From rforno at infowarrior.org Tue Jul 1 06:04:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Jul 2014 07:04:32 -0400 Subject: [Infowarrior] - =?windows-1252?q?PayPal_freezes_account_of_secure?= =?windows-1252?q?_email_startup_ProtonMail=2C_asking_=93Is_it_legal=3F=94?= Message-ID: PayPal freezes account of secure email startup ProtonMail, asking ?Is it legal?? http://gigaom.com/2014/07/01/paypal-freezes-account-of-secure-email-startup-protonmail-asking-is-it-legal/ About 6 weeks ago my colleague Barb Darrow covered a new secure email startup called ProtonMail, which has been set up by a bunch of MIT, Harvard and CERN researchers who are annoyed with the NSA?s intrusive ways. The team?s Indiegogo crowdfunding campaign has done pretty well in the last 2 weeks, thus far raising $283,675 off a $100,000 goal. There?s only one snag for Geneva-headquartered ProtonMail, which is keen to rent servers and get the product out of beta? PayPal has frozen its account. It?s hard to judge whether to file this under ?PayPal being annoying because of its historically over-cautious take on crowdfunding? (which it promised to fix) or ?PayPal being annoying because of its politics? (see also: the cutting-off of Wikileaks? funds). In a blog post on Monday, the ProtonMail team began by erring towards the former explanation: < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 1 06:09:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Jul 2014 07:09:22 -0400 Subject: [Infowarrior] - The NSA Revelations All in One Chart Message-ID: <08A172B5-F836-4E3A-86EA-5190A0071F83@infowarrior.org> The NSA Revelations All in One Chart By Julia Angwin and Jeff Larson, ProPublica, illustrations by Alberto Cairo, special to ProPublica Published June 30, 2014 This is a plot of the NSA programs revealed in the past year according to whether they are bulk or targeted, and whether the targets of surveillance are foreign or domestic. Most of the programs fall squarely into the agency?s stated mission of foreign surveillance, but some ? particularly those that are both domestic and broad-sweeping ? are more controversial. Just as with the New York Magazine approval matrix that served as our inspiration, the placement of each program is based on judgments and is approximate. http://projects.propublica.org/nsa-grid/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 1 07:23:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Jul 2014 08:23:58 -0400 Subject: [Infowarrior] - OT: Japan to reform pacifist policy Message-ID: <0E02C1F0-9DF5-4B80-A81D-4C72776F70B8@infowarrior.org> Japan to reform pacifist policy Tue, 01 Jul 2014 7:45 AM http://news.iafrica.com/worldnews/946871.html The Japanese government will on Tuesday proclaim the right to send its soldiers into battle even when the country is not under direct attack, in the most significant recasting of military policy since the pacifist constitution was written. Conservative Prime Minister Shinzo Abe is expected to crown months of political horse-trading when his cabinet formally endorses a reinterpretation of rules that have banned the use of armed force except in very narrowly-defined circumstances. Despite widespread public opposition that boiled over at the weekend when a middle-aged man attempted suicide by setting himself on fire in Tokyo, Abe will invoke the right to exercise so-called "collective self-defence". "The government has studied whether there is a defect in the current legal framework in protecting people's lives and property and Japan's safety... and we'll write the necessary legislation," top government spokesperson Yoshihide Suga told a regular press conference. "Naturally we'll have parliamentary debate in the legislative process, through which we will make detailed explanation to people," said Suga, the chief cabinet secretary. While the coming-into-force of the move is dependent on passing through parliament, this appears to be largely a formality because Abe's Liberal Democratic Party controls both chambers. Abe had originally planned to change Article 9 of the US-imposed constitution adopted after World War II, which renounces "the threat or use of force as means of settling international disputes". But unable to muster the supermajority he needed in both houses and unlikely to get an endorsement from the public in the required referendum, he changed tack, using what opponents say is sleight of hand to change what the clause means. Under the new interpretation, Japanese troops will be able to come to the aid of allies - primarily the US - if they come under attack from a common enemy, even if Japan is not the object of the attack. Supporters say the change is necessary because of the worsening security situation in East Asia, where an ever-more-confident China is pushing its territorial claims and an erratic North Korea is threatening stability. The move has received backing from Washington, which has long encouraged Japan to take on more of a role in a very lopsided defence treaty. But it has caused anger at home, where the pacifism on which the constitution is built is an article of faith for many Japanese. At least half the population is against a more aggressive military stance, according to weekend newspaper polls. Hundreds, and sometimes thousands of people have turned out to protest against the change at various demonstrations over recent weeks. While the anger has been palpable, Sunday's dramatic suicide bid, in which a protestor doused himself in flammable liquid and set himself on fire near a busy Tokyo train station, was the most extreme example of the strength of feeling. Japan's well-equipped Self Defence Forces, which were launched exactly 60 years ago on Tuesday, have never fired a shot in battle, although they have conducted humanitarian missions. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 1 13:40:13 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Jul 2014 14:40:13 -0400 Subject: [Infowarrior] - Paypal unblocks ProtonMail, cites 'technical problem' Message-ID: (c/o AJR) Jul 1, 2014, 12:52pm EDT PayPal lifts account suspension for secure email startup ProtonMail Sara Castellanos Technology Reporter- Boston Business Journal http://www.bizjournals.com/boston/blog/startups/2014/07/paypal-lifts-account-suspension-for-secure-email.html PayPal has lifted the account suspension for secure email service startup ProtonMail after it had originally suspended the account associated with the startup's crowdfunding campaign on Indiegogo for about 24 hours. A spokesperson for California-based PayPal said ProtonMail's account was suspended due to a "technical problem." "In the case of ProtonMail, a technical problem this week resulted in PayPal applying restrictions to the account," according to a PayPal spokesperson. "We have contacted ProtonMail today to solve this and can confirm that ProtonMail is able to receive or send funds through PayPal again. We are sorry for any inconvenience caused." ProtonMail has raised more than $302,700 as of Tuesday afternoon ? surpassing its goal of $100,000, with about two weeks left in its crowdfunding campaign on Indiegogo. ProtonMail, a finalist in this year's MassChallenge startup accelerator and headquartered in Switzerland, was alerted Monday that its PayPal account had been restricted pending further review, according to a blog post on the startup's website. ProtonMail's co-founder, Andy Yen, said the company is one of the first secure, easy to use, zero-access email services, which means the company doesn't have the technical ability to read users' emails. In three days, the startup raised $129,000 through its crowdfunding campaign, he wrote in an email on June 20. "We aspire to be one of the first crowdfunded software startups, and at this rate, we're on track to become one of the largest software crowdfunding campaigns ever," he wrote. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 1 15:59:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Jul 2014 16:59:58 -0400 Subject: [Infowarrior] - EFF Sues NSA, DNI for Zero Day Disclosure Process Message-ID: July 1, 2014 EFF Sues NSA, Director of National Intelligence for Zero Day Disclosure Process Government Needs to Reveal Decision-Making Process for Publicizing Vulnerabilities San Francisco - The Electronic Frontier Foundation (EFF) today filed a Freedom of Information Act (FOIA) lawsuit against the NSA and the Office of the Director of National Intelligence (ODNI) to gain access to documents showing how intelligence agencies choose whether to disclose software security flaws known as "zero days." A zero day is a previously unknown security vulnerability in software or online services that a researcher has discovered, but the developers have not yet had a chance to patch. A thriving market has emerged for these zero days; in some cases governments?including the United States?will purchase these vulnerabilities, which they can use to gain access to targets' computers. In April 2014, Bloomberg News published a story alleging that the NSA had secretly exploited the "Heartbleed" bug in the OpenSSL cryptographic library for at least two years before the public learned of the devastating vulnerability. The government strongly denied the report, claiming it had a developed a new "Vulnerability Equities Process" for deciding when to share vulnerabilities with companies and the public. The White House's cybersecurity coordinator further described in a blog post that the government had "established principles to guide agency decision-making" including "a disciplined, rigorous and high-level decision-making process for vulnerability disclosure." But the substance of those principles has not been shared with the public. EFF filed a FOIA request for records related to these processes on May 6 but has not yet received any documents, despite ODNI agreeing to expedite the request. "This FOIA suit seeks transparency on one of the least understood elements of the U.S. intelligence community's toolset: security vulnerabilities," EFF Legal Fellow Andrew Crocker said. "These documents are important to the kind of informed debate that the public and the administration agree needs to happen in our country." Over the last year, U.S. intelligence-gathering techniques have come under great public scrutiny. One controversial element has been how agencies such as the NSA have undermined encryption protocols and used zero days. While an intelligence agency may use a zero day it has discovered or purchased to infiltrate targeted computers or devices, disclosing its existence may result in a patch that will help defend the public against other online adversaries, including identity thieves and foreign governments that may also be aware of the zero day. "Since these vulnerabilities potentially affect the security of users all over the world, the public has a strong interest in knowing how these agencies are weighing the risks and benefits of using zero days instead of disclosing them to vendors," Global Policy Analyst Eva Galperin said. For the complaint: https://www.eff.org/document/eff-v-nsa-odni-complaint Contacts: Andrew Crocker Legal Fellow Electronic Frontier Foundation andrew at eff.org Eva Galperin Global Policy Analyst Electronic Frontier Foundation eva at eff.org --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 2 06:42:01 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Jul 2014 07:42:01 -0400 Subject: [Infowarrior] - =?windows-1252?q?Russia_Moves_To_Ban_Online_Servi?= =?windows-1252?q?ces_That_Don=92t_Store_Personal_Data_In_Russia?= Message-ID: <0DE726DD-D555-4155-90EA-414D28443B6F@infowarrior.org> Europe Russia Moves To Ban Online Services That Don?t Store Personal Data In Russia Posted 1 hour ago by Mike Butcher http://techcrunch.com/2014/07/02/russia-moves-to-ban-online-services-that-dont-store-personal-data-in-russia/ The Russian government has moved one step closer towards a ?China-like? approach towards Internet services. Last night, the Russian State Duma (parliament) passed the first bill requiring that the personal data of all Russians should be stored inside the country. The effects of the bill, if passed, would be wide-ranging, touching just about every international service used by Russians. Essentially, it would mean that Facebook, Google or any other international online service ? including apps ? used by people in Russia would need to have physical servers inside Russia?s borders. Furthermore, these non-Russian companies would not be allowed to send data outside the country unless they can provide certain guarantees on data storage inside the country. For those who do not, the state telecommunications agency Roskomnadzor will require carriers to restrict access to those services. The bill also proposes amendments to laws covering personal information and data protection. A rough Google translate version of the key part of the bill says: ?When collecting personal data, including through information and the internet telecommunications network, the operator is required to provide a record that the systematization, accumulation, storage, updating and retrieval of personal data of citizens of the Russian Federation, is held on databases located in the territory of the Russian Federation.? If this law is enforced to the letter ? it would take effect in September 2016 ? it could mean a fundamental change to how both international and Russian tech companies use international hosting services, not to mention huge costs for implementing the changes. We have reached out to Google, Facebook and other companies for their response to the ruling. ?We do not have any comment that we can share at this point,? a Google spokesperson told us in an emailed response. The move to store data in Russia part of an ongoing, wider move by the country?s government to tighten the reigns around how the Internet is used. Some of the moves have been made in the name of combatting piracy ? as in the case of proposals that would allow for sites to be blocked over take-down requests from rightsholders. And some of this is in the name of national security. Russia, as we all know, is where NSA whistleblower Edward Snowden is currently residing. His efforts have heightened awareness globally of how government agencies track average internet users? data, unbeknownst to them, and raised questions of how other countries have proceeded on this front. At the same time, Russian President Vladimir Putin?s government has been gaining a reputation for putting a tighter reign on the movement of free speech in the country, with allegations that some of those moves have been made specifically against those who hold positions contrary to the Kremlin?s. In that context, it?s hard to parse what the real motivation is for this latest piece of legislation. Other countries allow personal data to be stored on U.S. servers via ?safe harbor? agreements, letting U.S. companies operate freely in Europe and vice versa. Online companies have until September, 2016, when the bill is supposed to take effect, to meet the requirement, according to the legislation submitted by Communist lawmaker Alexander Yushchenko, and Liberal Democrats Andrei Lugovoi and Vadim Dengin. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 2 06:46:10 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Jul 2014 07:46:10 -0400 Subject: [Infowarrior] - The 5 Biggest Cybersecurity Myths, Debunked Message-ID: <64A8CE92-E16E-43F9-86A9-9C857951034B@infowarrior.org> I agree completely......in particular, Congress's paranoid sensationalist talking cyber-FUDmongers (and their Beltway syncophants) should have this article permanently imprinted in their brains. If that was possible .... and if they only had a brain. ---rick The 5 Biggest Cybersecurity Myths, Debunked ? By Peter W. Singer And Allan Friedman ? 07.02.14 | ? 6:30 am | http://www.wired.com/2014/07/debunking-5-major-cyber-security-myths/ ?A domain for the nerds.? That is how the Internet used to be viewed back in the early 1990s, until all the rest of us began to use and depend on it. But this quote is from a White House official earlier this year describing how cybersecurity is too often viewed today. And therein lies the problem, and the needed solution. Each of us, in whatever role we play in life, makes decisions about cybersecurity that will shape the future well beyond the world of computers. But by looking at this issue as only for the IT Crowd, we too often do so without the proper tools. Basic terms and essential concepts that define what is possible and proper are being missed, or even worse, distorted. Some threats are overblown and overreacted to, while others are ignored. Peter W. Singer and Allan Friedman Peter W. Singer is the founder of NeoLuddite, a technology advisory firm and Allan Friedman is a Research Scientist in the School of Engineering and Applied Sciences at George Washington University Perhaps the biggest problem is that while the Internet has given us the ability to run down the answer to almost any question, cybersecurity is a realm where past myth and future hype often weave together, obscuring what actually has happened and where we really are now. If we ever want to get anything effective done in securing the online world, we have to demystify it first. Myth #1: Cybersecurity Is Unlike Any Challenge We Have Faced It?s easy to feel overwhelmed by the faster-than-light pace of global information networks. Yet nothing is ever truly new: imagine how the Victorians felt as communications and commerce went from horse and wind powered to wired telegraphs and then wireless radio and they had to wrestle with how to regulate it all. Having a sense of history can guide our responses to the novelties of our own era. This is not just about learning from Internet history and how we got here, but also learning from fields beyond IT. For instance, in pondering the proper role of government, we can look to the examples of the most successful agencies in history, such as the Centers for Diseases Control, and what public health can teach us about the value of prevention, the merits of awareness and education, and trustworthy mechanisms of sharing information. Or if wrestling with the threat of criminal and quasi-state-linked groups in a global commons, look to the age of sail and how the original pirates and privateers (who China?s hacker collectives share much in common with) were chased from the seas through a mix of action against their marketplaces and the creation of international norms. If thinking about the problem of private actors and their externalities for a shared commons, we might turn to the legal and economic tools used to fight environmental pollution. There are no perfect fits, no turnkey solutions, but many of the issues we face are not completely new. Myth #2: Every Day We Face ?Millions of Cyber Attacks? This is what General Keith Alexander, the recently retired chief of US military and intelligence cyber operations, testified to Congress in 2010. Interestingly enough, leaders from China have made similar claims after their own hackers were indicted, pointing the finger back at the US. These numbers are both true and utterly useless. Counting individual attack probes or unique forms of malware is like counting bacteria?you get big numbers very quickly, but all you really care about is the impact and the source. Counting individual attack probes or unique forms of malware is like counting bacteria?you get big numbers very quickly, but all you really care about is the impact and the source. Even more so, these numbers conflate and confuse the range of threats we face, from scans and probes caught by elementary defenses before they could do any harm, to attempts at everything from pranks to political protests to economic and security related espionage (but notably no ?Cyber Pearl Harbors,? which have been mentioned in government speeches