From rforno at infowarrior.org Sat Feb 1 15:37:11 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Feb 2014 16:37:11 -0500 Subject: [Infowarrior] - In Pennsylvania and Alaska, a publisher takes infringement to another level Message-ID: (c/o JH) In Pennsylvania and Alaska, a publisher takes infringement to another level http://www.poynter.org/latest-news/regret-the-error/237923/in-pennsylvania-and-alaska-a-publisher-takes-infringement-to-another-level/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 1 16:08:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Feb 2014 17:08:10 -0500 Subject: [Infowarrior] - If This Is Cyberwar, Where Are All the Cyberweapons? Message-ID: If This Is Cyberwar, Where Are All the Cyberweapons? The discovery of Stuxnet in 2010 seemed to herald a new age of cyberwar, but that age has yet to materialize. By Paul F. Roberts on January 27, 2014 http://www.technologyreview.com/news/523931/if-this-is-cyberwar-where-are-all-the-cyberweapons/ A virus can ruin a computer; a cyberweapon can disable a power plant. Like the atomic bomb in the waning days of World War II, the computer virus known as Stuxnet, discovered in 2010, seemed to usher in a new era of warfare. In the era of cyberwar, experts warned, silent, software-based attacks will take the place of explosive ordinance, tanks, and machine guns, or at least set the stage for them. Or maybe not. Almost four years after it was first publicly identified, Stuxnet is an anomaly: the first and only cyberweapon ever known to have been deployed. Now some experts in cybersecurity and critical infrastructure want to know why. Are there fewer realistic targets than suspected? Are such weapons more difficult to construct than realized? Or is the current generation of cyberweapons simply too well hid? Such questions were on the minds of the world?s top experts in the security of industrial control systems last week at the annual S4 conference outside Miami. S4 gathers the world?s top experts on the security of nuclear reactors, power grids, and assembly lines. At S4 there was broad agreement that?long after Stuxnet?s name has faded from the headlines?industrial control systems like the Siemens Programmable Logic Controllers are still vulnerable. Eireann Leverett, a security researcher at the firm IOActive, told attendees at the conference that commonplace security practices in the world of enterprise information technology are still uncommon among vendors who develop industrial control systems (see ?Protecting Power Grids from Hackers Is a Huge Challenge?). Leverett noted that modern industrial control systems, which sell for thousands of dollars per unit, often ship with software that lacks basic security controls like user authentication, code signing to prevent unauthorized software updates, or event logging to allow customers to track changes to the device. It is also clear that, in the years since Stuxnet came to light, developed and developing nations alike have seized on cyber operations as a fruitful new avenue for research and development (see ?Welcome to the Malware Industrial Complex?). Laura Galante, a former U.S. Department of Defense intelligence analyst who now works for the firm Mandiant, said that the U.S. isn?t just tracking the activities of nations like Russia and China, but also Syria and Stuxnet?s target of choice: Iran. Galante said cyberweapons give smaller, poorer nations a way to leverage asymmetric force against much larger foes. Even so, truly effective cyberweapons require extraordinary expertise. Ralph Langner, perhaps the world?s top authority on the Stuxnet worm, argues that the mere hacking of critical systems doesn?t count as cyberwarfare. For example, Stuxnet made headlines for using four exploits for ?zero day? (or previously undiscovered) holes in the Windows operating system. But Langner said the metallurgic expertise needed to understand the construction of Iran?s centrifuges was far more impressive. Those who created Stuxnet needed to know the exact amount of pressure or torque needed to damage aluminum rotors within them, sabotaging the country?s uranium enrichment operation. Concentrating on software-based tools that can cause physical harm sets a much higher bar for discussions of cyberweapons, Langner argues. By that standard, Stuxnet was a true cyberweapon, but the 2012 Shamoon attack against the oil giant Saudi Aramco and other oil companies was not, even though it erased the hard drives of the computers it infected. Some argue that the conditions for using such a destructive cyberweapon simply haven?t arisen again?and aren?t likely to for a while. Operations like Stuxnet?stealth projects designed to slowly degrade Iran?s enrichment capability over years?are the exception rather than the rule, said Thomas Rid of the Department of War Studies at Kings College in London. ?There are not too many targets that would lend themselves to a covert campaign as Stuxnet did,? Rid said. Rid told attendees that the quality of the intelligence gathered on a particular target makes the difference between an effective cyberweapon and a flop. It?s also possible that other cyberweapons have been used, but the circumstances surrounding their use are a secret, locked up by governments as ?classified? information, or protected by strict nondisclosure agreements. Indeed, Langner, who works with some of the world?s leading industrial firms and governments, said he knows of one other true physical cyberattack, this one tied to a criminal group. But he wouldn?t talk about it. Industrial control professionals and academics complain that the information needed to research future attacks are being kept out of the public domain. And public utilities, industrial firms, and owners of critical infrastructure are just now becoming aware that systems they assumed were cordoned off from the public Internet very often are not. Meanwhile, technology is driving even more rapid and transformative changes as part of what?s called the Internet of things. Ubiquitous Internet connectivity combined with inexpensive and tiny computers and sensors will soon allow autonomous systems to communicate directly with each other (see ?Securing the Smart Home, from Toasters to Toilets?). Without proper security features built into industrial products from the get-go, the potential for attacks and physical harm increase dramatically. ?If we continue to ignore the problem, we are going to be in deep trouble,? Langner said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Feb 2 16:14:50 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Feb 2014 17:14:50 -0500 Subject: [Infowarrior] - Lawyers for Lavabit founder: judges may dismiss civil liberties concerns Message-ID: <2B628738-E7C5-4471-A45B-05E52AF7C314@infowarrior.org> Lawyers for Lavabit founder: judges may dismiss civil liberties concerns ? Dominic Rushe in New York ? theguardian.com, Saturday 1 February 2014 08.00 EST http://www.theguardian.com/technology/2014/feb/01/lavabit-ladar-levison-snowden-contempt-court Civil rights lawyers expressed concern this week that judges reviewing the contempt of court case brought against Lavabit, an email service that was used by the National Security Agency leaker Edward Snowden, were dismissing privacy concerns raised by the case as a ?red herring? that had been ?blown out of proportion?. The founder of Lavabit, Ladar Levison, is challenging a contempt of court order brought against him when he initially refused to hand over the encryption keys to his secure email service. The case is now with the fourth US circuit court of appeals in Richmond, Virginia. Judges Roger Gregory, Paul Niemeyer and Steven Agee presided over a hearing on Tuesday. A decision is expected within 45 days. If Levison?s appeal is rejected, he will be held in contempt of court and it will be unlikely that the legal issues surrounding the case will be resolved. Levison has argued that the government put an undue burden on his business by forcing him to hand over the SSL encryption keys to his service, as part of the FBI?s investigation into Snowden's leak of thousands of documents to media outlets including the Guardian. Levison shut the service shortly after complying and has since argued that the government violated his fourth amendment right prohibiting unreasonable searches and seizures. An American Civil Liberties Union (ACLU) attorney, Brian Hauss, said the hearing suggested the court was more interested in the procedural details of the case and Levison?s behaviour than fourth-amendment issues regarding the legal position of a business?s use of encryption. ?We believe encryption is the heart of this case,? Hauss said. ?The judges pointed out that the first order asked for data and didn?t demand SSL keys. But the only way Levison could have provided them with that data as they wanted it was to hand over those keys.? Lavabit was a secure email service through which account holders used an encrypted key to access their mail. Levison did not hold those keys. While he could have given the authorities access to a single user?s account, as he had done in the past, he has argued that the only way to give the FBI ?live? access, as it demanded, was to compromise his entire system and its 410,000 users by handing over the master keys. Hushmail, a Lavabit rival, acquiesced to a similar FBI demand in 2007, only to see its reputation collapse. Levison and the ACLU have argued that that example and others show the government was making an unreasonable demand on his business ? a legal defence against a court order. In a filing with the court, the ACLU has argued that the government ?fatally undermined? Lavabit when it demanded access to encryption keys that kept the service secure. "Lavabit's business was predicated on offering a secure email service, and no company could possible tell its clients that it offers a secure service if its keys have been handed over to the government," said Catherine Crump of the ACLU. Hauss said: ?There should be some check on the courts? authority to compel a person to comply with its demand. After all, these are innocent third parties.? The judges in the Lavabit case, however, seemed at the hearing keen to move away from encryption or any mention of the fourth-amendment argument. In court, Judge Niemeyer said: "The encryption key comes in only after your client is refusing to give them the unencrypted data. They don't want the key as an object, they want this data with respect to a target that they are investigating. And it seems to me that that's all this case is about and it?s been blown out of proportion by all these contentions that the government is seeking keys to access other people's data and so forth. They are seeking unencrypted data with respect to a target." Judge Gregory argued the encryption key had become a ?red herring?. "There is such a willingness and a desire to argue about secret keys being provided and the government's going to take full advantage of that and spy on everybody,? said Niemeyer. What was ordered here was with respect to a particular target to provide unencrypted data pursuant to that order." 'Questions of enormous importance' Levison?s legal woes began last June, when Lavabit was ordered to set up a "pen trap" to collect data from one of its customers, thought to be Snowden. A pen trap is software that records all the metadata from an electronic communication, including destination, address, recipient and header. In court, Lavabit attorney Ian Samuels argued that Levison agreed to set up the pen trap and had complied with at least one similar court order in the past. He balked at handing over SSL keys that would have given the FBI access to all his clients and they in turn lost trust in him. Initially he was gagged from speaking about the case, even to a lawyer. Forced to hand over the keys, Levison initially sent the FBI the details as 11 pages of print in 4-point type. Shortly after that, he closed the service and issued a press release saying he had made the decision in order not to be ?complicit in crimes against the American people?. The judges criticised Levison for not correctly challenging the order, a criticism to which Samuels objected. Samuels said Levison had made an objection on "statutory grounds and on constitutional grounds" to handing over the encryption keys. He said Levison had argued it would place an undue burden on his business and that there were many good reasons to hear the appeal in any case. ?As the government candidly concedes Mr Levison was 'intermittently represented by counsel', these proceedings were happening extraordinarily quickly,? Samuels said. He added: "There are questions of enormous importance both to the government and to not just this litigant but to other service providers in the United States." He said Levison had tried to offer the FBI a solution that would not lead to the ?loss of privacy for the hundreds of thousands of other customers. ?When that was refused then the government didn?t say, 'Let's try and work something out,' the government didn't even pursue the grand jury subpoena, which is the usual way you get information from an innocent third party that isn?t the fruit, instrument or evidence of a crime. ?What the government said was, 'We don?t even want to deal with the procedural protections of the grand jury. We want to get this information, we are entitled to it in every case. Any time we install a pen register, we get the SSL keys if we decide that we don?t trust you.' That is what the government went and said. ?There were other options for them to get this information that didn't even involve them trusting the company if the government doesn't trust them anymore. What they can't do is they can't say that this statute, and the fourth amendment which doesn?t authorise any of this, gives it to us in every single case if we decide that we don?t trust you.? Levison declined to comment on the appeal. ?All I really want is for this issue to be settled so that there is some clarity about what protection businesses have,? he said. Levison is currently working with the founders of Silent Circle, another secure online service that shut down, fearing the FBI would compel it to compromise its service. They are planning to launch a service called Dark Mail that will offer an open-source tool that could make secure encryption an easy add-on for any email service. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 3 06:39:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Feb 2014 07:39:22 -0500 Subject: [Infowarrior] - Icelandic social media site targets surveillance-weary users Message-ID: Icelandic social media site targets surveillance-weary users By Joachim Dagenborg 4 hours ago http://news.yahoo.com/icelandic-social-media-targets-surveillance-weary-users-074721683--finance.html OSLO (Reuters) - Upstart social media platform Vivaldi aims to capture tech savvy users seeking to avoid aggressive advertising and the prying eyes of governments, and hopes for a boost from the closure of a rival, founder Jon von Tetzchner told Reuters. Based in Iceland, a country known for its commitment to privacy and free speech, Vivaldi is luring users with strong data encryption and a promise not to use the content of private mail to generate advertising. "Our initial focus is on the computer geeks because they usually have higher demands for functionality, safety and privacy," said von Tetzchner, co-founder of internet browser maker Opera Software. "But a lot of ordinary people also worry about these things and we will welcome everyone." The recently established Vivaldi.net currently offers a mail service, photo sharing, chat functions, a blog platform and discussion forums. "There has been a lot of focus on safety lately, and it has mainly been focused on governments. But I think this is just as much an issue for the companies in this business," said von Tetzchner. Vivaldi hopes for a boost from Opera Software's decision to shut its own social network platform on March 1 and aims to capture its several million users. von Tetzchner left Opera in 2011. "As a society I feel that we should be more focused on limiting the massive surveillance we all are under from governments and from companies that use people's private information for advertising purposes," von Tetzchner said. "I don't think anyone can guarantee to keep NSA away, so I won't make that promise. But we are without a doubt a safer alternative than anyone else out there. This is one of the reasons we have chosen to do it from Iceland." (Editing by Terje Solsvik) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 3 07:48:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Feb 2014 08:48:09 -0500 Subject: [Infowarrior] - Hackers sue German government over NSA spying Message-ID: Hackers sue German government over NSA spying Monday - 2/3/2014, 7:50am ET FRANK JORDANS Associated Press http://www.wtop.com/220/3555074/Hackers-sue-German-government-over-NSA-spying BERLIN (AP) -- A group of computer hackers and human rights campaigners in Germany announced Monday that they are suing their government for allegedly breaking the law by aiding foreign spies. The Chaos Computer Club and the International League for Human Rights submitted a criminal complaint to federal prosecutors claiming that Chancellor Angela Merkel, her government and security officials tolerated and even helped members of the U.S. National Security Agency and Britain's GCHQ to spy on German citizens. The groups point to documents released by NSA leaker Edward Snowden as evidence that the emails, social media messages and phone calls of ordinary citizens are screened beyond what is allowed under German law. "With this criminal complaint, we hope to finally initiate investigations by the Federal Prosecutor General against the German government," the Chaos Computer Club said in the statement. The group calls itself Europe's largest association of hackers; it regularly campaigns for greater privacy rights and exposes flaws in electronic security systems. Federal prosecutors have been considering for months whether to open an investigation of alleged NSA activities. They will now have to consider whether to open an investigation on the basis of the new criminal complaint as well. While the German government has expressed misgivings about some of the reported allegations and is seeking to negotiate a 'no-spy' agreement with the United States, opposition lawmakers have accused Merkel's administration of failing to put sufficient pressure on Washington for fear of jeopardizing diplomatic relations and intelligence cooperation. Merkel's spokesman, Steffen Seibert, noted that "everyone in Germany can file a criminal complaint" and declined to comment on the hackers' suit. Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 4 07:34:53 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Feb 2014 08:34:53 -0500 Subject: [Infowarrior] - FDA approves pill camera Message-ID: <85B97DDE-209C-49C8-9101-B1B877AFC403@infowarrior.org> FDA approves pill camera to screen colon By MATTHEW PERRONE AP Health Writer http://hosted.ap.org/dynamic/stories/U/US_GIVEN_IMAGING_FDA_APPROVAL WASHINGTON (AP) -- A kinder, gentler approach to one of the most dreaded exams in medicine is on the way: U.S. regulators have cleared a bite-size camera to help screen patients who have trouble with colonoscopies. The ingestible pill camera from Given Imaging is designed to help doctors spot polyps and other early signs of colon cancer. The Food and Drug Administration cleared the device for patients who have had trouble with the cringe-inducing colonoscopy procedure, which involves probing the large intestine with a tiny camera embedded in a four-foot long, flexible tube. The Israeli company's technology, developed from missile defense systems, uses a battery-powered camera to take high-speed photos as it slowly winds its way through the intestinal tract over eight hours. The images are transmitted to a recording device worn around the patient's waist and later reviewed by a doctor. While Given's wireless, image-beaming system may sound like science fiction, it's actually more than a decade old. In 2001, the company received FDA approval for a similar device used to get a close-up view of the small intestine. At that time, analysts expected Given's approach to grow into a direct competitor to traditional colonoscopy. But company studies found that images taken by the mini-camera were not quite as clear as those from the in-office procedure. As a result, the company has pursued a more limited market for its device: patients who have trouble undergoing standard colonoscopies. The FDA on Monday cleared the company's PillCam Colon for patients who have experienced an incomplete colonoscopy. Given estimates 750,000 U.S. patients are not able to complete the procedure each year, due to anatomy issues, previous surgery or various colon diseases. Even with this limited indication, analysts estimate the new pillcam could grow to sales of over $60 million in North America by 2019, with room for expansion as the technology improves. MorningStar analyst Debbie Wang said the company has shrewdly positioned the device as another tool in the gastrointestinal specialist's kit, rather than a direct competitor. "Given's management understands that the traditional colonoscopy is the gastroenterologist's bread and butter right now," Wang said. "So they didn't want to do anything that would position this as a substitute." Wang notes that Given's PillCam costs $500, significantly less than the roughly $4,000 rate for colonoscopy. Eventually, she thinks doctors may use the device to attract adults who avoid regular screenings due to fears of pain, embarrassment and general discomfort. The Centers for Disease Control and Prevention's guidelines currently recommend regular colonoscopies beginning at age 50 and continuing through age 75, though most U.S. adults don't follow the recommendations. In December, Irish medical device firm Covidien said it would buy Given for about $860 million. Given Imaging, headquartered in Yoqneam, Israel, markets seven lines of medical devices and surgical supplies, including pillcams to screen the esophagus and small intestine. Pillcam Colon was previously approved in 80 other countries, including in Japan, Europe and Latin America. ? 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. Learn more about our Privacy Policy and Terms of Use. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 4 15:55:46 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Feb 2014 16:55:46 -0500 Subject: [Infowarrior] - Adobe Releases New DRM For eBooks, Plans To Screw Over Anyone Using Old DRM Message-ID: Adobe Releases New DRM For eBooks, Plans To Screw Over Anyone Using Old DRM http://www.techdirt.com/articles/20140204/07381226084/adobe-releases-new-drm-ebooks-plans-to-screw-over-anyone-using-old-drm.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 4 16:07:17 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Feb 2014 17:07:17 -0500 Subject: [Infowarrior] - Has NSA Wiretapping Violated Attorney-Client Privilege? Message-ID: Has NSA Wiretapping Violated Attorney-Client Privilege? A document leaked by Edward Snowden, along with interviews with lawyers representing terrorism suspects, reveal a disturbing loophole in this once-sacred legal principle. Nicolas Niarchos February 4, 2014 http://www.thenation.com/article/178225/has-nsa-wiretapping-violated-attorney-client-privilege --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 4 16:10:06 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Feb 2014 17:10:06 -0500 Subject: [Infowarrior] - Puhlease. Rep. Mike Rogers: Glenn Greenwald 'a thief' Message-ID: <5D3E3110-3330-470F-8330-39DF500E51D2@infowarrior.org> Senior US congressman Mike Rogers: Glenn Greenwald 'a thief? ? Spencer Ackerman in Washington ? theguardian.com, Tuesday 4 February 2014 16.39 EST http://www.theguardian.com/world/2014/feb/04/us-congressman-mike-rogers-glenn-greenwald-thief-snowden-nsa A senior US legislator has accused the former Guardian journalist Glenn Greenwald of illegally selling National Security Agency documents provided to him by the whistleblower Edward Snowden. Congressman Mike Rogers, chairman of the House intelligence committee, suggested Greenwald was a ?thief? after he worked with news organizations who paid for stories based on the documents. ?For personal gain, he?s now selling his access to information, that?s how they?re terming it ? A thief selling stolen material is a thief,? Politico quoted Rogers as saying after a committee hearing on Tuesday. Rogers said his source for the information was ?other nations' press services?. Greenwald said that the claim was foolish, unfounded, and designed to intimidate journalists. ?The main value in bandying about theories of prosecuting journalists is the hope that it will bolster the climate of fear for journalism,? he tweeted Tuesday. At the hearing, the US director of national intelligence, James Clapper, reiterated a statement he made last week criticizing Snowden?s unnamed ?accomplices,? an apparent reference to the journalists who have published articles based on the material he took from the NSA. Greenwald was not named specifically during the hearing, but Rogers pressed agency chiefs to say that reporters ?selling the access of material that was stolen from the United States government ? for personal gain and profit? was a criminal act. FBI director James Comey said that a reporter ?hawking stolen jewelry? was a crime, but it was ?harder to say? journalism based off the Snowden leaks was criminal, since such a determination had ?first amendment implications.? ?It?s an issue that can be complicated if it involves a news-gathering or a news promulgation function,? Comey said. Rogers asked: ?Entering into a commercial enterprise to sell stolen material is acceptable to a legitimate news organization?? Corney replied: ?I?m not sure I?m comfortable answering that in the abstract." The attorney general, Eric Holder, said in November he did not plan to prosecute Greenwald. Almost as soon as Greenwald, one of two journalists in possession of the entire set of documents Snowden took from the NSA, began publishing Snowden?s revelations, a largely-online whispering campaign began about his motives. A more recent permutation of the accusation is that Greenwald is selling access to the Snowden trove, either to the new journalism organization he left the Guardian to help found, First Look, or to the variety of news outlets he has partnered with worldwide to publish information about controversial surveillance programs. Greenwald has repeatedly batted the accusation down as foolish, and treated the typical act of publishing journalism on a freelance basis as nefarious and potentially criminal. ?It?s completely idiotic,? Greenwald told Fox News in December. Greenwald has said he receives the same sort of freelance rate from his partner outlets that other freelancers receive, when he is contracted to write stories based on Snowden documents. At the House hearing, the chairman of the Defense Intelligence Agency, Mike Flynn, an army lieutenant general, said the organization?s investigation into the impact of the NSA leaks operated off the presumption that Snowden took every document he ever had access to as an IT contractor ? a potential clue into the unsubstantiated claim from the government that Snowden took 1.7m documents. ?Everything he touched, we assume he took, stole,? Flynn said. ?What we do have is the 200 or so news articles that have been published around the world that give us some insight into what was taken,? Clapper said. Both Flynn and Clapper said they ?absolutely? believed the Russian intelligence services had an interest in exploiting Snowden, who was granted a year-long asylum in Russia after the Obama administration revoked his passport. But Flynn said he did not ?have any information? that Snowden was under the influence of Russian intelligence. Clapper said he would find it ?incredulous? if Russian intelligence had not already had conversations with Snowden. Snowden has said for months that he acted alone in exfiltrating data from the NSA, without any internal or external help, a claim US officials have not provided evidence to contradict. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 4 16:12:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Feb 2014 17:12:20 -0500 Subject: [Infowarrior] - =?windows-1252?q?Microsoft=92s_Nadella_Named_CEO?= Message-ID: <087D9F17-E80D-4AF7-B110-EEC58734ADC4@infowarrior.org> Microsoft?s Nadella Named CEO to Transform PC Pioneer By Dina Bass - Feb 4, 2014 Microsoft Corp. (MSFT) named Satya Nadella chief executive officer, tapping an insider steeped in business technology to speed up a turnaround at a software maker that helped usher in the personal-computing age, only to be left behind as the world embraced the Web and mobile devices. Nadella, 46, is replacing Steve Ballmer effective immediately after a five-month search, Microsoft said in a statement today. Bill Gates, the company?s first CEO, will step aside as chairman, devote more time to product development as a director and continue running his philanthropic foundation. John Thompson, the director who led the CEO search, becomes chairman. The new CEO, who was born in India and joined Microsoft in 1992, takes over at a critical juncture. Consumers and businesses are shunning PCs in favor of handheld devices made by rivals, sapping demand for Microsoft?s flagship products. Besides playing catchup to the likes of Apple Inc. (AAPL) and Google Inc. (GOOG), Nadella will be tasked with completing strategy changes, begun by Ballmer last year, that include integrating the $7.2 billion integration of Nokia Oyj (NOK1V)?s handset unit and turning Microsoft into a provider of services and hardware. ?He?s really the complete package -- he has incredible intellect but he also combines that with a deep curiosity and willingness to learn,? said Doug Burgum, who sold business-software developer Great Plains to Microsoft in 2001 and oversaw Nadella while at the Redmond, Washington-based company. Fresh Thinking Nadella emerged as the top internal candidate by late November, people told Bloomberg News at the time. While Nadella brings experience delivering software via the Web and in developing tools for businesses, he?ll need to boost Microsoft?s share in markets aimed at consumers, where rivals have seized the lead. Shareholders are justified in asking whether the Microsoft veteran of 22 years can deliver the same fresh thinking as an outsider, said Daniel Ives, an analyst at FBR Capital Markets & Co. ?He has all the qualifications to take over, but the question for investors is will he be able to change things up,? said Ives, who rates Microsoft the equivalent of a hold. Much will depend on the role of Microsoft?s board, where former CEOs Gates and Ballmer will remain directors. Nadella is also joining the board as its 10th member. Thompson also brings his experience as Symantec Corp.s? former CEO and as an executive at International Business Machines Corp. (IBM) ?During this time of transformation, there is no better person to lead Microsoft than Satya Nadella,? Gates said in the statement. < ? > http://www.bloomberg.com/news/print/2014-02-04/microsoft-names-satya-nadella-as-ceo-to-transform-pc-pioneer.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 4 20:07:16 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Feb 2014 21:07:16 -0500 Subject: [Infowarrior] - Have 24-hour TV news channels had their day? Message-ID: <595E7DDE-5986-4B1F-8FBE-CE527A37F0F0@infowarrior.org> Have 24-hour TV news channels had their day? The former director of BBC News, Richard Sambrook, and its ex-head of strategy, Sean McGuire, argue that digital technology has left rolling news channels outmoded ? Richard Sambrook and Sean McGuire ? theguardian.com, Monday 3 February 2014 09.14 EST http://www.theguardian.com/media/2014/feb/03/tv-24-hour-news-channels-bbc-rolling/print It's January 1991. Peter Arnett is reporting from the Al-Rashid hotel in Baghdad as the first air strikes of the Gulf war hit the Iraqi capital. He's live on CNN. Audiences around the world are gripped. The 24-hour news channel has come of age. Fast forward to January 2011. Tahrir Square, Egypt. Citizen journalism ensures that pictures of demonstrations and the resulting crackdown are beamed directly to a global audience. The next year, 8 million people tune in live to YouTube to watch Felix Baumgartner jump from outer space. Many times that audience log in to watch it over the next few days. Spin on to April 2013 and the Boston marathon bombings. CNN stumbles in front of a huge and anxious audience claiming an arrest had been made when it hadn't. Live blogging ? with its speed, transparency of sources, and pared-down format ? comes into its own. The past two decades have seen a revolution in every aspect of the media industry ? technological change has enabled consumers to develop sophisticated and subtle patterns of behaviour, constantly being updated from a variety of sources. Cable news established the 24-hour news habit, but today social media and mobile phones fulfil the instant news needs of consumers better than any TV channel can. Yet around the world hundreds of millions of dollars continue to be invested each year in news networks. Is this money well spent? Or has the time come to rethink the TV news business? Were live channels simply the product of the satellite age which is now all but over? Did 24-hour news have its moment in the sun ? quite literally ? in the deserts of Kuwait? Whose needs are news channels meeting? 24-hour TV news broke the audience away from the daily news cycle, focused on a flagship primetime newscast. But should linear satellite channels still be the focus of so much attention in the interactive internet age? They don't quite give us news when we want it ? we often have to wait 15 or 30 minutes for the story to come around ? so it's news-not-quite-on-demand. If we want it now, we will go online and get it instantly. Twitter ? and increasingly live blogs of breaking news events - consistently beat 24-hour TV channels. And on those defining moments that bring the nation together the multichannel broadcasters will, and regularly do, clear their main mass-audience channels. So that makes a news channel perfect for those quite big, but not really big, stories for people who want information quite fast ? but not immediately. By anyone's judgment, that's a small (and slightly weird) segment. Beyond that, it's great for people stranded in hotel rooms, office foyers or trading floors. But even that doesn't provide a huge audience ? and probably not one in need of an entire network. Rolling news imposes too many costs on the system The infrastructure behind a 24-hour news channel is impressive ? and formidably expensive. A studio, with two anchors and a steady stream of contributors and guests who all have to be booked and taxied to the studio. Behind them a shift system of producers, graphics designers, crews and editors. Reporters and camera crews around the clock. And underpinning them, continually open satellite links, transponders and digital terrestrial TV channels. All in all, that's an incremental cost of ?40m to ?60m each year. Vamping dish monkeys can't gather news The biggest cost comes from having created a machine that has to be fed. Every 15 minutes we go back to our reporter in the field for an update on what's happened since the last time we visited them. Most of the time the answer is "nothing". But even if something had happened, the chances are we wouldn't get to hear about it ? as all they've done is stand in front of the camera waiting to go live. "Dish monkeys" as they are unflatteringly known. To actually go and get the news they'll need to send ? and pay for ? a second crew. Newsgathering becomes a sausage machine, dedicated to filling airtime. Hours a day are spent on live feeds waiting for something, anything, to happen. "Vamping" it's called in the business. A correspondent talking to fill empty airtime until the press conference or event begins. The editor can't risk broadcasting a different report or going live somewhere else in case he misses the start and a rival channel can claim to be "first". 