From rforno at infowarrior.org Sun Sep 1 14:41:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Sep 2013 15:41:29 -0400 Subject: [Infowarrior] - EU plans to fit all cars with speed limiters Message-ID: EU plans to fit all cars with speed limiters All cars could be fitted with devices that stop them going over 70mph, under new EU road safety measures which aim to cut deaths from road accidents by a third. All cars could be fitted with speed limiters under new EU proposals Photo: ALAMY By Claire Carter 8:49AM BST 01 Sep 2013 http://www.telegraph.co.uk/motoring/road-safety/10278702/EU-plans-to-fit-all-cars-with-speed-limiters.html Under the proposals new cars would be fitted with cameras that could read road speed limit signs and automatically apply the brakes when this is exceeded. Patrick McLoughlin, the Transport Secretary, is said to be opposed to the plans, which could also mean existing cars are sent to garages to be fitted with the speed limiters, preventing them from going over 70mph. The new measures have been announced by the European Commission?s Mobility and Transport Department as a measure to reduce the 30,000 people who die on the roads in Europe every year. A Government source told the Mail on Sunday Mr McLoughlin had instructed officials to block the move because they ?violated? motorists? freedom. They said: ?This has Big Brother written all over it and is exactly the sort of thing that gets people's backs up about Brussels. ?The Commission wanted his views ahead of plans to publish the proposals this autumn. He made it very clear what those views were.? The source claimed one of the reasons he was against the Intelligent Speed Adaptation (ISA) scheme is that the UK has a better road safety record than other European countries ? with 1,754 people dying in road accidents last year compared to 3,657 in Germany. The scheme would work either using satellites, which would communicate limits to cars automatically, or using cameras to read road signs. Drivers can be given a warning of the speed limit, or their speed could be controlled automatically under the new measures. A spokesman for the European Commission said: ?There is a currently consultation focusing on speed-limiting technology already fitted to HGVs and buses. ?Taking account of the results, the Commission will publish in the autumn a document by its technical experts which will no doubt refer to ISA among many other things.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 2 07:28:13 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Sep 2013 08:28:13 -0400 Subject: [Infowarrior] - =?windows-1252?q?Drug_Agents_Use_Vast_Phone_Trove?= =?windows-1252?q?=2C_Eclipsing_N=2ES=2EA=2E=92s?= Message-ID: <2A5A2C53-749F-4EE0-A688-68E0D572140C@infowarrior.org> Drug Agents Use Vast Phone Trove, Eclipsing N.S.A.?s By SCOTT SHANE and COLIN MOYNIHAN Published: September 1, 2013 http://www.nytimes.com/2013/09/02/us/drug-agents-use-vast-phone-trove-eclipsing-nsas.html?pagewanted=all For at least six years, law enforcement officials working on a counternarcotics program have had routine access, using subpoenas, to an enormous AT&T database that contains the records of decades of Americans? phone calls ? parallel to but covering a far longer time than the National Security Agency?s hotly disputed collection of phone call logs. The Hemisphere Project, a partnership between federal and local drug officials and AT&T that has not previously been reported, involves an extremely close association between the government and the telecommunications giant. The government pays AT&T to place its employees in drug-fighting units around the country. Those employees sit alongside Drug Enforcement Administration agents and local detectives and supply them with the phone data from as far back as 1987. The project comes to light at a time of vigorous public debate over the proper limits on government surveillance and on the relationship between government agencies and communications companies. It offers the most significant look to date at the use of such large-scale data for law enforcement, rather than for national security. The scale and longevity of the data storage appears to be unmatched by other government programs, including the N.S.A.?s gathering of phone call logs under the Patriot Act. The N.S.A. stores the data for nearly all calls in the United States, including phone numbers and time and duration of calls, for five years. Hemisphere covers every call that passes through an AT&T switch ? not just those made by AT&T customers ? and includes calls dating back 26 years, according to Hemisphere training slides bearing the logo of the White House Office of National Drug Control Policy. Some four billion call records are added to the database every day, the slides say; technical specialists say a single call may generate more than one record. Unlike the N.S.A. data, the Hemisphere data includes information on the locations of callers. The slides were given to The New York Times by Drew Hendricks, a peace activist in Port Hadlock, Wash. He said he had received the PowerPoint presentation, which is unclassified but marked ?Law enforcement sensitive,? in response to a series of public information requests to West Coast police agencies. The program was started in 2007, according to the slides, and has been carried out in great secrecy. ?All requestors are instructed to never refer to Hemisphere in any official document,? one slide says. A search of the Nexis database found no reference to the program in news reports or Congressional hearings. The Obama administration acknowledged the extraordinary scale of the Hemisphere database and the unusual embedding of AT&T employees in government drug units in three states. But they said the project, which has proved especially useful in finding criminals who discard cellphones frequently to thwart government tracking, employed routine investigative procedures used in criminal cases for decades and posed no novel privacy issues. Crucially, they said, the phone data is stored by AT&T, and not by the government as in the N.S.A. program. It is queried for phone numbers of interest mainly using what are called ?administrative subpoenas,? those issued not by a grand jury or a judge but by a federal agency, in this case the D.E.A. Brian Fallon, a Justice Department spokesman, said in a statement that ?subpoenaing drug dealers? phone records is a bread-and-butter tactic in the course of criminal investigations.? Mr. Fallon said that ?the records are maintained at all times by the phone company, not the government,? and that Hemisphere ?simply streamlines the process of serving the subpoena to the phone company so law enforcement can quickly keep up with drug dealers when they switch phone numbers to try to avoid detection.? He said that the program was paid for by the D.E.A. and the White House drug policy office but that the cost was not immediately available. Officials said four AT&T employees are now working in what is called the High Intensity Drug Trafficking Area program, which brings together D.E.A. and local investigators ? two in the program?s Atlanta office and one each in Houston and Los Angeles. Daniel C. Richman, a law professor at Columbia, said he sympathized with the government?s argument that it needs such voluminous data to catch criminals in the era of disposable cellphones. ?Is this a massive change in the way the government operates? No,? said Mr. Richman, who worked as a federal drug prosecutor in Manhattan in the early 1990s. ?Actually you could say that it?s a desperate effort by the government to catch up.? But Mr. Richman said the program at least touched on an unresolved Fourth Amendment question: whether mere government possession of huge amounts of private data, rather than its actual use, may trespass on the amendment?s requirement that searches be ?reasonable.? Even though the data resides with AT&T, the deep interest and involvement of the government in its storage may raise constitutional issues, he said. Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said the 27-slide PowerPoint presentation, evidently updated this year to train AT&T employees for the program, ?certainly raises profound privacy concerns.? ?I?d speculate that one reason for the secrecy of the program is that it would be very hard to justify it to the public or the courts,? he said. Mr. Jaffer said that while the database remained in AT&T?s possession, ?the integration of government agents into the process means there are serious Fourth Amendment concerns.? Mr. Hendricks filed the public records requests while assisting other activists who have filed a federal lawsuit saying that a civilian intelligence analyst at an Army base near Tacoma infiltrated and spied on antiwar groups. (Federal officials confirmed that the slides are authentic.) Mark A. Siegel, a spokesman for AT&T, declined to answer more than a dozen detailed questions, including ones about what percentage of phone calls made in the United States were covered by Hemisphere, the size of the Hemisphere database, whether the AT&T employees working on Hemisphere had security clearances and whether the company has conducted any legal review of the program ?While we cannot comment on any particular matter, we, like all other companies, must respond to valid subpoenas issued by law enforcement,? Mr. Siegel wrote in an e-mail. Representatives from Verizon, Sprint and T-Mobile all declined to comment on Sunday in response to questions about whether their companies were aware of Hemisphere or participated in that program or similar ones. A federal law enforcement official said that the Hemisphere Project was ?singular? and that he knew of no comparable program involving other phone companies. The PowerPoint slides outline several ?success stories? highlighting the program?s achievements and showing that it is used in investigating a range of crimes, not just drug violations. The slides emphasize the program?s value in tracing suspects who use replacement phones, sometimes called ?burner? phones, who switch phone numbers or who are otherwise difficult to locate or identify. In March 2013, for instance, Hemisphere found the new phone number and location of a man who impersonated a general at a San Diego Navy base and then ran over a Navy intelligence agent. A month earlier the program helped catch a South Carolina woman who had made a series of bomb threats. And in Seattle in 2011, the document says, Hemisphere tracked drug dealers who were rotating prepaid phones, leading to the seizure of 136 kilos of cocaine and $2.2 million. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 2 08:21:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Sep 2013 09:21:51 -0400 Subject: [Infowarrior] - Disruptions: More Connected, Yet More Alone Message-ID: <117674DA-0CC5-4852-920A-75F208C8A2ED@infowarrior.org> Disruptions: More Connected, Yet More Alone By NICK BILTON ?I Forgot My Phone? on YouTube. http://bits.blogs.nytimes.com/2013/09/01/disruptions-more-connected-yet-more-alone/?hpw SAN FRANCISCO ? Last weekend, I was watching television with a few friends, browsing the week?s most popular YouTube videos, when a piece in the comedy section called ?I Forgot My Phone? caught my eye. As I was about to click play, however, a friend warned, ?Oh, don?t watch that. I saw it yesterday, and it?s really sad.? The two-minute video, which has been viewed more than 15 million times, begins with a couple in bed. The woman, played by the comedian and actress Charlene deGuzman, stares silently while her boyfriend pays no mind and checks his smartphone. The subsequent scenes follow Ms. deGuzman through a day that is downright dystopian: people ignore her as they stare at their phones during lunch, at a concert, while bowling and at a birthday party. (Even the birthday boy is recording the party on his phone.) The clip ends with Ms. deGuzman back in bed with her boyfriend at the end of the day; he is still using his phone. Ms. deGuzman?s video makes for some discomfiting viewing. It?s a direct hit on our smartphone-obsessed culture, needling us about our addiction to that little screen and suggesting that maybe life is just better led when it is lived rather than viewed. While the clip has funny scenes ? a man proposing on a beach while trying to record the special moment on his phone ? it is mostly ? sad. ?I came up with the idea for the video when I started to realize how ridiculous we are all being, myself included, when I was at a concert and people around me were recording the show with their phones, not actually watching the concert,? Ms. deGuzman said in an interview. ?It makes me sad that there are moments in our lives where we?re not present because we?re looking at a phone,? said Ms. deGuzman, who also wrote the piece, which was directed by Miles Crawford. She mused that, like it or not, experiencing life through a four-inch screen could be the new norm. Or not. Ms. deGuzman?s video may have landed at one of those cultural moments when people start questioning if something has gone too far and start doing something about it. Last week, the Unsound music festival in Poland banned fans from recording the event, saying it did not want ?instant documentation? and distractions that might take away from the performances. In April, during a show in New York City, Karen O, the lead singer of the rock band the Yeah Yeah Yeahs, told audience members to put away their phones (using an expletive to emphasize her point). A number of New York restaurants, including Momofuku Ko and Chef?s Table at Brooklyn Fare, have prohibited people from photographing their food. (Note to foodies: Your quinoa does not need to be artfully posted with an old-timey look on Instagram.) And, of course, many mothers and fathers who fought to keep the television out of the kitchen may see smartphones as the next threat to dinnertime civility. Michael Nagle for The New York Times A group of friends were on their phones during a birthday party at the Gowanus Yacht Club bar in Brooklyn. In the late 1950s, televisions started to move into the kitchen from the living room, often wheeled up to the dinner table to join the family for supper. And then, TV at the dinner table suddenly became bad manners. Back to the living room the TV went. ?It never really caught on in most U.S. homes,? said Lynn Spigel, a professor at the Northwestern University School of Communication and author of the book, ?Make Room for TV.? ?At one point, a company even tried to invent a contraption called the TV Stove, which was both a TV and a stove,? she said. So are smartphones having their TV-in-the-kitchen moment? ?Every experience is being mediated and conceived around how it can be captured and augmented by our devices,? said Mathias Crawford, a researcher in human-computer interactions and communications at Stanford University. ?No place is this more apparent than our meals, where every portion leading up to, during and after a dining experience is being carved out by particular apps.? People make dinner reservations on OpenTable; check in on Foursquare when they arrive at the restaurant; take a picture of their food to share on Instagram; post on Twitter a joke they hear during the meal; review the restaurant on Yelp; then, finally, coordinate a ride home using Uber. ?If you?re wondering when people are going to reject the phone, that will mean they need to reject Silicon Valley?s entire concept of how you ought to be dining,? Mr. Crawford said. But, he added, it was possible. ?Yes, society is changing, but the iPhone is only really six years old, and those changes aren?t set in place.? Given the overwhelming response to Ms. deGuzman?s video, people are at least thinking about those changes. ?It wasn?t until this year that I?ve had these revelations about living in the moment without my phone,? Ms. deGuzman said. ?I still have my phone with me, but I try to leave it in my purse. Now I find myself just taking in a moment, and I don?t have to post a picture about it.? E-mail: bilton at nytimes.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 2 17:14:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Sep 2013 18:14:47 -0400 Subject: [Infowarrior] - Russia Issues Travel Warning About United States Message-ID: <4CF76CC1-8A5C-419A-A82B-86C8463ACD5B@infowarrior.org> (Apart from this being a major diplomatic slap-in-the-face at the US, the Viktor Bout thing I *knew* would come back to haunt us at some point. --rick) Russia Issues Travel Warning About United States By DAVID M. HERSZENHORN Published: September 2, 2013 http://www.nytimes.com/2013/09/03/world/europe/russia-issues-travel-warning-about-united-states.html MOSCOW ? Countries often issue travel advisories warning citizens of danger abroad: war, for instance, or a terrorist threat or an outbreak of disease. The Russian Foreign Ministry posted advice of a somewhat different nature on Monday, cautioning people wanted by the United States not to visit nations that have an extradition treaty with it. ?Warning for Russian citizens traveling internationally,? the Foreign Ministry bulletin said. ?Recently, detentions of Russian citizens in various countries, at the request of American law enforcement, have become more frequent ? with the goal of extradition and legal prosecution in the United States.? Citing examples in Costa Rica, the Dominican Republic, Latvia and Spain, the Foreign Ministry said, ?Experience shows that the judicial proceedings against those who were in fact kidnapped and taken to the U.S. are of a biased character, based on shaky evidence, and clearly tilted toward conviction.? Extradition has frequently been a contentious issue between Russia and the United States, but the disagreements have been particularly sharp in recent months over the case of Edward J. Snowden, the fugitive former intelligence contractor who is wanted on criminal espionage charges but has been granted temporary asylum in Russia. In response to the demands by the Obama administration for Mr. Snowden?s return, Russian officials have said the United States has routinely ignored extradition requests from Russia. Russia has also complained about Russian citizens who have been arrested by the United States or by other countries at the Americans? request. In late July, a spokeswoman for the Russian Foreign Ministry, Maria Zakharova, criticized the arrest in the Dominican Republic of Aleksandr Panin, a Russian citizen wanted by the United States on charges related to cybercrimes. Ms. Zakharova said Russia considered such arrests ?a vicious trend, absolutely unacceptable and inadmissible.? She said the Russian government demanded that the United States request the arrest of Russian citizens directly from Moscow, under a 1999 treaty on assistance in criminal matters. There is no formal extradition treaty between Russia and the United States. Russian officials cited the lack of such an agreement as a main reason they could not forcibly return Mr. Snowden from the transit zone of Moscow?s Sheremetyevo Airport, where he lived for more than a month until his temporary asylum request was approved. Russia has often accused the United States of overstepping and potentially violating international law in its treatment of Russian citizens accused of crimes. It bridled over the handling of Viktor Bout, an international arms dealer who was arrested in Thailand, extradited to the United States, convicted in federal court and jailed in a federal prison. The United States has said that Mr. Bout?s arrest and extradition by the Thai government were legal, and that other cases have also been handled in accordance with international law. Besides the case of Mr. Panin, the Foreign Ministry?s travel advisory mentioned Maksim Chukharayev, who was arrested in Costa Rica in May in an investigation into a huge money laundering operation, and Dmitry Ustinov, arrested in April in Latvia and accused of smuggling American-made night-vision goggles to Russia for resale. The Foreign Ministry said Russian citizens could not expect to be treated fairly in the American justice system. ?Russian embassies and consulates general logically give consular and legal help to Russians in trouble,? the Foreign Ministry said. ?However, one should not count on a successful outcome in such cases.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 2 17:22:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Sep 2013 18:22:02 -0400 Subject: [Infowarrior] - Verizon Agrees to $130 Billion Vodafone Deal Message-ID: <1BEA0F43-4DA6-4EF8-8B56-81E54B58D9B1@infowarrior.org> Verizon Agrees to $130 Billion Vodafone Deal By Scott Moritz and Amy Thomson - Sep 2, 2013 http://www.bloomberg.com/news/print/2013-09-02/verizon-agrees-to-130-billion-vodafone-deal.html Verizon Communications Inc. (VZ) agreed to purchase Vodafone Group Plc (VOD)?s 45 percent stake in Verizon Wireless in a $130 billion transaction that gives it full control of the most profitable U.S. mobile-phone carrier. The deal has been approved by both companies? boards and is expected to be completed in the first quarter of 2014, according to a statement today. Verizon will pay Vodafone $58.9 billion in cash, financed with credit from JPMorgan Chase & Co., Bank of America Corp., Barclays Plc and Morgan Stanley. The company also will issue $60.2 billion in stock to Vodafone shareholders. The acquisition ends a 14-year partnership and will let Verizon collect all the future profits from the wireless unit while allowing Vodafone to exit a business whose dividends and operations it didn?t control. If completed at $130 billion, almost Verizon?s entire market value, the deal would be the biggest since Vodafone?s acquisition of Mannesmann AG in 2000. ?Although the U.S. has proved an important hedge for Vodafone against its struggling European operations, we always believed that at the right price exiting the U.S. market was the best move for the company,? said Kester Mann, an analyst at CCS Insight, which is located outside of London. ?As well as providing a major windfall for Vodafone shareholders, the deal enables the British company to shore up its underperforming European networks.? Bigger Than Google The blockbuster deal implies that the total value of Verizon Wireless is almost $290 billion. That?s bigger than the market capitalization of Google Inc. or the gross domestic product of Singapore. For Vodafone Chief Executive Officer Vittorio Colao, the deal helps shore up the company?s finances as he tries to revive European businesses hurt by the region?s debt crisis. As part of the transaction, New York-based Verizon will sell its 23 percent stake in Vodafone?s Italian unit back to Vodafone for $3.5 billion. ?The transaction will leave Vodafone in a strong financial situation,? Colao, 51, said today on a conference call. The stock portion of the deal is subject to what?s known as a collar, which places a floor of $47 and a maximum price of $51 on the shares that will be issued when the transaction closes. The rest of the purchase will be made up by $5 billion in notes payable to Vodafone and the sale of the Italian division. Verizon will also assume $2.5 billion in Vodafone?s liabilities to the U.S. business. The transaction implies an enterprise value of 9.4 times earnings before interest, taxes, depreciation and amortization over the past 12 months, Vodafone said. Investment Program Vodafone plans to use proceeds from the sale to start a new 6 billion-pound ($9.3 billion) network-investment program, called Project Spring, over the next three fiscal years. Vodafone also will return $84 billion to shareholders, including $23.9 billion in cash and the remainder in Verizon?s stock. The deal will result in a U.S. tax bill of about $5 billion under local tax rules, Vodafone said. Verizon, meanwhile, expects the buyout to boost the company?s earnings per share by about 10 percent as soon as it closes. Still, the increased debt raised concerns for credit-rating companies, which downgraded their grades for Verizon today. Both Moody?s Investors Service and Standard & Poor?s Financial Services LLC lowered the carrier?s long-term debt rating by one level, putting it three rungs above junk status. Previous Attempts The agreement brings to a close years of attempts by Verizon and Vodafone to resolve their relationship. In March, Bloomberg News reported the companies had discussed options ranging from a buyout of the venture by Verizon to a full merger of the two carriers. Verizon, which currently owns 55 percent of Verizon Wireless, hasn?t paid out consistent dividends to the venture?s partners. That has meant Newbury, England-based Vodafone couldn?t determine the amount or timing of an important source of its cash. Even so, the stake in Verizon Wireless -- with its industry-leading profits -- has been a bright spot for Vodafone in an otherwise sluggish industry. The U.K. company has lost about half of its market value since 2000, the year Verizon Wireless began service. Vodafone shares climbed 3.4 percent to 213.20 pence today in London. Verizon?s stock fell 0.9 percent to $47.38 on Aug. 30, the most recent trading day. U.S. stock markets were closed today for the Labor Day holiday. U.S. Competition For Verizon, the decision to commit to one of the biggest transactions of all time reflects its confidence in the U.S. wireless market -- even as growth slows and competition intensifies. The challenge will be keeping ahead of rivals that are using their own deals to bulk up in the country. Sprint Corp., the third-largest U.S. mobile-phone company, was acquired in July by SoftBank Corp. (9984), the Japanese carrier run by billionaire Masayoshi Son. SoftBank is giving Sprint a cash infusion to help upgrade its technology and make it more competitive. Deutsche Telekom AG (DTE)?s T-Mobile US Inc., the fourth-largest U.S. carrier, merged with MetroPCS Communications Inc. in May and is introducing more aggressive wireless prices and plans. And Dish Network Corp. Chairman Charlie Ergen has been amassing wireless airwaves with an eye to entering the market. Like his dealmaking competitors, Verizon CEO Lowell McAdam is betting that demand for wireless devices and services still has significant room to grow. ?Timing Was Right? ?The timing was right to execute a transaction that benefits both companies and their shareholders,? McAdam, 59, said in the statement. ?Today?s announcement is a major milestone for Verizon, and we look forward to having full ownership of the industry leader in network performance, profitability and cash flow.? Verizon?s biggest rival, AT&T Inc., has also continued to scour the U.S. for mobile-phone assets, agreeing in July to buy prepaid carrier Leap Wireless International Inc. Yet AT&T is also beginning to look elsewhere for investments, saying this year that Europe may offer attractive options. Verizon has depended on the steadiness of its wireless venture to offset a decline in landline customers, whom it?s trying to keep by investing in fiber-optic lines for high-speed Internet service. Wireless accounted for 66 percent of Verizon?s 2012 revenue and almost all of its operating income. The carrier also relies on the mobile business to help fund its dividend, which amounted to about $5.2 billion last year. Dividend Boost The company said today that it would increase its dividend 2.9 percent to 53 cents a quarter. Verizon Wireless posted $75.9 billion in operating revenue last year and $39.5 billion in the first half of this year. Its operating income margin was 32.6 percent in the first half. Verizon would owe a breakup fee to Vodafone of $10 billion if it can?t get financing for the deal, or $4.64 billion if Verizon?s board changes its recommendation to shareholders to vote in favor of the transaction. Vodafone would owe $1.55 billion to Verizon if its board changes its mind, and either side would pay $1.55 billion to the other if shareholders turn down the transaction. Vodafone also would have to pay the $1.55 billion if it gets an unfavorable tax ruling that makes it too onerous to complete the deal. Four companies came together to form Verizon Wireless. In 1999, Vodafone bought U.S.-based AirTouch Communications Inc., outbidding Bell Atlantic for what was then the world?s largest wireless company. Then Vodafone agreed they would form a nationwide mobile network with Bell Atlantic, which had just merged with GTE Corp. to create Verizon Communications. Dividend Drought As Verizon Wireless went on an acquisition spree, buying spectrum and companies to become the biggest U.S. mobile operator, Vodafone didn?t receive a dividend payment from the business for years. When Vodafone finally got a payout last year, it was the first since 2005. For Vodafone, the deal caps Colao?s efforts to exit joint ventures where the company doesn?t have full control. In the past three years, Vodafone has divested stakes in French carrier SFR as well as holdings in Asia and Poland. The size of today?s deal still doesn?t shatter Vodafone?s earlier M&A record. The company?s previous incarnation, Vodafone AirTouch Plc, spent more than 150 billion euros in 2000 -- $200 billion at today?s exchange rates and about $142 billion at the time the transaction was completed -- to acquire Germany?s Mannesmann. Time Warner?s merger with AOL brought in $124 billion in cash and stock when the two combined near the end of the technology bubble in 2001. Third Place Based on announced values, Verizon?s buyout would rank third, after the other two transactions. Guggenheim Securities LLC, JPMorgan, Morgan Stanley and Paul J. Taubman served as Verizon?s lead financial advisers. Wachtell, Lipton, Rosen & Katz and Macfarlanes LLP handled transaction counsel, while Debevoise & Plimpton LLP advised the company on its debt financing. Vodafone?s board was advised by Goldman Sachs Group Inc. and UBS AG. The cash from the U.S. stake sale gives Vodafone the wherewithal to make acquisitions and expand into faster-growing regions and businesses. In June, Vodafone agreed to buy Germany?s largest cable company, Kabel Deutschland Holding AG, for $10 billion, part of a shift in strategy to sell a bundle of wireless, landline Internet and television services. No Retreat Nick Read, head of Vodafone?s operations in Africa, Asia and the Middle East, has said the company is looking for opportunities to get bigger in Africa, where profit is predicted to overtake southern Europe in a few years. Today?s agreement doesn?t mean Vodafone is done with the U.S. either, Colao said on the conference call. ?It is not a big retreat,? he said. ?We have just monetized a big value for our shareholders from our U.S. investment. It is not a retreat in any way.? Vodafone also has considered an acquisition of Italy?s Fastweb SpA, people familiar with the matter told Bloomberg News in June. The Spanish cable company Ono is a possible target as well, CCS Insight?s Mann said. ?In addition, Vodafone itself could prove a potential takeover target as its high cash pile now makes it attractive to potential bidders,? Mann said. ?AT&T has been mentioned as one possible suitor after CEO Randall Stephenson said that it was looking at opportunities to expand outside the U.S.? Still, moving into Europe would be risky, Mann said. ?Different network technologies would limit potential cost savings, and the competitive and regulatory environment is more challenging than in the U.S.,? he said. To contact the reporters on this story: Scott Moritz in New York at smoritz6 at bloomberg.net; Amy Thomson in London at athomson6 at bloomberg.net To contact the editors responsible for this story: Kenneth Wong at kwong11 at bloomberg.net; Nick Turner at nturner7 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 3 07:05:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Sep 2013 08:05:28 -0400 Subject: [Infowarrior] - =?windows-1252?q?Microsoft_is_buying_Nokia=92s_ph?= =?windows-1252?q?one_business?= Message-ID: <773EEFBF-9EFE-40A7-BE0E-30BA4F942BE4@infowarrior.org> Microsoft is buying Nokia?s phone business By Timothy B. Lee, Updated: September 3, 2013 http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/03/heres-why-microsoft-is-buying-nokias-phone-business/?print=1 Microsoft CEO Steve Ballmer may be on his way out, but he?s planning to make a final big move before calling it quits. In a letter to employees released late Monday evening, Ballmer announced that Microsoft was acquiring Nokia?s smartphone business. Microsoft will pay ?3.79 billion ($5 billion) for the Finnish company?s ?Devices and Services? division and another ?1.65 billion ($2.2 billion) to license the company?s intellectual property. The deal cements a partnership that has been central to Microsoft?s mobile device strategy in recent years. Two years ago, Nokia announced that it would adopt Microsoft?s software for its smartphones. The new deal would make that alliance permanent. Why does Ballmer want to do that? His argument for the transaction is spelled out in a 30-page slide deck released in anticipation of a Tuesday morning conference call. The Redmond giant believes that deeper integration between devices, software, and services will be needed to compete effectively with Apple and Google?s mobile ecosystems. ?Devices help services and services help devices,? the presentation says. The company believes that more closely integrating the two will improve the user experience and help to ?build a large user base.? Such vertical integration, of course, has been essential to Apple?s business model for the iPhone, and Microsoft has adopted a similar strategy for its Surface line of tablets. Microsoft also believes that vertical integration will make it easier to finance the development of the Windows Phone platform. Right now, when Nokia sells a Windows Phone, Microsoft gets a ?gross margin? of around $10 from the deal, while much of the profit from the sale flows to Nokia. That limits Microsoft?s incentive to invest in the Windows Phone platform, since its partners capture a large share of the upside when the platform grows. That will change once Nokia?s phone business is part of Microsoft. Because the combined company will be supplying both hardware and software, Microsoft estimates it will enjoy a gross margin of $40 per phone sold. Microsoft plans to plow that extra cash into additional ?innovation and marketing? to expand the platform?s market share. Microsoft estimates that it needs to sell about 50 million phones to achieve ?operating income breakeven.? Microsoft says it?s not worried about getting a thumbs-down from regulators with authority over the deal, which is slated to close early in 2014. ?The acquisition will promote competition,? the presentation argues. ?Integration of hardware and software will help Microsoft offer competitive alternatives to Google and Apple.? The company argues consumers will benefit from lower phone costs and ?more choice and innovation.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 4 07:23:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Sep 2013 08:23:17 -0400 Subject: [Infowarrior] - Point-By-Point Rebuttal of U.S. Case for War In Syria Message-ID: <7698FDA2-9AA9-4D2B-A1A3-3B17DF08C0B0@infowarrior.org> Point-By-Point Rebuttal of U.S. Case for War In Syria http://www.ritholtz.com/blog/2013/09/point-by-point-rebuttal-of-u-s-case-for-war-in-syria/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 4 07:23:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Sep 2013 08:23:21 -0400 Subject: [Infowarrior] - State Department Syria Talking Points Message-ID: <69878ED1-E463-4D00-A702-1DB660AE83D2@infowarrior.org> State Department Syria Talking Points September 3, 2013 in Department of State The following document lists talking points prepared by the State Department in advance of Secretary of State John Kerry?s testimony before the Senate Foreign Relations Committee. The talking points were posted on the State Department?s website and apparently linked to on some embassy websites, though the links have now appear to have been removed. http://publicintelligence.net/syria-talking-points/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 4 07:28:05 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Sep 2013 08:28:05 -0400 Subject: [Infowarrior] - Kim Dotcom Resigns as Mega Director to Focus on Music Venture Message-ID: <889B1E42-DF96-4DA6-B044-7527F3AE3790@infowarrior.org> Kim Dotcom Resigns as Mega Director to Focus on Music Venture http://torrentfreak.com/kim-dotcom-resigns-as-mega-director-to-focus-on-music-venture-130904/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 4 07:56:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Sep 2013 08:56:54 -0400 Subject: [Infowarrior] - good read: Our Newfound Fear of Risk Message-ID: <6CED8CEE-985A-4165-8D3E-81986A39D33B@infowarrior.org> Our Newfound Fear of Risk http://www.schneier.com/blog/archives/2013/09/our_newfound_fe.html We're afraid of risk. It's a normal part of life, but we're increasingly unwilling to accept it at any level. So we turn to technology to protect us. The problem is that technological security measures aren't free. They cost money, of course, but they cost other things as well. They often don't provide the security they advertise, and -- paradoxically -- they often increase risk somewhere else. This problem is particularly stark when the risk involves another person: crime, terrorism, and so on. While technology has made us much safer against natural risks like accidents and disease, it works less well against man-made risks. Three examples: ? We have allowed the police to turn themselves into a paramilitary organization. They deploy SWAT teams multiple times a day, almost always in nondangerous situations. They tase people at minimal provocation, often when it's not warranted. Unprovoked shootings are on the rise. One result of these measures is that honest mistakes -- a wrong address on a warrant, a misunderstanding -- result in the terrorizing of innocent people, and more death in what were once nonviolent confrontations with police. ? We accept zero-tolerance policies in schools. This results in ridiculous situations, where young children are suspended for pointing gun-shaped fingers at other students or drawing pictures of guns with crayons, and high-school students are disciplined for giving each other over-the-counter pain relievers. The cost of these policies is enormous, both in dollars to implement and its long-lasting effects on students. ? We have spent over one trillion dollars and thousands of lives fighting terrorism in the past decade -- including the wars in Iraq and Afghanistan -- money that could have been better used in all sorts of ways. We now know that the NSA has turned into a massive domestic surveillance organization, and that its data is also used by other government organizations, which then lie about it. Our foreign policy has changed for the worse: we spy on everyone, we trample human rights abroad, our drones kill indiscriminately, and our diplomatic outposts have either closed down or become fortresses. In the months after 9/11, so many people chose to drive instead of fly that the resulting deaths dwarfed the deaths from the terrorist attack itself, because cars are much more dangerous than airplanes. There are lots more examples, but the general point is that we tend to fixate on a particular risk and then do everything we can to mitigate it, including giving up our freedoms and liberties. There's a subtle psychological explanation. Risk tolerance is both cultural and dependent on the environment around us. As we have advanced technologically as a society, we have reduced many of the risks that have been with us for millennia. Fatal childhood diseases are things of the past, many adult diseases are curable, accidents are rarer and more survivable, buildings collapse less often, death by violence has declined considerably, and so on. All over the world -- among the wealthier of us who live in peaceful Western countries -- our lives have become safer. Our notions of risk are not absolute; they're based more on how far they are from whatever we think of as "normal." So as our perception of what is normal gets safer, the remaining risks stand out more. When your population is dying of the plague, protecting yourself from the occasional thief or murderer is a luxury. When everyone is healthy, it becomes a necessity. Some of this fear results from imperfect risk perception. We're bad at accurately assessing risk; we tend to exaggerate spectacular, strange, and rare events, and downplay ordinary, familiar, and common ones. This leads us to believe that violence against police, school shootings, and terrorist attacks are more common and more deadly than they actually are -- and that the costs, dangers, and risks of a militarized police, a school system without flexibility, and a surveillance state without privacy are less than they really are. Some of this fear stems from the fact that we put people in charge of just one aspect of the risk equation. No one wants to be the senior officer who didn't approve the SWAT team for the one subpoena delivery that resulted in an officer being shot. No one wants to be the school principal who didn't discipline -- no matter how benign the infraction -- the one student who became a shooter. No one wants to be the president who rolled back counterterrorism measures, just in time to have a plot succeed. Those in charge will be naturally risk averse, since they personally shoulder so much of the burden. We also expect that science and technology should be able to mitigate these risks, as they mitigate so many others. There's a fundamental problem at the intersection of these security measures with science and technology; it has to do with the types of risk they're arrayed against. Most of the risks we face in life are against nature: disease, accident, weather, random chance. As our science has improved -- medicine is the big one, but other sciences as well -- we become better at mitigating and recovering from those sorts of risks. Security measures combat a very different sort of risk: a risk stemming from another person. People are intelligent, and they can adapt to new security measures in ways nature cannot. An earthquake isn't able to figure out how to topple structures constructed under some new and safer building code, and an automobile won't invent a new form of accident that undermines medical advances that have made existing accidents more survivable. But a terrorist will change his tactics and targets in response to new security measures. An otherwise innocent person will change his behavior in response to a police force that compels compliance at the threat of a Taser. We will all change, living in a surveillance state. When you implement measures to mitigate the effects of the random risks of the world, you're safer as a result. When you implement measures to reduce the risks from your fellow human beings, the human beings adapt and you get less risk reduction than you'd expect -- and you also get more side effects, because we all adapt. We need to relearn how to recognize the trade-offs that come from risk management, especially risk from our fellow human beings. We need to relearn how to accept risk, and even embrace it, as essential to human progress and our free society. The more we expect technology to protect us from people in the same way it protects us from nature, the more we will sacrifice the very values of our society in futile attempts to achieve this security. This essay previously appeared on Forbes.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 4 15:13:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Sep 2013 16:13:59 -0400 Subject: [Infowarrior] - Feds Seeking To Silence The Media Over Barrett Brown, After They Locked Him Up For Posting A Link Message-ID: Feds Seeking To Silence The Media Over Barrett Brown, After They Locked Him Up For Posting A Link from the prosecutorial-overreach dept http://www.techdirt.com/articles/20130903/17563724396/feds-seeking-to-silence-media-over-barrett-brown-after-they-locked-him-up-posting-link.shtml We've covered the immensely troubling case against Barrett Brown a few times here. Brown is the journalist and activist who was arrested on a series of highly questionable charges, mostly focused on taking the astounding step of copying a URL pointing to a bunch of Stratfor emails that people in Anonymous had hacked, and placing it in a chat room that Brown managed, to try to crowdsource information about intelligence community contractors, known as Project PM. No one has accused Brown of being responsible for the hack -- but rather just posting the link to the hacked contents, which the feds are claiming is a federal crime, in part because the data it pointed to contained credit card info. There are two other charges, including concealing evidence (he put his laptop in his mother's dish cabinet) and "threatening a federal agent" based on a rambling video he had posted to YouTube, which was probably inappropriate, but was in response to being constantly harassed and threatened himself for merely reporting on the various information that had been leaked. Glenn Greenwald's summary from earlier this year is well worth reading. The incredible thing is that the linking to leaked materials, including those that reveal hacked documents and things like passwords is fairly common. As the EFF pointed out a few weeks back, if what Brown did with the link to Stratfor emails was a crime then plenty of other publications are guilty of the same thing, including The Daily Beast and Buzzfeed, who both posted links to what some claimed were passwords for email accounts of Congressional staffers. Even more ridiculous, however, is that the government is seeking to silence the media from reporting on the case, claiming, ridiculously that press coverage related to the case is something it can blame on Brown himself because various publications are reporting on the ridiculous details of his arrest and the charges against him. Today, there is the latest hearing in his case, in which the US government is asking the court to issue a gag order barring both Brown and his lawyer from "making any statement to members of any television, radio, newspaper, magazine, Internet (including, but not limited to, bloggers), or other media organization about this case, other than matters of public record." Think about this for a second. Not only is the main charge against him for the "crime" of copying a URL from one place on the internet to another, but now the government is actively seeking to silence the media coverage about this case. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 4 22:58:26 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Sep 2013 23:58:26 -0400 Subject: [Infowarrior] - =?windows-1252?q?OpEd=3AThe_White_House=92s_Syria?= =?windows-1252?q?_secrets?= Message-ID: <30D0C05B-D4C9-4265-B755-87184CAF1047@infowarrior.org> (In other words, dear citizens, Just Trust Us. --rick) The White House?s Syria secrets By Dana Milbank http://www.washingtonpost.com/opinions/dana-milbank-on-syria-whos-got-a-secret/2013/09/04/9cc5b360-15a8-11e3-a2ec-b47e45e6f8ef_print.html John Kerry was making his ?beyond a reasonable doubt? case against Syria?s Bashar al-Assad on Wednesday when he gave lawmakers a bit of faulty intelligence. ?Just today, before coming in here, I read an e-mail to me about a general, the minister of defense, former minister or assistant minister, I forget which, who has just defected and is now in Turkey,? the secretary of state testified before the House Foreign Affairs Committee. ?And there are other defections that we are hearing about because of the potential that we might take action.? A few minutes later, Kerry revised his account: This official-sounding ?e-mail? was actually a Reuters news account about a former defense minister based on a claim by the Syrian opposition. ?Reuters has now said the Syrian government is saying the defection has not taken place,? Kerry said. ?So who knows whether it has or hasn?t?? Who knows? This is the problem with the case the Obama administration is making for attacking Syria. Officials say the evidence is incontrovertible that Assad used sarin gas against his people. Lawmakers emerging from secret, classified briefings seem to agree. But while members of Congress are coming around to an attack on Syria, the American public remains skeptical. Why? Maybe it?s because the government won?t let them in on the secret. The public heard about another ?slam dunk? case a decade ago and, then as now, Democratic and Republican lawmakers agreed that the secret evidence was compelling. And it turned out to be wrong. Now, administration officials are telling Americans to trust their assurances that the secret evidence is convincing and that their war planning is solid. But they won?t provide details. Estimates of collateral damage? ?Lower than a certain number which I would rather share with you in a classified setting,? Joint Chiefs Chairman Martin Dempsey told lawmakers. Response of the Arab and Muslim countries? ?This is something I?d be happier discussing in greater detail with you in the closed session,? Kerry said. Safeguards to keep military action limited? ?We can talk about that in a closed session,? Dempsey said. How would Russia and other Syrian allies respond to a U.S. strike? ?We all agree that that would be best handled in a classified session,? Kerry said. No, we don?t all agree. The administration?s case against Assad may well be airtight. Walter Pincus, The Post?s longtime intelligence correspondent, tells me he hasn?t heard the sort of doubts from the intelligence community that he heard during the run-up to the Iraq war. The problem is that the refusal to declassify evidence helps opponents such as Russia?s Vladimir Putin cast doubt on the intelligence. The administration is hiding behind the protection of ?sources and methods,? but is any foe still unaware of the National Security Agency?s satellite and intercept capabilities? Pincus argues for releasing the intercepts that describe the Syrian regime using the weapons and then ending the barrage, and the satellite imagery showing preparations for an attack and the firing of rockets from Assad-controlled territory. But instead of declassifying, administration officials are being ostentatious about their secrecy, as if protecting their club?s secret handshake. ?TOP SECRET/CLOSED,? said the Senate Foreign Relations Committee?s notice for Wednesday?s hearing. ?CLOSED,? said the Senate Armed Services Committee?s notice. In ?open? testimony Tuesday and Wednesday, the officials encouraged lawmakers to save their questions for secret sessions. Arming the Syrian opposition? That ?would require a closed or classified hearing.? The broad effects of the military strike? ?I would prefer to speak out in a classified setting.? Could Hezbollah have chemical weapons? ?We need to talk about that in our classified session.? Would allies join an attack? It ?would not be appropriate to speak about in an unclassified setting.? Could an attack make Assad use chemical weapons again? ?I urge you to go to the classified briefing.? At Wednesday?s hearing, Kerry said that ?beyond a reasonable doubt, the evidence proves that the Assad regime prepared this attack.? He then dangled this: ?In an appropriate setting, you will learn additional evidence which came to us even today.? But isn?t it ?appropriate? for the American public to see some hard evidence? During Tuesday?s Senate hearing, Sen. Ed Markey (D-Mass.) asked for the administration to ?declassify a higher percentage of the information that we have so the American people and the international community can see it.? Kerry said that the amount declassified is ?unprecedented? and that what?s out there now is ?sufficient.? He may think so. But it?s not sufficient until the American public believes it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 07:02:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 08:02:54 -0400 Subject: [Infowarrior] - Court: Federal Law Allows Lying in TSA-Related FOIA Requests Message-ID: <38152FA4-374E-4255-B485-49F73E2E0B05@infowarrior.org> Court: Federal Law Allows Lying in TSA-Related FOIA Requests September 3, 2013 http://tsaoutofourpants.wordpress.com/2013/09/03/court-federal-law-allows-lying-in-tsa-related-foia-requests/ Moments ago, the remaining claims in my lawsuit stemming from being illegally detained at FLL airport and then lied to about the existence of CCTV video of the incident, were dismissed. The questions before the court were as follows: ? Can the TSA (or local governments as directed by the TSA) lie in response to a FOIA request? Sure, no problem! Even the NSA responds that they ?can?t confirm or deny the existence? of classified things for which admitting or denying existence would (allegedly, of course) damage national security. But the TSA? U.S. District Judge Joan A. Lenard granted the TSA the special privilege of not needing to go that route, rubber-stamping the decision of the TSA and the airport authority to write to me that no CCTV footage of the incident existed when, in fact, it did. This footage is non-classified and its existence is admitted by over a dozen visible camera domes and even signage that the area is being recorded. Beyond that, the TSA regularly releases checkpoint video when it doesn?t show them doing something wrong (for example, here?s CCTV of me beating their body scanners). But if it shows evidence of misconduct? Just go ahead and lie. ? Can the TSA hide the names and faces of its public-facing employees (and any local law enforcement coming to their aid) who are accused of misconduct? You bet! Despite the fact that they all wore name tags and I could have legally taken photos of them, Judge Lenard feels that the public servants who illegally searched and detained me deserve ?privacy,? and upheld the TSA?s decision to redact their names from every document sent to me and to blur the entirety of every video sent to me. This is the same TSA that cares so much about privacy that they ?accidentally? published a copy of my driver?s license in court filings. ? Can the TSA frustrate court review of whether or not a document is releasable under FOIA simply by ?ordering? it secret? Why not?! Judge Lenard ruled that once a document is labeled ?Sensitive Security Information? (which the TSA does by merely waiving a magic wand and writing ?SSI? on the cover of a document) the U.S. District Court loses its power to review that determination, and the U.S. Court of Appeals is the proper forum. But wait, the Court of Appeals doesn?t evaluate FOIA claims, so now, in order to get a document you want, you must petition 2 courts and pay over $800 in filing fees alone. Yes, clearly this is how Congress intended public records laws ? designed to allow transparency in government ? to work. On top of this recent heap of fail, Judge Lenard had previously tossed the bulk of my lawsuit ? 19 out of 21 charges ? and then refused to allow me to appeal those 19 charges until she contemplated these two remaining charges. She then took 6 months to write this 19-page opinion. Her decision today, therefore, is not much of a surprise to me, since Judge Lenard seems to be more inclined to rubber-stamp government thuggery, through convoluted, ill-supported, and needlessly delayed rulings, rather than to dispense justice. I will be filing a notice of appeal this week, sending this case to the U.S. Court of Appeals for the 11th Circuit, and I am strongly tempted to file a complaint of judicial misconduct based on her purposeful delay of my case and the sheer absurdity of some of her arguments. But, appeal first, misconduct complaint later. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 07:02:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 08:02:58 -0400 Subject: [Infowarrior] - Canada's Copyright Board Shuts Down Industry's Request For 'You Must Be A Criminal Tax' On MicroSD Cards Message-ID: <040F4E1E-8BB3-4B9D-B7DD-90391B4C6DCF@infowarrior.org> Canada's Copyright Board Shuts Down Industry's Request For 'You Must Be A Criminal Tax' On MicroSD Cards http://www.techdirt.com/articles/20130903/11342024393/canadas-copyright-board-shuts-down-industrys-request-you-must-be-criminal-tax-microsd-cards.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 07:05:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 08:05:47 -0400 Subject: [Infowarrior] - Pew Report: Anonymity, Privacy, and Security Online Message-ID: http://pewinternet.org/Reports/2013/Anonymity-online.aspx Overview A new survey finds that most internet users would like to be anonymous online, but many think it is not possible to be completely anonymous online. Some of the key findings: ? 86% of internet users have taken steps online to remove or mask their digital footprints?ranging from clearing cookies to encrypting their email. ? 55% of internet users have taken steps to avoid observation by specific people, organizations, or the government. The representative survey of 792 internet users also finds that notable numbers of internet users say they have experienced problems because others stole their personal information or otherwise took advantage of their visibility online. Specifically: ? 21% of internet users have had an email or social networking account compromised or taken over by someone else without permission. ? 12% have been stalked or harassed online. ? 11% have had important personal information stolen such as their Social Security Number, credit card, or bank account information. ? 6% have been the victim of an online scam and lost money. ? 