and mass media a half million times). It?s a lot like combining everything from kids with firecrackers to protesters with smoke bombs to criminals with shotguns, spies with pistols, terrorists with grenades, and militaries with missiles in the same counting, all because they involve the same technology of gunpowder. Good strategy is not about press-release numbers and lumping together unlike things for shock value?much as in the real world, we need to disambiguate online threats, weigh the risks and prioritize how and who should address them. Myth #3 This Is a Technology Problem In the tech support world, there?s an old joke about ?PEBCAK,? or Problem Exists Between the Chair and Keyboard. Cybersecurity really is all about people and incentives. There are plenty of important technical fixes and new tools to adopt, but if organizations and individuals aren?t willing to invest in securing themselves, then they will remain insecure. ?Keep calm and carry on? should be the mantra, both for the systems we use, but also for our psyches. The most important thing we can do is a mentality shift from fear and ignorance (which leads us to be taken in by silver bullet solutions and false hopes for some man on cyber horseback to rescue us) to working toward what matters more: resilience. Defense and deterrence are good, but as long as we use the Internet, we will always have risk in our cyber lives?from criminals, from enemies, and from plain old-fashioned bad luck. The key is how you can power through them and bounce back quickly from any setbacks. ?Keep calm and carry on? should be the mantra, both for the systems we use, but also for our psyches. This especially applies to leaders and media stoking fears by constantly citing scenarios such as the power grid going down or Wall Street being knocked off line. Squirrels cause hundreds of power outages each year and have shut down trading on NASDAQ twice. If we can survive the real world versions of Rocky and Bullwinkle, we can also become more resilient against the feared but still fictionalized dangers on the cyber side. Myth #4: The Best (Cyber) Defense Is a Good (Cyber) Offense Senior Pentagon leaders talk about how a couple of teenagers sipping Red Bull in their parents? basement could carry out a WMD style attack, and indeed, one report stated that the offense would dominate ?for the foreseeable future.? This, in turn, has driven the Pentagon to spend roughly 2.5 times more money on offensive cyber research in its yearly budget than it has on defensive cyber research. The reality is more complex. The famed Stuxnet, a digital weapon that sabotaged the Iranian nuclear program, showed the dangers of new generations of cyber threats, but also illustrated how they require expertise and resources beyond just sugary drinks. Red Bull gives you wings, but not the instant expertise to attack at an advanced level. Stuxnet?s creation required everything from intelligence analysis and collection to advanced knowledge of engineering and nuclear physics. More important is that it?s not the right strategy. This is not the Cold War of some binary relationship, where you just have to deter one other state with similar capabilities and stakes in the game. When there are countless and diverse attackers out there, spending far more on offensive breakthroughs as our primary answer is a lot like thinking that the best way to protect your glass house from tornadoes or the neighborhood kids or a terrorist is to buy a rock sharpening kit. It may not be as sexy, but in both Superbowls and cybersecurity, the best defense actually is a good defense. Myth #5: ?Hackers? Are the Biggest Threat to the Internet Today There are bad guys out there on the Internet, doing and planning bad things. But if we don?t watch out, the cure can end up worse than the disease. The Internet depends on an ecosystem of trust and we are seeing it threatened in all sorts of ways. This is where the cyber crime against Target meets NSA metadata collection meets the Chinese Great Internet Firewall and the 82,000 blacklisted websites in Russia. They all work against the confidence in, the openness of, and collectively shared governance of the Internet as we know and love it. In response to online threats, many governments around the world have increased their calls for greater controls and ?reforms? of Internet governance, seeking to crack down on free expression and civil society in the name of domestic order, and to throw up technical trade barriers in the guise of national security. We must be very wary of any proposal to protect us from online dangers that that ends up destroying the most powerful tool for political, economic, and social change in our lifetimes, if not all of history. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 2 07:04:58 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Jul 2014 08:04:58 -0400 Subject: [Infowarrior] - WH Oversight Board Finds Little Wrong With NSA Surveillance Program Message-ID: (Report @ http://www.pclob.gov/All%20Documents/Report%20on%20the%20Section%20702%20Program/PCLOB-Section-702-Report-PRE-RELEASE.pdf) Report: Oversight Board Finds Little Wrong With NSA Surveillance Program ? By Kim Zetter ? 07.02.14 | ? 12:59 am | http://www.wired.com/2014/07/privacy-report-on-nsa-spying/ A privacy and civil liberties board that earlier this year called on the government to halt its program of collecting bulk phone records metadata found little wrong with a separate bulk-collection program that involves collecting internet communications data from service providers and from the internet backbone. The Privacy and Civil Liberties Board concluded, in its long-awaited report (.pdf) released Tuesday night, that the collection program?which involves obtaining data from service providers like Google and Yahoo using an order from the FISA Court?is clearly legal and authorized under Section 702 of the Foreign Intelligence Surveillance Act. The board also concluded that the collection of data from upstream sources, such as by tapping undersea cables, is also authorized by the statute ?as [that program] is currently implemented.? While the board found that certain aspects of the program are questionable and ?push the program close to the line of constitutional reasonableness,? essentially its five members concluded unanimously that the core of the so-called Section 702 program is ?clearly authorized by Congress, reasonable under the Fourth Amendment, and an extremely valuable and effective intelligence tool.? The Electronic Frontier Foundation criticized the report as ?legally flawed and factually incomplete.? Section 702 of the FISA permits the attorney general and the director of national intelligence to authorize the targeting of non-U.S. persons who are reasonably believed to be located outside the U.S., in order to acquire foreign intelligence information. Although the communication of U.S. persons may be ?incidentally? scooped up in bulk collections of data, the NSA is prohibited from targeting U.S. persons and must follow procedures to minimize the collection or use of such data. But the NSA may use U.S. identifiers?such as the phone number or email address of a known U.S. person?to search through the collected data for communication that is relevant to an investigation of a foreign target. The FBI may also query the data for communications relevant to a non-foreign intelligence criminal investigation. The definition of a targeted ?person? is broadly defined under Section 702 and can apply to a person, a company, or even a foreign government or international terrorist group. But, notably, the board asserted that an entire foreign country cannot be a ?person? targeted under Section 702. This doesn?t, however, preclude the NSA from targeting an entire country for surveillance?recent revelations in documents released by NSA whistleblower indicate that the spy agency has a surveillance program that does record every cell phone call on the island nation of the Bahamas, while WikiLeaks says the same program is collecting calls in Afghanistan. This collection program is not conducted under Section 702 authority, however. Although the review board approved of much of the Section 702 collection program, it did highlight parts of the program that are cause for concern. These include the ?unknown and potentially large scope? of incidental collections of communications involving U.S. persons that get scooped up in data the government collects on foreign targets. It also includes a category of data collection known as ?about? collections, which involve collecting communications that are neither to nor from a target of surveillance but are simply ?about? the target. And it includes any searches the government conducts on collected communications that involves the communications of specific U.S. persons caught up in the data?queries that are often called ?backdoor? searches because they can be abused by the government to target U.S. persons without formally targeting them in the initial collection of data. To ensure that the collection program isn?t abused and ?remains tied to its constitutionally legitimate core,? the board members made a number of recommendations. Among them?the NSA should revise its procedures to specify the criteria it uses for determining the expected value it will get from the collection of foreign intelligence on a particular target. The NSA should also periodically review the types of communications it acquires in ?about? collections to gauge ways to refine and limit the types of data it collects. The NSA and CIA should be allowed to use U.S. person identifiers?such as a phone number or email address?to query the collected data for foreign intelligence purposes only upon producing a statement of facts showing that such a query is ?reasonably likely? to return foreign intelligence information as defined under FISA. The NSA and CIA should have written guidelines telling agents and analysts what information and documentation is needed to meet this standard. Limits should also be placed on the FBI?s ability to use and disseminate data collected under the Section 702 program when that use involves non?foreign intelligence criminal matters.\\Additionally, two of the board members, Chairman David Medine and member Patricia Wald, recommended that before conducting a search using a U.S. person identifier, the query should be submitted to the FISA court for approval, excluding exigent circumstances or where otherwise required by law. ?The FISA court should determine, based on documentation submitted by the government, whether the use of the U.S. person identifier for Section 702 queries meets the standard that the identifier is reasonably likely to return foreign intelligence information as defined under FISA,? they wrote. As soon as a query involving a U.S. person?s data is conducted, any communications that comes up in the results that do not qualify under the statute as foreign intelligence information should be purged immediately. ?This process should be subject to judicial oversight,? they note, to ensure compliance. They also felt that the FBI should obtain prior approval from the FISA Court before querying the collected data in connection to criminal matters not pertaining to foreign intelligence criminal matters, in order to ensure that the query is reasonably likely to return information relevant to an assessment or investigation of a crime. Legal experts with with EFF were unimpressed with the board?s conclusions or recommendations, writing in a blog post that the board skips over the essential privacy problems inherent in the ?upstream? collection program?namely that through this activity, the government has access to or is able to acquire nearly all communications that travel over the internet. ?The board focuses only on the government?s methods for searching and filtering out unwanted information,? the EFF?s Cindy Cohn and Mark Jaycox write in their post. ?This ignores the fact that the government is collecting and searching through the content of millions of emails, social networking posts, and other internet communications?.? The board?s constitutional analysis also leaves EFF perplexed. Although the Fourth Amendment requires a warrant for searching the content of communication Under Section 702, the review board apparently believes no warrant is required and therefore doesn?t address that the government searches through content without a warrant. EFF called the review board?s recommendations for reform ?anemic? and said they would do little to stop excessive surveillance. The review board did offer one prescription that would mildly improve the transparency of the collection program. Specifically, it called on the NSA to produce an annual report for Congress and the public, which would calculate the number of telephone communications it acquires in which one caller is located in the U.S.; the number of internet communications acquired through upstream collection processes that originate or terminate in the U.S.; the number of communications of or concerning U.S. persons that the NSA positively identifies as such; the number of queries performed that involve a U.S. person identifier, such as a name, title, email address or other identifier known to be associated with a U.S. individual; and the number of instances in which the NSA disseminates such information about U.S. persons. Last week the intelligence community released its first surveillance transparency report, which many critics considered anything but transparent. The report listed figures for how often agencies used various orders and authorities to conduct surveillance. According to the report, the government obtained just one order under Section 702 of the FISA Act for all of 2013. But that one order involved collection of data on more than 89,000 targets. The actual number of people affected by the order is much larger, however, since, as noted, ?target? can mean ?an individual person, a group, an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information.? The report did not indicate if or how many U.S. persons might have been caught up in that collection. The new report from the Privacy and Civil Liberties Board will not be official until the board votes on Wednesday to formally submit it to President Obama and to Congress. The board previously released a report about the NSA?s phone records collection program (.pdf), conducted under the authority of Section 215 of the USA PATRIOT Act, and the operations of the Foreign Intelligence Surveillance Court. The independent PCLOB, which was created in 2007 through the Implementing Recommendations of the 911 Commission Act, consists of five members?David Medine, Rachel L. Brand, Elisebeth Collins Cook, James X. Dempsey, and Judge Patricia M. Wald. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 2 11:53:23 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Jul 2014 12:53:23 -0400 Subject: [Infowarrior] - Daniel Timothy Kuehl Message-ID: <563750C1-276D-4398-A5C5-6B86385708A1@infowarrior.org> Dr. Dan Kuehl was a friend, mentor, strategic visionary, and rockstar in the IO community "since the beginning." As a historian, he effectively walked the operational line between 'theory" and "practice" as one of the early thinkers about information warfare and national information power ... and was a steadfast voice of reason when educating people on this topic now so central to modern society. Dan was a professional pioneer, an amazing spirit, and someone you not only constantly learned from, but appreciated knowing and/or having in your life. I've known Dan since the mid-90s .... to say he will be missed is a gross understatement. ---rick < -- > Daniel Timothy Kuehl On Saturday, June 28, 2014, Daniel Timothy Kuehl died quietly, at home, surrounded by those he loved, after valiantly fighting pancreatic cancer for two years. Dan had an effervescent spirit, approaching everything he did with optimistic energy and a warm laugh easily shared with the world. Dan was born on July 27, 1949, in Erie, Pa., and spent the early part of his life here, before joining the USAF in 1971. However far away from Erie his career took him, both he and his beloved wife, Susan, considered it "home," and were delighted to move back in 2012, when the opportunity arose to teach in the Intelligence Program at Mercyhurst University. After graduating from East High School, his academic background was in Military History. Dan became an undergraduate at Allegheny College in Meadville, Pa., where he studied Civil War history, and became lifelong friends with his Theta Chi fraternity brothers. He followed this with a Master's degree from Temple University, in Philadelphia, and a Ph.D. from Duke University, in Durham, N.C. Professionally, Dr. Dan Kuehl was both a career Air Force officer (retiring as a Lieutenant Colonel in 1994) and a career educator, with 18 years as a professor of Information Operations at the National Defense University's iCollege in Washington, D.C., from which he retired in 2012 to join the faculty at Mercyhurst. His AF experience included five years at the Pentagon, where he helped plan the air campaign against Iraq, during the 1991 Persian Gulf War, and where he was the division chief for the AF's landmark study of airpower, in that war, the Gulf War Air Power Survey (GWAPS). He was also a Missile Launch Officer in Grand Forks, N.D., during the late 1970s. Upon joining the faculty at NDU, he helped create the Department of Defense's first major educational effort, on what was then called Information Warfare, and until his retirement in June 2012, served as the director for NDU's program on Information Operations. In 2012, he received the Joint Meritorious Civilian Service Award, from the Chairman of the Joint Chiefs of Staff. Dan met his wife Susan in high school and began a love story with her that lasted over 45 years, and saw their lives shared over two continents and seven states. It was a life shared with one daughter, Kimberly, and a menagerie of dogs, cats, birds, and bunnies. Dan loved spending time with his family, his beagles, watching the birds outside, reading books, and watching baseball games on television. Dan is survived by his wife, Susan; daughter, Kimberly; his grandson, Zachary; his much loved mother-in-law, June Novet; his brother, Gilbert (Jane) Kuehl; his aunts, Gertrude Koczyk, Ida Sache, Carol Anderson and Mildred Le Baran; brothers-in-law, Robert (Elaine) Novet and Ken (Lydia) Novet; and many nieces and nephews. He was preceded in death by his parents, Gilbert and Jessie Kuehl of Buffalo Rd., his mother, Sophie Borczon, and his father-in-law Robert G. Novet. Friends may call at the Dusckas Funeral Home, Inc., East, 2607 Buffalo Rd., on Wednesday from 2 to 5 and 7 to 9 p.m., and are invited to attend a funeral service there on Thursday at 11 a.m., conducted by the Rev. Robin Swope, of St. Paul's United Church of Christ. Military honors will follow at Lakeside Cemetery, conducted by American Legion Carl Neff Post #571. Memorial contributions may be made to the Humane Society of Northwest Pennsylvania, 2507 Zimmerly Rd., Erie, PA 17606, or Disabled Veterans National Foundation, 1020 19th St., N.W., Suite 475, Washington, D.C. 20036. - See more at: http://www.legacy.com/obituaries/erietimesnews/obituary.aspx?n=daniel-timothy-kuehl&pid=171560758&fhid=5610#sthash.HGjbwyio.6uuRdchP.dpuf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 3 05:49:27 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Jul 2014 06:49:27 -0400 Subject: [Infowarrior] - The Real Reason You Should Be Worried About That Facebook Experiment Message-ID: <944F9E05-6B7C-4BA3-976C-4C335ECE9470@infowarrior.org> The Real Reason You Should Be Worried About That Facebook Experiment ? Janet Vertesi July 2, 2014 http://time.com/2950699/facebook-experiment-social-science-funding/ The private sector and tech companies are increasingly funding what was once independent social science research. People are up in arms about the recent revelation that Facebook manipulated its users during a psychological study. The study, published in the Proceedings of the National Academy of Sciences and conducted by researchers at Cornell University and at Facebook (full disclosure: I know the authors and the article?s editor), showed that people who saw more happy messages in their news feed were more likely to post happy messages too. The researchers interpreted this as support for the theory of ?emotional contagion?: that emotions can spread through online posts and interactions. Why is this study is so controversial? Psychologists have known for years that individuals? emotions can be influenced by their social surroundings. Sociologists have also shown that that people act like their friends or the people around them in order to fit in. Just like no one wants to be a Debbie Downer at a party, posting sad stories online when your friends are posting happy tales seems to be a no-no. If anything, the findings contribute to a long list of Internet studies that argues against ?digital dualism? ? the notion that we behave differently online than we do offline ? by showing that the online world plays an active role in shaping our social lives and experiences. But if the study?s findings are not controversial, its methods certainly are. Whether we like it or not, tech companies experiment with their users in precisely this way all the time. User Interface designers and researchers at places like Google, Facebook or Yahoo! regularly tweak the live site?s interface for a subset of visitors to see whether users behave differently in response. While this technique shines new light on user behavior, the overall goal is to bring the company more revenue through more users, clicks or glances at ads. Stories of the designer who made their company millions more dollars in advertising revenue just by altering a single pixel on the homepage are legendary in Silicon Valley. That?s why any tech company worth its salt has a research department staffed with PhD scientists to analyze their data. That?s also why Facebook is actively hiring and reaching out to social scientists to help them better understand their data and reach new user populations. Researchers, for their part, are increasingly joining forces with tech companies. There are many reasons to do so. From location check-ins to threaded conversations, from tweets in times of crisis to shared family photos, the reams of data present a fascinating slice of social life in the 21st Century. These platforms also provide an unprecedented venue for a ?natural experiment? at scale. With only a few tweaks, and without users knowing, researchers can witness which simple changes make for tremendous effects. As a sociologist of technology, I?ve witnessed these changes firsthand. I have grants from Microsoft and Yahoo!; Intel funds my colleagues? students; our graduates staff the labs at Facebook and Google. These collaborations aim to keep Internet research both current and practical. But there are other reasons why social scientists are turning to tech companies. Public money for social science research is being slashed at the federal level. The committee that oversees the National Science Foundation wants to cut between $50 and $100 million of social, behavioral and economics funding for the next two years (again, full disclosure: I have received NSF funding). The bill, called FIRST: Frontiers in Innovation, Research, Science and Technology, aims to improve American competitiveness by funding research that supports a U.S. industry advantage. Yet the committee has called specifically for the NSF to stop giving grants to study social media, online behavior or other Internet research. Ironically, at precisely the time when American technology companies are looking to social science to help understand their users and improve their business, this research is being denigrated in the House. And at exactly the time when independent research on Internet practices is needed, scholars must turn to companies for both data and funding. This is a short-sighted move. On the one hand, it means that we will train fewer social scientists to rigorously and responsibly answer the new questions posed by big data. But it also pushes basic research about social life online exclusively into the private sector. This leaves the same companies that make the technologies we use to talk, shop and socialize responsible for managing the ethics of online experimentation. No wonder that esoteric questions like informed consent are suddenly headline news. The recently released study, then, does present reasons to be alarmed, though not for the reasons most of us think. Facebook isn?t manipulating its users any more than usual. But the proposed changes in social science funding will have a more lasting effect on our lives both online and offline. That should inspire some emotions that are worth sharing. Janet Vertesi is Assistant Professor of Sociology at Princeton University, where she is a Faculty Fellow at the Center for Information Technology Policy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 3 06:01:29 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Jul 2014 07:01:29 -0400 Subject: [Infowarrior] - Goldman says client data leaked, wants Google to delete email Message-ID: <744A48BF-2442-481F-9459-EC0970DBA415@infowarrior.org> Goldman says client data leaked, wants Google to delete email By Jonathan Stempel NEW YORK Wed Jul 2, 2014 3:32pm EDT http://www.reuters.com/article/2014/07/02/us-google-goldman-leak-idUSKBN0F729I20140702 (Reuters) - Goldman Sachs Group Inc said a contractor emailed confidential client data to a stranger's Gmail account by mistake, and the bank has asked a U.S. judge to order Google Inc to delete the email to avert a "needless and massive" breach of privacy. The breach occurred on June 23 and included "highly confidential brokerage account information," Goldman said in a complaint filed last Friday in a New York state court in Manhattan. Goldman (GS.N) did not say how many clients were affected, and wants Google's (GOOGL.O) help in tracking down who might have accessed the data. The Wall Street bank also said Google "appears willing to cooperate" if there is a court order. Google, Goldman and Goldman's law firm did not immediately respond on Wednesday to requests for comment. According to Goldman, the outside contractor had been testing changes to the bank's internal processes in connection with reporting requirements set forth by the Financial Industry Regulatory Authority. Goldman said the contractor meant to email her report, which contained the client data, to a "gs.com" account, but instead sent it to a similarly named, unrelated "gmail.com" account. The bank said it has been unable to retrieve the report or get a response from the Gmail account owner. It said a member of Google's "incident response team" reported on June 26 that the email cannot be deleted without a court order. "Emergency relief is necessary to avoid the risk of inflicting a needless and massive privacy violation upon Goldman Sachs' clients, and to avoid the risk of unnecessary reputational damage to Goldman Sachs," the bank said. "By contrast, Google faces little more than the minor inconvenience of intercepting a single email - an email that was indisputably sent in error," it added. Goldman is based in New York, and Google in Mountain View, California. The case is Goldman, Sachs & Co v. Google Inc, New York State Supreme Court, New York County, No. 156295/2014. (Reporting by Jonathan Stempel in New York; Editing by Dan Grebler) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 3 06:36:56 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Jul 2014 07:36:56 -0400 Subject: [Infowarrior] - OFFS. 'Stealth bombs' are coming? Message-ID: <8E597987-3FEF-43E1-BA84-05BD3C9AC7D0@infowarrior.org> Airports Serving U.S. Tighten Checks on Stealth-Bomb Threat By Chris Jasper - Jul 3, 2014 http://www.bloomberg.com/news/print/2014-07-03/airports-serving-u-s-step-up-security-amid-stealth-bomb-concern.html Airports including London Heathrow (IAG), Europe?s busiest, stepped up security checks with unspecified measures in response to U.S. warnings amid concern that a new generation of bombs could evade existing scans. A number of overseas airports with direct flights to the U.S. have been asked to implement enhanced security checks in coming days, Homeland Security Secretary Jeh Johnson said in a statement last night. U.K. Deputy Prime Minister Nick Clegg said the threat could prove to be a long-term one. Scrutiny is being heightened as spiraling conflict in the Middle East prompts an increased flow of western jihadists. Newspapers including the London-based Times cited U.S. officials and security sources as saying the latest threat concerns an alliance of al-Qaeda-inspired terrorists in Syria and Yemen equipped with hard-to-detect ?stealth? bombs. ?We have taken the decision to step up some of our aviation security measures,? the U.K. Department for Transport said in a statement today. ?For obvious reasons we will not be commenting in detail on those changes.? ?Substantial? Threat British Airways, the biggest carrier at London Heathrow with almost 800 weekly services to and from 24 U.S. airports, said that while it?s operating as normal the tighter checks mean travelers must arrive in good time for flights both at check-in booths and boarding gates. The airline works closely with airports and governments around to world on safety and security issues, it said in an e-mailed statement. Discount carrier Norwegian Air Shuttle AS (NAS), which started flying from London Gatwick airport to the U.S. this week, is aware of the security situation, Chief Executive Officer Bjoern Kjos said in an interview. The carrier commenced Gatwick-Los Angeles services yesterday and added New York flights today, with trips to Fort Lauderdale, Florida, following tomorrow. Passengers should not experience significant disruption from the extra checks, according to the DfT, which kept its assessment of the current threat level at ?substantial.? Steps could include measures aimed at finding non-metallic explosive devices able to evade detection by current equipment. Heathrow Airport Ltd. said it doesn?t comment on security measures and that security levels are a matter for the DfT. Travelers will probably have to endure ?another layer? of security for some time, Clegg said on London?s LBC Radio, adding: ?I don?t think we should expect this to be a one off temporary thing.? To contact the reporter on this story: Christopher Jasper in London at cjasper at bloomberg.net To contact the editors responsible for this story: Benedikt Kammel at bkammel at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 3 06:46:43 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Jul 2014 07:46:43 -0400 Subject: [Infowarrior] - Tor/Tails use or interest makes folks extremists to NSA? Message-ID: <13DD7D18-A69D-46A4-AD5C-8AF4D2779C96@infowarrior.org> targeted by U.S. intelligence from the NSA as an extremist Stand: 07.03.2014 05:00 clock The NSA peeks specifically from German that deal with encryption on the Internet. This emerges from a secret source, the NDR and WDR exists. NSA victim can thus be identified by name. One of them is a student from Erlangen. By Lena struggle, Jacob Appelbaum and John Goetz, NDR It is one of the most sensitive secrets of the NSA, the engine of the global monitoring machine: the source code of the XKeyscore program, the most comprehensive Aussp?hprogramm of U.S. foreign intelligence. NDR and WDR are excerpts of the source code. Parts of the collection infrastructure ie, so-called software rules that define the intelligence, what or who they want to investigate. There are only a few numbers and characters to string together the programmer. But when the program executes XKeyscore these rules, get people and their data in their sights. The connections from computers to the Internet are identified and stored in a database type. The users are quasi marked. It is the dragnet of the 21st century. < - > https://translate.googleusercontent.com/translate_c?depth=1&hl=en&ie=UTF8&prev=_t&rurl=translate.google.com&sl=de&tl=en&u=http://www.tagesschau.de/inland/nsa-xkeyscore-100.html&usg=ALkJrhjB9CeU5681Pk_dEUB2iNr3VhcX1g --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 3 06:50:51 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Jul 2014 07:50:51 -0400 Subject: [Infowarrior] - =?windows-1252?q?The_hedge_fund_=28cyber=29_attac?= =?windows-1252?q?k_that_wasn=92t?= Message-ID: The hedge fund attack that wasn?t By: David Perera July 2, 2014 05:32 PM EDT http://dyn.politico.com/printstory.cfm?uuid=7EDDA0FD-14B7-4A74-B3CE-68992405E0D7 CNBC and BAE Systems are abruptly retracting a June report describing a previously undisclosed ?audacious and sophisticated attack? against a large hedge fund that supposedly crippled the fund?s high-speed trading and stole data. Paul Henninger, a global product director for BAE Systems Applied Intelligence, disclosed the attack in an exclusive interview with cable network station CNBC in June. BAE now acknowledges the error, telling CNBC that Henninger described an ?anonymized illustrative scenario? rather than actual events during his appearance. ?Although the example was a plausible scenario, we believe that it does not relate to a specific company client,? BAE Systems said in an email statement. ?We sincerely apologise for this inaccuracy. We are taking the necessary action to ensure this type of error does not occur again.? CNBC ran a new story earlier Wednesday afternoon with a statement from BAE Systems spokeswoman Natasha Davies. Henninger?s tale of hackers slowing down a hedge fund?s trading pace and stealing data ?was inaccurately presented as a client case study rather than as an illustrative example,? she told the station. In the original report, CNBC reporter Eamon Javers said: ?Here?s what we know, as of today: The hackers penetrated the firm. They were able to slow the firm?s high-speed trading strategy. ? What we don?t know here is the name of the hedge fund involved. BAE says they?re going to protect the identity of their client.? Henninger then told CNBC that the supposed attack was ?the first time we?d seen someone design a piece of software that was explicitly designed to attack? an order-entry trading system. BAE did not return separate requests for comment Wednesday. BAE also told CNBC that Henninger is ?taking some time away from the business.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 3 07:00:28 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Jul 2014 08:00:28 -0400 Subject: [Infowarrior] - TPP cartel mtg switches coasts to duck critics Message-ID: Trans Pacific Partnership meeting switched from Vancouver to Ottawa, ducking critics Cory Doctorow at 11:41 pm Wed, Jul 2, 2014 http://boingboing.net/2014/07/02/trans-pacific-partnership-meet.html What could make the secretive Trans Pacific Partnership process even less legit? Moving it at the last minute, under cover of darkness, from Vancouver to Ottawa, in order to avoid critics of the treaty and how it is being negotiated. The TPP is a secretive treaty that allows corporations to sue governments that enact environmental, health and governmental regulations that interfere with their profits. It also calls for vastly expanded Internet spying and censorship in the name of protecting copyright. Only trade negotiators and corporate lobbyists are allowed to see the drafts of the agreement (though plenty of these drafts have leaked) -- often times, members of Congress and Parliament are denied access to them, even though the agreement will set out legal obligations that these elected officials will be expected to meet....... And while negotiators and interested civil society groups now know (unless it changes again) that the talks will be indeed be held in Ottawa, no other details have been revealed. Nobody -- not even negotiators coming to Canada next week for the talks -- have been told the location. Specific information about when negotiations on specific chapters will take place are being kept similarly under wraps. There has been no response from requests from interested civil society groups for information about opportunities for engagement with negotiators. In previous rounds of the TPP negotiations some efforts were made to facilitate discussions with negotiators, albeit with the challenge of not being able to know the specifics of what was being negotiated. As the negotiations have moved forward, however, public interest groups have been increasingly sidelined from the process and shut out of negotiations. And for its first crack at hosting a chief negotiators-level TPP meeting, it would seem, Canada has taken it to the extreme by attempting to eliminate any possibility of engagement by civil society at all, and is not even letting negotiators from other countries know the location out of concern that word will get out. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 3 13:57:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Jul 2014 14:57:22 -0400 Subject: [Infowarrior] - Regarding journalists covering 'cyber' stories Message-ID: <513700B3-730C-424D-8074-E56B275D6E2A@infowarrior.org> 10:50 AM - July 3, 2014 Journalists need to know all the things ?cyber? can mean for smart coverage Journalists need to learn to evaluate threats by being as specific as possible in describing them, and who might be affected By Cora Currier http://www.cjr.org/behind_the_news/cybersecurity_cyber_cyber_cybe.php Former National Security Agency head General Keith Alexander is putting his post-governmental energy into his consulting firm, IronNet CyberSecurity Inc., which shops its services to banks and other clients for up to $1 million a month. At least one Congressmen was upset to hear about this, and fired off a letter last week to the groups hiring him, reminding them that ?disclosing or misusing classified information for profit is, as Mr. Alexander well knows, a felony.? There?s been a lot of (deserved) media attention in the past year about the connections between the government security apparatus and Silicon Valley?who knew what, when. Amidst all that, the booming business of cybersecurity is getting less scrutiny. Alexander is hardly the first top official to rotate into lucrative consultant work in the industry. Journalists need to be alert to the fact that any threat can be inflated, to not take figures at face value, and to guide their readers through the threat. Who is at risk, and of what? Too often, the very concept of ?cybersecurity? goes unanalyzed. The problem, the author Peter W. Singer told the Washington Post, is that we ?bundle together a variety of like and unlike activities, simply because they involve Internet-related technology.? The prefix ?cyber? has long been an easy way to indicate something related to computers or the internet, and of course, in the 1990s, it meant sexytime in AOL instant messenger. The first use of ?cybersecurity? dates to 1989, Annalee Newetz wrote for i09 last year, but it didn?t really take off in the military context until the 2000s. It?s now safe to say that the darker side of cyber?bullying, war, crime?has supplanted its chat-room vibe. The military has a Cyber Command and the White House a Cybersecurity Czar. ?Cyber? is also all over the media, and often as an enormous umbrella. The Washington Post declared 2013 ?The year of Cybersecurity,? citing Snowden and the Syrian Electronic Army. A Twitter account calling itself ?The Cyber Unit? (@cybercyber) has been excerpting the most prefix-abusing news stories into abstract tweets. ?Cyberspace cyberspace cyberspace cyberspace cyber pearl,? reads a recent pr?cis of a Wall Street Journal story. Since the Snowden leaks, many journalists are scrambling to educate themselves in the highly technical and often secretive arts of encryption and online anonymity, and that?s a good thing. We also need to learn to evaluate threats by being as specific as possible in describing them, and who might be affected. Journalists have previously shown cyber-figures can be fungible. For example, officials, including President Obama, often use the stat that $1 trillion per year is lost to cybercrime. It originated with the security firm McAfee, and it has been thoroughly picked apart by reporters. And yet, the number still gets cited. A new report out this June, written by former intelligence officials for a think tank and also funded by McAfee, puts the cost at $445 billion. A few write-ups made glancing reference to the $1 trillion figure without commenting much on the discrepancy. Bloomberg quoted one skeptic, who noted the figure involves valuing intellectual property, which can be exaggerated. (Some tech blogs were more critical.) Government figures also need dissection. A general told Congress in 2010 that, ?every day, America?s armed forces face millions of cyberattacks.? Singer, author of a new book on cybersecurity, has explained that, ?To get those numbers, though, he was combining everything from probes and address scans that never entered U.S. networks to attempts to carry out pranks, to politically motivated protests, to government-linked attempts at data theft and even espionage. But none of these attacks was what most of his listeners in Congress thought he meant by an ?attack,? the feared ?digital Pearl Harbor? or ?cyber 9/11.?? The cybersecurity boom will surely attract its share of scams and stupid ideas. There?s a world of business reporting to be done on that. Those of us covering national security, politics, and government contracting ought to be watching as well. And thinking about what we mean by ?crime,? ?attack,? ?security,? or whatever other word we preface with ?cyber.? - See more at: http://www.cjr.org/behind_the_news/cybersecurity_cyber_cyber_cybe.php#sthash.6copHNRR.dpuf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 3 15:00:16 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Jul 2014 16:00:16 -0400 Subject: [Infowarrior] - Stealth bombs? Killer plagues? Don't panic, just follow the money Message-ID: Stealth bombs? Killer plagues? Don't panic, just follow the money Politicians and scientists have a vested interest in propagating panic: it's the one superbug there's no known antidote for ? Simon Jenkins ? The Guardian, Thursday 3 July 2014 19.59 BST http://www.theguardian.com/commentisfree/2014/jul/03/what-next-from-david-cameron-factory-of-fear Now it is planes falling from the sky. On Tuesday it was "superbugs threaten return to dark ages". At the weekend it was internet thought-control menace. Last week we had killer fruit juice. The edifice of fear knows no limits, its apparatchiks know no shame. Had the Guardian leaked yesterday's story from the US about a "stealth bomb alert" at world airports, it would have been accused of traitorously warning terrorists that the authorities were on to their new weapons. Unnamed officials were asserting "a global threat environment" related to plastic explosives hidden in body cavities and tested in Syria. Details of the cells responsible were traced by the BBC to the rightwing American Cato Institute and David Cameron's office confirmed "there are terror organisations that seek to do the UK, its citizens and its allies harm". I am sure ? but why tell us now? A day earlier Cameron was double-barrelling. He held a press conference to smother his European presidency debacle with antibiotics. Banging the drum for Britain, he trumped Jean-Claude Juncker with superbugs posing "a very serious threat. He spoke of "tens of thousands dying", of "unbelievable scenarios" and of a time when "minor scratches could become fatal if nothing is done" ? that is, done by him. He said Britain had saved "billions of lives round the world" by inventing penicillin, and would do so again." He appointed a committee. How to respond to this daily output from the fear factory? At the drop of a headline, prime ministers disappear into "Cobra bunkers", to return telling of blood-curdling threats. These are always backed by "hard evidence" from the government's two most trusty allies, the security-industrial complex and big science and/or big pharma. There is no better maxim in politics than that of Watergate's Deep Throat, offered in the dark of a Washington car park. "Follow the money: just follow the money." Whenever I see a scare story, read a letter to the press or hear an interview, I crave to know where is the money. I am rarely told. In the case of security scares ? from "Xmas shopping bomb threat" to "Olympics missile menace" ? we can see the whites of their eyes. Terrorism is the bread and butter of the post-cold war army, police, the intelligence services and their friends in the security industry. I am told that airlines and their passengers are getting seriously fed up with idiot-scanning queues. They need putting in their place. Hence the "new terror threat to air travel". If the threat really is newly detected, the last thing to do is reveal it. Cameron's deployment of a health scare is more dangerous. Many people still believe in doctors and scientists, and associate them with reason and probability, not emotion and alarmism. When they say antibiotic resistance is growing, I am inclined to believe them, and agree we should keep medical research abreast of the risk. Yet what is the risk? Who knows, when they use emotive words such as threat, danger, menace, thousands dead. These are used in conjunction with what is virtually a new grammatical tense, the "future conditional horrific". Unless the subject is given a large sum of money then global warming or a storm, a bomb or a pandemic "may ? might ? could kill perhaps, possibly millions". No one deploys this construction to its own gain so freely as big science, be it through professional bodies, research institutes, quangos or pharmaceutical companies. They profess to be models of intellectual rectitude, but we all have to make a living. After following the pandemic sagas of recent years I remain amazed at the lack of any postmortem, any "truth and reconciliation" by big science to so many false, and immensely costly, predictions. In 2001 scientists warned of "up to 136,000 deaths" from mad cow disease. They did not occur. In 2005, the chief medical officer, Liam Donaldson, warned that bird flu "could lead" to 50,000, even 750,000 deaths. Bird flu is estimated to have infected just 550 people worldwide. In 2009 an unrepentant Donaldson predicted 65,000 more deaths from swine flu. At the height of this (unjustified) scare, ministers famously declared: "We are not telling women not to conceive" but to "plan their pregnancy carefully". With half a billion pounds splurged on stockpiles of Tamiflu and Relenza, there was widespread scepticism over both the pandemic itself and the efficacy of the drugs. Yet the two leading companies with most to gain, Roche and GlaxoSmithKline, refused to release trial material to monitors from the science NGO, Cochrane Collaboration. Only last year was full disclosure achieved, and Cochrane's scepticism proved wholly justified. When, in 2010, the Council of Europe held an emergency session on the World Health Organisation's 2009 "pandemic" declaration ? crucial to releasing vast sums to drugs companies ? its health committee chairman, Wolfgang Wodag, declared the pandemic "one of the great medical scandals of the century". Journalists investigating the WHO and national drug regimes found stockpiling decisions in both Britain and American were corrupted by drug company involvement. Medical writer Helen Epstein reported that the British government adviser, Sir Roy Anderson, received ?116,000 a year from GSK while declaring that only Tamiflu and Relenza would avert a 1918-scale flu catastrophe. Two years ago GSK, which made some $3.5bn during the pandemics, was fined ?1.9bn for bribing doctors and misselling child medicines. Had it been journalists bribing policemen, there would have been pandemonium. Not a week passes without some new lunacy from food science. Fruit is good or bad, cholesterol is good or bad, fats are good or bad. In every case "science" is cited in evidence. This week in the Times, Dr Michael Mosley concluded his clean bill of health for saturated fats by remarking "it is time to apologise to my family for all the useless advice I have been giving them". Every profession has its bad apples, but most try to discipline them. The Royal Society purports to oversee British science, but where is it when its members clearly cross the boundary between dispassionate research and commercial interest? The truth is that the one disease to which there is no known antidote is panic. It is a disease that politicians and professionals (including journalists) have a vested interest in propagating. From rforno at infowarrior.org Thu Jul 3 20:10:12 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Jul 2014 21:10:12 -0400 Subject: [Infowarrior] - Dear NSA, Privacy is a Fundamental Right, Not Reasonable Suspicion Message-ID: <28796DE7-386B-4A81-AD5E-006D82CB4B50@infowarrior.org> July 3, 2014 | By Eva Galperin and Nadia Kayyali and Kurt Opsahl https://www.eff.org/deeplinks/2014/07/dear-nsa-privacy-fundamental-right-not-reasonable-suspicion Dear NSA, Privacy is a Fundamental Right, Not Reasonable Suspicion Learning about Linux is not a crime?but don?t tell the NSA that. A story published in German on Tagesschau, and followed up by an article in English on DasErste.de today, has revealed that the NSA is scrutinizing people who visit websites such as the Tor Project?s home page and even Linux Journal. This is disturbing in a number of ways, but the bottom line is this: the procedures outlined in the articles show the NSA is adding "fingerprints"?like a scarlet letter for the information age?to activities that go hand in hand with First Amendment protected activities and freedom of expression across the globe. What we know The articles, based on an in-depth investigation, reveal XKeyscore source code that demonstrates how the system works. Xkeyscore is a tool which the NSA uses to sift through the vast amounts of data it obtains. This source code would be used somewhere in the NSA?s process of collecting and analyzing vast amounts of data to target certain activities. According to the Guardian, XKeyscore?s deep packet inspection software is run on collection sites all around the world, ingesting one or two billion records a day. The code contains definitions that are used to determine whether to place a "fingerprint" on an online communication, to mark it for later. For example, the NSA marks online searches for information about certain tools for better communications security, or comsec, such as TAILs. As the code explained, "This fingerprint identifies users searching for the TAILs (The Amnesic Incognito Live System) software program, viewing documents relating to TAILs, or viewing websites that detail TAILs." TAILs is a live operating system that you can start on almost any computer from a DVD, USB stick, or SD card. It allows a user to leave no trace on the computer they are using, which is especially useful for people communicating on computers that they don?t trust, such as the terminals in Internet cafes. The NSA also defines Tor directory servers (by IP number) and looks for connections to the Tor Project website. This is hardly surprising, considering the documentation of the NSA?s distaste for Tor. It is, however, deeply disappointing. Using privacy and anonymity software, like Tor and TAILS, is essential to freedom of expression. Most shocking is the code that fingerprints users who visit Linux Journal, the website of a monthly magazine for enthusiasts of the open-source operating system. The comments in the NSA?s code suggest that the NSA thinks Linux Journal is an "extremist forum," where people advocate for TAILs. The only religious wars in the Linux Journal are between the devoted users of vi and emacs. Learning about security is not suspicious The idea that it is suspicious to install, or even simply want to learn more about, tools that might help to protect your privacy and security underlies these definitions?and it?s a problem. Everyone needs privacy and security, online and off. It isn?t suspicious to buy curtains for your home or lock your front door. So merely reading about curtains certainly shouldn?t qualify you for extra scrutiny. Even the U.S. Foreign Intelligence Surveillance Court recognizes this, as the FISA prohibits targeting people or conducting investigations based solely on activities protected by the First Amendment. Regardless of whether the NSA is relying on FISA to authorize this activity or conducting the spying overseas, it is deeply problematic. The U.S. Constitution still protects people outside U.S. borders, and, as a U.S. appeals court recently recognized, even non-citizens are not bereft of its protections. Moreover, privacy is a human right, which the U.S. has recognized by signing the International Covenant on Civil and Political Rights. The fingerprinting program revealed today is fundamentally inconsistent with this right. Tor is used to circumvent Internet censorship The code focuses a lot on the Tor Project and its anonymity software. Tor is an essential tool for circumventing Internet censorship, which is used extensively by the governments of countries such as China and Iran to control the flow of information and maintain their hold on power. In fact, Tor was developed with the help of the US Navy, and currently gets funding from several sources within the US government, including the State Department. Secretary of State Hillary Clinton made support for anti-censorship tools a key element of her Internet policy at the State Department, declaring: "The freedom to connect is like the freedom of assembly in cyberspace." You can still use Tor and TAILs One question that is sure to come up is whether this means people desiring anonymity should stop using Tor or TAILs. Here?s the bottom line: If you?re using Tor or TAILs, there is a possibility that you will be subject to greater NSA scrutiny. But we believe that the benefits outweigh the burdens. In fact, the more people use Tor, the safer you are. That?s why we?re continuing to run the Tor Challenge. The ubiquitous use of privacy and security tools is our best hope for protecting the people who really need those tools?people for whom the consequences of being caught speaking out against their government can be imprisonment or death. The more ordinary people use Tor and TAILs, the harder it is for the NSA to make the case that reading about or using these tools is de facto suspicious. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 5 21:24:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 5 Jul 2014 22:24:40 -0400 Subject: [Infowarrior] - BREAKING: In NSA-intercepted data, those not targeted far outnumber the foreigners who are Message-ID: <4D3E78B0-E9EE-47B3-910C-2D6180695111@infowarrior.org> In NSA-intercepted data, those not targeted far outnumber the foreigners who are By Barton Gellman, Julie Tate and Ashkan Soltani July 5 at 8:46 PM http://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post. Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else. Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or ?minimized,? more than 65,000 such references to protect Americans? privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents. The surveillance files highlight a policy dilemma that has been aired only abstractly in public. There are discoveries of considerable intelligence value in the intercepted messages ? and collateral harm to privacy on a scale that the Obama administration has not been willing to address. Among the most valuable contents ? which The Post will not describe in detail, to avoid interfering with ongoing operations ? are fresh revelations about a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into U.S. computer networks. Months of tracking communications across more than 50 alias accounts, the files show, led directly to the 2011 capture in Abbottabad of Muhammad Tahir Shahzad, a Pakistan-based bomb builder, and Umar Patek, a suspect in a 2002 terrorist bombing on the Indonesian island of Bali. At the request of CIA officials, The Post is withholding other examples that officials said would compromise ongoing operations. Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless. In order to allow time for analysis and outside reporting, neither Snowden nor The Post has disclosed until now that he obtained and shared the content of intercepted communications. The cache Snowden provided came from domestic NSA operations under the broad authority granted by Congress in 2008 with amendments to the Foreign Intelligence Surveillance Act. FISA content is generally stored in closely controlled data repositories, and for more than a year, senior government officials have depicted it as beyond Snowden?s reach. The Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts. The material spans President Obama?s first term, from 2009 to 2012, a period of exponential growth for the NSA?s domestic collection. Taken together, the files offer an unprecedented vantage point on the changes wrought by Section 702 of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had required probable cause and a warrant from a judge. One program, code-named PRISM, extracts content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading Internet companies. Another, known inside the NSA as Upstream, intercepts data on the move as it crosses the U.S. junctions of global voice and data networks. No government oversight body, including the Justice Department, the Foreign Intelligence Surveillance Court, intelligence committees in Congress or the president?s Privacy and Civil Liberties Oversight Board, has delved into a comparably large sample of what the NSA actually collects ? not only from its targets but also from people who may cross a target?s path. Among the latter are medical records sent from one family member to another, r?sum?s from job hunters and academic transcripts of schoolchildren. In one photo, a young girl in religious dress beams at a camera outside a mosque. Scores of pictures show infants and toddlers in bathtubs, on swings, sprawled on their backs and kissed by their mothers. In some photos, men show off their physiques. In others, women model lingerie, leaning suggestively into a webcam or striking risque poses in shorts and bikini tops. ?None of the hits that were received were relevant,? two Navy cryptologic technicians write in one of many summaries of nonproductive surveillance. ?No additional information,? writes a civilian analyst. Another makes fun of a suspected kidnapper, newly arrived in Syria before the current civil war, who begs for employment as a janitor and makes wide-eyed observations about the state of undress displayed by women on local beaches. By law, the NSA may ?target? only foreign nationals located overseas unless it obtains a warrant based on probable cause from a special surveillance court. For collection under PRISM and Upstream rules, analysts must state a reasonable belief that the target has information of value about a foreign government, a terrorist organization or the spread of nonconventional weapons. Most of the people caught up in those programs are not the targets and would not lawfully qualify as such. ?Incidental collection? of third-party communications is inevitable in many forms of surveillance, but