24-hour channels warp news value judgments The need to fill airtime ? and particularly the need to be seen to be live ? means that in the heat of the moment questionable editorial judgments can be made. Everything seems to be "breaking news". In the last 12 months we've seen the BBC showing live pictures of an empty courtroom in the US, eagerly anticipating the sentencing of already convicted kidnapper Ariel Castro ? a story of interest to few if any in the UK. In the US itself, we've had terrible misjudgments in the aftermath of both the Boston marathon bombing and the navy yard shooting. Al-Jazeera America ? keen to make impact in the US market ? follows the lead of the other news channels and vamps for 20 minutes or more until the president's press conference begins. When a presenter feels compelled to say "Plenty more to come, none of it news. But that won't stop us" (BBC News's Simon McCoy, waiting for the royal birth ), then there really is a problem. The world has moved on The genesis behind the news channel was the advent of global satellite links. News could be transmitted from anywhere, repackaged and then delivered to people's homes. When CNN launched in the 1980s the live capability of a satellite network was breathtaking and transformative. Now, technological developments mean that for the most part the internet has replaced satellite links for capturing and distributing the news. At the same time, consumers have broadband links to home, office, tablet and phone. Yet the industry remains wedded to the idea of a single, linear channel. Audiences have never been convinced. Viewing figures for news channels have always been low ? spiking when a big event happens. The justification for broadcasters was to have a rolling spine of coverage that could be turned to at moments of need. Increasingly, however, we turn to the internet. News channels prize being first ? a race that they can't win, and nobody else cares about. "Did we beat CNN?" is a phrase often heard in a newsroom. But in the digital age social media will always win the race to be first (if not always the race to be right). And who, other than the inhabitants of newsrooms, is watching enough news channels simultaneously to know who was first anyway? Those 30 seconds might be important for commodity traders ? but for news audiences? In today's media environment any broadcaster is first for minutes at most ? by which time Twitter or the competition will have caught up. Being first ? the primary criterion for 24-hour news channels ? is increasingly the least interesting and effective value they offer. What is 'live' anyway? What do we mean ? and what do consumers expect ? from "live"? Some news events are clearly reported truly live ? the second plane hitting WTC2 on 9/11 or Sky News's Alex Crawford broadcasting live as she entered Tripoli with the rebels. But beyond this, very few news events are covered as they happen. Press conferences are edited and reported; two-ways with reporters often cut away to pre-recorded package where the real storytelling takes place. News editors have conflated on-demand with live ? and in doing so have added costs for very little audience benefit. Live pictures only rarely tell a thousand words Television news can be powerful, moving and informative. It can, in the space of a few minutes, change the outlook of an entire nation. Walter Cronkite on Vietnam; Michael Buerk on Ethiopia. Yet the number of stories that are conveyed by live "as it happens" pictures is vanishingly small. Many stories ? the economy, climate change ? aren't best served by pictures; others (inside Syria, Iraq, Afghanistan or Zimbabwe) often don't have pictures available until days after the event; many more work better with a well crafted, tightly edited package rather than a live feed. There is some great journalism on the news networks ? but seldom live and often in spite of the platform, not because of it. News channels have their own narrow agenda Outside of big breaking news, one of the lost opportunities of all that airtime is coverage of under-reported places or issues or providing more analysis or depth. The reason is that all the resources are tied up, waiting to "go live" on the same narrow agenda as everyone else. Global news channels have their own parallel world of timeless, rootless programmes that work as well at 2am in an airport as at 2pm in a jet-lagged hotel suite. Their agenda strains to find common ground for a global audience so is full of pictures of middle-aged men getting in and out of cars at international summits. Plus the live correspondent two-way confirming that although it's a very important event, nothing much has happened. Global news channels are the old 'new imperialism' Most of the rash of global news channels that have been launched in the past 10 years are in some way state-backed and ? although this is frequently denied ? are there to reflect a particular set of values to the world. These channels seldom if ever make money ? they are not commercial propositions. It's about "soft power" ? which at least is a purpose. China has invested more than $7bn in international broadcasting and talks of laying "cornerstones to underpin a de-Americanised world". Exposing the world to our political and social values may be the strongest justification for global news channels. But in the meantime much of the audience, including in developing countries, are looking at their mobile phones and posting to Facebook. Those are the new arenas for global influence. News channels feed partisanship and the echochamber This is particularly true in the US ? where TV is unregulated - and a consequence of the undeniable success of Fox News. Talkshows and argument fill the airtime more cheaply than on the ground newsgathering. To create impact and get noticed both hosts and argument become more partisan and more extreme. People choose the channel that agrees with their views and become less exposed to other viewpoints ? encouraging partisanship, political polarisation and a political echochamber that ill serves open democratic debate. Fox News has led the way in making US TV news channels more partisan. Photograph: Reuters The problem isn't the consumer At heart, the problem is a closed, linear technology failing to keep pace with the growing on-demand, interactive expectations of the public. News channels suffer from low audiences ? at times vanishingly small. These audiences were boosted by a switch to multichannel and digital TV; now they are at best flat and in many cases declining. This isn't a sign of a lack of interest in news. In every major market, well over 80% of consumers read, watch or listen to the news each day. But they are becoming increasingly discerning ? using multiple sources to create their own news agenda, many of them online. So what's the answer? A news service for the next two decades The legacy of 24-hour news channels is holding back broadcasters in adapting to the potential of the digital age. If you gave a digital news operation even a fraction of the tens of millions of pounds currently spent annually on a news channel, just think of what you could achieve. A truly news-on-demand service, with no heritage ? not reusing TV material, nor reusing print ? could be genuinely ground-breaking, reconstructing a news operation and creating a new relationship with audiences and consumers. This is starting to be recognised in the US: ? CNN's Jeff Zucker has planned major changes recognising there is "not enough news" to fill a news channel ? CBS is reported to be developing an online streamed news channel, separate from broadcast channels ? Al-Jazeera in the US has developed AJ+ as an online-only source of video news ? Yahoo has recruited one of America's biggest news names in Katie Couric to "anchor" their news home page ? Digital companies such as Vice and Buzzfeed are recruiting significant numbers of foreign correspondents and opening global bureaux ? built around the web, not satellites Elsewhere there are fewer signs of experimenting with continuous TV news. ITV, unhindered by a news channel, reconfigured their website into a live stream that is both innovative and regularly beats the competition. The BBC's director of news, James Harding, has acknowledged the need for more R&D by creating a "Newslabs" team looking at data and visual journalism. But perhaps the industry needs a bolder vision. James Harding: experimenting with BBC news. Photograph: Carl Court/AFP/Getty Images What might a reconfigured on-demand news service look like? Integrating TV feeds into the web (and remember all TVs will soon be internet connected) could save cost, free resources and provide improved speed and depth of coverage. No need for a channel, or satellite space, or a DTT slot. More journalists gathering news, fewer filling space. Give consumers what they want, as much as they want, when they want it A menu of on-demand packages that can be assembled into a personalised bulletin, with the ability to go into as much depth as you want, accessing comment, pulling in charts, data and analysis from specialist sources as part of the experience. The bulletin waiting for you on any device, learning from you as you go, or interrupting you with the things you really need to know about right now. Look, for example, at Watchup TV aggregating and curating news video across the web. Let newsgathering gather news Return newsgathering to what is says on the tin ? a service that goes out to speak to people, investigates, considers and then files packages as needed, with updates and commentary, freed of the need to fill empty space. When something happens, or new information comes to light, a new story can be generated. A package can be updated and be ready to go as soon as the consumer needs it. Spend money on what matters ? and ignore what doesn't It's not two bodies in a studio waiting, hoping for something, anything to happen, or a miserable guy under an umbrella filling empty time. It's both far more, and far less, than that. Satellite news channels have played a hugely important role in the development of 24-hour news and information over the last 30 years. But technology, and consumers, have moved on. Might 2014 be the year we recognise that, like the emperor's new clothes in Hans Christian Andersen's tale, news channels are not all they pretend to be? Richard Sambrook is professor of journalism at Cardiff University and former director of BBC Global News; Sean McGuire is managing director of media consultants Oliver & Ohlbaum and a former BBC News head of strategy --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 5 07:14:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Feb 2014 08:14:09 -0500 Subject: [Infowarrior] - More struggles with the meaning of homeland security Message-ID: <8FAE2534-A07F-4C2B-A27A-69F6118618F2@infowarrior.org> (c/o MM) More struggles with the meaning of homeland security http://www.hlswatch.com/2014/02/05/more-struggles-with-the-meaning-of-homeland-security/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 5 07:31:51 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Feb 2014 08:31:51 -0500 Subject: [Infowarrior] - States look to rein in government surveillance Message-ID: States look to rein in government surveillance AP 2/5/2014 9:25:09 AM http://www.breitbart.com/system/wire/ap_029168fec16a42078c76fa035d4a3e1d PORTLAND, Ore. (AP) ? Angry over revelations of National Security Agency surveillance and frustrated with what they consider outdated digital privacy laws, state lawmakers around the nation are proposing bills to curtail the powers of law enforcement to monitor and track citizens. Their efforts in at least 14 states are a direct message to the federal government: If you don't take action to strengthen privacy, we will. "We need to stand up and protect our liberty," said Republican Missouri state Sen. Rob Schaaf, author of a digital privacy bill. Police groups, however, say the moves will in some cases hinder efforts to deter or solve crimes. "It would cripple law enforcement's ability to do investigations," said Bart Johnson, executive director of the International Association of Chiefs of Police. Proponents say the measures will overhaul the definition of digital privacy and help increase oversight of specific surveillance tools that law enforcement agencies have been using in the states that critics say mirrors federal surveillance technology. The bills include a Colorado proposal that would limit the retention of images from license plate readers, an Oregon bill that would require "urgent circumstances" to obtain cellphone location data and a Delaware plan that increases privacy protections for text messages. Republican and Democratic lawmakers have joined in proposing the measures, reflecting the unusual mix of political partnerships that have arisen since the NSA revelations that began in May. Establishment leadership has generally favored the programs, while conservative limited government advocates and liberal privacy supporters have opposed them. Supporters say the measures are needed because technology has grown to the point that police can digitally track someone's every move. Devices such as license plate readers and cellphone trackers "can tell whether you stayed in a motel that specializes in hourly rates, or you stopped at tavern that has nude dancers," said David Fidanque, director of the American Civil Liberties Union of Oregon. "It's one thing to know you haven't violated the law, but it's another thing to know you haven't had every one of your moves tracked," he said. As for digital privacy, bills promoting broader protections against email surveillance have popped up recently in various states with varying results. One proposal became law in Texas last year, but a similar measure was vetoed in California where the governor said it was too onerous for police to follow. But proposals focused specifically on police surveillance are a new variety. Schaaf's proposal for a legislatively mandated ballot measure in Missouri would add electronic data to a list of property protected from unreasonable search and seizure. If it passes, it would go before voters in November. "The people in Missouri, if they get the chance to approve it, will send a message that other states can, and must, do the same thing," Schaaf said. "We can't wait on Congress to pick up the banner." In Indiana, legislators have put forward a bill that would ban the warrantless use of a portable device that can track cellphone movements within a mile, as well as the numbers of incoming and outgoing calls and text messages. Indiana lawmakers also want to use warrants to limit the use of tracking devices and surveillance cameras. "You could get to the point where you're just tracking everyone's car just for the fun of it," said Republican Rep. Eric Koch. Clatsop County, Ore., District Attorney Josh Marquis said the legislators' concerns are misplaced. He said state agencies aren't collecting the kind of metadata the NSA collects and bills curtailing the ability of local authorities to gather intelligence could do more harm than good. Under NSA surveillance programs that NSA analyst Edward Snowden revealed, the agency sweeps up information about millions of Americans' phone calls: the number called from, the number called and the duration of the call. That information is stored at NSA facilities until a secret court known as the Foreign Intelligence Surveillance Court gives intelligence officers permission to examine the phone call if investigators believed there was a connection to a terrorist. Another similar program examines Internet data and email traffic. "People think of the NSA as this group of agents trotting the globe, snooping on people," Marquis said. "That's not the case. They're geeks and analysts. They don't want your data. What they're looking for is four numbers in Lahore, Pakistan." Instead, local law enforcement agencies are using the technology to run surveillance on drug cartels or lure sex predators into online communication that leads to an arrest, Marquis said. After months of NSA revelations, President Barack Obama last month proposed changes that would require bulk telephone data collected by the NSA to be stored outside the government to reduce the risk of abuse and put limits on the number of people who could be watched. Still, Obama in calling for the changes Jan. 17, defended government surveillance programs. "The reforms I'm proposing today should give the American people greater confidence that their rights are being protected, even as our intelligence and law enforcement agencies maintain the tools they need to keep us safe," he said. But whether these proposals or any others floating around Congress will actually come to a vote is unclear. NSA surveillance opponents say that even if those measures did pass, they won't be enough to guard Americans' privacy against what they see as an over-intrusive government. "It was a shock to (constituents) when you tell them 'this is legal,' and people say, 'No way!' " said Wisconsin Democrat Melissa Sargent, a state representative who sponsored bipartisan legislation aimed at social-media privacy and cellphone tracking. Even some opponents concede that changes to surveillance and data privacy laws are likely, with several of them in places such as Wisconsin, Texas and Montana already passed or awaiting governors' signatures. Increased oversight is "a reality that is coming to law enforcement," said Georgia Bureau of Investigation director Vernon Keenan. "And we can either try to stand up and fight it off, which is not possible," Keenan said, "or embrace what is reasonable." ___ Ivan Moreno in Denver, Lisa Baumann and Rachel LaCorte in Olympia, Wash., Tom LoBianco and Charles D. Wilson in Indianapolis and David Lieb in Jefferson City, Mo., contributed to this report. ___ Reach reporter Nigel Duara on Twitter at http://www.twitter.com/nigelduara --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 5 07:45:33 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Feb 2014 08:45:33 -0500 Subject: [Infowarrior] - War on Anonymous: British Spies Attacked Hackers, Snowden Docs Show By Mark Schone, Richard Esposito, Matthew Cole and Glenn Greenwald, Special Contributor Message-ID: <9FF37CAD-0BBC-4C0B-B172-76C60A419DCD@infowarrior.org> (Comments witheld about the new NBC News website. Ugly as anything, and so-very-tabloid-y.) War on Anonymous: British Spies Attacked Hackers, Snowden Docs Show By Mark Schone, Richard Esposito, Matthew Cole and Glenn Greenwald, Special Contributor http://www.nbcnews.com/news/investigations/war-anonymous-british-spies-attacked-hackers-snowden-docs-show-n21361 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 5 15:20:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Feb 2014 16:20:37 -0500 Subject: [Infowarrior] - The Legacy of Rep. Otis Pike Message-ID: <84BD5713-A6DE-40CB-8CFE-079B8961E371@infowarrior.org> The first congressman to battle the NSA is dead. No-one noticed, no-one cares. By Mark Ames On February 4, 2014 http://pando.com/2014/02/04/the-first-congressman-to-battle-the-nsa-is-dead-no-one-noticed-no-one-cares/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 5 17:12:02 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Feb 2014 18:12:02 -0500 Subject: [Infowarrior] - Doctorow on DRM Message-ID: What happens with digital rights management in the real world? Cory Doctorow Wednesday 5 February 2014 09.52 EST DRM is one of the most salient, and least understood, facts about technology in the contemporary world < - > http://www.theguardian.com/technology/blog/2014/feb/05/digital-rights-management --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 6 10:17:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Feb 2014 11:17:45 -0500 Subject: [Infowarrior] - National Guard Fights For Cyber Role In 2015 Budget Message-ID: <5BD73C6E-A698-4FCB-B0AF-C594E1D636E2@infowarrior.org> National Guard Fights For Cyber Role In 2015 Budget By Sydney J. Freedberg Jr. on February 05, 2014 at 4:00 AM http://breakingdefense.com/2014/02/national-guard-fights-for-cyber-role-in-2015-budget/ Chinese and Russian hackers have everybody running scared. So whatever else happens with the president?s budget request for fiscal year 2015, we know it will include more money for things cyber, from purely defensive network security to black-budget ?offensive cyber weapons? such as the Stuxnet worm. But one big thing remains in doubt: the role of the National Guard. Cyber Command wants the Guard to help. Guard leaders want to help CYBERCOM. And the Army has at least considered a proposal to fund 390 positions in 10 new ?Cyber Protection Teams? to be created in the Army National Guard. Whether this idea will get funded is being wrestled over behind locked doors and in the context of increasingly bitter fights between active-duty and reserve forces. The budgetary question marks loom so large that one senior official at the National Guard Bureau emailed a warning to the Adjutants General, the Guard commanders of every state, territory, and the District of Columbia: Don?t get out in front of what the federal budget will support. ?We have entered a new normal called sequestration,? read the senior official?s email. ?To fund ?excess? or ill-defined requirements out of hide is impossible. I continue to be concerned with further investments in Cyber and ISR [intelligence, surveillance, and reconnaissance] without definitive requirements documentation from COCOM/MAJCOMs [Combatant Commands and Major Commands]. In my opinion this posture could put [Guard] force structure at risk depending on strategic choices being made by DoD leaders.? (We agreed not to identify the official.) So what are they choosing? ?The Department continues to conduct analysis to determine the appropriate force structure for cyber in the Guard and Reserve components,? was all a DoD official would tell me, after I?d been harassing people for an answer for weeks. ?At this time, the Department?s senior leadership has not made any decisions,? he said ? which is one of the reasons we?re writing this story. The outside experts we spoke to agreed that the Guard had a unique role to play. ?I think they are the linchpin for being able to effectively defend the nation,? said John Quigg, a retired Army officer and former senior CYBERCOM official, in an interview with my colleague Colin Clark. ?The thing that is not obvious and is wonderful about the Guard is that it sits between the federal government and the states, and that makes it very useful.? Both budgets and bureaucracy, however, are getting in the way. Gen. Alexander: ?The Guard Can Play A Huge Role? Despite all the obstacles, there?s certainly four-star support for giving the Guard a share of the cyber mission. ?The Guard can play a huge role,? Gen. Keith Alexander, the (outgoing) chief of both CYBERCOM and the embattled National Security Agency, told Congress last year. ?There?s two key things that they can do. First? it gives us additional capacity that we may need in a cyber conflict. The second part is, it also provides us an ability to work with the states.? For their part, state governments ?are clamoring? for Guard help on cybersecurity, Gen. Frank Grass, the chief of the National Guard Bureau, told reporters in November when he outlined the proposal for the 10 Cyber Protection Teams. ?Gen. Alexander and our chief Gen. Grass believe the Guard has a key role to play in cybersecurity,? said Col. David Collins, the National Guard Bureau?s chief cyber staffer (the ?J-6?), in an interview. ?So there is resounding agreement on that ? [but] we?re waiting for missions and force structure from the Army and the Air [Force]. We are still in the embryonic stages.? ?It?s not so much money,? Collins told me. ?The fundamental first step in all of this is, what is the Guard?s place in the federal and DoD cyber response?? The original Department of Defense (DoD) directives setting up the current cyber strategy ?essentially took the reserve components out of consideration,? Collins said. Why? ?The presumption was all those forces needed to be on active duty 24-7, 365,? he said. ?[But] why can?t you surge us as you do for other things?? In fact, the Guard is arguably better suited for cyberwar than for physical war. It takes weeks to months to mobilize, train, and prepare Guard forces for deployment overseas, potentially up to 110 days for the largest and most complex units. A Guard cybersecurity expert could (almost) roll out of bed, log on and start defending networks around the planet before his coffee gets cold. But this subjective assessment needs to get encoded into the formal military requirements process before anything can happen in the budget. ?The National Guard has to have forces that are built primarily for a federal purpose,? Collins said. Whenever state governors call out the Guard to control wildfires, floods, or rioters, the troops, trucks, and helicopters that respond are almost entirely paid for by the federal government for military missions. On paper, the Department of Homeland Security would be in charge of defending the nation?s non-military networks, but against high-tech or large-scale threats DHS would have to ask the Pentagon to help. The Guard could be part of that homeland defense response, but ?the government doesn?t have a plan that clearly indicates how that would be done,? Collins said bluntly. ?The National Cyber Incident Response Plan, in my opinion, is not very thorough?.I don?t mind going on record as the J-6 of the National Guard Bureau saying that the nation has a lot of progress that it needs to make.? He?s hardly alone in that opinion, Not only is cybersecurity legislation chronically stalled on Capitol Hill, said Quigg, the former CYBERCOM official, ?Cyber Command is increasingly attack-focused and the defensive mission has stalled?.We?re actually in worse shape now in some ways than we were five years ago.? What The Guard Can?t Do If the Guard were allowed to help out in homeland defense, Collins argues it would have three advantages over the active-duty force: ? First and most important, he said, Guard troops are physically present in armories, communities, and indeed civilian workplaces across the country, not concentrated in a few large bases. That puts them in constant contact with civilian networks and their operators. ? Second, the Guard can operate either on federal orders (so-called Title 10 status) or on the orders of the state governor (Title 32). Guard troops under the governor?s command aren?t bound by the Posse Comitatus Act or other restrictions on using federal troops for law enforcement. ? Third and last, as part-time troops, Guard cyber warriors would have full-time jobs in the civilian information technology world, giving them a different and often deeper expertise than the active-duty force, which tends to be younger. Those are in order of importance: ?A lot of people want to jump to No. 3 when they talk about the Guard,? Collins emphasized. ?That?s out of sequence.? The Guard already has limited cybersecurity capability, but it?s ?very ad hoc,? Collins said. Every state is authorized to have an eight-soldier Army National Guard network security team, though some Adjutants General didn?t even know this option even existed until recently, and they have to find the funding themselves without federal help. The Air National Guard has a range of ?network warfare? and ?information warfare? squadrons of varying sizes, structures, and skill levels. Some of these Air Guard units are impressive, said Atlantic Council cyber expert Jason Healey: ?[There's] the 262nd Network Warfare Squadron in Seattle (which includes lots of people from Microsoft), [and] the 175th Network Warfare Squadron at Fort Meade is deeply embedded in NSA work.? ?But states are increasingly trying to grab cyber mission for more budget, especially as more traditional missions are pared back,? Healey went on. ?This threatens to poison the whole effort as so many state piranha are trying to feed from the same mission.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 6 10:17:48 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Feb 2014 11:17:48 -0500 Subject: [Infowarrior] - FBI Looking to Buy Malware From Security Vendors Message-ID: <45AC921B-BF30-45CC-8181-1E87F5A747FA@infowarrior.org> FBI Looking to Buy Malware From Security Vendors http://www.securityweek.com/fbi-looking-buy-malware-security-vendors The FBI has placed malware on its shopping list, and is turning to vendors to help the agency build a massive library of malicious software. According to a 'Request for a Quote' posted on the Federal Business Opportunities website, the FBI is looking for price quotes for malware for the Investigative Analysis Unit of the agency's Operational Technology Division. "The Operational Technology Division (OTD), Investigative Analysis Unit (IAU) of the FBI has the following mission: Provide technical analysis of digital methods, software and data, and provide technical support to FBI investigations and intelligence operations that involve computers, networks and malicious software," according to the document (.doc). "The IAU has a team of highly trained technical analysts, specialists and engineers providing on-scene technical support, employing innovative, custom developed analytical methods and tools to analyze collected data," the document continued. "Critical to the success of the IAU is the collection of malware from multiple industry, law enforcement and research sources." According to the request for quote, any malware submissions must meet a set of baseline functional requirements: i. Contain a rollup of sharable malware as included in the malicious URL report ii. Be organized by SHA1 signatures iii. Be updated once every 24 hours iv. Be a snapshot of the prior 24 hours v. Be, on average, 35 GB per day and include the following file types: Executable file types from Unix/Linux, Windows and Macintosh Archives files Image files Microsoft Office documents Audio and Video files RTF files PDF files PHP files JavaScript files HMTL files vi. Be able to retrieve feed in an automated way through machine-to-machine communication vii. Initiations of accessing feed shall be pulled by IAU not pushed to IAU The agency does not say precisely how the malware will be used, but the document calls the collection of malware from law enforcement and research sources "critical to the success of the IAU's mission to obtain global awareness of malware threat." "The collection of this malware allows the IAU to provide actionable intelligence to the investigator in both criminal and intelligence matters," according to the document. The FBI did not respond to a request for more information from SecurityWeek before publication. "The FBI reserves the right to request a sample product for test and evaluation purposes," the document notes. "If a test sample is requested, the vendor will be notified when and where to send the sample. Given the nature of the solicitation, any test/sample product(s) will be removed/deleted at the conclusion of testing. To ensure that sufficient information is available, the Offeror must furnish, as a part of the quote, all descriptive material necessary for the purchasing activity to determine whether the product meets the salient characteristics of this requirement." Price quotes and a description of capabilities are due on Feb. 14. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 6 18:02:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Feb 2014 19:02:52 -0500 Subject: [Infowarrior] - FBI Checks Wrong Box, Places Student on No-Fly List Message-ID: (c/o IP) FBI Checks Wrong Box, Places Student on No-Fly List By DAVID KRAVETS 02.06.14 http://www.wired.com/threatlevel/2014/02/no-fly-list-bungle/ The government contested a former Stanford University student?s assertion that she was wrongly placed on a no-fly list for seven years in court despite knowing an FBI official put her on the list by mistake because he checked the ?wrong boxes? on a form, a federal judge wrote today. The agent, Michael Kelly, based in San Jose, misunderstood the directions on the form and ?erroneously nominated? Rahinah Ibrahim to the list in 2004, the judge wrote. ?He checked the wrong boxes, filling out the form exactly the opposite way from the instructions on the form,? U.S. District Judge William Alsupwrote (.pdf) today. The decision makes Ibrahim, 48, the first person to successfully challengeplacement on a government watch list. Much of the federal court trial, in which the woman sought only to clear her name, was conducted in secret after U.S. officials repeatedly invoked the state secrets privilege and sought to have the case dismissed. Attorneys working pro bono spent as much as $300,000 litigating the case. The judge issued a brief ruling last month declaring that the Malaysian woman was a victim of a bureaucratic ?mistake.? The judge?s full opinion was released today. Ibrahim?s saga began in December 2005 when she was a visiting doctoral student in architecture and design from Malaysia. On her way to Kona, Hawaii to present a paper on affordable housing, Ibrahim was told she was on a watch list, detained, handcuffed and questioned for two hours at San Francisco International Airport. She sued and federal authorities fought her all the way. The December 5-day trial was shrouded in extraordinary secrecy, with closed court hearings and non-public classified exhibits. The agent testified to his bungle in closed court. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 6 18:03:57 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Feb 2014 19:03:57 -0500 Subject: [Infowarrior] - more on.....FBI Looking to Buy Malware From Security Vendors References: <1391706091.28850.YahooMailNeo@web181502.mail.ne1.yahoo.com> Message-ID: <87845199-A88E-479D-8578-5C929058FE57@infowarrior.org> > From: matthew > Subject: Re: [Infowarrior] - FBI Looking to Buy Malware From Security Vendors > Date: February 6, 2014 at 12:01:31 PM EST > > >> IAU's mission to obtain global awareness of malware threat." > ... > >> "The collection of this malware allows the IAU to provide actionable intelligence to the investigator in both criminal and intelligence matters," according to the document. > > > Like HELL!! This is all about injecting malware into the computers of person's of interest. The FBI has a hard-on on what the NSA gets away with and they want in on it. Or put another way the NSA got caught in flagrant violation of the law and now the task of deliberately breaking into people's computers so they can collect information to bolster cases has been assigned to the F. B. I. > > Oh sure, they'll get a "warrant" from the rubberstamp FISA (or otherwise clueless judges) to install the malware on the pretext that they need it ("your honor, the subject doesn't use a phone, or uses burners which we can't track, so we need to tap his computer and to do that we need to infect it with 'specially crafted and narrowly targeted' *cough* software to monitor his communications and activities. afterall he's trading in electronic currency like bitcoin!!!") > > Will the prosecutor divulge that any of the evidence was collected by hijacking the accused' (and all his associates') computer(s)? Hell No!! Will they disclose that they even so much as attempted to infect the target? Are you kidding me? There is NO law the Dept of Justice won't violate in order to wage their war on the uppity citizenry. They'll manufacture a paper trail just like they do NOW with the NSA-sourced stuff. > > This is a disaster in the making and not just from a privacy, Constitutional protections, or abomination of the legal system, but from the "oops, our malware escaped" angle. > From rforno at infowarrior.org Thu Feb 6 18:23:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Feb 2014 19:23:52 -0500 Subject: [Infowarrior] - How The Copyright Industry Made Your Computer Less Safe Message-ID: <94C75694-4EEF-49C3-BC33-FDF41A142B3B@infowarrior.org> How The Copyright Industry Made Your Computer Less Safe http://www.techdirt.com/articles/20140206/11054426119/how-copyright-industry-made-your-computer-less-safe.