the general public do? One thing is to learn more and work together with groups already active on ACTA. These include: ? ACTA.net.nz ? EFF ? Public Knowledge ? FFII ? KEI ? OpenACTA ? IP Justice ? ACTAActionNow! ? CIPPIC ? Electronic Frontiers Australia ? La Quadrature Du Net ? Movimento ScambioEtico Every individual concerned with ACTA can also speak out. Write to your local MP or national leader or participate in the specific activities sponsored by some of the organizations listed above. These include the EFF ACTA Action Alert, the effort to encourage UK MPs to support the cross-party motion for ACTA transparency, and the signing of the A2K ACTA Petition. From rforno at infowarrior.org Fri Jan 29 18:24:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2010 13:24:37 -0500 Subject: [Infowarrior] - Paging Mrs. Lovejoy...again Message-ID: <6CC1871A-053C-44D9-9C56-CA34654534D2@infowarrior.org> Okay - whenever I say 'Paging Mrs Lovejoy" (PML) please take that to mean reference to something totally idiotic and/or overprotective that makes news allegedly because it's in the best interest of children. After a while I get sick of trying to come up with new snarkyness to describe such lunacy. -rf School system in Va. won't teach version of Anne Frank book By Michael Alison Chandler Washington Post Staff Writer Friday, January 29, 2010; B03 Culpeper County public school officials have decided to stop assigning a version of Anne Frank's diary, one of the most enduring symbols of the atrocities of the Nazi regime, after a parent complained that the book includes sexually explicit material and homosexual themes. "The Diary of a Young Girl: the Definitive Edition," which was published on the 50th anniversary of Frank's death in a concentration camp, will not be used in the future, said James Allen, director of instruction for the 7,600-student system. The school system did not follow its own policy for handling complaints about instructional materials, Allen said. .< - > http://www.washingtonpost.com/wp-dyn/content/article/2010/01/28/AR2010012804001_pf.html From rforno at infowarrior.org Fri Jan 29 22:46:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2010 17:46:05 -0500 Subject: [Infowarrior] - Debunking the alarmist McAfee-CSIS report Message-ID: <5197C6E9-5AC0-446F-AB7D-D12A1C5FFF75@infowarrior.org> Debunking the alarmist McAfee-CSIS report making breathless headlines this week. http://news.infracritical.com/pipermail/scadasec/2010-January/000384.html From rforno at infowarrior.org Sat Jan 30 00:39:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2010 19:39:01 -0500 Subject: [Infowarrior] - More NFL Nuttery Message-ID: <78BBD783-5FA1-459D-ACCB-074E3844F6CF@infowarrior.org> Who Dat Owns 'Who Dat'? Dat's Us, Sez da NFL iii League Moves Against Vendors of T-Shirts with New Orleans Chant http://online.wsj.com/article/SB10001424052748703389004575033504283711006.html By JENNIFER LEVITZ For decades, even through a multitude of dismal seasons, New Orleans Saints fans have belted out a cheer they say is as much a part of the fabric of their city as jambalaya and jazz: "Who Dat Say Dey Gonna Beat Dem Saints? Who Dat? Who Dat?" Now some are asking, "Who dat trying to spoil our fun?" The Saints' win last Sunday over the Minnesota Vikings vaulted the team into its first Super Bowl, lifting, at least temporarily, the long shadow of Hurricane Katrina over the city. But just as New Orleans is revving itself into a fever pitch about the Feb. 7 showdown in Miami against the Indianapolis Colts, the National Football League is claiming ownership of the phrase "Who Dat." The NFL asserted rights to the phrase earlier this week through the Florida Department of State, and it has issued cease-and-desist orders against New Orleans vendors who sell Saints memorabilia adorned with the wording. It informed vendors that using the phrase is likely to "confuse the purchasing public into believing that your items" are sponsored by the NFL. New Orleans locals are outraged and suspicious. The NFL, they contend, never cared about the quirky chant when the football team was dubbed the 'Aints a few decades ago, or after it was ousted from its home stadium in 2005 by Hurricane Katrina and finished 3-13. "The Saints actually win something and go to the Super Bowl, and the NFL sees a way they can make a penny," complains Dan Frazier, general manager of local sports-talk radio station 690 WIST. "It's terrible. It's ridiculous," scoffs self-proclaimed Saints "die- hard" Ray Dugas, a 46-year-old computer consultant, speaking by phone as he nursed a beer Friday at Cooter Brown's Tavern, a New Orleans bar. "What are they going to do?charge us if we cheer? Is that the next step?" Saints Coach Sean Payton weighed in at his