in other contexts the U.S. government works harder to limit and discard irrelevant data. In criminal wiretaps, for example, the FBI is supposed to stop listening to a call if a suspect?s wife or child is using the phone. There are many ways to be swept up incidentally in surveillance aimed at a valid foreign target. Some of those in the Snowden archive were monitored because they interacted directly with a target, but others had more-tenuous links. If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply ?lurked,? reading passively what other people wrote. ?1 target, 38 others on there,? one analyst wrote. She collected data on them all. In other cases, the NSA designated as its target the Internet protocol, or IP, address of a computer server used by hundreds of people. The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers. Raj De, the agency?s general counsel, has testified that the NSA does not generally attempt to remove irrelevant personal content, because it is difficult for one analyst to know what might become relevant to another. The Obama administration declines to discuss the scale of incidental collection. The NSA, backed by Director of National Intelligence James R. Clapper Jr., has asserted that it is unable to make any estimate, even in classified form, of the number of Americans swept in. It is not obvious why the NSA could not offer at least a partial count, given that its analysts routinely pick out ?U.S. persons? and mask their identities, in most cases, before distributing intelligence reports. If Snowden?s sample is representative, the population under scrutiny in the PRISM and Upstream programs is far larger than the government has suggested. In a June 26 ?transparency report,? the Office of the Director of National Intelligence disclosed that 89,138 people were targets of last year?s collection under FISA Section 702. At the 9-to-1 ratio of incidental collection in Snowden?s sample, the office?s figure would correspond to nearly 900,000 accounts, targeted or not, under surveillance. ?He didn?t get this data? U.S. intelligence officials declined to confirm or deny in general terms the authenticity of the intercepted content provided by Snowden, but they made off-the-record requests to withhold specific details that they said would alert the targets of ongoing surveillance. Some officials, who declined to be quoted by name, described Snowden?s handling of the sensitive files as reckless. In an interview, Snowden said ?primary documents? offered the only path to a concrete debate about the costs and benefits of Section 702 surveillance. He did not favor public release of the full archive, he said, but he did not think a reporter could understand the programs ?without being able to review some of that surveillance, both the justified and unjustified.? ?While people may disagree about where to draw the line on publication, I know that you and The Post have enough sense of civic duty to consult with the government to ensure that the reporting on and handling of this material causes no harm,? he said. In Snowden?s view, the PRISM and Upstream programs have ?crossed the line of proportionality.? ?Even if one could conceivably justify the initial, inadvertent interception of baby pictures and love letters of innocent bystanders,? he added, ?their continued storage in government databases is both troubling and dangerous. Who knows how that information will be used in the future?? For close to a year, NSA and other government officials have appeared to deny, in congressional testimony and public statements, that Snowden had any access to the material. As recently as May, shortly after he retired as NSA director, Gen. Keith Alexander denied that Snowden could have passed FISA content to journalists. ?He didn?t get this data,? Alexander told a New Yorker reporter. ?They didn?t touch ?? ?The operational data?? the reporter asked. ?They didn?t touch the FISA data,? Alexander replied. He added, ?That database, he didn?t have access to.? Robert S. Litt, the general counsel for the Office of the Director of National Intelligence, said in a prepared statement that Alexander and other officials were speaking only about ?raw? intelligence, the term for intercepted content that has not yet been evaluated, stamped with classification markings or minimized to mask U.S. identities. ?We have talked about the very strict controls on raw traffic, the training that people have to have, the technological lockdowns on access,? Litt said. ?Nothing that you have given us indicates that Snowden was able to circumvent that in any way.? In the interview, Snowden said he did not need to circumvent those controls, because his final position as a contractor for Booz Allen at the NSA?s Hawaii operations center gave him ?unusually broad, unescorted access to raw SIGINT [signals intelligence] under a special ?Dual Authorities? role,? a reference to Section 702 for domestic collection and Executive Order 12333 for collection overseas. Those credentials, he said, allowed him to search stored content ? and ?task? new collection ? without prior approval of his search terms. ?If I had wanted to pull a copy of a judge?s or a senator?s e-mail, all I had to do was enter that selector into XKEYSCORE,? one of the NSA?s main query systems, he said. The NSA has released an e-mail exchange acknowledging that Snowden took the required training classes for access to those systems. ?Minimized U.S. president? At one level, the NSA shows scrupulous care in protecting the privacy of U.S. nationals and, by policy, those of its four closest intelligence allies ? Britain, Australia, Canada and New Zealand. More than 1,000 distinct ?minimization? terms appear in the files, attempting to mask the identities of ?possible,? ?potential? and ?probable? U.S. persons, along with the names of U.S. beverage companies, universities, fast-food chains and Web-mail hosts. Some of them border on the absurd, using titles that could apply to only one man. A ?minimized U.S. president-elect? begins to appear in the files in early 2009, and references to the current ?minimized U.S. president? appear 1,227 times in the following four years. Even so, unmasked identities remain in the NSA?s files, and the agency?s policy is to hold on to ?incidentally? collected U.S. content, even if it does not appear to contain foreign intelligence. In one exchange captured in the files, a young American asks a Pakistani friend in late 2009 what he thinks of the war in Afghanistan. The Pakistani replies that it is a religious struggle against 44 enemy states. Startled, the American says ?they, ah, they arent heavily participating .?.?. its like .?.?.in a football game, the other team is the enemy, not the other teams waterboy and cheerleaders.? ?No,? the Pakistani shoots back. ?The ther teams water boy is also an enemy. it is law of our religion.? ?haha, sorry thats kind of funny,? the American replies. When NSA and allied analysts really want to target an account, their concern for U.S. privacy diminishes. The rationales they use to judge foreignness sometimes stretch legal rules or well-known technical facts to the breaking point. In their classified internal communications, colleagues and supervisors often remind the analysts that PRISM and Upstream collection have a ?lower threshold for foreignness ?standard of proof??? than a traditional surveillance warrant from a FISA judge, requiring only a ?reasonable belief? and not probable cause. One analyst rests her claim that a target is foreign on the fact that his e-mails are written in a foreign language, a quality shared by tens of millions of Americans. Others are allowed to presume that anyone on the chat ?buddy list? of a known foreign national is also foreign. In many other cases, analysts seek and obtain approval to treat an account as ?foreign? if someone connects to it from a computer address that seems to be overseas. ?The best foreignness explanations have the selector being accessed via a foreign IP address,? an NSA supervisor instructs an allied analyst in Australia. Apart from the fact that tens of millions of Americans live and travel overseas, additional millions use simple tools called proxies to redirect their data traffic around the world, for business or pleasure. World Cup fans this month have been using a browser extension called Hola to watch live-streamed games that are unavailable from their own countries. The same trick is routinely used by Americans who want to watch BBC video. The NSA also relies routinely on locations embedded in Yahoo tracking cookies, which are widely regarded by online advertisers as unreliable. In an ordinary FISA surveillance application, the judge grants a warrant and requires a fresh review of probable cause ? and the content of collected surveillance ? every 90 days. When renewal fails, NSA and allied analysts sometimes switch to the more lenient standards of PRISM and Upstream. ?These selectors were previously under FISA warrant but the warrants have expired,? one analyst writes, requesting that surveillance resume under the looser standards of Section 702. The request was granted. ?I don?t like people knowing? She was 29 and shattered by divorce, converting to Islam in search of comfort and love. He was three years younger, rugged and restless. His parents had fled Kabul and raised him in Australia, but he dreamed of returning to Afghanistan. One day when she was sick in bed, he brought her tea. Their faith forbade what happened next, and later she recalled it with shame. ?what we did was evil and cursed and may allah swt MOST merciful forgive us for giving in to our nafs [desires]? Still, a romance grew. They fought. They spoke of marriage. They fought again. All of this was in the files because, around the same time, he went looking for the Taliban. He found an e-mail address on its English-language Web site and wrote repeatedly, professing loyalty to the one true faith, offering to ?come help my brothers? and join the fight against the unbelievers. On May 30, 2012, without a word to her, he boarded a plane to begin a journey to Kandahar. He left word that he would not see her again. If that had been the end of it, there would not be more than 800 pages of anguished correspondence between them in the archives of the NSA and its counterpart, the Australian Signals Directorate. He had made himself a target. She was the collateral damage, placed under a microscope as she tried to adjust to the loss. Three weeks after he landed in Kandahar, she found him on Facebook. ?Im putting all my pride aside just to say that i will miss you dearly and your the only person that i really allowed myself to get close to after losing my ex husband, my dad and my brother.. Im glad it was so easy for you to move on and put what we had aside and for me well Im just soo happy i met you. You will always remain in my heart. I know you left for a purpose it hurts like hell sometimes not because Im needy but because i wish i could have been with you.? His replies were cool, then insulting, and gradually became demanding. He would marry her but there were conditions. She must submit to his will, move in with his parents and wait for him in Australia. She must hand him control of her Facebook account ? he did not approve of the photos posted there. She refused. He insisted: ?look in islam husband doesnt touch girl financial earnigs unless she agrees but as far as privacy goes there is no room?.i need to have all ur details everything u do its what im supposed to know that will guide u whether its right or wrong got it? Later, she came to understand the irony of her reply: ?I don?t like people knowing my private life.? Months of negotiations followed, with each of them declaring an end to the romance a dozen times or more. He claimed he had found someone else and planned to marry that day, then admitted it was a lie. She responded: ?No more games. You come home. You won?t last with an afghan girl.? She begged him to give up his dangerous path. Finally, in September, she broke off contact for good, informing him that she was engaged to another man. ?When you come back they will send you to jail,? she warned. They almost did. In interviews with The Post, conducted by telephone and Facebook, she said he flew home to Australia last summer, after failing to find members of the Taliban who would take him seriously. Australian National Police met him at the airport and questioned him in custody. They questioned her, too, politely, in her home. They showed her transcripts of their failed romance. When a Post reporter called, she already knew what the two governments had collected about her. Eventually, she said, Australian authorities decided not to charge her failed suitor with a crime. Police spokeswoman Emilie Lovatt declined to comment on the case. Looking back, the young woman said she understands why her intimate correspondence was recorded and parsed by men and women she did not know. ?Do I feel violated?? she asked. ?Yes. I?m not against the fact that my privacy was violated in this instance, because he was stupid. He wasn?t thinking straight. I don?t agree with what he was doing.? What she does not understand, she said, is why after all this time, with the case long closed and her own job with the Australian government secure, the NSA does not discard what it no longer needs. Jennifer Jenkins and Carol D. Leonnig contributed to this report. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 7 15:15:32 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Jul 2014 16:15:32 -0400 Subject: [Infowarrior] - Hollywood Studios Tried To Add File Sharing Sites To New Zealand's Child Porn Blacklist Message-ID: <921DE300-5E3D-4EFC-85F6-0BA7718934DD@infowarrior.org> Hollywood Studios Tried To Add File Sharing Sites To New Zealand's Child Porn Blacklist from the the-audacity-of-egotistical-self-interest dept https://www.techdirt.com/articles/20140704/16300627788/hollywood-studios-tried-to-add-file-sharing-sites-to-new-zealands-child-porn-blacklist.shtml We just wrote about the UK's filtering systems blocking access to 20% of the world's top 100,000 sites, even though only about 4% of those host the porn Prime Minister David Cameron seems so obsessed with blocking. Also noted in that story was the fact that many "pirate sites" are being blocked at ISP level via secret court orders. MPAA head Chris Dodd absolutely loves web filters, proclaiming them to be the best tool the industry can (ab)use to thwart piracy. < ? > So, in hopes of protecting their business model, studios tried to add file sharing sites to a list of child pornography sites. Not one of them seemed to realize how wrong it was to equate their companies' profitability with the sexual abuse of children. Whatever level of entitlement these companies have risen to in the past, they've vastly exceeded it with this maneuver. Studios may secretly believe copyright infringement is (very subjectively) as damaging as child pornography, but they've never made it this explicitly clear. Fortunately, ISPs and the Kiwi government pushed back, unwilling to be complicit in the studios' most insensitive act of self-preservation yet. Unfortunately for Dodd and his charges, the studios will have to make do with secret court orders and default web filters that still allow end users to flip the "hide file sharing sites" switch to "off." The studios believe they should have root access to government-ordained web blocking. In the interest of not making the situation worse than it already is, this should never be granted. Various governments have already included protection for the copyright industries in some of their web-targeted "for the children" legislation. Giving studios the go-ahead to tamper with child porn blacklists would just stretch the definition of "children" to include major Hollywood studios -- entities full of full-grown adults with enough power and money to protect them from anything. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 7 17:50:11 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Jul 2014 18:50:11 -0400 Subject: [Infowarrior] - Taylor Swift OpEd: The Future of Music Is a Love Story Message-ID: For Taylor Swift, the Future of Music Is a Love Story The Singer-Songwriter Says Artists and Fans Will Still Form Deep Bonds, but They Will Do It in New Ways By Taylor Swift Updated July 7, 2014 6:39 p.m. ET http://online.wsj.com/articles/for-taylor-swift-the-future-of-music-is-a-love-story-1404763219 Where will the music industry be in 20 years, 30 years, 50 years? Before I tell you my thoughts on the matter, you should know that you're reading the opinion of an enthusiastic optimist: one of the few living souls in the music industry who still believes that the music industry is not dying?it's just coming alive. There are many (many) people who predict the downfall of music sales and the irrelevancy of the album as an economic entity. I am not one of them. In my opinion, the value of an album is, and will continue to be, based on the amount of heart and soul an artist has bled into a body of work, and the financial value that artists (and their labels) place on their music when it goes out into the marketplace. Piracy, file sharing and streaming have shrunk the numbers of paid album sales drastically, and every artist has handled this blow differently. In recent years, you've probably read the articles about major recording artists who have decided to practically give their music away, for this promotion or that exclusive deal. My hope for the future, not just in the music industry, but in every young girl I meet?is that they all realize their worth and ask for it. Music is art, and art is important and rare. Important, rare things are valuable. Valuable things should be paid for. It's my opinion that music should not be free, and my prediction is that individual artists and their labels will someday decide what an album's price point is. I hope they don't underestimate themselves or undervalue their art. Arrows Through the Heart In mentioning album sales, I'd like to point out that people are still buying albums, but now they're buying just a few of them. They are buying only the ones that hit them like an arrow through the heart or have made them feel strong or allowed them to feel like they really aren't alone in feeling so alone. It isn't as easy today as it was 20 years ago to have a multiplatinum-selling album, and as artists, that should challenge and motivate us. There are always going to be those artists who break through on an emotional level and end up in people's lives forever. The way I see it, fans view music the way they view their relationships. Some music is just for fun, a passing fling (the ones they dance to at clubs and parties for a month while the song is a huge radio hit, that they will soon forget they ever danced to). Some songs and albums represent seasons of our lives, like relationships that we hold dear in our memories but had their time and place in the past. However, some artists will be like finding "the one." We will cherish every album they put out until they retire and we will play their music for our children and grandchildren. As an artist, this is the dream bond we hope to establish with our fans. I think the future still holds the possibility for this kind of bond, the one my father has with the Beach Boys and the one my mother has with Carly Simon. I think forming a bond with fans in the future will come in the form of constantly providing them with the element of surprise. No, I did not say "shock"; I said "surprise." I believe couples can stay in love for decades if they just continue to surprise each other, so why can't this love affair exist between an artist and their fans? In the YouTube generation we live in, I walked out onstage every night of my stadium tour last year