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 6 19:01:01 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Feb 2014 20:01:01 -0500 Subject: [Infowarrior] - Twitter threatens to sue Obama administration Message-ID: <144D4BCB-AFD5-4FEC-B3E7-07B21977096C@infowarrior.org> February 06, 2014, 12:40 pm Twitter threatens to sue Obama administration By Julian Hattem http://thehill.com/blogs/hillicon-valley/technology/197646-twitter-considers-legal-fight-to-disclose-docs Twitter says it is prepared to sue the Obama administration for the right to disclose more details about government surveillance requests. In a blog post on Thursday, the head of global legal policy for the micro-blogging website said a recent agreement between tech groups and the Justice Department did not go far enough to address the company's concerns. ?We think the government?s restriction on our speech not only unfairly impacts our users? privacy, but also violates our First Amendment right to free expression and open discussion of government affairs,? Jeremy Kessel wrote. ?Therefore, we have pressed the U.S. Department of Justice to allow greater transparency, and proposed future disclosures concerning national security requests that would be more meaningful to Twitter?s users. We are also considering legal options we may have to seek to defend our First Amendment rights.? Last week, five tech companies reached a deal with the Justice Department to disclose when they receive national security letters and Foreign Intelligence Surveillance Act orders, which force companies to turn over information about users. But the agreement only allows companies to report ranges of 250 or 1,000, depending on how they categorize the requests. Twitter says that?s not enough. ?Allowing Twitter, or any other similarly situated company, to only disclose national security requests within an overly broad range seriously undermines the objective of transparency,? Kessel wrote on Thursday. ?In addition, we also want the freedom to disclose that we do not receive certain types of requests, if, in fact, we have not received any.? Companies have said that consumers around the world trust them less because they don?t know the extent to which they are handing information over to the government. Twitter did not release information about the national security requests it had received. It has seen a steady increase in the number of other government requests about users' accounts it has received in the last two years, it said. About 59 percent of requests in the last six months of 2013 came from the U.S., Twitter said, though 45 different countries have asked for information since 2012. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 6 20:15:07 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Feb 2014 21:15:07 -0500 Subject: [Infowarrior] - That NBC (hacking) story is 100% fraudulent Message-ID: That NBC story 100% fraudulent By Robert Graham http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html Yesterday (Feb 5 2014) NBC News ran a story claiming that if you bring your mobile phone or laptop to the Sochi Olympics, it'll immediately be hacked the moment you turn it on. The story was fabricate. The technical details relate to going to the Olympics in cyberspace (visiting websites), not going to their in person and using their local WiFi. The story shows Richard Engel "getting hacked" while in a cafe at Sochi. It is wrong in every respect. ? They aren't actually in Sochi (they are in Moscow). ? The "hack" happens because of the websites they visit (Olympic themed websites), not their physical location. The results would've been the same in America. ? The phone didn't "get" hacked; Richard Engel initiated the download of a hostile Android app onto his phone. I had expected the story to be about the situation with WiFi in Sochi, such as man-in-the-middle attacks inserting the Blackhole toolkit into web pages exploiting the latest Flash 0day. But the story was nothing of the sort. Instead, the hacking in the story was due to the hostility of Olympic themed websites. The only increased danger from being in Russia is geolocation. Google uses your IP address to increase the of rank local sites, so you'll see more dodgy Russian sites in the results. You can disable this feature in your Google account settings. Absolutely 0% of the story was about turning on a computer and connecting to a Sochi network. 100% of the story was about visiting websites remotely. Thus, the claim of the story that you'll get hacked immediately upon turning on your computers is fraudulent. The only thing that can be confirmed by the story is "don't let Richard Engel borrow your phone". That leaves us with the same advice that we always give people: ? don't click on stuff ? patch your stuff (browser, Flash, PDF) ? get rid of the really bad stuff (Oracle's Java) ? don't click on stuff ? oh, and if you really are in Sochi, use VPN over the public WiFi I gleaned these details from Kyle Wilhoit, the expert quoted in the story, and his Twitter feed. He's working on a blog with the full technical details. I'm sure it'll be great, with lots of details about what hackers can find with Maltego, the dangers of hostile websites, and so on -- the sort of great information totally lost in the nonsense that is the NBC story. By the way, the easy way to figure out where journalists commit fraud is by watching for "passive voice". Journalists normally avoid passive voice, preferring stronger language. But, when they need to hide things, they passive voice to cover up details. Saying "was hacked" covers up the fact that Richard Engel hacked himself by knowingly downloading a hostile Android app. In other word, active voice wouldn't have worked, because it would have required identifying who put the virus on the phone. He couldn't report that a "hacker put the virus on the phone" because the hacker didn't, Richard Engel did. He couldn't very well have reported, in the active voice, "I downloaded the virus". Thus, the passive voice, "the phone was hacked", avoiding this inconvenient detail of who did what. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 7 07:40:59 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Feb 2014 08:40:59 -0500 Subject: [Infowarrior] - FISA Court Agrees To Changes That Limit NSA's Ability To Query Phone Records Message-ID: FISA Court Agrees To Changes That Limit NSA's Ability To Query Phone Records from the it's-something dept http://www.techdirt.com/articles/20140206/17522626124/fisa-court-agrees-to-changes-that-limit-nsas-ability-to-query-phone-records.shtml While we were mostly disappointed by President Obama's speech concerning his plans for reforming surveillance efforts, there were a few significant suggestions, with the most major one being a limit from being able to explore "3 hops" down to "2 hops." That might not sound that big, but it is a pretty big limitation when you dig into the math. Furthermore, he said that there should be a court reviewing each request to query the phone records database. He left open a pretty big loophole, saying that this judicial review could be skipped in a "true emergency" but it's still something. In response, the Justice Department actually went to the FISA Court and filed a motion to revise the current order approving the telephone records collection (under Section 215 of the PATRIOT Act, sometimes called the "bulk metadata" program), to change it to put in place these restrictions.. The FISA Court has now approved that request, and will releases a (possibly redacted) version of the order within the next week and a half or so. This is a small change, but it is still a meaningful change that creates both more oversight and greater limits on how this data can be used. It's a small step in the right direction. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 7 21:07:33 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Feb 2014 22:07:33 -0500 Subject: [Infowarrior] - Friday Humour: The NSA Product Generator Message-ID: <8BE1F477-4B29-42D7-BD80-D5C1CB997DBA@infowarrior.org> The NSA Product Generator Inspired by the recent dump of NSA's TAO product catalog, containing weirdly-codenamed products beyond the wildest paranoid's dreams. Hit refresh to get a new one! http://ternus.github.io/nsaproductgenerator/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 8 00:07:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Feb 2014 01:07:54 -0500 Subject: [Infowarrior] - US finally getting pin-and-chip credit card upgrade Message-ID: <6952A510-92AC-4EA4-9EFF-6DAE01C23BC4@infowarrior.org> (I can?t think of the last time ANYONE looked at a credit card signature or whatever I scribbled on the screen or on the receipt at a restaurant. For many reasons, this is loooooong overdue, imho. ?rick) All American Credit Cards Will Disappear In 2015 And Be Replaced With This New Tech Jim Edwards Feb. 7, 2014, 9:52 AM http://www.businessinsider.com/chip-and-pin-credit-card-changeover-in-2015-2014-2 Every credit card in the U.S. will be replaced by October 2015 with new cards that contain the chip-and-PIN technology that the rest of the world has had for years, according to the Wall Street Journal. Both Visa and MasterCard are committed to the switch, which will render extinct the plastic in your wallets and purses right now. No more black magnetic stripes; no more signing on the dotted line. Americans who have traveled to Europe in recent years will know that the U.S.'s credit card system is embarrassingly old-fashioned by comparison. It's often difficult to use American credit cards abroad because the Europeans abandoned magnetic stripes and signatures years ago ? they were too easily hacked. Credit and debit cards in the U.S. are about 10 years behind the rest of the world. The new cards contain a microchip and require the owner to enter a PIN into a payment machine at checkout. They are more secure for a couple of reasons. First, requiring the PIN prevents checkout staff from handling your card ? they will simply hand you the point-of-sale device and customers will insert their cards and verify payment themselves. Currently, when a checkout staffer takes your card, they can surreptitiously swipe it through a card-copying machine, or simply copy the number on it. A version of this hack was used to steal 70 million credit card numbers from Target customers between Thanksgiving and Christmas. Hackers altered the point-of-sale machines to copy the info on the magnetic stripe as it was swiped. With chip-and-PIN, the number on the chip alone is useless ? you need the PIN too, and that can be changed any time. Second, the chip replaces the magnetic stripe, which is easily copied and therefore vulnerable to hackers, as the Target sting proved. In France, chip-and-PIN allegedly reduced credit-card fraud by 80% (although the sourcing for this number is vague). In fact, the reason the U.S. is being forced into making the chip-and-PIN change now is that the fraud industry migrated from Europe to America simply because U.S. cards were easier to hack than the European ones, according to MasterCard?s Carolyn Balfany, the company?s expert on the change. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Feb 9 09:38:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Feb 2014 10:38:58 -0500 Subject: [Infowarrior] - The terrifying surveillance case of Brandon Mayfield Message-ID: (Let?s also not forget the historic cultural arrogance of the FBI, which presumes they?re always right. ?rick) The terrifying surveillance case of Brandon Mayfield by Matthew Harwood February 8, 2014 http://america.aljazeera.com/opinions/2014/2/the-terrifying-surveillancecaseofbrandonmayfield.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 10 06:33:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Feb 2014 07:33:09 -0500 Subject: [Infowarrior] - Questions for the government on Snowden Message-ID: 06:50 AM - February 10, 2014 Questions for the government on Snowden There are still too many things US citizens don?t know By Aryeh Neier http://www.cjr.org/behind_the_news/snowden_aryeh_neier.php?page=all The case of Edward Snowden raises many questions. Do we need the surveillance programs he disclosed to mitigate the threat of terrorism? Do those programs intrude excessively on individual privacy? If we need them, and the intrusions on privacy are not too great, was it appropriate to keep them secret? Is their effectiveness compromised by public disclosure? Could they have been disclosed in another way? If not, was Edward Snowden justified in disclosing them unilaterally? The answers to the first two questions depend on each other. If the surveillance programs of the National Security Agency provide real protection against terrorism, many of us would put up with a substantial intrusion on our privacy. On the other hand, if those programs are not shown to protect us, our tolerance for government snooping would decline commensurately. We regularly give up some portion of our privacy?as when we submit to screening before boarding a plane?if the intrusion seems minimal and the benefit, in the form of safety, seems substantial. When the invasion of privacy is greater, we have heightened concerns. Many of us think that maintaining limits on the power of the state to gather and store information on our thoughts, our bodies, our relationships, and certain other aspects of our lives, is important. We want strict controls on such practices. In thinking about these questions, Americans should be aware of the sorry history of political surveillance in the United States. Surveillance by the federal government began in 1908 with the establishment of the Bureau of Investigation in the Department of Justice (later the Federal Bureau of Investigation, or FBI). During World War I, the Bureau gathered information on those opposing American entry into the war or opposing the draft, leading to many hundreds of prosecutions under the 1917 Espionage Act and the 1918 Sedition Act. Large numbers were sent to prison for five, 10, or even 20 years for peaceful dissent. Following the war, the Bureau stepped up its surveillance, focusing on labor activists, aliens, and suspected communists and anarchists, leading to dragnet arrests of thousands and the summary deportations of hundreds. In 1924, the Justice Department imposed some limits on the FBI, but most restrictions were ended about the time World War II started in Europe in 1939. From then until shortly after the death of long-time FBI Director J. Edgar Hoover in 1972, political surveillance dominated the work of the FBI. Its activities included extensive programs to harass and disrupt the lives and organizations of leftists, civil rights advocates, anti-war activists, and many others. Political surveillance peaked during the Nixon Administration. Disclosures by whistleblowers of that era and the Watergate scandal helped lead to a number of Congressional investigations. So far as we now know based on Snowden?s revelations, the NSA has neither engaged in the politically targeted practices of an earlier era nor in the harassment of political dissenters. That makes its activity a great deal less objectionable than what took place previously. On the other hand, in collecting metadata on virtually every phone call in the United States in recent years, the NSA has compiled information that could reveal a great deal about us. As US Supreme Court Justice Sonia Sotomayor pointed out in an opinion in a 2012 case not involving terrorism, it can reveal calls ?to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour motel, the union meeting, the mosque, synagogue or church, the gay bar, and so on.? As there is no way to guarantee that we will never again have officials like J. Edgar Hoover or Richard Nixon, the availability of such information on all of us is not a comforting thought for those concerned about privacy. So what have we gotten in return? According to the December 12 report of an independent review group appointed by President Obama, the information leaked by Snowden ?was not essential in preventing attacks.? Similarly, the federal Privacy and Civil Liberties Oversight Board, a bipartisan body, said in its report on January 23 that ?we have not identified a single instance involving a threat to the United States in which the program made a concrete difference in the outcome of a counterterrorism investigation.? Why should Americans sacrifice their privacy if this is not helping to prevent terrorism? There may be more to be said on this issue. NSA officials insist that the programs have helped to prevent terrorist attacks. So far, key members of the Senate Intelligence Committee and President Obama have endorsed this view. They should come forward with the evidence needed to make their case. The main argument for secrecy is that, knowing about these practices, would-be terrorists will conduct themselves in a manner to avoid detection. But this flies in the face of what we know about other forms of surveillance. We know that when there is a visible police presence on the street, it deters crime. Surveillance cameras, which are ubiquitous in cities in the United Kingdom and increasingly in the United States, are not hidden. Everybody sees them and, reportedly, this also deters crime. The screening at airports is not secret. Because we know we must pass through a device that will detect metal, most of us refrain from carrying forbidden objects on to a plane. By keeping us from even trying to carry weapons on board, screening makes us more safe, not less. It may well be the same for the NSA?s electronic surveillance. Knowing that calls are monitored probably prevents many such calls. If prospective terrorists thought they could make calls without risk, they would make more such calls. Perhaps they would be caught, perhaps not. The NSA cannot guarantee it will recognize the significance of every call. Deterring most calls by terrorists and catching some that are made despite the risks seems a better strategy. Also, of course, knowing that our calls are monitored is essential to us in knowing about the intrusions on our privacy and judging whether they are worthwhile. Though the NSA has apparently limited itself to collecting metadata on Americans except when monitoring the content of calls is specifically authorized by a court order, it recognizes no such limits on its spying outside the United States. The activity revealed by Edward Snowden that has created the greatest embarrassment is its eavesdropping on the calls of Brazilian President Dilma Rousseff and German Chancellor Angela Merkel. The NSA has not bothered to claim that this had any national security purpose, nor has it provided any explanation for listening to their conversations. Perhaps it indicates that some of the NSA?s activities are driven as much or more by an interest in flaunting the institution?s capacity for electronic surveillance than by concern for the prevention of terrorism. Among the few reforms that President Obama proposed in his January 17 address on these issues was that ?unless there is a compelling national security purpose, we will not monitor the communications of heads of state and government of our close friends and allies.? Putting aside questions about the value of the NSA?s metadata program in preventing terrorism, and whether disclosure has compromised its effectiveness, the question remains whether Edward Snowden was justified in disclosing these activities. I think that a strong argument for defending his disclosures is that the government did more than keep secret the NSA?s electronic surveillance. It also gave out false information. At a hearing of the Senate Intelligence Committee in March 2012, James R. Clapper, the Director of National Intelligence, said that the NSA did not intentionally collect information on the phone calls of Americans. Clapper knew, and at least some of the Senators present knew, that the NSA had collected metadata on virtually every phone call in the US for the past several years. That is, Clapper lied, and his lie was not challenged by some who knew better. There is no indication that his false testimony to Congress jeopardized his position. The Obama Administration was willing to let the false testimony stand, indicating that it?s fine for a high-level official to deceive the public about such matters. Snowden made public information that exposed the deception; that was a public service. Aside from President?s Obama pledge to discontinue some of the spying on foreign leaders, the most important reform proposed thus far by the President was that he would ask Congress ?to authorize the establishment of a panel of advocates to provide an independent voice [on privacy issues] in significant cases? before the secret Foreign Intelligence Surveillance Court that deals with the National Security Agency. That is a welcome proposal. Someone ought to speak up for privacy. What matters much more, however, is enabling citizens to know more about what the government is doing that is supposed to protect them against terrorism, and to what extent it is invading their privacy in the process, so they can form their own opinions on whether they are getting a good deal. As no one else has provided us with this information, we should be grateful to Edward Snowden for giving us at least some of the information we need to decide for ourselves. - See more at: http://www.cjr.org/behind_the_news/snowden_aryeh_neier.php?page=all#sthash.WPHobAUO.dpuf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 10 06:34:24 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Feb 2014 07:34:24 -0500 Subject: [Infowarrior] - NYT: How to sensationalise a web-scraper Message-ID: NY Times 'Uses' Scare 'Quotes' To Highlight How 'They' Don't 'Understand' How Snowden 'Copied' Documents http://crooksandliars.com/2014/02/ny-times-uses-scare-quotes-highlight-how --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 10 06:40:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Feb 2014 07:40:58 -0500 Subject: [Infowarrior] - Greenwald launches "The Intercept" Message-ID: <27D03A89-4EE7-47B1-9ED5-1046AB89047A@infowarrior.org> Welcome to The Intercept By Glenn Greenwald, Laura Poitras and Jeremy Scahill 10 Feb 2014, 12:01 AM EST https://firstlook.org/theintercept/2014/02/10/welcome-intercept/ We are very excited to welcome everyone to The Intercept, a publication of First Look Media (FLM). The Intercept, which the three of us created, is the first of what will be numerous digital magazines published by FLM. As soon as we resolved to build The Intercept, we set out to recruit many of the journalists whose work we have long respected and admired: those who have a proven track record of breaking boundaries, taking risks, and producing innovative, rigorous journalism. We have assembled a team of experienced and independent journalists and editors (see our masthead here). Our central mission is to hold the most powerful governmental and corporate factions accountable, and to do so, we will report on a wide and varied range of issues. Being able to work with highly accomplished writers like Liliana Segura, Dan Froomkin, Peter Maass and Marcy Wheeler, along with a team of young and aggressive reporters such as Murtaza Hussain, Ryan Gallagher and Ryan Devereaux, is truly emboldening. For our reporting, we have both technical expertise in the form of Micah Lee, and legal expertise from Daniel Novack. As our team grows, the ethos they embody of fearless, independent journalism is what will guide us. The Intercept has a two-fold mission: one short-term, the other long-term. Our short-term mission is limited but critically important: to provide a platform and an editorial structure in which to aggressively report on the disclosures provided to us by our source, NSA whistleblower Edward Snowden. We decided to launch now because we believe we have a vital and urgent obligation to this story, to these documents, and to the public. Over the past seven months the journalists who have reported on these documents from the National Security Agency have been repeatedly threatened by a wide range of government officials. Sometimes, the intimidation campaign has gone beyond mere threats. These attempted intimidation tactics have intensified in recent weeks and have become clearly more concerted and coordinated. None of this will deter the journalism we are doing. A primary function of The Intercept is to insist upon and defend our press freedoms from those who wish to infringe them. We are determined to move forward with what we believe is essential reporting in the public interest and with a commitment to the ideal that a truly free and independent press is a vital component of any healthy democratic society. Our first two news articles at The Intercept are now published. The first, by Jeremy Scahill and Glenn Greenwald, documents the NSA?s use of highly unreliable methods to target individuals around the world for assassinations by drone, resulting in the deaths of innocent people. It relies upon a new well-placed source, as well as new NSA documents from the Snowden archive, to tell the story. The second is by a guest reporter, the photographer and artist Trevor Paglen, who is publishing new aerial images of the NSA, the National Reconnaissance Office, and the National Geospatial-Intelligence Agency. Our focus in this very initial stage will be overwhelmingly on the NSA story. We will use all forms of digital media for our reporting. We will publish original source documents on which our reporting is based. We will have reporters in Washington covering reactions to these revelations and the ongoing reform efforts. We will provide commentary from our journalists, including the return of Glenn Greenwald?s regular column. We will engage with our readers in the comment section. We will host outside experts to write op-eds and contribute news items. Our longer-term mission is to provide aggressive and independent adversarial journalism across a wide range of issues, from secrecy, criminal and civil justice abuses and civil liberties violations to media conduct, societal inequality and all forms of financial and political corruption. The editorial independence of our journalists will be guaranteed, and they will be encouraged to pursue their journalistic passion, areas of interest, and unique voices. We believe the prime value of journalism is that it imposes transparency, and thus accountability, on those who wield the greatest governmental and corporate power. Our journalists will be not only permitted, but encouraged, to pursue stories without regard to whom they might alienate. Because we are launching with a limited short-term focus, we are excited by the opportunity to grow with our readers into the broader and more comprehensive news outlet we will become. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 10 06:47:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Feb 2014 07:47:22 -0500 Subject: [Infowarrior] - Comcast hushes, minimizes serious hack Message-ID: <2C746419-42F1-4677-BC0C-D8D05CA0D6FD@infowarrior.org> Change your passwords: Comcast hushes, minimizes serious hack http://www.zdnet.com/change-your-passwords-comcast-hushes-minimizes-serious-hack-7000026118/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 11 06:59:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Feb 2014 07:59:00 -0500 Subject: [Infowarrior] - Today We Fight Back Against Mass Surveillance Message-ID: February 11, 2014 | By Adi Kamdar Today We Fight Back Against Mass Surveillance https://www.eff.org/deeplinks/2014/02/today-we-fight-back-against-mass-surveillance Since June, ongoing revelations about the NSA's activities have shown us the expanding scope of government surveillance. Today is the day people around the world are demanding an end to mass spying. A broad coalition of organizations, companies, and individuals are loudly voicing their stance against unwarranted mass spying?over 6,000 websites have joined together today to demand reform. EFF stands by millions of users?represented by groups like Demand Progress, ACLU, PEN, and Access as well as companies like Google, Twitter, Mozilla, and reddit?to reform governmental collection of innocent users' information. Over the past few years, we've seen the Internet as a political force make waves in Washington. From our defeat of the Internet censorship bill SOPA to our battles over CISPA, TPP, and patent reform, history has shown that we can activate our networks to beat back legislation that threatens our ability to connect, as well as champion bills that will further our rights online. We can win this. We can stop mass spying. With public opinion polls on our side, unprecedented pressure from presidential panels and oversight boards, and millions of people speaking out around the world, we've got a chance now to change surveillance policy for good. Last year, we were presented with a new opportunity?an opportunity in the form of leaks that showed us the truth about deeply invasive surveillance programs around the world. This is the year we make good on that opportunity. Let's ensure that sacrifices made by whistleblowers and risks taken by brave journalists were not done in vain. Join us in fighting back. We've laid out below how you can speak out against mass spying. In the US? Call Congress today. Dial 202-552-0505 or click here to enter your phone number and have our call tool connect you Privacy Info: This telephone calling service is operated by Twilio and will connect you to your representatives. Information about your call, including your phone number and the time and length of your call, will be collected by Twilio and subject to Twilio's privacy policy. Calling Congress takes just five minutes and is the most effective action you can take right now to let your elected officials know that mass surveillance must end. Here's what you should say: I'd like Senator/Representative __ to support and co-sponsor H.R. 3361/S. 1599, the USA Freedom Act. I would also like you to oppose S. 1631, the so-called FISA Improvements Act. Moreover, I'd like you to work to prevent the NSA from undermining encryption standards and to protect the privacy rights of non-Americans. Outside the US? Take action now. Mass spying affects all of us worldwide. Demand an end to mass surveillance by signing the 13 Principles petition. More ways to get involved After you have called Congress or signed the 13 Principles, share this action widely. Join me in demanding an end to illegal mass surveillance. Take action now: https://thedaywefightback.org/?r=eff #StoptheNSA On your social network of choice, be sure to use the hashtag #StoptheNSA. There are also a handful of in-person events occurring around the world?protests, discussions, cryptoparties, and more. Don't see one in your area? It's not too late to throw one together today. Today we fight back This fight is more important than ever. Our world has radically changed since last June, when newspapers started reporting on mass spying based on documents revealed by Edward Snowden. Today, it is widely known that the international spy agencies collect users' phone calls, emails, address books, buddy lists, calling records, online video game chats, financial documents, browsing history, text messages, and calendar data. We also know that the security agencies have hacked deep into the backbone of the Internet and disrupted international encryption standards. These activities compromise the confidence and safety of countless people, organizations, and companies. The President's NSA review group has demanded expansive reforms to NSA surveillance programs. The Congressionally mandated Privacy and Civil Liberties Oversight Board has condemned NSA surveillance programs as illegal. And recent polls have shown that a majority of Americans oppose governmental mass collection of phone and Internet data. It's time to turn this momentum into action. Call Congress today, or if you're abroad, make your voice heard. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 11 07:04:17 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Feb 2014 08:04:17 -0500 Subject: [Infowarrior] - =?windows-1252?q?Brenner_OpEd=3A_Snowden=3A_What?= =?windows-1252?q?=92s_the_Harm=3F?= Message-ID: <7B86AB58-2179-4403-BB06-9EA89472382E@infowarrior.org> (c/o DG) Snowden: What?s the Harm? What harm has Edward Snowden done to his country? http://joelbrenner.com/snowden-whats-the-harm/ When Snowden asserts that the National Security Agency listens to encrypted Russian diplomatic traffic, it takes the Russians about twenty minutes to shut it down. An operation like that can take many years to put in place. When he explains exactly how NSA can implant devices that make it possible to extract information even from isolated networks of hostile governments, those operations will die on the vine. When he identifies specific networks of adversaries that we have penetrated and the exact locations from which we have done it, he effectively shuts those operations down. When he and his backers assert that NSA penetrates Google and Yahoo and Facebook servers overseas ? when the truth is that NSA may target the foreign terrorist-linked users of those services ? he wounds the businesses of creative, successful American companies. When he identifies legitimate, and legitimately secret, arrangements by which foreign governments cooperate with the United States in pooling resources to track foreign terrorists, he sows pandemonium among Western allies. When you educate terrorists day after day with these and other revelations, they learn their lessons, and indeed collection against terrorist networks has fallen off sharply. These are the hostile actions of a self-righteous megalomaniac ? hostile to the United States, hostile to liberal democracy, hostile to the West ? and it is impossible to avoid the conclusion that their results were intended. That Snowden also started an overdue public discussion of a metadata collection program authorized by Congress and more than a dozen federal judges ? but not understood by many Americans ? cannot be denied. But those disclosures comprise only a fraction of his program of stealing and broadcasting classified information that otherwise has nothing to do with the privacy and civil liberties of citizens of the United States and allied nations. Lawfare?s round-up of press coverage of Snowden?s spilled secrets begins to tally the score. Some of these articles discuss techniques that are known to commercial technical experts, though not necessarily to intelligence targets. Others are ?