news conference Friday, saying "No one should own 'who dat,' " says team spokesman Greg Bensel. New Orleans is known for its colorful dialect. You "make groceries," you don't buy them. You don't stop by for a visit, you "pass by." Dishes are washed in the "zink." Although its precise origin isn't known, it's clear that "who dat" is a part of local lingo that predates the rallying cry at Saints games. St. Augustine High School, an all-boys Catholic school in the city, says it started the chant in 1972 at its own football games. "Who dat talking about beating them Knights? Nobody! Nobody!" recalls the Rev. John Raphael, the school's principal. "It didn't originate with the Saints or the NFL," he says. The saying became the rallying cry for the Saints. In the 1980s, New Orleans singer Aaron Neville made a video, singing "who dat" alongside team members. The cry has become code for local pride as New Orleans unites in an excitement so infectious that many natives who live elsewhere plan to converge on New Orleans?not Miami?to watch the game. "It's just permeated the city completely. People start their calls on the radio saying `who dat,' they end their calls on the radio that way. You walk down the street and say `Who dat!' and people you don't even know say `Who dat' back," says Jacques Berry, the spokesman for Louisiana's secretary of state. After the win over the Vikings, he says, "everyone loved everyone, and it's still going on." But now, according to the NFL spokesman Brian McCarthy, "If 'who dat' is used in a manner to refer to Saints football, then the Saints own the rights." Mr. McCarthy says the enforcement isn't new. For two decades, the NFL has been "using and enforcing its rights in the 'who dat' mark to refer to Saints football," he says. Local residents say they've never heard of any problems until now. On Monday, the NFL registered a trademark for use of the phrase "who dat" on apparel with the Florida Department of State, according to state records. Lauren Thom, 29 years old, who makes her living on a tiny New Orleans T-shirt shop called Fleurty Girl, is one of a half dozen Louisiana vendors who received cease-and-desist orders. She makes shirts with local sayings such as: "My-nez. It's not mayonnaise, or mayo, oh no, My-Nez is what you put on dat san-wich." Her black-and-gold "Who Dat" shirts had been selling like crawfish, she says. She says she is complying with the NFL order. So is Elizabeth Harvey, whose family owns Storyville, a local shop that sells similar T-shirts. She says the NFL "asked us to remove everything from our Web site Saints related. That definitely hurt us." She says she is cooperating. "They are the NFL, and we are a small company," she says. Ms. Harvey says her customers are upset. "I have old ladies calling me and telling me that they say 'Who dat at the door?' One woman said her dog is named `Who Dat.'" The cause is drawing bipartisan support from elected officials. On Friday, Sen. David Vitter, a Louisiana Republican, wrote to NFL Commissioner Roger Goodell, urging the league to "drop this obnoxious" position. "Who Dat has become part of New Orleans and Louisiana popular culture," he wrote. "For the NFL to try to claim exclusive ownership of it would be like me registering and trying to claim exclusive ownership of the terms 'lagniappe' and `laissez les bons temps rouler!" "Please either drop your present ridiculous position or sue me," he wrote, signing his letter, "Junior Senator of Who Dat Nation." Democratic Congressman Charlie Melancon, who is a candidate for Mr. Vitter's Senate seat, collected 1,800 signatures in just over 90 minutes for a petition he emailed to supporters and posted on Twitter. It urged the NFL to back off. "No one owns 'Who Dat' except for 'Who Dat Nation," he wrote. Write to Jennifer Levitz at jennifer.levitz at wsj.coms From rforno at infowarrior.org Sat Jan 30 00:46:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2010 19:46:29 -0500 Subject: [Infowarrior] - Senator To NFL: Drop 'Who Dat' Claim Or Sue Me Message-ID: <18974F2E-1C06-4EEC-BD6A-1000EC62CFBC@infowarrior.org> I rarely praise politicians, but a h/t to Sen Vitter for this. --rf Senator To NFL: Drop 'Who Dat' Claim Or Sue Me David Vitter Demands League Change Position On Trademark POSTED: 1:22 pm CST January 29, 2010 UPDATED: 6:27 pm CST January 29, 2010 http://www.wdsu.com/sports/22378675/detail.html NEW ORLEANS -- U.S. Sen. David Vitter has jumped into the recent controversy over NFL claims that it has exclusive rights to the Saints' fan term, "Who Dat." Vitter is demanding that the league change its position or "sue me." Vitter sent a letter Friday to NFL Commissioner Roger Goodell, urging the league to "drop this obnoxious and legally unsustainable