knowing almost every fan had already seen the show online. To continue to show them something they had never seen before, I brought out dozens of special guest performers to sing their hits with me. My generation was raised being able to flip channels if we got bored, and we read the last page of the book when we got impatient. We want to be caught off guard, delighted, left in awe. I hope the next generation's artists will continue to think of inventive ways of keeping their audiences on their toes, as challenging as that might be. There are a few things I have witnessed becoming obsolete in the past few years, the first being autographs. I haven't been asked for an autograph since the invention of the iPhone with a front-facing camera. The only memento "kids these days" want is a selfie. It's part of the new currency, which seems to be "how may followers you have on Instagram." Fan Power A friend of mine, who is an actress, told me that when the casting for her recent movie came down to two actresses, the casting director chose the actress with more Twitter followers. I see this becoming a trend in the music industry. For me, this dates back to 2005 when I walked into my first record-label meetings, explaining to them that I had been communicating directly with my fans on this new site called Myspace. In the future, artists will get record deals because they have fans?not the other way around. Another theme I see fading into the gray is genre distinction. These days, nothing great you hear on the radio seems to come from just one musical influence. The wild, unpredictable fun in making music today is that anything goes. Pop sounds like hip hop; country sounds like rock; rock sounds like soul; and folk sounds like country?and to me, that's incredible progress. I want to make music that reflects all of my influences, and I think that in the coming decades the idea of genres will become less of a career-defining path and more of an organizational tool. This moment in music is so exciting because the creative avenues an artist can explore are limitless. In this moment in music, stepping out of your comfort zone is rewarded, and sonic evolution is not only accepted?it is celebrated. The only real risk is being too afraid to take a risk at all. Celebrity Spotlight I predict that some things will never change. There will always be an increasing fixation on the private lives of musicians, especially the younger ones. Artists who were at their commercial peak in the '70s, '80s and '90s tell me, "It was never this crazy for us back then!" And I suspect I'll be saying that same thing to younger artists someday (God help them). There continues to be a bad girl vs. good girl/clean-cut vs. sexy debate, and for as long as those labels exist, I just hope there will be contenders on both sides. Everyone needs someone to relate to. And as for me? I'll just be sitting back and growing old, watching all of this happen or not happen, all the while trying to maintain a life rooted in this same optimism. And I'd also like a nice garden. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 7 20:59:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Jul 2014 21:59:45 -0400 Subject: [Infowarrior] - Cyber-Senate's cyber-security cyber-law cyber-scares cyber-rights cyber-fighters Message-ID: <75890F6E-E8E1-4AA2-A32B-9E36F86472EA@infowarrior.org> Cyber-Senate's cyber-security cyber-law cyber-scares cyber-rights cyber-fighters Proposed rules puts private data into hands of Uncle Sam By Iain Thomson, 8 Jul 2014 http://www.theregister.co.uk/2014/07/08/privacy_groups_protest_senate_cybersecurity_sharing_law/ On Tuesday the US Senate will meet in a closed-door session to mark up the forthcoming Cybersecurity Information Sharing Act of 2014 (CISA) ? and the proposed new rules on data sharing between big biz and government have privacy groups seriously worried. CISA is an offshoot of the proposed Cyber Intelligence Sharing and Protection Act (CISPA), which was introduced nearly three years ago and has had a rocky road. The ostensible reason for the new law is to formalize information sharing between the US government and companies on ongoing security threats ? provided firms hand over users' information to the government to help identify new attack vectors. CISPA passed a vote in the US House of Representatives, but went no further. CISA is the Senate's response to CISPA, and was cowritten by NSA-friendly Dianne Feinstein (D-CA), chairwoman of the Senate Select Committee on Intelligence. The new bill is somewhat broader in scope than CISPA and the language used so far has led more than 30 groups, from both sides of the political spectrum, to issue an open letter on its failings. "In the year since Edward Snowden revealed the existence of sweeping surveillance programs, authorized in secret and under classified and flawed legal reasoning, Americans have overwhelmingly asked for meaningful privacy reform and a roll back of the surveillance state created since passage of the Patriot Act. This bill would do exactly the opposite," the open letter [PDF] warns. Under the terms of the new legislation, the government would be allowed to collect people's data from firms not just for cyber threats to infrastructure, but also for terms of service violations, the prosecution of identity theft, aiding prosecutions under the Espionage Act, or even to find the identity of whistleblowers. The data that companies hand over should be stripped of personally identifiable information, but according to the new bill this only applies if the supplying firm has evidence that the user is a US citizen and if the information isn't directly related to a "cybersecurity threat." In addition, companies that take part in such information sharing are exempt from public disclosure laws that would require them to tell users what is going on. Government agencies using that data also get broad liability protection and have very limited oversight. "We do not discount the legitimate dangers posed by cyber threats, both from domestic criminals and hostile foreign powers," concludes the letter writers ? which include the likes of the EFF, the ACLU and the National Latino Farmers and Ranchers Trade Association. "But, as with all national security authorities, we need not sacrifice crucial civil liberties and privacy safeguards, and especially whistleblower protections, in order to effectively address such dangers. We urge the committee and Congress to carefully reconsider CISA as drafted, and to bring it in line with our law, our Constitution and our national values." The White House has shown concern over the overarching scope of the CISPA/CISA legislation and sort-of threatened to veto the laws as they stand ? but we all know how jellylike President Obama's promises can be. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 8 06:27:24 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Jul 2014 07:27:24 -0400 Subject: [Infowarrior] - Alzheimer's could be prevented after new blood test breakthrough Message-ID: <95007711-9E44-494A-8771-96D3C4EBBD76@infowarrior.org> Alzheimer's disease could be prevented after new blood test breakthrough Scientists at Oxford University and Kings College London develop blood test which can predict the onset of Alzheimer's so that drugs could target the disease before symptoms appear By Sarah Knapton, Science Correspondent 12:01AM BST 08 Jul 2014 http://www.telegraph.co.uk/science/science-news/10951689/Alzheimers-disease-could-be-prevented-after-new-blood-test-breakthrough.html A blood test has been developed to predict if someone will develop Alzheimer?s within a year, raising hopes that the disease could become preventable. After a decade of research, scientists at Oxford University and King?s College London are confident they have found 10 proteins which show the disease is imminent. Clinical trials will start on people who have not yet developed Alzheimer?s to find out which drugs halt its onset. The blood test, which could be available in as little as two years, was described as a ?major step forward? by Jeremy Hunt, the Health Secretary, and by charities which said it could revolutionise research into a cure. ?Although we are making drugs they are all failing. But if we could treat people earlier it may be that the drugs are effective,? said Simon Lovestone, professor of translational neuroscience at Oxford. ?Alzheimer?s begins to affect the brain many years before patients are diagnosed with the disease. If we could treat the disease in that phase we would in effect have a preventative strategy.? Clinical trials into so-called ?wonder drugs? such as BACE inhibitors and anti-amyloid agents, have shown little improvement for sufferers. Scientists believe that by the time Alzheimer?s is diagnosed, an irreversible ?cascade? of symptoms has already occurred. About 600,000 people in Britain suffer from Alzheimer?s and hundreds of thousands have mild cognitive impairment. Last month, David Cameron pledged to fast-track dementia research. The new test, which examines 10 proteins in the blood, can predict with 87 per cent ccuracy whether someone suffering memory problems will develop Alzheimer?s within a year. The researchers used data from three international studies. Blood samples were taken from 1,148 people, 476 of whom had Alzheimer?s, 220 with memory problems, and a control group of 452 without any signs of dementia. The scientists found that 16 proteins were associated with brain shrinkage and memory loss and 10 of those could predict whether someone would develop Alzheimer?s. Mr Hunt said: ?This is welcome research on an issue we?re made a national priority. Developing tests and biomarkers will be important steps forward in the global fight against dementia as we search for a cure.? Previous studies have shown that PET brain scans and plasma in lumbar fluid could be used to predict that onset of dementia from mild cognitive impairment. But PET imaging is highly expensive and lumbar punctures are invasive and carry risks. The first tests are likely to be available in between two and five years. However, the study is likely to throw up ethical dilemmas about whether patients should receive potentially devastating news about their future. Prof Lovestone said it was unlikely that GPs would use the test until a treatment was available. The breakthrough was welcomed by dementia charities and academics. Eric Karran, director of research at Alzheimer?s Research UK, which helped fund the research, said it brought the prospect of Alzheimer?s becoming a preventable disease ?significantly closer?. Prof Gordon Wilcock, emeritus professor of geratology at Oxford, added that it was ?great news?. The study was published in the journal Alzheimer?s & Dementia. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 8 16:58:13 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Jul 2014 17:58:13 -0400 Subject: [Infowarrior] - Media orgs: Obama 'stifling free expression' Message-ID: <83C66BD5-54E2-420E-BC94-CB502DBDCB23@infowarrior.org> Media orgs: Obama 'stifling free expression' By DYLAN BYERS | 7/8/14 3:20 PM EDT From the department of important efforts likely to yield little reward, the Society of Professional Journalists and 37 other media organizations sent an open letter to President Obama on Tuesday calling on him to stop stifling the media and provide greater transparency. "You recently expressed concern that frustration in the country is breeding cynicism about democratic government. You need look no further than your own administration for a major source of that frustration ? politically driven suppression of news and information about federal agencies," the letter states. "We call on you to take a stand to stop the spin and let the sunshine in." It continues: "Over the past two decades, public agencies have increasingly prohibited staff from communicating with journalists unless they go through public affairs offices or through political appointees. This trend has been especially pronounced in the federal government. We consider these restrictions a form of censorship -- an attempt to control what the public is allowed to see and hear." "The stifling of free expression is happening despite your pledge on your first day in office to bring 'a new era of openness' to federal government ? and the subsequent executive orders and directives which were supposed to bring such openness about." < - big snip - > http://www.politico.com/blogs/media/2014/07/media-orgs-obama-stifling-free-expression-191725.html?hp=r8 From rforno at infowarrior.org Tue Jul 8 18:57:28 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Jul 2014 19:57:28 -0400 Subject: [Infowarrior] - Wall Street calling for Cyber War Council Message-ID: Alexander + Chertoff ? talk about the revolving door of fear-mongering profiteers. ?rick Banks Dreading Computer Hacks Call for Cyber War Council By Carter Dougherty - Jul 8, 2014 http://www.bloomberg.com/news/print/2014-07-08/banks-dreading-computer-hacks-call-for-cyber-war-council.html Wall Street?s biggest trade group has proposed a government-industry cyber war council to stave off terrorist attacks that could trigger financial panic by temporarily wiping out account balances, according to an internal document. The proposal by the Securities Industry and Financial Markets Association, known as Sifma, calls for a committee of executives and deputy-level representatives from at least eight U.S. agencies including the Treasury Department, the National Security Agency and the Department of Homeland Security, all led by a senior White House official. The trade association also reveals in the document that Sifma has retained former NSA director Keith Alexander to ?facilitate? the joint effort with the government. Alexander, in turn, has brought in Michael Chertoff, the former U.S. Secretary of Homeland Security, and his firm, Chertoff Group. The document sketches an unusually frank and pessimistic view by the industry of its readiness for attacks wielded by nation-states or terrorist groups that aim to ?destroy data and machines.? It says the concerns are ?compounded by the dependence of financial institutions on the electric grid,? which is also vulnerable to physical and cyber attack. ?Widespread Runs? ?The systemic consequences could well be devastating for the economy as the resulting loss of confidence in the security of individual and corporate savings and assets could trigger widespread runs on financial institutions that likely would extend well beyond the directly impacted banks, securities firms and asset managers,? Sifma wrote in the document, dated June 27. Liz Pierce, a spokeswoman for Sifma, declined to comment on the document, adding that the group ?is doing everything possible to help the industry prepare for and defend against cyberattacks.? Caitlin Hayden, spokeswoman for the White House National Security Council, declined to comment. Alexander had been pitching Sifma and other bank trade associations to purchase his services through his new consulting firm, IronNet Cybersecurity Inc., for as much as $1 million per month, according to two people briefed on the talks. He has made much the same argument to Sifma as the association is now making to the government about the emergence of new kinds of software assaults. For several months beginning in fall 2012, major U.S. bank websites were hit by what is known as distributed denial-of-service attacks, in which hackers flood systems with information to shut them down. ?Effectively Defend? The next wave of attacks ?in the near-medium term? is likely to be more destructive and could result in ?account balances and books and records being converted to zeros,? while recovering the lost information ?would be difficult and slow,? according to the Sifma document. ?We are concerned that the industry may not have the capabilities that we would like to effectively defend against this newer form of potential attack, the capability that we would like to stop such an attack once commenced from spreading to other financial institutions, or the capability we would like of effectively recovering if an initial attack is followed by waves of follow-on attacks,? the document says. Computer intrusions also have been a concern of regional and small banks. Camden Fine, president of the Independent Community Bankers of America, said today that an account-draining cyberattack is ?a question of when.? He predicted the government would have to grapple with difficult questions including whether the Federal Deposit Insurance Corp. would cover any losses. ?Train Wreck? ?When it does happen, the hue and cry will go up,? Fine wrote in an e-mail. ?Who will be liable? What will the FDIC do? It is like watching a train wreck in the making and there is nothing you can do to stop it.? The Sifma document, while noting that the coordination between industry and government on cyber threats has improved in recent years, said a joint council would produce a more focused response. The government-industry group would develop plans for ?much quicker, near real-time? dissemination of information from agencies to the private sector and ways to ?actively defend the industry? if preparations for a cyber attack are discovered in advance. Sifma is also seeking ?pre-discussed and mutually understood protocols? for the industry to request government help during and after an attack. Pre-emptive Strike Representative Alan Grayson, a Florida Democrat, said today he was concerned that industry members in such a joint group could improperly get involved in pre-emptive strikes against a person or state planning an assault on the U.S. ?This could in effect make the banks part of what would begin to look like a war council,? Grayson said in an e-mail. ?Congress needs to keep an eye on what something like this could mean.? In its proposal, Sifma also called for greater protection for the U.S. electricity grid, which it says is ?vulnerable to physical destruction of transformers and other equipment in a small number of undefended substations.? ?The core problem is that if transformers and critical equipment were destroyed at these sites, it could take months to build the replacement equipment,? Sifma wrote. The Senate Intelligence Committee plans today to take up a bipartisan bill -- sponsored by Senators Dianne Feinstein, a California Democrat, and Saxby Chambliss, a Georgia Republican - - aimed at improving private-sector cyber-defenses. The bill includes rules that would insulate banks from liability arising from sharing information for cybersecurity, addressing a point financial institutions have raised in the past. To contact the reporter on this story: Carter Dougherty in Washington at cdougherty6 at bloomberg.net To contact the editors responsible for this story: Maura Reynolds at mreynolds34 at bloomberg.net Lawrence Roberts --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 8 21:07:30 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Jul 2014 22:07:30 -0400 Subject: [Infowarrior] - Senate committee adopts cybersecurity bill opposed by NSA critics Message-ID: <024F5645-202C-4137-9759-71A60CCF10F0@infowarrior.org> Senate committee adopts cybersecurity bill opposed by NSA critics Intelligence committee approves major bill that civil libertarians say would give NSA even wider access to Americans' data ? Spencer Ackerman in New York ? theguardian.com, Tuesday 8 July 2014 18.17 EDT http://www.theguardian.com/world/2014/jul/08/senate-cybersecurity-bill-opposed-by-nsa-critics The Senate intelligence committee voted Tuesday to adopt a major cybersecurity bill that critics fear will give the National Security Agency even wider access to American data than it already has. Observers said the bill, approved by a 12 to 3 vote in a meeting closed to the public, would face a difficult time passing the full Senate, considering both