- or rather were ? the deepest of state secrets. For a portrait of Snowden and his allies, Julian Assange of WikiLeaks and Greenwald, see Sean Wilentz, ?Would You Feel Differently About Snowden, Greenwalk, and Assange if You Knew What They Really Thought,? at http://www.newrepublic.com/article/116253/edward-snowden-glenn-greenwald-julian-assange-what-they-believe. - See more at: http://joelbrenner.com/snowden-whats-the-harm/#sthash.rL4zDhlt.dpuf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 11 08:53:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Feb 2014 09:53:36 -0500 Subject: [Infowarrior] - Shunned as NSA Advisers, Academics Question Their Ties to the Agency Message-ID: (via IP) February 10, 2014 Shunned as NSA Advisers, Academics Question Their Ties to the Agency http://chronicle.com/article/Shunned-as-NSA-Advisers/144639/?key=TT93JQU5ZXVNNns1YD4RYDxUa3BkN011Y3IeYyohbl5UFw== For decades, the National Security Agency?s main internal advisory board was rich with scientists from major research universities, helping the agency?s leaders keep American spies technologically a step ahead of their Cold War rivals. Then, in the past dozen years or so, around the same time the NSA began its controversial wholesale collection of phone and computer data, the agency was quietly making another change: Replacing many of those academics with corporate advisers more steeped in the tactics of surveillance than in either basic science or overall strategies. Now many academics are trying to be heard from the outside, arguing that the NSA?s spying tactics are proving counterproductive and that university researchers have a duty to stop assisting them. "It is time to seriously consider the relationship that exists between academia and the NSA, both the potential for good and the need for caution," Stefan A. Forcey, an assistant professor of mathematics at the University of Akron, wrote last month in the Notices of the A few months before that, Alexander A. Beilinson, a professor of mathematics at the University of Chicago, suggested in the same publication that those working with the NSA should be ostracized, just as "working for the KGB was socially unacceptable for many in the Soviet Union." Their appeals were followed on January 24 by an open letter from a group of 50 researchers warning of long-term damage to society and to the nation?s technological enterprise from the NSA?s reported tactic of intentionally weakening computer-security standards so it can carry out spy operations. "Every country, including our own, must give intelligence and law-enforcement authorities the means to pursue terrorists and criminals," the researchers wrote, "but we can do so without fundamentally undermining the security that enables commerce, entertainment, personal communication, and other aspects of 21st-century life." More Secrecy From almost the time the NSA was founded, in the early 1950s, the board that advised its director was dominated by academic stars from such institutions as the Massachusetts Institute of Technology, the California Institute of Technology, and the University of Chicago. That began shifting in the late 1990s, as the Internet rose in popularity. A series of intelligence failures exposed the NSA as too focused on intercepting satellite and radio signals, and insufficiently attuned to the growth of computer-based communications traveling in cables. To catch up, the NSA turned to technology companies and other corporate experts, and to even greater levels of secrecy. In 2005, Congress formally renamed the NSA director?s National Security Agency Advisory Board the "Emerging Technologies Panel," and made its activities fully exempt from public-disclosure laws. Now its members aren?t publicly disclosed, although those inside and outside the NSA have said that academics have been left with a diminished role on the board. An NSA spokeswoman, Vanee M. Vines, said that the board?s 18 members meet quarterly "to discuss a range of technical issues with agency leaders, offering critical insights or advice," but that she couldn?t identify the board?s current membership or agenda. One of the few academics to publicly acknowledge recent participation on the panel is Philip J. Hanlon, president of Dartmouth College. He spent about 13 years on the board, until 2007, while a professor of mathematics at the University of Michigan at Ann Arbor. He said he recalled the board?s transition as a move toward "nonscientific" advice, aimed more at "the running of the business." John C. Inglis, who retired last month as the NSA?s deputy director, describes similar motivations, saying the NSA began choosing board members with an eye toward a specific expertise they could bring, in areas that could include human resources or communications. "While we certainly include them, no one from higher ed comes to mind" among the board's current membership, he said, "because our selections are based on expertise more than affiliation with some organization." With fewer university advisers, the board may have lost some of the moderating influence that derives from a more holistic approach, said Matthew M. Aid, an author whose writings aim at illuminating the NSA. "Academics sort of look at the whole problem from top to bottom," he said. It?s not just the advisory board that?s changed, Mr. Aid said. With the exception of the NSA?s current director, Keith B. Alexander, a four-star Army general, the agency?s top management corps for the past five or six years has consisted entirely of software engineers, Mr. Aid said. (Mr. Alexander is retiring in March, to be replaced by Michael S. Rogers, a vice admiral who leads the Navy?s Fleet Cyber Command.) When that engineering-heavy leadership wants a formal review of a policy question or practice, Mr. Aid said, it tends to hire established Washington consultants, such as those from the RAND Corporation, rather than assign a team of academics, as it had in the past. Power of Math The shift away from academic expertise is especially worrisome to many mathematicians, for whom the NSA has long been their field?s single largest employer outside education. In the months since Edward J. Snowden fled the United States with tens of thousands of electronic documents describing NSA practices, mathematicians are realizing that they are in the same position as nuclear physicists in the middle of the last century, and business students in more recent times?suddenly needing to figure out the ethics behind what they do, said Edward Frenkel, a professor of mathematics at the University of California at Berkeley. "Our community has been behind the curve," Mr. Frenkel said, along with much of the world, in not fully appreciating that "in the 21st century, a mathematical formula could be just as powerful as a nuclear bomb." According to one set of reports tied to the Snowden documents, the NSA made arrangements with RSA, a leading computer-security firm, to insert a flaw into its formula for generating random numbers associated with widely used encryption products. Other reports describe the NSA as persuading the National Institute of Standards and Technology, the federal agency that sets U.S. encryption standards, to select security formulas that the NSA would be able to decipher. For scientists and for the country as a whole, such security strategies are self-defeating in the long run, said Joan Feigenbaum, a professor of computer science at Yale University, who helped organize last month?s protest letter by 50 senior experts in cryptography and computer science. That kind of tactic has already backfired elsewhere, she said. Reported instances include wiretapping capabilities that were built into the phone network of Greece, only to be exploited by an unknown perpetrator who eavesdropped on calls involving top government leaders. Ms. Feigenbaum said she expected governments to conduct surveillance operations. When they follow proper procedures, such as obtaining warrants from courts, however, secret backdoor entries into systems shouldn?t be necessary, she said. Student Training The concern among researchers is growing at the same time that the NSA is finding a more receptive audience in other quarters of universities. The agency, structurally an arm of the Department of Defense, leads two Pentagon-affiliated research facilities on university campuses: one at the University of Maryland at College Park, which studies language and human cognition, and the other at the Stevens Institute of Technology, focused on systems engineering. And more than 100 universities, eager to offer their students career opportunities, now participate in a program through which the NSA and the Department of Homeland Security certify them as Centers of Academic Excellence for teaching courses in subjects that include computer science and electrical engineering. One institution pursuing that certification, Excelsior College, last month opened a National Cybersecurity Institute in Washington. The facility is little more than a TV studio and conference room in an office building a few blocks from the White House, where the college, an online institution based in New York, hopes to use government experts from the NSA and other security agencies to supplement its expanding menu of courses in cybersecurity. Information security is one of the nation?s fastest-growing job categories, with employment expected to increase by 37 percent in the decade ending in 2022, the Bureau of Labor Statistics has reported. Excelsior?s president, John F. Ebersole, a Vietnam veteran and retired Coast Guard commander, said his college is among many moving aggressively into the field. The Snowden scandal did give Excelsior leaders "quite a lot" to consider just as they were preparing the initiative, such as whether the NSA?s actions had been "ethical and appropriate, particularly as it concerns other countries and leaders," Mr. Ebersole said. In the end, the college concluded that the disclosures amounted largely to embarrassment, as the NSA had not been formally found to have violated any laws, he said. Even universities and researchers that aren?t interested in dealing directly with the NSA or doing classified work may be helping out, Mr. Hanlon said. That?s because the NSA often will try to "extract the mathematical question out of their problem," widening the pool of university researchers who could work on it without getting involved in classified details, he said. Leading areas of research include number theory, which is a source for encryption protocols; the development of algorithms and processes to more efficiently map and sort large amounts of data; the development of faster computers and better storage systems; and the testing of computer vulnerabilities. Research Funding The NSA has extensive ties to the American Mathematical Society, using it to directly recruit workers for sabbaticals at the agency, and to help the agency finance college math programs and researchers in general. The mathematical society also administers the distribution of research grants financed by both the NSA and the National Science Foundation. The foundation, which makes its budget information public, says its Division of Mathematical Sciences has an annual budget of about $240-million. The NSA grants refereed by the society "are similar to NSF ones, but smaller, and there are more of them," Mr. Beilinson said. Joseph L. Hall, chief technologist at the Center for Democracy & Technology, a nonprofit advocacy group, said there is widespread suspicion that the two agencies coordinate so that NSF grant requests help further NSA goals. The science foundation, for its part, emphasizes its independence. It isn?t opposed to the reuse of NSF-financed research for NSA activities, said Aaron Dubrow, a foundation spokesman, but it doesn?t actively seek or take guidance from the security agency. The NSA may have other ways of using universities to further its agenda. The Johns Hopkins University, a leading recipient of classified-research dollars, made headlines last year when it asked Matthew D. Green, an assistant research professor of computer science, to remove a blog posting that referred to news articles about leaked NSA documents concerning encryption technologies. Mr. Green, who was later allowed to repost the item, said he is among those waiting for university researchers to reassess their ties to the NSA. "I know a lot of computer scientists who are upset about the NSA revelations," he said. "But I haven?t seen any of this break out into a more coherent national debate." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 11 11:31:56 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Feb 2014 12:31:56 -0500 Subject: [Infowarrior] - Eric Holder to step down this year: report Message-ID: Eric Holder to step down this year: report The Washington Times Monday, February 10, 2014 http://www.washingtontimes.com/news/2014/feb/10/eric-holder-step-down-year-report/ U.S. Attorney General Eric Holder will step down this year, he said in an interview with the New Yorker?s Jeffrey Toobin in the magazine?s Feb. 17 edition. In a feature article, Mr. Holder said he plans on staying in his position ?well into? the year. Last November, Mr. Holder, the first black attorney general, told CBS News he didn?t have ?any plans? to step down. Mr. Holder has made voting rights the test case of his tenure, the New Yorker reported. He has been a vocal critic of the Supreme Court case that invalidated key parts of the Voting Rights Act and has supported Congressional action to renew and revise the law. During his five years as the nation?s top law enforcement officer, Mr. Holder has also weighed in on other controversial Supreme Court decisions. Mr. Holder said he wouldn?t defend the Defense of Marriage Act in court and over the weekend announced the Department of Justice?s plans to give same-sex couples the same rights in the federal legal system as married heterosexual couples, regardless of whether a state recognizes same sex marriage. ? Copyright 2014 The Washington Times, LLC. Click here for reprint permission. Read more: http://www.washingtontimes.com/news/2014/feb/10/eric-holder-step-down-year-report/#ixzz2t2HN7ugY --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 11 11:33:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Feb 2014 12:33:20 -0500 Subject: [Infowarrior] - Boston Buses Get Live Video Technology Message-ID: MBTA Buses Get Live Video Technology By Chief Correspondent Joe Shortsleeve, WBZ-TV February 10, 2014 6:00 PM http://boston.cbslocal.com/2014/02/10/mbta-buses-get-live-video-technology/ BOSTON (CBS) ? Homeland Security in Washington DC has awarded the MBTA about $7 million to outfit buses with the latest in live video technology. Sophisticated new 360-degree lenses embedded in the ceilings and walls of the buses will now capture everything. And on some buses, there will even be flat screens for passengers to see what is going on. ?I think it?s great, anything that makes the public feel safer,? one woman told WBZ-TV. Another said ?the images are pretty clear. I did not think they were going to be that clear..? There is no audio but there are also cameras on the exterior of the buses. The system cost $6.9 million, all paid for by Homeland Security. Right now, about 10 buses are outfitted but by the summer, more than 225 will have these sophisticated cameras. Eighty transit police cruisers will also soon have touch screens, so officers can look live right into a bus that they may be following. ?It is pretty amazing. You pull up the camera system, then you already have a description of the suspect. He could be looking at the cameras as you are following the bus,? MBTA Transit Police Officer Luke Sayers said. Transit Police from their downtown dispatch headquarters will also be able to monitor hundreds of buses in real-time, simply by clicking a mouse. ?The riders of the MBTA have been asking for cameras for a long time and we think that this will give them confidence that we are doing everything possible to protect them,? said Deputy Superintendent of the MBTA Transit Police Joe O?Connor. Soon this technology will cover 70-percent of MBTA bus routes. The MBTA says they are the first in nation with this technology. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 12 05:59:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Feb 2014 06:59:52 -0500 Subject: [Infowarrior] - =?windows-1252?q?=93Happy_Birthday=94_copyright_d?= =?windows-1252?q?efense=3A_Those_=93words=94_and_=93text=94_are_ours?= Message-ID: ?Happy Birthday? copyright defense: Those ?words? and ?text? are ours Even if the owner wasn't first, "Copyright law requires originality, not novelty." by Joe Mullin - Feb 11 2014, 11:15pm EST http://arstechnica.com/tech-policy/2014/02/happy-birthday-copyright-defense-those-words-and-text-are-ours/ There may be no song more widely sung in America than "Happy Birthday," but it isn't free to sing. Warner Chappell music licensing, which has long claimed copyright to the words, typically dings filmmakers and TV produces a few thousands bucks for a "synchronization license" anytime the song is used in video. Warner reported that by the 1990s the "Happy Birthday" licensing enterprise was pulling in upwards of $2 million annually. In June, a filmmaker who paid $1,500 to use the song in a documentary (called "Happy Birthday") challenged Warner Chappell in court. The filmmaker's lawyers argued that the 1935 copyright isn't valid?at most, it covers a particular piano arrangement, and a second verse to Happy Birthday which has no commercial value. The melody has been around since 1893, argues the complaint, and the "Happy Birthday to You" lyrics were in wide use by the early 1900s. The plaintiffs hoped to form a class action, and make Warner pay back everyone who's paid a license fee since mid-2009. A status update filed in court on Monday offers a first glimpse of some of the defenses Warner may use. In its brief statement, first mentioned by The Hollywood Reporter, Warner lawyers explain it's on the plaintiffs to prove that the 1935 copyright registration "was not intended to cover the lyrics to Happy Birthday to You." Even if the plaintiffs show that the lyrics were published elsewhere, "this would not show that the author of the lyrics copyrighted under certificate E51990 copied those lyrics from somewhere else," argue Warner's lawyers. "Copyright law requires originality, not novelty." The burden is on the plaintiffs "to disprove the validity of Warner/Chappell's copyright and the facts stated in the registration," argues the defense. And that registration clearly references "words" and "text," which they believe is the traditional "Happy Birthday" verse. Warner's lawyers write: Certificate E51990 applies on its face to a "published musical composition" entitled "Happy Birthday to You" and the listing under the byline is as follows: "By Mildred J. Hill, arr. by Preston Ware Orem;* pf.,with words." (Emphasis added.) The certificate further states: ?(? is claimed on arrangement as easy piano solo with text).? (Emphasis added.)... All of this, as well as the validity of the copyright, is prima facie presumed true in this litigation. The plaintiffs are claiming that the words were published in a variety of formats pre-1935. An amended complaint filed in December lays out the most detailed version of their argument. "Even though the lyrics to Happy Birthday to You and the song Happy Birthday to You had not been fixed in a tangible medium of expression, the public began singing Happy Birthday to You no later than the early 1900s," write the filmmaker's lawyers. The lyrics were published as lyrics in a Methodist Episcopal Church song book in 1911, which did not attribute ownership or identify any copyright for the song. An Indiana educator's guidebook described children singing the words "happy birthday to you" as early as 1901, although it did not print lyrics. By 1912, various companies (such as Cable Company Chicago) had begun producing unauthorized printings of sheet music which included the song known today as Happy Birthday (i.e., the melody of Good Morning to You with the lyrics changed to those of Happy Birthday.) The parties have agreed to a schedule that has discovery on the copyright issue continuing through September of this year. Once they collect the evidence, the two sides will submit motions arguing their case in November. The parties appear to have agreed to litigate the copyright validity issue on the papers, without a trial. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 12 05:59:47 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Feb 2014 06:59:47 -0500 Subject: [Infowarrior] - RWB: U.S. press freedom plunges under Obama to 46th in world, after Romania Message-ID: <33646C05-9CA1-471F-B9FE-E972E889A125@infowarrior.org> Survey: U.S. press freedom plunges under Obama to 46th in world, after Romania By Meghan Drake http://www.washingtontimes.com/news/2014/feb/11/press-freedom-suffers-under-obama-global-survey-fi/ The Washington Times Tuesday, February 11, 2014 The Obama administration?s handling of whistleblower Edward Snowden, the National Security Agency leaks and the investigation of a string of leaks produced a plunge in the country?s rating on press freedoms and government openness, according to a global survey released Tuesday. The U.S. under President Obama, who once promised to run the ?most transparent? administration in the country?s history, fell from 32nd to 46th in the 2014 World Press Freedom Index, a drop of 13 slots. The index, compiled by the press advocacy group Reporters Without Borders, analyzes 180 countries on criteria such as official abuse, media independence and infrastructure to determine how free journalists are to report. Officials of the group said press freedoms were under attack around the world as governments grow increasingly sophisticated in collecting sensitive data and in tracking down those who leak it. ?Journalists are being caught up in what is, I think, fairly characterized as a rapidly growing surveillance apparatus, and this is happening all over the world,? said Geoffrey King, Internet advocacy coordinator for the Committee to Protect Journalists. In the past years, tactics have shifted from surveillance of individual terrorists and spies to a dragnet approach to control information, Mr. King said. Delphine Halgand, Reporters Without Borders U.S. director, said three events shaped the climate for reporting in the United States last year: Mr. Snowden?s NSA revelations, the trial of Army Pvt. Bradley Manning for giving a trove of classified documents to WikiLeaks, and the Justice Department?s handling of a probe of The Associated Press and other media organizations suspected of receiving leaked data. ?I hope this revelation will play a wake-up-call role,? Ms. Halgand said. As a whole, the index?s annual global indicator, or barometer of violations of freedom of information, rose 1.8 percent compared with 2012. The report found that areas with armed conflict correlate with a low level of freedom of the press. Syria ranked among the worst countries for allowing freedom of the press, alongside authoritarian states such as Turkmenistan, North Korea and Eritrea. From March 2011 to December 2013, 130 professional and citizen journalists were killed in Syria with connections to distributing news and information. Syria has been dubbed as the world?s most dangerous place for journalists. ?Syria has moved into the worst of the worst,? said Karin Deutsch Karlekar, Freedom of the Press project director. Middle East repression Despite the hopes of the Arab Spring, countries in the Middle East continued to score poorly in the press freedom rankings. The Committee to Protect Journalists reported that Turkey imprisoned 40 journalists and Iran imprisoned 35 last year. ?Those regimes are systematically hunting down information and those that report and distribute information, and those primarily are journalists,? said Sherif Mansour, the committee?s Middle East and North Africa program coordinator. In August, Egyptian officials arrested John Greyson, a Canadian filmmaker, along with Canadian doctor Tarek Loubani, in Cairo after protests against the government. Mr. Greyson recalled sharing a cell with dozens of men and sleeping on the ground with cockroaches. ?We were riding in a state of shock,? he said. The Canadian government attained their release after seven weeks. Now, Mr. Greyson campaigns for the government to do the same for Mohamed Fahmy, a Canadian-Egyptian journalist who has been imprisoned for more than a month in Cairo. Several other journalists are also in custody. ?The world is watching, and we?re trying to make as much noise as we can,? Mr. Greyson said. Ms. Halgand said a theme emerging in this year?s survey is the rise of private nonstate groups posing threats to journalists, what she called a ?privatization of violence.? Latin American journalists, for example, have experienced threats from organized crime groups. Countries falling the furthest from the previous year?s survey included the civil-war-wracked Central African Republic (down 43 spots to 109), Guatemala (down 29 spots) and Kenya (down 18 slots). Four journalists were killed in Guatemala last year alone. Other countries have risen on the index after declining rates of violence against journalists, censorship and misuse of judicial proceedings. These include Panama (up 25 positions to No. 87), the Dominican Republic (up 13 slots) and Ecuador (gaining 25 positions). ?They are not perfectly safe at all, but we saw some improvement,? Ms. Halgand said. Finland, the Netherlands and Norway continue to hold the top three spots on the index, and European countries hold the top 16 spots in the 180-nation survey. But not all European countries registered progress in press freedoms. Ratings for Greece and Hungary fell because of economic crises and increases in nationalistic populism. ?It?s definitely a case that we need continued vigilance on the issues on media freedom and freedom of expression,? Ms. Karlekar said. ? Copyright 2014 The Washington Times, LLC. Click here for reprint permission. Read more: http://www.washingtontimes.com/news/2014/feb/11/press-freedom-suffers-under-obama-global-survey-fi/#ixzz2t6mAcTql Follow us: @washtimes on Twitter --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 12 05:59:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Feb 2014 06:59:55 -0500 Subject: [Infowarrior] - EU pushes for less US control of the internet amid outrage over NSA spying Message-ID: <7608E188-C2EF-4208-B973-96222A14B8A0@infowarrior.org> EU pushes for less US control of the internet amid outrage over NSA spying By Tom Warren on February 12, 2014 05:55 am Email @tomwarren 7Comments http://www.theverge.com/2014/2/12/5403988/eu-pushes-for-less-us-internet-control-global-governance The EU is challenging US control of the internet today, with fresh proposals aimed at decentralizing authority. While there have been concerns over US control for years, today?s proposals follow widespread shock over the US surveillance activities of the NSA. The EU appears to be playing to those concerns, suggesting that the US-centric model of internet governance needs to transition to a global one. More global internet control brings its own concerns The EU?s proposals call for more transparency, accountability, and inclusive governance about how the internet is managed and run. Russia, China, and other nations have pushed for changes that would transfer duties such as domain name allocation away from ICANN, the US nonprofit organization that?s responsible for some of the web?s key infrastructure. UN agency International Telecommunication Union put together wide-ranging proposals for more global internet control, but they were previously rejected by US, Canada, Australia, and UK governments. One particular fear is that internationalization of internet governance could lead to more situations where countries filter the web unnecessarily. NSA concerns have also spurred many governments to pursue stronger data-protection laws, increasing concerns that the internet could become divided along national borders. While there appears to be broad agreement that internet governance should be more global, the EU rejects the specific UN proposals. "I agree that governments have a crucial role to play, but top-down approaches are not the right answer," says European Commission vice president Neelie Kroes. "We must strengthen the multi-stakeholder model to preserve the Internet as a fast engine for innovation." At the heart of today?s EU proposals is the demand for a "clear timeline for the globalization of ICANN." The assignments of top-level domain names like .com and .net are still controlled by ICANN on contract from the US government. Any change towards a global effort would require transparency on internet policies, a global balance, and "clear rules" to create a level playing field says Kroes. The EU is also calling for safeguards to protect the open nature of the internet. All of the proposals form a foundation for what the EU describes as a common European approach in the global internet governance debate. "The next two years will be critical in redrawing the global map of Internet governance," claims Kroes. "Europe must play a strong role in defining what the net of the future looks like." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 12 06:07:12 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Feb 2014 07:07:12 -0500 Subject: [Infowarrior] - PhRMA against EU drug safety disclosure idea Message-ID: (Agree w/the author - if you have nothing to hide, why should you worry?? Funny how tha tline of logic only seems to work one-way in the modern world, eh? --rick) PhRMA Wants EU Put On US's 'Priority Watch List' For Plans To Disclose Basic Safety Info About Drugs We've written many times about how the USTR uses its Special 301 Report to bully smaller countries into toeing the US line. One of the most influential organizations providing input into who should sit on this year's naughty step is PhRMA, the Pharmaceutical Research and Manufacturers of America. James Love points out that its submission this year is notable for the following demand: "PhRMA requests that the EU be placed on the Priority Watch List for the 2014 Special 301 Report, and that the U.S. Government continue to seek assurances that the problems described herein are quickly and effectively resolved." The European Union is accused of three basic sins, including ineffective patent enforcement -- rather implausible given Europe's extremely strong patent regime in this area -- and daring to take into account the cost of relevant generics when setting medicine prices. But the most interesting complaint is the following: "EMA data disclosure policy: PhRMA and its member companies are very concerned that current practices of the European Medicines Agency (EMA) and proposals being advanced through the EMA and the European parliament to provide virtually unrestricted access to and publication of biopharmaceutical companies' clinical trial regulatory submissions and data will substantially harm patient privacy, the integrity of the regulatory system, and incentives for pharmaceutical research and development. Failing to protect confidential commercial information contained in regulatory submissions is inconsistent with the EU's treaty obligations contained in the WTO Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) and primarily benefits competitors who wish to free-ride off of the investments of innovators. We are especially concerned that proposals to disclose regulatory clinical study reports (CSRs) in their entirety -- a class of document that the EMA has traditionally considered to be commercially confidential information -- will allow competitors to submit innovators' documents to gain regulatory approval in non-European countries." Techdirt wrote about the EMA's plans to make clinical trials data for drugs available (including the key clinical study reports) back in November. As that post explained, this is basic safety data -- not "confidential commercial information" as PhRMA claims in its Special 301 submission. These are simply the scientific facts about a drug that establish what side effects it has, and whether it offers sufficient benefits to be approved for sale. Drug companies that are confident their products are safe should welcome the opportunity to prove that in a completely transparent manner, and to benefit themselves in multiple ways from this general opening-up. PhRMA's desperate attempt to get the USTR to interfere with the European Union's plans would suggest that some of its members may have something to hide -- a view that recent scandals involving big pharma tend to support. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 12 10:12:46 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Feb 2014 11:12:46 -0500 Subject: [Infowarrior] - Surprise: ASCAP and Music Labels Colluded To Screw Pandora Message-ID: <9B03A36A-FBDE-4E4A-92F0-3A98D18E0739@infowarrior.org> Surprise: ASCAP and Music Labels Colluded To Screw Pandora http://crooksandliars.com/2014/02/surprise-ascap-and-music-labels-colluded --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 12 15:20:25 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Feb 2014 16:20:25 -0500 Subject: [Infowarrior] - =?windows-1252?q?USG_Targets_Pirate_Bay_and_Other?= =?windows-1252?q?_=93Notorious=94_Sites?= Message-ID: <03B72CF5-CE20-4C2F-8EBC-F0589856EE0A@infowarrior.org> US Government Targets Pirate Bay and Other ?Notorious? Sites ? By Ernesto ? on February 12, 2014 http://torrentfreak.com/us-government-targets-pirate-bay-notorious-sites-140212/ The US Government has today classified some of the largest websites as notorious piracy venues. The USTR list draws heavily on recommendations from copyright holders and includes popular torrent sites such as The Pirate Bay and cloud-hosting service RapidShare. DVD ripping software vendor Aiseesoft is also mentioned, even though its products are perfectly legitimate in many countries. In its annual ?Out-of-Cycle Review of Notorious Markets?, the United States Trade Representative (USTR) has listed more than a dozen websites said to be involved in piracy and counterfeiting. The list is based on input from industry groups and copyright holders including the RIAA and MPAA, who submitted their recommendations a few weeks ago. While the USTR admits that the list is not meant to reflect legal violations, the responsible authorities could use the list to take legal action. ?The United States urges the responsible authorities to intensify efforts to combat piracy and counterfeiting, and to use the information contained in the Notorious Markets Review to pursue legal actions where appropriate,? USTR states. One of the prime targets is The Pirate Bay. According to USTR the site continues to facilitate downloading of copyright-infringing material. The Government further highlights the site?s resilience, mentioning recent domain name changes and the release of TPB?s censorship-resistant browser last summer. ?The site released its own web browser designed to evade network controls and reportedly has plans to offer software to circumvent conventional methods of enforcement. Network security experts have criticized The Pirate Bay for failing to follow security best practices in the development of their software,? USTR writes. The last part feels a little out of place. The Pirate Bay can be accused of a lot of things by the Government, but not following security ?best practices? is not the first thing that comes to mind. While the inclusion of The Pirate Bay comes as no surprise, RapidShare?s listing is quite unexpected. The cloud hosting service has taken extreme measures to deter piracy and as a result was excluded from the most recent ?Notorious Markets? list. Even though visitor counts continued to drop in recent years, the USTR now believes that the site deserves to be included again, mentioning a recent ruling where RapidShare was ordered to pay $26,000 to a Czech movie director. ?Although RapidShare.com?s popularity has diminished since its 2012 listing, it remains one of the most active sites worldwide as well as in the Czech Republic, where it is best known as Share-rapid.cz,? USTR writes. Another surprising mention was given to Aiseesoft.com, a software vendor that sells video converter and ripping tools. While this software may not be permitted in the US, it?s perfectly legal in other countries. The Government, however, classifies the company as a notorious market and its competitor SlySoft.com was awarded the same label. ?Rights holders indicate that this site?s operators, reportedly based in China, develop and make available to customers worldwide various ?high-quality? DVD converter tools [...] that, according to the site, allow users to circumvent technical protection measures and view video content in an unauthorized manner,? USTR writes. In addition to the domains listed above, the US Government is also pointing a finger at the following sites: PutLocker, Baixedetudo.net, Darkwarez.pl, Ex.ua, Extratorrent.cc, Free-tv-video-online.me, KickassTorrents.com, Kuaibo.com ,Mp3skull.com, Rapidgator.net, Rutracker.org, Seriesyonkis.com, Torrentz.eu, Uploaded.net, vKontakte.com, Wawa-mania.ec, Xunlei.com, Kankan.com, Zamunda.net, Arenabg.com and Zing.vn. The ?notorious markets? list is meant to be a pressure tool on the sites and the countries from where they are operated. Meanwhile, the sites remain accessible in the U.S. itself and thus far no attempts have been made to have local ISPs block any of them. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 12 17:53:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Feb 2014 18:53:22 -0500 Subject: [Infowarrior] - Judge: DEA needs warrant to access Oregon patient database Message-ID: <7B59E1BB-AA22-42DC-A005-723885D38BE8@infowarrior.org> US DEA needs warrant to access Oregon drug database, judge rules Federal judge said attempts to gather information from prescription drug database ?violates constitutional protections? ? Reuters ? theguardian.com, Wednesday 12 February 2014 12.46 EST http://www.theguardian.com/world/2014/feb/12/us-dea-oregon-prescription-drug-unconstitutional A federal judge ruled on Tuesday that US government attempts to gather information from an Oregon state database of prescription drug records violates constitutional protections against unreasonable search and seizure. The American Civil Liberties Union hailed the decision, in a case originally brought by the state of Oregon, as the first time a federal judge has ruled that patients have a reasonable expectation of privacy in their prescription records. The ACLU had joined the lawsuit on behalf of four patients and a physician challenging US Drug Enforcement Administration efforts to gain access, without prior court approval, to the state?s prescription database. The Oregon Prescription Drug Monitoring Program database was created by the state legislature in 2009 as a tool for pharmacists and physicians to track prescriptions of certain classes of drugs under the federal Controlled Substances Act. Some seven million prescription records are uploaded to the system every year, according to court documents. The state mandated privacy protections for the data, including a requirement that law enforcement could only obtain information from the network with a warrant. But the DEA claimed federal law allowed the government to access the database using only an ?administrative subpoena?, which does not require a finding of probable cause for believing a crime has been committed or a judge?s approval. US District Judge Ancer Haggerty in Portland ruled that the DEA?s efforts to obtain Oregon?s prescription records without a warrant violate Fourth Amendment safeguards against searches and seizures of items or places in which a person has a reasonable expectation of privacy. ?It is more than reasonable for patients to believe that law enforcement agencies will not have unfettered access to their records,? Haggerty wrote in the summary judgment opinion. ?The prescription information maintained by (Oregon) is intensely private as it connects a person?s identity information with the prescription drugs they use,? Haggerty wrote. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 13 07:21:53 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Feb 2014 08:21:53 -0500 Subject: [Infowarrior] - Comcast, Time Warner agree to merge in $45 billion deal Message-ID: <5811BC90-0828-40DF-B4D5-B6EB8CFB25FA@infowarrior.org> Comcast, Time Warner agree to merge in $45 billion deal By Cecilia Kang http://www.washingtonpost.com/business/economy/comcast-time-warner-agree-to-merge-in-45-billion-deal/2014/02/13/7b778d60-9469-11e3-84e1-27626c5ef5fb_story.html Comcast has agreed to buy Time Warner Cable for more than $45 billion in stock, a deal that would combine the two largest cable providers in the country, according to people familiar with the matter. The combined company would be a communications juggernaut with far greater influence than any of its peers. It would not only control the ?last mile? connections that pump cable and internet services into homes and businesses, but also a huge swath of the content that travel through those pipes since Comcast already owns the entertainment empire of NBC Universal. The proposed merger is expected to receive close scrutiny from federal anti-trust regulators who will focus on whether the merged company would have too much market share ? or whether it could stifle content creators and online video companies such as Netflix. Separate from that review, the Federal Communications Commission would have a much broader mandate to determine if the deal is in the public?s interest. To head off regulatory concerns, Comcast plans to offer shedding around 3 million subscribers in order to keep its ownership of the entire cable marketplace below 30 percent, a figure television programmers say is the threshold for competition in licensing negotiations, according to a person familiar with the deal, who spoke on condition of anonymity because the deal was not final. Before any diverstment of customers, the deal would create a behemoth with 34 million cable subscribers in most major metropolitan areas, including Time Warner Cable?s home, the New York tristate region. With its broader reach, the combined company would also have more negotiating power with network broadcasters that rely on cable companies to distribute their content, critics say. Already, consumer groups are protesting the merger. Just two years after Comcast?s controversial merger with NBC Universal was approved, public interest groups say consumers have steadily suffered from increased monthly cable bills and few options for alternative broadband providers. ?Comcast will have unprecedented market power over consumers and an unprecedented ability to exert its influence over any channels or businesses that want to reach Comcast?s customers,? said Matt Wood, policy director at public interest group Free Press.. Comcast and Time Warner Cable don?t have overlapping markets, so antitrust regulators won?t view the merger with the same concerns they did with AT&T?s proposed bid with T-Mobile, experts say. That deal, which regulators rejected, would have eliminated a major national carrier and given consumers across the country fewer options. When it acquired NBC Universal in 2011, Comcast agreed to so-called net neutrality conditions that prevent it from prioritizing its own content over a competitor such as Netflix. Comcast is expected on Thursday to offer similar restrictions in its merger with Time Warner Cable, according to a person familiar with the deal. Some antitrust experts say such voluntary conditions that create a level playing field for Web video providers such as YouTube and Netflix will appease antitrust regulators. ?They don?t compete directly for the business of pay TV consumers. Therefore the number of competitive choices for consumers will not change,? said Seth Bloom, a former general counsel of the U.S. Senate Antitrust Subcommittee. ?The FCC approval is somewhat more uncertain.? If the boards of both companies approve the marriage and it passes regulatory scrutiny, the deal could close before the end of the year, a person familiar with the deal said. The price per share of $158.82 is about 17 percent above where Time Warner Cable shares? closed in regular trading Wednesday. The merger trumps a proposal by Charter Communications to buy Time Warner for about $38 billion in cash and comes just a day after Charter said it was preparing a hostile take-over of Time Warner by proposing to replace its bo --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 13 15:46:25 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Feb 2014 16:46:25 -0500 Subject: [Infowarrior] - Secret Military Contractors Will Soon Mine Your Tweets Message-ID: Secret Military Contractors Will Soon Mine Your Tweets Bob Brewin Nextgov February 12, 2014 http://www.defenseone.com/technology/2014/02/secret-military-contractors-will-soon-mine-your-tweets/78752/?oref=d-river The Army wants a contractor to conduct detailed social media data mining to ?identify violent extremist influences? around the world that could affect the European Command, responsible for operations in Europe as well as Iceland, Israel, Greenland and Russia. Though the project is classified Secret, an Army contract shop in Europe posted a wealth of information on the FedBizOps contract website Tuesday. The data mining contract, which has the very long title of ?Social Media Data-mining, Localized Research, Market Audience Analysis, and Narrowcast Engagement Requirements,? will support both the European Command and Special Operations Command Europe. In its request for information, the Army said it wants a contractor to ?provide detailed social media research and analysis, on-the-ground native research and analysis, and customized social media website development and execution.? This will include open source information, ?detailed social media data-mining, social media monitoring and analysis, target audience analysis, media kit development and social media platform operations.? This is a global effort, according to the RFI. In addition the European Command and the Special Operations Command in Europe, ?activities under this contract will support ? strategic communications, operations to engage local populations, build interagency partnerships, and identify violent extremist influences? within EUCOM?s area of responsibility emanating from Africa Command, Central Command, Pacific Command, or Southern Command areas of responsibility. Even more details are contained in a Secret work statement that I would need a decoder ring to obtain ? but I consider the unclassified info on FedBizOps a real gift for my daily trolling of federal digital cupboards --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 13 15:46:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Feb 2014 16:46:32 -0500 Subject: [Infowarrior] - =?windows-1252?q?DHS_to_Activate_=91National_Lice?= =?windows-1252?q?nse_Plate_Recognition_Database=92?= Message-ID: <0098D012-EC5F-4A03-8D49-73EE3FB8A5E6@infowarrior.org> Homeland Security to Activate ?National License Plate Recognition Database? Paul Joseph Watson Infowars.com February 13, 2014 http://www.infowars.com/homeland-security-to-activate-national-license-plate-recognition-database/ The Department of Homeland Security is set to activate a national license plate tracking system that will be shared with law enforcement, allowing DHS officers to take photos of any license plate using their smartphone and upload it to a database which will include a ?hot list? of ?target vehicles?. The details are included in a PDF attachment uploaded yesterday to the Federal Business Opportunities website under a solicitation entitled ?National License Plate Recognition Database.? The system will ?track vehicle license plate numbers that pass through cameras or are voluntarily entered into the system from a variety of sources (access control systems, asset recovery specialists, etc.) and uploaded to share with law enforcement? in order to help locate ?criminal aliens and absconders.? In other countries that have activated license plate tracking networks, such as the United Kingdom, political activists have been targeted by having their vehicles added to a ?hotlist? after attending protests. One example led to a man being questioned under anti-terror laws after he traveled to take part in an anti-war demonstration. As the image above illustrates, the cameras are also used by local governments in Australia to keep records of people who violate parking restrictions. Critics of the system in Australia have condemned it as ?a Pandora?s box for abuse of power, mistakes and illegal disclosure,? stressing that the technology allows authorities to record ?your number plate at a certain time and location,? allowing police to ?compile an extraordinary amount of data about you. This includes your name, address, contact details, driving history and licence status.? ?Innocent people are increasingly being treated with suspicion due to the tiny chance that some offence may be committed,? writes David Jancik. The DHS? database will allow authorities ?to determine where and when the vehicle has traveled,? using data compiled ?from a variety of sources nationwide,? including ?metropolitan areas? within the United States, suggesting the system may be linked in with regular surveillance cameras as it is in the UK. The system will also allow DHS officials to take a picture of any license plate via their smartphone, upload it to the database and immediately receive an alert if the plate is on the watchlist. ?The NLPR data service should provide details on clarity of photos provided. The Government would prefer a close-up of the plate and a zoomed out image of the vehicle,? states the solicitation. The system must also have the capability to ?flag license plates and conduct searches anonymously so that other law enforcement agencies may not have access.? Given rampant concerns that the Department of Homeland Security, which is ostensibly introducing this system in the name of catching illegal aliens, is in fact an increasingly bloated federal bureaucracy designed to target the American people, the notion of the DHS enjoying access to a fully integrated nationwide license plate tracking grid is chilling, especially given the fact that the agency has funded reports which characterize ?liberty lovers? as potential terrorists. The DHS also recently awarded the Massachusetts Bay Transportation Authority $7 million dollars to outfit its buses with high tech 360 degree surveillance cameras. The federal agency is simultaneously supporting the rollout of ?Intellistreets? lighting systems that double as surveillance hubs which can record conversations. ?Do not kid yourself. This is tracking of an individual that can be accessed at a whim,? writes James Smith. ?Yearly, officers are terminated for accessing the LEDS/NCIC database for looking into the histories of ex-lovers, future spouses, and potential sons/daughters-in-law. And with license plate tracking toy (not a tool), they will know where you are, as long as you have driven into the cross hairs of this new weapon for tyranny.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 13 17:13:17 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Feb 2014 18:13:17 -0500 Subject: [Infowarrior] - Why the Comcast-Time Warner Deal Is Far More Dangerous Than You Think Message-ID: <437DBE4A-B690-4C9B-B364-ED4985B60786@infowarrior.org> Why the Comcast-Time Warner Deal Is Far More Dangerous Than You Think http://www.wired.com/business/2014/02/comcasts-45bn-time-warner-buy-change-everything/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 13 19:38:50 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Feb 2014 20:38:50 -0500 Subject: [Infowarrior] - Hyperlinking is Not Copyright Infringement, EU Court Rules Message-ID: Hyperlinking is Not Copyright Infringement, EU Court Rules ? By Andy https://torrentfreak.com/hyperlinking-is-not-copyright-infringement-eu-court-rules-140213/ Does publishing a hyperlink to freely available content amount to an illegal communication to the public and therefore a breach of creator's copyrights under European law? After examining a case referred to it by Sweden's Court of Appeal, the Court of Justice of the European Union has ruled today that no, it does not. The European Union has been expanding since its creation in the 1950s and is now comprised of 28 member states, each committed to EU law. One of the key roles of the EU?s Court of Justice is to examine and interpret EU legislation to ensure its uniform application across all of those member states. The Court is also called upon by national courts to clarify finer points of EU law to progress local cases with Europe-wide implications. One such case, referred to the CJEU by Sweden?s Court of Appeal, is of particular interest to Internet users as it concerns the very mechanism that holds the web together. The dispute centers on a company called Retriever Sverige AB, an Internet-based subscription service that indexes links to articles that can be found elsewhere online for free. The problem came when Retriever published links to articles published on a newspaper?s website that were written by Swedish journalists. The company felt that it did not have to compensate the journalists for simply linking to their articles, nor did it believe that embedding them within its site amounted to copyright infringement. The journalists, on the other hand, felt that by linking to their articles Retriever had ?communicated? their works to the public without permission. In the belief they should be paid, the journalists took their case to the Stockholm District Court. They lost their case in 2010 and decided to take the case to appeal. From there the Svea Court of Appeal sought advice from the EU Court. Today the Court of Justice published its lengthy decision and it?s largely good news for the Internet. ?In the circumstances of this case, it must be observed that making available the works concerned by means of a clickable link, such as that in the main proceedings, does not lead to the works in question being communicated to a new public,? the Court writes. ?The public targeted by the initial communication consisted of all potential visitors to the site concerned, since, given that access to the works on that site was not subject to any restrictive measures, all Internet users could therefore have free access to them,? it adds. ?Therefore, since there is no new public, the authorization of the copyright holders is not required for a communication to the public such as that in the main proceedings.? However, the ruling also makes it clear that while publishing a link to freely available content does not amount to infringement, there are circumstances where that would not be the case. ?Where a clickable link makes it possible for users of the site on which that link appears to circumvent restrictions put in place by the site on which the protected work appears in order to restrict public access to that work to the latter site?s subscribers only, and the link accordingly constitutes an intervention without which those users would not be able to access the works transmitted, all those users must be deemed to be a new public,? the Court writes. So, in basic layman?s terms, if content is already freely available after being legally published and isn?t already subject to restrictions such as a subscription or pay wall, linking to or embedding that content does not communicate it to a new audience and is therefore not a breach of EU law. The decision, which concurs with the opinions of a panel of scholars, appears to be good news for anyone who wants to embed a YouTube video in their blog or Facebook page, but bad news for certain collecting societies who feel that embedding should result in the payment of a licensing fee. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 14 06:29:28 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Feb 2014 07:29:28 -0500 Subject: [Infowarrior] - Clapper Reads From the Bush/Cheney/Nixon Playbook to Fear-Monger Over Transparency Message-ID: <87377E2A-332F-4900-9E59-2A67BAF8224F@infowarrior.org> Clapper Reads From the Bush/Cheney/Nixon Playbook to Fear-Monger Over Transparency https://firstlook.org/theintercept/2014/02/12/james-clapper-says-transparency-helps-terrorists-like/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 14 06:37:18 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Feb 2014 07:37:18 -0500 Subject: [Infowarrior] - Lululemon really loves its customers. NOT. Message-ID: <717EE8B8-0BF4-4C29-99E6-7B9D8C0B740C@infowarrior.org> Lululemon: If You Can't Beat Your Customers, Ban Your Customers http://www.techdirt.com/articles/20140210/03572326162/lululemon-if-you-cant-beat-your-customers-ban-your-customers.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 14 06:37:21 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Feb 2014 07:37:21 -0500 Subject: [Infowarrior] - =?iso-8859-1?q?Who_knew=3F_The_Pentagon_is_TM_and?= =?iso-8859-1?q?_=A9?= Message-ID: (Yes, it's from 12/13 but I missed it. --rick) Jim Gourley's Military Culture column: Who knew? The Pentagon is TM and ? By Jim Gourley Best Defense military culture columnist http://www.foreignpolicy.com/posts/2013/12/17/jim_gourleys_military_culture_column_who_knew_the_pentagon_is_tm_and Christmas is almost upon us, which means military brats, Twitter junkies, and Google Earth nuts around the world will gather online for NORAD's yearly tracking of Saint Nick as he delivers presents across the globe. How the tradition began is a heart-touching story that demonstrates the holiday spirit. The tradition now enters its 58th year, and despite some PR snags you can keep faith that the Air Force will ensure it's an authentic experience. Because they've trademarked it. The Air Force took the legal step to secure rights to "NORAD Tracks Santa" just last year. As Air Force staff explained to the Denver Post, it was more to protect the endeavor from predatory marketers than to actually turn a profit (total sales of officially-licensed "I tracked Santa" shirts only totaled around $200). However, it was a highly visible step in what's become an aggressive Defense Department-wide initiative to craft the military's good name into a lucrative brand. The program began in 2007 when the Defense Department issued a directive calling for the component services to establish a branding and trademark licensing office, which would answer to the DOD level through a separate office working for the undersecretary of defense for public affairs. Holding to its tradition of being first in the fight, the Marines were the most aggressive in the early going. In 2009, they began contacting large-scale print-on-demand t-shirt suppliers Zazzle and CafePress. It immediately shut down several small online retailers of military-themed hats and shirts. It even came up with rules applying to USMC-themed stuffsold on Etsy. The other services quickly caught up. Between 2007 and 2011, sales of officially-licensed U.S. Army merchandise increased from $5 million to $50 million, more than $1 million of which went to the Army in the form of royalties. The services are fairly uniform in how they treat different manufacturers. So long as items are handmade and sold face-to-face, they don't intend to charge people on the grounds that they're probably engaging in healthy patriotism, which they ostensibly recognize as holding intangible value. But for enterprises taking in more than $250,000 annually from goods bearing the military stamp of approval, the services are happy to take up to an 8 percent cut of the profits. The margins are hardly chasing anyone away. As Catherine Traywick wrote on Foreign Policy recently, clothier Authentic Apparel Group has gone in big with the Army to create its first officially licensed fashion line. They even have a bona fide G.I. Joe modeling it. Paying The Rock to wear it and the Army to bless it must come with a price tag fitting a defense procurement contract. A pair of "Delta Pants" will cost you 80 bucks. The "Ultimate Bomber Jacket" runs just over $146 (down from $195!). It provokes one to wonder if the Air Force would sue the Army over infringement, however, since they do have all the airplanes. Maybe they're betting on the drone pilot seat cushion. Or, more likely, Big Blue has its hands full dealing with its more than 200 official licensees. It's more than enough for the Marines. The website for their branding and licensing office specifically tells interested parties that they have maxed out the number of license holders for shirts, hats, and mugs. As laid out in the original 2007 directive, all income derived from licenses in excess of the various offices' operating expenses is channeled to morale, welfare, and recreation budgets. However, those operating expenses have ballooned with the increased interest in marketing. To help protect its brand, the Air Force has contracted a company to make holographic hang tags identifying officially licensed products. The Army partnered with global brand management company Beanstalk Group from the very beginning, helping them to launch more than 50 different product categories, from cologne to camping equipment, into 80,000 stores across the country. Whatever the margins are, the sheer volume of the military merchandising complex makes it an extraordinarily lucrative -- and reliable -- market. With the military in possession of the most exotic gadgets and firmly holding the notoriety of America'smost trusted institution, it seems unlikely that its consumer allure will fade in the near future. MWR coffers have a trustworthy inflow and the military message continues to propagate. It doesn't always go in expected directions, though. There have been a couple of noteworthy awkward copyright issues in the last couple of years. Video game maker NovaLogic sued rival ActiVision over the use of the name "Delta Force" in one of its Call of Duty games. The Army didn't touch that one, and eventually the judge dismissed the case. Navy officials were similarly relieved when public outcry dissuaded Disney from trying to copyright "SEAL Team 6" just days after the death of Osama Bin Laden. There would have been no way to object to the action, as you can't copyright what you don't acknowledge. This leads to the final concern, and possible murky situations on the horizon. Loosely speaking, trademark law requires logos and marks to be used at least every five years for the trademark to remain in effect. That leaves a substantial number of "retro" designs ripe for the picking. And of course there's always room for creative interpretation. The guys at Ranger Up seem to have a good formula, and the outcome of Dan McCall v. Keith Alexander, debating whether a private citizen can use a governmental agency's logo in the context of political speech, ought to be as provoking as it is entertaining. Whatever the decision, if history is any indicator, the military will have a bottomless can of worms to accompany its golden goose. Jim Gourley is an author, journalist, and former military intelligence officer. Wikimedia --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 14 06:37:25 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Feb 2014 07:37:25 -0500 Subject: [Infowarrior] - RIAA ally named to House Judiciary IP Subcommittee Message-ID: <72772062-D53B-4CB9-9F7A-64F2F646E6DD@infowarrior.org> Dems appoints RIAA's man in Congress to House Judiciary Subcommittee on Courts, Intellectual Property and the Internet Cory Doctorow at 8:00 pm Thu, Feb 13, 2014 One of the RIAA's best friends in congress, Jerry Nadler, has been appointed to the House Judiciary Subcommittee on Courts, Intellectual Property and the Internet by Obama Congressional Democrats. The history of this committee is nothing short of grotesque: every time it looks like a copyright moderate/friend of the Internet might get appointed to it, it is declared redundant and shut down. Then, once the danger has passed and there's another loony, Internet-hating, censorship-happy copyright maximialist in place to fill a vacant seat, the committee once again becomes relevant and is resurrected. http://boingboing.net/2014/02/13/obama-appoints-riaas-man-in.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 14 06:37:28 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Feb 2014 07:37:28 -0500 Subject: [Infowarrior] - Friday fun: Make your own DHS Threat Level Chart Message-ID: <03CC7CDC-B0F9-48F2-B051-6640F2058227@infowarrior.org> The Current Threat Level is... ... well, that's up to you. This site is an image generator that lets you create your own Threat Level image, just like the one used by the Department of Homeland Security, but customized with your text. You get to enter whatever you like for the title lines and for each of the levels, and also choose the "current" level. The images you create can be downloaded in one of three sizes and used in whatever manner you like. See the FAQ for more details. Ready? Click below to get started. http://www.personalthreatlevel.com/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 14 15:41:21 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Feb 2014 16:41:21 -0500 Subject: [Infowarrior] - Google admits data mining student emails in its free education apps Message-ID: <0A097C2D-4573-44B1-8BCF-558A5244E6BD@infowarrior.org> Google admits data mining student emails in its free education apps http://safegov.org/2014/1/31/google-admits-data-mining-student-emails-in-its-free-education-apps --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 14 16:47:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Feb 2014 17:47:00 -0500 Subject: [Infowarrior] - The Men Who Really Run the Pentagon Message-ID: <2A187705-BDFD-4A10-8AD5-9DCD7D7E2F62@infowarrior.org> The Men Who Really Run the Pentagon Bob Gates wrestled the defense budget back from the Joint Chiefs. Chuck Hagel is handing it back. ? BY Winslow Wheeler ? FEBRUARY 14, 2014 http://www.foreignpolicy.com/articles/2014/02/13/the_men_who_really_run_the_pentagon_chuck_hagel --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 15 19:51:01 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Feb 2014 20:51:01 -0500 Subject: [Infowarrior] - Kickstarter hacked, user data stolen Message-ID: <611C6000-6BB6-4E30-828C-521E1FC56539@infowarrior.org> Kickstarter hacked, user data stolen The crowd-funding site says hackers broke into its systems and made off with data. Apparently credit card numbers escaped the attack. by CNET News staff February 15, 2014 1:54 PM PST http://news.cnet.com/8301-1009_3-57618976-83/kickstarter-hacked-user-data-stolen/ Hackers hit crowd-funding site Kickstarter and made off with user information, the site said Saturday. Though no credit card info was taken, the site said, attackers made off with usernames, e-mail addresses, mailing addresses, phone numbers, and encrypted passwords. "Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one," the site said in a blog post, adding that "as a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password." The site said law enforcement told Kickstarter of the breach on Wednesday night and that the company "immediately closed the security breach and began strengthening security measures throughout the Kickstarter system." The site also said "no credit card data of any kind was accessed by hackers" and that "there is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts." You can read additional information about resetting a password here. We've contacted Kickstarter for more info on the attacks and will update this post when we hear back. Update, 3:05 p.m. PT Kickstarter has added an FAQ to its earlier post. Here it is: How were passwords encrypted? Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt. Does Kickstarter store credit card data? Kickstarter does not store full credit card numbers. For pledges to projects outside of the US, we store the last four digits and expiration dates for credit cards. None of this data was in any way accessed. If Kickstarter was notified Wednesday night, why were people notified on Saturday? We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation. Will Kickstarter work with the two people whose accounts were compromised? Yes. We have reached out to them and have secured their accounts. I use Facebook to log in to Kickstarter. Is my login compromised? No. As a precaution we reset all Facebook login credentials. Facebook users can simply reconnect when they come to Kickstarter. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Feb 15 19:51:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Feb 2014 20:51:22 -0500 Subject: [Infowarrior] - Spying by N.S.A. Ally Entangled U.S. Law Firm Message-ID: <3984C74A-28AB-46CD-A288-4018B3038D2A@infowarrior.org> Spying by N.S.A. Ally Entangled U.S. Law Firm By JAMES RISEN and LAURA POITRAS FEB. 15, 2014 The list of those caught up in the global surveillance net cast by the National Security Agency and its overseas partners, from social media users to foreign heads of state, now includes another entry: American lawyers. A top-secret document, obtained by the former N.S.A. contractor Edward J. Snowden, shows that an American law firm was monitored while representing a foreign government in trade disputes with the United States. The disclosure offers a rare glimpse of a specific instance in which Americans were ensnared by the eavesdroppers, and is of particular interest because lawyers in the United States with clients overseas have expressed growing concern that their confidential communications could be compromised by such surveillance. The government of Indonesia had retained the law firm for help in trade talks, according to the February 2013 document. It reports that the N.S.A.?s Australian counterpart, the Australian Signals Directorate, notified the agency that it was conducting surveillance of the talks, including communications between Indonesian officials and the American law firm, and offered to share the information. The Australians told officials at an N.S.A. liaison office in Canberra, Australia, that ?information covered by attorney-client privilege may be included? in the intelligence gathering, according to the document, a monthly bulletin from the Canberra office. The law firm was not identified, but Mayer Brown, a Chicago-based firm with a global practice, was then advising the Indonesian government on trade issues. On behalf of the Australians, the liaison officials asked the N.S.A. general counsel?s office for guidance about the spying. The bulletin notes only that the counsel?s office ?provided clear guidance? and that the Australian agency ?has been able to continue to cover the talks, providing highly useful intelligence for interested US customers.? The N.S.A. declined to answer questions about the reported surveillance, including whether information involving the American law firm was shared with United States trade officials or negotiators. < - > http://www.nytimes.com/2014/02/16/us/eavesdropping-ensnared-american-law-firm.