position and instead agree that 'Who Dat' is in the public domain, giving no one exclusive trademark rights." The NFL sent cease and desist letters this week to some local businesses selling T-shirts using the term, including the Fleurty Girl shop on Oak Street. The senator said he's having his own T-shirts made that say, "WHO DAT say we can't print Who Dat!" for widespread sale. He demands that the NFL change its position or file a lawsuit against him. "I am personally printing 'Who Dat' shirts and making them widely, commercially available. So if they are going to start suing people, they need to put me on the list," he said. "'Who Dat' was probably first heard in New Orleans minstrel shows well over 130 years ago," Vitter said in his letter. "Much more recently, but before it was used in connection with the Saints, it was used as a rallying cry by St. Augustine High School in New Orleans. In the 1980s it was adopted by Saints fans in a completely spontaneous way. Only later did any legal persons, including the Saints and the NFL, try to claim it through registration." Vitter said claiming ownership over such a ubiquitous Louisiana phrase is like trying to claim ownership of "laissez les bons temps rouler!" Shop owners said they didn't want to violate any laws or league regulations. "If it's not public domain, I just need to know 'Who Dat' gets the check," said Lauren Thom, of Fleurty Girl. Copyright 2010 by WDSU.com. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Sat Jan 30 03:34:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jan 2010 22:34:55 -0500 Subject: [Infowarrior] - National priorities....? Message-ID: <4861A970-98E4-4CA2-8844-DF9D5A4682BE@infowarrior.org> Aren't there more pressing matters for Uncle Sugar to deal with now besides college bowl championships.......or, for that matter, Congressional investigations and hearings on steroid abuse and concussions in professional sports? I guess some things are more important to others. --rf Posted: Friday January 29, 2010 6:38PM; Updated: Friday January 29, 2010 8:36PMJustice Dept.: Obama administration may take action on BCS WASHINGTON (AP) -- The Obama administration is considering several steps that would review the legality of the controversial Bowl Championship Series, the Justice Department said in a letter Friday to a senator who had asked for an antitrust review. In the letter to Sen. Orrin Hatch, obtained by The Associated Press, Assistant Attorney General Ronald Weich wrote that the Justice Department is reviewing Hatch's request and other materials to determine whether to open an investigation into whether the BCS violates antitrust laws. "Importantly, and in addition, the administration also is exploring other options that might be available to address concerns with the college football postseason," Weich wrote, including asking the Federal Trade Commission to review the legality of the BCS under consumer protection laws. < - > http://sportsillustrated.cnn.com/2010/football/ncaa/01/29/obama.bcs.ap/index.html?xid=si_ncaaf From rforno at infowarrior.org Sat Jan 30 15:51:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Jan 2010 10:51:31 -0500 Subject: [Infowarrior] - E-book Peril Message-ID: <4A648ED6-99D3-4371-B26A-5AB4CEB437AE@infowarrior.org> IMHO e-books, for all their convenience, are being sold to the world as "everything you've come to expect in a book and more...EXCEPT....." To wit: Amazon.com mysteriously removes Macmillan book titles http://venturebeat.com/2010/01/29/macmillan-amazon-ipad/ One question: did Amazon also yank the books off everyone's Kindle that had purchased them? Are Macmillian e-book "owners" (er, licensees) now screwed if they need to reload their Kindle because these books aren't on Amazon's service anymore? If so, will they get refunds? I presume customers will be caught in the middle here with little or no recourse other than to buy an "old-fashioned" hard-copy book, if they want to ensure it will be there when they want it. Amazon's oopsie with 1984 last year should have been a big wakeup call to all e-book customers. If they can yank books at whim from the service, customers --er, victims-- may be SOL and refunds/credits not forthcoming since I would think the clause "or as authorized by Amazon as part of the Service" in the Kindle ToS would apply. (Source: http://www.amazon.com/gp/help/customer/display.html?nodeId=200144530) To say this won't end well is a gross understatement....which is still one of my biggest reasons for not wanting to jump into the e-book bandwagon either from Amazon, Apple, or whomever. I would consider e- books for convenience only ... and certainly with the expectation that everything in that walled garden is at-risk to things beyond my ability