6% have had their reputation damaged because of something that happened online. ? 4% have been led into physical danger because of something that happened online. ?Users clearly want the option of being anonymous online and increasingly worry that this is not possible,? said Lee Rainie, Director of the Pew Research Center?s Internet Project and an author of a report on the survey findings. ?Their concerns apply to an entire ecosystem of surveillance. In fact, they are more intent on trying to mask their personal information from hackers, advertisers, friends and family members than they are trying to avoid observation by the government.? About the Survey This survey by the Pew Research Center?s Internet Project was underwritten by Carnegie Mellon University. The findings in this report are based on data from telephone interviews conducted by Princeton Survey Research Associates International from July 11-14, among a sample of 1,002 adults ages 18 and older. Telephone interviews were conducted in English by landline and cell phone. For results based on the total sample, one can say with 95% confidence that the error attributable to sampling is plus or minus 3.4 percentage points and for the results from 792 internet and smartphone users in the sample, the margin of error is 3.8 percentage points. More information is available in the Methods section at the end of this report. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 13:58:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 14:58:27 -0400 Subject: [Infowarrior] - WH Surveillance panel seeks public input Message-ID: <4D0F1897-18D9-4853-96E9-F6F9D81AD62E@infowarrior.org> Surveillance panel seeks public input By JOSH GERSTEIN | 9/5/13 8:23 AM EDT http://www.politico.com/blogs/under-the-radar/2013/09/surveillance-panel-seeks-public-input-171854.html?hp=r8 A new board that President Barack Obama set up to investigate the balance between privacy and security in the era of "big data" is asking the public to weigh in with its thoughts on how those goals can better be achieved. The call for public input issued late Wednesday is vague in its scope, just like the mandate for the newly-created "Review Group on Global Signals Intelligence Collection and Communications Technologies." "The Review Group is seeking public comments on all matters that the President has directed it to examine, namely, how in light of advancements in communications technologies, the United States can employ its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while respecting our commitment to privacy and civil liberties, recognizing our need to maintain the public trust, and reducing the risk of unauthorized disclosure," said a statement posted on Tumblr. The announcement warns that comments submitted may be released publicly. However, the statement does not commit to do so. The submission mechanism does not indicate what past or present members of the Intelligence Community with access to classified information should do if their suggestions involve classified programs. Obama announced his plans for the review panel on August 9 as part of a group of proposed reforms aimed at quieting the flap over National Security Agency surveillance. He officially named and met with the five-member group last week. It includes lawyers and former national security officials but no one with significant expertise in new data processing technologies. The group was organized under the auspices of the Director of National Intelligence James Clapper. That designation gives it an exemption from a law that normally requires advisory panels to meet publicly, the Federal Advisory Committee Act. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 14:17:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 15:17:47 -0400 Subject: [Infowarrior] - N.S.A. Foils Much Internet Encryption Message-ID: N.S.A. Foils Much Internet Encryption By NICOLE PERLROTH, JEFF LARSON and SCOTT SHANE Published: September 5, 2013 http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html This story has been reported in partnership between The New York Times, The Guardian and Pro Publica based on documents obtained by The Guardian. For The Guardian: James Ball, Julian Borger, Glenn Greenwald. For The New York Times: Nicole Perlroth, Scott Shane. For Pro Publica: Jeff Larson. The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents. The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show. Many users assume ? or have been assured by Internet companies ? that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor. Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own ?back door? in all encryption, it set out to accomplish the same goal by stealth. The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated. The N.S.A. hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world?s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world. ?For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,? said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. ?Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.? When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, ?those not already briefed were gobsmacked!? An intelligence budget document makes clear that the effort is still going strong. ?We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,? the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year. In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.?s broad reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects. The agency?s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans? e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features. The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say. Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by Qaeda leaders about a terrorist plot and of Syrian officials? messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work. But some experts say the N.S.A.?s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications. Some of the agency?s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL, virtual private networks, or VPNs, and the protection used on fourth generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company?s computer network, or use a phone or a tablet on a 4G network. For at least three years, one document says, GCHQ, almost certainly in close collaboration with the N.S.A., has been looking for ways into protected traffic of the most popular Internet companies: Google, Yahoo, Facebook and Microsoft?s Hotmail. By 2012, GCHQ had developed ?new access opportunities? into Google?s systems, according to the document. ?The risk is that when you build a back door into systems, you?re not the only one to exploit it,? said Matthew D. Green, a cryptography researcher at Johns Hopkins University. ?Those back doors could work against U.S. communications, too.? Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip. ?And they went and did it anyway, without telling anyone,? Mr. Kocher said. He said he understood the agency?s mission but was concerned about the danger of allowing it unbridled access to private information. ?The intelligence community has worried about ?going dark? forever, but today they are conducting instant, total invasion of privacy with limited effort,? he said. ?This is the golden age of spying.? A Vital Capability The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus primarily on GCHQ but include thousands either from or about the N.S.A. Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others. The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian?s Web site in June. ?Properly implemented strong crypto systems are one of the few things that you can rely on,? he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted. The documents make clear that the N.S.A. considers its ability to decrypt information a vital capability, one in which it competes with China, Russia and other intelligence powers. ?In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,? a 2007 document said. ?It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.? The full extent of the N.S.A.?s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas ? both names of American Civil War battles. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century. Unlike some classified information that can be parceled out on a strict ?need to know? basis, one document makes clear that with Bullrun, ?there will be NO ?need to know.? ? Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program?s capabilities, methods and sources. Ties to Internet Companies When the N.S.A. was founded, encryption was an obscure technology used mainly by diplomats and military officers. Over the last 20 years, with the rise of the Internet, it has become ubiquitous. Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to the Web address on their computer screen. Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency?s success depends on working with Internet companies ? by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware. According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which ?actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products? designs? to make them ?exploitable.? Sigint is the abbreviation for signals intelligence, the technical term for electronic eavesdropping. By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws, according to the documents. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments. In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times. The 2013 N.S.A. budget request highlights ?partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses? ? that is, to allow more eavesdropping. At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft?s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company?s cloud storage service. Microsoft asserted that it had merely complied with ?lawful demands? of the government, and in some cases, the collaboration was clearly coerced. Executives who refuse to comply with secret court orders can face fines or jail time. N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it. How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies? computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. ?Approval to release to non-Sigint agencies,? a GCHQ document says, ?will depend on there being a proven non-Sigint method of acquiring keys.? Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency?s 2013 budget request was to ?influence policies, standards and specifications for commercial public key technologies,? the most common encryption method. Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States? encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members. Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort ?a challenge in finesse.? ?Eventually, N.S.A. became the sole editor,? the memo says. Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections. The N.S.A.?s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products and services to the agency with the goal of improving American cybersecurity. But a top-secret N.S.A. document suggests that the agency?s hacking division uses that same program to develop and ?leverage sensitive, cooperative relationships with specific industry partners? to insert vulnerabilities into Internet security products. A Way Around By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, or P.G.P., designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key. That proposal met a broad backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union. All argued that the Clipper would kill not only the Fourth Amendment, but also America?s global edge in technology. By 1996, the White House backed down. But soon the N.S.A. began trying to anticipate and thwart encryption tools before they became mainstream. ?Every new technology required new expertise in exploiting it, as soon as possible,? one classified document says. Each novel encryption effort generated anxiety. When Mr. Zimmermann introduced the Zfone, an encrypted phone technology, N.S.A. analysts circulated the announcement in an e-mail titled ?This can?t be good.? But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government?s nuclear department and another?s Internet service by cracking the virtual private networks that protected them. By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300. But the agencies? goal was to move away from decrypting targets? tools one by one and instead decode, in real time, all of the information flying over the world?s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence. A 2010 document calls for ?a new approach for opportunistic decryption, rather than targeted.? By that year, a Bullrun briefing document claims that the agency had developed ?groundbreaking capabilities? against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum. But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere ?fact of? decryption became widely known. ?These capabilities are among the Sigint community?s most fragile, and the inadvertent disclosure of the simple ?fact of? could alert the adversary and result in immediate loss of the capability,? a GCHQ document outlining the Bullrun program warned. Corporate Pushback Since Mr. Snowden?s disclosures ignited criticism of overreach and privacy infringements by the N.S.A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying. Google, Yahoo and Facebook have pressed for permission to reveal more about the government?s secret requests for cooperation. One small e-mail encryption company, Lavabit, shut down rather than comply with the agency?s demands for what it considered confidential customer information; another, Silent Circle, ended its e-mail service rather than face similar demands. In effect, facing the N.S.A.?s relentless advance, the companies surrendered. Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. ?Without Congressional action or a strong judicial precedent,? he wrote, ?I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.? John Markoff contributed reporting for The New York Times. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 14:19:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 15:19:28 -0400 Subject: [Infowarrior] - Why We Published the Decryption Story Message-ID: Why We Published the Decryption Story by Stephen Engelberg and Richard Tofel ProPublica, Sep. 5, 2013, 2:54 p.m. http://www.propublica.org/article/why-we-published-the-decryption-story ProPublica is today publishing a story in partnership with the Guardian and The New York Times about U.S. and U.K. government efforts to decode enormous amounts of Internet traffic previously thought to have been safe from prying eyes. This story is based on documents provided by Edward Snowden, the former intelligence community employee and contractor. We want to explain why we are taking this step, and why we believe it is in the public interest. The story, we believe, is an important one. It shows that the expectations of millions of Internet users regarding the privacy of their electronic communications are mistaken. These expectations guide the practices of private individuals and businesses, most of them innocent of any wrongdoing. The potential for abuse of such extraordinary capabilities for surveillance, including for political purposes, is considerable. The government insists it has put in place checks and balances to limit misuses of this technology. But the question of whether they are effective is far from resolved and is an issue that can only be debated by the people and their elected representatives if the basic facts are revealed. It?s certainly true that some number of bad actors (possibly including would-be terrorists) have been exchanging messages through means they assumed to be safe from interception by law enforcement or intelligence agencies. Some of these bad actors may now change their behavior in response to our story. In weighing this reality, we have not only taken our own counsel and that of our publishing partners, but have also conferred with the government of the United States, a country whose freedoms give us remarkable opportunities as journalists and citizens. Two possible analogies may help to illuminate our thinking here. First, a historical event: In 1942, shortly after the World War II Battle of Midway, the Chicago Tribune published an article suggesting, in part, that the U.S. had broken the Japanese naval code (which it had). Nearly all responsible journalists we know would now say that the Tribune?s decision to publish this information was a mistake. But today?s story bears no resemblance to what the Tribune did. For one thing, the U.S. wartime code-breaking was confined to military communications. It did not involve eavesdropping on civilians. The second analogy, while admittedly science fiction, seems to us to offer a clearer parallel. Suppose for a moment that the U.S. government had secretly developed and deployed an ability to read individuals? minds. Such a capability would present the greatest possible invasion of personal privacy. And just as surely, it would be an enormously valuable weapon in the fight against terrorism. Continuing with this analogy, some might say that because of its value as an intelligence tool, the existence of the mind-reading program should never be revealed. We do not agree. In our view, such a capability in the hands of the government would pose an overwhelming threat to civil liberties. The capability would not necessarily have to be banned in all circumstances. But we believe it would need to be discussed, and safeguards developed for its use. For that to happen, it would have to be known. There are those who, in good faith, believe that we should leave the balance between civil liberty and security entirely to our elected leaders, and to those they place in positions of executive responsibility. Again, we do not agree. The American system, as we understand it, is premised on the idea -- championed by such men as Thomas Jefferson and James Madison -- that government run amok poses the greatest potential threat to the people?s liberty, and that an informed citizenry is the necessary check on this threat. The sort of work ProPublica does -- watchdog journalism -- is a key element in helping the public play this role. American history is replete with examples of the dangers of unchecked power operating in secret. Richard Nixon, for instance, was twice elected president of this country. He tried to subvert law enforcement, intelligence and other agencies for political purposes, and was more than willing to violate laws in the process. Such a person could come to power again. We need a system that can withstand such challenges. That system requires public knowledge of the power the government possesses. Today?s story is a step in that direction. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 14:56:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 15:56:42 -0400 Subject: [Infowarrior] - The US government has betrayed the internet. We need to take it back Message-ID: <855D903E-3379-45A1-9818-B9FFDEE61F39@infowarrior.org> The US government has betrayed the internet. We need to take it back The NSA has undermined a fundamental social contract. We engineers built the internet ? and now we have to fix it ? Bruce Schneier ? theguardian.com, Thursday 5 September 2013 15.04 EDT http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying Government and industry have betrayed the internet, and us. By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards. This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can ? and should ? do. One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order. If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don't cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers. We need to know how exactly how the NSA and other agencies are subverting routers, switches, the internet backbone, encryption technologies and cloud systems. I already have five stories from people like you, and I've just started collecting. I want 50. There's safety in numbers, and this form of civil disobedience is the moral thing to do. Two, we can design. We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information. We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems ? these will be harder for the NSA to subvert. The Internet Engineering Task Force, the group that defines the standards that make the internet run, has a meeting planned for early November in Vancouver. This group needs dedicate its next meeting to this task. This is an emergency, and demands an emergency response. Three, we can influence governance. I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better. The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others. We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations. Unfortunately, this is going play directly into the hands of totalitarian governments that want to control their country's internet for even more extreme forms of surveillance. We need to figure out how to prevent that, too. We need to avoid the mistakes of the International Telecommunications Union, which has become a forum to legitimize bad government behavior, and create truly international governance that can't be dominated or abused by any one country. Generations from now, when people look back on these early decades of the internet, I hope they will not be disappointed in us. We can ensure that they don't only if each of us makes this a priority, and engages in the debate. We have a moral duty to do this, and we have no time to lose. Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground. Again, the politics of this is a bigger task than the engineering, but the engineering is critical. We need to demand that real technologists be involved in any key government decision making on these issues. We've had enough of lawyers and politicians not fully understanding technology; we need technologists at the table when we build tech policy. To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it. ? Bruce Schneier writes about security, technology, and people. His latest book is Liars and Outliers: Enabling the Trust That Society Needs to Thrive. He is working for the Guardian on other NSA stories --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 15:31:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 16:31:36 -0400 Subject: [Infowarrior] - =?windows-1252?q?Project_Bullrun_=96_classificati?= =?windows-1252?q?on_guide_to_the_NSA=27s_decryption_program?= Message-ID: LINK NOT SAFE FOR GOVERNMENT PEOPLE Project Bullrun ? classification guide to the NSA's decryption program Guide for NSA employees and contractors on Bullrun outlines its goals ? and reveals that the agency has capabilities against widely-used online protocols such as HTTPS http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 15:43:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 16:43:14 -0400 Subject: [Infowarrior] - Privacy groups ask FTC to stop Facebook policy changes Message-ID: <14B95519-CA46-4909-B1B4-3EC8E4F084DA@infowarrior.org> Privacy groups ask FTC to stop Facebook policy changes http://www.washingtonpost.com/business/technology/privacy-groups-ask-ftc-to-stop-facebook-policy-changes/2013/09/05/c745ecee-1626-11e3-804b-d3a1a3a18f2c_print.html By Hayley Tsukayama, Half a dozen privacy groups have asked the Federal Trade Commission to stop Facebook from enacting changes to two of its governing documents. Facebook proposed updates to its Data Use Policy and Statement of Rights and Responsibilities last week, including language it said would clarify what information on the site it uses for advertisements. But the privacy advocates, including the Electronic Privacy Information Center, Consumer Watchdog and the Center for Digital Democracy, say that the changes encroach on user privacy and may violate a 2011 settlement between Facebook and the FTC. Facebook did not immediately respond to a request for comment on the groups? letter to the FTC. Agency spokeswoman Cheryl Hackley confirmed that the FTC has received the document, but declined additional comment. The 2011 settlement said that Facebook must obtain consumer consent before sharing information beyond the limits of its established privacy settings. In the letter, the groups say that the proposed changes ? particularly regarding advertisements ? do just that. In fact, the groups argue, the proposed policies have strong echoes of Facebook?s now-defunct Beacon advertising program, which led to a $9.5 million settlement with users who said they were not properly notified that Facebook used data from outside Web sites to target ads on its network. ?The proposed changes are broad enough to allow Facebook to resurrect programs similar to Beacon, a program that just about everyone including Facebook agreed was wrong and was subsequently shut down,? the groups said in the letter. ?It requires ?Alice in Wonderland? logic to see this as anything but a major setback for the privacy rights of Facebook users.? In its revised policy, Facebook explicitly states that users? names, profile pictures, content and information such as pages they like can be used in network ads. As Facebook said, ?This means, for example, that you permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you.? The groups also said that the policies? new language on ads, as it pertains to minors, opens up the network?s younger users to potential privacy issues. The new policies say that those under 18 must get permission from at least one parent or legal guardian before signing up for the site, which allows the company to use teens? information in the same way as regular users. ?Such ?deemed consent? eviscerates any meaningful limits over the commercial exploitation of the images and names of young Facebook users,? the groups wrote in their letter. In addition to EPIC, CDD and Consumer Watchdog, representatives from Patient Privacy Rights, U.S. Public Interest Research Group and the Privacy Rights Clearinghouse also signed the letter. (Washington Post Co. chairman and chief executive Donald E. Graham is a member of Facebook?s board of directors.) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 16:44:49 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 17:44:49 -0400 Subject: [Infowarrior] - =?windows-1252?q?What_Exactly_Are_the_NSA=92s_=91?= =?windows-1252?q?Groundbreaking_Cryptanalytic_Capabilities=92=3F?= Message-ID: <44B891FF-CA08-4E43-AB80-2FD261028354@infowarrior.org> What Exactly Are the NSA?s ?Groundbreaking Cryptanalytic Capabilities?? ? By Bruce Schneier ? 09.04.13 http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-nsas-cryptanalytic-capabilities/all/1 The latest Snowden document is the US intelligence ?black budget.? There?s a lot of information in the few pages the Washington Post decided to publish, including an introduction by Director of National Intelligence James Clapper. In it, he drops a tantalizing hint: ?Also, we are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic.? Honestly, I?m skeptical. Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system. I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks. Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts. This isn?t the first time we?ve heard this rumor. In a WIRED article last year, longtime NSA-watcher James Bamford wrote: According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. We have no further information from Clapper, Snowden, or this other source of Bamford?s. But we can speculate. Perhaps the NSA has some new mathematics that breaks one or more of the popular encryption algorithms: AES, Twofish, Serpent, triple-DES, Serpent. It wouldn?t be the first time this happened. Back in the 1970s, the NSA knew of a cryptanalytic technique called ?differential cryptanalysis? that was unknown in the academic world. That technique broke a variety of other academic and commercial algorithms that we all thought secure. We learned better in the early 1990s, and now design algorithms to be resistant to that technique. It?s very probable that the NSA has newer techniques that remain undiscovered in academia. Even so, such techniques are unlikely to result in a practical attack that can break actual encrypted plaintext. The naive way to break an encryption algorithm is to brute-force the key. The complexity of that attack is 2n, where n is the key length. All cryptanalytic attacks can be viewed as shortcuts to that method. And since the efficacy of a brute-force attack is a direct function of key length, these attacks effectively shorten the key. So if, for example, the best attack against DES has a complexity of 239, that effectively shortens DES?s 56-bit key by 17 bits. That?s a really good attack, by the way. Right now the upper practical limit on brute force is somewhere under 80 bits. However, using that as a guide gives us some indication as to how good an attack has to be to break any of the modern algorithms. These days, encryption algorithms have, at a minimum, 128-bit keys. That means any NSA cryptoanalytic breakthrough has to reduce the effective key length by at least 48 bits in order to be practical. There?s more, though. That DES attack requires an impractical 70 terabytes of known plaintext encrypted with the key we?re trying to break. Other mathematical attacks require similar amounts of data. In order to be effective in decrypting actual operational traffic, the NSA needs an attack that can be executed with the known plaintext in a common MS-Word header: much, much less. So while the NSA certainly has symmetric cryptanalysis capabilities that we in the academic world do not, converting that into practical attacks on the sorts of data it is likely to encounter seems so impossible as to be fanciful. More likely is that the NSA has some mathematical breakthrough that affects one or more public-key algorithms. There are a lot of mathematical tricks involved in public-key cryptanalysis, and absolutely no theory that provides any limits on how powerful those tricks can be. Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily. If we think that?s the case, the fix is easy: increase the key lengths. Assuming the hypothetical NSA breakthroughs don?t totally break public-cryptography ? and that?s a very reasonable assumption ? it?s pretty easy to stay a few steps ahead of the NSA by using ever-longer keys. We?re already trying to phase out 1024-bit RSA keys in favor of 2048-bit keys. Perhaps we need to jump even further ahead and consider 3072-bit keys. And maybe we should be even more paranoid about elliptic curves and use key lengths above 500 bits. One last blue-sky possibility: a quantum computer. Quantum computers are still toys in the academic world, but have the theoretical ability to quickly break common public-key algorithms ? regardless of key length ? and to effectively halve the key length of any symmetric algorithm. I think it extraordinarily unlikely that the NSA has built a quantum computer capable of performing the magnitude of calculation necessary to do this, but it?s possible. The defense is easy, if annoying: stick with symmetric cryptography based on shared secrets, and use 256-bit keys. There?s a saying inside the NSA: ?Cryptanalysis always gets better. It never gets worse.? It?s naive to assume that, in 2013, we have discovered all the mathematical breakthroughs in cryptography that can ever be discovered. There?s a lot more out there, and there will be for centuries. And the NSA is in a privileged position: It can make use of everything discovered and openly published by the academic world, as well as everything discovered by it in secret. The NSA has a lot of people thinking about this problem full-time. According to the black budget summary, 35,000 people and $11 billion annually are part of the Department of Defense-wide Consolidated Cryptologic Program. Of that, 4 percent ? or $440 million ? goes to ?Research and Technology.? That?s an enormous amount of money; probably more than everyone else on the planet spends on cryptography research put together. I?m sure that leads to a lot of interesting ? and occasionally groundbreaking ? cryptanalytic research results, maybe some of it even practical. Still, I trust the mathematics. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 5 20:03:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Sep 2013 21:03:11 -0400 Subject: [Infowarrior] - =?windows-1252?q?NSA=92s_pipe_dream=3A_Weakening_?= =?windows-1252?q?crypto_will_only_help_the_=93good_guys=94?= Message-ID: NSA?s pipe dream: Weakening crypto will only help the ?good guys? Op-ed: Ruining the foundation of online trust? Just collateral damage to spooks. http://arstechnica.com/security/2013/09/nsas-pipe-dream-weakening-crypto-will-only-help-the-good-guys/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 6 09:20:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Sep 2013 10:20:52 -0400 Subject: [Infowarrior] - UK censorwall bans VPNs Message-ID: <6BFC1514-81B7-4C08-BD96-C26BE8CA673B@infowarrior.org> UK censorwall bans VPNs Cory Doctorow at 5:50 am Fri, Sep 6, 2013 http://boingboing.net/2013/09/06/uk-censorwall-bans-vpns.html UK mobile providers, including O2 and its reseller GiffGaff, are blocking commercial VPN providers that help to secure sensitive communications from criminals, hackers and government spies. In particular, O2/GiffGaff block IPREDator, my favorite VPN service. The carriers claim that because these services could be use to bypass their Internet censorship tools -- switched on by default, a regime that is coming soon to hardline Internet connections, thanks to demands from Prime Minister David Cameron -- they, too, must be blocked. The only way to stop Internet users from accessing "bad" websites is to spy on all their Internet traffic (you have to look at all their traffic in order to interdict the forbidden sites). So it follows that any censorship system must also ban any privacy/security tools. The UK is raising a generation of Internet users who are told that "security" requires them to make their sensitive, personal information available to anyone who is listening in on the network, because otherwise they might see sexually explicit material. Instead of teaching kids how to stay safe online, the official UK Internet safety policy requires them to be totally naked in all their online communications. Adults are allowed to opt out of the filter -- though some carriers make this hard, requiring them to present themselves in person with their passports in hand -- but that's beside the point. Having been told that the filter blocks "adult" content (though it fails miserably at this, by any definition of "adult"), how many parents will be willing to say, "No, I don't want this filter on my kids' phones?" --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Sep 7 18:11:37 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Sep 2013 19:11:37 -0400 Subject: [Infowarrior] - Healy: Don't Worry About Cyberattacks After a Syria Strike Message-ID: <76826159-AF3B-45CF-A2B6-A076E94F581A@infowarrior.org> Don't Worry About Cyberattacks After a Syria Strike By Jason Healey September 7, 2013 RSS Feed Print http://www.usnews.com/opinion/blogs/world-report/2013/09/07/dont-worry-about-cyber-retaliation-after-a-syria-strike Be assured, there will be headlines of cyberattacks against the United States and like-minded allies after a U.S. military strike against Syria. But it is nearly as certain that these attacks, like all of the patriotic hacking before them, will be strategically inconsequential. At worst, expect propaganda messages on hacked Web pages, some network outages and perhaps even some companies or organizations electronically disrupted. What is incredibly unlikely is the worst case scenarios which will gather so much attention from pundits and the press. There won't be any meaningful attack on U.S. infrastructure. Some military and government organizations might get embarrassed by intrusions or disruptions; these won't affect U.S. military power and ought not affect our political resolve. A few of the companies disrupted might be banks or hospitals. This doesn't make these attacks on our "critical infrastructure" as there won't be any systemic or long-lasting effects. No one will die and our gross domestic product won't be affected. To understand why this is true, it is worth looking back at the history of such cyberattacks. The first "hactivists" who used hacking for political purposes were British and Italian leftist groups in the early 1990s protesting policies they didn't like by conducting denial of service attacks against governments. A few years later, things became more international and tied to national security when Chinese hackers used similar tactics against Indonesian websites after their ethnic brethren were persecuted during the Asian financial crisis. This 'patriotic hacking' became the new normal during international crises. Russian and Chinese hackers were particular specialists, both getting their start during the Operation Allied Force air strikes against Serbia in 1999, and continuing through most every international crisis for each country since. Indian and Pakistani hackers have lately started the latest chapter in their 12-year history, while Israelis and Palestinian hackers go back nearly as far. The stateless Anonymous group has also of course been extremely active and has lashed out countless times for a wide range of issues, from political messages, to perceived slights or knocking the high and mighty down a peg. Through this 15-plus years of history, these kinds of attacks have caused continuous mischief and sometimes a particular company or other has been especially ravaged. But these have been tactical victories only: nonstate hacking (including hactivism) has hardly ever had any kind of strategically significant results, regardless of the preening claims of the hackers themselves. What is likely this time? If President Obama does decide to conduct a strike, the United States and like-minded allies should expect a great pickup in nuisance attacks especially from the Syrian Electronic Army. This shadowy group, which almost has close ties to the Assad regime, has targeted Western media and even briefly affected the financial markets with a tweet from a hacked AP account saying there had been two explosions at the White House. More recently, they attacked a website connected to the U.S. Marine Corps, asking those warriors to see the Syrian army as "brothers" in the fight against al-Qaida. There will be many more attacks to come, as this group seems well funded and extremely aggressive. These past attacks, though, highlight just how relatively feckless the Syrian Electronic Army really is, as the Marine-related website isn't even an official military website (which end in .gov) but a recruiting site (ending in .com) which had fewer defenses. There was no loss of military information and the site wasn't even hacked, just redirected to another site with their message. Just like the attacks on media websites, it was militarily and strategically useless, a propaganda play to get media attention. Iran has far more capability, but as a third-tier cyberpower, do not expect the Revolutionary Guard and its international proxies like Hezbollah, to escalate from their current modest-scale attacks, such as against U.S. finance companies. Significant cyberpower (or terrorism) in aid of their Syrian allies would probably only be unleashed in the extremely unlikely circumstance of the United States using strikes or an invasion to topple the Assad regime. The Chinese are likely to keep a low profile as the perceived honor of China itself is not directly affected, so the Communist Party won't have to again allow hacking to help blow off patriotic steam. President Putin of Russia, recently snubbed by President Obama, might choose to deliver a full diplomatic broadside with vitriolic statements in the press and attendant "go" signals to the Kremlin's captive youth and patriotic hacking groups. On the positive side, the Arab League has called for international measures against the Assad regime, so just as during operations against Libya, there fortunately won't be any significant hacking from its member states. Anonymous also should not, for now, be aggressive against Western nations over a use of force, as the group has already decided to attack Syrian targets itself . There is likely to be a cyberbarrage against any nation that decides to strike Syria to dissuade further use of chemical weapons. But when reading the attendant headlines of "cyberwar," remember that in the history of cyber conflict, there have been numerous cases of patriotic hackers making news; there have been no cases of them making any decisive impact. History cannot predict the future, but this time it's where the smart money should bet. Jason Healey is the director of the Cyber Statecraft Initiative at the Atlantic Council of the United States and the editor of the first military history of cyberspace, "A Fierce Domain: Cyber Conflict, 1986 to 2012." You can follow his comments on demystifying the overlap of cyber and national security on Twitter, @Jason_Healey. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 8 09:11:38 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Sep 2013 10:11:38 -0400 Subject: [Infowarrior] - Spiegel: NSA Can Spy on Smart Phone Data Message-ID: <382BC628-FA16-40B1-A1B9-5734C8AEC869@infowarrior.org> Privacy Scandal: NSA Can Spy on Smart Phone Data http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html SPIEGEL has learned from internal NSA documents that the US intelligence agency has the capability of tapping user data from the iPhone, devices using Android as well as BlackBerry, a system previously believed to be highly secure. The United States' National Security Agency intelligence-gathering operation is capable of accessing user data from smart phones from all leading manufacturers. Top secret NSA documents that SPIEGEL has seen explicitly note that the NSA can tap into such information on Apple iPhones, BlackBerry devices and Google's Android mobile operating system. The documents state that it is possible for the NSA to tap most sensitive data held on these smart phones, including contact lists, SMS traffic, notes and location information about where a user has been. The documents also indicate that the NSA has set up specific working groups to deal with each operating system, with the goal of gaining secret access to the data held on the phones. In the internal documents, experts boast about successful access to iPhone data in instances where the NSA is able to infiltrate the computer a person uses to sync their iPhone. Mini-programs, so-called "scripts," then enable additional access to at least 38 iPhone features. The documents suggest the intelligence specialists have also had similar success in hacking into BlackBerrys. A 2009 NSA document states that it can "see and read SMS traffic." It also notes there was a period in 2009 when the NSA was temporarily unable to access BlackBerry devices. After the Canadian company acquired another firm the same year, it changed the way in compresses its data. But in March 2010, the department responsible at Britain's GCHQ intelligence agency declared in a top secret document it had regained access to BlackBerry data and celebrated with the word, "champagne!" The documents also state that the NSA has succeeded in accessing the BlackBerry mail system, which is known to be very secure. This could mark a huge setback for the company, which has always claimed that its mail system is uncrackable. In response to questions from SPIEGEL, BlackBerry officials stated, "It is not for us to comment on media reports regarding alleged government surveillance of telecommunications traffic." The company said it had not programmed a "'back door' pipeline to our platform." The material viewed by SPIEGEL suggests that the spying on smart phones has not been a mass phenomenon. It has been targeted, in some cases in an individually tailored manner and without the knowledge of the smart phone companies. Visit SPIEGEL ONLINE International on Monday for the full article. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 8 09:42:56 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Sep 2013 10:42:56 -0400 Subject: [Infowarrior] - Doubts raised about independence of White House panel on NSA privacy Message-ID: <621A8B89-D563-4EAA-92B1-23ED3EF6B7A4@infowarrior.org> ? Posted on Saturday, September 7, 2013 Doubts raised about independence of White House panel on NSA privacy By Ali Watkins | McClatchy Washington Bureau http://www.mcclatchydc.com/2013/09/07/201463/doubts-raised-about-independence.html WASHINGTON ? President Barack Obama has announced the names of the five members of a task force to examine the National Security Agency?s controversial collection of Internet and cell phone records, but privacy and open government advocates say they don?t believe the panel is likely to be very critical of the NSA program. At the time Obama announced the panel?s creation Aug. 9, anger at the extent of the NSA collection efforts was at its height, and the president?s move was intend to calm growing congressional calls for curbs on the program. Obama said the panel would be made up of outside experts and would review the government?s use of its intelligence-gathering capabilities and whether it adhered to constitutional standards. ?The review group will assess whether, in light of advancements in communications technologies, the United States employs its technical collection capabilities in a manner that optimally protects our national security and advances our foreign policy while appropriately accounting for other policy considerations, such as the risk of unauthorized disclosure and our need to maintain the public trust,? a White House memorandum on the panel said. But advocates note that four of the five people named to the panel last week have long histories in government or in the intelligence community, and they said that made it unlikely the panel would be critical of the government?s practices when it completes its required final report, which is due on Dec. 15. Steven Aftergood, director of the Federation of American Scientists? project on Government Secrecy, said even the panel?s assignment misses the major concerns that have been expressed about the NSA programs, which had been kept largely secret from the public until their extent was leaked in June by fugitive former NSA contractor Edward Snowden. ?Basically, they?re saying, ?Well how can we optimize surveillance while taking privacy in to account?? Aftergood said. But what people really want to know is whether the NSA violates the law and the Constitution, he added. ?I?m not sure that that sense of urgency has been adequately communicated to the review board.? The administration?s announcement of the panel in August sparked controversy, when statements released by the White House suggested that Director of National Intelligence James Clapper would lead the inquiry. Obama later denied that Clapper would have a hand in the panel, which the president had insisted would be ?independent? of the administration. But although Clapper will not lead the review, four of the panel?s five members have direct ties to the executive branch and its intelligence gathering apparatus. Michael Morell is the former deputy director of the Central Intelligence Agency. Richard Clarke is the former national coordinator for security, infrastructure protection, and counter-terrorism and served as a counter-terrorism and security adviser in the administrations of presidents George H.W. Bush, Bill Clinton, and George W. Bush. Peter Swire served as chief privacy counsel for the Office of Management and Budget under President Clinton. Cass Sunstein, a law professor at Harvard University, is reportedly a close friend of the president and was formerly administrator of the White House Office of Information and Regulatory Affairs, which oversees the policies of executive agencies. The panel?s fifth member is Geoffrey Stone, a law professor at the University of Chicago and an expert conflicts between constitutional rights and national security. He joined the faculty of the law school in 1973, two years after he received his law degree. ?It?s notable that several members of the board have strong ties to the intelligence community or the administration,? said Jameel Jaffer, who directs the American Civil Liberties? Union?s Speech, Privacy & Technology Project. ?On the whole, it does seem a bit of a stretch to call this an independent board.? Aftergood said he shared that concern. Noting that the membership is dominated by ?former executive branch officials? he said he doubted that it ?represents the full spectrum of criticism and concern facing the program.? What role the intelligence community has in the panel?s work also remains a concern. Swire, who is now on the faculty of the Georgia Institute of Technology, was reached at a phone number listed on his website. But he declined a request for an interview and referred a reporter to Clapper?s press office. Still, Aftergood said, low expectations could offer an opportunity to the board?s five members. ?The panel itself may actually benefit from the low expectations it has inspired.,? he said. ?It now may be easier for the panel to do a better job than lots of people expect.? Even if the panel does identify necessary changes, Jaffer said, the panel has no clear authority to make those changes happen. ?What powers does this board have at the end of the day?? he said. ?This panel doesn?t have the power to oversee the government?s surveillance activities, it doesn?t have the power to narrow surveillance laws? even if the board were much more independent than it seems to be, there?s still this larger question of what function the board can actually serve.? Email: awatkins at mcclatchydc.com; Twitter: @alimariewatkins Read more here: http://www.mcclatchydc.com/2013/09/07/201463/doubts-raised-about-independence.html#storylink=cpy --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 8 10:02:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Sep 2013 11:02:28 -0400 Subject: [Infowarrior] - Internet experts want security revamp after NSA revelations Message-ID: <8F9A2CBC-99D0-4D0C-8F7B-7222C0F19479@infowarrior.org> Internet experts want security revamp after NSA revelations Joseph Menn 11 hours ago By Joseph Menn http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations-020838711--sector.html SAN FRANCISCO (Reuters) - Internet security experts are calling for a campaign to rewrite Web security in the wake of disclosures that the U.S. National Security Agency has developed the capability to break encryption protecting millions of sites. But they acknowledged the task won't be easy, in part because internet security has relied heavily on brilliant government scientists who now appear suspect to many. Leading technologists said they felt betrayed that the NSA, which has contributed to some important security standards, was trying to ensure they stayed weak enough that the agency could break them. Some said they were stunned that the government would value its monitoring ability so much that it was willing to reduce everyone's security. "We had the assumption that they could use their capacity to make weak standards, but that would make everyone in the U.S. insecure," said Johns Hopkins cryptography professor Matthew Green. "We thought they would never be crazy enough to shoot out the ground they were standing on, and now we're not so sure." The head of the volunteer group in charge of the Internet's fundamental technology rules told Reuters on Saturday that the panel will intensify its work to add encryption to basic Web traffic and to strengthen the so-called secure sockets layer, which guards banking, email and other pages beginning with Https. "This is one instance of the dangers that we face in the networked age," said Jari Arkko, an Ericsson scientist who chairs the Internet Engineering Task Force. "We have to respond to the new threats." Other experts likewise responded sharply to media reports based on documents from former NSA contractor Edward Snowden showing the NSA has manipulated standards. Documents provided to The Guardian, the New York Times and others by Snowden and published on Thursday show that the agency worked to insert vulnerabilities in commercial encryption gear, covertly influence other designs to allow for future entry, and weaken industry-wide standards to the agency's benefit. In combination with other techniques, those efforts led the NSA to claim internally that it had the ability to access many forms of internet traffic that had been widely believed to be secure, including at least some virtual private networks, which set up secure tunnels on the Internet, and the broad security level of the secure sockets layer Web, used for online banking and the like. The office of the Director of National Intelligence said Friday that the NSA "would not be doing its job" if it did not try to counter the use of encryption by such adversaries as "terrorists, cybercriminals, human traffickers and others." Green and others said a great number of security protocols needed to be written "from scratch" without government help. Vint Cerf, author of the some of the core internet protocols, said that he didn't know whether the NSA had truly wreaked much damage, underscoring the uncertainty in the new reports about what use the NSA has made of its abilities. "There has long been a tension between the mission to conduct surveillance and the mission to protect communication, and that tension resolved some time ago in favor of protection at least for American communications," Cerf said. Yet Cerf's employer Google Inc confirmed it is racing to encrypt data flowing between its data centers, a process that was ramped up after Snowden's documents began coming to light in June. Author Bruce Schneier, one of the most admired figures in modern cryptography, wrote in a Guardian column that the NSA "has undermined a fundamental social contract" and that engineers elsewhere had a "moral duty" to take back the Internet. RELYING ON NSA FOR HELP But all those interviewed warned that rewriting Web security would be extremely difficult. Mike Belshe, a former Google engineer who has spearheaded the IETF drive to encrypt regular Web traffic, said that his plan had been "watered down" in the committee process during the past few years as some companies looked after their own interests more than users. Another problem is the relatively small number of mathematical experts working outside the NSA. "A lot of our foundational technologies for securing the Net have come through the government," said researcher Dan Kaminsky, famed for finding a critical flaw in the way users are steered to the website they seek. "They have the best minds in the country, but their advice is now suspect." Finally, governments around the world, including democracies, are asserting more authority over the Internet, in some cases forbidding the use of virtual private networks. "As much as I want to say this is a technology problem we can address, if the nation states decide security isn't something we're allowed to have, then we're in trouble," Kaminsky said. "If security is outlawed, only outlaws will have security." (Editing by Peter Henderson and Eric Walsh) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 8 17:45:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Sep 2013 18:45:40 -0400 Subject: [Infowarrior] - WH had restrictions on NSA reversed in 2011 Message-ID: <93940C64-DE94-4663-9B04-D63D40F01426@infowarrior.org> Obama administration had restrictions on NSA reversed in 2011 By Ellen Nakashima http://www.washingtonpost.com/world/national-security/obama-administration-had-restrictions-on-nsa-reversed-in-2011/2013/09/07/c26ef658-0fe5-11e3-85b6-d27422650fd5_print.html The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency?s use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans? communications in its massive databases, according to interviews with government officials and recently declassified material. In addition, the court extended the length of time that the NSA is allowed to retain intercepted U.S. communications from five years to six years ? and more under special circumstances, according to the documents, which include a recently released 2011 opinion by U.S. District Judge John D. Bates, then chief judge of the Foreign Intelligence Surveillance Court. What had not been previously acknowledged is that the court in 2008 imposed an explicit ban ? at the government?s request ? on those kinds of searches, that officials in 2011 got the court to lift the bar and that the search authority has been used. Together the permission to search and to keep data longer expanded the NSA?s authority in significant ways without public debate or any specific authority from Congress. The administration?s assurances rely on legalistic definitions of the term ?target? that can be at odds with ordinary English usage. The enlarged authority is part of a fundamental shift in the government?s approach to surveillance: collecting first, and protecting Americans? privacy later. ?The government says, ?We?re not targeting U.S. persons,? ? said Gregory T. Nojeim, senior counsel at the Center for Democracy and Technology. ?But then they never say, ?We turn around and deliberately search for Americans? records in what we took from the wire.? That, to me, is not so different from targeting Americans at the outset.? The court decision allowed the NSA ?to query the vast majority? of its e-mail and phone call databases using the e-mail addresses and phone numbers of Americans and legal residents without a warrant, according to Bates?s opinion. The queries must be ?reasonably likely to yield foreign intelligence information.? And the results are subject to the NSA?s privacy rules. The court in 2008 imposed a wholesale ban on such searches at the government?s request, said Alex Joel, civil liberties protection officer at the Office of the Director of National Intelligence (ODNI). The government included this restriction ?to remain consistent with NSA policies and procedures that NSA applied to other authorized collection activities,? he said. But in 2011, to more rapidly and effectively identify relevant foreign intelligence communications, ?we did ask the court? to lift the ban, ODNI general counsel Robert S. Litt said in an interview. ?We wanted to be able to do it,? he said, referring to the searching of Americans? communications without a warrant. Joel gave hypothetical examples of why the authority was needed, such as when the NSA learns of a rapidly developing terrorist plot and suspects that a U.S. person may be a conspirator. Searching for communications to, from or about that person can help assess that person?s involvement and whether he is in touch with terrorists who are surveillance targets, he said. Officials would not say how many searches have been conducted. The court?s expansion of authority went largely unnoticed when the opinion was released, but it formed the basis for cryptic warnings last year by a pair of Democratic senators, Ron Wyden (Ore.) and Mark Udall (Colo.), that the administration had a ?back-door search loophole? that enabled the NSA to scour intercepted communications for those of Americans. They introduced legislation to require a warrant, but they were barred by classification rules from disclosing the court?s authorization or whether the NSA was already conducting such searches. ?The [surveillance] Court documents declassified recently show that in late 2011 the court authorized the NSA to conduct warrantless searches of individual Americans? communications using an authority intended to target only foreigners,? Wyden said in a statement to The Washington Post. ?Our intelligence agencies need the authority to target the communications of foreigners, but for government agencies to deliberately read the e-mails or listen to the phone calls of individual Americans, the Constitution requires a warrant.? Senior administration officials disagree. ?If we?re validly targeting foreigners and we happen to collect communications of Americans, we don?t have to close our eyes to that,? Litt said. ?I?m not aware of other situations where once we have lawfully collected information, we have to go back and get a warrant to look at the information we?ve already collected.? The searches take place under a surveillance program Congress authorized in 2008 under Section 702 of the Foreign Intelligence Surveillance Act. Under that law, the target must be a foreigner ?reasonably believed? to be outside the United States, and the court must approve the targeting procedures in an order good for one year. But ? and this was the nub of the criticism ? a warrant for each target would no longer be required. That means that communications with Americans could be picked up without a court first determining that there is probable cause that the people they were talking to were terrorists, spies or ?foreign powers.? That is why it is important to require a warrant before searching for Americans? data, Udall said. ?Our founders laid out a roadmap where Americans? privacy rights are protected before their communications are seized or searched ? not after the fact,? he said in a statement to The Post. Another change approved by Bates allows the agency to keep the e-mails of or concerning Americans for up to six years, with an extension possible for foreign intelligence or counterintelligence purposes. Because the retention period begins ?from the expiration date? of the one-year surveillance period, the court effectively added up to one year of shelf life for the e-mails collected at the beginning of the period. Joel said that the change was intended to standardize retention periods across the agencies and that the more generous standard was ?already in use? by another agency. The NSA intercepts more than 250 million Internet communications each year under Section 702. Ninety-one percent are from U.S. Internet companies such as Google and Yahoo. The rest come from ?upstream? companies that route Internet traffic to, from and within the United States. The expanded search authority applies only to the downstream collection. Barton Gellman contributed to this report. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 9 06:47:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Sep 2013 07:47:57 -0400 Subject: [Infowarrior] - FP: Cowboy of the NSA: Keith Alexander Message-ID: <08E7558A-D9F5-4BD5-9D26-3EA3610C37D8@infowarrior.org> 9 September 2013 The Cowboy of the NSA Keith Alexander http://www.foreignpolicy.com/articles/2013/09/08/the_cowboy_of_the_nsa_keith_alexander Foreign Policy Magazine The Cowboy of the NSA Inside Gen. Keith Alexander's all-out, barely-legal drive to build the ultimate spy machine. < - BIG SNIP - > http://cryptome.org/2013/09/nsa-cowboy.htm --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 9 06:48:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Sep 2013 07:48:39 -0400 Subject: [Infowarrior] - NSA Spies on Brazil Oil Giant Petrobras Message-ID: (Which sort of runs contrary to DNI Clapper's statements about how the US doesn't "do" economic espionage like China does against the US, yes? --rick) NSA Spies on Brazil Oil Giant Petrobras http://leaksource.wordpress.com/2013/09/09/economic-espionage-nsa-spies-on-brazil-oil-giant-petrobras/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 9 06:48:45 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Sep 2013 07:48:45 -0400 Subject: [Infowarrior] - U.S. Admits No Imminent Threat from Syria, No Clear Evidence Assad Ordered Chemical Weapons Attack Message-ID: <97C84CC4-DD33-4E50-AF0E-3A9FC1E6CEEF@infowarrior.org> U.S. Admits No Imminent Threat from Syria, No Clear Evidence Assad Ordered Chemical Weapons Attack http://www.zerohedge.com/contributed/2013-09-09/us-admits-no-imminent-threat-syria-no-clear-evidence-assad-ordered-chemical-w --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 9 13:50:22 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Sep 2013 14:50:22 -0400 Subject: [Infowarrior] - IEEE Letter: Security and Pervasive Monitoring Message-ID: Security and Pervasive Monitoring http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/ The Internet community and the IETF care deeply about how much we can trust commonly used Internet services and the protocols that these services use. So the reports about large-scale monitoring of Internet traffic and users disturbs us greatly. We knew of interception of targeted individuals and other monitoring activities, but the scale of recently reported monitoring is surprising. Such scale was not envisaged during the design of many Internet protocols, but we are considering the consequence of these kinds of attacks. Of course, it is hard to know for sure from current reports what attack techniques may be in use. As such, it is not so easy to comment on the specifics from an IETF perspective. Still, the IETF has some long standing general principles that we can talk about, and we can also talk about some of the actions we are taking. In 1996, RFC 1984 articulated the view that encryption is an important tool to protect privacy of communications, and that as such it should be encouraged and available to all. In 2002, we decided that IETF standard protocols must include appropriate strong security mechanisms, and established this doctrine as a best current practice, documented in RFC 3365. Earlier, in 2000 the IETF decided not to consider requirements for wiretapping when creating and maintaining IETF standards, for reasons stated in RFC 2804. Note that IETF participants exist with positions at all points of the privacy/surveillance continuum, as seen in the discussions that lead to RFC 2804. As privacy has become increasingly important, the Internet Architecture Board (IAB) developed guidance for handling privacy considerations in protocol specifications, and documented that in RFC 6973. And there are ongoing developments in security and privacy happening within the IETF all the time, for example work has just started on version 1.3 of the Transport Layer Security (TLS, RFC 5246) protocol which aims to provide better confidentiality during the early phases of the cryptographic handshake that underlies much secure Internet traffic. Recent days have also seen an extended and welcome discussion triggered by calls for the IETF to build better protections against wide-spread monitoring. As that discussion makes clear, IETF participants want to build secure and deployable systems for all Internet users. Indeed, addressing security and new vulnerabilities has been a topic in the IETF for as long as the organisation has existed. Technology alone is, however, not the only factor. Operational practices, laws, and other similar factors also matter. First of all, existing IETF security technologies, if used more widely, can definitely help. But technical issues outside the IETF?s control, for example endpoint security, or the properties of specific products or implementations also affect the end result in major ways. So at the end of the day, no amount of communication security helps you if you do not trust the party you are communicating with or the devices you are using. Nonetheless, we?re confident the IETF can and will do more to make our protocols work more securely and offer better privacy features that can be used by implementations of all kinds. So with the understanding of limitations of technology-only solutions, the IETF is continuing its mission to improve security in the Internet. The recent revelations provide additional motivation for doing this, as well as highlighting the need to consider new threat models. We should seize this opportunity to take a hard look at what we can do better. Again, it is important to understand the limitations of technology alone. But here are some examples of things that are already ongoing: ? We?re having a discussion as part of the development of HTTP/2.0 as to how to make more and better use of TLS, for example to perhaps enable clients to require the use of security and not just have to react to the HTTP or HTTPS URLs chosen by servers. ? We?re having discussions as to how to handle the potentially new threat model demonstrated by the recent revelations so that future protocol designs can take into account potential pervasive monitoring as a known threat model. ? We?re considering ways in which better use can be made of existing protocol features, for example, better guidance as to how to deploy TLS with Perfect Forward Secrecy, which makes applications running over TLS more robust if server private keys later leak out. ? We?re constantly updating specifications to deprecate older, weaker cryptographic algorithms and allocate code points for currently strong algorithm choices so those can be used with Internet protocols. And we are confident that discussions on this topic will motivate IETF participants to do more work on these and further related topics. But don?t think about all this just in terms of the recent revelations. The security and privacy of the Internet in general is still a challenge even ignoring pervasive monitoring, and if there are improvements from the above, those will be generally useful for many reasons and for many years to come. Perhaps this year?s discussions is a way to motivate the world to move from ?by default insecure? communications to ?by default secure?. Publicity and motivation are important, too. There is plenty to do for all of us, from users enabling additional security tools to implementors ensuring that their products are secure. In the Vancouver IETF meeting, there will be time dedicated to discuss this, and we ask that those interested in working on this topic contribute to the analysis and develop proposals in this area. Those contributions are very welcome and can start now and continue in Vancouver and beyond. Relevant mailing lists (from most specific to most general) include: ? The perpass mailing list (perpass at ietf.org), recently set up to consider how the IETF ought react to pervasive monitoring ? The ietf security area mailing list (saag at ietf.org), for general security topics ? The ietf main mailing list (ietf at ietf.org), for general discussion Jari Arkko, Chair of the IETF and Stephen Farrell, IETF Security Area Director --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 9 13:50:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Sep 2013 14:50:28 -0400 Subject: [Infowarrior] - Dvorak: Are Americans Now the Enemy? Message-ID: <0DD06C3B-4CC0-4C4E-818A-7C314224F668@infowarrior.org> John C. Dvorak on NSA Spying: Are Americans Now the Enemy? Author: John C. Dvorak aNewDomain.net commentary ? The latest revelations regarding the NSA snoops were not totally unexpected. A backdoor to Windows? Everyone knew there was one. People just needed confirmation. Cracking codes? Well, it was always assumed that is what the National Security Administration (NSA) was supposed to do. But the NSA showing an apparent deep hatred and resentment of the American public as a whole? That is not only a surprise. It?s inexcusable. And perverse. What I?m referring to here is the NSA?s use of the word ?adversaries? to describe people and institutions who use any sort of encryption to protect information that is important to them. This includes banking records, other financial records, medical records, private discussions, chat and more. All done by law-abiding Americans. < -- > http://anewdomain.net/2013/09/06/john-c-dvorak-nsa-spying-americans-now-enemy/ From rforno at infowarrior.org Mon Sep 9 20:37:54 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Sep 2013 21:37:54 -0400 Subject: [Infowarrior] - New Details in How the Feds Take Laptops at Border Message-ID: New Details in How the Feds Take Laptops at Border By THE ASSOCIATED PRESS Published: September 9, 2013 at 9:03 PM ET http://www.nytimes.com/aponline/2013/09/09/us/politics/ap-us-border-computer-searches.html WASHINGTON ? Newly disclosed U.S. government files provide an inside look at the Homeland Security Department's practice of seizing and searching electronic devices at the border without showing reasonable suspicion of a crime or getting a judge's approval. The documents published Monday describe the case of David House, a young computer programmer in Boston who had befriended Army Pvt. Chelsea Manning, the soldier convicted of giving classified documents to WikiLeaks. U.S. agents quietly waited for months for House to leave the country then seized his laptop, thumb drive, digital camera and cellphone when he re-entered the United States. They held his laptop for weeks before returning it, acknowledging one year later that House had committed no crime and promising to destroy copies the government made of House's personal data. The government turned over the federal records to House as part of a legal settlement agreement after a two-year court battle with the American Civil Liberties Union, which had sued the government on House's behalf. The ACLU said the records suggest that federal investigators are using border crossings to investigate U.S. citizens in ways that would otherwise violate the Fourth Amendment. The Homeland Security Department declined to discuss the case. House said he was 22 when he first met Manning, who now is serving a 35-year sentence for one of the biggest intelligence leaks in U.S. history. It was a brief, uneventful encounter at a January 2010 computer science event. But when Manning was arrested later that June, that nearly forgotten handshake came to mind. House, another tech enthusiast, considered Manning a bright, young, tech-savvy person who was trying to stand up to the U.S. government and expose what he believed were wrongheaded politics. House volunteered with friends to set up an advocacy group they called the Bradley Manning Support Network, and he went to prison to visit Manning, formerly known as Bradley Manning. It was that summer that House quietly landed on a government watchlist used by immigrations and customs agents at the border. His file noted that the government was on the lookout for a second batch of classified documents Manning had reportedly shared with the group WikiLeaks but hadn't made public yet. Border agents were told that House was "wanted for questioning" regarding the "leak of classified material." They were given explicit instructions: If House attempted to cross the U.S. border, "secure digital media," and "ID all companions." But if House had been wanted for questioning, why hadn't federal agents gone back to his home in Boston? House said the Army, State Department and FBI had already interviewed him. Instead, investigators monitored passenger flight records and waited for House to leave the country that November for a Mexico vacation with his girlfriend. When he returned, two agents were waiting for him, including one who specialized in computer forensics. They seized House's laptop and detained his computer for seven weeks, giving the government enough time to try to copy every file and key stroke House had made since declaring himself a Manning supporter. President Barack Obama and his predecessors have maintained that people crossing into U.S. territory aren't protected by the Fourth Amendment. That policy is intended to allow for intrusive searches that keep drugs, child pornography and other illegal imports out of the country. But it also means the government can target travelers for no reason other than political advocacy if it wants, and obtain electronic documents identifying fellow supporters. House and the ACLU are hoping his case will draw attention to the issue, and show how searching a suitcase is different than searching a computer. "It was pretty clear to me I was being targeted for my visits to Manning (in prison) and my support for him," said House, in an interview last week. How Americans end up getting their laptops searched at the border still isn't entirely clear. Page 2 of 2 (Page 2 of 2) The Homeland Security Department said it should be able to act on a hunch if someone seems suspicious. But agents also rely on a massive government-wide system called TECS, named after its predecessor the Treasury Enforcement Communications System. Federal agencies, including the FBI and IRS, as well as Interpol, can feed TECS with information and flag travelers' files. In one case that reached a federal appeals court, Howard Cotterman wound up in the TECS system because a 1992 child sex conviction. That "hit" encouraged border patrol agents to detain his computer, which was found to contain child pornography. Cotterman's case ended up before the 9th Circuit Court of Appeals, which ruled this spring that the government should have reasonable suspicion before conducting a comprehensive search of an electronic device; but that ruling only applies to states that fall under that court's jurisdiction, and left questions about what constitutes a comprehensive search. In the case of House, he showed up in TECS in July 2010, about the same time he was helping to establish the Bradley Manning Support Network. His TECS file, released as part of his settlement agreement, was the document that told border agents House was wanted in the questioning of the leak of classified material. It wasn't until late October, though, that investigators noticed House's passport number in an airline reservation system for travel to Los Cabos. When he returned to Chicago O'Hare airport, the agents waiting for him took House's laptop, thumb drive, digital camera and cellphone. He was questioned about his affiliation with Manning and his visits to Manning in prison. The agents eventually let him go and returned his cell phone. But the other items were detained and taken to an ICE field office in Manhattan. Seven weeks after the incident, House faxed a letter to immigration authorities asking that the devices be returned. They were sent to him the next day, via Federal Express. By then agents had already created an "image" of his laptop, according to the documents. Because House had refused to give the agents his password and apparently had configured his computer in such a way that appeared to stump computer forensics experts, it wasn't until June 2011 that investigators were satisfied that House's computer didn't contain anything illegal. By then, they had already sent a second image of his hard drive to Army criminal investigators familiar with the Manning case. In August 2011, the Army agreed that House's laptop was clean and promised to destroy any files from House's computer. Catherine Crump, an ACLU lawyer who represented House, said she doesn't understand why Congress or the White House are leaving the debate up to the courts. "Ultimately, the Supreme Court will need to address this question because unfortunately neither of the other two branches of government appear motivated to do so," said Crump. House, an Alabama native, said he didn't ask for any money as part of his settlement agreement and that his primary concern was ensuring that a document containing the names of Manning Support Network donors didn't wind up in a permanent government file. The court order required the destruction of all his files, which House said satisfied him. He is writing a book about his experiences and his hope to create a youth-based political organization. House said he severed ties with the Support Network last year after becoming disillusioned with Manning and WikiLeaks, which he said appeared more focused on destroying America and ruining lives than challenging policy. "That era was a strange time," House said. "I'm hoping we can get our country to go in a better direction." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 10 06:16:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Sep 2013 07:16:57 -0400 Subject: [Infowarrior] - correction......Re: IEEE Letter: Security and Pervasive Monitoring In-Reply-To: References: Message-ID: Correction to the subject line: the letter is from IETF, not IEEE. (h/t Ferg) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. On Sep 9, 2013, at 2:50 PM, Richard Forno wrote: > Security and Pervasive Monitoring > > http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/ > > The Internet community and the IETF care deeply about how much we can trust commonly used Internet services and the protocols that these services use. So the reports about large-scale monitoring of Internet traffic and users disturbs us greatly. We knew of interception of targeted individuals and other monitoring activities, but the scale of recently reported monitoring is surprising. Such scale was not envisaged during the design of many Internet protocols, but we are considering the consequence of these kinds of attacks. > > Of course, it is hard to know for sure from current reports what attack techniques may be in use. As such, it is not so easy to comment on the specifics from an IETF perspective. Still, the IETF has some long standing general principles that we can talk about, and we can also talk about some of the actions we are taking. > > In 1996, RFC 1984 articulated the view that encryption is an important tool to protect privacy of communications, and that as such it should be encouraged and available to all. In 2002, we decided that IETF standard protocols must include appropriate strong security mechanisms, and established this doctrine as a best current practice, documented in RFC 3365. Earlier, in 2000 the IETF decided not to consider requirements for wiretapping when creating and maintaining IETF standards, for reasons stated in RFC 2804. Note that IETF participants exist with positions at all points of the privacy/surveillance continuum, as seen in the discussions that lead to RFC 2804. > > As privacy has become increasingly important, the Internet Architecture Board (IAB) developed guidance for handling privacy considerations in protocol specifications, and documented that in RFC 6973. And there are ongoing developments in security and privacy happening within the IETF all the time, for example work has just started on version 1.3 of the Transport Layer Security (TLS, RFC 5246) protocol which aims to provide better confidentiality during the early phases of the cryptographic handshake that underlies much secure Internet traffic. > > Recent days have also seen an extended and welcome discussion triggered by calls for the IETF to build better protections against wide-spread monitoring. > > As that discussion makes clear, IETF participants want to build secure and deployable systems for all Internet users. Indeed, addressing security and new vulnerabilities has been a topic in the IETF for as long as the organisation has existed. Technology alone is, however, not the only factor. Operational practices, laws, and other similar factors also matter. First of all, existing IETF security technologies, if used more widely, can definitely help. But technical issues outside the IETF?s control, for example endpoint security, or the properties of specific products or implementations also affect the end result in major ways. So at the end of the day, no amount of communication security helps you if you do not trust the party you are communicating with or the devices you are using. Nonetheless, we?re confident the IETF can and will do more to make our protocols work more securely and offer better privacy features that can be used by implementations of all kinds. > > So with the understanding of limitations of technology-only solutions, the IETF is continuing its mission to improve security in the Internet. The recent revelations provide additional motivation for doing this, as well as highlighting the need to consider new threat models. > > We should seize this opportunity to take a hard look at what we can do better. Again, it is important to understand the limitations of technology alone. But here are some examples of things that are already ongoing: > > ? We?re having a discussion as part of the development of HTTP/2.0 as to how to make more and better use of TLS, for example to perhaps enable clients to require the use of security and not just have to react to the HTTP or HTTPS URLs chosen by servers. > ? We?re having discussions as to how to handle the potentially new threat model demonstrated by the recent revelations so that future protocol designs can take into account potential pervasive monitoring as a known threat model. > ? We?re considering ways in which better use can be made of existing protocol features, for example, better guidance as to how to deploy TLS with Perfect Forward Secrecy, which makes applications running over TLS more robust if server private keys later leak out. > ? We?re constantly updating specifications to deprecate older, weaker cryptographic algorithms and allocate code points for currently strong algorithm choices so those can be used with Internet protocols. > > And we are confident that discussions on this topic will motivate IETF participants to do more work on these and further related topics. > > But don?t think about all this just in terms of the recent revelations. The security and privacy of the Internet in general is still a challenge even ignoring pervasive monitoring, and if there are improvements from the above, those will be generally useful for many reasons and for many years to come. Perhaps this year?s discussions is a way to motivate the world to move from ?by default insecure? communications to ?by default secure?. Publicity and motivation are important, too. There is plenty to do for all of us, from users enabling additional security tools to implementors ensuring that their products are secure. > > In the Vancouver IETF meeting, there will be time dedicated to discuss this, and we ask that those interested in working on this topic contribute to the analysis and develop proposals in this area. Those contributions are very welcome and can start now and continue in Vancouver and beyond. > > Relevant mailing lists (from most specific to most general) include: > > ? The perpass mailing list (perpass at ietf.org), recently set up to consider how the IETF ought react to pervasive monitoring > ? The ietf security area mailing list (saag at ietf.org), for general security topics > ? The ietf main mailing list (ietf at ietf.org), for general discussion > > > Jari Arkko, Chair of the IETF and Stephen Farrell, IETF Security Area > Director > > > --- > Just because i'm near the punchbowl doesn't mean I'm also drinking from it. > From rforno at infowarrior.org Tue Sep 10 15:52:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Sep 2013 16:52:25 -0400 Subject: [Infowarrior] - CA School District Announces 24x7 Monitoring Of Its 13, 000 Students' Social Media Activities Message-ID: <3DEFCE78-AB7A-4DBF-8C06-48DE65473305@infowarrior.org> CA School District Announces It's Doing Round-The-Clock Monitoring Of Its 13,000 Students' Social Media Activities from the incarcerating-13,000-students-would-make-them-'safer' dept The Glendale School District in California is facing some backlash from the recent news that it has retained the services of Geo Listening to track its students' social media activity. The rationale behind the program is (of course) the students' safety.' < - > http://www.techdirt.com/articles/20130902/13154624384/ca-school-district-announces-its-doing-round-the-clock-monitoring-its-13000-students-social-media-activities.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 10 15:52:34 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Sep 2013 16:52:34 -0400 Subject: [Infowarrior] - FLYING PIG: NSA's MITM Attacks Imitating Google's Servers Message-ID: <5F8A0C5C-9809-409D-BAF8-27ECA93E8AB2@infowarrior.org> FLYING PIG: The NSA Is Running Man In The Middle Attacks Imitating Google's Servers from the doubtful-that-google-is-happy-about-that dept http://www.techdirt.com/articles/20130910/10470024468/flying-pig-nsa-is-running-man-middle-attacks-imitating-googles-servers.shtml Glyn mentioned this in his post yesterday about the NSA leaks showing direct economic espionage, but with so many other important points in that story, it got a little buried. One of the key revelations was about a program called "FLYING PIG" which is the first time I can recall it being clearly stated that the NSA has been running man-in-the-middle attacks on internet services like Google. This slide makes it quite clear that the NSA impersonates Google servers: There have been rumors of the NSA and others using those kinds of MITM attacks, but to have it confirmed that they're doing them against the likes of Google, Yahoo and Microsoft is a big deal -- and something I would imagine does not make any of those three companies particularly happy. in some cases GCHQ and the NSA appear to have taken a more aggressive and controversial route?on at least one occasion bypassing the need to approach Google directly by performing a man-in-the-middle attack to impersonate Google security certificates. One document published by Fantastico, apparently taken from an NSA presentation that also contains some GCHQ slides, describes ?how the attack was done? to apparently snoop on SSL traffic. The document illustrates with a diagram how one of the agencies appears to have hacked into a target?s Internet router and covertly redirected targeted Google traffic using a fake security certificate so it could intercept the information in unencrypted format. Documents from GCHQ?s ?network exploitation? unit show that it operates a program called ?FLYING PIG? that was started up in response to an increasing use of SSL encryption by email providers like Yahoo, Google, and Hotmail. The FLYING PIG system appears to allow it to identify information related to use of the anonymity browser Tor (it has the option to query ?Tor events?) and also allows spies to collect information about specific SSL encryption certificates. While some may not be surprised by this, it's yet more confirmation as to how far the NSA is going and how the tech companies aren't always "willing participants" in the NSA's efforts here. Of course, the real question now is how the NSA is impersonating the security certificates to make these attacks work. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 10 15:52:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Sep 2013 16:52:42 -0400 Subject: [Infowarrior] - Johns Hopkins dean apologises for ordering NSA-related blog removed Message-ID: <83FE2B3E-961A-4303-9E6E-29224E258930@infowarrior.org> Johns Hopkins dean apologises for ordering NSA-related blog removed 'Inadequate information' led a dean to take down a professor's post, an act that caused a row over academic freedoms ? Adam Gabbatt in New York ? theguardian.com, Tuesday 10 September 2013 16.44 EDT http://www.theguardian.com/world/2013/sep/10/johns-hopkins-dean-apologises-for-blog A Johns Hopkins University dean has apologised and insisted he is "supportive of academic freedom" after ordering a cryptography professor to take down a blog post which criticised the National Security Agency. Matthew Green, an assistant research professor in JHU's department of computer science, was asked to remove a blog post from the university's servers on Monday. The entry linked to classified government documents published by the Guardian, the New York Times and ProPublica and summarised what Green called "bombshell revelations" of how the NSA is able to unlock encryption used to protect emails and other data. JHU found itself criticised for abusing academic freedom after Andrew Douglas, who has served as interim dean of the university's engineering school since July, asked Green to remove the post from the university's servers. The article, which featured screengrabs of NSA documents and the NSA's logo, had been posted to Green's personal blog but also appeared on a mirror blog on JHU's website. "I am sorry that my request to you yesterday may have, in some minds, undeservedly undercut your reputation as a scholar and scientist. I am also sorry if I have raised in anyone's mind a question as to my commitment to academic freedom," Douglas wrote in a message to Green that was made public on Tuesday. The demand to remove the NSA post caused an uproar after Green tweeted about it on Monday. "I received a request from my Dean this morning asking me to remove all copies of my NSA blog post from University servers," he posted. Green said the demand was "not my dean's fault" but said he had been told the request came from someone at JHU's Applied Physics Laboratory in a series of Twitter posts collated here: "So listen, I'm trying not to talk about this much because anything I say will make it worse. What I've been told is that someone on the APL side of JHU discovered my blog post and determined that it was hosting/linking to classified documents. This requires a human since I don't believe there's any automated scanner for this process. It's not clear to me whether this request originated at APL or if it came from elsewhere. All I know is that I received an email this morning from the interim dean of the engineering school asking me to take down the post and to desist from using the NSA logo. He also suggested I should seek counsel if I continued. In any case I made it clear that I would not shut down my non-JHU blog, but I did shut down a JHU-hosted mirror. I also removed the NSA logo. I did not remove any links or photos of NOW PUBLIC formerly classified material, because that would just be stupid. I'm baffled by this entire thing. I hope to never receive an email like that again and I certainly believe JHU (APL) is on the wrong side of common sense and academic freedom, regardless of their obligations under the law. That said, I have no desire to cause trouble for any of the very good people at JHU so I'll keep my posts off JHU property. I have no idea if this was serious or a tempest in a teapot." JHU was criticised for the request, with media critic Jay Rosen, among others, pointing out that the Applied Physics Laboratory has close ties to the NSA. A spokesman for JHU confirmed to ProPublica on Tuesday that it was someone at the APL who had drawn attention to the post. "A message was sent from a staff member at APL to a staff member at the Homewood campus calling attention to the post," said spokesman Dennis O'Shea. "That message may have been understood as a request for action, though I am told it was intended only as an FYI. The Homewood staff member called the post to the attention of the dean. The dean wrote to Professor Green, and you know the rest." In his letter to Green, Douglas said he had "acted too quickly, on the basis of inadequate and ? as it turns out ? incorrect information". "I requested that you take down the post without adequately checking that information and without first providing you with an opportunity to correct it." He added: "I hope that you understand that my motivation ? again, based on inadequate information ? was to protect the university and you from legal consequences." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 10 15:58:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Sep 2013 16:58:14 -0400 Subject: [Infowarrior] - Stanford Law Review: Privacy and Big Data: Making Ends Meet Message-ID: <8C1858F1-A172-465E-BA0A-400FB0F24743@infowarrior.org> Privacy and Big Data: Making Ends Meet Although the solutions to many modern economic and societal challenges may be found in better understanding data, the dramatic increase in the amount and variety of data collection poses serious concerns about infringements on privacy. In our 2013 Symposium Issue, experts weigh in on these important questions at the intersection of big data and privacy. (it was a great workshop today in DC, I must say! --rick) Papers @ http://www.stanfordlawreview.org/online/privacy-and-big-data --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 10 16:32:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Sep 2013 17:32:39 -0400 Subject: [Infowarrior] - NSA Phone Records Spying Violated Court Rules for Years Message-ID: <01A447B0-86CA-45D0-A829-B4BE332CF43F@infowarrior.org> NSA Phone Records Spying Violated Court Rules for Years By Chris Strohm - Sep 10, 2013 http://www.bloomberg.com/news/print/2013-09-10/nsa-phone-records-spying-violated-court-rules-for-years.html The National Security Agency for about three years violated restrictions on checking U.S. telephone records for surveillance and misled judges on how the data was used, intelligence officials said. The agency on a daily basis improperly checked a select list of phone numbers against databases containing millions of call records, without meeting the necessary standard, according to documents released by the Office of the Director of National Intelligence to privacy groups today in response to lawsuits. The violations occurred between May 2006 and January 2009 and involved checks on as many as 16,000 phone numbers, including some based in the U.S., said two senior intelligence officials with direct knowledge of how the program operated. They asked not to be identified in order to speak about sensitive matters. The new disclosures add to evidence that U.S. intelligence agencies have violated legal and administrative restrictions on domestic spying. Lawmakers are considering new restraints on intelligence gathering programs. ?I think it?s pretty damning,? said Trevor Timm, a digital rights analyst with the San Francisco-based Electronic Frontier Foundation, one of the groups that sued the NSA. ?This shows a larger pattern that a lot of times the NSA doesn?t alert the court to serious privacy violations, whether they are intentional or unintentional, for years down the road.? Court Rules The NSA collects bulk phone records, such as numbers and call durations, under Section 215 of the USA Patriot Act, which allows the government to compel U.S. companies to turn over ?any tangible thing? that is relevant to a terrorism investigation. Under rules imposed by the Foreign Intelligence Surveillance Court, the agency must have ?reasonable, articulable suspicion? that a phone number is believed to be connected to a terrorist plot in order to query it against the larger database of records. Between May 2006 and January 2009, NSA analysts would query the database with thousands of numbers on an ?alert list,? the intelligence officials said. Those numbers didn?t meet the necessary legal standard, the officials said. The alert list grew from 3,980 in 2006 to 17,835 in 2009, one of the officials said. About 2,000 numbers on the list in 2009 met the necessary legal standard, the official said, meaning almost 16,000 didn?t. Furthermore, the NSA misled the court during those years by certifying that the necessary legal standard was being met for all numbers queried, the official said. Lawyers interacting with the court didn?t understand what was being done under the program, the official said. Other Violations The NSA notified the court in January 2009 of the violations, the official said. Between March 2009 and September 2009 the court required the NSA to get approval for each number it wanted to query. In September of that year the court approved revised procedures that allowed the program to continue, the official said. It wasn?t the first time the NSA has acknowledged violations or that it misled the court. The NSA said last month that some analysts deliberately ignored restrictions on their authority to spy on Americans multiple times in the past decade. Legal opinions declassified Aug. 21 revealed that the NSA intercepted as many as 56,000 electronic communications a year of Americans who weren?t suspected of having links to terrorism, before the secret court that oversees surveillance found the operation unconstitutional in 2011. In a declassified legal opinion from October 2011, the court said the agency misrepresented the scope of surveillance operations three times in less than three years. A May 2012 internal government audit found more than 2,700 violations involving NSA surveillance of Americans and foreigners over a one-year period. The audit was reported Aug. 16 by the Washington Post, citing documents provided by former NSA contractor Edward Snowden. Phone Records The extent of the phone metadata program was exposed in June by Snowden, now in Russia under temporary asylum. He revealed a classified legal order compelling Verizon Communications Inc. (VZ) to turn over the phone records of millions of customers to the NSA. The administration acknowledged the phone metadata program involves multiple telecommunications companies in an Aug. 9 description of how the program works, without naming any other participating companies. Today?s disclosures were made in response to a judge?s order in a freedom of information lawsuit brought by San Francisco-based Electronic Frontier Foundation, a civil liberties group that sued the Justice Department in 2011 for records about what private information the government is collecting under the USA Patriot Act. ACLU, NRA The group filed the lawsuit after the government didn?t respond to its requests to turn over documents describing its collection and surveillance efforts. In November the government asked U.S. District Judge Yvonne Gonzalez Rogers in Oakland, California, to toss the case, saying the EFF sought documents that were exempt from disclosure to protect national security. The Justice Department said in a Sept. 5 court filing that it would release hundreds of pages to EFF, including orders and opinions of the surveillance court from January 2004 to June 2011 and other documents about the court?s work. Gonzalez gave the government until today to turn the information over. The government has collected ?the details of every call made by every American? in violation of the Patriot Act, said Republican Representative Jim Sensenbrenner of Wisconsin, who helped write the 2001 law. ?The implications of this flawed interpretation are staggering,? Sensenbrenner wrote in a Sept. 6 letter to Attorney General Eric Holder. ?The logic the administration uses for bulk collection would seem to support bulk collection of other personal data.? Sensenbrenner also filed a legal brief Sept. 4 supporting a lawsuit by the American Civil Liberties Union against the bulk collection program. He questioned whether the program could be used to build a national database of gun owners and violate the constitutional rights of Americans to keep arms. The National Rifle Association, the largest U.S. gun-rights lobbying group, also filed a legal brief supporting the ACLU?s motion for a preliminary injunction, which would halt the program until the case is decided. The case is Electronic Frontier Foundation v. Department of Justice, 11-05221, U.S. District Court, Northern District of California (Oakland). To contact the reporter on this story: Chris Strohm in Washington at cstrohm1 at bloomberg.net To contact the editor responsible for this story: Bernard Kohn at bkohn2 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 10 18:06:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Sep 2013 19:06:16 -0400 Subject: [Infowarrior] - EFF early comments on DNI datadump today Message-ID: <41172E81-5CCA-4A99-9A3C-3D2AE9B2E426@infowarrior.org> September 10, 2013 | By Trevor Timm https://www.eff.org/deeplinks/2013/09/government-releases-nsa-surveillance-docs-and-previously-secret-fisa-court Government Releases NSA Surveillance Docs and Previously Secret FISA Court Opinions In Response to EFF Lawsuit The Director of National Intelligence (DNI) just today released hundreds of pages of documents related to the government's secret interpretation of Patriot Act Section 215 and the NSA's (mis)use of its massive database of every American's phone records. The documents were released as a result of EFF's ongoing Freedom of Information Act lawsuit. We have all the documents posted here. The government also posted many of the documents here. Our legal team is currently poring over them and will have much more analysis soon, but intelligence officials held a call with reporters about the content of the documents this morning, and made several revealing comments. First, intelligence officials said they were releasing this information in response to the presidential directive on transparency surrounding the NSA. That statement is misleading. They are releasing this information because a court ordered them to as part of EFF's Freedom of Information Act lawsuit, filed almost two years ago on the tenth anniversary of the Patriot Act. In fact, up until the Snowden revelations started a couple months ago, the government was fighting tooth and nail to not only avoid releasing the content of the government's secret interpretation of the Patriot Act, but even the number of pages that were involved. The government argued releasing a single word of today's release would cause "serious and exceptionally grave damage to the national security of the United States." As it's been clear to us and to an increasing percentage of the American public, making public how the government interprets our laws is not only NOT dangerous, but is vital to our democracy. Second, at least some of the documents relate to a "compliance issue" that was referenced in the 2011 FISA court opinion that found some NSA surveillance unconstitutional that released a few weeks ago as part of another EFF FOIA lawsuit. According to intelligence officials, the FISA court opinion focuses on the NSA's use of an "alert list"? which is a list of "phone numbers of interest"? that they queried every day as new data came into their phone records database. The court had told the NSA they were only allowed to query numbers that had "reasonable articulable suspicion (RAS)"? of being involved in terrorism. Apparently, out of the more than 17,000 numbers on this list in 2009, the NSA only had RAS for 1,800 of them. The NSA apparently believed that it had the authority to search the telephone records database in order to obtain the 'reasonable articulable suspicion' required to investigate those numbers. Essentially, they were conducting suspicionless searches to obtain the suspicion the FISA court required to conduct searches. Incredibly, intelligence officials said today that no one at the NSA fully understood how its own surveillance system worked at the time so they could not adequately explain it to the court. This is a breathtaking admission: the NSA's surveillance apparatus, for years, was so complex and compartmentalized that no single person could comprehend it. The intelligence officials also acknowledged that the court has to base its decisions on the information the NSA gives it, which has never been a good basis for the checks and balances and oversight that is a hallmark of American democracy. We also had hoped today's release would contain a 2006 opinion describing how the FISA court re-interpreted the word "relevant"? to mean the NSA could collect information on hundreds of millions of innocent Americans who had never been involved in an investigation of wrong doing. We don't see that opinion in today's release, but expect to get it soon. As we stated, we'll have much more on this soon. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 10 19:17:41 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Sep 2013 20:17:41 -0400 Subject: [Infowarrior] - Wyden and Udall Statement on the Declassification of FISA Court Opinions on Bulk Collection of Phone Data Message-ID: <1E02CFCE-61E6-4350-8266-11FE94074E70@infowarrior.org> Wyden and Udall Statement on the Declassification of FISA Court Opinions on Bulk Collection of Phone Data Tuesday, September 10, 2013 http://www.wyden.senate.gov/news/press-releases/wyden-and-udall-statement-on-the-declassification-of-fisa-court-opinions-on-bulk-collection-of-phone-data Washington, D.C. ? U.S. Senators Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) issued the following statement after the declassification -- as a result of a Freedom of Information Act lawsuit filed by the Electronic Frontier Foundation and the American Civil Liberties Union -- of more than 1800 pages of previously secret Foreign Intelligence Surveillance Court opinions and other documents on the government?s bulk collection of Americans? phone records. ?When the executive branch acknowledged last month that ?rules, regulations and court-imposed standards? intended to protect Americans? privacy had been violated thousands of times each year we said that this confirmation was ?the tip of a larger iceberg.? With the documents declassified and released this afternoon by the Director of National Intelligence, the public now has new information about the size and shape of that iceberg. Additional information about these violations was contained in other recently-released court opinions, though some significant information ? particularly about violations pertaining to the bulk email records collection program ? remains classified. In addition to providing further information about how bulk phone records collection came under great FISA Court scrutiny due to serious and on-going compliance violations, these documents show that the court actually limited the NSA?s access to its bulk phone records database for much of 2009. The court required the NSA to seek case-by-case approval to access bulk phone records until these compliance violations were addressed. In our judgment, the fact that the FISA Court was able to handle these requests on an individual basis is further evidence that intelligence agencies can get all of the information they genuinely need without engaging in the dragnet surveillance of huge numbers of law-abiding Americans. We have said before that we have seen no evidence that the bulk collection of Americans? phone records has provided any intelligence that couldn?t be gathered through less intrusive means and that bulk collection should be ended. These documents provide further evidence that bulk collection is not only a significant threat to the constitutional liberties of Americans, but that it is a needless one.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 10 19:21:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Sep 2013 20:21:04 -0400 Subject: [Infowarrior] - Drivers, beware: D.C. to aim more cameras at traffic scofflaws Message-ID: http://www.washingtonpost.com/local/trafficandcommuting/drivers-beware-dc-to-aim-more-cameras-at-traffic-scofflaws/2013/09/10/c6733ef0-1655-11e3-a2ec-b47e45e6f8ef_print.html Drivers, beware: D.C. to aim more cameras at traffic scofflaws By Lori Aratani, Drivers, beware. Over the next few months, District officials plan to more than double the number of traffic enforcement cameras on city streets ? adding 132 units to their army of electronic eyes. It is the biggest expansion since the District began using cameras to catch scofflaws more than a decade ago. And this time, it?s not just speeders and red-light runners who will be targeted. The city?s beefed-up automated force also will nab drivers who run stop signs and encroach on pedestrian crosswalks, and truckers who drive overweight trucks through neighborhoods where they are prohibited. With this latest expansion, first reported by WRC-TV, District officials will have 223 cameras at their disposal. D.C. Police spokeswoman Gwendolyn Crump would not say how much the additional equipment will cost. The installation of monitoring cameras has long raised ire among some drivers in the District, and in many parts of the country. In 2012, after racking up $425 in fines, D.C. restaurateur Geoff Tracy hired a sign waver to alert drivers to a speed camera in his neighborhood. The camera was eventually relocated ? a move that Crump said was the result of construction in the area, not Tracy?s campaign. ?I hate them,? said Lisa Lee, a financial professional who lives in Columbia, Md., and works in the District. ?They?re popping up every where. You can?t avoid them.? Her co-worker Tim Hatton, who lives in the NoMa area of the District, said recent revelations about the work of the National Security Agency make him worry that more cameras mean less privacy. ?Given all this talk about security and privacy issues, I?m not sure this is going to be received very well,? he said of the expanded program. Other people said they dislike the cameras because they believe a desire for revenue, not a concern for safety, prompts officials to install them. The cameras have proven to be highly profitable. In fiscal 2012, traffic enforcement devices brought $84.9 million into the District?s coffers. Two speed cameras in the tiny Prince George?s County town of Landover Hills (population less than 2,000), produced $1.3 million in fines in their first year of operation. Police and elected officials maintain that it?s not about the money. The cameras have made roadways and school zones safer, they said. According to a study by the Insurance Institute for Highway Safety of red-light camera use in cities including the District, there was been a 24 percent decrease in fatal crashes caused by running red lights. The study found a 17 percent decrease in fatal intersection crashes of all sorts. A recent Washington Post poll found overwhelming support for cameras that catch drivers who run red lights or stop signs, with 63 percent of those polled backing the enforcement tactic. There was less support for speed cameras, with 53 percent of those polled saying they endorse their use. Support for speed cameras was higher among women with 61 percent saying they backed their use, compared with 44 percent of men. ?Absolutely I?m for it,? said Garrett Hennigan, who lives in the District. ?Anything to slow people down.? D.C. Council member Tommy Wells (D-Ward 6) said he backs the program but is concerned that the fines are too high. In 2012, Wells and council member Mary M. Cheh (D-Ward 3) convened a task force to look at the cost of tickets issued. ?The most important thing is public safety, not raising more money for the government,? Wells said. ?You lose the legitimacy of the camera in the eyes of the public if it?s just about raising money.? Cheh added that she too, supports the use of automated cameras but wants to find a way to ensure that the fines aren?t excessive and that motorists are aware they are in use. State laws vary regarding the use of enforcement cameras. The District and 13 states allow speed cameras. Twelve states have banned their use. Maryland?s law limits speed cameras to work zones and school zones. Virginia is among 29 states that have no law regarding speed cameras. States are slightly more amenable to red-light cameras. The District and 21 states including Maryland, allow their use, while nine prohibit them. Virginia allows limited use of the tool. Twenty states have no law regarding their use. John B. Townsend II, a spokesman for AAA Mid-Atlantic, said cameras can help cut down on violations, but said District officials should couple enhanced enforcement efforts with driver education programs. ?We?ve got this yen yen yen for enforcement and that arouses the suspicion that it?s about money,?? he said. ?But where?s the education phase?? Crump said there will be an education program tied to camera expansion and that the police department will publish locations of the new cameras, as it has done in the past. Scott Clement and Peyton M. Craighill of Capital Insight contributed to this report. Capital Insight is the independent polling group of Washington Post Media. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 11 07:22:50 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Sep 2013 08:22:50 -0400 Subject: [Infowarrior] - NSA Leak Leaves Crypto-Math Intact but Highlights Known Workarounds Message-ID: NSA Leak Leaves Crypto-Math Intact but Highlights Known Workarounds New details of the NSA?s capabilities suggest encryption can still be trusted. But more effort is needed to fix problems with how it is used. ? By Tom Simonite on September 9, 2013 http://www.technologyreview.com/news/519171/nsa-leak-leaves-crypto-math-intact-but-highlights-known-workarounds/ Methods of beating encryption discovered by the NSA could also be exploited by other nations, or by criminals. When a New York Times report appeared Thursday saying the National Security Agency had ?circumvented or cracked much of the encryption? protecting online transactions, computer security professionals braced for news of breakthroughs undermining the fundamentals of their field. However, cryptography experts tell MIT Technology Review that a close reading of last week?s report suggests the NSA has not broken the underlying mathematical operations that are used to cloak online banking or e-mail. Instead, the agency appears to rely on a variety of attacks on the software used to deploy those cryptographic algorithms and the humans and organizations using that software. Those strategies, revealed in documents leaked by Edward Snowden, came as no surprise to computer security researchers, given that the NSA?s mission includes the pursuit of America?s most technologically capable enemies. ?The whole leak has been an exercise in `I told you so,? ? says Stephen Weis, CEO of server encryption company PrivateCore. Weis previously worked on implementing cryptography at Google. ?There doesn?t seem to be any kind of groundbreaking algorithmic breakthrough,? he says, ?but they are able to go after implementations and the human aspects of these systems.? Those tactics apparently include using legal tools or hacking to get the digital keys used to encrypt data; using brute computing power to break weak encryption; and forcing companies to help the agency get around security systems. ?If the crypto didn?t work, the NSA wouldn?t bother doing all of these other things,? says Jon Callas, a cryptographer who cofounded PGP Corporation and is now chief technology officer of secure messaging company Silent Circle (see ?An App Keeps Spies Away from Your Phone?). ?This is what you do because you can?t break the crypto.? After seeing the documents behind last week?s reports, security expert Bruce Schneier wrote in the Guardian that people should still ?trust the math? that underlies cryptography. In June, Snowden said in an online chat that ?properly implemented strong crypto systems are one of the few things you can rely on.? Cryptography systems and security software often improve through a cycle in which researchers publish details of flaws, which are then fixed. Looking at last week?s reports in that way doesn?t suggest the security community needs to rethink the fundamentals of its tools and strategies, says Callas. Rather, adoption of known security improvements should be accelerated, and scrutiny of known weak points increased, he says. ?Things have always had to be tested continuously.? Weis agrees, saying companies should do that regardless of their opinion of the NSA. ?A lot of the techniques the agency is using aren?t going to be the most complicated,? he says, ?and so they?ll be accessible to organized crime and other nations? security services.? Two NSA tactics prominent in Thursday?s report highlight widely known and fixable flaws in the way most online services operate. In one of those tactics, the agency collects encryption keys from online services so it can decode intercepted data at will. In the other, the Times said, the NSA uses ?custom-built, superfast computers to break codes,? making it increasingly able to unscramble data without needing to target specific companies. The value of stealing keys can be mostly neutralized if Internet providers adopt a technique called perfect forward secrecy, in which keys aren?t reused. So far Google and a few other companies have adopted it (see ?Circumventing Encryption Frees NSA?s Hands Online?). Mention of NSA?s code-breaking computers and other parts of the new reports appears to confirm long-held suspicions that the agency can overpower a relatively weak form of encryption used by most websites that offer secure SSL connections, visible to users as a padlock icon and ?https? in a browser?s address bar. Most sites using SSL use the trusted RSA encryption algorithm with mathematical keys 1,024 bits long. Experts have cautioned for years that longer keys are needed to defend against an attacker with the resources of a government agency or large company. ?RSA 1024 is entirely too weak to be used anywhere with any confidence in its security,? says Tom Ritter, a cryptographer with iSec Partners. Despite that, relatively few companies use the safer, longer RSA keys. Facebook and Google switched only this year. The software that Internet companies use to implement SSL, in particular a widely used open source package called OpenSSL, is one of many pieces of the Internet?s security infrastructure that will be more closely scrutinized after last week?s reports, says Weis. However, those crucial parts were already known to need careful attention. ?I don?t think this really changes priorities too much.? Callas says he finds it much harder to respond to the part of Thursday?s report that said the NSA works with companies to install backdoors into security software and hardware. Commercial code and designs are typically closely held, and checking how a chip operates is particularly challenging. The moral and policy implications for the security industry and America as a whole are equally tricky, says Callas. ?If my government is trying to catch terrorists and puts weaknesses in the software and hardware that I use that enable thieves to steal money from me,? he asks, ?who is the good guy and who is the bad guy?? The Times report also said the NSA had influenced the development of new cryptographic standards to hide weaknesses it could exploit. The characteristically paranoid cryptography community had already been poring over standards to try to detect such holes, says Weis: ?This is something people have talked about for a long time.? If the NSA influenced standards it would probably do so through its relationship with the National Institute for Standards and Technology, which sets U.S. cryptography standards and is influential worldwide. In 2007, Microsoft researchers showed that a NIST standard introduced the previous year and publicly backed by the NSA had a major mathematical flaw. However, Callas, Weis, and other experts consulted by MIT Technology Review all said that the standard, Dual_EC_DRBG, was always too slow to see widespread use. If the flaw was planted by the NSA, it was an unsubtle and poorly targeted plan, says Callas. Many of the most widely used NIST standards seem unlikely to have been compromised by the NSA because they were developed in the open by groups outside the United States. The agency did have a central role in one crucial standard for a method that is set to become the default way of securing online data (see ?Math Advances Raise Prospect of Internet Security Crisis?). However, that standard is a crucial part of Suite B, a cryptography toolkit today most widely used by the U.S. government and its many contractors. Introducing backdoors into that would seem counterproductive for the NSA. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 11 10:16:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Sep 2013 11:16:40 -0400 Subject: [Infowarrior] - NSA shares raw intelligence including Americans' data with Israel Message-ID: <85266EAE-C36C-49F6-B330-83A06AF73139@infowarrior.org> NSA shares raw intelligence including Americans' data with Israel ? Secret deal places no legal limits on use of data by Israelis ? Only official US government communications protected ? Agency insists it complies with rules governing privacy http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-israel-documents --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 11 18:22:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Sep 2013 19:22:59 -0400 Subject: [Infowarrior] - Meet the Drone That's Guiding New Students Around MIT This Fall Message-ID: Meet the Drone That's Guiding New Students Around MIT This Fall http://gizmodo.com/meet-the-drone-thats-guiding-new-students-around-mit-t-1294335491 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 11 20:07:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Sep 2013 21:07:14 -0400 Subject: [Infowarrior] - Yahoo CEO Mayer: we faced jail if we revealed NSA surveillance secrets Message-ID: <7DDF51C3-2503-42F2-B0EC-84E66F511B49@infowarrior.org> Yahoo CEO Mayer: we faced jail if we revealed NSA surveillance secrets Mark Zuckerberg joins Mayer in hitting back at critics of tech companies, saying US government did 'bad job' of balancing people's privacy and duty to protect ? Dominic Rushe in San Francisco ? theguardian.com, Wednesday 11 September 2013 20.18 EDT http://www.theguardian.com/technology/2013/sep/11/yahoo-ceo-mayer-jail-nsa-surveillance Marissa Mayer, the CEO of Yahoo, and Mark Zuckerberg of Facebook struck back on Wednesday at critics who have charged tech companies with doing too little to fight off NSA surveillance. Mayer said executives faced jail if they revealed government secrets. Yahoo and Facebook, along with other tech firms, are pushing for the right to be allowed to publish the number of requests they receive from the spy agency. Companies are forbidden by law to disclose how much data they provide. During an interview at the Techcrunch Disrupt conference in San Francisco, Mayer was asked why tech companies had not simply decided to tell the public more about what the US surveillance industry was up to. "Releasing classified information is treason and you are incarcerated," she said. Mayer said she was "proud to be part of an organisation that from the beginning, in 2007, has been sceptical of ? and has been scrutinizing ? those requests [from the NSA]." Yahoo has previously unsuccessfully sued the foreign intelligence surveillance (Fisa) court, which provides the legal framework for NSA surveillance. In 2007 it asked to be allowed to publish details of requests it receives from the spy agency. "When you lose and you don't comply, it's treason," said Mayer. "We think it make more sense to work within the system," she said. Zuckerberg said the government had done a "bad job" of balancing people's privacy and its duty to protect. "Frankly I think the government blew it," he said. He said after the news broke in the Guardian and the Washington Post about Prism, the government surveillance programme that targets major internet companies: "The government response was, 'Oh don't worry we are not spying on any Americans.' Oh wonderful that's really helpful to companies that are trying to serve people around the world and that's really going to inspire confidence in American internet companies." "I thought that was really bad," he said. Zuckerberg said Facebook and others were pushing successfully for more transparency. "We are not at the end of this. I wish that the government would be more proactive about communicating. We are not psyched that we had to sue in order to get this and we take it very seriously," he said. On Monday, executives from Yahoo, Facebook, Google and other tech leaders met the president's group on intelligence and communications, tasked with reviewing the US's intelligence and communications technologies in the wake of the NSA revelations. The meeting came as Yahoo and Facebook filed suits once more to force the Fisa court to allow them to disclose more information. In its motion, Yahoo said: "Yahoo has been unable to engage fully in the debate about whether the government has properly used its powers, because the government has placed a prior restraint on Yahoo's speech." It went on: "Yahoo's inability to respond to news reports has harmed its reputation and has undermined its business not only in the United States but worldwide. Yahoo cannot respond to such reports with mere generalities," the company said. Microsoft and Google also filed their latest legal briefs on Monday to force the Fisa court to disclose more information. In a blogpost, Google said it was asking for permission to publish "detailed statistics about the types (if any) of national security requests" it receives under Fisa. "Given the important public policy issues at stake, we have also asked the court to hold its hearing in open rather than behind closed doors. It's time for more transparency," said Google. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 11 20:13:42 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Sep 2013 21:13:42 -0400 Subject: [Infowarrior] - OT: A Plea for Caution From Russia Message-ID: Op-Ed Contributor A Plea for Caution From Russia By VLADIMIR V. PUTIN Published: September 11, 2013 http://www.nytimes.com/2013/09/12/opinion/putin-plea-for-caution-from-russia-on-syria.html MOSCOW ? RECENT events surrounding Syria have prompted me to speak directly to the American people and their political leaders. It is important to do so at a time of insufficient communication between our societies. Relations between us have passed through different stages. We stood against each other during the cold war. But we were also allies once, and defeated the Nazis together. The universal international organization ? the United Nations ? was then established to prevent such devastation from ever happening again. The United Nations? founders understood that decisions affecting war and peace should happen only by consensus, and with America?s consent the veto by Security Council permanent members was enshrined in the United Nations Charter. The profound wisdom of this has underpinned the stability of international relations for decades. No one wants the United Nations to suffer the fate of the League of Nations, which collapsed because it lacked real leverage. This is possible if influential countries bypass the United Nations and take military action without Security Council authorization. The potential strike by the United States against Syria, despite strong opposition from many countries and major political and religious leaders, including the pope, will result in more innocent victims and escalation, potentially spreading the conflict far beyond Syria?s borders. A strike would increase violence and unleash a new wave of terrorism. It could undermine multilateral efforts to resolve the Iranian nuclear problem and the Israeli-Palestinian conflict and further destabilize the Middle East and North Africa. It could throw the entire system of international law and order out of balance. Syria is not witnessing a battle for democracy, but an armed conflict between government and opposition in a multireligious country. There are few champions of democracy in Syria. But there are more than enough Qaeda fighters and extremists of all stripes battling the government. The United States State Department has designated Al Nusra Front and the Islamic State of Iraq and the Levant, fighting with the opposition, as terrorist organizations. This internal conflict, fueled by foreign weapons supplied to the opposition, is one of the bloodiest in the world. Mercenaries from Arab countries fighting there, and hundreds of militants from Western countries and even Russia, are an issue of our deep concern. Might they not return to our countries with experience acquired in Syria? After all, after fighting in Libya, extremists moved on to Mali. This threatens us all. From the outset, Russia has advocated peaceful dialogue enabling Syrians to develop a compromise plan for their own future. We are not protecting the Syrian government, but international law. We need to use the United Nations Security Council and believe that preserving law and order in today?s complex and turbulent world is one of the few ways to keep international relations from sliding into chaos. The law is still the law, and we must follow it whether we like it or not. Under current international law, force is permitted only in self-defense or by the decision of the Security Council. Anything else is unacceptable under the United Nations Charter and would constitute an act of aggression. No one doubts that poison gas was used in Syria. But there is every reason to believe it was used not by the Syrian Army, but by opposition forces, to provoke intervention by their powerful foreign patrons, who would be siding with the fundamentalists. Reports that militants are preparing another attack ? this time against Israel ? cannot be ignored. It is alarming that military intervention in internal conflicts in foreign countries has become commonplace for the United States. Is it in America?s long-term interest? I doubt it. Millions around the world increasingly see America not as a model of democracy but as relying solely on brute force, cobbling coalitions together under the slogan ?you?re either with us or against us.? But force has proved ineffective and pointless. Afghanistan is reeling, and no one can say what will happen after international forces withdraw. Libya is divided into tribes and clans. In Iraq the civil war continues, with dozens killed each day. In the United States, many draw an analogy between Iraq and Syria, and ask why their government would want to repeat recent mistakes. No matter how targeted the strikes or how sophisticated the weapons, civilian casualties are inevitable, including the elderly and children, whom the strikes are meant to protect. The world reacts by asking: if you cannot count on international law, then you must find other ways to ensure your security. Thus a growing number of countries seek to acquire weapons of mass destruction. This is logical: if you have the bomb, no one will touch you. We are left with talk of the need to strengthen nonproliferation, when in reality this is being eroded. We must stop using the language of force and return to the path of civilized diplomatic and political settlement. A new opportunity to avoid military action has emerged in the past few days. The United States, Russia and all members of the international community must take advantage of the Syrian government?s willingness to place its chemical arsenal under international control for subsequent destruction. Judging by the statements of President Obama, the United States sees this as an alternative to military action. I welcome the president?s interest in continuing the dialogue with Russia on Syria. We must work together to keep this hope alive, as we agreed to at the Group of 8 meeting in Lough Erne in Northern Ireland in June, and steer the discussion back toward negotiations. If we can avoid force against Syria, this will improve the atmosphere in international affairs and strengthen mutual trust. It will be our shared success and open the door to cooperation on other critical issues. My working and personal relationship with President Obama is marked by growing trust. I appreciate this. I carefully studied his address to the nation on Tuesday. And I would rather disagree with a case he made on American exceptionalism, stating that the United States? policy is ?what makes America different. It?s what makes us exceptional.? It is extremely dangerous to encourage people to see themselves as exceptional, whatever the motivation. There are big countries and small countries, rich and poor, those with long democratic traditions and those still finding their way to democracy. Their policies differ, too. We are all different, but when we ask for the Lord?s blessings, we must not forget that God created us equal. Vladimir V. Putin is the president of Russia. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 12 12:19:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Sep 2013 13:19:47 -0400 Subject: [Infowarrior] - MPAA Gets Its Wish: Court Basically Says It Can File Bogus DMCA Takedowns Without Concern For Fair Use Message-ID: MPAA Gets Its Wish: Court Basically Says It Can File Bogus DMCA Takedowns Without Concern For Fair Use from the time-to-fix-the-law dept Well, this is unfortunate. We've been covering a somewhat bizarre, petty legal squabble between two bloggers who have very different views about birthing methods, and who have a history of sniping at each other. Eventually the sniping went legal after one (Gina Crosley-Corcoran) posted a photo of herself giving the middle finger, telling the other (Amy Tuteur) to "take back to your blog and obsess over." Tuteur, in response, posted the image on her blog along with some choice words for Crosley-Corcoran. Crosley-Corcoran threatened a highly questionable copyright infringement claim over the reposting of the photo, then eventually did send equally questionable DMCA takedown notices to Tuteur's hosting companies (plural) leading Tuteur to feel the need to shift hosts a few times. Crosley-Corcoran publicly laughed at Tuteur's blog being taken down, and later stated (publicly) that she wanted to stifle Tuteur's speech by getting Tuteur to stop talking about her, and finally soliciting a "legal fund" to go after Tuteur, promising to continue to take down her blog wherever it was posted. This seemed like a clear case of abusing the DMCA to stifle speech, and we noted that it might be an important case in determining if the DMCA's 512(f) clause had any teeth. 512(f) is the clause that provides for damages if you file a bogus DMCA notice (technically if you make "material misrepresentation" in the notice). The key question: is sending a DMCA notice when the use is clearly fair use a "material misrepresentation." The EFF jumped in to help argue this point, freaking out the MPAA who insisted that having to consider fair use before filing an abusive, censorious DMCA takedown is crazy talk. Unfortunately, it appears that the judge has now agreed with the MPAA that Congress probably didn't intend for DMCA filers to have to consider fair use, saying that if that was the intent, Congress should change the law. The argument made by the court is that the takedown process was designed to be "expeditious" and having to consider things like fair use make it too slow. < - > http://www.techdirt.com/articles/20130911/18073124494/mpaa-gets-its-wish-court-basically-says-it-can-file-bogus-dmca-takedowns-without-concern-fair-use.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 12 13:58:46 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Sep 2013 14:58:46 -0400 Subject: [Infowarrior] - NASA confirms Voyager 1 has left the solar system Message-ID: NASA confirms Voyager 1 has left the solar system http://www.latimes.com/la-sci-sn-nasa-confirms-voyager-1-has-exited-the-solar-system-20130912,0,6990209.story By Monte Morin September 12, 2013, 11:00 a.m. After 36 years of space travel and months of heated debate among scientists, NASA confirmed Thursday that Voyager 1 has indeed left our solar system and had entered interstellar space more than a year ago. "Voyager has boldly gone where no probe has gone before, marking one of the most significant technological achievements in the annals of the history of science," said John Grunsfeld, NASA's associate administrator for the Science Mission Directorate. At a Thursday news conference in Washington, D.C., officials said the belated confirmation was based on new "key" evidence involving space plasma density. The evidence was outlined in a paper published online Thursday in the journal Science. Lead author Don Gurnett, an Iowa State plasma physicist and a Voyager project scientist, said the data showed conclusively that Voyager 1 had exited the heliopause ? the bubble of hot, energetic particles that surrounds our sun and planets ? and entered into a region of cold, dark space called the interstellar medium. "When we got that data, I and my colleagues just looked at each other and said, 'We?re in the interstellar medium.' It was just that clear to us," Gurnett said. Gurnett calculated that Voyager crossed the edge of the heliosphere, or heliopause, at or around Aug. 25, 2012. "Even though it took 36 years, it's just an amazing thing to me," said study coauthor Bill Kurth, a radio and plasma researcher at the University of Iowa. Scientists had begun to vigorously debate Voyager?s whereabouts earlier this year, when it was clear that the probe was being bombarded by an increasing number of galactic cosmic rays and that the number of high-energy particles from inside the heliosphere had plummeted. However, NASA scientists said they could not be certain Voyager had left the solar system until surrounding magnetic fields changed direction. After waiting for that change for more than a year, however, officials conceded that the magnetic field change was not a necessary indicator. ?It?s a big surprise, and it's another mystery,? said Ed Stone, a Voyager project scientist at Caltech and former chief of the Jet Propulsion Laboratory in La Canada Flintridge. ?This is not what our models were telling us. We have to address this issue, but right now ... we don?t understand.? Confusion over Voyager?s whereabouts has a lot to do with the failure of one specific piece of equipment, the spacecraft's plasma science experiment, or PLS. The device, which was developed at MIT, measures the electron density of space plasma: ionized gas that is ejected from our sun as well as other stars. Cool plasma, the product of stars that exploded millions of years ago, populates interstellar space and has a high density: about 100,000 electrons per cubic yard of space. Super-heated plasma, like the solar wind that flows from our sun, fills the heliosphere and is much less dense, only about 1,000 electrons per cubic meter, Gurnett said. A functioning PLS would have been able to sense the rising density change as Voyager exited the heliosphere. ?The instrument failed in 1980, so the spacecraft is sort of instrument-challenged,? Gurnett said. ?That?s really one of the major failures we?ve had. There really aren't that many.? Voyager does, however, have two plasma wave antennas that stretch from its base in a wide V shape. The antennas, which are connected to a radio transmitter, detect the oscillation, or vibration, of excited plasma particles. The device will convert the oscillations into an audible noise that is recorded on Voyager's vintage eight-track tape recorder. The frequency of the noise is associated with a specific density of plasma. The higher the frequency, the denser the plasma. The only trouble is that something has to excite the plasma for it to ?ring,? something like a large solar flare. Waiting for a solar flare can take years during a solar minimum (a period of low solar activity). Also, when a flare does occur, it can take as long as a year for the shock wave to reach Voyager 11.6 billion miles away. Fortunately for Voyager scientists, the antennas picked up two long-lasting oscillations. The first was in October and November of 2012 and the second was in April and May of 2013. In both cases, the frequency suggested that the plasma was cold and dense. Voyager was in interstellar space. ?It was key evidence,? Stone said. ?We really needed to measure plasma to know if we were inside or outside the heliosphere. Everything else is more of a proxy.? Gurnett and his colleagues arrived at the crossing date of Aug. 25 by extrapolation. Plasma density was increasing in a linear fashion as Voyager moved further from the heliosphere and into the interstellar medium. The frequency measured in the fall of 2012 was 2.2 kilohertz, and by the spring of 2013 it had risen to 2.6 kilohertz. Previous research told Gurnett that the frequency of the radio signal at the crossing point should be 2 kilohertz, and so by plotting each point on a line, he was able to arrive at a date. Scientists are hoping that many gaps in our understanding will be filled in by Voyager 2. The sister spacecraft, which was also launched in 1977, is nearing the edge of the heliosphere via a different path and is expected to encounter interstellar space sometime within the next several years. Unlike Voyager 1, however, Voyager 2 has a fully functioning plasma science instrument and has been sending back density readings throughout its journey. ?I think it's going to teach us even more about this region,? Stone said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 12 14:39:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Sep 2013 15:39:02 -0400 Subject: [Infowarrior] - OpNSA: Anonymous targets US lawmakers with close ties to intelligence community Message-ID: <3B464B96-8786-4D89-86B5-720E71A13E25@infowarrior.org> OpNSA: Anonymous targets US lawmakers with close ties to intelligence community (VIDEO) Anonymous is targeting US lawmakers with ties to intelligence contractors by highlighting campaign contributions and vote records. http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/anonymous-target-us-lawmakers-close-ties-intelligence-community --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 12 21:48:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Sep 2013 22:48:21 -0400 Subject: [Infowarrior] - Verizon's diabolical plan to turn the Web into pay-per-view Message-ID: <6F5BA4C9-ED49-4F86-B35E-6FC649C83293@infowarrior.org> Verizon's diabolical plan to turn the Web into pay-per-view By Bill Snyder Created 2013-09-12 03:00AM Think of all the things that tick you off about cable TV. Along with brainless programming and crummy customer service, the very worst aspect of it is forced bundling. You can't pay just for the couple of dozen channels you actually watch. Instead, you have to pay for a couple of hundred channels, because the good stuff is scattered among a number of overstuffed packages. Now, imagine that the Internet worked that way. You'd hate it, of course. But that's the direction that Verizon, with the support of many wired and wireless carriers, would like to push the Web. That's not hypothetical. The country's No. 1 carrier is fighting in court [1] to end the Federal Communications Commission's policy of Net neutrality, a move that would open the gates to a whole new -- and wholly bad -- economic model on the Web. [ With worker retirements looming, IT starts to prepare for a workforce exodus [2]. | For quick, smart takes on the news you'll be talking about, check out InfoWorld TechBrief [3] -- subscribe today. ] As it stands now, you pay your Internet service provider and go wherever you want on the Web. Packets of bits are just packets and have to be treated equally. That's the essence of Net neutrality. But Verizon's plan, which the company has outlined during hearings in federal court and before Congress, would change that. Verizon and its allies would like to charge websites that carry popular content for the privilege of moving their packets to your connected device. Again, that's not hypothetical. ESPN, for example, is in negotiations [4] with at least one major cellular carrier to pay to exempt its content from subscribers' cellular data caps. And what's wrong with that? Well, ESPN is big and rich and can pay for that exemption, but other content providers -- think of your local jazz station that streams audio -- couldn't afford it and would be out of business. Or, they'd make you pay to visit their websites. Indeed, if that system had been in place 10 years ago, fledglings like Google or YouTube or Facebook might never have gotten out of the nest. Susan Crawford, a tech policy expert and professor at Yeshiva University's Benjamin N. Cardozo School of Law, says Verizon wants to "cable-ize the Internet." She writes in her blog [5] that "The question presented by the case is: Does the U.S. government have any role in ensuring ubiquitous, open, world-class, interconnected, reasonably priced Internet access?" Verizon: the new Standard Oil Verizon and other carriers answer that question by saying no. They argue that because they spent megabucks to build and maintain the network, they should be able to have a say over what content travels over it. They say that because Google and Facebook and other Internet companies make money by moving traffic over "their" networks, they should get a bigger piece of the action. (Never mind that pretty much every person and business that accesses Google or Facebook is already paying for the privilege, and paying more while getting less speed than users in most of Europe.) In 2005, AT&T CEO Ed Whitacre famously remarked [6] that upstarts like Google would like to "use my pipes free, but I ain't going to let them do that because we have spent this capital and we have to have a return on it." That's bad enough, but Verizon goes even further. It claims that it has a right to free speech and, like a newspaper that may or may not publish a story about something, it can choose which content it chooses to carry. "Broadband providers possess 'editorial discretion.' Just as a newspaper is entitled to decide which content to publish and where, broadband providers may feature some content over others," Verizon's lawyers argue in a brief (PDF) [7]. That's so crazy I won't bother to address it. But the FCC has done such a poor job of spelling out what it thinks it has the right to regulate and how that should work that the door is wide open for the carriers' bizarre -- not to mention anticonsumer -- strategies and arguments. I don't want to get down in the regulatory weeds, but there is one bit of legalese that's worth knowing: common carrier. Simply put, it means that the company doing the shipping can't mess with the contents. A railroad is a common carrier, and as such it can't decide whose cargo it will carry and whose it won't. Before railroads were common carriers, they did things like favor products made by John D. Rockefeller's Standard Oil, which made him even richer and also led to the creation of a wildly out-of-control monopoly. (Yeshiva's Crawford has an in-depth but readable explanation of these issues in her book "Captive Audience: The Telecom Industry and Monopoly Power in the New Gilded Age [8]." But the FCC has never ruled that ISPs are common carriers, partly because it's afraid of the power of the lobbyists to influence Congress and partly because its directors lack spine. And now that lack of spine is about to bite the butt of everyone who uses the Web. According to people who follow this stuff closely, because ISPs are not common carriers the judges on the U.S. Court of Appeals in Washington, D.C., are looking askance at the FCC's defense against Verizon's lawsuit, although a verdict isn't likely for months. Here are the stakes: "If Verizon -- or any ISP -- can go to a website and demand extra money just to reach Verizon subscribers, the fundamental fairness of competing on the Internet would be disrupted. It would immediately make Verizon the gatekeeper to what would and would not succeed online. ISPs -- not users, not the market -- would decide which websites and services succeed," writes Michael Weinberg, vice president of Public Knowledge, a digital advocacy group. A taste of the Web's future: The Time Warner vs. CBS dustup You don't have to wait for the Verizon verdict to get a taste of what the New Web Order would be like. Time Warner Cable and CBS just had a dustup over how much Time Warner would pay CBS to carry its programming. When the pair couldn't agree, the cable giant stopped carrying CBS programming in New York City, Los Angeles, and Dallas. CBS then retaliated by stopping Time Warner subscribers from streaming its programming over the Internet. They settled after about a month. Staying true to form, Time Warner refused to give customers a rebate as compensation for lost programming. That's not exactly the same issue that we're facing in the fight over Net neutrality, but it should give you a sense of what life is like when the giants fight it out over what you're allowed to access and for how much. Users get caught in the middle, and the rights we've taken for granted simply disappear. I welcome your comments, tips, and suggestions. Post them here (Add a comment [9]) so that all our readers can share them, or reach me at bill at billsnyder.biz [10]. Follow me on Twitter at BSnyderSF [11]. This article, "Verizon's diabolical plan to turn the Web into pay-per-view [12]," was originally published by InfoWorld.com [13]. Read more of Bill Snyder's Tech's Bottom Line blog [14] and follow the latest technology business [15] developments at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter [16]. Source URL (retrieved on 2013-09-12 07:36PM): http://www.infoworld.com/d/the-industry-standard/verizons-diabolical-plan-turn-the-web-pay-view-226662 Links: [1] http://www.infoworld.com/t/internet/net-neutrality-faces-uncertain-court-ruling-in-us-226239 [2] http://www.infoworld.com/t/it-jobs/worker-retirements-looming-it-starts-prepare-workforce-exodus-225353?source=fssr [3] http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_techbrief&source=ifwelg_fssr [4] http://publicknowledge.org/blog/fcc-what-net-neutrality-violation-looks [5] http://scrawford.net/verizon-v-fcc-why-it-matters/ [6] http://www.businessweek.com/magazine/content/05_45/b3958092.htm [7] http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-317120A1.pdf [8] https://www.amazon.com/dp/0300153139/ref=as_li_ss_til?tag=ergo-20&camp=0&creative=0&linkCode=as4&creativeASIN=0300153139&adid=1NJMKFG9TQWA2SNRS6FM& [9] http://www.infoworld.com/d/the-industry-standard/verizons-diabolical-plan-turn-the-web-pay-view-226662#disqus_thread [10] mailto:bill at billsnyder.biz [11] http://twitter.com/BSnyderSF [12] http://www.infoworld.com/d/the-industry-standard/verizons-diabolical-plan-turn-the-web-pay-view-226662?source=footer [13] http://www.infoworld.com/?source=footer [14] http://www.infoworld.com/blogs/bill-snyder?source=footer [15] http://www.infoworld.com/d/the-industry-standard?source=footer [16] http://twitter.com/infoworld --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 12 21:50:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Sep 2013 22:50:36 -0400 Subject: [Infowarrior] - RIP Ray Dolby Message-ID: <23024C32-04D5-4C53-95CD-4F035B564C08@infowarrior.org> Ray Dolby, sound pioneer and Dolby Laboratories founder, dies The man responsible for groundbreaking work in noise reduction and inventing surround sound has passed away at age 80. http://news.cnet.com/8301-10797_3-57602767-235/ray-dolby-sound-pioneer-and-dolby-laboratories-founder-dies/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 12 22:08:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Sep 2013 23:08:43 -0400 Subject: [Infowarrior] - WH NSA surveillance review panel did not discuss changes, attendees say Message-ID: Obama's NSA surveillance review panel did not discuss changes, attendees say Pair say meeting was dominated by tech firms' interests and session did not broach the topic of changes to data collection ? Spencer Ackerman in Washington ? theguardian.com, Thursday 12 September 2013 15.42 EDT http://www.theguardian.com/world/2013/sep/12/obama-nsa-review-surveillance-changes The review panel was set up by Obama to look into whether the government needed to readjust its surveillance practices. Photograph: Julian Stratenschulte/EPA A review panel created by President Obama to guide reforms to US government surveillance did not discuss any changes to the National Security Agency's controversial activities at its first meeting, according to two participants. The panel, which met for the first time this week in the Truman Room of the White House conference center, was touted by Obama in August as a way for the government to consider readjusting its surveillance practices after hearing outsiders' concerns. But two attendees of the Monday meeting said the discussion was dominated by the interests of major technology firms, and the session did not address making any substantive changes to the controversial mass collection of Americans' phone data and foreigners' internet communications, which can include conversations with Americans. Robert Atkinson, the president of the Information Technology and Innovation Foundation and an attendee, told the Guardian the he "did not hear much discussion" of changes to the bulk surveillance activities. "My fear is it's a simulacrum of meaningful reform," said Sascha Meinrath, a vice president of the New America Foundation, an influential Washington think tank, and the director of the Open Technology Institute, who also attended. "Its function is to bleed off pressure, without getting to the meaningful reform." < - > The meeting itself struck Meinrath as bizarre. Representatives from the technology firms were identified around the table not by their names, but by placards listing their employers. There was minimal technical discussion of surveillance mechanisms despite the presence of technology companies; Meinrath took the representatives to be lawyers, not technologists. When it appeared like the meeting would discuss a surveillance issue in a sophisticated way, participants and commissioners suggested it be done in a classified meeting. Meinrath interpreted that as a maneuver to exclude his more-critical viewpoint. The White House deferred comment to the Office of the Director of National Intelligence, which did not respond. < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 13 12:21:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Sep 2013 13:21:27 -0400 Subject: [Infowarrior] - This is a complete list of Wall Street CEOs prosecuted for their role in the financial crisis Message-ID: <20B4799D-D5D0-4908-BBB8-90A69BC8121C@infowarrior.org> (c/o KM) This is a complete list of Wall Street CEOs prosecuted for their role in the financial crisis By Neil Irwin, Updated: September 12, 2013 http://www.washingtonpost.com/blogs/wonkblog/wp/2013/09/12/this-is-a-complete-list-of-wall-street-ceos-prosecuted-for-their-role-in-the-financial-crisis/?print=1 Five years after Lehman fell, taking the global economy along with it, a roll call of Wall Street CEOs serving time for their role in the crisis looks something like this: So, yeah. Zero Wall Street CEOs are in jail. But we did promise you a list: 1. No one. 2. LOL. 3. Wall Street's lawyers are amazing. 4. Etc. Etc. It's not that federal government tried to prosecute a bunch of them but lost the cases. There were no serious efforts at criminal prosecutions at all. Which isn't to say nobody is in jail. There have been prosecutions of various mortgage brokers and other small fish who lied or encouraged clients to lie on their applications for a home loan. The crisis exposed some outright fraudsters who are now in the slammer, such as Bernie Madoff and Allen Stanford. And, yes, major banks have been working through billions of dollars in civil settlements for shady behavior in the runup to the crisis. But it's shocking that for a crisis that drove the global economy off a cliff, caused millions of people to lose their homes and generally spread mass human misery to almost every corner of the earth there is no defining prosecution. No man or woman who led one of the firms directly culpable for the catastrophe has been put in a prison-orange jumpsuit. You might think that by now we could say that orange is the new charcoal pinstripes. But we can't. So, what?s going on? Of the rogues gallery who led the major Wall Street firms to the brink of the abyss, only to have a multitrillion-dollar taxpayer bailout pull them back, why have none become familiar with our nation?s federal prison system? One theory is that prosecutors have been reluctant to take on these cases out of timidity, perhaps cowed by the power of these deposed CEOs, the skill of their high-priced legal teams, and even the risk that more aggressive prosecution could spark more financial instability. U.S. Attorney General Eric Holder seemed to acknowledge the last factor earlier in the year, saying that ?I am concerned that the size of some of these institutions becomes so large that it does become difficult for us to prosecute them when we are hit with indications that if you do prosecute, if you do bring a criminal charge, it will have a negative impact on the national economy, perhaps even the world economy.? (In a later hearing, he said that his comment was misconstrued and that he was arguing that no bank is in fact too big to jail.) But that's not all there is to it. No CEOs even came particularly close to facing criminal charges. The closest would probably be Angelo Mozilo, who was chief executive of Countrywide, one of the most aggressive mortgage lenders during the boom years. It was bought up by Bank of America in late 2007 and has caused the bank no end of trouble since. The Securities and Exchange Commission charged Mozilo with insider trading and securities fraud in 2009 for selling shares of his company while publicly proclaiming it was in fine shape. But those were civil charges, which Mozilo settled with $67.5 million in fines and a lifetime ban from serving as an officer of a public company. A criminal investigation was dropped. And that?s about it. A fraud prosecution of managers of two Bear Stearns hedge funds resulted in a jury finding them innocent. Fabrice ?Fabulous Fab? Tourre was found liable for misleading investors in mortgage securities issued by his firm, Goldman Sachs, but it was a civil case, and no one could accuse Tourre of being a senior official at Goldman. The CEOs -- including Lehman?s Richard Fuld, Bear Stearns?s Jimmy Cayne, Merrill Lynch?s Stan O?Neal, Citigroup?s Chuck Prince -- all roam the streets free to wreck the global economy again (if, in the unlikely event, anybody wants to give them a job running a gigantic financial firm). Yes, the men mentioned above ran firms during a time they were taking unwise risks, using too much borrowed money, and packaging securities that turned out to be pretty much worthless. Yes, in some cases they argued publicly that their companies were in sound shape even as they were falling apart. But SEC enforcers, federal prosecutors and state attorneys general spent years investigating these cases, searching for the incriminating e-mail or evidence of illegal activity that would allow them to land a major prosecution. By all appearances, they didn't find anything. There?s a plausible case that the ?too big to jail? problem might make prosecutors wary of going after a mega-bank itself. But it?s not at all clear why it would make them wary of going after some long-ago deposed chief executive on criminal charges. America doesn?t criminalize bad business decisions, even when they lead to business failure; if we did, Silicon Valley would be a penal colony. The fact that the collapse of financial firms can cause so much collateral damage for the economy doesn?t lower the legal bar for throwing CEOs in jail, no matter how much a basic sense of fairness makes a person wish it were so. That means that our system needs to address the risks financial firms can create for the whole economy through other means. Higher capital requirements and stricter limits on the kinds of risky activities banks can take on will do a lot more to create a stable economy and financial system in the decades ahead than marching Lehman's Dick Fuld to a Lower Manhattan courthouse in an orange jump suit ? all the more so knowing that Fuld would have a very good chance of being found innocent if prosecutors' reluctance and the "not guilty" verdict in the Bear Stearns hedge fund case are taken as indications. Higher capital requirements may not satisfy blood lust the way a CEO in chains would, but they're are going to do a lot more to keep what happened five years ago this fall from happening again. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 13 12:26:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Sep 2013 13:26:20 -0400 Subject: [Infowarrior] - =?windows-1252?q?Snowden_Leak_Prompted_=93Conside?= =?windows-1252?q?rable_Public_Interest=2C=94_Says_FISA_Court?= Message-ID: <43774EAC-435D-4E4F-B334-E5A4FFE0C904@infowarrior.org> Snowden Leak Prompted ?Considerable Public Interest,? Says FISA Court http://blogs.fas.org/secrecy/2013/09/snowden-fisc/ The leak by Edward Snowden of a classified order issued by the Foreign Intelligence Surveillance Court (FISC) helped to arouse significant public interest, said the Court itself in an opinion issued today. Further disclosures are now justified, the Court indicated. ?The unauthorized disclosure in June 2013 of a Section 215 order, and government statements in response to that disclosure, have engendered considerable public interest and debate about Section 215,? wrote FISC Judge F. Dennis Saylor IV in an opinion today regarding an ACLU motion for release of prior Court opinions concerning Section 215 of the USA Patriot Act. Judge Saylor directed that any opinions not already subject to litigation under the Freedom of Information Act should now be reviewed for declassification. ?[Further] Publication of FISC opinions relating to this provision would contribute to an informed debate,? Judge Saylor added. ?Publication would also assure citizens of the integrity of this Court?s proceedings.? Yesterday, Director of National Intelligence James Clapper also acknowledged that the leaks, while damaging, had triggered an important debate. ?I think it?s clear that some of the conversations this has generated, some of the debate, actually needed to happen,? DNI Clapper said. ?If there?s a good side to this, maybe that?s it.? (?Clapper: Snowden case brings healthy debate; more disclosures to come? by Ken Dilanian, Los Angeles Times, September 12.) But if the unauthorized disclosure of a FISA Court order generated debate that ?needed to happen,? that means that the original classification of the order had precluded a necessary public debate. If so, it follows that a thorough reconsideration of classification policy and practice is due. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 13 14:49:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Sep 2013 15:49:39 -0400 Subject: [Infowarrior] - =?windows-1252?q?US_bid_to_name_=93Science_Laurea?= =?windows-1252?q?te=94_hits_snag_with_climate_denialists?= Message-ID: <5CF3C880-B49D-4E99-B082-4B105634345D@infowarrior.org> US bid to name ?Science Laureate? hits snag with climate denialists Conservative lobbying groups freak out, get bipartisan bill pulled. by John Timmer - Sept 13 2013, 11:56am EDT http://arstechnica.com/science/2013/09/us-bid-to-name-science-laureate-hits-snag-with-climate-denialists/ You may not be aware of it, but the US has an official poet. Named by the Librarian of Congress, the Poet Laureate is meant to increase the public's appreciation of poetry and the arts in general. Inspired by this example, a bipartisan group of Representatives introduced a bill that would create a Science Laureate to indicate to the US public the value placed on science. Unfortunately, that plan has hit a snag, as lobbyists freaked out over fears the Science Laureate could introduce the US public to reality on the topic of climate change. According to Science Insider, when the bill was first introduced, it had bipartisan backing in both the House and Senate?including from Rep. Lamar Smith (R-TX), who is not consistently on friendly terms with the US government's science bodies. In fact, the bill had such broad support, the House bypassed committee votes and sent it straight to the floor, where it was expected to pass without incident. There was an incident. A leader of the American Conservative Union spotted the bill and blew a gasket. In a letter sent to all Republican Representatives and other conservative lobbying groups, the American Conservative Union alleged that Obama would use the opportunity to politicize the position and use it for advocacy about "climate change and regulation of greenhouse gases.? Science Insider also talked to someone from the Competitive Enterprise Institute, who basically said that his group didn't want to see scientists talking to the public. "There?s no way to make it work,? the person is quoted as saying. ?It would still give scientists an opportunity to pontificate, and we?re opposed to it.? The bill is likely to make it back to the House floor, but only after going the full route through committee, and possibly in an amended form. But, in the meantime, the first attempt to pass it has provided a window into how some groups have become so frightened of the policy implications of basic science that they will attempt to limit the probability that the public will hear about it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 13 16:57:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Sep 2013 17:57:52 -0400 Subject: [Infowarrior] - Feynman Lectures on Physics Vol. 1 Released in HTML Format Message-ID: <4B764C0A-0DC6-44AD-9ECB-DBAEAF54B176@infowarrior.org> (submitted by several readers today) Feynman Lectures on Physics Vol. 1 Released in HTML Format http://science.slashdot.org/story/13/09/13/1438245/feynman-lectures-on-physics-vol-1-released-in-html-format --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 13 16:57:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Sep 2013 17:57:58 -0400 Subject: [Infowarrior] - =?windows-1252?q?NIST_=93strongly=94_discourages_?= =?windows-1252?q?use_of_NSA-influenced_algorithm?