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Feb 16 13:54:25 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Feb 2014 14:54:25 -0500 Subject: [Infowarrior] - Feds want to track your DNA like a license plate Message-ID: WND EXCLUSIVE Feds want to track your DNA like a license plate Seek 'biosignature' spying ability to 'identify, locate specific individuals' http://www.wnd.com/2014/02/feds-want-to-track-your-dna-like-a-license-plate/ The federal government doesn?t just want the ability to track down your car; it wants to be able to track down your body as well. Just as details are emerging about a controversial, nationwide vehicle-surveillance database, WND has learned the federal government is planning an even more invasive spy program using ?physiological signatures? to track down individuals. The goal of this research is to detect ? as well as analyze and categorize ? unique traits the government can exploit to ?identify, locate and track specific individuals or groups of people.? According to the program?s statement of objectives, ?The scope of human-centered [intelligence, surveillance and reconnaissance, or ISR] research spans the complete range of human performance starting at the individual molecular, cellular, genomic level.? Documents WND located through routine database research reveal the ability to follow people by detecting ?certain characteristics of operational interest? is designed for U.S. military and intelligence-gathering superiority. It remains unknown when such capabilities might transition to the realm of domestic counterterrorism or law enforcement operations; however, the feds ? through the Air Force Research Lab, or AFRL ? are recruiting private-sector assistance in order to make this ?biosignature? spying a reality. Existing ISR systems are ?ideal for identifying and tracking entities such as aircraft and vehicles, but are less capable of identifying and tracking the human,? the lab says in a planning document known as a Broad Agency Announcement, or BAA. The Human-Centered ISR Leveraged Science & Technology Program will seek to develop, with outside help, technologies that the government can use ?to identify, locate and track humans of interest within the operational environment,? according to solicitation No. BAA-HPW-RHX-2014-0001. Research specific to fusing and analyzing sensor data has undergone consistent growth, but such efforts have been ?system-centric? and fail to ?adequately address the human element.? This new research scheme seeks to strengthen the ability of intelligence analysts by placing the human component at the forefront of their efforts. AFRL?s research could have implications for a variety of domains, such as air, space and cyberspace, it says. The program?s outcome also will broadly apply to other U.S. Department of Defense organizations and the intelligence community. A second component of the AFRL initiative is the Human Trust and Interaction Program, which will conduct research into human-to-human and human-to-machine interactions. This program segment entails several sub-areas, including Trust and Suspicion, which will focus on ?the recognition of suspicious activities in the cyberspace realm.? This segment will examine open-source data such as social media. It also will continue to leverage ?more traditional intelligence sources.? AFRL says it anticipates awarding three or four initial contracts for the overall initiative, which has an estimated program value of about $50 million. The goal of this and other AFLR programs typically start out as largely theoretical, similar to the approach taken by the more widely known Defense Advanced Research Projects Agency, or DARPA, which created ARPANET, the defense-system predecessor to the Internet. The Department of Homeland Security, on the other hand, merely has to solicit bids from industry for a National License Plate Recognition, or NLPR, database system. While DHS is soliciting this service specifically for Immigration and Customs Enforcement, or ICE, functions, the breadth of this NLPR service encompasses the gathering of transportation-movement data from major metropolitan areas nationwide. This database, which would be fed with information gleaned from multiple sources, would ?track vehicle license plate numbers that pass through cameras or are voluntarily entered into the system,? according to the program solicitation. The vehicle tracking-data then would be ?uploaded to share with law enforcement.? The database will be compatible with smart phone technology, enabling law enforcement offices to download thousands of listings ? as well as close-up photos ? of vehicle license plates. Once DHS secures this service, the contractor must retain and make available data from previous months, as well as update the system with ?new and unique? data monthly. DHS anticipates awarding a one-year contract with four one-year options by May 14. It did not disclose the estimated cost. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 17 07:45:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Feb 2014 08:45:32 -0500 Subject: [Infowarrior] - =?windows-1252?q?Thoughts_on_NYT=27s_=93The_Day_T?= =?windows-1252?q?he_Internet_Didn=27t_Fight_Back=94?= Message-ID: Thoughts on NYT's ?The Day The Internet Didn't Fight Back? http://sina.is/thoughts-about-tdwfb/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 17 13:22:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Feb 2014 14:22:36 -0500 Subject: [Infowarrior] - FBI Redacts Already-Public Drone Letter Message-ID: <46139DD4-32A3-4FCE-B11A-6C68608533C5@infowarrior.org> FBI Redacts Letter About Drone Usage That Was Already Published In Full By Sen. Rand Paul from the redaction-by-random-number-generator dept The government's overclassification problem has turned its redaction efforts into a farce. When not deploying questionable exceptions to avoid returning responsive documents to FOIA requests, government agencies are cranking out amateurishly redacted pages that leave info exposed in one response and covered up in the next. No wonder they fear the "mosaic" approach to FOIA requests. If they'd just come up with some meaningful redaction guidelines, they could avoid this. Instead, things like the following bit of stupidity happen. When outgoing director Robert Mueller told the Senate Judiciary Committee last July that the FBI was in the ?initial stages? of developing guidelines for its drone program, a handful of privacy hawks in Congress perked up and requested more details. The FBI released correspondence with three members of Congress?Sen. Rand Paul (R-KY), Rep. Zoe Lofgren (D-CA) and Rep. Ted Poe (R-TX)?in its latest bundle. Paul had already posted in full the FBI?s answers to questions about the scope and purpose of domestic UAV surveillance, but FBI FOIA officers still saw fit to sanitize them. Here are the two versions of the same document, with the legislator's clean copy up top and the needlessly redacted version sent to Muckrock below it..... < -- > The FBI can't even keep track of what it's already sent out in unredacted form, making a mockery of its own paranoiac "but for criminals/terrorism" tendencies. What makes this even more ridiculous is that the inverse happened just a couple of weeks ago, when Tom Coburn called out the DHS for producing drone documents to Congress that were more heavily redacted than the ones it supplied in response to an EFF FOIA request (which were also rather heavily redacted). < - > http://www.techdirt.com/articles/20140214/12530026231/fbi-redacts-letter-about-drone-usage-that-was-already-published-full-sen-rand-paul.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 17 17:59:52 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Feb 2014 18:59:52 -0500 Subject: [Infowarrior] - OT: Know When To Invade Switzerland Message-ID: <96CD7F35-547D-4877-8B45-B1A5A2960BD7@infowarrior.org> As ZH just said, "If Invading Switzerland, Please Do So Outside Of "Office Hours?? ?rick Swiss fighters grounded during hijacking as outside office hours (AFP) ? 2 hours ago http://www.google.com/hostednews/afp/article/ALeqM5h9zK8htJiOVgEYftfcv5Yn68TyEQ?docId=8f097679-971e-42a8-960f-6bd63fb6e318&hl=en Geneva ? No Swiss fighter jets were scrambled Monday when an Ethiopian Airlines co-pilot hijacked his own plane and forced it to land in Geneva, because it happened outside business hours, the Swiss airforce said. When the co-pilot on flight ET-702 from Addis Ababa to Rome locked himself in the cockpit while the pilot went to the bathroom and announced a hijacking, Italian and French fighter jets were scrambled to escort the plane through their respective airspaces. But although the co-pilot-turned-hijacker quickly announced he wanted to land the plane in Switzerland, where he later said he aimed to seek asylum, Switzerland's fleet of F-18s and F-5 Tigers remained on the ground, Swiss airforce spokesman Laurent Savary told AFP. This, he explained, was because the Swiss airforce is only available during office hours. These are reported to be from 8am until noon, then 1:30 to 5pm. "Switzerland cannot intervene because its airbases are closed at night and on the weekend," he said, adding: "It's a question of budget and staffing." Monday's hijacking, carried out by 31-year-old Hailemedehin Abera Tagegn, according to Addis Ababa, took place in the very early hours, with the aircraft and its 202 passengers and crew landing safely in Geneva at 6:02 am (0502 GMT). That was just two minutes after the airport opened for business, and two hours before the Swiss airforce is operational. Savary said Switzerland relies heavily on deals with its neighbours, especially France, to help police its airspace outside regular office hours. He explained that French fighters can escort a suspicious aircraft into Swiss airspace, "but there is no question of shooting it down. It's a question of national sovereignty". Swiss airspace is under constant electronic surveillance, he pointed out, adding that the wealthy Alpine nation is also studying the possibility of expanding its airforce coverage to a round-the-clock operation. That plan is however not set to kick into action until 2020, when Switzerland is expected to replace its fleet of fighters with Swedish Gripen planes. The purchase of the Swedish planes meanwhile rely on whether it is approved in an upcoming popular vote, with a poll published Monday showing 53 percent of Swiss oppose the deal. Copyright ? 2014 AFP. All rights reserved. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 18 06:12:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Feb 2014 07:12:55 -0500 Subject: [Infowarrior] - NSA Authorized Monitoring of Pirate Bay and Proxy Users Message-ID: (Waiting for the MPAA/RIAA folks to arrange a meeting to see how they can get in on this action. Because, you know, Hollywood is hurting due to 'piracy'. Longer story and documents available @ TheIntercept: https://firstlook.org/theintercept/article/2014/02/18/snowden-docs-reveal-covert-surveillance-and-pressure-tactics-aimed-at-wikileaks-and-its-supporters/ --rick) NSA Authorized Monitoring of Pirate Bay and Proxy Users ? By Andy ? on February 18, 2014 http://torrentfreak.com/nsa-authorized-monitoring-of-pirate-bay-and-proxy-users-140218/ New leaked documents from whistleblower Edward Snowden reveal that the NSA authorized the monitoring of torrent sites including "malicious foreign actor" The Pirate Bay. The internal discussions further indicate that tracking people through multiple proxies is possible and suggest that once a release is made on Pirate Bay it's possible to go back over old traffic to see where it originated from. The revelations of former NSA contractor Edward Snowden have caused shockwaves around the world and resonated in all corners of the online community. Today the leaked material is of particular interest to torrent site users. Published on Glenn Greenwald?s The Intercept, the new papers reveal internal NSA discussions over what can and cannot be monitored in various circumstances. In Q&A?s between NSA staff, Threat Operations Center Oversight and Compliance (NOC), and the NSA?s Office of General Council (OGC), torrent sites are mentioned on a number of occasions, with The Pirate Bay sitting front and center. Tracking The Pirate Bay and its users The first question concerns the querying of non US-based IP addresses which have been obtained from home soil. ?If we run across foreign malicious actors at home (spam email, router/IDS logs, torrent sites, etc) can we bring those IPs here and use the SIGINT [intelligence-gathering by interception] system to monitor these guys?? the member of staff asked. ?It might be okay,? NOC and OGC responded, ?but wait for confirmation.? The second instance came from a staff member asking questions over the monitoring of servers overseas, alongside the possibility that U.S. citizens may be using them. ?Is it okay to query against a foreign server known to be malicious even if there is a possibility that a US person could be using it as well? Example, thepiratebay.org,? the NSA employee wrote. No problem, came the reply, but exercise caution. ?Okay to go after foreign servers which US people use also (with no defeats). But try to minimize to ?post? only, for example, to filter out non-pertinent information,? NOC and OGC wrote back. From the documents it?s clear that the NSA sees both The Pirate Bay and Wikileaks as organizations that threaten U.S. security through their distribution of U.S. secrets. What follows is a question which seems to suggests that once a torrent has been released on The Pirate Bay, it?s possible to analyze traffic sent before the release was made in order to trace the leaker. ?[If a] list of .mil passwords [were] released to thepiratebay.org?can we go back into XKS-SIGINT (using a custom created fingerprint) to search for all traffic containing that password in foreign traffic just before the release? the NSA worker asked. Tracking people using proxies to hide their activities While many consider proxies as useful tools to mask their online activities, it has to be presumed that organizations such as the NSA have the ability to track individuals using even multiple instances. The next set of questions skip over the mechanics of how that might be possible (with the clear implication that it is) and jump straight to what is permissible. [When an actor is]?.posting to thepiratebay.org (a foreign web-server)?.through multiple proxied hops, are we allowed to back-trace that communication even if it hops through US based proxies?? an NSA worker asked. ?In other words, back-trace the post from thepiratebay.org to a Chinese base proxy which came through a US based proxy, which came through another US based proxy, which came through a Russian based proxy etc? ?Assuming you mean via SIGINT metadata,? came the NOC response, ?then SPCMA-trained [Supplemental Procedures Governing Communications Metadata Analysis] analysts would be able to use SPCMA-enabled tools to chain through U.S. based proxies. It is not authorized otherwise.? While on the one hand these discussions suggest that some kind of effort is being made to protect US citizens from NSA spying, on the other it?s fairly obvious that they are being swept up en masse whether they like it or not. Furthermore, the odds of being caught up in that dragnet only increase should U.S. citizens dare to become involved in organizations like Wikileaks or use torrent sites including The Pirate Bay. Worryingly, the threshold for becoming categorized as an associate of a ?malicious foreign actor? appears to be lower than ever. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 18 19:01:50 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Feb 2014 20:01:50 -0500 Subject: [Infowarrior] - Nun, 84, gets 3 years in prison for breaking in nuclear weapons complex Message-ID: Nun, 84, gets 3 years in prison for breaking in nuclear weapons complex http://www.cbsnews.com/news/nun-84-gets-3-years-in-prison-for-breaking-in-nuclear-weapons-complex/ NASHVILLE, Tenn. - An 84-year-old nun was sentenced Tuesday to nearly three years in prison for breaking into a U.S. nuclear weapons complex and defacing a bunker holding bomb-grade uranium, a demonstration that exposed serious security flaws. Two other activists who broke into the facility with Megan Rice were sentenced to more than five years in prison, in part because they had much longer criminal histories. Although officials claimed there was never any danger of the protesters reaching materials that could be detonated or made into a dirty bomb, the break-in raised questions about the safekeeping at the Y-12 National Security Complex. The facility holds the nation's primary supply of bomb-grade uranium. After the protest, the complex had to be shut down, security forces were re-trained and contractors were replaced. In her closing statement, Rice asked the judge to sentence her to life in prison, even though sentencing guidelines called for about six years. "Please have no leniency with me," she said. "To remain in prison for the rest of my life would be the greatest gift you could give me." Rice, Greg Boertje-Obed and Michael Walli all said God was using them to raise awareness about nuclear weapons and they viewed their break-in as a miracle. They had been found guilty of sabotaging the plant and damaging federal property. On July 28, 2012, the three activists cut through three fences before reaching a $548 million storage bunker. They hung banners, strung crime-scene tape and hammered off a small chunk of the fortress-like Highly Enriched Uranium Materials Facility inside the most secure part of complex. They painted messages such as, "The fruit of justice is peace," and splashed baby bottles of human blood on the bunker wall. "The reason for the baby bottles was to represent that the blood of children is spilled by these weapons," Boertje-Obed, 58, said at trial. Although the protesters set off alarms, they were able to spend more than two hours inside the restricted area before they were caught. When security finally arrived, guards found the three activists singing and offering to break bread with them. The protesters reportedly also offered to share a Bible, candles and white roses with the guards. The Department of Energy's inspector general wrote a scathing report on the security failures that allowed the activists to reach the bunker, and the security contractor was later fired. Some government officials praised the activists for exposing the facility's weaknesses. But prosecutors declined to show leniency, instead pursing serious felony charges. Rice testified at trial that she was surprised the group made it all the way to the interior of the secured zone without being challenged and that plant operations were suspended. "That stunned me," she said. "I can't believe they shut down the whole place." The activists' attorneys asked the judge to sentence them to time they had already served, about nine months, because of their record of goodwill. U.S. District Judge Amul Thapar said he was concerned they showed no remorse and he wanted the punishment to be a deterrent for other activists. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 18 19:24:42 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Feb 2014 20:24:42 -0500 Subject: [Infowarrior] - =?windows-1252?q?It=92s_OK_to_parody_the_NSA?= Message-ID: <0E795D02-EFA8-497B-8AD3-BF0616194B00@infowarrior.org> It?s OK to parody the NSA NSA backs down, admits man can use their seal for T-shirts and mugs on Zazzle. by Joe Mullin - Feb 18 2014, 4:20pm EST http://arstechnica.com/tech-policy/2014/02/its-ok-to-parody-the-nsa/ Dan McCall has been making T-shirts and mugs that parody the National Security Agency as "the only part of government that actually listens" for over a decade. In 2011, he got a cease-and-desist letter from the NSA and from the Department of Homeland Security, insisting that his goods be removed from Zazzle.com. McCall was forced to take his items off Zazzle, although he later re-opened his online shop at CafePress (selling his shirt as "Censored by the NSA!"). Last October?when NSA was already in the spotlight due to disclosures over widespread surveillance?McCall filed a lawsuit saying that his T-shirts and mugs, which were parodies of government agencies, were protected by the First Amendment. He argued that the agencies had no right to ask them to be removed. "It?s bad enough that these agencies have us under constant surveillance; forbidding citizens from criticizing them is beyond the pale," said Public Citizen's Paul Levy, who filed the suit on McCall's behalf. Now, NSA has admitted: McCall is right. Levy said that protecting the right to sell parody merchandise using government seals defends an important principle. "Citizens shouldn?t have to worry whether criticizing government agencies will get them in trouble or not," Levy said in a statement. "This settlement proves the First Amendment is there to protect citizens' rights to free speech.? In the settlement, both the DHS and the NSA have agreed to send letters confirming that the parody merchandise does not violate any laws. The government will also pay McCall $500 to cover basic costs related to the filing of the lawsuit. "NSA acknowledges that McCall's designs were intended as parody and should not have been viewed as conveying the impression that the designs were approved, endorsed, or authorized by NSA," reads the letter, which the NSA will send to Zazzle and which Public Citizen has published. ?I'm glad the case helped reaffirm the right to lampoon our government,? said McCall. ?I always thought parody was a healthy tradition in American society. It's good to know that it's still legal.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 19 06:31:46 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Feb 2014 07:31:46 -0500 Subject: [Infowarrior] - EFF: Surveillance and Pressure Against WikiLeaks and Its Readers Message-ID: <3951EF91-1F47-474D-8E61-A33D9871262C@infowarrior.org> Surveillance and Pressure Against WikiLeaks and Its Readers https://www.eff.org/deeplinks/2014/02/surveillance-and-pressure-wikileaks-readers --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 19 06:35:25 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Feb 2014 07:35:25 -0500 Subject: [Infowarrior] - =?windows-1252?q?On_the_UK=92s_Equating_of_Journa?= =?windows-1252?q?lism_with_Terrorism?= Message-ID: <3E6B5BFF-FB8E-4DDA-9905-FCFB5F934430@infowarrior.org> On the UK?s Equating of Journalism with Terrorism By Glenn Greenwald 19 Feb 2014, 5:24 AM EST https://firstlook.org/theintercept/2014/02/19/uks-equating-journalism-terrorism-designed-conceal-gchq/ As my colleague Ryan Deveraux reports, a lower U.K. court this morning, as long expected, upheld the legality of the nine-hour detention of my partner, David Miranda, at Heathrow Airport last August, even as it acknowledged that the detention was ?an indirect interference with press freedom?. For good measure, the court also refused permission to appeal (though permission can still be granted by the appellate court). David was detained and interrogated under the Terrorism Act of 2000. The UK Government expressly argued that the release of the Snowden documents (which the free world calls ?award-winning journalism?) is actually tantamount to ?terrorism?, the same theory now being used by the Egyptian military regime to prosecute Al Jazeera journalists as terrorists. Congratulations to the UK government on the illustrious company it is once again keeping. British officials have also repeatedly threatened criminal prosecution of everyone involved in this reporting, including Guardian journalists and editors. < - > In sum, the U.K. Government wants to stop disclosure of its mass surveillance activities not because it fears terrorism or harm to national security but because it fears public debate, legal challenges and accountability. That is why the U.K. government considers this journalism to be ?terrorism?: because it undermines the interests and power of British political officials, not the safety of the citizenry. I?ve spent years arguing that the word ?terrorism? in the hands of western governments has been deprived of all consistent meaning other than ?that which challenges our interests?, and I never imagined that we would be gifted with such a perfectly compelling example of this proposition. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 19 17:59:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Feb 2014 18:59:37 -0500 Subject: [Infowarrior] - Massive UMCP Data Breach Message-ID: http://www.umd.edu/datasecurity/ UMD Data Breach Letter from President Loh February 19, 2014 Dear students, faculty, and staff of the University of Maryland (at College Park and Shady Grove): Last evening, I was notified by Brian Voss, Vice President of Information Technology, that the University of Maryland was the victim of a sophisticated computer security attack that exposed records containing personal information. I am truly sorry. Computer and data security are a very high priority of our University. A specific database of records maintained by our IT Division was breached yesterday. That database contained 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued a University ID since 1998. The records included name, Social Security number, date of birth, and University identification number. No other information was compromised -- no financial, academic, health, or contact (phone, address) information. With the assistance of experts, we are handling this matter with an abundance of caution and diligence. Appropriate state and federal law enforcement authorities are currently investigating this criminal incident. Computer forensic investigators are examining the breached files and logs to determine how our sophisticated, multi-layered security defenses were bypassed. Further, we are initiating steps to ensure there is no repeat of this breach. The University is offering one year of free credit monitoring to all affected persons. Additional information will be communicated within the next 24 hours on how to activate this service. University email communications regarding this incident will not ask you to provide personal information. Please be cautious when sharing personal information. All updates regarding this matter will be posted to this website. Additional information is provided in the FAQs below. If you have any questions or comments, please call our special hotline at 301-405-4440 or email us at datasecurity at umd.edu. Universities are a focus in today's global assaults on IT systems. We recently doubled the number of our IT security engineers and analysts. We also doubled our investment in top-end security tools. Obviously, we need to do more and better, and we will. Again, I regret this breach of our computer and data systems. We are doing everything possible to protect any personal information that may be compromised. Sincerely, Wallace D. Loh President, University of Maryland FAQs ? How many files were breached? ?We have been notified by Brian Voss, Vice President of Information Technology, that a computer security incident at the University of Maryland exposed approximately 309,079 records containing personal information. ? Who was affected by the breach? ?That database contained 309,079 records of faculty, staff, students and affiliated personnel from College Park and Shady Grove campuses who have been issued a University ID since 1998. ? What kind of data was accessed? ?The records included name, Social Security number, date of birth, and University identification number. No financial, academic, contact, or health information was compromised. ? How did it occur? ?The cause of the security breach is currently under investigation by state and federal law enforcement authorities, as well as forensic computer investigators. ? How is the university responding? ?Within 24 hours, the University formed an investigative task force that includes law enforcement, IT leadership, and computer forensic investigators. We are also making every effort to notify the campus community and those who were previously affiliated with the university as students, faculty or staff. In addition, the University is offering one year of free credit monitoring to all who were affected. ? What else can I do to protect myself? ?We recommend that you be mindful of these general tips: ? Do not share personal information over the phone, email or text. Instead, ask for a call-back number so you can verify with whom you are communicating. ? Delete texts immediately from unfamiliar numbers or names because of the risk of malware and other viruses. ? Never click links within emails that you do not recognize. Be cautious when responding to emails that direct you to suspicious websites. ? What should affected persons do next? ?Additional information will be on the University homepage within 24 hours. A special hotline has also been established if you have questions about this incident. You can call 301.405.4440 or email us at datasecurity at umd.edu. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 19 18:01:46 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Feb 2014 19:01:46 -0500 Subject: [Infowarrior] - DHS cancels national license-plate tracking plan Message-ID: Department of Homeland Security cancels national license-plate tracking plan By Ellen Nakashima and Josh Hicks http://www.washingtonpost.com/world/national-security/dhs-cancels-national-license-plate-tracking-plan/2014/02/19/a4c3ef2e-99b4-11e3-b931-0204122c514b_print.html Homeland Security Secretary Jeh Johnson on Wednesday ordered the cancellation of a plan by the Immigration and Customs Enforcement agency to develop a national license-plate tracking system after privacy advocates raised concern about the initiative. The order came just days after ICE solicited proposals from companies to compile a database of license-plate information from commercial and law enforcement tag readers. Officials said the database was intended to help apprehend fugitive illegal immigrants, but the plan raised concerns that the movements of ordinary citizens under no criminal suspicion could be scrutinized. The data would have been drawn from readers that scan the tags of every vehicle crossing their paths, officials told The Washington Post this week. ?The solicitation, which was posted without the awareness of ICE leadership, has been cancelled,? ICE spokeswoman Gillian Christensen said in a statement. ?While we continue to support a range of technologies to help meet our law enforcement mission, this solicitation will be reviewed to ensure the path forward appropriately meets our operational needs.? Lawmakers and privacy advocates reacted with approval. The fact that the solicitation was posted without knowledge of ICE leadership ?highlights a serious management problem within this DHS component that currently does not have a director nominated by the president,? Rep. Bennie G. Thompson (Miss.), the ranking Democrat on the House Homeland Security Committee, said in a statement. He added that he hopes officials will consult with the department?s privacy and civil liberties officers in the future. Harley Geiger, senior counsel at the nonprofit Center for Democracy & Technology, welcomed the decision to cancel plans for the database. It was to be designed to allow agents to snap a photo of a license plate, upload it to a smartphone and compare it against a ?hot list? of plates in the database, among other features. But, Geiger noted, ?they didn?t say, ?Hey, contractor, you must also be capable of providing privacy protections.? ? The ICE solicitation stated that the database should comply with the Privacy Act of 1974. But, Geiger said, ?the Privacy Act protections are quite weak, especially because they have loads of exemptions for law enforcement.? Catherine Crump, a staff attorney at the American Civil Liberties Union, said that ?while it is good news that DHS has canceled the solicitation, there are many other law enforcement agencies around the country that are already accessing these vast private databases of plate data.? She urged ?a broader conversation about what privacy restrictions should be put in place when the government wishes to access information on Americans? movements that stretches back for years and has the potential to paint a detailed picture of our daily lives.? She said, ?The overwhelming majority of people who are caught up by these devices are completely innocent of any wrongdoing.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 19 20:11:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Feb 2014 21:11:32 -0500 Subject: [Infowarrior] - NSA Weighs Retaining Data for Suits Message-ID: <4CC4E9E2-AE0D-4E4D-A976-FB222CF4C653@infowarrior.org> NSA Weighs Retaining Data for Suits Rule That Evidence Can't Be Destroyed Would Lead to Expansion of Controversial Phone Program By Devlin Barrett and Siobhan Gorman Feb. 19, 2014 7:32 p.m. ET http://online.wsj.com/news/articles/SB10001424052702303636404579393413176249186 WASHINGTON?The government is considering enlarging the National Security Agency's controversial collection of Americans' phone records?an unintended consequence of lawsuits seeking to stop the surveillance program, according to officials. A number of government lawyers involved in lawsuits over the NSA phone-records program believe federal-court rules on preserving evidence related to lawsuits require the agency to stop routinely destroying older phone records, according to people familiar with the discussions. As a result, the government would expand the database beyond its original intent, at least while the lawsuits are active. No final decision has been made to preserve the data, officials said, and one official said that even if a decision is made to retain the information, it would be held only for the purpose of litigation and not be subject to searches. The government currently collects phone records on millions of Americans in a vast database that it can mine for links to terror suspects. The database includes records of who called whom, when they called and for how long. President Barack Obama has ordered senior officials to end the government storage of such data and find another place to store the records?possibly with the phone companies who log the calls. Under the goals outlined by Mr. Obama last month, the government would still be able to search the call logs with a court order, but would no longer possess and control them. National Security Agency Director Keith Alexander has said the program, if it had existed in 2001, would have uncovered the Sept. 11 plot. Critics of the program, including the American Civil Liberties Union and the Electronic Frontier Foundation, have sued the government, saying the program violates the Constitution's Fourth Amendment protections against unreasonable searches. Patrick Toomey, an ACLU lawyer, said no one in the government has raised with his group the possibility the lawsuits may actually expand the database they call unconstitutional. "It's difficult to understand why the government would consider taking this position, when the relief we've requested in the lawsuit is a purge of our data,'' he said. Cindy Cohn, legal director at the Electronic Frontier Foundation, which also is suing over the program, said the government should save the phone records, as long as they aren't still searchable under the program. "If they're destroying evidence, that would be a crime," she said. Ms. Cohn also questioned why the government was only now considering this move, even though the EFF filed a lawsuit over NSA data collection in 2008. In that case, a judge ordered evidence preserved related to claims brought by AT&T Inc. T +0.09% customers. What the government is considering now is far broader. "I think they're looking for any way to throw rocks at the litigation," added Ms. Cohn. "To the extent this is a serious concern, we should have had this discussion in 2008." Another person who has filed a class-action suit over the program is Sen. Rand Paul (R., Ky.). Mr. Paul's lawyer, former Virginia Attorney General Ken Cuccinelli, called the approach under consideration "just silly.'' He said he was sure his clients would be happy to agree to the destruction of their phone records held by the government, without demanding those records in pretrial discovery. Federal courts have ruled that defendants in lawsuits cannot destroy relevant evidence that could be useful to the other side. Generally, those involved in lawsuits are expected to preserve records, including electronic records, that could reasonably be considered relevant or likely to be requested as part of pretrial discovery. As the NSA program currently works, the database holds about five years of data, according to officials and some declassified court opinions. About twice a year, any call record more than five years old is purged from the system, officials said. A particular concern, according to one official, is that the older records may give certain parties legal standing to pursue their cases, and that deleting the data could erase evidence that the phone records of those individuals or groups were swept up in the data dragnet. The phone records program is overseen by the Foreign Intelligence Surveillance Court, and any move to keep data past the five-year period may require the blessing of that court. If the records are retained, they may remain in government computers for some time, because it could take years to resolve the spate of litigation over the programs. A federal judge in New York has ruled the program is legal, while a Washington, D.C., judge has ruled it almost certainly isn't. There are several other pending cases, and other lawsuits could yet be filed. Government retention of old records has long been a major concern for civil-liberties groups. The ACLU, in particular, has argued the longer the government holds data about citizens, the deeper investigators can delve into the private lives of individuals, and errors or abuses become more likely. Write to Devlin Barrett at devlin.barrett at wsj.com and Siobhan Gorman at siobhan.gorman at wsj.