to control or truly retain "permanently." Give me a well-stocked library of paper-based books any day of the week! -rf From rforno at infowarrior.org Sat Jan 30 16:02:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Jan 2010 11:02:07 -0500 Subject: [Infowarrior] - EU's Gallo Report: Rubbish Recycled Message-ID: <1C5D803A-8B1E-490B-9FE9-50CA7031C600@infowarrior.org> EU's Gallo Report: Rubbish Recycled http://opendotdotdot.blogspot.com/2010/01/eus-gallo-report-rubbish-recycled.html From rforno at infowarrior.org Sat Jan 30 16:03:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Jan 2010 11:03:23 -0500 Subject: [Infowarrior] - Critics trash new Google Books settlement Message-ID: <1E446FE5-08EE-4E03-B2BB-481C888949D7@infowarrior.org> The sequel stinks: critics trash new Google Books settlement By John Timmer | Last updated January 29, 2010 3:12 PM http://arstechnica.com/tech-policy/news/2010/01/the-sequel-stinks-critics-trash-new-google-books-settlement.ars With everyone from authors to librarians upset about the initial settlement of the Google Books copyright lawsuit, and the US Department of Justice hinting that it was likely to be illegal, the parties involved withdrew it from consideration. After some modifications, it was resubmitted to the court; the deadline for comments on the new version passed yesterday, and many of the same parties submitted new briefs. But anyone who read the initial round may feel like they're experiencing d?j? vu when reading the new batch. For most of the settlement's critics, very little has changed, and their initial complaints remain. To be sure, Google has now won over a number of authors groups, including groups from Australia, Canada, and the UK. But in the list of filings tracked by the public index, objections abound. Some of these come from the authors themselves. Ursula K. Le Guin, for example, organized over 350 authors who objected to the fact that the agreement would apply to anyone who didn't opt out of it, a condition that most observers consider a major change in US copyright policy. The Estate of Richard Wright raises an interesting issue in a filing that otherwise borders on a diatribe. One thing that isn't addressed by the settlement is Google's ability to scan works without offering them for view. Although this limits the knowledge of the contents to machine learning algorithms that are currently fairly crude, this will ultimately change as our computational abilities improve. Wright's descendants think it's better to sort out what it means for a machine to know about the contents of a work now, rather than when it actually becomes a significant issue. Le Guin's concerns about the deal's shift from opt-in licensing to opt- out deals are echoed by major companies that also offered their take, such as Amazon and AT&T, which filed very similar objections. As potential Google competitors, both of these companies also focused on the antitrust issues involved, objecting to the fact that the revised settlement could still leave Google with extensive control over orphaned works and digitized books in general. One of the changes to the settlement is that Google will help set book prices by developing an algorithm that simulates what the prices would be under competitive market conditions. In essence, Amazon argues, that's simply having a computer make a decision that would otherwise be made by a human; the net result would still be a fixed price dictated by a single entity, something that antitrust law is intended to prevent. "The claim that this is acceptable or well-intentioned price fixing," Amazon's filing reads, "because it will supposedly mimic the market, does nothing to save the [revised agreement]." Amazon also argues that some of the changes made in the revised settlement only cover direct-to-consumer sales, and keep exclusive arrangements in place for subscription and institutional services. It also objects to clauses that provide Google protection against future claims, something it objected to the last time around, as well. The Internet Archive has a similar objection, as its filing has an entire section titled "No Class Settlement Should Authorize Google To Commit Additional Wrongful Acts in the Future." It says that the settlement, by effectively endorsing Google's illegal activity, provides legal sanction to what is now an insurmountable lead over competitors when it comes to content?nobody is going to be able to scan quickly enough to catch up with where Google already is any time soon. Public Knowledge, an advocacy group, takes a more nuanced view. In general, it finds the spirit of Google's effort?"making knowledge and creative works available to the general public"?in keeping with its mission, and doesn't think