the shortened legislative calendar in an election year and the controversy surrounding surveillance. But the bill is a priority of current and former NSA directors, who warn that private companies? vulnerability to digital sabotage and economic data exfiltration will get worse without it. Pushed by Dianne Feinstein and Saxby Chambliss, the California Democrat and Georgia Republican who lead the committee, the bill would remove legal obstacles that block firms from sharing information "in real time" about cyber-attacks and prevention or mitigation measures with one another and with the US government. Worrying civil libertarians is that the NSA and its twin military command, US Cyber Command, would receive access to vast amounts of data, and privacy guidelines for the handling of that data are yet to be developed. A draft of the bill released in mid-June would permit government agencies to share, retain and use the information for "a cybersecurity purpose" ? defined as "the purpose of protecting an information system or information that is stored on, processed by or transiting an information system from a cybersecurity threat or security vulnerability" ? raising the prospect of the NSA stockpiling a catalogue of weaknesses in digital security, as a recent White House data-assurance policy permits. It would also prevent participating companies from being sued for sharing data with each other and the government, even though many companies offer contract terms of service prohibiting the sharing of client or customer information without explicit consent. ?To strengthen our networks, the government and private sector need to share information about attacks they are facing and how best to defend against them. This bill provides for that sharing through a purely voluntary process and with significant measures to protect private information," Feinstein said in a statement after the vote. Intrusions into private data networks are on the rise, with enormous economic consequences. A perceived need for some sort of government response drove the Justice Department to indict five Chinese military officers in May. Champions of a similar bill that passed the House of Representatives last year despite a White House veto threat urged the full Senate to follow the intelligence panel's lead. "These attacks cost our country billions of dollars through the loss of jobs and intellectual property. We are confident that the House and the Senate will quickly come together to address this urgent threat and craft a final bill that secures our networks and protects privacy and civil liberties," said Mike Rogers of Michigan and Dutch Ruppersberger of Maryland, the Republican and Democratic leaders of the House intelligence committee. But digital rights advocates warn that the measure will give the government, including the NSA, access to more information than just that relating to cyberthreats, potentially creating a new avenue for broad governmental access to US data even as Congress and the Obama administration contemplate restricting the NSA's domestic collection. The bill contains "catch-all provisions that would allow for the inclusion of a lot more than malicious code. It could include the content of communications. That's one of the biggest concerns," said Gabriel Rottman, an attorney with the American Civil Liberties Union. Provisions in the bill are intended to protect American privacy on the front end by having participating companies strike "indicators ? known to be personal information of or identifying a United States person" before the government sees it, but the draft version leaves specific guidelines for privacy protection up to the attorney general. "Nobody knows whether the flow from the private sector will be a trickle or a river or an ocean. The bill contemplates an ocean, and that's what worries us," said Greg Nojeim of the Center for Democracy and Technology. Two of the senators who voted against the bill, Democrats Ron Wyden of Oregon and Mark Udall of Colorado, said that they were prepared to work to improve the bill, which they said "lacks adequate protections for the privacy rights of law-abiding Americans, and that it will not materially improve cybersecurity". They warned: "We have seen how the federal government has exploited loopholes to collect Americans' private information in the name of security." A cybersecurity bill failed in the Senate in 2012, and observers like Nojeim doubted that a post-Edward Snowden environment was more conducive to passage, a point echoed reluctantly by leading NSA officials. Nevertheless, both NSA director vice-admiral Michael Rogers and his predecessor, Keith Alexander, have urged Congress to pass legislation along the lines of the Senate intelligence committee bill. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 9 04:46:37 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2014 05:46:37 -0400 Subject: [Infowarrior] - Meet the Muslim-American Leaders the FBI and NSA Have Been Spying On Message-ID: <4C049F48-2C3B-47D1-83A0-EC8A1B2176B8@infowarrior.org> Meet the Muslim-American Leaders the FBI and NSA Have Been Spying On By Glenn Greenwald and Murtaza Hussain 9 Jul 2014, 12:01 AM EDT The National Security Agency and FBI have covertly monitored the emails of prominent Muslim-Americans?including a political candidate and several civil rights activists, academics, and lawyers?under secretive procedures intended to target terrorists and foreign spies. According to documents provided by NSA whistleblower Edward Snowden, the list of Americans monitored by their own government includes: ? Faisal Gill, a longtime Republican Party operative and one-time candidate for public office who held a top-secret security clearance and served in the Department of Homeland Security under President George W. Bush; ? Asim Ghafoor, a prominent attorney who has represented clients in terrorism-related cases; ? Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University; ? Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights; ? Nihad Awad, the executive director of the Council on American-Islamic Relations (CAIR), the largest Muslim civil rights organization in the country. The individuals appear on an NSA spreadsheet in the Snowden archives called ?FISA recap??short for the Foreign Intelligence Surveillance Act. Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to believe that American targets are not only agents of an international terrorist organization or other foreign power, but also ?are or may be? engaged in or abetting espionage, sabotage, or terrorism. The authorizations must be renewed by the court, usually every 90 days for U.S. citizens. The spreadsheet shows 7,485 email addresses listed as monitored between 2002 and 2008. Many of the email addresses on the list appear to belong to foreigners whom the government believes are linked to Al Qaeda, Hamas, and Hezbollah. Among the Americans on the list are individuals long accused of terrorist activity, including Anwar al-Awlaki and Samir Khan, who were killed in a 2011 drone strike in Yemen. But a three-month investigation by The Intercept?including interviews with more than a dozen current and former federal law enforcement officials involved in the FISA process?reveals that in practice, the system for authorizing NSA surveillance affords the government wide latitude in spying on U.S. citizens. The five Americans whose email accounts were monitored by the NSA and FBI have all led highly public, outwardly exemplary lives. All five vehemently deny any involvement in terrorism or espionage, and none advocates violent jihad or is known to have been implicated in any crime, despite years of intense scrutiny by the government and the press. Some have even climbed the ranks of the U.S. national security and foreign policy establishments. ?I just don?t know why,? says Gill, whose AOL and Yahoo! email accounts were monitored while he was a Republican candidate for the Virginia House of Delegates. ?I?ve done everything in my life to be patriotic. I served in the Navy, served in the government, was active in my community?I?ve done everything that a good citizen, in my opinion, should do.? < -- big big snip -- > https://firstlook.org/theintercept/article/2014/07/09/under-surveillance/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 9 06:26:33 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2014 07:26:33 -0400 Subject: [Infowarrior] - ACLU Digs Deep Into The Law Enforcement War Machine Message-ID: <5E363543-B639-40DF-9089-741B39977691@infowarrior.org> ACLU Digs Deep Into The Law Enforcement War Machine https://www.techdirt.com/articles/20140628/20481127717/aclu-digs-deep-into-law-enforcement-war-machine.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 9 09:50:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2014 10:50:00 -0400 Subject: [Infowarrior] - Wired interviews Greenwald Message-ID: <1D841290-4D66-4352-9F13-C1BEB63451CB@infowarrior.org> A Candid Conversation with Glenn Greenwald About Why the New Snowden Leak Matters By Kim Zetter 07.09.14 9:54 am http://www.wired.com/2014/07/greenwald-q-a/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 9 15:57:44 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2014 16:57:44 -0400 Subject: [Infowarrior] - Amusing tidbit regarding World Cup videos Message-ID: <80CEA015-80AD-4507-A90D-90B7DACB83FC@infowarrior.org> Pornhub pleads with users to stop uploading videos of Brazil 'getting f**ked by Germany' in the World Cup 'Our public humiliation category is full,' says porn site Christopher Hooton Wednesday 09 July 2014 In the world's continuing mission to completely humiliate Brazil in the wake of its 7-1 World Cup semi-final defeat to Germany, adult site Pornhub has allegedly been flooded with highlights of the game. Footage of the goals bearing the title 'Young Brazilians get f**ked by entire German soccer team' (and other more explicit variants) quickly sprang up following the game (at least according to hundreds of screen grabs circulating Twitter), with the site eventually asking football fans to cease with the gag whilst getting a swipe in at Brazil's performance itself. "Please stop uploading the game highlights to Pornhub... Our public humiliation category is full. #BrazilvsGermany," it tweeted. Brazil suffered arguably the worst defeat in World Cup history in Belo Horizonte last night, conceding three goals in 76 seconds. < - > http://www.independent.co.uk/sport/football/worldcup/pornhub-pleads-users-to-stop-uploading-videos-of-brazil-getting-fked-by-germany-in-the-world-cup-9594287.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 9 15:58:25 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2014 16:58:25 -0400 Subject: [Infowarrior] - WH withdraws controversial USPTO nominee Message-ID: <0A86E9DD-6460-400E-AE76-30AF3414E08C@infowarrior.org> White House pulls plug on controversial Patent Office nominee after tech sector backlash By Jeff John Roberts http://gigaom.com/2014/07/09/white-house-pulls-plug-on-controversial-patent-office-nominee-after-tech-sector-backlash/ The Obama Administration has backed away from an unpopular plan to name a Johnson & Johnson executive and patent reform opponent as head of the US Patent Office. The Obama Administration has changed its mind over a plan to name pharmaceutical executive Phil Johnson as head of the U.S. Patent and Trademark Office, according to multiple sources. The reversal is a victory for the technology industry and other proponents of patent reform. The plan to appoint Johnson surfaced in late June, and was met with outrage on social media, where critics claimed the choice reflected hypocrisy on the part of President Obama, who had called for fixes to the patent system in his January State of the Union address. Johnson, a longtime attorney for Johnson & Johnson, was a controversial nominee in part because he helped lead opposition to a bipartisan bill, which died in May, that would have made it easier for companies to challenge bad patents and to seek legal fees from so-called ?patent trolls.? He has also publicly scorned previous attempts to reform the patent system. News of the White House?s decision to backtrack on the appointment came via a person close to the Administration, and was confirmed by several industry sources. The final decision to pull the plug may have occurred after Senator Chuck Schumer (D-NY) vocally declared his opposition to Johnson. Schumer, who was one of the authors of the failed reform bill, has regularly blasted the harm the current patent system is inflicting on start-ups and young companies. For now, it?s unclear who the White House will name instead of Johnson. The office of Director of the Patent Office has been vacant since out-going director David Kappos stepped down in early 2013, and has been led in the meantime by former Googler, Michelle Lee. Lee would appear to be a logical choice to take the top job, but it?s not apparent that she?s in the running. One source speculated that the Administration could appoint a figurehead, which would let Lee continue to be the de facto leader on policy issues. The White House did not immediately reply a request for comment. When the incoming Director is appointed, she or he will confront a large backlog of unprocessed patent applications, and will also have to decide how to address the issue of patent quality. In the last two decades, the Patent Office has issued a flood of questionable patents like one issued to a child for ?swinging on a swing.? The proliferation of patents has arisen in part because examiners can only expend a given amount of time on each application, while those seeking patents can repeatedly challenge rejections. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 9 15:59:12 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2014 16:59:12 -0400 Subject: [Infowarrior] - =?windows-1252?q?Why_Do_Patent_Trolls_Go_to_Texas?= =?windows-1252?q?=3F_It=92s_Not_for_the_BBQ?= Message-ID: Why Do Patent Trolls Go to Texas? It?s Not for the BBQ There is a lot in our current patent system that is in need of reform. The Patent Office is too lax in granting patents. Federal Circuit case law has consistently favored patentees. Another part of this problem is the forum shopping by patentees that leads to a disproportionate number of cases being filed in the Eastern District of Texas. Back in 2011, This American Life did a one-hour feature called ?When Patents Attack!? The story included a tour of ghostly offices in Marshall, Texas, where shell companies have fake headquarters with no real employees. For many people, it was their first introduction to the phenomenon that is the Eastern District of Texas, a largely rural federal court district that has somehow attracted a huge volume of high-tech patent litigation. The Eastern District of Texas is still number one for patent cases. Last year, there were just over 6,000 patent suits filed in federal courts around the country. One in four of those cases (24.54% to be exact) were filed in the Eastern District of Texas. But why do patent plaintiffs, especially trolls, see it as such a favorable forum? Partly, the district's relatively rapid litigation timetable can put pressure on defendants to settle. But other local practices in the Eastern District also favor patentees. And, in our view, they do so in a way that is inconsistent with the governing Federal Rules, and work to mask the consistent refusal by the courts in the Eastern District to end meritless cases before trial. The podcasting patent troll litigation provides a recent case study. EFF is currently fighting the patent troll Personal Audio at the Patent Office, where we?re arguing that U.S. Patent 8,112,504 (the ?podcasting patent?) is invalid. But Personal Audio is also involved in litigation against podcasters and TV companies in the Eastern District of Texas. We?ve been following that case, and unsurprisingly, the defendants there are also arguing that the podcasting patent is invalid. Specifically, the defendants are arguing that earlier publications and websites describe the system for ?disseminating media content? that Personal Audio says it invented. Recently, something happened in that case that we thought deserved notice: the defendants were denied the opportunity to have the judge rule on summary judgment on this issue. This deserves a bit of explanation: generally, parties go to trial to have their rights decided by a jury. But the Federal Rules provide the parties the right to get ?summary judgment? (i.e., a decision from the judge) where there is no ?genuine dispute as to any material fact.? To be clear, this doesn?t mean the parties have to agree on all the facts. What it means is that where the only disputes are not genuine (e.g., there isn?t enough evidence to support an argument) or not material (e.g., the resolution of the dispute would not change the outcome) summary judgment should be granted. < -- > https://www.eff.org/deeplinks/2014/07/why-do-patent-trolls-go-texas-its-not-bbq --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 9 16:06:19 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2014 17:06:19 -0400 Subject: [Infowarrior] - =?windows-1252?q?TSA=92s_Electronics_Checks_Comin?= =?windows-1252?q?g_to_U=2ES=2E_Airports_Soon?= Message-ID: <4A7040CB-AD97-461B-B94B-A1E11B554044@infowarrior.org> TSA?s Electronics Checks Coming to U.S. Airports Soon By Jeff Plungis and Alan Levin Jul 9, 2014 4:40 PM ET http://www.bloomberg.com/news/2014-07-09/u-s-said-to-expand-mobile-device-rules-at-airport-checkpoints.html A new requirement for U.S.-bound fliers to turn on electronic devices at airport security checkpoints overseas is being expanded to certain passengers on domestic flights, according to people familiar with the plans. TSA started requiring some fliers to turn on laptops, smartphones and other devices in Europe, Africa and the Middle East earlier this month. The agency will require the checks for a limited number of travelers in U.S. airports selected for extra screening, said two people familiar with the plans, who asked not to be named because the decision isn?t public. The checks won?t apply to every flier, and will be used more sparingly than overseas, the people said. Other procedures, including different kinds of pat-downs and shoe checks, won?t be brought to U.S. airports, the people said. TSA won?t publicly specify which travelers will be affected. All electronic devices are already subject to security checks, including being run through screening machines. The agency continues to adjust security measures to fit an ever evolving threat environment, a Department of Homeland Security official said. Information about specific enhancements is sensitive, said the official, who asked not to be named. During the security examination, screeners may ask that owners power up some devices, including mobile phones, the official said. Devices selected for this screening that can?t turn on won?t be permitted to board. The traveler may also undergo additional screening. To contact the reporters on this story: Jeff Plungis in Washington at jplungis at bloomberg.net; Alan Levin in Washington at alevin24 at bloomberg.net To contact the editors responsible for this story: Romaine Bostick at rbostick at bloomberg.net Elizabeth Wasserman --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 9 16:36:20 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2014 17:36:20 -0400 Subject: [Infowarrior] - DRM: Inside Keurig's plan to stop you from buying knockoff K-Cups Message-ID: <25636CFD-5F28-4DCB-B348-E72B386A1BB6@infowarrior.org> Inside Keurig's plan to stop you from buying knockoff K-Cups http://www.theverge.com/2014/6/30/5857030/keurig-digital-rights-management-coffee-pod-pirates --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 9 17:00:04 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2014 18:00:04 -0400 Subject: [Infowarrior] - Where have we seen this before? Message-ID: <6C48EB14-0F11-4E31-85BA-B39038F07C45@infowarrior.org> https://www.eff.org/deeplinks/2014/07/tpp-negotiations-unprecedented-secrecy-around-ottawa-meetings < - > "As we watch TPP crawl its way towards getting finalized, signed, and eventually taint our laws with its one-sided corporate agenda, we need to continue to remember this fact: laws made in secret, with no public oversight or input, are illegitimate. That is not how law is made in democracies. If we're to defend the fundamental democratic rule that law is based on transparent, popular consensus, we need to fight back against an agreement that engages in such a secretive, corporate-captured process.