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 20 07:25:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Feb 2014 08:25:54 -0500 Subject: [Infowarrior] - Unintended consequence of the security culture Message-ID: <995D2901-1924-4B4A-96B4-EE64C4120D6C@infowarrior.org> Interesting irony: Since 9/11 gorvernment security departments have facilitated a nationwide culture of FOTSOU (Fear of The Strange or Unknown) and clueless risk aversion which then leads organisations to implement measures to try and counter/prevent as many real, perceived, probable, or 'possible' threats as they can. Then, once all that's in place, the government says to first responders, "oh by the way, those very same security measures (which of course we supported people taking) may prevent you as emergency responders from reaching them during an actual incident. " *facepalm* There's got to be something we can acquire that strikes that necessary balance in this situation. I'm thinking uniformed unicorns armed with magic wands as tusks. ---rick DHS-FBI-NCTC Bulletin: Building Security Measures May Hinder Emergency Response Efforts http://publicintelligence.net/dhs-fbi-nctc-security-measures-response/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 21 13:47:56 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Feb 2014 14:47:56 -0500 Subject: [Infowarrior] - Schneier: It's time to break up the NSA Message-ID: <184B62F1-A8CD-469F-865A-B7D89241296B@infowarrior.org> It's time to break up the NSA Bruce Schneier Editor's note: Bruce Schneier is a security technologist and author of "Liars and Outliers: Enabling the Trust Society Needs to Thrive." http://edition.cnn.com/2014/02/20/opinion/schneier-nsa-too-big/index.html (CNN) -- The NSA has become too big and too powerful. What was supposed to be a single agency with a dual mission -- protecting the security of U.S. communications and eavesdropping on the communications of our enemies -- has become unbalanced in the post-Cold War, all-terrorism-all-the-time era. Putting the U.S. Cyber Command, the military's cyberwar wing, in the same location and under the same commander, expanded the NSA's power. The result is an agency that prioritizes intelligence gathering over security, and that'sincreasingly putting us all at risk. It's time we thought about breaking up the National Security Agency. Broadly speaking, three types of NSA surveillance programs were exposed by the documents released by Edward Snowden. And while the media tends to lump them together, understanding their differences is critical to understanding how to divide up the NSA's missions. The first is targeted surveillance. This is best illustrated by the work of the NSA's Tailored Access Operations (TAO) group, including its catalog of hardware and software "implants" designed to be surreptitiously installed onto the enemy's computers. This sort of thing represents the best of the NSA and is exactly what we want it to do. That the United States has these capabilities, as scary as they might be, is cause for gratification. The second is bulk surveillance, the NSA's collection of everything it can obtain on every communications channel to which it can get access. This includes things such as the NSA's bulk collection of call records, location data, e-mail messages and text messages. This is where the NSA overreaches: collecting data on innocent Americans either incidentally or deliberately, and data on foreign citizens indiscriminately. It doesn't make us any safer, and it is liable to be abused. Even the director of national intelligence, James Clapper, acknowledged that the collection and storage of data was kept a secret for too long. The third is the deliberate sabotaging of security. The primary example we have of this is the NSA's BULLRUN program, which tries to "insert vulnerabilities into commercial encryption systems, IT systems, networks and endpoint communication devices." This is the worst of the NSA's excesses, because it destroys our trust in the Internet, weakens the security all of us rely on and makes us more vulnerable to attackers worldwide. That's the three: good, bad, very bad. Reorganizing the U.S. intelligence apparatus so it concentrates on our enemies requires breaking up the NSA along those functions. First, TAO and its targeted surveillance mission should be moved under the control of U.S. Cyber Command, and Cyber Command should be completely separated from the NSA. Actively attacking enemy networks is an offensive military operation, and should be part of an offensive military unit. Whatever rules of engagement Cyber Command operates under should apply equally to active operations such as sabotaging the Natanz nuclear enrichment facility in Iran and hacking a Belgian telephone company. If we're going to attack the infrastructure of a foreign nation, let it be a clear military operation. Second, all surveillance of Americans should be moved to the FBI. The FBI is charged with counterterrorism in the United States, and it needs to play that role. Any operations focused against U.S. citizens need to be subject to U.S. law, and the FBI is the best place to apply that law. That the NSA can, in the view of many, do an end-run around congressional oversight, legal due process and domestic laws is an affront to our Constitution and a danger to our society. The NSA's mission should be focused outside the United States -- for real, not just for show. And third, the remainder of the NSA needs to be rebalanced so COMSEC (communications security) has priority over SIGINT (signals intelligence). Instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone. Computer and network security is hard, and we need the NSA's expertise to secure our social networks, business systems, computers, phones and critical infrastructure. Just recall the recent incidents of hacked accounts -- from Target to Kickstarter. What once seemed occasional now seems routine. Any NSA work to secure our networks and infrastructure can be done openly -- no secrecy required. This is a radical solution, but the NSA's many harms require radical thinking. It's not far off from what the President's Review Group on Intelligence and Communications Technologies, charged with evaluating the NSA's current programs, recommended. Its 24th recommendation was to put the NSA and U.S. Cyber Command under different generals, and the 29th recommendation was to put encryption ahead of exploitation. I have no illusions that anything like this will happen anytime soon, but it might be the only way to tame the enormous beast that the NSA has become. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Feb 23 17:47:39 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Feb 2014 18:47:39 -0500 Subject: [Infowarrior] - Apple's 'Gotofail' Security Mess Extends To Mail, Twitter, iMessage, Facetime And More Message-ID: <3C44705F-630D-4F04-B575-DBC13E5E47E9@infowarrior.org> http://www.forbes.com/sites/andygreenberg/2014/02/23/apples-gotofail-security-mess-extends-to-mail-twitter-imessage-facetime-and-more/ 2/23/2014 @ 5:39PM |2,580 views Apple's 'Gotofail' Security Mess Extends To Mail, Twitter, iMessage, Facetime And More First, Apple revealed a critical bug in its implementation of encryption in iOS, requiring an emergency patch. Then researchers found the same bug is also included in Apple?s desktop OSX operating system, a gaping Web security hole that leaves users of Safari at risk of having their traffic hijacked. Now one researcher has found evidence that the bug extends beyond Apple?s browser to other applications including Mail, Twitter, Facetime, iMessage and even Apple?s software update mechanism. On Sunday, privacy researcher Ashkan Soltani posted a list of OSX applications on Twitter that he says he?s determined use Apple?s ?secure transport? framework, the coding library that developers depend on to build programs that securely communicate online using the common encryption protocols TLS and SSL. The full list, which isn?t comprehensive given that Soltani only analyzed the programs on his own PC, is shown below. (Soltani has underlined the vulnerable application names in red.) Soltani, an independent researcher whose recent work has included analyzing the surveillance documents leaked by NSA contractor Edward Snowden on behalf of the Washington Post, warns that the security of several applications on that list are severely compromised, including Apple?s email program Mail, scheduling app Calendar and the its official Twitter desktop client. The bug affects how Apple devices authenticate their secure connection with servers, allowing an eavedropper to fake that verification and hijack or corrupt traffic using what?s known as a ?man-in-the-middle? attack. ?All these apps would be vulnerable to the same man-in-the-middle vulnerability outlined on Friday,? Soltani says. Some of the affected apps such as iMessage and Facetime have added security that could reduce the effects of the security vulnerability, though Soltani warns that for the iMessage instant messaging application the initial login at Apple?s me.com website may be compromised, even if the messages themselves remain encrypted, and that similar problems may exist for Facetime. ?There are going to be parts of the protocol like the initial ?handshake? that rely on TLS, and those will be vulnerable to man-in-the-middle attacks,? Soltani says. Equally troubling is the notion that Apple?s Software Update application is affected, which means that Apple?s mechanism for pushing new code to OSX machines, including security updates, could be compromised. Soltani notes that in addition to SSL and TLS, Software Update also checks for Apple?s signature on any code that it asks users to install. But he adds that the code-signing protection hasn?t stopped malware from spoofing those updates in the past to install spying tools on victims? machines. I?ve reached out to Apple for comment on Soltani?s findings, and I?ll update this post if I hear from the company. Apple?s newly discovered security flaw, dubbed ?gotofail? by the security community due to a single improperly used ?goto? command in Apple?s code that triggered it, initially came to light Friday when Apple issued a security update for iOS. Researchers at the security firm Crowdstrike and Google quickly reverse engineered that patch to show how it affected OSX as well, and initially recommended that users stay away from untrusted networks and avoid Safari, which is more dependent on Apple?s implementation of SSL and TLS than other browsers such as Chrome or Firefox. Soltani?s work, however, shows that the problem extends further, leaving many users with few options for secure communications until Apple issues a fix for its desktop software. The company promised in a statement to Reuters Saturday to make that fix available ?very soon.? Given the widening gaps in Apple?s security the flaw exposes, it can?t come soon enough. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 24 08:41:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Feb 2014 09:41:58 -0500 Subject: [Infowarrior] - =?windows-1252?q?EC-Council=92s_website_defaced?= =?windows-1252?q?=2C_possible_data_stolen?= Message-ID: <2F47D0CA-ECCE-4504-B0D6-3A584A6C313F@infowarrior.org> Security certification group EC-Council?s website defaced with Snowden passport Hacker claims to have grabbed thousands of law enforcement and military passports. by Megan Geuss - Feb 23 2014, 10:40pm EST http://arstechnica.com/security/2014/02/security-certification-group-ec-councils-website-defaced-with-snowden-passport/ The website for EC-Council, an ?International Council of E-Commerce Consultants,? was defaced on Sunday evening. The hacker, who went by Eugene Belford (named for the ?thieving evil computer genius? from the movie Hackers) also claimed to have found ?thousands of passports belonging to LE [Law Enforcement] (and .mil) officials? in the process of breaking into the site. Eugene Belford wrote on the EC-Council homepage, ?Defaced again? Yep, good job reusing your passwords morons jack67834#?. With respect to the claim that passport and other information was stolen, the hacker posted a photo of Edward Snowden's passport, along with an e-mail from him to the council from 2010. EC-Council has long been an administrator of information security certification, and the organization's training programs are sometimes used by employers to get employees up to speed on certain skills. Some of EC-Council's certification programs include Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Still, the site's hacker referred to an attrition.org page that lists its grievances against the certifier. ?EC-Council's history is mired in controversy, with a wide variety of criticism coming from both the education and information security professions,? attrition.org says. ?The company not only runs an extensive certification program, they also operate a virtual university. This has not stopped them from taking shortcuts usually reserved for students, by plagiarizing content from other sources and including it in their commercial offerings.? This is not the first defacement for EC-Council. Based on the e-mail screenshot posted to the organization's homepage, security researcher Ashkan Soltani and Collin D. Anderson suggested on Twitter that the "attacker hijacked DNS and gained access to GApps through domain verification account reset." Ars attempted to contact EC-Council but there was no response as of this publishing. Ars will update this story if EC-Council provides a statement. On its Facebook page, EC-Council writes that it ?has trained over 80,000 individuals and certified more than 30,000 security professionals from such fine organizations as the US Army, the FBI, Microsoft, IBM, and the United Nations.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 24 16:03:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Feb 2014 17:03:22 -0500 Subject: [Infowarrior] - G-20 to share tax records Message-ID: G-20 agrees on automatic tax data sharing: OECD Bloomberg | Canberra February 24, 2014 Last Updated at 23:40 IST http://www.business-standard.com/article/international/g-20-agrees-on-automatic-tax-data-sharing-oecd-114022401288_1.html Group-of-20 nations agreed to implement a global standard for automatically exchanging information between tax authorities by the end of 2015, the Organization for Economic Cooperation and Development said. The endorsement is a step toward putting an end to "banking secrecy as we know it," Pascal Saint-Amans, director of the OECD's centre for tax policy and administration, told reporters on Sunday in Sydney, where G-20 finance ministers and central bankers are meeting. A decision on the technology needed and detailed rules on how governments will swap tax data is likely to be made at a G-20 meeting in September, he said. The new standard would see countries automatically exchange information gathered from their financial institutions. The OECD, supported by 34 member countries including the US, UK, Germany and Japan, is working on plans for a global exchange of information to crack down on tax-avoidance strategies used by companies such as Google Inc, Apple Inc and Yahoo! Inc. While the group doesn't have figures to calculate the total cost of overseas tax avoidance, the British Virgin Islands was one of the top five investors in Russia and China, Saint-Amans said. The accumulated profit of US companies held offshore was $2 trillion, he said. Change rules "The political message is that we will be closing down all the loopholes," he said. "What multinationals are doing is legal. If it's legal and you don't like the outcome, you need to change the rules." Global tax rules currently aren't fit for the 21st century, UK Chancellor of the Exchequer George Osborne said on Sunday in an interview on Channel 7 in Sydney. "If we can come up with common rules that we all sign up to then these companies are going to have to operate within these rules," Osborne said. The timescale to implement the plan is "ambitious," Paul Radcliffe, a director in financial services at accounting firm Ernst & Young LLP, said in a statement. "Given the looming deadline, financial institutions will need to start the process to become compliant," he said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Feb 24 20:55:13 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Feb 2014 21:55:13 -0500 Subject: [Infowarrior] - Syria War Stirs New U.S. Debate on Cyberattacks Message-ID: <1997C3E3-DDA6-4D3D-9BEA-5D3C0CF039EE@infowarrior.org> Syria War Stirs New U.S. Debate on Cyberattacks By DAVID E. SANGER FEB. 24, 2014 http://www.nytimes.com/2014/02/25/world/middleeast/obama-worried-about-effects-of-waging-cyberwar-in-syria.html WASHINGTON ? Not long after the uprising in Syria turned bloody, late in the spring of 2011, the Pentagon and the National Security Agency developed a battle plan that featured a sophisticated cyberattack on the Syrian military and President Bashar al-Assad?s command structure. The Syrian military?s ability to launch airstrikes was a particular target, along with missile production facilities. ?It would essentially turn the lights out for Assad,? said one former official familiar with the planning. For President Obama, who has been adamantly opposed to direct American intervention in a worsening crisis in Syria, such methods would seem to be an obvious, low-cost, low-casualty alternative. But after briefings on variants of the plans, most of which are part of traditional strikes as well, he has so far turned them down. Syria was not a place where he saw strategic value in American intervention, and even covert attacks ? of the kind he ordered against Iran during the first two years of his presidency ? involved a variety of risks. The considerations that led Mr. Obama to hesitate about using the offensive cyberweapons his administration has spent billions helping develop, in large part with hopes that they can reduce the need for more-traditional military attacks, reflect larger concerns about a new and untested tactic with the potential to transform the nature of warfare. It is a transformation analogous to what happened when the airplane was first used in combat in World War I, a century ago. The Obama administration has been engaged in a largely secret debate about whether cyberarms should be used like ordinary weapons, whether they should be rarely used covert tools or whether they ought to be reserved for extraordinarily rare use against the most sophisticated, hard-to-reach targets. And looming over the issue is the question of retaliation: whether such an attack on Syria?s air power, its electric grid or its leadership would prompt Syrian, Iranian or Russian retaliation in the United States. It is a question Mr. Obama has never spoken about publicly. Because he has put the use of such weapons largely into the hands of the N.S.A., which operates under the laws guiding covert action, there is little of the public discussion that accompanied the arguments over nuclear weapons in the 1950s and ?60s or the kind of roiling argument over the use of drones, another classified program that Mr. Obama has begun to discuss publicly only in the past 18 months. But to many inside the administration, who insisted on anonymity when speaking about discussions over one of America?s most highly classified abilities, Syria puts the issue back on the table. Mr. Obama?s National Security Council met Thursday to explore what one official called ?old and new options.? Caitlin Hayden, the spokeswoman for the National Security Council, declined to discuss ?the details of our interagency deliberations? about Syria. ?But we have been clear that there are a range of tools we have at our disposal to protect our national security, including cyber,? she said, noting that in 2012 ?the president signed a classified presidential directive relating to cyberoperations that establishes principles and processes so that cybertools are integrated with the full array of national security tools.? The directive, she said, ?enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats.? One of the central issues is whether such a strike on Syria would be seen as a justified humanitarian intervention, less likely to cause civilian casualties than airstrikes, or whether it would only embolden American adversaries who have themselves been debating how to use the new weapons. Jason Healey, the director of the Cyber Statecraft Initiative at the Atlantic Council, argues that it is ?worth doing to show that cyberoperations are not evil witchcraft but can be humanitarian.? But others caution whether that would really be the perception. ?Here in the U.S. we tend to view a cyberattack as a de-escalation ? it?s less damaging than airstrikes,? said Peter W. Singer, a Brookings Institution scholar and co-author of the recently published book ?Cybersecurity and Cyberwar: What Everyone Needs to Know.? ?But elsewhere in the world it may well be viewed as opening up a new realm of warfare,? he said. There?s little doubt that developing weapons for computer warfare is one of the hottest arenas in defense spending. While the size of the Army and traditional weapons systems are being cut in the Pentagon budget that was released on Monday, cyberweapons and Special Forces are growth areas, though it is difficult to tell precisely how much the government spends. But Mr. Obama has made no secret of his concerns about using cyberweapons. He narrowed Olympic Games, the program against the Iranian nuclear enrichment program, to make sure that it did not cripple civilian facilities like hospitals. What he liked about the program was that it was covert and that, if successful, it could help buy time to force the Iranians into negotiations. And that is exactly what happened. But when a technological error in the summer of 2010 resulted in the broadcast of the Stuxnet computer worm around the world, ultimately leading to the revelation of the program?s origins with the N.S.A. and Unit 8200 of Israel, Mr. Obama?s hopes of keeping such programs at arm?s length were dashed. Since then, there has been no clear evidence that the United States has used the weapons in another major attack. It was considered during the NATO attacks on Libya in the spring of 2011, but dismissed after Mr. Obama?s advisers warned him that there was no assurance they would work against Col. Muammar el-Qaddafi?s antiquated, pre-Internet air defenses. The head of the N.S.A., Gen. Keith B. Alexander, said in an interview last year that such weapons had been used only a handful of times in his eight-year tenure. But Syria is a complicated case, raising different issues than Iran did. In Syria, the humanitarian impulse to do something, without putting Americans at risk or directly entering the civil war, is growing inside the administration. Most of that discussion focuses on providing more training and arms for what are seen as moderate rebel groups. But cyberweapons are in the conversation about stepping up covert action. Part of the argument is that Syria is a place where America could change its image, using its most advanced technology for a humanitarian purpose. ?The United States has been caught using Stuxnet to conduct a covert cybercampaign against Iran as well as trawling the Internet with the massive Prism collection operation,? Mr. Healey wrote recently, referring to the N.S.A.?s data-mining program. ?The world is increasingly seeing U.S. cyberpower as a force for evil in the world. A cyberoperation against Syria might help to reverse this view.? Yet that would require openly taking credit for an attack, something the United States has never done. ?The question is whether the president would be willing to give the kind of speech he gave about why it would be justified to shoot off missiles in response to Assad?s use of chemical weapons,? a senior administration official said. Mr. Obama pulled back from that strike at the last moment. Even if the United States wanted to act covertly, a cyberattack on Syria would be hard to keep secret. Anything that grounded the air fleet, or turned out the lights at key facilities in Damascus and at major military outposts, would be instantly noticed ? and would not necessarily be accomplished quickly. American military planners concluded after putting together options for Mr. Obama over the past two and a half years that any meaningful attack on Syria?s facilities would have to be both long enough to make a difference and targeted enough to keep from making an already suffering population even worse off. For those and other reasons, there are doubters throughout the military and intelligence establishment. ?It would be of limited utility, frankly,? one senior administration official said. For instance, an attack could disrupt or shut down the navigational systems for Syria?s aircraft, including the Russian-designed Mi-8 and Mi-17 helicopters that are carrying out many of the so-called barrel-bomb attacks against civilians in Homs and Aleppo. But Syrian commanders would probably just shift to other weapons in their arsenal, like an array of rockets and missiles, including longer-range Scud missiles, that Mr. Assad?s forces have already employed with deadly effect. Syria is no stranger to these attacks, either on the receiving or the giving end. ASeptember 2007 strike by Israel that destroyed a nuclear reactor being built in the Syrian desert was accompanied by an ingenious cyberattack that blinded Syria?s air defenses. When the Syrian military awoke the next morning, the reactor being built with North Korean help was a smoking hole in the ground, as were some associated facilities. On the offensive end, the Electronic Frontier Foundation, which follows these issues, assembled evidence in a report published late last year that the Syrians had used a ?spear phishing? ploy, which gets the target to click on a link in an email, in this case videos of war atrocities, to identify people who are aiding the rebel groups and get inside their computer systems. And the Syrian Electronic Army, which American intelligence officials suspect is actually Iranian, has conducted strikes against targets in the United States over the past year, including the website of The New York Times. Mostly these have been denial-of-service attacks, annoying and disruptive, but not truly sophisticated. The chances that Syria could manage a significant response are low, American officials and outside experts said. But the precedent could embolden the Russians and the Iranians, ? who also have stakes in the Syrian war, and far more ability ? into taking a greater part in a new and rapidly escalating form of warfare. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 25 06:16:29 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Feb 2014 07:16:29 -0500 Subject: [Infowarrior] - Apple and the SSL 0-day Message-ID: Funny how they rushed to fix the iOS version, but left their desktop OS customers still vulnerable. I wonder where Apple's priorities really are these days? From what I can tell, ever since the JesusPhone was introduced, OSX has taken a constant backseat to the company's mobile gadgets in terms of support and new development. --rick Apple Decides That Dead Silence Is The Best Way To Address Major Encryption Flaw On OS X http://www.techdirt.com/articles/20140224/13175926334/apple-decides-that-dead-silence-is-best-way-to-address-major-encryption-flaw-os-x.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 25 06:29:16 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Feb 2014 07:29:16 -0500 Subject: [Infowarrior] - Secret changes to phone unlocking bill Message-ID: <42656AD4-BE4B-45E2-BFA2-ED40E8DDF11D@infowarrior.org> Rep. Goodlatte Slips Secret Change Into Phone Unlocking Bill That Opens The DMCA Up For Wider Abuse http://crooksandliars.com/2014/02/rep-goodlatte-slips-secret-change-phone < - > As of last week, a bunch of folks, who were concerned about the issues with unlocking and how Section 1201 was a problem, were supportive of this bill and were expecting to publicly speak out in favor of getting the bill passed. Except... late last week, with no explanation whatsoever, and no consultation with others even though the markup and Judiciary Committee process had already concluded, Rep. Goodlatte slipped into the bill a little poison pill/favor to big phone companies, adding a seemingly innocuous statement as section (c)(2): "No Bulk Unlocking--Nothing in this subsection shall be construed to permit the unlocking of wireless handsets or other wireless devices, for the purpose of bulk resale, or to authorize the Librarian of Congress to authorize circumvention for such purpose under this Act, title 17, United States Code, or any other provision of law." < - > http://crooksandliars.com/2014/02/rep-goodlatte-slips-secret-change-phone --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 25 13:12:01 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Feb 2014 14:12:01 -0500 Subject: [Infowarrior] - OS X Update 10.9.2 now available, patches SSL/TLS hole [Updated] Message-ID: OS X Update 10.9.2 now available, patches SSL/TLS hole [Updated] http://www.tuaw.com/2014/02/25/os-x-update-10-9-2-now-available/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 25 16:45:48 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Feb 2014 17:45:48 -0500 Subject: [Infowarrior] - Paramount Flips Out That People Might 'Watch' Twitter Account Posting Top Gun Frame By Frame Message-ID: <1275311E-20BC-476E-8855-881FAE0DA86B@infowarrior.org> Paramount Flips Out That People Might 'Watch' Twitter Account Posting Top Gun Frame By Frame http://www.techdirt.com/articles/20140225/11554326345/paramount-flips-out-that-people-might-watch-twitter-account-posting-top-gun-frame-frame.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 25 19:54:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Feb 2014 20:54:32 -0500 Subject: [Infowarrior] - Cybersecurity Firm Advises Caution in Dealing With NSA Message-ID: Cybersecurity Firm Advises Caution in Dealing With NSA RSA's Art Coviello Suggests Agency Wasn't Upfront About Intentions By DANNY YADRON CONNECT Updated Feb. 25, 2014 8:36 p.m. ET http://online.wsj.com/news/articles/SB10001424052702304834704579405180837393664? SAN FRANCISCO?For two months, RSA Executive Chairman Art Coviello has faced criticism that his company helped the National Security Agency spy on customers of the computer-security firm. On Tuesday, he suggested that the government wasn't upfront about what it would do with his products and said other companies should be wary of working with U.S. intelligence. If the NSA "exploits a tradition of trust within the security community, that's a problem," Mr. Coviello said at a conference sponsored by his company. "If that is an issue, we can't work with the NSA," he said in a subsequent interview. The remarks were his first public comments since his company, a unit ofEMC Corp. EMC -0.04% , was accused last year of selling weakened encryption products that could help the agency spy on RSA customers. His comments were notable for an executive whose company has significant government ties and point to a broader question for U.S. tech companies in the Edward Snowden era: Is the revenue from classified contracts worth the reputational risk? Mr. Coviello said his company has had classified contracts with the NSA but suggested that the firm didn't know that it may have aided government surveillance efforts. The current contracts aren't encryption-related and whether the company enters into any in the future "will be dependent on assurances" from the government, he said. The NSA declined to comment. Documents leaked by Mr. Snowden, a former NSA contractor, last year showed that the agency helped popularize a weak encryption formula, hoping that it would help the agency spy on terrorists. Reuters in December reported that RSA accepted $10 million to make the setting a default in one of its products, Bsafe. The Wall Street Journal recently confirmed with people briefed on the matter that such a contract existed. There is no evidence RSA knew the encryption formula was weak, the people said. Mr. Coviello declined to comment on specific contracts. A surveillance-review panel commissioned by President Barack Obama's said last year that the government shouldn't weaken encryption standards. Mr. Coviello said he agreed with that recommendation but that he wasn't optimistic it would be adopted. Mr. Coviello did a "pretty good" job of addressing trust issues, said Wendy Nather, a research director at information-technology consulting firm 451 Research LLC. RSA told customers last fall to stop using the default Bsafe encryption formula, called dual elliptic curve, as soon as documents from Mr. Snowden suggested NSA held a secret key to solve it. Encryption accounts for a small portion of RSA's business. Most encryption used on computers is based on a series of publicly available formulas?not algorithms owned by security companies. Mr. Coviello said the problematic formula was used mainly for clients with government ties and that the Reuters article had no affect on the company's business. Customers have been "maybe curious" about the matter, he said. Nevertheless, the issue has roiled this year's RSA Conference. Security researchers have questioned why RSA continued to use the Bsafe formula even after mathematicians discovered holes more than seven years ago. "There is maybe a little 20/20 hindsight here," Mr. Coviello said Tuesday. Relatively few researchers found problems with the formula before the Snowden leaks, he said. Mr. Coviello also sought to broaden the debate about Internet security, proposing that governments stop using cyberweapons, cooperate with other countries on cybercrime and protect online privacy. "If the NSA had been more transparent maybe they wouldn't have the PR difficulty that they're having now," Mr. Coviello said. "That's really what I'm calling for: more of that transparency." Write to Danny Yadron at danny.yadron at wsj.