that the service itself necessarily violates any laws. But it wants to see the contents of orphaned works equally available to all, rather than made the exclusive domain of Google. To do that, it argues, we need changes in copyright law, not a settlement that is limited to two parties. At the far end of the spectrum is the Open Book Alliance, which includes libraries, author groups, and some of Google's competitors, like Amazon and Microsoft. Its filing leaves no doubt about how it feels about the revisions under consideration: "The paltry proposals offered by the parties for amending the Settlement?truly, a disdainful response to the vast outpouring of global criticism?change little." Its filing reiterates many of the complaints mentioned above, but goes well beyond that, accusing Google of starting the book scanning project and structuring the deal simply as a way of maintaining its dominance in the search market. The deal itself is little more than a sham, the OBA argues, since Google has already cut a variety of side deals with the publishers that are parties to the settlement. Once the settlement goes into effect, those will dictate the structure of the digital book market, making the true nature of the changes impossible to discern. Overall, the revisions to the settlement may have placated a number of parties, but some of the major objections remain: Google will have a significant degree of control over the future market for digitized works, and the settlement will require a change to how copyright is approached in the US, in that license holders will see some rights given to Google unless they act to prevent that. Although this concern is raised by many of Google's competitors, the US Department of Justice also objected to this aspect of the settlement. The last time around, both parties in the settlement chose to withdraw the agreement in order to deal with the vociferous criticism. Most of that hasn't abated, and it doesn't seem likely to without major structural revisions to the deal, revisions the parties involved appear reluctant to make. From rforno at infowarrior.org Sat Jan 30 16:10:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Jan 2010 11:10:27 -0500 Subject: [Infowarrior] - Navy creates cyber units Message-ID: Establishes US Fleet Cybercommand (TENTH FLEET) at Ft Meade http://cryptome.org/dodi/opnav-5400-7407.pdf. Establishes Navy Cyber Forces @ Norfolk. http://cryptome.org/dodi/opnav-5400-7408.pdf From rforno at infowarrior.org Sat Jan 30 21:36:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Jan 2010 16:36:55 -0500 Subject: [Infowarrior] - Phil Agre alive Message-ID: <40CD6C76-AF22-4CA7-815E-A3112847604C@infowarrior.org> (c/o Barry Wellman) Many of us were concerned. Short bulletin says he was located by LA County Sherriff's Dept Jan 16 2010, and is in good health and self-sufficient. http://www.ucpd.ucla.edu/2009/09-2490.pdf From rforno at infowarrior.org Sun Jan 31 14:31:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Jan 2010 09:31:10 -0500 Subject: [Infowarrior] - Shoppers take haggling to new heights Message-ID: <64AA2B66-5B3B-4343-9A49-10075128C1E9@infowarrior.org> (Okay, the iPod/iPhone app mentioned might be a keeper if/when I get a new ipod...--rf) In tough economic times, shoppers take haggling to new heights By Michael S. Rosenwald Sunday, January 31, 2010; B01 http://www.washingtonpost.com/wp-dyn/content/article/2010/01/28/AR2010012803512_pf.html The price tag on the smooth pair of Cole Haan loafers at Macy's said $148. I considered that a fair opening bid. Standing across from the salesman and the cash register, I said, "Can you knock off 25 percent?" The salesman said, "Can't do it." But I pressed on: "I'll get them on the Internet or at one of your competitors, so let's just do this here." Salesman: "Geez. You're like the second person who has tried to do this today." We stared at the shoe box. I liked what was inside. The loafers fit well, but they would feel even more comfortable with a discount. Macy's blinked first. "Ten percent off," the salesman said. "That's the best I can do." I sensed an advantage and counteroffered: "Let's do 20 percent." I then sensed annoyance and settled for the 10 percent. My first attempt as a haggler saved me almost 15 bucks and placed me at the center of "the biggest sea change of consumer behavior since the end of the Second World War," as Nancy Koehn, a Harvard Business School retail historian, calls it. In a country that has long shunned haggling outside of car dealerships and mattress stores, my behavior may have once appeared unseemly, even crass. That is, until the Great Recession. Firms are desperate for revenue, Americans are feeling broke, and the aisles from Best Buy to Macy's and even