= Message-ID: Gov?t standards agency ?strongly? discourages use of NSA-influenced algorithm NIST: "we are not deliberately... working to undermine or weaken encryption." by Jeff Larson and Justin Elliott, ProPublica.org Sept 13 2013, 3:55pm EDT Following revelations about the National Security Agency's (NSA) covert influence on computer security standards, the National Institute of Standards and Technology, or NIST, announced earlier this week it is revisiting some of its encryption standards. But in a little-noticed footnote, NIST went a step further, saying it is "strongly" recommending against even using one of the standards. < - > http://arstechnica.com/security/2013/09/government-standards-agency-strongly-suggests-dropping-its-own-encryption-standard/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 13 17:33:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Sep 2013 18:33:33 -0400 Subject: [Infowarrior] - Fwd: FBI Admits It Controlled Tor Servers Behind Mass Malware Attack References: <20130913220825.GX4210@reznor.com> Message-ID: <7DEAC88B-C5AC-4D45-89E9-BC54118CFBAB@infowarrior.org> > From: aj reznor > > From the "WTF" Files! > > > http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/ > > It wasn?t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before > the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. > > Freedom Hosting?s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for > them from a bank account in Las Vegas. It?s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted > when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. From rforno at infowarrior.org Sat Sep 14 08:15:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Sep 2013 09:15:39 -0400 Subject: [Infowarrior] - Balancing Secrecy, Academic Freedom Message-ID: <2BE55526-4406-415A-91A5-E9260F736502@infowarrior.org> Baltimore Sun September 14, 2013 Sun Investigates Balancing Secrecy, Academic Freedom By Tricia Bishop, The Baltimore Sun http://www.baltimoresun.com/news/maryland/education/blog/bs-md-higher-ed-intelligence-20130911,0,1832502.story While the main campus of the Johns Hopkins University in Baltimore is open and inviting, there is another division of the school that discourages visitors. The Hopkins Applied Physics Laboratory is tucked miles away in Laurel, with building access blocked by guards. Outsiders enter with an approved escort for the most part, handing over proof of identity first. Much of what goes on in there is secret ? including some of the billions of dollars in work the lab does for the federal government. The lab, and a facility at the University of Maryland in College Park where admitted National Security Agency leaker Edward Snowden once toiled, are two of 13 university-affiliated research centers doing contractual work for the Department of Defense in areas ranging from ship design to missile defense. While the federal government and universities have collaborated since World War II, universities must balance academic integrity with the millions to be made in covert projects. Some universities have eschewed classified work because of the pitfalls; others have publicly bumbled the balancing act. This week, a Hopkins dean ordered a university professor to take down a blog post criticizing the National Security Agency, which does business with the Applied Physics Laboratory. A lab employee had incorrectly claimed that the post linked to classified material. That led to an outcry from academics who questioned Hopkins? commitment to the free flow of ideas. Proponents of classified research at universities say it helps the national good, brings in much-needed dollars and opens doors for students to get jobs in highsecurity fields after graduation. But critics counter that teachers and students can?t tell anyone about the work, so it won?t bolster a curriculum vitae. And because the work can?t be openly evaluated, it?s tough to tell if it?s in the public good. ?It?s kind of a fundamental belief in American higher education that research is designed to be shared, it?s designed to be disseminated,? said Cary Nelson, an English professor at the University of Illinois? flagship campus and past president of the American Association of University Professors. ?When you start crossing a line and decide, ?Well, I?ll hide this and keep that secret,? the whole fabric begins to unravel. ?Academic freedom is so jealously guarded and vigorously pursued, the denial of it is a slippery slope,? Nelson said. Hopkins soon restored the post, and the dean apologized to the blogger, an outspoken assistant professor in the school?s Information Security Institute named Matthew Green. The episode shined a spotlight on classified efforts by universities, typically kept in the dark. Other schools work for different federal agencies, such as NASA or the Department of Homeland Security. The University of Maryland, Baltimore County, for example, has a cybersecurity focus and a partnership with the National Security Agency. Not all of their work is classified, nor is all of the work done under the partnerships with the Department of Defense. Many schools that do classified work, as Hopkins and the University of Maryland do, say all classified research must be conducted off campus, even if it?s only a short drive away. ?When classified research takes place, it occurs off-campus in order to make a clear distinction between research activity oncampus ? where, in support of academic freedom, there is an open environment with no restrictions on the dissemination of the results of our research ? and the sensitivity to needs of government and industry regarding certain topics that should not be in the open,? Mike Lurie, a spokesman for the University System of Maryland, wrote in an email. The system sets the classified-research policy for its member schools, including the University of Maryland. Other schools expressly forbid the research altogether, including ? at least for now ? George Washington University, where a policy states that ?classified research is not compatible with open communication of knowledge? and therefore, as a general rule, not accepted or performed. But this spring, George Washington approved a 10-year plan that allows the university to ?explore modifying? policies to ?allow some faculty and staff members to engage in classified research.? The plan also raises the possibility of building a specialized facility for the work on the university?s Science and Technology campus in Virginia. ?There is a lot of funding in this area, and we?re not competitive for that funding? said Leo Chalupa, vice president for research at George Washington. ?We?re here, five blocks from the White House, and we?re big in areas like cybersecurity and homeland security,? Chalupa said. ?I?m told by people in the field that, boy, if we had classified research, there?s so much more possibility to get funding and expand these areas.? It?s far from a done deal, Chalupa stressed, noting that administrators ?certainly are not going to do something like this without the buy-in from the faculty.? A federal-university partnership developed by President Franklin D. Roosevelt during World War II led to scientific breakthroughs ?critical to the war effort,? according to a 2012 publication by the National Research Council, including penicillin, jet propulsion, radar and the atomic bomb. Hopkins? Applied Physics Laboratory, established in 1942, was among the labs created in that effort. Its job was to improve ships? abilities to fend off air attacks, which it did by developing a ?proximity fuze? that boosted the effectiveness of anti-aircraft shells. ?Onthe basis of that successful collaboration, the government, Johns Hopkins, and APL made a commitment to continue their strategic relationship,? a statement on the lab?s website reads. In a statement, Johns Hopkins University spokesman Dennis O?Shea said the lab has been a ?vital division of the university? and that the school is proud of its ?accomplishments and contributions, from helping to win World War II to landing the first spacecraft on an asteroid to sending probes to Mercury and Pluto. ?In fact, just this week, APL played a key role in the determination that Voyager 1 is the first human artifact to enter interstellar space,? O?Shea said. On its website, the lab says it has about 5,000 employees, roughly 3,400 of them scientists or engineers, working on more than 600 programs primarily for the Departments of Defense and Homeland Security, NASA and National Security Agency affiliates. The 13 university-affiliated research centers, or UARCs, working with the Department of Defense ?operate in the public interest, and are subject to strict organizational and personal conflict-of-interest requirements,? Navy Cmdr. Amy DerrickFrost, a Department of Defense spokeswoman, said in a statement. Several of the partnerships, including one with the Center for Advanced Study of Language, located just off the University of Maryland?s College Park campus, came about after the attacks of Sept. 11, 2001, when defense funding ballooned and language proficiency became increasingly important. The UMD center, sponsored by the NSA, was founded in 2003 and ?is the first and only national resource dedicated to addressing the language needs of the Intelligence Community and the DoD,? Executive Director Amy Weinberg, a former professor, wrote in an emailed response to questions. The center also received unwanted attention this summer, after former NSA contract employee Edward Snowden, who grew up in Maryland, revealed the NSA?s massive telephone- and Internet-surveillance program. He worked as a security specialist at the center beginning in 2005. Officials there deflected questions about their work at the time. Weinberg did not respond to a question about how much funding the center had received. The 112 people on the research staff do both classified and unclassified research, she said, and their work has applicability in the everyday world. For example, CASL worked on ?adult language learning? that can be applied to education from kindergarten through college, she said. When forging partnerships, universities are preferable over business partners, largely because of their independence, Julie Ziegenhorn, a spokeswoman for U.S. Strategic Command, said in an email. STRATCOM, as it?s known, has since October 2012 sponsored a $2 million partnership with the University of Nebraska that focuses on combating weapons of mass destruction. ?As a long-term strategic partner focused on these missions without profit motive or conflict of interest, the UARC functions as an independent, trusted advisor and honest broker,? Ziegenhorn said. ?The UARC is answerable only to the government customer and has no vested interest in particular technologies or solutions. The UARC is also charged with educating scientists, engineers, and lawyers in relevant disciplines and to advocate government service as a career path.? Some university-affiliated research centers working with the Department of Defense do not do classified work. The Army-sponsored Institute for Creative Technologies at the University of Southern California does not do classified research but has brought in hundreds of millions of dollars since its founding in 1999, with a 2011 contract extension through next year worth $135 million. It combines ?Hollywood, gaming and artificial intelligence? techniques to ?transform traditional military instruction, health therapies? and more, according to a brochure on the institute. The lab has created virtual humans that can serve as training video characters, museum guides and practice patients. The Institute for Soldier Nanotechnologies at the Massachusetts Institute of Technology also is sponsored by the Army and does not perform classified research. The institute, founded in 2002, receives about $9.7 million from the Army each year for basic research. In an emailed statement, institute executive director William Peters said, ?The mission of the ISN is to help the U.S. Army dramatically improve soldier protection and survivability through basic research and nanotechnology.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Sep 14 08:30:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Sep 2013 09:30:53 -0400 Subject: [Infowarrior] - =?windows-1252?q?USG_Seeking_Inclusion_of_=91Soci?= =?windows-1252?q?al_and_Behavioral=92_Data_in_Health_Records?= Message-ID: <83ADF4A5-E024-4C9C-B158-1313F2461B8A@infowarrior.org> Government Seeking Inclusion of ?Social and Behavioral? Data in Health Records Experts worry about security, use of such information BY: Elizabeth Harrington Follow @GoliadGal September 13, 2013 3:30 pm http://freebeacon.com/government-seeking-inclusion-of-social-and-behavioral-in-health-records The Centers for Medicare and Medicaid Services (CMS) wants to require health care providers to include ?social and behavioral? data in Electronic Health Records (EHR) and to link patient?s records to public health departments, it was announced last week. Health care experts say the proposal raises additional privacy concerns over Americans? personal health information, on top of worries that the Obamacare ?data hub? could lead to abuse by bureaucrats and identify theft. The CMS currently covers 100 million people through Medicare, Medicaid, and the Children?s Hospital Insurance Program and is tasked with running Obamacare. According to a solicitation posted by the Department of Health and Human Services on Sept. 4, the CMS is commissioning the National Academy of Sciences to study how best to add social and behavioral factors to electronic health record reporting. The agency said adding social and behavioral data to patients? online records will improve health care. ?Increasing EHR adoption has the potential to improve health and health care quality,? the contract?s statement of work (SOW) reads. ?Parallel advances in analytic tools applied to such records are fueling new approaches to discovering determinants of population health.? The project sets out to identify ?core data standards for behavioral and social determinants of health to be included in EHRs.? Critics suggested this would create new bureaucracies and negatively impact health care. ?This sounds like an example of the federal government further intruding on the practice of medicine,? said Chris Jacobs, a senior policy analyst at the Heritage Foundation. ?It?s including more pay for performance requirements on physicians to collect all sorts of data in order to get government reimbursements,? he said. The 2009 American Recovery and Reinvestment Act gave authority to the CMS to pay hospitals and doctors that make the switch to electronic health records, to ?encourage widespread EHR adoption.? Health care professionals who began participating in the program in 2011 or 2012 can receive up to $44,000 for using EHRs for Medicare and $63,750 for Medicaid over 5 and 6 years, respectively. Though the program is ?totally voluntary,? eligible professionals who are not using EHRs by 2015 will see a 1 percent reduction in their Medicare and Medicaid fees each year. Jacobs says the government?s ?pay for conformance? culture in health care is ?telling doctors what they have to do and how they have to do it in order to receive government reimbursement.? The ?meaningful use? program already requires doctors and hospitals to report the demographics of a patient and if he smokes to qualify for its first step. The second stage, planned for 2014, will require recording a patient?s family health history. The National Academy of Sciences will make recommendations for adding social and behavioral data for stage three, which will be unveiled in 2016. A spokesman for the CMS told the Washington Free Beacon that the agency is in the early stages of crafting the requirements for this stage. ?While we know that they are considering [clinical quality measures], it would allow a greater variety of specialties and procedures to be included,? said Tony Salters, a spokesman for CMS. ?This includes items like behavioral health, dental care, drug, and alcohol use, etc.? The CMS issued a ?sole source? contract to the National Academy of Sciences because of ?its caliber and expertise in the medical profession,? they said. A spokeswoman for the National Academy of Sciences told the Free Beacon that the study began on July 15. Working with the Institute of Medicine, a committee is currently drafting suggestions for collecting social and behavioral data. The committee will ?identify core social and behavioral domains to be included in all EHRs,? the organization said. Not only will the committee come up with what behavioral data will be collected, they will also suggest how that data can be shared with public health departments. The contract orders the committee to identify, ?Possibilities for linking EHRs to public health departments, social service agencies, or other relevant non-health care organizations and case studies, if possible, of where this has been done and how issues of privacy have been addressed.? The committee will also look at the ?obstacles? to collecting social data for EHRs, and ?how these obstacles can be overcome.? Jacobs said the study is troubling in light of security issues with the Obamacare ?data hub,? which will collect Social Security numbers and personal information to verify participation in the health insurance marketplace, beginning on Oct. 1. ?We?ve already seen with the Obamacare data hub and the significant delays that have been associated with it,? he said. ?Government auditors have raised concerns about maintaining timelines and implementation and whether the data hub can be implemented in a secure manner that ensures Americans? medical and financial records aren?t at risk.? Others have warned that the database is vulnerable to abuse by the numerous government agencies involved, including the IRS, the Department of Homeland Security, state Medicaid databases, and the Social Security Administration. The potential for social and behavioral data to be shared with government agencies is only more worrisome, Jacobs said. ?This study raises additional questions about the privacy and security implications of the federal government sharing personal health data with other organizations and entities,? he said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Sep 14 12:05:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Sep 2013 13:05:57 -0400 Subject: [Infowarrior] - OSD fail. Message-ID: <08BD9A32-3047-4565-9D87-1B06D1A57A53@infowarrior.org> Not the fax, ma'am : DoD out of cash to buy new machine by Shawn Musgrave on Sept. 12, 2013, noon https://www.muckrock.com/news/archives/2013/sep/12/not-fax-maam-dod-out-cash-buy-new-machine/ Starting two weeks ago, requests faxed to the Office of the Secretary of Defense (OSD) started coming back as undeliverable. After several subsequent attempts and troubleshooting on our end, MuckRock reached out to the OSD. Sure enough, their fax machine is down... possibly until November. Now, in 2013, you wouldn't think this would be an issue. But when an agency accepts FOIA requests by a) fax, b) mail or c) a clunky online request portal that doesn't play nice with other systems, suddenly that fax machine becomes a technical linchpin. It bears repeating: The office that oversees the most powerful military in history (not to mention the best-funded) is unable to project when its single fax machine will once again be operational. The OSD's FOIA section chief confirmed the grim news yesterday, responding that his office "will likely need to procure (purchase) a new fax machine. However, that purchase will not occur until the start of the new fiscal year (at the earliest)." Given its budget of a mere $31.8 billion for maintenance and operations and last year's backlog of more than 1,000 overdue FOIA requests for the Secretary's office alone, we urge the Defense Department to move into the 21st century. (They might even look into Faxaway, an email-based service that MuckRock uses for all its fax needs. It even offers free incoming faxes.) FOIA is about facilitating the public's access to government information and documents. Every agency ought to make maximum effort to make FOIA as easy and straightforward as possible, from request submission to fulfillment. And when technical difficulties arise, agencies must adapt. For instance, when the FBI's digital copying capacity went offline last summer, its FOIA office printed responsive documents at no cost to requesters. We hope that OSD will follow suit and take this opportunity to make their FOIA process a more modern and efficient machine than an upgraded fax. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 15 09:09:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Sep 2013 10:09:39 -0400 Subject: [Infowarrior] - NSA Spies on International Payments Message-ID: <7DF5DBD6-CD93-4282-8585-F4C76E48F9E2@infowarrior.org> 09/15/2013 10:16 AM 'Follow the Money' NSA Spies on International Payments http://www.spiegel.de/international/world/spiegel-exclusive-nsa-spies-on-international-bank-transactions-a-922276.html The United States' NSA intelligence agency is interested in international payments processed by companies including Visa, SPIEGEL has learned. It has even set up its own financial database to track money flows through a "tailored access operations" division. The National Security Agency (NSA) widely monitors international payments, banking and credit card transactions, according to documents seen by SPIEGEL. The information from the American foreign intelligence agency, acquired by former NSA contractor and whistleblower Edward Snowden, show that the spying is conducted by a branch called "Follow the Money" (FTM). The collected information then flows into the NSA's own financial databank, called "Tracfin," which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions. Further NSA documents from 2010 show that the NSA also targets the transactions of customers of large credit card companies like VISA for surveillance. NSA analysts at an internal conference that year described in detail how they had apparently successfully searched through the US company's complex transaction network for tapping possibilities. Their aim was to gain access to transactions by VISA customers in Europe, the Middle East and Africa, according to one presentation. The goal was to "collect, parse and ingest transactional data for priority credit card associations, focusing on priority geographic regions." In response to a SPIEGEL inquiry, however, a VISA spokeswoman ruled out the possibility that data could be taken from company-run networks. The NSA's Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a "target," according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency's "tailored access operations" division. One of the ways the agency accessed the data included reading "SWIFT printer traffic from numerous banks," the documents show. But even intelligence agency employees are somewhat concerned about spying on the world finance system, according to one document from the UK's intelligence agency GCHQ concerning the legal perspectives on "financial data" and the agency's own cooperations with the NSA in this area. The collection, storage and sharing of politically sensitive data is a deep invasion of privacy, and involved "bulk data" full of "rich personal information," much of which "is not about our targets," the document says. SPIEGEL/kla URL: ? http://www.spiegel.de/international/world/spiegel-exclusive-nsa-spies-on-international-bank-transactions-a-922276.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 15 09:24:15 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Sep 2013 10:24:15 -0400 Subject: [Infowarrior] - The problem with Wall Street greed 5 years after the crash Message-ID: The problem with Wall Street greed 5 years after the crash By: Heesun Wee CNBC.com | Friday, 13 Sep 2013 | 11:07 AM ET http://www.cnbc.com/101022751 Amid the pious thinking about lessons learned after the great financial crisis five years ago, it's worth returning to the fork in the road, when Wall Street's fortunes began to separate from Main Street's prospects. Beginning in the 1980s, investment banks got into the business of trading for their own accounts. "The ethical problems came when proprietary trading began to overshadow customer services," Michael Santoro, professor of business ethics at Rutgers University, wrote in his book, "Wall Street Values." Greedy Wall Street behavior?as captured by Michael Douglas's Gordon Gekko in "Wall Street"?benefited the rest of us, to a certain extent. "When you're serving clients, greed can work," Santoro said. "If your profit is based on the prosperity of the client, what's good for your client is good for society." But in the new financial world order, Wall Street greed is about just that?Wall Street's interests. "The problem on Wall Street today is greed is no longer working for everyone else because the interest of Wall Street is separated from the interest of the rest of society," Santoro said. Some ethics experts and Wall Street watchers argue that the seeds of another catastrophic meltdown or massive taxpayer-funded bailout don't lie in bank capital requirements or regulations. It's about ethics. Values. "At great cost, we learned that greed, unless tempered by good values, does not 'work' from a social perspective," according to Santoro. Where are the 'perp' walks? Plus, it's hard to believe Wall Street has reformed, when five years after Lehman's bankruptcy filing on Sept. 15, 2008, we still have no major "perp walk." Not a single senior executive from any Wall Street bank has faced criminal charges from the crisis. The absence of such prosecution has fueled feelings of unfairness. Just asked Sherron Watkins. She's the former Enron whistleblower who warned that the energy trader might implode in an accounting scandal. She's now a public speaker. "As I speak across the globe and reveal the two dozen felons from Enron with 12 doing prison time, the number one question is, 'Why no indictments, prosecution of the Wall Street scandals?' " Watkins said. "There is a palatable sense of injustice." Most Americans, meanwhile, are struggling. And it's this Main Street-Wall Street disconnect that's fueled disillusionment among pockets of Americans. There's diminished hope that the next generation will have it better, said Harvey Rosenblum, research director at the Federal Reserve Bank of Dallas. Separate research from the Fraser Institute shows U.S. economic freedom plummeting. Talk of ethics and economic freedom sounds like academic fluff. But as any economist will tell you, individual perceptions about the economy, perceived opportunity and whether you can get a fair shake do influence consumer consumption and economic output. Many eyes, meanwhile, are on the Department of Justice and Securities and Exchange Commission. "Wall Street is a high crime area and has been on a crime spree for years," said Dennis Kelleher, president and CEO of Better Markets, a nonprofit devoted to promoting public interest in the financial markets. "That has been enabled by the double standard of justice where Wall Street's too-big-to-fail banks and executives have been too-big-to-jail or even prosecute," Kelleher said in a statement. What the crisis and aftermath is costing Americans While bank profits have recovered nicely since the crisis, most Americans are wading through a feeble recovery. In recent analysis on the costs and consequences of the 2007-09 financial meltdown, the Dallas Fed estimates an American household would have earned $50,000 to $120,000 if it weren't for the crisis, followed by the Great Recession?the worst U.S. decline since the 1930s. The crisis has also dented Americans' hope in the future. For the first time since the Conference Board began surveying consumers in 1967, more respondents expect income to drop, the Dallas Fed's Rosenblum notes. Wall Street, meanwhile, has gotten rich. Prior to the 1990s, financial firms profits averaged about 1.2 percent of GDP, notes author Roger Lowenstein in his book "The End of Wall Street." By 2005, those profits tripled to 3.3 percent. But wealth figures and data only tell part of the story. Our belief in the U.S. capitalist, economic machine has declined. America's ranking on an economic freedom index plunged to 18th place after having ranked third for decades, according to a 2012 report from the Fraser Institute and other co-publishers. The index measures the degree to which the policies and institutions of countries foster economic freedom. America now has a lower economic freedom rating than it did during the 1970s. Where are the prosecutions? The decline in economic freedom comes as the government has failed to hold key risk takers accountable, some experts say. "The government has been inept in understanding the underlying facts, and bringing in effective cases and prosecutions," said Santoro. For example, the Abacus deal and Fabrice Tourre?the former Goldman Sachs trader, found liable of misleading investors?weren't particularly unique. "Not only was it not unusual for Goldman Sachs, but it was not unusual for the financial industry at the time," Santoro said. William Black, an expert in white collar crime, antitrust and economics, has also called attention to the government's inability to convict wrongdoers related to the housing bubble. Black, associate professor of economics and law at the University of Missouri at Kansas City, has noted the government's failure to act, when the FBI had been warned of an "epidemic" of mortgage fraud in 2004?four years before the Lehman's implosion and the ensuing meltdown. He has testified before the House and Senate on the failure to prosecute. "I could reprise the same testimony and just change the date" to today, he said. U.S. prosecutors earlier last month filed criminal charges against two ex-JPMorgan traders for allegedly falsifying records to cover up trading losses. (Another former JPMorgan trader known as the "London Whale" was not prosecuted, as he made a non-prosecution deal with the DOJ, sources told CNBC's Kate Kelly.) The SEC's website does cite161 entities and individuals, charged for misconduct that arose from the crisis. But as Kelleher of the nonprofit Better Markets noted, "While the Feds are making a big splash by arresting the 'London Whale' minnows, there will be no justice until the whales in the executive office are charged." Kelleher previously worked at the international law firm of Skadden, Arps, Slate, Meagher & Flom, and attended Harvard Law School. The moral hazard When the dust settles on the financial crisis and its perfect storm of causes?regulatory failures, excessive compensation, risky behavior and bad judgment?it may boil down to a crisis in ethics. And if individual consumers ultimately can't trust institutions and the economic system, the potential ripple effects are eerie. Said Steven Currall, an ethics expert and dean at the University of California Davis Graduate School of Management, "This must exert a chilling effect on people's willingness to invest in equities." And beyond. Ironically, some consumers are returning to adjustable rate mortgages as rates rise. Ultimately it may not be enough to have a rule of law. "We also need a culture and ethics of fair dealing and honesty," said Santoro of Rutgers. "When that breaks down, it's not good for the financial markets and it's not good for the economy," he said. "The link has been broken between Wall Street profits and prosperity on Main Street." ?By CNBC's Heesun Wee. Follow her on Twitter @heesunwee ? 2013 CNBC.com URL: http://www.cnbc.com/101022751 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 15 15:56:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Sep 2013 16:56:25 -0400 Subject: [Infowarrior] - OT: thank heavens....Larry Summers withdraws name from Fed consideration Message-ID: Larry Summers withdraws name from Fed consideration By Zachary A. Goldfarb http://www.washingtonpost.com/business/economy/larry-summers-withdraws-name-from-fed-consideration/2013/09/15/7565c888-1e44-11e3-94a2-6c66b668ea55_print.html Former White House economic adviser and Treasury secretary Lawrence H. Summers has withdrawn his name as a candidate for Federal Reserve chairman, a person familiar with the matter said Sunday. President Obama had been strongly considering naming Summers to the post after their long experience fighting the financial crisis and recession. The decision may mean that another top candidate, current Federal Reserve vice chairman Janet Yellen, will get the job, or another candidate. In a letter dated Sunday to the president, Summers wrote that he was withdrawing his name. ?It has been a privilege to work with you since the beginning of your Administration as you led the nation through a severe recession into a sustained economic recovery,? he wrote. ?This is a complex moment in our national life. I have reluctantly concluded that any possible confirmation process for me would be acrimonious and would not serve the interest of the Federal Reserve, the Administration, or ultimately, the interests of the nation?s ongoing economic recovery.? Summers faced an uproar of Democratic opposition over the past few weeks as his name circulated as Obama?s top pick, including multiple prominent defections in the past few days. Obama defended Summers against critique but said he was considering a range of candidates and would decide this fall. Obama has also suggested that former Federal Reserve vice chairman Donald Kohn would be a candidate. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 15 16:35:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Sep 2013 17:35:04 -0400 Subject: [Infowarrior] - At What Point Will The Next Generation Kill The Copyright Monopoly Altogether? Message-ID: <72EF994B-B022-4B9C-BD6B-456CE801C729@infowarrior.org> At What Point Will The Next Generation Kill The Copyright Monopoly Altogether? ? Rick Falkvinge ? September 15, 2013 http://torrentfreak.com/kill-the-copyright-monopoly-altogether-130915/ For teenagers today, the copyright monopoly is something that the establishment uses to punish them for enjoying culture and science, to censor their protests and voices, and to prevent their art from reaching an audience. As these people grow older and come into policymaking positions, at what point will they just kill the monopoly altogether? Before the Internet, and in particular before the compact cassette, the copyright monopoly was something that only concerned hotshot lawyers at the biggest possible publishing houses. Before the ordinary person had the ability to record anything, the barrier to entry to disseminate culture and knowledge was too high for everybody and their brother to contribute to culture. Let?s take a look at what happened when the compact cassette arrived. It was sort of an analog removable hard drive with music, that you plugged into an analog music player ? the new thing at the time being that you could also write to it. Cassette players popped up everywhere, in particular in a form called ghettoblasters, where you?d carry a rather large box with loudspeakers and two cassette slots around, not to mention quite a few batteries. Note that I wrote two cassette slots. All of these players also advertised how good they were at copying cassette tapes. You?d pop in the source tape, put a blank tape in the recording slot, and hit a gigantic button named ?copy?. This was a feature that was heavily advertised ? the better the blasters were at copying, the more music its owner would be able to collect. The record industry at the time went absolutely ballistic, and said ?home taping is killing music? in a largely ridiculed campaign. The bands at the time gave them the finger and printed that logo with the text ?home taping is killing record industry profits? instead, adding ?we left the reverse side [of the tape] blank, so you can help?. Nevertheless, this was the start of the war against ordinary people copying, something that has only escalated to ridiculous levels today. (Can you imagine a two-slot DVD player being sold today that would have a huge red button marked COPY on it?) Today, people?s homes are raided at dawn by police with drawn weapons for listening to music and watching movies from unauthorized sources. (Imagine punishing somebody for listening to the old-style radio because the radio station didn?t have a proper spectrum license? How would they know?) Activists? voices are being silenced using the copyright monopoly as a censorship mechanism. Secondary and tertiary liability is introduced using extortionate methods, further removing any rights to due process for mere freedom of speech. All while people in general share knowledge and culture as they have always done. Entrepreneurs are even fined for playing their own music, as in music they wrote and played themselves, in their own caf?s and shops ? because the copyright monopoly construct demands fees to the collecting societies when somebody plays music. All in all, the copyright monopoly construct has turned from something arcane that people didn?t care about into a downright oppressive and abusive construct that affects everybody in a way they strongly disapprove of. Laws must have the consent of the governed to be respected; the copyright monopoly today enjoys considerably less respect than speed limits, and that?s in a country where speeding is considered a national sport. (This doesn?t mean that speed limits would be abolished by the next-generation politicians, but that?s primarily because the police don?t raid your home at dawn and confiscate all your phones, computers, photos, work, and conversations if you?re suspected of planning to drive above the speed limit.) This is not going to hold. The next generation, the teenagers today who have grown up in this abusive environment, will kill this monopoly construct the first chance they get. And they will do so to positively thunderous applause among their peers. I?ve chosen to position myself halfway on the Overton window in a position that allows the ideas I present to appear as radical, yet possible, as presented in The Case For Copyright Reform. In this way, I have set out to eliminate the worst abuses of the monopoly, solving 95% of the problems by going 75% of the way. Reducing the monopoly to cover commercial activity only, reducing the terms, making DRM illegal, and a few more things would go a long way. Otherwise, when today?s teenagers have grown up enough to be pulling the strings, do you really believe they?ll buy the fairytale stories of how the monopoly construct that all of them saw as plainly abusive, oppressive, and extortionate is needed ?for the artists to get paid?? When all they saw ? when all everybody saw ? was a monopoly construct that silenced artists, silenced challenges to the establishment?s status quo, killed technological innovation, and made sure that rich multinational corporations could buy the power they wanted? There?s not a chance they?ll buy the fairytale stories from the copyright industry. They?ll all remember their own firsthand experiences. And they?ll kill the monopoly entirely, to thunderous applause. A radical copyright monopoly reform is the last chance for the copyright monopoly to survive at all. It needs to be reformed to a level where it?s not grossly and repulsively abusive, and that needs to happen yesterday. If that reform doesn?t happen, the monopoly construct will be killed altogether, and sooner than we think. If you doubt it, look at the SOPA and ACTA protests of yesteryear. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 15 17:43:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Sep 2013 18:43:51 -0400 Subject: [Infowarrior] - Just how connected do you want to be? Message-ID: <251A8B95-5A15-4A08-822C-A379934F82D8@infowarrior.org> Just how connected do you want to be? http://gigaom.com/2013/09/15/just-how-connected-do-you-want-to-be/ (Vidya Narayanan is an engineer at Google.) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 15 20:51:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Sep 2013 21:51:10 -0400 Subject: [Infowarrior] - Ray Gun Fries Electronics, Disables Car Bombs Message-ID: <355CCDC7-9F57-4CAC-99BA-C9C713E56F7F@infowarrior.org> Ray Gun Fries Electronics, Disables Car Bombs Sep 14, 2013 09:56 AM ET // by Jesse Emspak http://news.discovery.com/tech/gear-and-gadgets/gun-fries-electronics-disables-car-bombs-130914.htm On Wednesday, two suicide bombers drove their explosives-filled cars into military targets in Egypt, killing at least nine soldiers and wounding 17 people. In effort to prevent such attacks on their member countries, NATO has developed a ray gun-like weapon capable of stopping suspected suicide bombers? vehicle before they reach their designated targets. Built by Diehl Defence, the nonlethal gun emits a beam of microwave energy that causes voltage spikes in electronic devices, essentially frying the circuits within. Since electronics are essential for a car engine to run, the beam immediately shuts down an approaching and potentially dangerous vehicle. NATO researchers recently released a video of the beam stopping an approaching car at a simulated military checkpoint. By mounting the beam-shooting device in the back of a vehicle, tests showed the system is capable of disabling a car that approaches from the rear. The device can even remotely deactivate a bomb by jamming radio signals and it could be used at sea to disable pirate ships and to shut down drones. Details of how it works are still kept under wraps, but the physics are known. The trick is designing a beam generator with enough energy and then directing that energy toward a specific location. How to do that has eluded scientists for years. And although the weapons bears no resemblance to an actual sci-fi ray gun (it looks like a trio of blenders in a large cupboard) if it stops suicide bombers, no one is going to get hung up on the aesthetics. Nic Halverson contributed to this article. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 16 07:06:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Sep 2013 08:06:21 -0400 Subject: [Infowarrior] - The Banality of Systemic Evil Message-ID: Interesting read on Gen Y's "moral compass" viz-a-viz Manning/Snowden disclosures. I also forgot about Jackall's book 'Moral Mazes' which I need to re-read, too. --- rick The Banality of Systemic Evil http://opinionator.blogs.nytimes.com/2013/09/15/the-banality-of-systemic-evil/ Peter Ludlow is a professor of philosophy at Northwestern University and writes frequently on digital culture, hacktivism and the surveillance state. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 16 13:58:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Sep 2013 14:58:59 -0400 Subject: [Infowarrior] - Inside the Pentagon's Trillion Dollar F-35 Embarrassment Message-ID: Inside the Pentagon's Trillion Dollar F-35 Embarrassment http://www.vanityfair.com/politics/2013/09/joint-strike-fighter-lockheed-martin Though the best (saddest) quote is: "The only military mission these planes can execute is a kamikaze one." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 17 07:27:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Sep 2013 08:27:51 -0400 Subject: [Infowarrior] - Brazil looks to break from US-centric Internet Message-ID: <63542244-40A6-40A2-AE0B-9C45C8AC2F93@infowarrior.org> Sep 17, 12:06 AM EDT Brazil looks to break from US-centric Internet By BRADLEY BROOKS and FRANK BAJAK Associated Press http://hosted.ap.org/dynamic/stories/L/LT_BRAZIL_INTERNET_SOVEREIGNTY?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2013-09-17-00-06-15 RIO DE JANEIRO (AP) -- Brazil plans to divorce itself from the U.S.-centric Internet over Washington's widespread online spying, a move that many experts fear will be a potentially dangerous first step toward politically fracturing a global network built with minimal interference by governments. President Dilma Rousseff has ordered a series of measures aimed at greater Brazilian online independence and security following revelations that the U.S. National Security Agency intercepted her communications, hacked into the state-owned Petrobras oil company's network and spied on Brazilians who entrusted their personal data to U.S. tech companies such as Facebook and Google. Internet security and policy experts say her government's reaction to information leaked by former NSA contractor Edward Snowden is understandable, but warn it could set the Internet on a course of Balkanization. "The global backlash is only beginning and will get far more severe in coming months," said Sascha Meinrath, director of the Open Technology Institute at the Washington-based New America Foundation think tank. "This notion of national privacy sovereignty is going to be an increasingly salient issue around the globe." While Brazil isn't proposing to bar its citizens from U.S.-based Web services, it wants their data to be stored locally as the nation assumes greater control over Brazilians' Internet use to protect them from NSA snooping. The danger of mandating that kind of geographic isolation, Meinrath said, is that it could render inoperable popular software applications and services and endanger the Internet's open, interconnected structure. The effort by Latin America's biggest economy to digitally isolate itself from U.S. spying not only could be costly and difficult, it could encourage repressive governments to seek greater technical control over the Internet to crush free expression at home, experts say. In December, countries advocating greater "cyber-sovereignty" pushed for such control at an International Telecommunications Union meeting in Dubai, with Western democracies led by the United States and the European Union in opposition. U.S. digital security expert Bruce Schneier says that while Brazil's response is a rational reaction to NSA spying, it is likely to embolden "some of the worst countries out there to seek more control over their citizens' Internet. That's Russia, China, Iran and Syria. That's Tunisia. That's Egypt." Rousseff says she intends to push for new international rules on privacy and security in hardware and software during the U.N. General Assembly meeting later this month. Among Snowden revelations: the NSA has created backdoors in software and Web-based services. Brazil is now pushing more aggressively than any other nation to end U.S. commercial hegemony on the Internet. More than 80 percent of online search, for example, is controlled by U.S.-based companies. Most of Brazil's global Internet traffic passes through the United States, so Rousseff's government plans to lay underwater fiber optic cable directly to Europe and also link to all South American nations to create what it hopes will be a network free of U.S. eavesdropping. More communications integrity protection is expected when Telebras, the state-run telecom company, works with partners to oversee the launch in 2016 of Brazil's first communications satellite, for military and public Internet traffic. Brazil's military currently relies on a satellite run by Embratel, which Mexican billionaire Carlos Slim controls. Rousseff is urging Brazil's Congress to compel Facebook, Google and other U.S. companies to store all data generated by Brazilians on servers physically located inside Brazil in order to shield it from the NSA. If that happens, and other nations follow suit, Silicon Valley's bottom line could be hit by lost business and higher operating costs: Brazilians are among the most voracious consumers of social media, ranking No. 3 on Facebook and No. 2 on Twitter and YouTube. An August study by a respected U.S. technology policy nonprofit estimated the fallout from the NSA spying scandal could cost the U.S. cloud computing industry, which stores data remotely to give users easy access from any device, as much as $35 billion by 2016 in lost business. Brazil also plans to build more Internet exchange points, places where vast amounts of data are relayed, in order to route Brazilians' traffic away from potential interception. And its postal service plans by next year to create an encrypted email service that could serve as an alternative to Gmail and Yahoo!, which according to Snowden-leaked documents are among U.S. tech giants that have collaborated closely with the NSA. "Brazil intends to increase its independent Internet connections with other countries," Rousseff's office said in an emailed response to questions from The Associated Press on its plans. It cited a "common understanding" between Brazil and the European Union on data privacy, and said "negotiations are underway in South America for the deployment of land connections between all nations." It said Brazil plans to boost investment in home-grown technology and buy only software and hardware that meet government data privacy specifications. While the plans' technical details are pending, experts say they will be costly for Brazil and ultimately can be circumvented. Just as people in China and Iran defeat government censors with tools such as "proxy servers," so could Brazilians bypass their government's controls. International spies, not just from the United States, also will adjust, experts said. Laying cable to Europe won't make Brazil safer, they say. The NSA has reportedly tapped into undersea telecoms cables for decades. Meinrath and others argue that what's needed instead are strong international laws that hold nations accountable for guaranteeing online privacy. "There's nothing viable that Brazil can really do to protect its citizenry without changing what the U.S. is doing," he said. Matthew Green, a Johns Hopkins computer security expert, said Brazil won't protect itself from intrusion by isolating itself digitally. It will also be discouraging technological innovation, he said, by encouraging the entire nation to use a state-sponsored encrypted email service. "It's sort of like a Soviet socialism of computing," he said, adding that the U.S. "free-for-all model works better." --- Associated Press writer Bradley Brooks reported this story in Rio de Janeiro and Frank Bajak reported from Lima, Peru. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 17 09:00:16 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Sep 2013 10:00:16 -0400 Subject: [Infowarrior] - Academics criticise NSA and GCHQ for weakening online encryption Message-ID: <16419C6B-6332-4526-ABD0-69525BCEB5F1@infowarrior.org> Academics criticise NSA and GCHQ for weakening online encryption Spies undermining security to listen in to enemy traffic also weakens security for all of us, say university researchers ? Charles Arthur ? The Guardian, Monday 16 September 2013 16.54 EDT http://www.theguardian.com/technology/2013/sep/16/nsa-gchq-undermine-internet-security US and UK security agencies' attempts to weaken encryption of online communications such as emails and social media are "shocking" and could work against the public interest by weakening critical infrastructure, a team of UK academics specialising in cryptography has warned. The group of 10 researchers at Bristol University warn that "by weakening all our security so that they can listen in to the communications of our enemies, [the agencies] also weaken our security against our potential enemies". The researchers, all specialists in cryptography, come from a number of universities and comment in an open letter on the revelations published by the Guardian, New York Times and ProPublica based on information from documents provided by Edward Snowden. These showed years-long efforts by the US National Security Agency (NSA) and Britain's GCHQ spy agency to weaken encryption systems so that they could tap emails and internet communications. There is also suspicion that the NSA has undermined the strength of encryption protocols developed by NIST, the US National Institute for Standards and Technology. Professor Ross Anderson, a security researcher at Cambridge University who is not one of the signatories, said that the publication had shocked some in academia who had thought that their work on encryption was of no interest to security services. "Ten days ago when the Guardian published its revelations about the NSA's skullduggery, it was a wake-up call for a lot of people. It's very, very creditable that Bristol's people have signed this letter," he told the Guardian. "This has been a 9/11 moment for the community, and it's great that some people are beginning to wake up." Last week NIST took the unusual ? and unprecedented ? step of "strongly" recommending against the use of one of its own encryption standards "pending the resolution of the security concerns" that had been raised by the publication. The UK researchers called on "relevant parties" ? which would include GCHQ ? "to reveal what systems have been weakened so that they can be repaired, and to create a proper system of oversight". The biggest risk, they imply, is that civilian systems and infrastructure ? perhaps including physical systems such as the power grid ? could become vulnerable to attack by state-sponsored hackers who are capable of exploiting the same "backdoors" in software that have been planted there by the western agencies. "In the modern age we all need to have complete trust in the basic infrastructure that we all use," note the researchers. The US and UK have already demonstrated that they can attack computer systems needed for physical infrastructure through their work on the Stuxnet virus, which took control of centrifuges used in Iran's nuclear refinement plant to make them run out of control. That is reckoned to have put Iran's plan to build an atomic bomb many months behind schedule. But variants of Stuxnet have been spotted being used to try to attack other physical infrastructure in other countries. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 17 13:21:37 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Sep 2013 14:21:37 -0400 Subject: [Infowarrior] - =?windows-1252?q?FTC_to_examine_=91sponsored_cont?= =?windows-1252?q?ent=92_online_advertising?= Message-ID: <83FBEB34-31C5-4456-886B-520B5C4F6E55@infowarrior.org> FTC to examine ?sponsored content? online advertising By Kate Tummarello - 09/16/13 02:47 PM ET http://thehill.com/blogs/hillicon-valley/technology/322471-ftc-to-examine-sponsored-content-online The Federal Trade Commission will examine the growing field of ?sponsored content? in digital media, the organization announced Monday. The agency will hold a workshop in December on the ads, which look similar to stories posted on news and social websites and have become increasingly common as media look for new ways to make money. The FTC, which has the authority to bring charges against companies that deceive consumers, now has nonbinding guidelines on the use of the sponsored content ads. The workshop could be a first step toward expanding or strengthening them. ?Increasingly, advertisements that more closely resemble the content in which they are embedded are replacing banner advertisements ? graphical images that typically are rectangular in shape ? on publishers? websites and mobile applications,? the FTC said Monday. ?The workshop will bring together publishing and advertising industry representatives, consumer advocates, academics, and government regulators to explore changes in how paid messages are presented to consumers and consumers? recognition and understanding of these messages.? In advance of the Dec. 4 workshop at the agency?s New Jersey Avenue satellite building in Northwest D.C., the FTC asked stakeholders to consider how ads are presented alongside non-sponsored content in the desktop and mobile environments. It also asked stakeholders which entities control those presentations, how consumers understand the differentiation between sponsored and non-sponsored content and what can be done to effectively differentiate between the two. Concerns about how advertising in news and social media is made distinct from other content are not new. Whether it?s deceptive infomercials or native advertising, ?it?s all part of the same discussion: Is the distinction between regular content and advertising clear to consumers?? Lesley Fair, senior attorney at the FTC?s Bureau of Consumer Protection, said in agency blog post on Monday. John Simpson, director of Consumer Watchdog?s Privacy Project, said the workshop is likely the first step toward an agency report. In March of this year, the FTC released its updated DotCom Disclosures, which explained that ?clear and conspicuous? disclosures must accompany online ads, regardless of platform, to avoid violating commission standards. In the report, the agency suggested adding the word ?Ad? to a tweet to indicate that it is an advertisement. Simpson said it ?seems likely? that the agency will update its guidelines based on what it learns through the workshop. A representative of the trade group that represents online advertisers welcomed the FTC?s move. The workshop will provide the online advertising industry with ?a great opportunity to raise the awareness level of key Washington decision makers about this evolving format,? Interactive Advertising Bureau Senior Vice President Mike Zaneis said. ?The FTC has provided previous examples of ways to provide consumer notice in a variety of native advertising categories ... and we look forward to working with the Commission to further educate industry on best practices,? Zaneis said. Read more: http://thehill.com/blogs/hillicon-valley/technology/322471-ftc-to-examine-sponsored-content-online#ixzz2fAwh0Jhh Follow us: @thehill on Twitter | TheHill on Facebook --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 17 14:10:06 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Sep 2013 15:10:06 -0400 Subject: [Infowarrior] - Helping to break the code of finance Message-ID: Helping to break the code of finance Posted by Suzanne McGee Tuesday 17 September 2013 It's time to cut through the jargon and deluge of data and demystify finance for laypeople and professionals alike http://www.theguardian.com/money/us-money-blog/2013/sep/17/helping-break-financial-code It's unlikely that Albert Einstein was thinking about the worlds of personal finance and investing when he came up with one of his most frequently-cited bon mots. When he coined the phrase, "If you can't explain it simply, you don't understand it well enough," he wanted to describe scientists' inability to convey the essence of their ideas to laypeople successfully ? but it always reminds me of why I've been a financial journalist for the best part of a quarter century. Smart beta. Portable alpha. Leveraged ETFs. The efficient market hypothesis. I could go on and on; the jargon that the average financial citizen has to wade his or her way through these days makes a walk through a minefield look like a pleasant afternoon's jaunt. And the consequences of getting it wrong can be catastrophic for our goals: saving enough for retirement. Paying off debt. Putting kids through school. Buying a house. Having a better life. Just ask those everyday investors who were caught up in the auction-rate securities debacle when the financial crisis hit in 2008. The brokers who pitched these products to their clients, the SEC later noted, kind of "forgot" to emphasize their risks, which included the fact that clients might lose the ability to sell in the event of a credit crunch like we witnessed in 2008. The result? While some banks eventually ? and reluctantly ? bailed out their clients by buying back the securities, for a while investors had paper losses of 100%. At the time, it would have looked as if they lost every penny they had ever put in. Only a minority of those who write about personal finance will be investigative reporters, digging into topics such as the allegations that Merrill Lynch and other institutions manipulated that auction-rate securities market. But too often, those investigations take place only after the fact. That may give you a sense of "closure", I suppose, but it's not going to help your portfolio recover from the hit it just took. What a financial journalist can do is draw attention to corners of the market that are particularly complex: the targets of a lot of marketing on the part of financial institutions that develop investment products, or those that appear to be the focus of irrational exuberance or undue apathy. Ideally, what we choose to write about will help you cut through the jargon, and help you think critically, just the best financial professionals do. The hope is that you can soon pose tough questions of your own to anyone who suggests that Financial Product A or Stock B is a one-stop solution to your investment needs. What none of us can or should do is to suggest that a given stock, investment strategy, product or idea is the right thing to do at any given time. So if you're looking for a list of "Five Stocks to Own This Winter!", you might want to move along in your quest for a pundit's quick advice. Is that kind of general advice still needed in this day and age, when we all have access to so much information? Absolutely: after all, as Albert Einstein reminded us, "information is not knowledge." A few years ago, I was asked to teach a group of creative professionals working for a company that I won't name, in a midwestern city, about how the financial services industry worked. In the three hours that I spent talking to about the 50 or so people who showed up, we didn't get very far, in large part because I spent the bulk of the time explaining the difference between a stock and a bond; how a mutual fund worked; what the data on their 401k statements meant; and the meaning of Morningstar's style boxes. (In case you're not familiar with these, they give you a way to identify a mutual fund's focus by telling you whether its managers buy small or large-cap stocks, and whether their portfolios tend to have a bias in favor of value or growth.) These individuals were quite capable of doing household repairs, changing a car tire, installing a complicated electronics system or managing a neighborhood event. They had instant access to all kinds of information that only two decades ago was hard to come by. (One of my first jobs as a reporter for the Wall Street Journal included the tedious job of filling out earnings tables every quarter for the companies that I covered; these little tables once occupied several pages every day during earnings season, and have long since vanished.) What they didn't have was someone they could turn to and ask what financial information means. Is it significant that Twitter is coming to market via the "secret IPO" process; should I care that LinkedIn's stock trades at 674 times trailing 12-month earnings ? and what does "trailing 12 month earnings" mean, anyway? It isn't just the ordinary investors who are being deluged with information and who are finding themselves with few resources to try and make sense of that data. For instance, you might imagine that you're affluent enough to have a managed an account at a major wealth management firm, you're likely to know what it is. Not so, the former head of one of those divisions tells me: research at that person's firm revealed that 84% of survey respondents didn't know what it was that they owned or why it was good for them. "The problem is that we have an industry that is communicating in code," this former private banker told me. It's time to break the code. ? Suzanne McGee is a new columnist for the Guardian and will be writing twice a week for Money US. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 17 20:07:10 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Sep 2013 21:07:10 -0400 Subject: [Infowarrior] - FISA court releases opinion upholding NSA phone program Message-ID: <323CEBDA-1B53-4C74-B5DA-692371C96B5D@infowarrior.org> FISA court releases opinion upholding NSA phone program By Ellen Nakashima http://www.washingtonpost.com/world/national-security/fisa-court-releases-opinion-upholding-nsa-phone-program/2013/09/17/66660718-1fd3-11e3-b7d1-7153ad47b549_print.html A federal surveillance court on Tuesday released a declassified opinion upholding the constitutionality of the National Security Agency?s sweeping collection of billions of Americans? phone records for counterterrorism purposes. The gathering of ?all call detail records? from phone companies is justified as long as the government can show that it is relevant to an authorized investigation into known ? and, significantly ? unknown terrorists who may be in the United States, the Aug. 29 opinion states. Moreover, the government need only show that there are ?reasonable grounds to believe? the records will be relevant to the investigation, a lower burden than required in ordinary criminal investigations. That is justified because the goal is to prevent a terrorist attack, not solve a crime that has already taken place, the court said, affirming the government?s position. Taken together, the argument is a bold assertion of authority that critics say is not justified by the Foreign Intelligence Surveillance Act (FISA) or the Constitution. Some elements of the court?s reasoning had been discussed in an earlier Justice Department white paper released by the government, but the concept of the ?unknown? terrorist and the argument for the lower burden had not been explicitly linked to the program. The 29-page opinion signed by Claire V. Eagan, a judge on the secretive Foreign Intelligence Surveillance Court (FISC), is the first to be released that addresses the constitutionality of the NSA?s ?bulk records? collection of phone data. It is an attempt to address growing criticism about the broad surveillance since its existence was disclosed in June in a document leaked to the Guardian, a British newspaper, by former NSA contractor Edward Snowden. The program was authorized by the court in 2006 under Section 215 of the Patriot Act, but that was not known until June. In the program, the NSA gathers records of phone calls and their time and duration, but not subscriber names or call content. The opinion was released at Eagan?s will, Justice Department officials said, not at the request of the government or in response to lawsuits from civil liberties groups. Eagan, appointed to the federal bench in Oklahoma by President George W. Bush, is a fairly new member of the FISC. A senior Justice Department official said that it is not a substitute for the release of other lengthier, significant opinions relating to the surveillance program. Privacy advocates reacted with dismay upon reading the ruling. ?This isn?t a judicial opinion in the conventional sense,? said Jameel Jaffer, American Civil Liberties Union deputy legal director. ?It?s a document that appears to have been cobbled together over the last few weeks in an effort to justify a decision that was made seven years ago. I don?t know of any precedent for that, and it raises a lot of questions.? Jaffer added that the opinion was ?completely unpersuasive? as a defense of the call-records program. The constitutional analysis fails to mention the landmark United States v. Jones privacy case decided by the Supreme Court last year, which suggested a warrant was necessary for long-term tracking of GPS data, he said. And Eagan?s analysis of the statute overemphasizes some terms while ignoring others, he said. ?On the whole, the opinion only confirms the folly of entrusting privacy rights to a court that hears argument only from the government,? said Jaffer, referring to the fact that there is no adversary in the classified proceedings. Eagan?s ruling endorsed the government's argument that the broad collection was necessary to find unknown terrorist operatives who may be in the United States ?because it is impossible to know where in the data the connections to international terrorist organizations will be found.? The senior Justice Department official said the ?unknown? language was important. ?If you know who all the people were, you would just ask [the phone companies] for those numbers,? he said. ?So that?s why you need all those numbers. .?.?. The bottom line is this: You have to have this larger body of data to find the needles in the haystack.? The ruling also reaffirmed the government?s contention, upheld by the Supreme Court in 1979, that Americans have no reasonable expectation of privacy in records of their calls held by phone companies, and a warrant to collect them is not required. A warrant would be required to wiretap the calls. Eagan asserted that to date, no company has challenged the legality of an order. She also stated that Congress essentially ratified the program when it reauthorized the statute without change in 2010 and 2011, because it had access to information on the statute?s application to the phone program. Kurt Opsahl, senior staff attorney at Electronic Frontier Foundation, disagreed. ?The outrage of many Congress members? upon hearing about the program?s scope ?shows this is not true. We should not have the legal basis of the surveillance state resting on a judicially created legal fiction.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 17 20:57:35 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Sep 2013 21:57:35 -0400 Subject: [Infowarrior] - Google ready to toss cookies as ground shifts for online ad rules Message-ID: Google ready to toss cookies as ground shifts for online ad rules By Jeff John Roberts http://gigaom.com/2013/09/17/google-ready-to-chuck-cookies-as-ground-shifts-for-online-ad-rules/ Google is the world?s biggest online advertising company so anytime it makes a policy change, the ripple effects are felt far and wide. That would be the case if the company goes forward with a reported plan to move away from so-called third-party cookies as a way to identity consumers as they move across the internet. According to USA Today, Google plans to abandon third party cookies (mini programs that track your web browsing) in favor of an anonymous ID system that it will share with those advertisers and ad networks that abide by its guidelines. The news comes on the same day as an industry-working group dedicated to a ?Do Not Track? standard effectively collapsed. The group was supposed to develop a standard for how online marketers collect consume data, but the process has gone nowhere; last month, an influential privacy advocate from Stanford gave up on the group and, today, the Digital Advertising Alliance did the same. As the Hill reported, the failure of this industry attempt to come up with a ?Do Not Track? plan means that Congress is likely to step in and pass a plan of its own. If this is the case, Google?s reported move away from cookies may help it stay ahead of the regulatory curve. But the plan also raises the question of how Google, in the absence of third party cookies, intends to preserve the flow of consumer data that is the lifeblood of the online ad economy. The USA Today report is vague on what Google plans to do instead, but a good guess is that it will rely heavily on its vast collection of so-called ?first party? data ? information it collects directly from consumers who visit sites like Gmail or YouTube or use Google+ to log-in to another website (thanks to privacy policy changes, Google can mash all this together). And, in any case, third party cookies have become less important in the age of mobile. Marketers and startups are instead relying on other ?signals? such as location or cross-device comparisons in order to identify consumers. The upshot is that even if Congress outlaws third party cookies, Google and other major portals (like Twitter and Facebook) will be in a stronger position than ever in the online ad market; they will control the most valuable pools of first party and mobile data, which they can make available to marketers and ad networks on the terms of their choosing. To understand more of the realpolitik here, see ?How to Talk about Banning Third Party Cookies? on Digiday. For the super-advanced class, see ?We Don?t need no Stinkin? Third Party Cookies? on AdExchanger. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 18 07:08:43 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Sep 2013 08:08:43 -0400 Subject: [Infowarrior] - RIAA Wants Web Browsers to Block Pirate Sites, And More Message-ID: <85A73558-BD12-4776-ACF1-DC2E851BCBA5@infowarrior.org> RIAA Wants Web Browsers to Block Pirate Sites, And More ? Andy ? September 18, 2013 http://torrentfreak.com/riaa-wants-web-browsers-to-block-pirate-sites-and-more-130918/ Later today RIAA CEO Cary Sherman will outline his organization?s vision for increased cooperation between copyright holders and service providers. Sherman will seek agreements with user-generated content sites and promote a new understanding of the DMCA. File-hosting sites should be required to scan incoming links for piracy and search engines such as Google will be expected to do more, including fitting Chrome with systems to block infringing sites and divert users to official sources. After more than a decade of aggressive anti-piracy actions directed through the courts, the world?s largest entertainment companies are now looking to forge less confrontational partnerships with companies in the technology sector. In the belief that voluntary agreements can help a great deal in reducing online infringement, the RIAA and MPAA are trumpeting their efforts to make content legally available and are asking a wide range of service providers to help give those official offerings room to grow. Later today, RIAA CEO Cary Sherman will tell a House Judiciary Subcommittee that such voluntary agreements have a vital role to play. ?In order to make this digital marketplace truly work, we must ensure that these vibrant new legitimate and authorized technologies are not undermined by those engaged in illegal activity. Voluntary initiatives with Internet intermediaries are a key component of that objective,? Sherman will tell the hearing. Copyright Alerts System The RIAA expresses thanks to the Administration and Congress for the support given so far to initiatives such as the fledgling Copyright Alerts System. Sherman will state that it?s too early to say whether or not it has been a full success, but the signs are good. ?The CAS is still in the initial implementation stages and proper metrics are being determined. But feedback so far has been positive and it is worth noting that P2P content protection programs in other countries have been found to have an impact on either the amount of unauthorized P2P activity or on sales,? Sherman will note. Payments, advertising and domain issues Another area of cooperation highlighted are agreements with payment processors including Visa, Mastercard, Amex, Discover and PayPal, which sees processors terminate their relationship with a website if it continually offers illegitimate content. Sherman will cite figures from the International Anti-Counterfeiting Coalition (IACC) that reveal the termination of more than 1,500 merchant accounts between 2011 and August 2013. After highlighting progress in restricting advertising revenue to ?rogue sites? and cautiously welcoming anti-piracy provisions relating to the rolling out of new Top Level Domains, Sherman will move on to the issue of User Generated Content. UGC Principles The RIAA chairman begins by referencing an initiative signed by CBS, Disney, Crackle, Daily Motion, Fox, Microsoft and Veoh among others way back in 2007. The agreement, which Sherman says was one of very first voluntary online anti-piracy initiatives, sought to boost UGC services while protecting rights holders. The RIAA hopes that it can breathe new life into the six-year-old deal which will see parties: - Implement fingerprinting technology to filter out unauthorized video and audio - Provide copyright holders with ?enhanced searching and identification means.? - Work to identify ?predominantly infringing? sites and block their links - Track, identify and ban repeat infringers while ?accommodating fair use? ?The UGC principles serve as a model of intermediaries and content owners working together voluntarily to assure that the provisions of the Digital Millennium Copyright Act (DMCA) have meaning and are adapted to new technological advancements,? Sherman will say. ?They should serve as a blueprint for new voluntary agreements between content owners and Internet intermediaries to carry out the intent of the DMCA to protect both copyright owners and intermediaries? Search engines must do more ? much more Perhaps unsurprisingly the RIAA still has plenty of criticism for search engines such as Google, who it accuses of doing little to help with infringement. The music group says it wants engines to look at whether sites are ?authorized? or not when it determines how they are placed in results. ?We believe it would be useful to see voluntary initiatives by search engines that take into account whether or not a site is authorized to provide the content at issue in determining search result rankings for searches to consume that content,? Sherman will say. ?This could take into account not only the absolute number of copyright removal requests sent about a site to trigger demotion of that site, but also whether the site is authorized to provide the content to trigger a higher search rank for that site.? The RIAA also says that Google?s efforts to disappear links to child porn could be extended to infringing material and that tools such as Chrome could divert users away from certain sites and towards others. ?Google has tools in its Chrome browser to warn users if they are going to sites that may be malicious. Shouldn?t that technology be used to warn users of rogue sites?? Sherman will ask. ?Or better yet, can Google use similar technology to highlight or identify sites that are authorized? Imagine if links to content on legitimate sites were labeled ? directly in the search result ? with a certification mark indicating that the site is licensed and actually pays royalties to creators. That educational message could have a profound and positive impact on user behavior.? The DMCA isn?t working ? cooperation is needed It?s no secret that the RIAA is disappointed with how the DMCA has panned out. The music group feels that scanning millions of websites and sending notices is an unfair burden for rightsholders and a position that needs to improve. ?As was done with the UGC Principles, there is an opportunity for intermediaries and content owners to sit down and negotiate practical solutions that will make the ?notice and takedown? system more meaningful and effective,? Sherman will say. ?From more stringent repeat infringer policies to takedowns that don?t automatically repopulate, many practical solutions can be adopted that would assure the intent of the DMCA is carried out. We hope the relevant parties will join together to start this process and we need Congress to encourage and facilitate such a process.? What makes a good voluntary agreement? In his summing up, Sherman will state that voluntary agreements mean the formation of a partnership in which both content and platform owners work to protect copyright and in which intermediaries understand that doing so is to their benefit. ?Initiatives must go beyond what is already done or expected of intermediaries under existing law,? Sherman will declare. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 18 07:08:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Sep 2013 08:08:47 -0400 Subject: [Infowarrior] - Ritholtz: Every market is manipulated Message-ID: As shown below, big banks have manipulated virtually every market ? both in the financial sector and the real economy ? and broken virtually every law on the books. < - > http://www.ritholtz.com/blog/2013/09/banks-are-manipulating-gold-and-silver-markets/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 18 14:29:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Sep 2013 15:29:03 -0400 Subject: [Infowarrior] - =?windows-1252?q?Facebook_=91liking=92_is_protect?= =?windows-1252?q?ected_free_speech=2C_federal_court_says?= Message-ID: Facebook ?liking? is protectected free speech, federal court says By Justin Jouvenal http://www.washingtonpost.com/local/facebook-liking-is-protectected-free-speech-federal-court-says/2013/09/18/28c8e324-2070-11e3-b7d1-7153ad47b549_print.html A federal appeals court ruled Wednesday that ?liking? something on Facebook is a form of protected free speech in a closely watched Virginia case that tested the limits of the First Amendment in the digital age. The Fourth Circuit Court of Appeals in Richmond rejected a lower court?s opinion that clicking the ubiquitous ?thumbs up? icon was not ?actual speech,? an opinion that would have had wide-ranging implications for millions of Facebook users and other new forms of expression on the web if it had stood. ?[Liking] is the Internet equivalent of displaying a political sign in one?s front yard, which the Supreme Court has held is substantive speech,? the three judge panel wrote in their 81-page opinion. The ruling grew out of a lawsuit brought by Hampton sheriff?s deputies, one of whom claimed he was fired for liking the campaign page of his boss?s opponent. Daniel Ray Carter, Jr. said the dismissal violated his First Amendment rights in the 2011 suit. But U.S. District Court Judge Raymond A. Jackson issued a summary judgement against Carter in January 2012, saying ?liking? didn?t rise to the level of protected speech. Jackson said Carter needed to have made actual statements to make such a claim. Facebook and the ACLU filed friend of the court briefs in the case, saying Jackson?s ruling would erode free speech rights. In the brief, Facebook said its users register more than 3 billion likes and comments every day. Facebook users can like a range of content that appears on the social media site from articles to photos to organizations. If a user clicks the ?thumbs up? icon, the content appears on his or her Facebook feed. ?The court properly recognized that in an era when so much of our communication takes place through social media liking a political Facebook page is an important means of political expression that deserves First Amendment expression,? said Rebecca Glenberg, the ACLU legal director for Virginia. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 19 15:51:12 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Sep 2013 16:51:12 -0400 Subject: [Infowarrior] - Hamre on the security clearance process Message-ID: Navy Yard shooting exposes flawed security clearance process By John Hamre http://www.washingtonpost.com/opinions/navy-yard-shooting-exposes-flawed-security-clearance-process/2013/09/18/b5c4809c-209a-11e3-a358-1144dee636dd_print.html John Hamre, a former deputy secretary of defense and chairman of the Defense Policy Board, is president and chief executive of the Center for Strategic and International Studies. The tragedy of the Navy Yard shootings has gripped Washington. Many dimensions of this episode call for deep assessment: How could a clearly troubled man bring a weapon into a highly secure venue only to gun down government workers? How can we prevent such incidents in the future? Much has been made of the fact that Aaron Alexis had a security clearance. That was not the cause of this incident, but it probably contributed by creating complacency in security officers at the Navy Yard. I have been critical of our nation?s security clearance procedures, but I hope Congress moves thoughtfully ? and not in haste to score political points ? to address this issue. Mistakes are invariably made when we legislate in fear and anger. The murders by Alexis and the betrayal by National Security Agency leaker Edward Snowden both underscore a problem with our security clearance process. Fundamentally, the United States has a ?perimeter security? system: A government adjudicator guards the gate, deciding who should be allowed through. But once clearance is granted, there is little further substantive assessment of an individual?s behavior or activities. Clearances are supposed to be updated every five years, but that is not always observed. The process, which grew out of the bitter experiences with spies early in the Cold War, is obsolete. For example, applicants are still asked to identify every home they have lived in, and U.S. workers try to interview neighbors in each place. There is no differentiation between new college graduates and government workers who have held clearances for decades. Recently, a colleague who is a former deputy secretary of a major Cabinet department submitted his SF-86, as the clearance form is known. It ran 256 pages. He has been cleared nine times yet still has to fill out the same form everyone else submits. Once you hold a clearance, however, it is generally carried over if you change jobs. Snowden?s peripatetic career is typical. Snowden should have been under intense, ongoing surveillance, not because of his personal behavior but because of the sensitivity of his position. His job was to move massive files to different computer networks in the NSA system. I can?t imagine a more sensitive job these days. Steady surveillance ought to be a condition of employment in such a position. I continue to hold special clearances, some of extraordinary sensitivity. The government should monitor me steadily because of the sensitivity of these programs, and I should expect such surveillance as a condition of my government work. To a certain degree, our country pretends to do this. For every international trip I take, I must register my plans with an organization that holds my clearances. My last visit involved a private meeting with the prime minister of a major U.S. ally. I was asked to validate whether I met with any foreigners who spoke English or requested to stay in touch with me on an ongoing basis. These one-size-fits-all questions consume clerical time and do not meaningfully contribute to security. And what spy would answer truthfully anyway? Spies are not as dumb as our security process. Too much time is wasted on procedures that produce too little security. There are spies in our midst. So why does our nation rely on a process that rests on someone reporting his own activities into a paper-bound system that is choking on process and produces no insight? The case of Alexis is more complicated. He did not hold a particularly sensitive job or a highly privileged clearance. Our system is designed to defeat spies, not crazy people with homicidal impulses. But there are potential solutions. Innovative organizations in the U.S. government are pioneering continuous surveillance methods that could have detected Alexis by using many data sources and reporting risky behavior to security supervisors. There were ample signs of a troubled mind, which should have triggered more rigorous supervision and monitoring. This type of oversight must be carried out through automated techniques. Our paper-based human review process would be overwhelmed quickly. When data suggest a more focused investigation is needed, trained investigators should take over. Privacy concerns must be addressed, but they could be managed in a manner acceptable to our society. Government employees and contractors understand that they must be held to higher standards and closer scrutiny precisely because they carry the credential of trustworthiness to deal with America?s secrets. We mourn the needless death of civil servants. But we should learn and implement lessons that will really solve the clearance problem, not gratify a political impulse to act upon our national anger and shame. Read more on this topic: Dana Milbank: After Navy Yard shooting, RIP for gun control Eugene Robinson: Shooting hits home The Post?s View: Navy Yard, yet another massacre Kathleen Parker: Another mass murder, another conversation ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 19 15:51:17 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Sep 2013 16:51:17 -0400 Subject: [Infowarrior] - =?windows-1252?q?Charles_Carreon_finally_quits_fi?= =?windows-1252?q?ghting=2C_calls_Oatmeal_battle_=93a_dumb_thing=94?= Message-ID: <71E87133-61F7-486C-A4A6-F8ABF3CC9177@infowarrior.org> Charles Carreon finally quits fighting, calls Oatmeal battle ?a dumb thing? Lawyer tells Ars he was "rapeutated," unjustly lowering his reputation online. by Cyrus Farivar - Sept 19 2013, 10:45am EDT http://arstechnica.com/tech-policy/2013/09/charles-carreon-withdraws-final-appeal-says-entire-affair-was-a-dumb-thing/ Last year, embattled Arizona lawyer Charles Carreon brought a lawsuit against The Oatmeal creator Matthew Inman, doubling down by suing anonymous Internet commenters and even two charities, the National Wildlife Federation and the American Cancer Society. (The whole crazy story also involved a cartoon of an obese woman asking a bear to "Come hurr and love meeee!") Things got even weirder when Carreon threatened Chris Recouvreur, also known "Satirical Charles," who had created a website mocking Carreon. Recouvreur then sued Carreon in federal court for a declarative judgement that his site was not libelous. In a Tuesday legal filing with the Ninth Circuit Court of Appeals, Charles Carreon dropped his final appeal in the Recouvreur case and now definitively owes over $46,000 in fees to Recouvreur. Now Carreon says he regrets the entire affair. Why? Largely because it has unleashed the wrath of angry people on the Internet and has subsequently damaged his reputation online. ?I genuinely say it was a dumb thing,? Carreon told Ars. ?This is not a soluble problem. This is not a problem that is soluble with a legal cease-and-desist letter, or a counter cease-and-desist letter. I would not have sent that and I really reassess the decision thoroughly. It was not a good idea. You really are dealing with a situation that is not amenable to legal resolution.? ?I made it worse? Carreon was a little-known lawyer until June 2012, at which point he began representing the website FunnyJunk.com and sued Matthew Inman, demanding $20,000 over comments Inman had made about FunnyJunk's habit of hosting Inman's cartoons. Inman then turned around and raised $100,000, giving that money to charity instead of to Carreon, at which point Carreon escalated his legal filings. At one point, Carreon even threatened to subpoena Ars Technica. (Ars? collected coverage of the entire affair can be read here.) In a 30-minute phone interview with Ars on Wednesday, Carreon lamented that, as a result of this entire sordid affair, his professional reputation has been damaged?or as he calls it, "rapeutated." In fact, Carreon has a colorful website at Rapeutation.com that includes an elaborate chart with a new, long, and extensive list of all the so-called ?rapeutationists,? including yours truly and two more Ars staffers. If you'd like to see a picture of Carreon's critics?including an Ars Technica writer?spewing fecal matter out of their mouths, that too can be accommodated. In short, Carreon portrays himself as the victim here?he?s now become the victim of the Streisand effect, or as it might now be called, the Carreon effect. < - > http://arstechnica.com/tech-policy/2013/09/charles-carreon-withdraws-final-appeal-says-entire-affair-was-a-dumb-thing/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 19 17:49:37 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Sep 2013 18:49:37 -0400 Subject: [Infowarrior] - Starbucks vs. Pentagon: Guantanamo court debates whose network is more secure Message-ID: <8B44A7A7-6F7C-41F9-AF35-98142B345F7D@infowarrior.org> Starbucks vs. Pentagon: Guantanamo court debates whose network is more secure Jane Sutton 18 minutes ago http://news.yahoo.com/starbucks-vs-pentagon-guantanamo-court-debates-whose-network-222712213.html GUANTANAMO BAY U.S. NAVAL BASE, Cuba (Reuters) - Using the Wi-Fi connection at Starbucks was a better bet than risking putting confidential defense documents on a glitch-prone Pentagon computer network, a senior Defense Department official testified on Thursday at the Guantanamo trial of five prisoners charged with plotting the September 11 hijacked plane attacks. The Internet link at the local Starbucks was "the best bad option that we had," Air Force Colonel Karen Mayberry, the chief defense counsel for the war crimes tribunal, told the judge. Defense lawyers have asked the judge to halt pretrial hearings in the death penalty case of the alleged plotters at the Guantanamo Bay U.S. Naval Base in Cuba until the computer system can be fixed to ensure that outsiders cannot access confidential defense documents. Mayberry ordered her team of lawyers to stop putting sensitive documents on that system in April, citing their ethical obligation to protect confidentiality. The lawyers have since been using personal computers to email documents from coffee shops and hotel lobbies. Mayberry said it was possible these networks were not secure, but she was certain that the Pentagon network had been compromised. Mayberry cited evidence that defense files had been lost or altered, prosecutors and defense lawyers were temporarily given access to some of each other's emails, and outside monitors tracked defense researchers' work as they visited terrorism-related sites to prepare for the case. "It's not speculative or hypothetical. It happened," Mayberry said. The network security debate has dominated the week-long hearing for the suspects, who could be executed if convicted of conspiring with al Qaeda, hijacking and murdering 2,976 people in the September 11, 2001, attacks. Prosecutor Ed Ryan has scoffed at the notion that using Starbucks Wi-Fi was safer than using the Pentagon network. "You're not concerned about the nice man in the green apron looking over the major's shoulder as he's typing these emails?" Ryan had asked Mayberry on Wednesday. EXCUSE FOR DELAYS Mayberry said that when she issued her April order she recognized that "it could shut us down," but that she thought the problems would be fixed quickly. An April hearing in the case was canceled, and prosecutors have suggested the defense is using the network problems as an excuse for further delays. A logistics overseer testified that fixing the system could take up to 111 days once the Pentagon awards the contract and approves funding. "Funding may be another issue that could come up in about 13 days or thereabouts," said the judge, Army Colonel James Pohl. In addition, the White House budget office has warned U.S. agencies to prepare for a possible shutdown of the federal government unless Congress overcomes mounting partisan discord and reaches an agreement to fund the next fiscal year that begins October 1. Some of the Internet problems were blamed on a switch in email systems. Others were blamed on an attempt to replicate lawyers' work on two separate networks, one in the Washington area and one at the remote Guantanamo base. Internet technology supervisor Paul Scott Parr tried to explain in laymen's terms what went wrong. A "dirty shutdown" occurred when the server shut down while the replication program was still running, he said. Backups that were supposed to occur daily had not been done for more than three months, Parr said. Seven gigabytes of data previously described as "lost" had merely been "misplaced" and had mostly been restored, he said. (Editing by Kevin Gray and Philip Barbara) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 19 19:41:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Sep 2013 20:41:29 -0400 Subject: [Infowarrior] - Court Says ASCAP Can't Selectively Remove Songs From The Blanket License It Gives Pandora Message-ID: <7DD07C78-5E3E-4BA7-8516-E551371154BC@infowarrior.org> Court Says ASCAP Can't Selectively Remove Songs From The Blanket License It Gives Pandora http://www.techdirt.com/articles/20130918/17441824577/court-says-ascap-cant-selectively-remove-songs-blanket-license-it-gives-pandora.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 19 19:42:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Sep 2013 20:42:53 -0400 Subject: [Infowarrior] - Anti-terror program tracks innocents, ACLU says Message-ID: <9D675510-662E-4519-852D-7C2B262BF70B@infowarrior.org> Anti-terror program tracks innocents, ACLU says PAUL ELIAS ? Sep. 19 6:32 PM EDT http://bigstory.ap.org/article/anti-terror-program-tracks-innocents-aclu-says SAN FRANCISCO (AP) ? Two men of Middle Eastern descent were reported buying pallets of water at a grocery store. A police sergeant reported concern about a doctor "who is very unfriendly." And photographers of all races and nationalities have been reported taking snapshots of post offices, bridges, dams and other structures. The American Civil Liberties Union and several other groups released 1,800 "suspicious activity reports" Thursday, saying they show the inner-workings of a domestic surveillance program that is sweeping up innocent Americans and forever placing their names in a counterterrorism database. Shortly after the 9/11 attacks, the federal government created a multibillion-dollar information-sharing program meant to put local, state and federal officials together to analyze intelligence at sites called fusion centers. Instead, according to a Senate report the Government Accountability Office and now the ACLU, the program has duplicated the work of other agencies, has appeared rudderless and hasn't directly been responsible for any terror-related prosecutions. According to the GAO, the government maintains 77 fusion centers throughout the country and their operations are funded by federal and local sources. The ACLU obtained about 1,700 suspicious activity reports filed with the Sacramento office through a California Public Record Acts request. Another 100 were submitted as part of a court case in Los Angeles filed by the ACLU on behalf of photographers who say they are being harassed by Southern California law officials. The documents do not appear to show valuable counterterrorism intelligence. A report from Bakersfield, phoned in to a police officer by a "close personal friend," describes two men who appear to be of Middle Eastern descent stocking up on water. Another report shows a Lodi police sergeant "reporting on a suspicious individual in his neighborhood." The sergeant, whose name was redacted, said he "has been long concerned about a residence in his neighborhood occupied by a Middle Eastern male adult physician who is very unfriendly." A third report states, "An off-duty supervising dispatcher with Sacramento P.D. noticed a female subject taking pictures of the outside of the post office in Folsom on Riley Street this morning. The female departed as a passenger in a silver Mazda." The fusion center project was a target of a blistering Congressional report last year complaining that too many innocent Americans engaging in routine and harmless behavior have become ensnared in the program. The ACLU and others are calling on the Obama administration to make overhauls so that only activities with legitimate links to terrorism investigations are reported. "We want the administration to stop targeting racial and religious minorities," ACLU lawyer Linda Lye said. A Senate report last year concluded that the program has improperly collected information and produced little valuable intelligence on terrorism. The report suggested the program's intent ballooned far beyond anyone's ability to control. What began as an attempt to put local, state and federal officials in the same room analyzing the same intelligence has instead cost huge amounts of money for data-mining software, flat screen televisions and, in Arizona, two fully equipped Chevrolet Tahoes that are used for commuting, investigators found. The lengthy, bipartisan report was a scathing evaluation of what the Department of Homeland Security has held up as a crown jewel of its security efforts. Homeland Security officials didn't respond Thursday to the ACLU's criticism. Homeland Security Department spokesman Matthew Chandler at the time the Senate report was released called it "out of date, inaccurate and misleading." He said it focused entirely on information being produced by fusion centers and didn't consider the benefit to involved officials from receiving intelligence from the federal government. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 19 19:47:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Sep 2013 20:47:20 -0400 Subject: [Infowarrior] - RSA to customers: Stop using NSA-influenced code in our products Message-ID: <3FD34C98-391F-4C32-ADAC-251AB4C964C2@infowarrior.org> Stop using NSA-influenced code in our products, RSA tells customers Firm "strongly recommends" customers stop using RNG reported to contain NSA backdoor. by Dan Goodin - Sept 19 2013, 7:43pm EDT Officials from RSA Security are advising customers of the company's BSAFE toolkit and Data Protection Manager to stop using a crucial cryptography component in the products that was recently revealed to contain a backdoor engineered by the National Security Agency. An advisory sent to select RSA customers on Thursday confirms that both products by default use something known as Dual EC_DRBG when creating cryptographic keys. The specification, which was approved in 2006 by the National Institute of Standards and Technology (NIST) and later by the International Organization for Standardization, contains a backdoor that was inserted by the NSA, the New York Times reported last week. RSA's advisory came 24 hours after Ars asked the company if it intended to warn BSAFE customers about the deliberately crippled pseudo random number generator (PRNG), which is so weak that it undermines the security of most or all cryptography systems that use it. "To ensure a high level of assurance in their application, RSA strongly recommends that customers discontinue use of Dual EC DRBG and move to a different PRNG," the RSA advisory stated. "Technical guidance, including how to change the default PRNG in most libraries, is available in the most current product documentation" on RSA's websites. The BSAFE library is used to implement cryptographic functions into products, including at least some versions of the McAfee Firewall Enterprise Control Center, according to NIST certifications. The RSA Data Protection Manager is used to manage cryptographic keys. Confirmation that both use the backdoored RNG means that an untold number of third-party products may be bypassed not only by advanced intelligence agencies, but possibly by other adversaries who have the resources to carry out attacks that use specially designed hardware to quickly cycle though possible keys until the correct one is guessed. McAfee representatives issued a statement that confirmed the McAfee Firewall Enterprise Control Center 5.3.1 supported the Dual_EC_DRBG, but only when deployed in federal government or government contractor customer environments, where this FIPS certification has recommended it. The product uses the newer SHA1 PRNG random number generator in all other settings. The NIST certification page lists dozens of other products that also use the weak RNG. Most of those appear to be one-off products. More significant is the embrace of BSAFE as the default RNG, because the tool has the ability to spawn a large number of derivative crypto systems that are highly susceptible to being broken. < - > http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 20 07:25:52 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Sep 2013 08:25:52 -0400 Subject: [Infowarrior] - 18 Teens Who Are Doing Incredible Things At The Google Science Fair Message-ID: 18 Teens Who Are Doing Incredible Things At The Google Science Fair Read more: http://www.businessinsider.com/2013-google-science-fair-finalists-2013-9?op=1#ixzz2fR1QREZ1 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 20 08:52:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Sep 2013 09:52:58 -0400 Subject: [Infowarrior] - SnoDocs: Britain's GCHQ Hacked Belgian Telecoms Firm Message-ID: Belgacom Attack: Britain's GCHQ Hacked Belgian Telecoms Firm A cyber attack on Belgacom raised considerable attention last week. Documents leaked by Edward Snowden and seen by SPIEGEL indicate that Britain's GCHQ intelligence agency was responsible for the attack. http://www.spiegel.de/international/europe/british-spy-agency-gchq-hacked-belgian-telecoms-firm-a-923406.html Documents from the archive of whistleblower Edward Snowden indicate that Britain's GCHQ intelligence service was behind a cyber attack against Belgacom, a partly state-owned Belgian telecoms company. A "top secret" Government Communications Headquarters (GCHQ) presentation seen by SPIEGEL indicate that the goal of project, conducted under the codename "Operation Socialist," was "to enable better exploitation of Belgacom" and to improve understanding of the provider's infrastructure. The presentation is undated, but another document indicates that access has been possible since 2010. The document shows that the Belgacom subsidiary Bics, a joint venture between Swisscom and South Africa's MTN, was on the radar of the British spies. Belgacom, whose major customers include institutions like the European Commission, the European Council and the European Parliament, ordered an internal investigation following the recent revelations about spying by the United States' National Security Agency (NSA) and determined it had been the subject of an attack. The company then referred the incident to Belgian prosecutors. Last week, Belgian Prime Minister Elio di Rupo spoke of a "violation of the public firm's integrity." When news first emerged of the cyber attack, suspicions in Belgium were initially directed at the NSA. But the presentation suggests that it was Belgium's own European Union partner Britain that is behind "Operation Socialist," even though the presentation indicates that the British used spying technology for the operation that the NSA had developed. According to the slides in the GCHQ presentation, the attack was directed at several Belgacom employees and involved the planting of a highly developed attack technology referred to as a "Quantum Insert" ("QI"). It appears to be a method with which the person being targeted, without their knowledge, is redirected to websites that then plant malware on their computers that can then manipulate them. Some of the employees whose computers were infiltrated had "good access" to important parts of Belgacom's infrastructure, and this seemed to please the British spies, according to the slides. The documents also suggest that GCHQ continued to probe the areas of infrastructure to which the targeted employees had access. The undated presentation states that they were on the verge of accessing the Belgians' central roaming router. The router is used to process international traffic. According to the presentation, the British wanted to use this access for complex attacks ("Man in the Middle" attacks) on smartphone users. The head of GCHQ's Network Analysis Centre (NAC) described Operation Socialist in the presentation as a "success." When contacted by SPIEGEL reporters, GCHQ provided no comment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 20 11:24:44 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Sep 2013 12:24:44 -0400 Subject: [Infowarrior] - Security in a Post-PRISM World Message-ID: <09136EC4-762A-4A63-BD65-DCD40D75752C@infowarrior.org> Security in a Post-PRISM World By Sean Michael Kerner | Posted 2013-09-19 http://www.eweek.com/print/blogs/security-watch/security-in-a-post-prism-world.html/ NEW ORLEANS?Over the last few months, a whole lot of people have been very worried about the privacy of their information. The revelation that the National Security Agency can potentially decrypt traffic from the Web has made a lot of people question their online providers and what can be done to protect privacy. In a session at the LinuxCon conference here this week, I saw one really good answer proposed by Frank Karlitschek, in a session aptly titled, "Living in a Cloudy Post-PRISM World." I've had the good fortune to meet with Karlitschek in the past, and I know him as the founder of the popular ownCloud project. The ownCloud project is somewhat analogous to what Dropbox does, except that it's open source (and has more features). In his LinuxCon session, Karlitschek noted that some people might just shrug off the NSA risks, but he suggests that is not a good idea. "I'm from Germany, and we know that it's not a good idea to have an omnipotent government that can spy on you," Karlitschek said. "It's just not a good idea in a free society, so people should care if someone is violating their privacy?it's very important." He added that developers built the Internet, and developers can fix it too. User Data Manifesto Going a step further, Karlitschek has proposed what he is calling the "User Data Manifesto," which outlines the characteristics that should apply to user data. "If I take a photo, it should be my photo," Karlitschek said. The full User Data Manifesto includes eight key points: 1. Own the data The data that someone directly or indirectly creates belongs to the person who created it. 2. Know where the data is stored Everybody should be able to know where their personal data is physically stored, for how long, on which server, in what country and what laws apply. 3. Choose the storage location Everybody should always be able to migrate their personal data to a different provider, server or their own machine at any time without being locked in to a specific vendor. 4. Control access Everybody should be able to know, choose and control who has access to their own data to see or modify it. 5. Choose the conditions If someone chooses to share their own data, then the owner of the data selects the sharing license and conditions. 6. Invulnerability of data Everybody should be able to protect their own data against surveillance and to federate their own data for backups to prevent data loss or for any other reason. 7. Use it optimally Everybody should be able to access and use their own data at all times with any device they choose and in the most convenient and easiest way for them. 8. Server software transparency Server software should be free and open-source software so that the source code of the software can be inspected to confirm that it works as specified. It's a brilliant idea and one that I hope will gain traction in the months and years to come. Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist. From rforno at infowarrior.org Fri Sep 20 11:26:02 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Sep 2013 12:26:02 -0400 Subject: [Infowarrior] - DOJ Scrambles To Try To Explain Why It Never Investigated Systematic Misrepresentations By NSA To FISA Court Message-ID: DOJ Scrambles To Try To Explain Why It Never Investigated Systematic Misrepresentations By NSA To FISA Court http://www.techdirt.com/articles/20130919/17165924586/doj-scrambles-to-try-to-explain-why-it-never-investigated-systematic-misrepresentations-nsa-to-fisa-court.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 20 13:47:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Sep 2013 14:47:14 -0400 Subject: [Infowarrior] - NSA chiefs defend agency's conduct in letter to families of employees Message-ID: NSA chiefs defend agency's conduct in letter to families of employees General Keith Alexander and deputy director John Inglis sign letter 'in light of unauthorised disclosure of classified information' ? Adam Gabbatt in New York ? theguardian.com, Friday 20 September 2013 13.43 EDT http://www.theguardian.com/world/2013/sep/20/nsa-chiefs-letter-employees-families The National Security Agency has sent a letter to its employees' family members, in an effort to "reassure" relatives about the agency's work. The letter, signed by NSA director General Keith Alexander and deputy director John Inglis, is dated 13 September and is addressed to "NSA/CSS family". It characterises press reports of NSA overreaches as "sensationalised" and laments how stories published on documents leaked by Edward Snowden have seen the agency portrayed "as more of a rogue element than a national treasure". "We are writing to you, our extended NSA/CSS family, in light of the unauthorized disclosure of classified information by a former contractor employee," says the letter, which was published on The Dissenter website on Friday. "We want to put the information you are reading and hearing about in the press into context and reassure you that this Agency and its workforce are deserving and appreciative of your support." The NSA has been under scrutiny since details of its surveillance programs were revealed by the Guardian and other outlets. The agency has been criticised for collecting Americans' phone and internet data, in what some see as a breach of the fourth amendment. "Some media outlets have sensationalized the leaks to the press in a way that has called into question our motives and wrongly cast doubt on the integrity and commitment of the extraordinary people who work here at NSA/CSS ? your loved one(s)," the letter says. "It has been discouraging to see how our Agency frequently has been portrayed in the news as more of a rogue element than a national treasure. You've seen the dedication, skill and integrity that those employees bring to their job each and every workday, contributing to the accomplishments of the agency over the past 61 years." The message is aimed at providing a morale boost to NSA staff and their families while also providing talking points and rebuttals to criticisms of the agency. Alexander and Inglis write that they will continue to provide employees with "materials they can bring home to help you understand that our activities are lawful, appropriate and effective". The letter repeats a claim previously made by the agency that its activities "contributed to keeping the nation and its allies safe from 54 different terrorist plots". That claim has been repeatedly challenged, including by senators Mark Udall and Ron Wyden. In June, Udall and Wyden, both members of the Senate intelligence committee, said they had "not yet seen any evidence showing that the NSA's dragnet collection of Americans' phone records has produced any uniquely valuable intelligence". The letter acknowledges that the NSA has erred in the past, but insists there is a system in place for the reporting of such errors. "In concert with our mission, NSA/CSS employees are trained from the first day on the job, and regularly thereafter, to respect the privacy and civil liberties of US citizens. We go to great lengths to achieve our goal of no mistakes. However, we are human and, because the environment of law and technology within which we operate is so complex and dynamic, mistakes sometimes do occur. "That's where the unique aspect of our culture comes into play. We self-report those mistakes, analyze them, and take action to correct the root causes." Alexander and Inglis add that such mistakes are reported to "our oversight bodies in the Congress, the Foreign Intelligence Surveillance Court and the executive branch, where appropriate". The message signs off by thanking family members of employees for their "continued support and encouragement". Relatives of NSA employees are "an integral part" of the agency's success in defending America, Alexander and Inglis write, adding: "We have weathered storms before and we will weather this one together, as well." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 20 14:50:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Sep 2013 15:50:33 -0400 Subject: [Infowarrior] - BlackBerry to Fire 4, 500, Write Down Up to $960 Million Message-ID: <038E5C88-8A23-4E36-8102-93660AC92919@infowarrior.org> BlackBerry to Fire 4,500, Write Down Up to $960 Million By Hugo Miller - Sep 20, 2013 http://www.bloomberg.com/news/print/2013-09-20/blackberry-to-fire-4-500-write-down-up-to-960-million.html BlackBerry Ltd. (BBRY), the smartphone maker that?s evaluating a sale, will cut 4,500 jobs and record an inventory writedown of as much as $960 million after a new set of devices failed to catch on with consumers. The company, based in Waterloo, Ontario, expects to report a net operating loss of as much as $995 million for the fiscal second quarter, according to a statement today. Sales in the quarter were about $1.6 billion -- just more than half the $3.03 billion average estimate of analysts surveyed by Bloomberg. The company sold about 5.9 million smartphones in the quarter, it said. BlackBerry had 12,700 employees as of the end of March, the last time it has reported a figure. The inventory writedown is mostly based on the value of Z10 touch-screen devices, the company said. The adjusted second-quarter net loss will be as much as $265 million, or 51 cents a share, compared with the average analyst estimate of 16 cents. Chief Executive Officer Thorsten Heins was counting on the new BlackBerry 10 phones -- introduced in January to good reviews -- to reverse a sales slide, return the company to profitability and make the brand hip again. Instead, its market share continues to slide and BlackBerry remains unprofitable. Corporate customers such as Morgan Stanley (MS) are holding off on upgrading to the new platform, concerned that the company won?t be around to support the devices, people familiar with the matter said last month. Writedown Streak The writedown extends a streak of inventory charges, which were previously spurred in part by the ill-fated PlayBook tablet. The company took a pretax expense of $485 million in December 2011, a second charge of $267 million the following March and a third writedown of $335 million in June 2012. Still, BlackBerry continues to introduce new products. In addition to the Q10, Z10 and Q5 released so far this year, BlackBerry this week introduced the Z30, a model with the company?s largest screen yet. It goes on sale in the U.K. and Middle East starting next week. BlackBerry has hired accounting firm PricewaterhouseCoopers LLP to evaluate the company for potential buyers, according to two people with knowledge of the move. A team of accountants and lawyers from the New York-based firm have been working at BlackBerry since August, said the people, who asked not to be identified because the contract hasn?t been made public. It previously hired Perella Weinberg Partners LP as an adviser -- alongside its bankers at JPMorgan Chase & Co. -- to help explore its options, a person familiar with the decision said earlier this month. To contact the reporter on this story: Hugo Miller in Toronto at hugomiller at bloomberg.net To contact the editor responsible for this story: Nick Turner at nturner7 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 20 16:30:14 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Sep 2013 17:30:14 -0400 Subject: [Infowarrior] - READ: Not Content With Gutting The Fourth Amendment, The Government Continues Its Attack On The Fifth And Sixth Message-ID: <8129D261-D680-482A-9BD9-6769C51EE8F1@infowarrior.org> Not Content With Gutting The Fourth Amendment, The Government Continues Its Attack On The Fifth And Sixth http://www.techdirt.com/articles/20130827/09282724323/not-content-with-gutting-fourth-amendment-government-continues-its-attack-fifth-sixth.shtml < - > Perhaps due to their proximity both in number and scope, the government is also working hard to eliminate the protections afforded by the Fifth and Sixth Amendments as well. One of the more recent blows to these rights came from a court decision in Salinas v. Texas, in which the court ruled that simply remaining silent is not the same as invoking your right to remain silent, and as such, can be used (under specific circumstances) as evidence of guilt. Another earlier decision (Berghuis v. Thompson) also weighs on this, putting the onus of invocation on the arrestee. The Berghuis decision makes the invocation the key element, post-arrest. Simply refusing to talk to police officers when detained or arrested doesn't protect you. The Miranda rights are available but you'll have to be the person invoking them. Otherwise, your lack of cooperation becomes problematic. For you. < - > "When we live in a world where ?I want a lawyer? is de facto evidence of guilt, we will live in a world where that lawyer wouldn?t even be able to help us." < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 20 19:39:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Sep 2013 20:39:03 -0400 Subject: [Infowarrior] - NSA job post for 'Civil Liberties & Privacy Officer' goes live Message-ID: <8FC93DC7-B5CB-4E94-A8F7-CC440C2D1D12@infowarrior.org> NSA job post for 'Civil Liberties & Privacy Officer' goes live http://news.cnet.com/8301-13578_3-57603992-38/nsa-job-post-for-civil-liberties-privacy-officer-goes-live/?part=rss&subj=news&tag=title --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Sep 21 06:50:47 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Sep 2013 07:50:47 -0400 Subject: [Infowarrior] - DHS to test BOSS facial recognition at junior hockey game Message-ID: <787B540E-9401-46A1-9803-C0FB47C49AFF@infowarrior.org> Homeland Security to test BOSS facial recognition at junior hockey game By Rawlson King September 20, 2013 - http://www.biometricupdate.com/201309/u-s-testing-crowd-scanning-facial-recognition-system The U.S. Department of Homeland Security will test its crowd-scanning facial recognition system, known as the Biometric Optical Surveillance System, or BOSS, at a junior hockey game this weekend. With assistance from the Pacific Northwest National Laboratory, DHS will test its system at a Western Hockey League game in Washington state. The test will determine whether the system can distinguish the faces of 20 volunteers out of a crowd of nearly 6,000 hockey fans, to evaluate how successfully BOSS can locate a person of interest. BOSS technology consists of two cameras capable of taking stereoscopic images of a face and a back end remote matching system. Stereoscopic images are two images of the same object, taken at slightly different angles that create an illusion of three-dimensional depth from two-dimensional images. The cameras transfer the pair of images to the remote matching system by way of fiber optic or wireless technology. The system then processes and stores the two images into a 3-D signature, which is the mathematical representation of the stereo-pair images that the system uses for matching. Using the BOSS facial recognition algorithms, the signature is matched against a locally stored database created from volunteers, using a combination of mathematical and statistical analysis. BOSS is capable of capturing images of an individual at 50-100 meters in distance. The system can capture images of subjects participating from a specific distance, or be set up in a way that tracks and passively captures frontal face images of an individual as he/she moves in front of the camera. As reported previously in BiometricUpdate.com, a $5.2 million contract for BOSS was awarded to Electronic Warfare Associates, a U.S. military contractor. Recently the system was not deemed ready since it could not achieve 80 to 90 percent identification accuracy at a distance of 100 meters and could not process and identify images in less than 30 seconds against a biometric database. This weekend?s test will attempt to rectify this deficiency. If the test succeeds, the technology conceivably could be used at international crossings and other ports across the United States patrolled by the department. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Sep 21 09:13:27 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Sep 2013 10:13:27 -0400 Subject: [Infowarrior] - USIS under the gun Message-ID: <7540B946-EA9D-4390-BC73-D3295FBC75A1@infowarrior.org> Of course the simplest thing is to reduce the amount of stuff classified, which reduces the number of people needing clearances, which can result in more thorough background checks. --rick http://www.washingtonpost.com/business/economy/security-clearance-contractor-usiss-workers-felt-pressure-to-do-more-and-faster/2013/09/20/c62c7498-2208-11e3-b73c-aab60bf735d0_print.html Washington Post September 21, 2013 Vetting Company's Employees Felt Stress Ex-workers at USIS, which reviewed Alexis, call job overwhelming By Jia Lynn Yang When Ileana Privetera started working for the contractor USIS, the firm that vetted National Security Agency leaker Edward Snowden and Navy Yard shooter Aaron Alexis, it sounded like the perfect job. A mother, she would have flexible hours for her family, and she would be helping the country by running background checks on people who were doing the government's most critical jobs. She quickly learned that she was being asked to do the impossible. A computer-software system spat out assignments for her every week with new people to interview. The deadlines were merciless, with as many as 10 cases due in a single day. Privetera was driving madly from one end of Los Angeles to another to complete interviews. And she was never sure whether she was asking enough questions as she probed people's personal lives, asking about their rocky marriages and finances. "I didn't like the feeling, 'Am I doing this right?' " said Privetera, who left her job at USIS in December after about five months. "I felt like we were doing something important." The work was so overwhelming that she and co-workers joked about taking anti-anxiety medications. No evidence has emerged that Falls Church-based USIS cut corners when it vetted Snowden and Alexis. But the company, which has grown to become the biggest private contractor handling background checks for the government, has drawn the notice of lawmakers and the Justice Department. It is under criminal investigation over whether it misled officials about the thoroughness of its work. A number of former USIS employees have been charged with falsifying records in recent years. And Monday's Navy Yard shooting is raising questions about how the government vets employees who are given access to some of the country's most sensitive documents and facilities. USIS declined to comment for this story, said company spokesman Ray Howell. But in interviews, some former employees describe an environment where people went weeks without seeing their bosses and handled sensitive documents with no supervision in their home offices and occasionally at Starbucks. The goal at all times: volume. "It was like wink, wink, do this as fast as humanly possible," said a former USIS investigator, who spoke on the condition of anonymity to avoid crossing a former employer. "There was this intense pressure to do more and faster." With about 7,000 employees, USIS handles about 45 percent of all contracted background checks for the Office of Personnel Management. Last year, OPM processed nearly 2.3 million investigations. The story of how USIS became the biggest private name in background checks is unusual. The company was originally part of OPM. But during the Clinton administration, with the Cold War long over, there was less demand for security clearances. As part of Clinton's "reinvent government" initiative, the employees of OPM's security and investigations unit were transferred in 1996 to a private firm, wholly owned by the workers. It was a first for the government. The move was so revolutionary that many OPM employees and members of Congress vehemently opposed the plan. "National defense, security, and the fitness and suitability of the Federal workforce are not commodities like hammers, ashtrays, and space toilets to be traded on the open market and sold to the lowest bidder," said Deborah Abraham Apperson, an OPM employee, in testimony on Capitol Hill in 1996. "Who among us is willing to take the risk of letting a Timothy McVeigh [the Oklahoma City bomber] 'slip through the cracks' in order to save a few dollars by cutting corners?" USIS received an immediate leg up: a noncompetitive three-year contract, according to a 2011 report by the Congressional Research Service. The company quickly dominated the field of private background checks for the government. During the Iraq war, it expanded into training Iraqi police units. USIS's lucrative work conducting investigations for the government - worth $334 million this year - is at risk given the criminal probe. Some lawmakers are calling on OPM to cut off the company, which is now owned by Providence, a private-equity firm. OPM has been under pressure to process background checks more quickly since new standards were put in place by a 2004 intelligence reform law. As the agency has leaned heavily on contract workers, "the quality of the investigations has gone down," said Mark Riley, a former Army officer who works as a private security clearance lawyer. "They are much more cursory. They don't ask the right follow-up questions. . . . The bottom line is the buck, rather than national security." Former employees say the relentless demand to churn out background checks meant that even when USIS investigators wanted to do their best to follow up on red flags, there was limited time. "If I had three months to check this person out . . . I'd be doing a more-thorough process," said a third former employee, who spoke on the condition of anonymity because she also did not want to upset her former employer. "When you're giving me a week to interview 50 people, that's impossible." This employee said she was particularly concerned about the process for giving secret-level clearance - the kind issued to Alexis. That level requires only information from a self-reported questionnaire, a credit check and data from local law enforcement. No interviews with the subject or with references, including neighbors and former spouses, are required. But even for top-secret clearance, where such interviews are required, some former employees said they felt rushed. (Snowden, who leaked top-level NSA documents to The Washington Post and Britain's Guardian newspaper, had top-secret clearance.) "It's very: 'Here's a sheet of questions, ask the questions, hurry and get the answers, submit them and move forward,' " said one of the former employees. "There's just not a lot of paying attention to potential red flags and that sort of thing." Candidates do not have to disclose mental-health counseling they have received related to marital issues, grief or coming back from combat. Former investigators say that mental-health issues were particularly tricky to ferret out and understand in the context of a background check. In a limited number of cases, candidates would sign waivers allowing USIS employees to obtain their mental-health records, these former employees say. USIS investigators said they then had to drive to the medical facilities where the candidates were treated and get someone to sign a form attesting to whether the candidate posed a threat to national security. The person who signed the note, however, could be anyone who had access to the candidate's files; it didn't have to be the person who treated the candidate, these employees said. The bosses simply trusted the employees to do the work in the right way with little oversight, these former employees said. "I could go weeks and weeks and not see a single co-worker, so there's no way they can see what you're doing," said one former investigator. There was a rule that all documents had to have two layers of locks: for instance, a locked file cabinet in a home, plus a locked front door would qualify. But former investigators said that aside from their initial training, no one went to check their homes to make sure the documents containing personal information were secure. "People were leaving their laptops at Starbucks," said one former investigator. "People were leaving cases on top of their cars, information blowing off. We had a lady that left her files at Chuck E. Cheese with her kids." A number of employees in the background-checking business have been convicted or have pleaded guilty to falsifying records. Several worked for USIS but at least one had been employed by a USIS competitor, CACI International. "They're going to make the numbers one way or another," Privetera said. "Obviously, they're not going to say, 'We encourage bad behavior.' But you're kind of creating the environment for it." Matea Gold, Tom Hamburger and Alice Crites contributed to this report. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 22 08:28:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Sep 2013 09:28:11 -0400 Subject: [Infowarrior] - Stock Market Crashes Since 2006: Trading Bots Message-ID: Stock Market Crashes Since 2006: Trading Bots Submitted by Pivotfarm on 09/22/2013 07:13 -0400 http://www.zerohedge.com/contributed/2013-09-22/stock-market-crashes-2006-trading-bots Taking a guess is always a stupid game as it?s a game of luck hitting the right number. Hazarding a guess as to how many jelly beans in the jar is nigh-on impossible. We might normally think that it has nothing to do with any mathematical correlative analysis but just a number that has been magicked out of the air by some person. Don?t be fooled however as there are ways of getting you closer to that number. But, if you were asked to guess the number of stock-market crashes that have happened since 2006, then what would you put forward as your best answer? You might not win the jelly beans in that jar, but you probably won?t be anywhere near close to getting the number of crashes that have taken place around the world. Since 2006, there have been a total of 18, 520 crashes, mini-crashes and flash-crashes or flash freezes (we have more names than we know what to do with) since that year. Most of them probably went unnoticed, since they were less than a blink of your eye and we didn?t know that they had happened. New research has analyzed historic trading and has discovered that it is the automated systems that are at the heart of the problem. High-Frequency Trading ? High-frequency trading systems are computerized analyses that enable the searching for small modifications and differences in stock prices that may be used to gain high-profits when combined in high-numbers. ? If enough is invested and across the whole range of minor differences that are recorded in stock prices, then the gains are unimaginably. ? There is minimum human surveillance of such systems as their advantage is that they occur in record times that no human brain or person could compete with them to execute buy or sell orders. ? No human being could monitor the systems anyhow, since the delay-time necessary to react by a human being would be much slower than the order that gets processed via the technology. ? However, the systems lead to up or down swings in the stock market that are extreme. ? Traders usually follow such swings and use the automated systems to react in turn, with a time-delay to the orders that are executing themselves. ? This, in turn, leads to even greater swings, sometimes quite violently, that are recorded on the stock markets around the world. The new type of trading that has been rushed in with the automated systems that are able to compute price changes reached fever pitch at the start of the financial crisis in 2008 according to the research. ? Speed is the essence of the programs that analyze micro-changes in the stock market. ? The human brain can only calculate and react after a one-second lapse in time when considering what is taking place. ? Computerized systems have the ability to calculate in about 740 nanoseconds, which means about 1, 000times faster than the human brain. ? Even a chess-player (who usually reacts after 650 milliseconds) wouldn?t be able to do anything against the systems that have taken over trading. What is essential in the system is the fact that short, small changes that are not going to last must be spotted and orders placed before that change moves on and disappears. Today those systems are becoming faster and faster and advantage is being taken of new technological prowess that is being invented in the field of optic-fiber cables and software analysis. This new technology will enable another 5 milliseconds to be removed from the calculation time necessary to place the order. Does that mean that the stock markets risk becoming even more open to volatility and crashes in the future when it starts being used? Ultrafast Extreme Events Ultrafast Extreme Events is the name that is given to the movement of stock prices that move ten times or more either up or down (but always in the same direction) and always within 1, 500 milliseconds. The 18, 500 crashes that have gone unnoticed to the human brain all occurred in time-spans that were below the one-second time necessary for the human brain to react. This means that they were not primarily caused by traders. They were perhaps exacerbated when the traders decided to follow in the footsteps of the high-frequency-trading systems, but it was those systems that caused the problem. The technology to act and to react in record-setting time has been invented. But, the technology has today surpassed our own ability to monitor the system. Technology that is faster than the systems that execute the orders to buy and sell will end up having to be invented. But, that will mean a never ending race to be one-step ahead of the technology that we are using to monitor minor fluctuations in the stock prices. The number of ultrafast extreme events has continued to increase since these computerized systems were first introduced in 2006. Fast-trading and computerized systems coupled with a drop below the 1-second time zone mean that the stock market is open to greater volatility today. The threshold of 1 second was crossed years ago now with these systems becoming part and parcel of trading. The number of strategies used by traders has also dropped. So, speed and limited-trading strategies are the source of the problem and not the financial factors of old that may have resulted in the volatility of certain shares. Today shares move massively because the systems take advantage of minute variations. The only thing that could modify that is a marked change in the technology used and the way it is being used. Algorithm Predators The findings of the research carried out by Neil Johnson, professor of physics at the College of Arts and Sciences at the University of Miami (UM) show that the algorithms are the source of the problem because humans cannot keep up with them: ?These algorithms can operate so fast that humans are unable to participate in real time, and instead, an ultrafast ecology of robots rises up to take control?. Conventional market theories are thrown out of the window at this point it would seem and we don?t even know what has hit us. Johnson went on to say: ?As long as you have the normal combination of prey and predators, everything is in balance, but if you introduce predators that are too fast, they create extreme event. What we see with the new ultrafast computer algorithms is predatory trading. In this case, the predator acts before the prey even knows it's there?. The predators are here to stay, but who will pay the price for that? Simple question and an even simpler answer. Johnson believes that 2006 was the era of the cyber mob that is the new predator on the stock market. Artificial Intelligence and Trading on the Stock Market Man can be his own worst enemy sometimes and technology has left the people behind. Artificial intelligence that sends a shiver down your spine like a science-fiction movie that you thought could never come true. It?s the robots and the algorithms that are running the markets today and not the human beings that have invented them or the people that hand over their money to invest on the stock-price movements. The movements and the changes in the stock market are so fast that human beings and traders are out of the loop just watching. It?s only the programs that have been invented that end up battling it out between themselves to gain control and improve their chances of profit. This is at least true of subsecond transactions. Some might certainly argue that if the traders are ineffective, we might just as well get shot of them. The algorithms earn profits of thousands of dollars every millisecond. That?s nothing for sure in the world of finance, but added together it means millions every second. No trader could do that. It?s ok if you win and come up trumps. But, winners always mean losers somewhere else. The losers might just be ourselves with the pension funds and the investments that are linked to the stock market. It was the banks that first started using those systems in order to make greater profits. But, the banks that suffered the highest number of Ultrafast Extreme Events were also the ones that went bankrupt and had to be bailed out. They invented them, they used them, but the rest of us paid the price for them! We?re still paying the price, aren?t we? The research was carried out by Guannan Zhao (post-doctoral researcher at UM), Hong Qi and Jing Meng (Ph.D. researchers in Physics at UM), Nicholas Johnson (Professor of Physics at UM) and is entitled "Abrupt rise of new machine ecology beyond human response time." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 23 09:20:57 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Sep 2013 10:20:57 -0400 Subject: [Infowarrior] - POTUS Asks Congress To Give Up Its Oversight On Secret TPP Agreement Message-ID: <5FF8F907-30AB-4BE6-80CE-4804763C8783@infowarrior.org> President Obama Asks Congress To Give Up Its Oversight On Secret TPP Agreement from the that's-not-a-good-thing dept http://www.techdirt.com/articles/20130920/12045524592/president-obama-asks-congress-to-give-up-its-oversight-secret-tpp-agreement.shtml We've talked a few times about how the USTR and the administration are asking Congress for "trade promotion authority," which would effectively let it bypass Congressional oversight of the Trans Pacific Partnership (TPP) agreement. In fact, in many ways the USTR has been acting as if it already has this. The specifics of "trade promotion authority" or "fast track authority" are a bit down in the weeds, but the short version is that it's the administration asking Congress to completely abdicate its authority and mandate in overseeing international trade agreements. Basically, it removes the ability of Congress to seek any fixes or amendments to a trade agreement -- only allowing them to give a yes or no vote. This might not be such a big deal if the TPP wasn't negotiated in near total secrecy. We've been told that a final agreement is getting close, but no official text has been released at all. What we know of the IP section is one draft that leaked out from well over a year ago. And, now, we're going to get a product that will be released to the public with little time for debate and no way to make changes should the public point out how ridiculous and dangerous it is. And, of course, President Obama is insisting it's necessary to undermine the authority of Congress with a secret agreement that will have tremendous impact on Americans... just because he wants it. He announced to "the President?s Export Council" that "We're going to need Trade Promotion Authority." Let's be clear: the only reason the administration "needs" TPA is so that it can ram through the agreement without letting Congress do its oversight job. Trade Promotion Authority offers no benefit to the public at all. All it does is make sure that the USTR has less oversight and fewer limitations on selling out the public for a few big special interests. The "Export Council" which is basically made up of leaders of those big special interests who are looking for protectionist (not "free trade") policies that help their bottom line, but harm the American public, made an even more ridiculous statement: ?We believe that new TPA legislation is critical to America?s trade leadership in the world,? the group said in one of eight letters to Obama it approved at the meeting. Did you get that? They're claiming that if we actually let Congress do its Constitutionally-mandated job that somehow undermines America's "trade leadership?" Does anyone take this even remotely seriously? Of course, the problem is that very few are paying attention to this. "Trade Promotion Authority" sounds boring and if some big business leaders claims it's necessary, Congress will probably go with it -- even though it subverts their own powers. If the USTR had actually been transparent, had released negotiating texts so that the public could give feedback, and that feedback was reflected in the eventual agreements, then maybe you could see how trade promotion authority might make sense. But when you have a secret agreement, driven in large part by industry lobbyists, which the public still hasn't been allowed to see, how could anyone possibly have a legitimate reason for suggesting that Congress abdicate its oversight role? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 23 13:15:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Sep 2013 14:15:09 -0400 Subject: [Infowarrior] - Blackberry agrees preliminary deal to be sold to Fairfax Message-ID: <587AC7E0-A268-4BAE-9006-2C4F8E309314@infowarrior.org> 23 September 2013 Last updated at 14:13 ET Blackberry agrees preliminary deal to be sold to Fairfax http://www.bbc.co.uk/news/business-24214301?print=true Struggling smartphone maker Blackberry has agreed in principal to be bought by a consortium led by Fairfax Financial for $4.7bn (?3bn). Blackberry said in statement that Fairfax, its largest shareholder, had offered $9 a share cash to buy the company. Trading in Blackberry shares were halted in New York pending the announcement. On Friday, Blackberry announced 4,500 jobs cuts in a bid to stem losses. In August, the Canadian company said it was evaluating a possible sale. The company said it has "signed a letter of intent agreement under which a consortium to be led by Fairfax Financial Holdings Limited has offered to acquire the company subject to due diligence". The statement continued: "Diligence is expected to be complete by November 4, 2013. The parties' intention is to negotiate and execute a definitive transaction agreement by such date." However, Blackberry said it was not in exclusive talks with Fairfax and would continue to "actively solicit, receive, evaluate and potentially enter into negotiations" with other potential buyers. Brian Colello, analyst at Morningstar, said that taking Blackberry private would allow the company to reorganise without being under the glare of Wall Street investors and was therefore probably a good option. He said: "Based on the company's disastrous earnings warning on Friday, I think a deal had to happen and the sooner the better. This is probably the only out for investors and the most likely outcome. "The benefit to this sort of takeover is the ability for Blackberry and the consortium to reinvent the company without public scrutiny. It appears that the end game is going to be whether Blackberry can emerge as a niche supplier of highly-secured phones to enterprise customers and governments." Blackberry's financial problems came to a head this year following disappointing sales of its new Z10 model smartphone. Released in January - after many delays - the phone has failed to enthuse consumers. Over the summer, word trickled out the company had hired a series of advisors to help it explore options. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 23 14:16:09 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Sep 2013 15:16:09 -0400 Subject: [Infowarrior] - How Mike Rogers Buries NSA-Related Documents, While Pretending He Made Them Available Message-ID: How Mike Rogers Buries NSA-Related Documents, While Pretending He Made Them Available http://www.techdirt.com/articles/20130923/08520924623/rep-justin-amash-details-how-intelligence-committee-lead-mike-rogers-continues-to-bury-nsa-related-documents.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Sep 24 06:57:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Sep 2013 07:57:40 -0400 Subject: [Infowarrior] - Destroying the Right to Be Left Alone Message-ID: <8C33CEE5-EC20-4D26-B50A-EED95EF65378@infowarrior.org> Published on Monday, September 23, 2013 by TomDispatch.com Destroying the Right to Be Left Alone The NSA Isn?t the Only Government Agency Exploiting Technology to Make Privacy Obsolete by Christopher Calabrese and Matthew Harwood For at least the last six years, government agents have been exploiting an AT&T database filled with the records of billions of American phone calls from as far back as 1987. The rationale behind this dragnet intrusion, codenamed Hemisphere, is to find suspicious links between people with ?burner? phones (prepaid mobile phones easy to buy, use, and quickly dispose of), which are popular with drug dealers. The secret information gleaned from this relationship with the telecommunications giant has been used to convict Americans of various crimes, all without the defendants or the courts having any idea how the feds stumbled upon them in the first place. The program is so secret, so powerful, and so alarming that agents ?are instructed to never refer to Hemisphere in any official document,? according to a recently released government PowerPoint slide. < - > http://www.commondreams.org/view/2013/09/23-1 From rforno at infowarrior.org Wed Sep 25 08:37:25 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Sep 2013 09:37:25 -0400 Subject: [Infowarrior] - Tone Deaf Dianne Feinstein Thinks Now Is A Good Time To Revive CISPA Message-ID: Tone Deaf Dianne Feinstein Thinks Now Is A Good Time To Revive CISPA from the what-is-she-smoking? dept http://www.techdirt.com/articles/20130924/16502824645/tone-deaf-dianne-feinstein-thinks-now-is-good-time-to-revive-cispa.shtml We had believed, along with a number of others, that the Snowden leaks showing how the NSA was spying on pretty much everyone would likely kill CISPA dead. After all, the key component to CISPA was basically a method for encouraging companies to have total immunity from sharing information with the NSA. And while CISPA supporters pretended this was to help protect those companies and others from online attacks, the Snowden leaks have reinforced the idea (that many of us had been pointing out from the beginning) that it was really about making it easier for the NSA to rope in companies to help them spy on people. Also, if you don't remember, while CISPA had passed the House, the Senate had shown little appetite for it. Last year, the Senate had approved a very different cybersecurity bill, and had expressed very little interest in taking up that fight again this year. Except now, in an unexpected move, Senate Intelligence Committee boss, and chief NSA defender because of reasons that are top secret, has now announced that she's been writing a Senate counterpart to CISPA and is prepared to "move it forward." Yes, it seems that even though the NSA gleefully hid the evidence of widespread abuses from Feinstein's oversight committee, she's playing the co-dependent role yet again. Yes, there's a chance that this new version of the bill will actually take into account privacy and civil liberties, but I doubt many people would take a bet on that being likely. Right now what the public is concerned about are not "cyberattacks" from foreigners -- they're concerned about our own government undermining the security and privacy of Americans themselves. Giving those responsible for that destruction of privacy and trust more power to abuse the privacy of Americans is not what people are looking for. Quite the opposite. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 25 10:54:58 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Sep 2013 11:54:58 -0400 Subject: [Infowarrior] - Apple Maps flaw results in drivers crossing airport runway Message-ID: <12A8CAE0-1B7A-4873-B98D-B256CB9B5E94@infowarrior.org> 25 September 2013 Last updated at 08:54 ET Apple Maps flaw results in drivers crossing airport runway By Leo Kelion Technology reporter http://www.bbc.co.uk/news/technology-24246646?print=true An Alaskan airport has closed an aircraft access route because of a flaw with Apple's Maps app. Fairbanks International Airport told a local newspaper that in the past three weeks two motorists had driven along the taxiway and across one of its runways. Apple's app directs users along the taxiway but does not specifically tell them to drive on to the runway. A spokesman for Apple was unable to provide comment. The airport said it had complained to the phone-maker through the local attorney general's office. "We asked them to disable the map for Fairbanks until they could correct it, thinking it would be better to have nothing show up than to take the chance that one more person would do this," Melissa Osborn, chief of operations at the airport, told the Alaska Dispatch newspaper. She added that barricades had since been erected to block access to the final stretch of the taxiway and that they would not be removed until Apple had updated its directions. The airport said it had been told the problem would be fixed by Wednesday. However the BBC still experienced the issue when it tested the app, asking for directions to the site from a property to the east of the airport. By contrast the Google Maps app provided a different, longer route which takes drivers to the property's car park. Warnings ignored Apple faced criticism after it ditched Google's service as its default maps option last year. Complaints of inaccuracies followed, including placing Dublin Airport about 17km (11 miles) away from its true location after apparently confusing the site with a farm named Airfield. The Australian police went so far as to warn that Apple's software was "life threatening" after motorists became stranded in a national park after being given the wrong directions to the city of Mildura, Victoria. Chief executive Tim Cook posted a letter to the firm's website apologising for the "frustration" caused and promised "we are doing everything we can to make Maps better". The company has since taken over several other mapping software developers including Locationary, Hopstop and Embark. Reviews of its latest operating system, iOS 7, noted that its Maps product had improved, with the Guardian newspaper reporting that Apple's "POI (points of interest) database is getting better". However, the latest mishap indicates problems remain. Fairbanks Airport said the drivers involved in the 6 September and 20 September incidents had both been from out of town and had ignored signposts warning them that they should not be driving along the taxiway. "No matter what the signs say, the map on their iPhone told them to proceed this way," said the airport's marketing director Angie Spear. Alaska Dispatch reported that the runway they crossed was used by 737 jets among other aircraft. No one was injured. "All these types of mapping software have flaws but the problem for Apple is that because it's such a high-profile brand, it gets a lot of attention," said Neil McCartney from the McCartney Media and Telecoms consultancy. "It's very important for a company in that sort of situation to acknowledge a problem when it is reported and then put it right as fast as possible." Nick Dillon, senior device analyst at research house Ovum, added that Fairbanks Airport's complaint illustrated how hard the mapping business was to get right. "With Apple Maps the firm has made a rare misstep by releasing a product which has not lived up to its own high standards. "Apple evidently did not fully grasp the complexity involved in deploying a mapping service and its continuing woes show that it is not an easy thing to fix." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 25 14:12:33 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Sep 2013 15:12:33 -0400 Subject: [Infowarrior] - NSA planted bugs at Indian missions in D.C., U.N. Message-ID: NSA planted bugs at Indian missions in D.C., U.N. Shobhan Saxena http://www.thehindu.com/news/international/world/nsa-planted-bugs-at-indian-missions-in-dc-un/article5164944.ece Two of the most important nerve-centres of Indian diplomacy outside the country ? the Permanent Mission of India at the United Nations and the embassy in Washington, DC ? were targets of such sophisticated bugs implanted by the U.S. National Security Agency (NSA) that entire computer hard disks might have been copied by the American agency. The U.N. Mission building in New York and the embassy premises, including its annex, in Washington were on a top-secret list of countries and missions ? many of them European allies of the U.S. ? chosen for intensive spying. According to a top-secret NSA document obtained by The Hindu, the NSA selected India?s U.N. office and the embassy as ?location target? for infiltrating their computers and telephones with hi-tech bugs, which might have given them access to vast quantities of Internet traffic, e-mails, telephone and office conversations and even official documents stored digitally. Since the NSA revelations began in June, U.S. President Barack Obama and other top American officials have all claimed that the surveillance activities were aimed exclusively at preventing terrorist attacks. But the targeted spying of Indian diplomatic buildings could have been done for political and commercial reasons ? not the core responsibility of the NSA. According to the 2010 COMINT (communication intelligence) document about ?Close Access SIGADs?, the offices of Indian diplomats and high-ranking military officials stationed at these important posts were targets of four different kinds of electronic snooping devices: Lifesaver, which facilitates imaging of the hard drive of computers Highlands, which makes digital collection from implants Vagrant, which collects data of open computer screens, and Magnetic, which is a collection of digital signals All the Indian ?targets? in the list are marked with an asterisk, which, according to the document, means that they ?have either been dropped or are slated to be dropped in the near future.? The NSA document doesn?t say when and how the bugs were implanted or how much of data was lifted from Indian offices, but all of them were on the ?target? list for more than one type of data collection bugs. Asked by The Hindu, why India?s U.N. mission and embassy, which clearly pose no terrorism threat to the U.S., were targeted by the NSA, a spokesman for the Office of the Director of National Intelligence said: ?The U.S. government will respond through diplomatic channels to our partners and allies. While we are not going to comment publicly on every specific alleged intelligence activity, as a matter of policy we have made clear that the United States gathers foreign intelligence of the type gathered by all nations. We value our cooperation with all countries on issues of mutual concern.? But the spokesman didn?t answer The Hindu?s specific questions about why the top-secret document about spying on Indian missions shouldn?t be revealed or ?reproduced by this newspaper in full or part?. The document obtained by The Hindu reveals a scary scenario of breach of official secrecy of Indian missions and violation of privacy of Indian diplomats and other staff working in the three premises that were targeted. Located between 2nd and 3rd Avenue on 43rd Street in the eastern part of Manhattan, the office of India?s permanent representative to the UN was on top of the list of Indian targets. Designed by the legendary Indian architect, Charles Correa, the building with a red granite base and a double-height penthouse porch at the top has the offices of India?s permanent representative, deputy permanent representative, a minister and political coordinator, six counsellors, a Colonel-rank military advisor and several other secretaries who look after different areas of India?s engagement with the world. It was this building that was the main target of all four NSA bugs: from Lifesaver, which can send to the NSA copies of everything saved on the hard drives of office computers, to Vagrant, which can pick data straight from computer screens. Though emails sent to India?s New York mission have remained unanswered so far, an Indian diplomat told The Hindu that the NSA eavesdropping might have done ?extensive damage? to India?s stand on many international issues ranging from UN Security Council reforms to peacekeeping operations. ?If they could implant bugs inside communications equipment of European Union office here and tap into their communications cables as well, there is no reason to believe that they didn?t snoop on us,? said the diplomat, speaking strictly on condition of anonymity. ?We are still assessing the damage. If they managed to copy our hard drives, nothing is left to imagination.? Second to the UN mission on the ?target? list was the chancery building of the Indian Embassy located at 2107, Massachusetts Avenue in Washington, DC. Consisting of two adjacent buildings, one constructed in 1885 and the other in 1901, the chancery has offices of the Indian ambassador, the deputy chief of mission, several ministers and counsellors who head political, economic, defence and industry sections and three Defence Attach?s representing the Indian Army, Air Force and Navy. This building, from where India maintains its diplomatic, trade and strategic ties with the U.S., was on the ?target? list for three bugs that can make images of hard drives, pick digital signals and copy data of computer screens. The third Indian building targeted by the NSA is the embassy annex located on 2536, Massachusetts Avenue in Washington, DC. The annex has three very important departments: the consular section, headed by a minister, looks after visa services; the commerce department, also headed by a minister, is involved in a broad range of trade issues and negotiations besides assisting the Indian businesses; and an office of the Indian Space Research Organization (ISRO), represented by a counsellor, takes care of cooperation between two countries in the field of space. This building was on the NSA ?target? list for Highlands and Vagrant, which collect data from implants and computer screens respectively. It?s important to recall here that India?s space programme was targeted by another NSA tool PRISM, which intercepts and collects actual content on internet and telephone networks (as reported by The Hindu on Tuesday). But officials at the Indian embassy claim that the premises are safe. ?Adequate measures are in place in this regard and all steps taken to safeguard the national interest,? wrote an official in an email response to queries by The Hindu. Though no Indian official was willing to talk on record specifically about the NSA bugs mentioned in the top secret document, in private they admitted that it?s a violation of all norms and security. ?If these bugs were implanted physically on our machinery, telephones and computers, it means a serious breach in security. Who did that job for them? It?s very alarming situation. Even if they accessed our data remotely, it is quite a serious matter because we try to de-bug our systems constantly,? said an Indian diplomat, speaking on condition of anonymity. The document obtained by The Hindu doesn?t say if the bugs were placed physically or if the machines at the Indian Mission and embassy were targeted through the internet network, bugs similar to those aimed at Indian offices were actually ?implanted? in a commercially available encrypted fax machine used at missions such as that of the European Union. In a recent expose, The Guardian had revealed that the NSA infiltrated the internal computer network of several European embassies and the EU to intercept their communications. That had led to a roar of protests from European capitals. Alarm bells have been ringing in New Delhi too since July when it was first reported that 38 embassies and diplomatic missions, including the Indian embassy in Washington, were targeted by the NSA. Reacting to the reports, the Ministry of External Affairs spokesperson Syed Akbaruddin had expressed concern at the ?disconcerting? reports and said that the government would take up the concern with the Americans. But at that time, the Indian government was neither aware of the fact that the UN mission in New York too was a ?target? of NSA bugging nor did the officials know a thing about the nature and capabilities of the bugs used for snooping on their offices. The Indian mission to the UN has so far not reacted to either the reports of snooping on foreign missions nor to The Hindu?s queries sent to its office in New York, but the embassy officials have discussed the issue with their American counterparts. ?Our government has expressed concerns over the reports of monitoring of the Indian Embassy in Washington, D.C. by U.S. agencies, and the Embassy in Washington D.C. has raised these concerns with the U.S. government,? said an embassy official in an email repose to The Hindu?s queries, without elaborating at what level and in which meeting the issue was raised or what was the response of American officials. But the U.S. officials have already made it clear that they would not ?apologise? to anyone for the bugging of foreign mission, including the Indian embassy and New York office, as shown in NSA documents. ?While we?re not going to comment publicly on the specifics of alleged intelligence activities, as a matter of policy we?ve made clear that the U.S. gathers foreign intelligence of the type gathered by all nations,? U.S. State Department spokesman Patrick Ventrell had told reporters at his daily news conference on July 2, a day after the spying on European embassies was revealed for the first time in reports where India was just mentioned in a passing reference. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 25 18:54:03 2013 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Sep 2013 19:54:03 -0400 Subject: [Infowarrior] - Bipartisan Group Led By Wyden And Udall Introduce Legislation Aimed At Comprehensive Reform Of Surveillance Programs Message-ID: <6BFD165A-57B6-447C-ABD1-F6CE4E3B3BFD@infowarrior.org> Bipartisan Group Led By Wyden And Udall Introduce Legislation Aimed At Comprehensive Reform Of Surveillance Programs from the a-better-balancing-of-security-and-liberty dept http://www.techdirt.com/articles/20130925/14591124659/bipartisan-group-led-wyden-udall-introduce-legislation-aimed-comprehensive-reform-surveillance-programs.shtml Ron Wyden, Mark Udall, Richard Blumenthal and Rand Paul held a press conference today to discuss proposed legislation for reforming the NSA's surveillance programs. The bipartisan group assembled here is looking for actual reform, rather than the light touch-ups that have made up the majority of the administration's contributions to the national security discussion. Their proposal breaks down roughly into five key points (hat tip tothe ACLU's Michelle Richardson for tweeting updates during this press conference). The first proposal is to eliminate the Section 215 bulk records collections. As Wyden points out, no evidence exists that this data collection has led to the prevention of any terrorist attacks. Blumenthal adds to this point later in the press conference by referring to the oft-quoted "54 attacks prevented" statement as "bogus." Wyden also points out that the email records collection was already shut down (in 2011) for exactly this reason: no proven effectiveness. Wyden states that, with this bill, the dragnet collection of law-abiding citizens' information will be "outlawed." Second, the bill will close the backdoor search loophole in the FISA Amendments Act that allows intelligence agencies to rifle through the communications of millions of Americans without a warrant. Originally, this was intended to search only foreign communications but that loophole (which had been closed in 2008) was reopened by a secret rule change in 2011. This would simply fix what should never have been there in the first place. Third, Blumenthal's FISA Court Reform bill would be folded in, which would provide for a special advocate to act as an adversarial party in FISA court deliberations. As is pointed out later, this addition wouldn't unnecessarily burden the court. The advocate wouldn't be present for every warrant authorization but would sit in whenever major policy questions are being discussed in order to present the privacy and civil liberties side of the issue. Fourth, the bill adds in Rand Paul's fix for the ongoing "standing" problem. As the system is set up now, it is extremely difficult to be granted standing to sue the government for civil liberties violations because of the secrecy surrounding the programs (although Snowden's leaks have greased the wheels a bit). Up until very recently, the courts have stated that if you can't prove the government is surveilling you, then you can't sue them for surveilling you. And since the government is in no hurry to hand out the data it's collected on American citizens, it's nearly impossible to obtain that proof. This would expand the ability of Americans to pursue the government in court for any ill effects suffered as a result of the government's surveillance activities. Finally, the legislation will target the abuse of NSLs and strengthen the protections against reverse targeting. This won't completely dismantle the NSA's programs but it will greatly reduce its domestic intelligence gathering. As Udall points out later in the conference, intelligence agencies will still be able to target terrorists and spies -- they just won't be able to sweep up non-targeted bulk collections of data on American citizens -- and they'll have to do better than simply claim the data might be "relevant." As is now the new "normal," the backers of this bill are drawn from both parties. The NSA's overreach has managed to unite parties in a way the administration has been unable to do for nearly five years. As Wyden states, the narrow defeat of the NSA-defunding amendment proposed by Justin Amash was a "wakeup call" that demonstrated that many representatives were willing to cross party lines to protect civil liberties. That, in and of itself, is promising. But taking the first step as a bipartisan group should allow the bill's backers to draw support from both sides of the aisle, something that will greatly increase the chances of its success. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 26 13:25:51 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Sep 2013 14:25:51 -0400 Subject: [Infowarrior] - Samsung region-locking its phones now? Message-ID: <97981F6E-67B1-4EE6-A76F-FF7FDB34A840@infowarrior.org> Seriously, Samsung? Sorry, roamers, but the new Galaxy Note 3 is region-locked http://gigaom.com/2013/09/26/seriously-samsung-sorry-european-roamers-but-the-new-galaxy-note-3-is-region-locked/ By David Meyer 7 hours ago People buying the unlocked Galaxy Note 3 in regions such as Europe or North America will not be able to use a SIM card from another region in it, meaning they will have to pay exorbitant roaming fees if they travel outside the region. I really thought the days of region-locking were dying with the DVD, but it seems I was wrong ? Samsung has decided to revive the odious practice with its Galaxy Note 3 smartphone. Yes, if you buy an unlocked Note 3 in Europe and travel to, say, the U.S., you will not be able to use a local SIM card. The same applies the other way round. In other words, you will be forced to pay for your carrier?s outrageous roaming fees or go Wi-Fi-only. This fact first came out in a Wednesday blog post by the British online retailer Clove. Samsung has confirmed to me that they are really doing this, and I?m waiting on a statement. Here?s what Clove said: ?If you travel internationally (outside Europe) and usually insert a local SIM card when in those countries, the Note 3 will NOT be able to use the local network. It will lose all mobile connectivity with the exception of emergency calls. ?For example, if you travel to the USA and insert a SIM card issued in the USA, you will not be able to use the Note 3 for any voice calls, text messages and mobile data connection. It will work via a WiFi connectivity only.? tweet this Interestingly, Samsung Switzerland has been telling customers on Facebook (in German) that they can use non-European SIM cards in phones bought there. That directly contradicts what the stickers on the Note 3 boxes say, and what Samsung?s German PRs told me, but it?s worth mentioning. My opinion on the matter, if expressed as I?m feeling it, would not be fit for a family-friendly publication such as this. The great advantage of the GSM telephony standard (the ?G? stands for ?global?, by the way) is that it puts power into the hands of the consumer. Unlike CDMA, it uses SIM cards, allowing users to easily swap carrier if needed (assuming of course that they have an unlocked phone). Right now I can only guess that the carriers asked Samsung to region-lock its devices, so that customers will have to pay the crazy roaming rates of their home carriers while travelling in other parts of the world. But that?s speculation. Go on, Samsung, tell us why this is OK. This post was updated at 5.50am PT to reflect the fact that this wasn?t just a European thing, as it first appeared to be, and at 6.40am PT to include a reference to Samsung Switzerland?s assurances to worried customers. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 26 13:37:39 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Sep 2013 14:37:39 -0400 Subject: [Infowarrior] - NOW: Senate Intel. Hosts Hearing on FISA Changes Message-ID: <06AAABC0-BF24-4439-B591-1D9A80A28009@infowarrior.org> Prepare to be nauseated by the spin coming from Feinstein, Saxby-Chambliss, Clapper, et.al....they're already invoked 9/11 at least once. Video@ http://www.c-span.org/Events/Senate-Intel-Hosts-Hearing-on-FISA-Changes/10737441690-1/ @EFFLIve is livetweeting it, too. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 26 18:38:29 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Sep 2013 19:38:29 -0400 Subject: [Infowarrior] - A media law that stifles the press Message-ID: <3E2E396B-E95C-493E-A035-58E683B13098@infowarrior.org> A media law that stifles the press By JASON STVERAK | 9/26/13 6:28 PM EDT http://www.politico.com/story/2013/09/a-media-law-that-stifles-the-press-97431.html?hp=r7 There is a sad irony in the proposed media shield bill passed by the Senate Judiciary Committee earlier this month. Lawmakers introduced the bill after the federal government violated press freedom by probing the phone records of Associated Press reporters without permission last year. According to the bill?s sponsor, Sen. Charles Schumer (D-N.Y.), the proposed law ?ensures that the tough investigative journalism that holds government accountable will be able to thrive.? Yet an amendment attached to the bill does the very thing the legislation purports to stop: Rather than providing a ?shield? so that the government cannot force those who do journalism to reveal confidential sources, it determines who is and is not legally a journalist, offering protection only for those who fit a too-narrow definition of the term. Spearheaded by Sen. Diane Feinstein (D-Calif.) ? who told the Judiciary Committee she believes the bill should apply only to ?real reporters? ? the amendment defines a journalist as an ?employee, independent contractor or agent of an entity that disseminates news or information? on one of a number of specified platforms, including newspapers, websites, books, television and radio. What?s more, the law would cover only journalists who have been employed for one continuous year within the last 20 years, or three continuous months within the last five years. Protection would also apply to student journalists or freelancers but only if they have ?substantially contributed? a ?significant number of articles, stories, programs, or publications? over the past five years. While freelance journalists, who essentially sell their reporting services and stories to established news outlets for publication, would qualify as independent contractors, it?s doubtful many independent bloggers would be granted protection under the new law because they do not write directly for an official news entity and are usually not paid employees. In short, bloggers would get shafted. Feinstein?s own statements make this clear. Speaking before the Judiciary Committee, she derided the hypothetical ?17-year-old who drops out of high school, buys a website for five dollars, and starts a blog.? Yet in the digital age, as Matt Drudge has pointed out, why can?t that teenager report news every bit as significant as, say, Wolf Blitzer? It may be less likely, but that?s no justification for unequal protections under the law. As Drudge understands, our digital era allows anyone to be a journalist, regardless if you are employed by a specific company or have a degree from a specific institution. Journalism is something you do, not something you are. But there?s even more at stake here. By making a distinction between those allegedly ?qualified? to report the facts and everyone else, the proposed law would also restrict opportunities for whistleblowers, either prompting them to go only to journalists who are considered qualified by the government and therefore protected from revealing their sources, or making them less prone to risk exposing a story in the first place. Edward Snowden first sought anti-establishment journalists who were comfortable in the blogging and social media worlds rather than going to the New York Times, which he did not trust to publish the story immediately. It?s easy to imagine how the bill?s restrictive language could further hamper potential whistleblowers, especially considering that it excludes ?acts that are reasonably likely to cause significant and articulable harm to national security.? As Zoe Carpenter pointed out in Nation, the vague language of this loophole may not give protection to the journalists who need it most in high-stakes stories. True, the amendment would allow federal judges to choose to declare someone a ?covered journalist? if they do not meet the proposed criteria. This could potentially create some leeway for bloggers, but in reality it means uncertain protection at best. And it?s hard to imagine a whistleblower taking much solace in the possible ruling of a federal judge. Perhaps most sinister of all, the proposed law reeks of political calculus: Its definition of who is a journalist could restrict any blogger or citizen activist who, to the consternation of many politicians, actually practices good journalism by exposing difficult truths about our elected officials. These criticisms all concern themselves with one foundational problem: The bill moves to put more regulatory power in the hands of the government. Passing a law with protections that do not apply to the vast majority of Americans ? only a qualified minority ? runs against the commitment to freedom that defines this country. It implies that most Americans can?t be trusted to speak the truth and challenge authority, and it charges that the government can best handle the issue by passing laws that hinder them from doing so. Recall the Justice Department?s AP probe earlier this year, when officials tapped 20 phone lines without first getting permission or even notifying the news organization. As AP president Gary Pruitt put it, the DOJ?s move violated the government?s policies and procedures already in place. The problem wasn?t that we lacked rules to stop the government from violating the press? First Amendment rights. Putting an arbitrary definition of ?journalist? on the legal books does not fix the deeper, fundamental problem: government run amok. Instead, let?s return to the simple rights that have been with America since day one. We already have a law to protect the press without the government meddling in our newsgathering and excluding so many Americans from the reporting process. It?s called the First Amendment. Jason Stverak is the publisher of Watchdog.org and the President of the Franklin Center for Government & Public Integrity. Read more: http://www.politico.com/story/2013/09/a-media-law-that-stifles-the-press-97431.html#ixzz2g2r4j3Oz --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 26 19:46:40 2013 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Sep 2013 20:46:40 -0400 Subject: [Infowarrior] - MoD study sets out how to sell wars to the public Message-ID: <8B0A1EC3-6551-4913-AFBE-A09F2EA1689F@infowarrior.org> (MOD paper @ http://www.theguardian.com/uk-news/interactive/2013/sep/26/mod-study-attitudes-risk) MoD study sets out how to sell wars to the public Exclusive: Families angry at proposal to lower profile of repatriation ceremonies ? Ben Quinn ? The Guardian, Thursday 26 September 2013 15.52 EDT http://www.theguardian.com/uk-news/2013/sep/26/mod-study-sell-wars-public The armed forces should seek to make British involvement in future wars more palatable to the public by reducing the public profile of repatriation ceremonies for casualties, according to a Ministry of Defence unit that formulates strategy. Other suggestions made by the MoD thinktank in a discussion paper examining how to assuage "casualty averse" public opinion include the greater use of mercenaries and unmanned vehicles, as well as the SAS and other special forces, because it says losses sustained by the elite soldiers do not have the same impact on the public and press. The document, written in November 2012 and obtained by the Guardian under the Freedom of Information Act, discusses how public reaction to casualties can be influenced and recommends that the armed forces should have "a clear and constant information campaign in order to influence the major areas of press and public opinion". It says that to support such a campaign the MoD should consider a number of steps, one of which would be to "reduce the profile of the repatriation ceremonies" ? an apparent reference to the processions of hearses carrying coffins draped in the union flag that were driven through towns near RAF bases where bodies were brought back. For four years up to 2011, 345 servicemen killed in action were brought back to RAF Lyneham and driven through Royal Wootton Bassett, in Wiltshire, in front of crowds of mourners. Since then, bodies have been repatriated via RAF Brize Norton, in Oxfordshire, with hearses driven through nearby Carterton. The MoD's suggestion received a scathing reaction from some families of dead military personnel. Deborah Allbutt, whose husband Stephen was killed in a friendly fire incident in Iraq in 2003, described the proposals for repatriation ceremonies as "brushing the deaths under the carpet". She said: "They are fighting and giving their lives. Why should they be hidden away? It would be absolutely disgraceful." Allbutt, with others, gained a landmark ruling this year that relatives of killed or injured soldiers can seek damages under human rights legislation. The paper, by the MoD's development, concepts and doctrine centre (DCDC), recommends taking steps to "reduce public sensitivity to the penalties inherent in military operations" and says the ministry should "inculcate an attitude that service may involve sacrifice and that such risks are knowingly and willingly undertaken as a matter of professional judgment". The paper amounts to what could be considered a prescient analysis of why the British public and MPs were so reluctant to support an attack on Syria. It also says that in any conflict the MoD should ensure that the reason for going to war is "clearly explained to the public". The eight-page paper argues that the military may have come to wrongly believe that the public, and as a result the government, has become more "risk averse" on the basis of recent campaigns in Afghanistan and Iraq. "However, this assertion is based on recent, post-2000 experience and we are in danger of learning false lessons concerning the public's attitude to military operations," the paper, which has no named author, adds. "Historically, once the public are convinced that they have a stake in the conflict they are prepared to endorse military risks and will accept casualties as the necessary consequence of the use of military force." To back this up, it cites "robust" public support for earlier conflicts ? the Falklands war and operations in Northern Ireland between 1969 and 2007. "In those cases where the public is unconvinced of the relevance of the campaign to their wellbeing they are not prepared to condone military risk and are acutely sensitive to the level of casualties incurred. "Neither the action in Iraq nor the operations in Afghanistan have enjoyed public support and we are in danger of learning a false lesson from the experience of the last 10 years." The report adds: "The public have become better informed and our opponents more sophisticated in the exploitation of the sources of information with the net result that convincing the nation of the need to run military risks has become more difficult but no less essential." Among other suggestions that could contend with worries about casualty numbers, the DCDC recommends a major investment in "autonomous systems for unmanned vehicles", cyber-operations and the increased use of mercenaries, referred to as "contractors". Noting that the growth of private security companies has proceeded at a spectacular rate during the past 10 years, it adds: "Neither the media nor the public in the west appear to identify with contractors in the way that they do with their military personnel. Thus casualties from within the contractorised force are more acceptable in pursuit of military ends than those from among our own forces." Investing in greater numbers of special forces is also recommended. The paper suggests: "The public appear to have a more robust attitude to SF [special forces] losses." In a reference to a May 1982 helicopter crash, it says: "The loss of 19 SAS soldiers in a single aircraft accident during the Falklands campaign did not arouse any significant comment." An MoD spokesman said: "It is entirely right that we publicly honour those who have made the ultimate sacrifice and there are no plans to change the way in which repatriation ceremonies are conducted. A key purpose of the development, concepts and doctrine centre is to produce research which tests and challenges established doctrine and its papers are designed to stimulate internal debate, not outline government policy or positions. To represent this paper as policy or a potential shift of policy is misleading." Joe Glenton, an anti-war activist and former soldier who spent five months in a military prison after refusing to serve a second tour in Afghanistan, said that lowering the profile of repatriations amounted to "hiding the bodies". It had also, effectively, already been underway from several years ago. "We should recall they switched the route of repatriations from the very high profile Wootton Bassett and started again bringing bodies through RAF Brize Norton. In short, hiding the bodies," he said. "The public rightly is averse to young soldiers being maimed or wounded, and averse to dusty foreign adventures." Christopher Dandeker, a professor of military sociology at King's College London, said that the issues raised in the paper were timely as the public had recently shown that they were unconvinced by what political elites wanted to do in relation to the use of force in Syria. It also made sense that the military would pay greater attention to the role of military families, who were becoming "a more politically active, questioning independent stakeholder in the military community". --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 27 06:51:21 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Sep 2013 07:51:21 -0400 Subject: [Infowarrior] - 10/26 anti-surveillance demonstration in DC Message-ID: <75DB748E-18B1-4809-A9D8-85A0804B8063@infowarrior.org> Mass anti-surveillance demonstration in DC on Oct 26 http://boingboing.net/2013/09/26/mass-anti-surveillance-demonst.html Rainey from EFF sez, "On the weekend of October 26 -- the 12th anniversary of the signing of the USA PATRIOT Act -- thousands of people from across the political spectrum will unite in Washington, D.C. to take a stand against unconstitutional surveillance. Groups like EFF, ACLU and reddit are using the event to pressure Congress to stop mass spying -- and dropping off a petition with over 500,000 signatures to show they're serious. There will be speakers, privacy experts, and lots of music - including YACHT, the indie pop duo that's sweeping the nation with its new song, 'Party at the NSA.'" --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 27 06:54:31 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Sep 2013 07:54:31 -0400 Subject: [Infowarrior] - FAA committee recommends lifting in-flight tech restrictions Message-ID: <36469B18-A58D-4B84-AED7-1C1CEB328769@infowarrior.org> FAA committee recommends lifting in-flight tech restrictions updated 05:31 am EDT, Fri September 27, 2013 http://www.electronista.com/articles/13/09/27/advisory.panel.suggests.relaxing.ban.on.device.usage.at.takeoff.landing/ Advisory panel suggests relaxing ban on device usage at takeoff, landing The Federal Aviation Administration (FAA) will be taking another look at its rules preventing passengers from using electronic devices during takeoff and landing from next week. A high-level 28-member advisory committee examining the issue has recommended that the FAA relaxes the rules, with the formal report on the discussions being presented to the FAA on Monday. Current rules ask for mobile devices to be switched off for both take-off and landing, until the plane reaches an altitude of 10,000 feet and higher. The Associated Press reports that these new recommendations will at least allow for the devices to be switched on and used during these periods, but Wi-Fi and access to a mobile phone network will still be forbidden fro the periods. "We've been fighting for our customers on this issue for years ? testing an airplane packed full of Kindles, working with the FAA and serving as the device manager on this committee," said Amazon spokesperson Drew Herdener, continuing "This is a big win for customers and, frankly, it's about time." While the move is promising, the rules are still far from being changed. The FAA can go against the recommendations of the committee, though this is unlikely. If the FAA does adopt the changes, then restrictions on device usage at the start and end of flights could be lifted by early 2014, or later if it requires carrier-by-carrier approval. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 27 06:54:36 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Sep 2013 07:54:36 -0400 Subject: [Infowarrior] - Verizon's Outrageous Plot to Crack Up the Internet Message-ID: <52350CC7-EEFC-45DA-99F3-2A634BBA5DB8@infowarrior.org> http://www.alternet.org/media/verizons-outrageous-plot-crack-internet-charging-tolls-web-sites Verizon's Outrageous Plot to Crack Up the Internet September 24, 2013 | Verizon has big plans for the Internet. And if that doesn't worry you, it should. The company is trying to overturn the Federal Communications Commission's Open Internet Order, which prevents Internet service providers from blocking, throttling or otherwise discriminating against online content. And in court last Monday, Verizon lawyer Helgi Walker made the company's intentions all too clear, saying the company wants to prioritize those websites and services that are willing to shell out for better access. She also admitted that the company would like to block online content from those companies or individuals that don't pay Verizon's tolls. In other words, Verizon wants to control your online experience and make the Internet more like cable TV, where your remote offers only the illusion of choice. This approach would undermine Net Neutrality, the principle that allows us to connect and communicate online without interference. Problem Found For years, ISPs like AT&T, Comcast and Verizon have said that Net Neutrality rules are unnecessary. They've insisted they would never block access to one site or favor another. These companies have also suggested that the millions of people who joined the movement to protect the open Internet were chasing goblins. "Net Neutrality is a solution in search of a problem," Verizon's general counsel Randy Milchsaid in a 2010 speech. In 2011, the company buttressed this spin with a "commitment" to Internet users. Verizon would not, it said, "prevent ... users of our service from sending and receiving the lawful content of [their] choice." Furthermore, Verizon said it would not "unduly discriminate against any lawful Internet content, application or service." But now Verizon is preaching from a different pulpit. In court last week, the judges asked whether the company intended to favor certain websites over others. "I'm authorized to state from my client today," Verizon attorney Walker said, "that but for these rules we would be exploring those types of arrangements." Walker's admission might have gone unnoticed had she not repeated it on at least five separate occasions during oral arguments. In response to Judge Laurence Silberman's line of questioning about whether Verizon should be able to block any website or service that doesn't pay the company's proposed tolls, Walker said: "I think we should be able to; in the world I'm positing, you would be able to." Protecting the Marketplace of Ideas This comment didn't come as too much of a surprise, given that it came from the same company whose lawyers have argued that Verizon has the First Amendment right to "edit" (read "censor or throttle") Internet content. At its core Verizon's attack on the FCC is an attack on the idea that regulators have any role to ensure affordable access to an open Internet. Now more than ever we need policies to protect consumers and users of all communications. And as all media converges on digital networks that means policies that protect Net Neutrality. While Verizon and other ISPs are already raking in immense profits from connecting users to the Internet, they see even higher margins in being able to tell us where to go once we're online. By charging a premium so wealthy businesses can jump to the front of the line, they're playing a game with data delivery that would shove all other sites to the back. "I think the people who talk about dismantling -- threatening -- Net Neutrality don't appreciate how important it has been for us to have an independent market for productivity and for applications on the Internet," World Wide Web inventor Sir Tim Berners-Lee has said. Indeed, Berners-Lee built the World Wide Web on an open protocol that gives everyday users the power to go wherever they wish. This approach has given us a truly free marketplace of ideas where even the smallest entrepreneur can compete with giant corporations. (Would we have many of the Internet's most innovative businesses -- like Twitter, YouTube and FourSquare -- had they been unable to enter the market on a level playing field?). Without the inherent protections an open Internet offers political voices who lack a big-money megaphone will get drowned out. The Internet will look a whole lot different if network operators get to favor one online business or speaker over another. We can't let the Verizons of the world turn the Web into their own private fiefdoms where they award express service to their corporate and political allies and shunt everyone else to the side. Verizon has put its cards on the table. Under its preferred scenario, the open Internet no longer exists. Whatever the outcome of this court case, we need to fight to protect the open Internet -- and stop Verizon's vision from becoming reality. Timothy Karr is the author of MediaCitizen, a weblog about the future of America's media. He is the campaign director of Free Press. From September 2003 through February 2005, Karr was executive director of MediaChannel.org and Media for Democracy. From rforno at infowarrior.org Fri Sep 27 07:08:59 2013 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Sep 2013 08:08:59 -0400 Subject: [Infowarrior] - Seymour Hersh on Obama, NSA and the 'pathetic' American media Message-ID: <917E4773-7750-44E3-B7A1-096D1C611D33@infowarrior.org> Seymour Hersh on Obama, NSA and the 'pathetic' American media Pulitzer Prize winner explains how to fix journalism, saying press should 'fire 90% of editors and promote ones you can't control' http://www.theguardian.com/media/media-blog/2013/sep/27/seymour-hersh-obama-nsa-american-media Seymour Hersh has got some extreme ideas on how to fix journalism ? close down the news bureaus of NBC and ABC, sack 90% of editors in publishing and get back to the fundamental job of journalists which, he says, is to be an outsider. It doesn't take much to fire up Hersh, the investigative journalist who has been the nemesis of US presidents since the 1960s and who was once described by the Republican party as "the closest thing American journalism has to a terrorist". He is angry about the timidity of journalists in America, their failure to challenge the White House and be an unpopular messenger of truth. Don't even get him started on the New York Times which, he says, spends "so much more time carrying water for Obama than I ever thought they would" ? or the death of Osama bin Laden. "Nothing's been done about that story, it's one big lie, not one word of it is true," he says of the dramatic US Navy Seals raid in 2011. The Obama administration lies systematically, he claims, yet none of the leviathans of American media, the TV networks or big print titles, challenge him. "It's pathetic, they are more than obsequious, they are afraid to pick on this guy [Obama]," he declares in an interview with MediaGuardian. He isn't even sure if the recent revelations about the depth and breadth of surveillance by the National Security Agency will have a lasting effect. Snowden changed the debate on surveillance He is certain that NSA whistleblower Edward Snowden "changed the whole nature of the debate" about surveillance. Hersh says he and other journalists had written about surveillance, but Snowden was significant because he provided documentary evidence ? although he is sceptical about whether the revelations will change the US government's policy. "Duncan Campbell [the British investigative journalist who broke the Zircon cover-up story], James Bamford [US journalist] and Julian Assange and me and the New Yorker, we've all written the notion there's constant surveillance, but he [Snowden] produced a document and that changed the whole nature of the debate, it's real now," Hersh says. "Editors love documents. Chicken-shit editors who wouldn't touch stories like that, they love documents, so he changed the whole ball game," he adds, before qualifying his remarks. "But I don't know if it's going to mean anything in the long [run] because the polls I see in America ? the president can still say to voters 'al-Qaida, al-Qaida' and the public will vote two to one for this kind of surveillance, which is so idiotic," he says. Holding court to a packed audience at City University's summer school on investigative journalism, 76-year-old Hersh is on full throttle, a whirlwind of amazing stories of how journalism used to be; how he exposed the My Lai massacre in Vietnam, how he got the Abu Ghraib pictures of American soldiers brutalising Iraqi prisoners, and what he thinks of Edward Snowden. Hope of redemption Despite his concern about the temerity of journalism he believes the trade still offers hope of redemption. "I have this sort of heuristic view that journalism, we possibly offer hope because the world is clearly run by total nincompoops more than ever ? Not that journalism is always wonderful, it's not, but at least we offer some way out, some integrity." His story of how he uncovered the My Lai atrocity is one of old-fashioned shoe-leather journalism and doggedness. Back in 1969, he got a tip about a 26-year-old platoon leader, William Calley, who had been charged by the army with alleged mass murder. Instead of picking up the phone to a press officer, he got into his car and started looking for him in the army camp of Fort Benning in Georgia, where he heard he had been detained. From door to door he searched the vast compound, sometimes blagging his way, marching up to the reception, slamming his fist on the table and shouting: "Sergeant, I want Calley out now." Eventually his efforts paid off with his first story appearing in the St Louis Post-Despatch, which was then syndicated across America and eventually earned him the Pulitzer Prize. "I did five stories. I charged $100 for the first, by the end the [New York] Times were paying $5,000." He was hired by the New York Times to follow up the Watergate scandal and ended up hounding Nixon over Cambodia. Almost 30 years later, Hersh made global headlines all over again with his exposure of the abuse of Iraqi prisoners at Abu Ghraib. Put in the hours For students of journalism his message is put the miles and the hours in. He knew about Abu Ghraib five months before he could write about it, having been tipped off by a senior Iraqi army officer who risked his own life by coming out of Baghdad to Damascus to tell him how prisoners had been writing to their families asking them to come and kill them because they had been "despoiled". "I went five months looking for a document, because without a document, there's nothing there, it doesn't go anywhere." Hersh returns to US president Barack Obama. He has said before that the confidence of the US press to challenge the US government collapsed post 9/11, but he is adamant that Obama is worse than Bush. "Do you think Obama's been judged by any rational standards? Has Guantanamo closed? Is a war over? Is anyone paying any attention to Iraq? Is he seriously talking about going into Syria? We are not doing so well in the 80 wars we are in right now, what the hell does he want to go into another one for. What's going on [with journalists]?" he asks. He says investigative journalism in the US is being killed by the crisis of confidence, lack of resources and a misguided notion of what the job entails. "Too much of it seems to me is looking for prizes. It's journalism looking for the Pulitzer Prize," he adds. "It's a packaged journalism, so you pick a target like ? I don't mean to diminish because anyone who does it works hard ? but are railway crossings safe and stuff like that, that's a serious issue but there are other issues too. "Like killing people, how does [Obama] get away with the drone programme, why aren't we doing more? How does he justify it? What's the intelligence? Why don't we find out how good or bad this policy is? Why do newspapers constantly cite the two or three groups that monitor drone killings. Why don't we do our own work? "Our job is to find out ourselves, our job is not just to say ? here's a debate' our job is to go beyond the debate and find out who's right and who's wrong about issues. That doesn't happen enough. It costs money, it costs time, it jeopardises, it raises risks. There are some people ? the New York Times still has investigative journalists but they do much more of carrying water for the president than I ever thought they would ? it's like you don't dare be an outsider any more." He says in some ways President George Bush's administration was easier to write about. "The Bush era, I felt it was much easier to be critical than it is [of] Obama. Much more difficult in the Obama era," he said. Asked what the solution is Hersh warms to his theme that most editors are pusillanimous and should be fired. "I'll tell you the solution, get rid of 90% of the editors that now exist and start promoting editors that you can't control," he says. I saw it in the New York Times, I see people who get promoted are the ones on the desk who are more amenable to the publisher and what the senior editors want and the trouble makers don't get promoted. Start promoting better people who look you in the eye and say 'I don't care what you say'. Nor does he understand why the Washington Post held back on the Snowden files until it learned the Guardian was about to publish. If Hersh was in charge of US Media Inc, his scorched earth policy wouldn't stop with newspapers. "I would close down the news bureaus of the networks and let's start all over, tabula rasa. The majors, NBCs, ABCs, they won't like this ? just do something different, do something that gets people mad at you, that's what we're supposed to be doing," he says. Hersh is currently on a break from reporting, working on a book which undoubtedly will make for uncomfortable reading for both Bush and Obama. "The republic's in trouble, we lie about everything, lying has become the staple." And he implores journalists to do something about it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Sep 28 12:23:11 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Sep 2013 13:23:11 -0400 Subject: [Infowarrior] - N.S.A. Gathers Data on Social Connections of U.S. Citizens Message-ID: <869883B1-708F-4682-AA2C-CFB0160EE6E1@infowarrior.org> N.S.A. Gathers Data on Social Connections of U.S. Citizens By JAMES RISEN and LAURA POITRAS Published: September 28, 2013 26 Comments http://www.nytimes.com/2013/09/29/us/nsa-examines-social-networks-of-us-citizens.html WASHINGTON ? Since 2010, the National Security Agency has been exploiting its huge collections of data to create sophisticated graphs of some Americans? social connections that can identify their associates, their locations at certain times, their traveling companions and other personal information, according to newly disclosed documents and interviews with officials. The spy agency began allowing the analysis of phone call and e-mail logs in November 2010 to examine Americans? networks of associations for foreign intelligence purposes after N.S.A. officials lifted restrictions on the practice, according to documents provided by Edward J. Snowden, the former N.S.A. contractor. The policy shift was intended to help the agency ?discover and track? connections between intelligence targets overseas and people in the United States, according to an N.S.A. memorandum from January 2011. The agency was authorized to conduct ?large-scale graph analysis on very large sets of communications metadata without having to check foreignness? of every e-mail address, phone number or other identifier, the document said. Because of concerns about infringing on the privacy of American citizens, the computer analysis of such data had previously been permitted only for foreigners. The agency can augment the communications data with material from public, commercial and other sources, including bank codes, insurance information, Facebook profiles, passenger manifests, voter registration rolls and GPS location information, as well as property records and unspecified tax data, according to the documents. They do not indicate any restrictions on the use of such ?enrichment? data, and several former senior Obama administration officials said the agency drew on it for both Americans and foreigners. N.S.A. officials declined to say how many Americans have been caught up in the effort, including people involved in no wrongdoing. The documents do not describe what has resulted from the scrutiny, which links phone numbers and e-mails in a ?contact chain? tied directly or indirectly to a person or organization overseas that is of foreign intelligence interest. The new disclosures add to the growing body of knowledge in recent months about the N.S.A.?s access to and use of private information concerning Americans, prompting lawmakers in Washington to call for reining in the agency and President Obama to order an examination of its surveillance policies. Almost everything about the agency?s operations is hidden, and the decision to revise the limits concerning Americans was made in secret, without review by the nation?s intelligence court or any public debate. As far back as 2006, a Justice Department memo warned of the potential for the ?misuse? of such information without adequate safeguards. An agency spokeswoman, asked about the analyses of Americans? data, said, ?All data queries must include a foreign intelligence justification, period.? ?All of N.S.A.?s work has a foreign intelligence purpose,? the spokeswoman added. ?Our activities are centered on counterterrorism, counterproliferation and cybersecurity.? The legal underpinning of the policy change, she said, was a 1979 Supreme Court ruling that Americans could have no expectation of privacy about what numbers they had called. Based on that ruling, the Justice Department and the Pentagon decided that it was permissible to create contact chains using Americans? ?metadata,? which includes the timing, location and other details of calls and e-mails, but not their content. The agency is not required to seek warrants for the analyses from the Foreign Intelligence Surveillance Court. N.S.A. officials declined to identify which phone and e-mail databases are used to create the social network diagrams, and the documents provided by Mr. Snowden do not specify them. The agency did say that the large database of Americans? domestic phone call records, which was revealed by Mr. Snowden in June and caused bipartisan alarm in Washington, was excluded. (N.S.A. officials have previously acknowledged that the agency has done limited analysis in that database, collected under provisions of the Patriot Act, exclusively for people who might be linked to terrorism suspects.) But the agency has multiple collection programs and databases, the former officials said, adding that the social networking analyses relied on both domestic and international metadata. They spoke only on the condition of anonymity because the information was classified. The concerns in the United States since Mr. Snowden?s revelations have largely focused on the scope of the agency?s collection of the private data of Americans and the potential for abuse. But the new documents provide a rare window into what the N.S.A. actually does with the information it gathers. A series of agency PowerPoint presentations and memos describe how the N.S.A. has been able to develop software and other tools ? one document cited a new generation of programs that ?revolutionize? data collection and analysis ? to unlock as many secrets about individuals as possible. The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate for more weapons in the hunt for information about the nation?s adversaries, clearly views its collections of metadata as one of its most powerful resources. N.S.A. analysts can exploit that information to develop a portrait of an individual, one that is perhaps more complete and predictive of behavior than could be obtained by listening to phone conversations or reading e-mails, experts say. Phone and e-mail logs, for example, allow analysts to identify people?s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist?s office, late-night messages to an extramarital partner or exchanges with a fellow plotter. ?Metadata can be very revealing,? said Orin S. Kerr, a law professor at George Washington University. ?Knowing things like the number someone just dialed or the location of the person?s cellphone is going to allow to assemble a picture of what someone is up to. It?s the digital equivalent of tailing a suspect.? The N.S.A. had been pushing for more than a decade to obtain the rule change allowing the analysis of Americans? phone and e-mail data. Intelligence officials had been frustrated that they had to stop when a contact chain hit a telephone number or e-mail address believed to be used by an American, even though it might yield valuable intelligence primarily concerning a foreigner who was overseas, according to documents previously disclosed by Mr. Snowden. N.S.A. officials also wanted to employ the agency?s advanced computer analysis tools to sift through its huge databases with much greater efficiency. The agency had asked for the new power as early as 1999, the documents show, but had been initially rebuffed because it was not permitted under rules of the Foreign Intelligence Surveillance Court that were intended to protect the privacy of Americans. A 2009 draft of an N.S.A. inspector general?s report suggests that contact chaining and analysis may have been done on Americans? communications data under the Bush administration?s program of wiretapping without warrants, which began after the Sept. 11 attacks to detect terrorist activities and skirted the existing laws governing electronic surveillance. In 2006, months after the wiretapping program was disclosed by The New York Times, the N.S.A.?s acting general counsel wrote a letter to a senior Justice Department official, which was also leaked by Mr. Snowden, formally asking for permission to perform the analysis on American phone and e-mail data. A Justice Department memo to the attorney general noted that the ?misuse? of such information ?could raise serious concerns,? and said the N.S.A. promised to impose safeguards, including regular audits, on the metadata program. In 2008, the Bush administration gave its approval. A new policy that year, detailed in ?Defense Supplemental Procedures Governing Communications Metadata Analysis,? authorized by Defense Secretary Robert M. Gates and Attorney General Michael B. Mukasey, said that since the Supreme Court had ruled that metadata was not constitutionally protected, N.S.A. analysts could use such information ?without regard to the nationality or location of the communicants,? according to an internal N.S.A. description of the policy. After that decision, which was previously reported by The Guardian, the N.S.A. performed the social network graphing in a pilot project for 1 ? years ?to great benefit,? according to the 2011 memo. It was put in place in November 2010 in ?Sigint Management Directive 424? (sigint refers to signals intelligence). In the 2011 memo explaining the shift, N.S.A. analysts were told that they could trace the contacts of Americans as long as they cited a foreign intelligence justification. That could include anything from ties to terrorism, weapons proliferation, international drug smuggling or espionage to conversations with a foreign diplomat or a political figure. Analysts were warned to follow existing ?minimization rules,? which prohibit the N.S.A. from sharing with other agencies names and other details of Americans whose communications are collected, unless they are necessary to understand foreign intelligence reports or there is evidence of a crime. The agency is required to obtain a warrant from the intelligence court to target a ?U.S. person? ? a citizen or legal resident ? for actual eavesdropping. The N.S.A. documents show that one of the main tools used for chaining phone numbers and e-mail addresses has the code name Mainway. It is a repository into which vast amounts of data flow daily from the agency?s fiber-optic cables, corporate partners and foreign computer networks that have been hacked. The documents show that significant amounts of information from the United States go into Mainway. An internal N.S.A. bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider under Section 702 of the 2008 FISA Amendments Act, which allows for the collection of the data of Americans if at least one end of the communication is believed to be foreign. The overall volume of metadata collected by the N.S.A. is reflected in the agency?s secret 2013 budget request to Congress. The budget document, disclosed by Mr. Snowden, shows that the agency is pouring money and manpower into creating a metadata repository capable of taking in 20 billion ?record events? daily and making them available to N.S.A. analysts within 60 minutes. The spending includes support for the ?Enterprise Knowledge System,? which has a $394 million multiyear budget and is designed to ?rapidly discover and correlate complex relationships and patterns across diverse data sources on a massive scale,? according to a 2008 document. The data is automatically computed to speed queries and discover new targets for surveillance. A top-secret document titled ?Better Person Centric Analysis? describes how the agency looks for 94 ?entity types,? including phone numbers, e-mail addresses and IP addresses. In addition, the N.S.A. correlates 164 ?relationship types? to build social networks and what the agency calls ?community of interest? profiles, using queries like ?travelsWith, hasFather, sentForumMessage, employs.? A 2009 PowerPoint presentation provided more examples of data sources available in the ?enrichment? process, including location-based services like GPS and TomTom, online social networks, billing records and bank codes for transactions in the United States and overseas. At a Senate Intelligence Committee hearing on Thursday, General Alexander was asked if the agency ever collected or planned to collect bulk records about Americans? locations based on cellphone tower data. He replied that it was not doing so as part of the call log program authorized by the Patriot Act, but said a fuller response would be classified. If the N.S.A. does not immediately use the phone and e-mail logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents. One 2011 memo, for example, said that after a court ruling narrowed the scope of the agency?s collection, the data in question was ?being buffered for possible ingest? later. A year earlier, an internal briefing paper from the N.S.A. Office of Legal Counsel showed that the agency was allowed to collect and store raw traffic, which includes both metadata and content, about ?U.S. persons? for up to five years online and for an additional 10 years offline for ?historical searches.? James Risen reported from Washington and New York. Laura Poitras, a freelance journalist, reported from Berlin. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 29 12:54:28 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Sep 2013 13:54:28 -0400 Subject: [Infowarrior] - UK to create new cyber defence force Message-ID: 29 September 2013 Last updated at 10:43 ET UK to create new cyber defence force http://www.bbc.co.uk/news/uk-24321717 The UK is to create a new cyber unit to help defend national security, the defence secretary has announced. The Ministry of Defence is set to recruit hundreds of reservists as computer experts to work alongside regular forces in the creation of the new Joint Cyber Reserve Unit. The new unit will also, if necessary, launch strikes in cyber space, Philip Hammond said. Recruiting for reservists to join the unit will start next month. The role of the unit is to protect computer networks and safeguard vital data. Mr Hammond told the Conservative Party conference that "the threat is real". "Last year, our cyber defences blocked around 400,000 advanced, malicious cyber threats to the government secure intranet alone," he said. 'New frontier' In a statement, the Ministry of Defence (MoD) said the "creation of the "Joint Cyber Unit (Reserve) will allow it to draw on individuals' talent, skills and expertise gained from their civilian experience to meet these threats". Mr Hammond told the Mail on Sunday clinical "cyber strikes" could disable enemy communications, nuclear and chemical weapons, planes, ships and other hardware. He told the newspaper: "People think of military as land, sea and air. We long ago recognised a fourth domain - space. Now there's a fifth - cyber. "This is the new frontier of defence. For years, we have been building a defensive capability to protect ourselves against these cyber attacks. That is no longer enough. "You deter people by having an offensive capability. We will build in Britain a cyber strike capability so we can strike back in cyber space against enemies who attack us, putting cyber alongside land, sea, air and space as a mainstream military activity. "Our commanders can use cyber weapons alongside conventional weapons in future conflicts." The MoD said the recruitment of reservists will target regular personnel leaving the armed forces, current and former reservists with the required skills and civilians with the appropriate technological skills and knowledge. Cyber attacks and crime have become more common in recent years. In July the British intelligence agency, GCHQ, told the BBC the UK had seen about 70 sophisticated cyber espionage operations a month against government or industry networks. In a written statement in December last year, Cabinet Office minister Francis Maude said 93% of large corporations and 76% of small businesses had reported a cyber breach in 2012. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Sep 29 20:02:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Sep 2013 21:02:53 -0400 Subject: [Infowarrior] - Your Smartphone Spies On What You Type Message-ID: <8BCEEB20-9197-403B-AA31-E01FD241D900@infowarrior.org> Your Smartphone Spies On What You Type Written by Mike James Sunday, 29 September 2013 00:00 http://www.i-programmer.info/news/105-artificial-intelligence/6430-your-smartphone-spies-on-what-you-type-.html All you have to do is place your phone next to your keyboard to provide a direct channel for anyone to read what you are typing - and it's all down to the vibration of the keys. We all do it - place our phones down on the desk next to the keyboard. This might not be such a good idea if you want to keep your work to yourself. A team of researchers from MIT and the Georgia Institute of Technology have provided proof of concept for logging keystrokes using nothing but the sensors inside a smartphone - an iPhone 4 to be precise. The first interesting finding is that the accelerometer inside an iPhone 3GS wasn't good enough to pick up the vibrations of the keys but the iPhone 4 produced a clear signal. This demonstrates not only that sensors are getting better, but the improvement makes a real difference. The iPhone 4 was placed a few inches away from a keyboard and the keys were pressed while a sensor data was fed to two neural networks. The data was processed to produce a feature vector based on a range of temporal and frequency information. One network was trained to recognize the horizontal position of the key and the other the vertical position. The scan rate was on the low side, 100Hz, due to the limitations fo the hardware. Just detecting raw keypresses didn't produce a very accurate result, but switching to picking up pairs of keywords and then using a word dictionary did produce useful data extraction. Accuracies of around 80% were achieved, but the accuracy reduced with the number of keypresses. Word recognition only achieved a 46% accuracy, but this increased to 73% if second choice words were included. Clearly semantic analysis could push the accuracy up. There have been experiments that recover text by listening to the noise a keyboard makes and these have achieved slightly higher accuracies that this vibration-based approach. The key difference is that this experiment used a smartphone rather than a desktop machine with a big microphone and high-speed sampling. The method may be less accurate, but it could be packaged into smartphone malware and be used without anyone knowing it was going on. The paper describes some problems with the method - if the phone is too far from the keyboard then the vibrations aren't strong enough, if the user taps on the desk or plays a radio then there is too much interference and if the user types too fast the processor can't keep up. So how to stop such eavesdropping? Leave the phone outside the room or keep in in a bag next to the desk rather than on it. The researchers also suggest that in future APIs could be modified to restrict the sampling rate to below the Nyquist rate for the data being listened into - say 30Hz in this case. It is interesting to speculate on how much better an engineered design might do than the neural network learning approach. The accelerometer acts much like a seismometer and geologists have a lot of techniques for using such data to work out where an earthquake happened. Perhaps the same signal processing techniques could pinpoint the location of the key vibrations without the need to use supervised learning. Whatever the final outcome, it is clear that with a smartphone in your possession secrecy and privacy are far from certain. Be careful the next time someone leaves their phone on your desk. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 30 11:39:04 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Sep 2013 12:39:04 -0400 Subject: [Infowarrior] - Qwest CEO who resisted NSA spying is out of prison Message-ID: <249DACDC-6D76-4E20-9199-28E920F90565@infowarrior.org> A CEO who resisted NSA spying is out of prison. And he feels ?vindicated? by Snowden leaks. By Andrea Peterson, Updated: September 30, 2013 http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/30/a-ceo-who-resisted-nsa-spying-is-out-of-prison-and-he-feels-vindicated-by-snowden-leaks/?print=1 Just one major telecommunications company refused to participate in a legally dubious NSA surveillance program in 2001. A few months later, its CEO was indicted by federal prosecutors. He was convicted, served four and a half years of his sentence and was released this month. Prosecutors claim Qwest CEO Joseph Nacchio was guilty of insider trading, and that his prosecution had nothing to do with his refusal to allow spying on his customers without the permission of the Foreign Intelligence Surveillance Court. But to this day, Nacchio insists that his prosecution was retaliation for refusing to break the law on the NSA's behalf. After his release from custody Sept. 20, Nacchio told the Wall Street Journal that he feels "vindicated" by the content of the leaks that show that the agency was collecting American's phone records. Nacchio was convicted of selling of Qwest stock in early 2001, not long before the company hit financial troubles. However, he claimed in court documents that he was optimistic about the firm's ability to win classified government contracts ? something they'd succeeded at in the past. And according to his timeline, in February 2011 ? some six months before the Sept. 11 terrorist attacks ? he was approached by the NSA and asked to spy on customers during a meeting he thought was about a different contract. He reportedly refused because his lawyers believed such an action would be illegal and the NSA wouldn't go through the FISA Court. And then, he says, unrelated government contracts started to disappear. His narrative matches with the warrantless surveillance program reported by USA Today in 2006 which noted Qwest as the lone holdout from the program, hounded by the agency with hints that their refusal "might affect its ability to get future classified work with the government." But Nacchio was prevented from bringing up any of this defense during his jury trial ? the evidence needed to support it was deemed classified and the judge in his case refused his requests to use it. And he still believes his prosecution was retaliatory for refusing the NSA requests for bulk access to customers' phone records. Some other observers share that opinion, and it seems consistent with evidence that has been made public, including some of the redacted court filings unsealed after his conviction. The NSA declined to comment on Nacchio, referring inquiries to the Department of Justice. The Department of Justice did not respond to The Post's request for comment. Snowden leaked documents about NSA spying programs to the public and arguably broke the law in doing so. In contrast, Nacchio seems to have done what was in his power to limit an illegal government data collection program. Even during his own defense, he went through the legal channels he could to make relevant information available for his defense ? albeit unsuccessfully. The programs that were revealed are also substantially different in nature, if not in content. The Bush-era warrantless surveillance programs and data collection programs were on shaky legal ground, based on little more than the president's say-so. That's why telecom companies sought and received legal immunity from Congress for their participation in 2008. But that same update also expanded government surveillance powers. Some observers argue that some of the NSA's spying programs are still unconstitutional. But at a minimum, these programs were authorized by the FISC and disclosed to congressional intelligence committees. Nacchio told the Wall Street Journal, "I never broke the law, and I never will." But he never got a chance to present to the jury his theory that his prosecution was politically motivated. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 30 11:47:53 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Sep 2013 12:47:53 -0400 Subject: [Infowarrior] - Jon Callas: Non-NIST Cipher Suite Message-ID: Non-NIST Cipher Suite Posted on September 30, 2013 by joncallas http://silentcircle.wordpress.com/2013/09/30/nncs/ One of the most upsetting things about the recent revelations about the NSA?s shenanigans is that it has apparently devoted US$250M to suborning international standards. (One of the very upsetting things about these revelations is that there are several most upsetting things.) Over the last few weeks, just about everyone in the standards and crypto business has been looking over the crypto with an eye towards seeing what the NSA might have subverted. There hasn?t been much definitive to say. There is the much-discussed elliptic curve random number generator in NIST?s documents. There is also the concern that the elliptic curves that are part of NSA Suite B aren?t as strong as they could be. There are also discussions about interference in various standards from IPsec to TLS to whatever. There have been no smoking guns. The DUAL_EC_DRBG discussion has been comic. The major discussion has been whether this was evil or merely stupid, and arguing the side of evil has even meant admitting it is technologically a stupid algorithm, which sends the discussion into an amusing spiral of meta-commentary. Matt Green has an excellent blog post on its multi-dimensional stupidity. Was the NSA so stupid they think we wouldn?t notice the flaws (we did notice nearly immediately)? Was the NSA so stupid that this is the best they can do? And can we even believe the claim that they?ve been trying to subvert standards? They?re liars. They?ve lied to Congress, lied to the technical community, and lied to everyone. Should we believe them when they say they punked us, or believe that we saw the ball under the wrong cup all along? Arguing the side of evil and avoiding the stupid leads to non-falsifiabilty ? there must be something that is so clever we haven?t seen it yet. I keep thinking of Cabell?s quip that a pessimist fears that the optimist is right. The issue of the Suite B curves is more interesting. Cryptographers Dan Bernstein and Tanja Lange have been arguing that the Suite B curves are weak since before we ever heard of Ed Snowden. I?ve been public and pointed; I?ve always thought that the DUAL_EC_DRBG random number generator is patently stupid. But I?ve always believed that the Suite B curves were designed secure. All crypto has a lifespan of utility. Even if there are issues with the Suite B curves, I think they were designed well at the time. The NSA has argued intellectually that elliptic curve cryptography is a good idea for a decade. They have actively stumped for it as a technology, and even buying patent licenses (there have been controversies, but those are not at all about the integrity of the technology). If the Suite B curves are intentionally bad, this would be a major breach of trust and credibility. Even in a passive case ? where the curves were thought to be good, but NSA cryptanalysts found weaknesses they have since exploited ? it would create a credibility gap of the highest order, and would be the smoking gun that confirms the Guardian articles. At Silent Circle, we?ve been deciding what to do about the whole grand issue of whether the NSA has been subverting security. Despite all the fun that blogging about this has been, actions speak louder than words. Phil, Mike, and I have discussed this and we feel we must do something. That something is that in the relatively near future, we will implement a non-NIST cipher suite. Not everything is in place, yet. We have been discussing elliptic curves with Dan and Tanja and they are designing some for us (and the rest of the world, too). Dan?s 25519 curve is very nice, but smaller than we want. We?ve been using the P?384 curve and want a replacement for it, which they?re working on. We are going to replace our use of P?384 with that new curve, or perhaps two curves. We are going to replace our use of the AES cipher with the Twofish cipher, as it is a drop-in replacement. We are going to replace our use of the SHA?2 hash functions with the Skein hash function. We are also examining using the Threefish cipher where that makes sense. (Full disclosure: I?m a co-author of Skein and Threefish.) Threefish is the heart of Skein, and is a tweakable, wide-block cipher. There are a lot of cool things you can do with it, but that requires some rethinking of protocols. The old cipher suites will remain in our systems. We?re not going to get rid of them, but the new ones will be the default in our services. We understand there are gentlepersons who will disagree with our decision, so we?re not completely getting rid of the existing crypto. This doesn?t mean we think that AES is insecure, or SHA?2 is insecure, or even that P?384 is insecure. It doesn?t mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims of the NSA?s perfidy, along with the rest of the free world. For us, the spell is broken. We?re just moving on. No kiss, no tears, no farewell souvenirs. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Sep 30 17:57:20 2013 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Sep 2013 18:57:20 -0400 Subject: [Infowarrior] - The DOJ's Insane Argument Against Weev: He's A Felon Because He Broke The Rules We Made Up Message-ID: The DOJ's Insane Argument Against Weev: He's A Felon Because He Broke The Rules We Made Up http://www.techdirt.com/articles/20130929/15371724695/dojs-insane-argument-against-weev-hes-felon-because-he-broke-rules-we-made-up.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.