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 25 19:56:31 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Feb 2014 20:56:31 -0500 Subject: [Infowarrior] - =?utf-8?q?Why_AT=26T=E2=80=99s_Surveillance_Repor?= =?utf-8?q?t_Omits_80_Million_NSA_Targets?= Message-ID: Why AT&T?s Surveillance Report Omits 80 Million NSA Targets ? BY DAVID KRAVETS ? 02.21.14 ? 6:30 AM http://www.wired.com/threatlevel/2014/02/ma-bell-non-transparency/ AT&T this week released for the first time in the phone company?s 140-year history a rough accounting of how often the U.S. government secretly demands records on telephone customers. But to those who?ve been following the National Security Agency leaks, Ma Bell?s numbers come up short by more than 80 million spied-upon Americans. AT&T?s transparency report counts 301,816 total requests for information ? spread between subpoenas, court orders and search warrants ? in 2013. That includes between 2,000 and 4,000 under the category ?national security demands,? which collectively gathered information on about 39,000 to 42,000 different accounts. There was a time when that number would have seemed high. Today, it?s suspiciously low, given the disclosures by whistleblower Edward Snowden about the NSA?s bulk metadata program. We now know that the secretive Foreign Intelligence Surveillance Court is ordering the major telecoms to provide the NSA a firehose of metadata covering every phone call that crosses their networks. An accurate transparency report should include a line indicating that AT&T has turned over information on each and every one of its more than 80 million-plus customers. It doesn?t. That?s particularly ironic, given that it was Snowden?s revelations about this so-called ?Section 215? metadata spying that paved the way for the transparency report. In Snowden?s wake, technology companies pushed President Barack Obama to craft new rules allowing them to be more transparent about how much customer data they?re forced to provide the NSA and other agencies. In a Jan. 17 globally televised speech, Obama finally agreed. We will also enable communications providers to make public more information than ever before about the orders they have received to provide data to the government. But when the new transparency guidelines came out on Jan. 27, the language left it unclear whether discussing bulk collection was allowed, says Alex Abdo, an American Civil Liberties Union staff attorney. AT&T on Monday became the first phone company to release a transparency report under the new rules, and the results seem to confirm that the metadata collection is still meant to stay secret. ?This transparency report confirmed our fear that the DOJ?s apparent concession was carefully crafted to prevent real transparency,? Abdo says. ?If they want real transparency, they would allow the disclosure of the bulk telephone metadata program.? WIRED asked AT&T about the omission of the metadata spying. The response, which arrived by email from AT&T spokeswoman Claudia Jones: ?Please see footnote #1.? Legal experts, though, say that the footnote has nothing to do with with whether bulk collection activities carried out in the past could be disclosed. It merely notes that plans are in place to reform the metadata collection program in the future. ?That?s mealy-mouthed. Footnote 1 is talking about future reporting, not reporting about already received orders,? says Nate Cardozo, a staff attorney with the Electronic Frontier Foundation. (AT&T?s Jones did not return repeated calls seeking more comment on the company?s report. The Department of Justice neither returned e-mails nor telephone calls seeking comment.) But Cardozo believes that AT&T is correct that it is barred from disclosing the metadata numbers, because of the Obama administration?s careful choice of language in the section relating to orders from the Foreign Intelligence Surveillance Court. The guidelines allow for the disclosure, in chunks of 1,000, of ?the number of customer selectors [phone numbers] targeted under FISA non-content orders.? Since the bulk metadata collection doesn?t ?target? any ?selectors? it is, by definition, not subject to disclosure. This loophole is no accident of phrasing. In other sections of the guidelines covering National Security Letters ? a type of subpoena that doesn?t require a judge?s signature ? Obama allows disclosure of the ?number of customer accounts affected.? If the guidelines used that same language for the FISA disclosures, AT&T?s transparency report would presumably disclose that more than 80 million customers ? that would be all of AT&T?s customers ? had been spied upon. The end result, observes Kevin Bankston, the policy director of the New America Foundation?s Open Technology Institute, is that Obama?s so-called reform has spawned a misleading report that provides false comfort to AT&T customers ? and all Americans. ?Not only is this a complete failure when it comes to providing transparency around bulk data being handed over,? Bankston says, ?it is affirmatively misleading to the average reader of the transparency report who would conclude that no bulk data handover ever happened.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Feb 25 19:59:57 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Feb 2014 20:59:57 -0500 Subject: [Infowarrior] - White House Weighs Four Options for Revamping NSA Phone Surveillance Message-ID: (Or a fifth option, to make it even bigger and more pervasive. Sorry, had to be said! ?rick) White House Weighs Four Options for Revamping NSA Phone Surveillance Proposals Range From Running Program Through Phone Companies to Ditching It Altogether By SIOBHAN GORMAN and DEVLIN BARRETT CONNECT Updated Feb. 25, 2014 8:37 p.m. ET http://online.wsj.com/news/articles/SB10001424052702303880604579405640624409748? The National Security Agency's headquarters in Fort Meade, Md. European Pressphoto Agency WASHINGTON?Administration lawyers have presented the White House with four options for restructuring the National Security Agency's phone-surveillance program, from ditching the controversial collection altogether to running it through the telephone companies, according to officials familiar with the discussions. President Barack Obama in January asked U.S. intelligence agencies and the attorney general to report by March 28 on alternatives for revamping the program in a way that would take it out of the NSA's hands. The Office of Director of National Intelligence and the Justice Department have provided the options ahead of schedule, these people said. None of the three options for relocating the data have gained universal favor. But failure to agree on one of them would leave only the option of abolishing the program, which would be a setback for intelligence agencies and other backers of the surveillance effort. Of the three options for relocating the data, two of them?with phone companies or another government agency?appear most technically possible. Under the current program, the NSA collects millions of U.S. phone records from three phone companies, which former officials have identified as AT&T Inc., Verizon Communications Inc. and Sprint Corp. Since the start of revelations about NSA surveillance last year by former NSA contractorEdward Snowden, the phone-records program has sparked the most controversy. Some lawmakers and government officials have defended it as critical to fighting terrorism, while others argue it amounts to a massive violation of constitutional rights. Obama administration officials have sought to preserve the collection of phone records in a way that raises fewer concerns about privacy. One way of doing that would have the phone companies retain the data, officials said. The NSA would then tell the companies when it needs searches of call records concerning specific phone numbers the agency believes are connected to terrorism. The companies would provide the results to the NSA. Under this model, the NSA would only collect the data that comes in response to the search, rather than millions of unrelated American phone records. Several lawmakers have proposed legislation on Capitol Hill that would take this approach. But telecommunications companies oppose this option. Phone companies likely would demand liability protection and possibly other conditions to avoid outside demands for data?for instance, for run-of-the-mill legal cases such as divorce proceedings. Already, some criminal defendants have sought access to the NSA records, claiming the data could help show their innocence. The phone-company option is also opposed by the chairman of the House intelligence committee, Rep. Mike Rogers (R., Mich.), who told The Wall Street Journal this week that the proposal doesn't have enough support for committee approval and a House floor vote. Phone companies have not yet been consulted on options, a telecommunications-industry official said. A second option presented to the White House would have a government agency other than the NSA hold the data, according to a U.S. official. Candidates for this option could include the Federal Bureau of Investigation, which some current and former intelligence officials have recommended. Another possibility floated in policy circles was turning the program over to the custody of the Foreign Intelligence Surveillance Court, which oversees the phone-data and other NSA surveillance programs, but judges have balked at an expanded role for the court. A third option would be for an entity outside the phone companies or the government to hold the data, officials said. This approach has been criticized by privacy groups who say such a third party would just become an extension of the NSA and would provide no additional privacy benefit. A final alternative would be to scrap the phone-data program and instead bolster investigative efforts under current authorities to obtain the information about possible terrorist connections some other way, an official said. Mr. Obama acknowledged this approach in his January speech, but said "more work needs to be done to determine exactly how this system might work." Caitlin Hayden, a spokeswoman for the White House National Security Council, declined to speak about specific proposals. She said that since the president's Jan. 17 speech unveiling surveillance-overhaul measures, the Justice Department and intelligence agencies have worked on developing options. "They have kept us abreast of their progress, and we look forward to reviewing those options," she said. "Beyond that, I'm not in a position to discuss the details of an ongoing process." Mr. Obama will consult with Congress and will seek legislation, as needed, she added. Two of the options echo recommendations of the president's review panel, which issued a report in December that proposed the NSA phone program be overhauled so the data be held by either the phone companies or a third party. In his January speech, Mr. Obama said both of those approaches "pose difficult problems." Retaining the data at the phone companies, he said, "could require companies to alter their procedures in ways that raise new privacy concerns." Establishing a third party to hold the data, he said, could be even more difficult. "Any third party maintaining a single consolidated database would be carrying out what's essentially a government function, but with more expense, more legal ambiguity, potentially less accountability, all of which would have a doubtful impact on increasing public confidence that their privacy is being protected," he said. Separately on Tuesday, the Justice Department notified a convicted terror suspect that NSA bulk-data surveillance had been used against him before he pleaded guilty to a charge of attempted material support for terrorism. The defendant, an Albanian immigrant named Agron Hasbajrami, pleaded guilty in federal court in Brooklyn in 2012, after he was accused of sending more than $1,000 to someone in Pakistan to finance terrorism. Since the revelations about NSA spying, the government has notified two criminal defendants that they intended to offer evidence derived from NSA interception of electronic communications. The Hasbajrami notification marks the first time such a notice has been given to a defendant who has already pleaded guilty, officials said. The letter notifying Mr. Hasbajrami noted that he is still seeking to have his conviction vacated. Mr. Hasbajrami's attorney, Steve Zissou, said he would seek more information about the surveillance of his client. Patrick Toomey, a lawyer at the American Civil Liberties Union, said the new filing shows "warrantless surveillance has played a role in more criminal cases than the government has ever before admitted, and the government has been improperly withholding that fact from defendants for years." Write to Siobhan Gorman at siobhan.gorman at wsj.com and Devlin Barrett atdevlin.barrett at wsj.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 26 06:53:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Feb 2014 07:53:49 -0500 Subject: [Infowarrior] - TBP becomes ResearchBay Message-ID: http://response.easyresearch.se/s.asp?WID=948836&Pwd=99191792&key=49977,41 Help us understand (even) more about file-sharing! This is the third time The Pirate Bay undertakes this study in cooperation with the Cybernorms Research Group, a group of researchers affiliated with the Lund University Internet Institute in southern Sweden. Completing this short survey will take only a few minutes of your time, after which you will be redirected to The Pirate Bay. Understanding online norms and values is essential to developing relevant and effective laws and policies. The purpose of this survey is to help researchers to better understand habits and norms within the file-sharing community. With your help, we hope to create a knowledge base that will influence legitimate laws and law enforcement related to the Internet. Please note that no IP addresses or other personal data will be stored. Please direct all questions about this survey to web at cybernormer.se. More information about the Cybernorms Research Group can be found through Lund University Internet Institute or the projects' webpage at Cybernormer.se. Thank you! The Pirate Bay together with the Cybernorms Research Group. PS. If you're curious about the results from previous The Research Bay surveys, please check our online database at TheSurveyBay.com! --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 26 07:45:11 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Feb 2014 08:45:11 -0500 Subject: [Infowarrior] - Detection and analysis of the Chameleon WiFi access point virus Message-ID: <0FE4A652-E4C3-4EC1-B991-30413B805236@infowarrior.org> Detection and analysis of the Chameleon WiFi access point virus Jonny Milliken1*, Valerio Selis2 and Alan Marshall23 http://jis.eurasipjournals.com/content/2013/1/2 This paper analyses and proposes a novel detection strategy for the 'Chameleon? WiFi AP-AP virus. Previous research has considered virus construction, likely virus behaviour and propagation methods. The research here describes development of an objective measure of virus success, the impact of product susceptibility, the acceleration of infection and the growth of the physical area covered by the virus. An important conclusion of this investigation is that the connectivity between devices in the victim population is a more significant influence on virus propagation than any other factor. The work then proposes and experimentally verifies the application of a detection method for the virus. This method utilises layer 2 management frame information which can detect the attack while maintaining user privacy and user confidentiality, a key requirement in many security solutions. Keywords: WiFi; Security; Virus; Infection; Propagation; Detection; Layer 2 http://jis.eurasipjournals.com/content/2013/1/2 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 26 10:37:38 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Feb 2014 11:37:38 -0500 Subject: [Infowarrior] - More TSA Idiocy. Seriously, this is moronic. Message-ID: (Admittedly, this may be a lack of common sense or a failure of the educational system. But still, this person is deemed competent to be on the "front lines" in the "war on terror"? Sheesh. --rick) D.C. resident: TSA agent questioned if license from nation?s capital was valid for flight By Aaron C. Davis http://www.washingtonpost.com/local/dc-politics/dc-resident-tsa-agent-questions-if-dc-license-legal-for-airline-flight-boarding/2014/02/26/b0855538-9e77-11e3-9ba6-800d1192d08b_story.html Ashley Brandt was all smiles last week when she went to board a flight home after a belated birthday trip to the Grand Canyon. Then, standing in an airport security line in Phoenix, her jaw dropped. TSA agent questioned if D.C. license valid to board plane According to Brandt, an agent with the Transportation Security Administration took a look at her D.C. license and began to shake her head. ?I don?t know if we can accept these,? Brandt recalled the agent saying. ?Do you have a U.S. passport?? Brandt was dumbfounded, and quickly grew a little scared. A manager was summoned, she says. ?I started thinking, ?Oh my gosh, I have to get home. Am I going to get home???? The long Presidents? Day weekend had been Brandt?s boyfriend?s first chance to make good on a December birthday promise to take Brandt to see the Grand Canyon. The two were now on their way back, and the next morning, a class would be waiting for Brandt at her Cleveland Park preschool a couple of miles north of the White House. But the implication from the TSA agent seemed clear to Brandt: The District is not a state; TSA requires a state-issued ID to board a plane. Nevermind that Brandt had used her brand-new D.C. license, the one marked ?District of Columbia? over a backdrop of cherry blossoms, to board her flight to Arizona days earlier. Brandt says the agent yelled out to a supervisor, working in adjacent security line. Are D.C. licenses valid identification? Brandt says she could hear the response, ?Yeah, we accept those.? ?She didn?t seem to know that it was basically the same as a state ID,? said Brandt, who had only recently traded her Maryland ID for one from the District. ?D.C. is obviously not a state, but I didn?t ever imagine it would be a problem ? I mean, the whole population of D.C. has to use these.? Within a few minutes, Brandt said she was on her way to the gate and her pulse was settling back to normal. But flabbergasted by the experience, Brandt?s boyfriend, Alan Chewning, who had passed security without an incident in another line, fired off a tweet: ?Holy. [Expletive]. TSA @ PHX asked for gf?s passport because her valid DC license deemed invalid b/c ?DC not a state.??? By the time the two landed, the tweet had gone viral, and stories were flooding in of residents recounting similar horror stories of trying to board a flight with a license from Guam or Puerto Rico. Asked about the incident, Lisa Farbstein, a TSA spokeswoman, pointed a reporter to the agency?s Web site, which has a published list of 15 types of valid IDs for airline travel, including ?Driver?s Licenses or other state photo identity cards issued by Department of Motor Vehicles (or equivalent).? Farbstein said she could not immediately comment on the incident, but on social media, it was clear that TSA officials were alerted to the incident. Brandt did not file a complaint and a person familiar with the matter confirmed that no TSA incident report was filed over the encounter. If nothing else, it offered a new story for advocates of D.C. statehood, and perhaps a lesson on how foreign Washington might seem in Phoenix. ?The whole thing was kind of ridiculous and strange,? Brandt said ?Apparently in Arizona, they?re not sure we?re all right.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Feb 26 14:22:41 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Feb 2014 15:22:41 -0500 Subject: [Infowarrior] - Obama Officials Seek to Hold NSA Phone Records Longer Message-ID: <06B1AFD2-628B-4DBE-9008-1985AE7622D9@infowarrior.org> Obama Officials Seek to Hold NSA Phone Records Longer Say Data Needed in Lawsuits Challenging Such Surveillance By DEVLIN BARRETT CONNECT Feb. 26, 2014 2:39 p.m. ET http://online.wsj.com/news/articles/SB10001424052702304709904579407321915018810 The Obama administration has asked a special court for approval to hold on to National Security Agency phone records for a longer period?an unintended consequence of lawsuits seeking to stop the data-surveillance program. The Wall Street Journal reported last week that the Justice Department was considering such a move, which would end up expanding the controversial phone records database by not deleting older call records. Under the current system, the database is purged of phone records more than five years old. The Justice Department, in a filing made public Wednesday, said it needs to hold on to the older records as evidence in lawsuits brought by the American Civil Liberties Union, Electronic Frontier Foundation, and others. Under the proposal made to the Foreign Intelligence Surveillance Court, the older data would continue to be held, but NSA analysts would not be allowed to search it. Write to Devlin Barrett at devlin.barrett at wsj.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 27 05:35:51 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Feb 2014 06:35:51 -0500 Subject: [Infowarrior] - IETF Draft Wants To Formalize 'Man-In-The-Middle' Decryption Of Data As It Passes Through 'Trusted Proxies' Message-ID: IETF Draft Wants To Formalize 'Man-In-The-Middle' Decryption Of Data As It Passes Through 'Trusted Proxies' http://www.techdirt.com/articles/20140226/07270626350/ietf-draft-wants-to-formalize-man-in-the-middle-decryption-data-as-it-passes-through-trusted-proxies.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 27 05:55:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Feb 2014 06:55:20 -0500 Subject: [Infowarrior] - How computer-generated fake papers are flooding academia Message-ID: How computer-generated fake papers are flooding academia More and more academic papers that are essentially gobbledegook are being written by computer programs ? and accepted at conferences http://www.theguardian.com/technology/shortcuts/2014/feb/26/how-computer-generated-fake-papers-flooding-academia Like all the best hoaxes, there was a serious point to be made. Three MIT graduate students wanted to expose how dodgy scientific conferences pestered researchers for papers, and accepted any old rubbish sent in, knowing that academics would stump up the hefty, till-ringing registration fees. It took only a handful of days. The students wrote a simple computer program that churned out gobbledegook and presented it as an academic paper. They put their names on one of the papers, sent it to a conference, and promptly had it accepted. The sting, in 2005, revealed a farce that lay at the heart of science. But this is the hoax that keeps on giving. The creators of the automatic nonsense generator, Jeremy Stribling, Dan Aguayo and Maxwell Krohn, have made the SCIgen program free to download. And scientists have been using it in their droves. Yesterday, French researcher Cyril Labb? revealed that 16 gobbledegook papers created by SCIgen had been used by German academic publisher Springer. More than 100 more fake SCIgen papers were published by the US Institute of Electrical and Electronic Engineers (IEEE). Both organisations have now taken steps to remove the papers. Hoaxes in academia are nothing new. In 1996, mathematician Alan Sokal riled postmodernists by publishing a nonsense paper in the leading US journal, Social Text. It was laden with meaningless phrases but, as Sokal said, it sounded good to them. Other fields have not been immune. In 1964, critics of modern art were wowed by the work of Pierre Brassau, who turned out to be a four-year-old chimpanzee. In a more convoluted case, Bernard-Henri L?vy, one of France's best-known philosophers, was left to ponder his own expertise after quoting the lectures of Jean-Baptiste Botul as evidence that Kant was a fake, only to find out that Botul was the fake, an invention of a French reporter. Just as the students wrote a quick and dirty program to churn out nonsense papers, so Labb? has written one to spot the papers. He has made it freely available., so publishers and conference organisers have no excuse for accepting nonsense work in future. Krohn, who has now founded a startup called Keybase.io in New York that provides encryption to programmers, said Labb?'s detective work revealed how deep the problem ran. Academics are under intense pressure to publish, conferences and journals want to turn their papers into profits, and universities want them published. "This ought to be a shock to people," Krohn said. "There's this whole academic underground where everyone seems to benefit, but they are wasting time and money and adding nothing to science. The institutions are being ripped off, because they pay publishers huge subscriptions for this stuff." Krohn sees an arms race brewing, in which computers churn out ever more convincing papers, while other programs are designed to sniff them out. Does he regret the beast he helped unleash, or is he proud that it is still exposing weaknesses in the world of science? "I'm psyched, it's so great. These papers are so funny, you read them and can't help but laugh. They are total bullshit. And I don't see this going away." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 27 10:36:59 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Feb 2014 11:36:59 -0500 Subject: [Infowarrior] - Apple (silently) retires 10.6 support Message-ID: Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks Twice now that Apple's bypassed Snow Leopard when it patched newer editions By Gregg Keizer February 26, 2014 08:51 AM ET http://www.computerworld.com/s/article/9246609/Apple_retires_Snow_Leopard_from_support_leaves_1_in_5_Macs_vulnerable_to_attacks Computerworld - Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system. As Apple issued an update for Mavericks, or OS X 10.9, as well as for its two predecessors, Mountain Lion (10.8) and Lion (10.7), Apple had nothing for Snow Leopard or its owners yesterday. Apple provided Snow Leopard security updates for slightly more than four years, just four months shy of the record set by Tiger (OS X 10.4), which received its final fixes in September 2009. Snow Leopard was also ignored in December, when Apple patched Safari 6 and 7 for newer editions of OS X, but did not update Safari 5.1.10, the most-current Apple browser for the OS. Apple delivered the final security update for Snow Leopard in September 2013. Traditionally, Apple has patched only the OS X editions designated as "n" and "n-1" -- where "n" is the newest -- and discarded support for "n-2" either before the launch of "n" or immediately after. Under that plan, Snow Leopard was "n-2" when Mountain Lion shipped in mid-2012, and by rights should have been retired around then. But it wasn't. Instead, Apple continued to ship security updates for Snow Leopard, and with Tuesday's patches of Mountain Lion and Lion Tuesday, it now seems plain that Apple has shifted to supporting "n-2" as well as "n" and "n-1." (In that scenario, Mavericks is now "n," Mountain Lion is "n-1" and Lion is "n-2.") The change was probably due to Apple's accelerated development and release schedule for OS X, which now promises annual upgrades. The shorter span between editions meant that unless Apple extended its support lifecycle, Lion would have fallen off the list about two years after its July 2011 launch. None of this would be noteworthy if Apple, like Microsoft and a host of other major software vendors, clearly spelled out its support policies. But Apple doesn't, leaving users to guess about when their operating systems will fall off support. "Let's face it, Apple doesn't go out of their way to ensure users are aware when products are going end of life," said Andrew Storms, director of DevOps at security company CloudPassage, in a December interview. To Apple, Snow Leopard increasingly looks like Windows XP does to Microsoft: an operating system that refuses to roll over and die. At the end of January, 19% of all Macs were running Snow Leopard, slightly more, in fact, than ran its successor, Lion, which accounted for 16%, and almost as much as Mountain Lion, whose user share plummeted once Mavericks arrived, according to Web analytics firm Net Applications. With Snow Leopard's retirement, 1 in 5 Macs are running an operating system that could be compromised because of unpatched vulnerabilities. Snow Leopard users have given many reasons for hanging on, including some identical to those expressed by Windows XP customers: The OS still works fine for them; their Macs, while old, show no sign of quitting; and they dislike the path that Apple's taken with OS X's user interface (UI). Also in play is the fact that Snow Leopard was the last version of OS X able to run applications designed for the PowerPC processor, the Apple/IBM/Motorola-crafted CPU used by Apple before it switched to Intel in 2006. Snow Leopard, while requiring a Mac with an Intel processor, was the latest edition able to run the Rosetta translation utility, and thus launch PowerPC software. The one comfort in Tuesday's updates was that it looked like Apple will continue to support Lion and Mountain Lion a while longer, even though it has offered those users a free upgrade to Mavericks. Yesterday's security updates patched 21 vulnerabilities in Lion, 26 in Mountain Lion. In December, Storms bet that Lion and Mountain Lion had been retired when Apple did not issue security updates for those two editions, even as it fixed a handful of flaws in Mavericks. But he gave himself an out at the time, noting that Apple's silence -- it has long declined to comment on almost any question related to security -- on those editions may be temporary. For parts of Apple's customer base, the free-OS X strategy seems to be working: By Net Applications' tally, Mavericks accounted for 42% of all versions of OS X used in January. Mavericks' continued gains, however, have come mostly at the expense of Mountain Lion -- which lost 6 percentage points in the last two months -- and Lion, which dropped by 2 points in the same period. Yet Snow Leopard has been largely unaffected. Since October, when Mavericks appeared, OS X 10.6 has dropped less each month than either its 6- or 12-month average. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 27 10:38:51 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Feb 2014 11:38:51 -0500 Subject: [Infowarrior] - Yahoo webcam images from millions of users intercepted by GCHQ Message-ID: <751B6DD3-5ADA-403F-BD54-896FD970220A@infowarrior.org> Yahoo webcam images from millions of users intercepted by GCHQ Optic Nerve program collected Yahoo webcam images in bulk ? 1.8m users targeted by UK agency in six-month period alone ? Yahoo: 'A whole new level of violation of our users' privacy' ? Material included large quantity of sexually explicit images http://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Feb 27 19:18:05 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Feb 2014 20:18:05 -0500 Subject: [Infowarrior] - Only 90s Web Developers Remember This Message-ID: <9ACAA7CB-5964-441C-AE7A-BBA768E34D50@infowarrior.org> Only 90s Web Developers Remember This http://zachholman.com/posts/only-90s-developers/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 28 15:26:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Feb 2014 16:26:22 -0500 Subject: [Infowarrior] - Keith Alexander's Big Idea Message-ID: <6F865690-1BD4-4777-9050-FFCF5BB5FE7D@infowarrior.org> Keith Alexander's Big Idea: What If The NSA Just Collected Phone Data On Suspected Terrorists? from the this-option-just-came-to-you? dept http://www.techdirt.com/articles/20140228/07355126387/keith-alexanders-big-idea-what-if-nsa-just-collected-phone-data-suspected-terrorists.shtml In what may be NSA boss Keith Alexander's final appearance before Congress before retiring in a few weeks, he appeared to (for the first time publicly) acknowledge that perhaps they don't need to track everyone and could, instead, try just watching the phone records of suspected terrorists. He acts as if this is a brand new idea. Seriously: "One option that Alexander called feasible involves sharing what amounts to a watch list of suspected terrorists? phone numbers with phone companies. The companies would search for links to other numbers, returning that data to the government. He said if the government could work out a system in which it could share those ?terrorist selectors? in a classified manner, ?it sets the case in precedent? for sharing classified threat data with industry for cybersecurity purposes. Of course, as others have pointed out, you don't need "a precedent" for that -- we have it already. It's called a pen register and has been widely used by law enforcement for a decade, and there's a whole law discussing how it can be used. " Alexander said that there were "pros and cons" to that particular approach, but that's a pretty big shift from the man whose mantra has long been "collect it all." Also, all this may not matter at all since Alexander is about to be out of the job -- so perhaps it's just in his final moments as NSA boss that he finally admits what plenty of people have been saying all along: there's simply no justifiable explanation for the NSA collecting information on just about everyone. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 28 16:15:38 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Feb 2014 17:15:38 -0500 Subject: [Infowarrior] - Former BSA chief nominated as deputy USTR Message-ID: http://thehill.com/blogs/hillicon-valley/personnel-notes/199413-former-software-lobbyist-tapped-for-trade-post February 27, 2014, 08:20 am Former software lobbyist tapped for trade post By Julian Hattem President Obama has nominated a former software trade group lobbyist for a top trade office. Robert Holleyman spent more than two decades as the chief executive of BSA/the Software Alliance, a trade organization for software companies that counts Apple, IBM, Microsoft and other top computer firms among its members. On Wednesday evening, the president tapped him to be a deputy U.S. trade representative. If confirmed by the Senate, Holleyman would play a big role in the Obama administration?s push to finalize pending trade deals with the Asia-Pacific and European countries. The efforts have hit a snag recently, as top Democrats in Congress have come out against a measure that would let the president fast-track the deals through Congress. There are currently three deputy trade representatives at the trade office, serving under U.S. Trade Representative Michael Froman. At the software lobbying group, Holleyman focused on combating piracy and protecting intellectual property. Since stepping down last year, he has founded a cloud technology company called Cloud4Growth. The firm seeks to help companies and government agencies take advantage of the benefits of utilizing ?big data? and information based on the cloud. He previously worked for the Senate Commerce Committee and late Sen. Russell Long (D-La.). --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Feb 28 20:44:18 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Feb 2014 21:44:18 -0500 Subject: [Infowarrior] - The audacious rescue plan that might have saved space shuttle Columbia Message-ID: <6AAFA756-F057-4290-9A98-88B4450E3FDA@infowarrior.org> The audacious rescue plan that might have saved space shuttle Columbia http://arstechnica.com/science/2014/02/the-audacious-rescue-plan-that-might-have-saved-space-shuttle-columbia/4/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.