your neighborhood Giant -- as well as the 1-800 numbers at Comcast and Verizon -- have become venues for let's-make-a-deal. A recent Consumer Reports study found that 66 percent of American consumers had haggled at least once in the preceding six months, with an 88 percent ka-ching rate on gadgets, clothes, furniture and steak. "People like this," Koehn said. "They are not going to go back to giving their money away. Why would they?" The recession merely popped the lid off a retailing shift that has been brewing for a decade. EBay gave millions of consumers dealmaking training wheels (top bid for a "Goonies" DVD: $3.50). The Internet offers instant pricing data (do a Google search on "Lucky jeans and deal and DC"). And don't forget Priceline, which lets consumers name their price for flights, hotels and rental cars (thank you, William Shatner). For consumers like me who have spent decades shopping at full retail, getting a deal on previously no-deal items is liberating and invigorating, as I found out during a recent week I spent haggling. At first, my wife and friends asked me if I was crazy, but when I reported saving $3 on steak at Giant and $50 a month on our Verizon bill, they asked only one thing: How? I had help. I met Stephen Popick, a government economist, for coffee one day. Popick is a well-paid guy -- he can afford things. But he looks at price tags merely as suggestions. (Call him cheap, and he'll thank you for the compliment.) For years, Popick has haggled down prices on ground beef, videogames, beer, bicycles, magazines, satellite TV and even the his-and-her plastic reindeer that adorned his front lawn for Christmas. "I've always wondered why more people don't do this," said Popick, who lives with his wife in Alexandria. "This is your money. It would be wasteful not to do this, right?" Until the recent recession, Popick was a checkout pariah. Americans, according to economic historians, had not really haggled on retail goods since the Great Depression. Long before that (we're talking frontier days), we haggled over everything. But the Industrial Revolution brought fixed price tags. Rowland Macy, the founder of Macy's, played a key role in the trend, heavily advertising prices that he wouldn't budge from. For today's bargain-hunters, Popick's advice is simple: Look for an edge. That's how he got his reindeer. He saw them at a home- improvement store, the last two lonely floor models. They had a couple of tiny scratches, the kind only someone looking for a deal would ever notice. They were 50 percent off. Popick said to the manager, "How about 75 percent off and I'll take them home tonight?" Deal. Imagine that: a deal on a sale. Game on. I stopped at Montgomery Mall on the day before New Year's Eve and boldly asked a Nordstrom salesman for 20 percent off a pair of those same Cole Haans. "They never go on sale," he responded icily. Me: "But today, for me, c'mon. It's a new year." No luck. Undeterred, I was in Macy's 10 minutes later, where I hit my 10 percent jackpot. Macy's officials, for their part, claim that such unofficial discounts are not common practice, which made me wonder: What if retailers gave up on coupons, which many people just ignore, and instead price into their business models the ability to haggle for similar discounts? After all, I had not made a purchase at Macy's in at least two years, but I bought something this time because I got a deal. Then again, the decision may not be totally up to retail executives, particularly when you factor in ShopSavvy, a smart-phone app developed by three 30-something programmers in Dallas. "We wanted to solve a problem that people didn't even know they had yet," said Alexander Muse, co-founder of the developer, Big In Japan. What was the problem? Say you're techy enough to Google the prices of goods on your smart phone while you're standing in a store; this can be pretty tedious. ShopSavvy is a shortcut: It converts the phone's camera into a price scanner, delivering a live listing of competing prices as you stand in front of a coveted item. The app is downloaded once every second. And retailers are playing ball, paying the company to advertise better prices if a shopper is about to make a purchase from a competitor. "This is the latest spin on the old tactic of saying, 'I know I can get this for a better price down the street,' " said Greg Daugherty, executive editor of Consumer Reports. Only now, the tactic actually works. At Best Buy in Rockville, using ShopSavvy, I scanned a three-DVD set of the "Go, Diego, Go!" cartoon for my son. BestBuy had it for $30, but I found several other outlets selling it for $24. Time to haggle: I went to the checkout aisle and showed the clerk the list of cheaper offers. He called over the manager. I said, "I'll buy it for the price on my phone." Deal. If my haggling at Best Buy was high-tech, my deal at the Giant in Germantown was decidedly 1980s. The transaction involved a tiny intercom. Spotting two nice packages of steaks with their sell-by date approaching, I asked the butcher for a discount. He called the manager over the intercom. He said he could do $1.50 off each. Deal. Giant executives told me that "price negotiation is not our policy." Really? I did it another day in the florist department. "These flowers look a day old -- can I get a discount?" I asked the employee. Three bucks off. It felt fantastic. Feeling good, according to Koehn, the Harvard retail expert, is what could make this behavior last beyond the economic recovery. Consumers want to feel powerful, she said, to exact revenge on Wall Street for crushing the value of their homes. "This is Rocky running up the Philadelphia museum steps," she said. I'm not going to lie: Pulling one over on a publicly traded company feels pleasant, even if it is probably misguided blame. After all, Macy's didn't lower the value of my home 20 percent. But how much all this haggling is hurting -- or helping -- retailers is not yet clear, according to analysts. Personally, I see two advantages for them: I was generally buying things only because I got a good deal, and I felt more positive toward the companies that helped me out. I'll go back to Macy's for some spring shirts -- at a discount, of course. This feel-good stuff held true especially for Verizon, which provides me with fiber-optic cable, Internet and phone service. I can't remember the last time I felt loyalty toward an Internet provider. Who would? But when I called Verizon to tell them I was thinking of switching to satellite TV -- shhh, I really wasn't -- they lowered my bill by about $50 a month, doubled my Internet speed, tripled my HD channels and added free Showtime. I am not making that up. The edge I had is that Verizon, like Comcast, reports to Wall Street every quarter about "churn," or the number of customers they lose. Churn is bad. "You got a better deal because you indicated you would leave," said Verizon spokesman Bill Kula, one of the only corporate representatives to break down one of my transactions. "We need to maintain as many broadband customers as possible and also show growth." He said many customers trying to save money don't play similar games, instead trimming their services. Could they get a better deal by threatening to quit the company? "Yes," Kula replied. I didn't think I could be any more impressed by the churn angle until I called Verizon's cellphone unit with a professional haggler in Florida named Allan Stark. A former office-supply store owner in Baltimore, Stark haggles on everything from planes to TVs to cellphone bills. For the older crowd uncomfortable with smart phone apps or even the idea of haggling, Stark offers his own deal -- whatever savings he wins for you, he splits with you. I decided to try him out. If I left Verizon Wireless, I'd owe it about $600 in early-termination fees, so the odds were against me. I had no edge. But then Stark went to work on the customer service reps with me on the phone. Some of the things he said: "I've got my friend Mike on the phone, and he's inundated with competition -- they are all over him, and we don't want to leave because you guys are the best." . . . "Where are you right now? Where are you from? I like to know who I'm talking to, you know?" . . . "You're doing great. I'm gonna tell your supervisor." . . . "What can we do without him losing any features? Will you give us a deal because I'm overweight?" The agent agreed to give me 10 percent off the data portion of my bill for a month. Not a big dent, but nice. Then Stark got us connected to Verizon's loyalty department. A fellow named Mike came on the line. Mike the service rep didn't want to do much for Mike the customer. He said if I wanted to save money, I should cut back on services. Then Stark said, "What about a one-time credit?" Mike the service rep said, "I can do $50." I would have stopped there. Stark said, "How about $100?" Mike the service rep said fine. Mike the customer was stunned. We all hung up, and I called Stark back to tell him I couldn't believe he got me a discount while I was under contract. "Mike, there is nothing you can't negotiate these days," he said. My savings, over the course of a week: $730. Michael S. Rosenwald is a staff writer for The Washington Post. M.K. Perker, a comic book artist, is the author of the graphic novel "Insomnia Cafe." Rosenwald will be online to chat with readers Monday, Feb. 1, at 11 a.m. ET. Submit your questions and comments before or during the discussion.