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 9 17:03:19 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2014 18:03:19 -0400 Subject: [Infowarrior] - Files on UK role in CIA rendition accidentally destroyed Message-ID: Files on UK role in CIA rendition accidentally destroyed, says minister Rights groups say FCO claim records of flights in and out of Diego Garcia missing due to water damage 'smacks of cover-up? ? Ian Cobain and Richard Norton-Taylor ? The Guardian, Wednesday 9 July 2014 10.39 EDT http://www.theguardian.com/world/2014/jul/09/files-uk-role-cia-rendition-destroyed-diego-garcia-water-damage The government's problems with missing files deepened dramatically when the Foreign Office claimed documents on the UK's role in the CIA's global abduction operation had been destroyed accidentally when they became soaked with water. In a statement that human rights groups said "smacked of a cover-up", the department maintained that records of post-9/11 flights in and out of Diego Garcia, the British territory in the Indian Ocean, were "incomplete due to water damage". The claim comes amid media reports in the US that a Senate report due to be published later this year identifies Diego Garcia as a location where the CIA established a secret prison as part of its extraordinary rendition programme. According to one report, classified CIA documents state that the prison was established with the "full cooperation" of the UK government. It also comes at a time when MPs are demanding the Home Office urgently provide more information about 114 "missing" files that could have contained information about an alleged child abuse network in the 1980s. Ministers of successive governments have repeatedly given misleading or incomplete information about the CIA's use of Diego Garcia. In February 2008, the then foreign secretary, David Miliband, was forced to apologise to MPs and explain that Tony Blair's "earlier explicit assurances that Diego Garcia had not been used for rendition flights" had not been correct. Miliband said at this point that two rendition flights had landed, but that the detainees on board had not disembarked. Miliband's admission was made after human rights groups produced irrefutable evidence that aircraft linked to the rendition programme had landed on Diego Garcia. Since then, far more aircraft have been shown to have been involved in the operation. The "water damage" claim was given in response to a parliamentary question by the Tory chair of the Treasury select committee, Andrew Tyrie, who has been investigating the UK's involvement in the rendition programme for several years. When Tyrie asked the Foreign Office (FCO) to explain which government department keeps a list of flights which passed through Diego Garcia from January 2002 to January 2009, FCO minister Mark Simmonds replied: "Records on flight departures and arrivals on Diego Garcia are held by the British Indian Ocean Territory immigration authorities. Daily occurrence logs, which record the flights landing and taking off, cover the period since 2003. Though there are some limited records from 2002, I understand they are incomplete due to water damage." The Foreign Office would not say whether the damaged files were UK or US records, or say where they were located. An FO spokesperson maintained that because the damage "was only recently discovered" it did not know how or when it occurred. Cori Crider of the legal charity Reprieve said: "It's looking worse and worse for the UK government on Diego Garcia. First we learn the Senate's upcoming torture report says detainees were held on the island, and now ? conveniently ? a pile of key documents turn up missing with 'water damage'? The government might as well have said the dog ate their homework. This smacks of a cover-up. They now need to come clean about how, when, and where this evidence was lost." Crider added that the claim that documents had been destroyed accidentally was "especially disturbing" given that Scotland Yard is investigating the role played by MI6 in the abduction of a Libyan dissident, Abdel Hakim Belhaj, who was flown to one of Muammar Gaddafi's prisons along with his pregnant wife in 2004. The police investigation, Operation Lydd, is thought to have examined whether the couple were flown via Diego Garcia. A report is due to be handed shortly to the director of public prosecutions. The White House and the CIA are working on final redactions to a 481-page executive summary of a classified report by the US Senate committee on intelligence on the rendition programme prior to its publication, possibly in September. The full 6,300-page report is said to be scathing of the way in which the CIA resorted rapidly to the abduction and torture of al-Qaida suspects after the attacks of 2001. There have been a number of reports suggesting that allies of the US, including the UK and Poland, and been lobbying to ensure that all reference to their own involvement is removed from the summary before it is published. The Foreign Office claimed that it had merely been seeking assurances that "ordinary clearance procedures will be followed" if the report contains material supplied by the UK. The British government is particularly sensitive about the allegations that Diego Garcia hosted one of the CIA's prisons, at times claiming that it knows only that which it is told by Washington. Although the island has operated as a US military base since the islanders were evicted in the 1960s, it remains a British territory, and its use during the rendition programme would have placed the UK in breach of a raft of international and domestic laws. Belhaj and his wife are suing MI6, the agency's former head of counter-terrorism Sir Mark Allen and Jack Straw, who was foreign secretary at the time that the couple were abducted. Last month, the Commons cross-party defence committee suggested that information about the extent to which the CIA used the island as a "black site" to transfer detainees was still being withheld. "Recent developments have once again brought into question the validity of assurances by the US about its use of Diego Garcia," it said. The committee warned that it will assess the implications for Britain and for "public confidence" in its previous statements on US use of Diego Garcia, and said the US should not in future be permitted to use the island, to transfer terror suspects, for combat operations, "or any other politically sensitive activity", without the explicit authorisation from the UK government. Although Miliband told MPs that detainees had not been held on Diego Garcia, others have contradicted this assertion. Manfred Nowak, as United Nations special rapporteur on torture, said he had received "credible evidence from well-placed sources familiar with the situation on the island" that CIA detainees had been held there between 2002 and 2003. General Barry McCaffrey, a former head of Southcom, the US military's southern command, has twice stated publicly that Diego Garcia has been used by the US to hold prisoners, saying in one radio interview in May 2004: "We're probably holding around 3,000 people, you know, Bagram air field, Diego Garcia, Guant?namo, 16 camps throughout Iraq." In 2003, Time magazine quoted "a regional intelligence official" as saying that a man accused of plotting the 2002 Bali nightclub bombing was being interrogated on Diego Garcia. Five years later the magazine reported that a CIA counter-terrorism official said a high-value prisoner or prisoners were being held and interrogated on the island. In August 2008, the Observer reported that former US intelligence officers "unofficially told senior Spanish judge Baltasar Garz?n that Mustafa Setmarian, a Spanish-based Syrian accused of running terrorist training camps in Afghanistan, was taken to Diego Garcia in late 2005 and held there for months". As a consequence of the repeated allegations, the foreign affairs select committee said in 2009 that it was "unacceptable" that the government had not taken steps to obtain the full details of the two individuals whom it had admitted to have been rendered through Diego Garcia. The committee added: "We conclude that the use of Diego Garcia for US rendition flights without the knowledge or consent of the British government raises disquieting questions about the effectiveness of the government's exercise of its responsibilities in relation to this territory.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 11 07:55:24 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Jul 2014 08:55:24 -0400 Subject: [Infowarrior] - Fwd: [IP] NSA: Yes, we have them. No, you're not getting them. References: Message-ID: <896EA748-7BD3-46BC-AE1D-B2E718F3D631@infowarrior.org> > From: "David Farber via ip" > > Begin forwarded message: > > From: Dewayne Hendricks > Subject: [Dewayne-Net] NSA: Yes, we have them. No, you're not getting them. > Date: July 11, 2014 at 12:31:55 AM EDT > To: Multiple recipients of Dewayne-Net > Reply-To: dewayne-net at warpspeed.com > > [Note: This item comes from reader Randall Head. DLH] > > From: rvh40 at insightbb.com > Subject: NSA: Yes, we have them. No, you're not getting them. > Date: July 10, 2014 at 23:40:41 EDT > To: dewayne at warpspeed.com > > NSA confirms it has Snowden emails, but says they?re exempt from FOIA > By Paul Carr > Jul 10 2014 > > > A few moments ago, former Reuters social media editor Matthew Keys tweeted a photo he says is the NSA?s response to his Freedom of Information Act (FOIA) request for emails sent by Edward Snowden using his official government email address. > > The short version: nice try, but no disclosure. > > The slightly longer version: the NSA does have emails from Snowden?s time as a contractor, but they are exempt from release under FOIA. > > Update: Here?s the full letter, as posted by Keys, requesting ?any and all e-mails sent by Edward Snowden using the e-mail address ejsnowden at nsa.ic.gov to any and all NSA officials, including officials at the office of General Counsel, for the time period between January 1, 2013 and June 1, 2013.? > > NSA FOIA response: Edward Snowden government e-mails by Matthew Keys (SCRIBD snipped) > > From rforno at infowarrior.org Sat Jul 12 08:16:41 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Jul 2014 09:16:41 -0400 Subject: [Infowarrior] - =?windows-1252?q?Underage_sexting_isn=92t_ruining?= =?windows-1252?q?_lives=2C_draconian_laws_are_=28and_we_need_to_change_th?= =?windows-1252?q?em=29?= Message-ID: <34D6DACB-5DF8-4369-A81A-6CF58703104A@infowarrior.org> Underage sexting isn?t ruining lives, draconian laws are (and we need to change them) By Jeffrey Van Camp ? July 12, 2014 http://www.digitaltrends.com/mobile/underage-sexting-isnt-ruining-lives/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 12 08:17:40 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Jul 2014 09:17:40 -0400 Subject: [Infowarrior] - The Fifth Surveillance: Corporate Spying On Non-Profits Message-ID: <609FB6AB-928A-4DBE-845D-C40011588772@infowarrior.org> The Fifth Surveillance: Corporate Spying On Non-Profits from the more-revolving-doors dept In the age of innocence that was brought to an end by Edward Snowden's revelations, we broadly knew of three kinds of surveillance: the classic kind, by countries against other countries; the industrial kind, by companies against companies; and -- the most recent addition -- the Google/Facebook kind, carried out by companies against their customers. Snowden made us aware that countries also carried out large-scale surveillance against huge numbers of their own citizens, the vast majority of whom had done nothing to warrant that invasion of their privacy. But there's a fifth kind of surveillance that has largely escaped notice, even though it represents a serious danger for democracy and freedom: spying carried out by companies against non-profit organizations whose work threatens their profits in some way. < - > https://www.techdirt.com/articles/20140711/08223227850/fifth-surveillance-corporate-spying-non-profits.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Jul 12 08:50:54 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Jul 2014 09:50:54 -0400 Subject: [Infowarrior] - If TPP Is So Important, Why Are Those It's Supposed To 'Help' Fighting Against It? Message-ID: <1A2B7012-9858-4E79-A5F6-8F457ED1C378@infowarrior.org> If TPP Is So Important, Why Are Those It's Supposed To 'Help' Fighting Against It? https://www.techdirt.com/articles/20140711/15554827856/if-tpp-is-so-important-why-are-those-its-supposed-to-help-fighting-against-it.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 13 17:11:36 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Jul 2014 18:11:36 -0400 Subject: [Infowarrior] - How the CIA Partnered With Amazon and Changed Intelligence Message-ID: <2A58450B-C753-42EA-A1D8-972C22DE5128@infowarrior.org> Frank Konkel Nextgov July 11, 2014 How the CIA Partnered With Amazon and Changed Intelligence http://www.defenseone.com/technology/2014/07/how-cia-partnered-amazon-and-changed-intelligence/88555/ The intelligence community is about to get the equivalent of an adrenaline shot to the chest. This summer, a $600 million computing cloud developed by Amazon Web Services for the Central Intelligence Agency over the past year will begin servicing all 17 agencies that make up the intelligence community. If the technology plays out as officials envision, it will usher in a new era of cooperation and coordination, allowing agencies to share information and services much more easily and avoid the kind of intelligence gaps that preceded the Sept. 11, 2001, terrorist attacks. For the first time, agencies within the IC will be able to order a variety of on-demand computing and analytic services from the CIA and National Security Agency. What?s more, they?ll only pay for what they use. The vision was first outlined in the IC Information Technology Enterprise plan championed by Director of National Intelligence James Clapper and IC Chief Information Officer Al Tarasiuk almost three years ago. Cloud computing is one of the core components of the strategy to help the IC discover, access and share critical information in an era of seemingly infinite data. For the risk-averse intelligence community, the decision to go with a commercial cloud vendor is a radical departure from business as usual. In 2011, while private companies were consolidating data centers in favor of the cloud and some civilian agencies began flirting with cloud variants like email as a service, a sometimes contentious debate among the intelligence community?s leadership took place. As one former intelligence official with knowledge of the Amazon deal told Government Executive, ?It took a lot of wrangling, but it was easy to see the vision if you laid it all out.? The critical question was would the IC, led by the CIA, attempt to do cloud computing from within, or would it buy innovation? Money was a factor, according to the intelligence official, but not the leading one. The government was spending more money on information technology within the IC than ever before. IT spending reached $8 billion in 2013, according to budget documents leaked by former NSA contractor Edward Snowden. The CIA and other agencies feasibly could have spent billions of dollars standing up their own cloud infrastructure without raising many eyebrows in Congress, but the decision to purchase a single commercial solution came down primarily to two factors. ?What we were really looking at was time to mission and innovation,? the former intelligence official said. ?The goal was, ?Can we act like a large enterprise in the corporate world and buy the thing that we don?t have, can we catch up to the commercial cycle? Anybody can build a data center, but could we purchase something more? ?We decided we needed to buy innovation,? the former intelligence official said. A Groundbreaking Deal The CIA?s first request for proposals from industry in mid-2012 was met with bid protests to the Government Accountability Office from Microsoft and AT&T, two early contenders for the contract. Those protests focused on the narrow specifications called for by the RFP. GAO did not issue a decision in either protest because the CIA reworked its request to address the companies? complaint. In early 2013, after weighing bids from Amazon Web Services, IBM and an unnamed third vendor, the CIA awarded a contract to AWS worth up to $600 million over a period of up to 10 years. The deal, handled in secret, was first reported by FCW in March 2013, sending ripples through the tech industry. A month after the deal became public, IBM filed a bid protest with GAO that the watchdog eventually upheld in June, forcing the CIA to reopen bids to both companies for the contract. A legal struggle between Amazon and Big Blue ensued, and AWS filed a lawsuit against the federal government in July 2013, claiming the GAO sustainment was a ?flawed? decision. In October, U.S. Court of Federal Claims Judge Thomas Wheeler sided with Amazon and overturned GAO?s decision to force the CIA to rebid the contract. Big Blue went home, AWS claimed victory under the deal?s original financial specs, and nearly 18 months after the procurement was first released, the CIA and Amazon went to work. It is difficult to underestimate the cloud contract?s importance. In a recent public appearance, CIA Chief Information Officer Douglas Wolfe called it ?one of the most important technology procurements in recent history,? with ramifications far outside the realm of technology. ?It?s going to take a few months to bring this online in a robust way, but it?s coming,? Wolfe said. ?And I think it?s going to make a big difference for national security.? Securing New Capabilities The Amazon-built cloud will operate behind the IC?s firewall, or more simply: It?s a public cloud built on private premises. Intelligence agencies will be able to host applications or order a variety of on-demand services like storage, computing and analytics. True to the National Institute of Standards and Technology definition of cloud computing, the IC cloud scales up or down to meet the need. In that regard, customers will pay only for services they actually use, which is expected to generate massive savings for the IC. ?We see this as a tremendous opportunity to sharpen our focus and to be very efficient,? Wolfe told an audience at AWS? annual nonprofit and government symposium in Washington. ?We hope to get speed and scale out of the cloud, and a tremendous amount of efficiency in terms of folks traditionally using IT now using it in a cost-recovery way.? Many agencies within the IC already have identified applications to move to the cloud. In a recent report, National Reconnaissance Office Chief Information Officer Donna Hansen said her agency had picked five applications, including its enterprise resource planning software, to migrate to the IC cloud. As with public clouds, the IC cloud will maximize automation and require standardized information, which will be shared through application programming interfaces, known as APIs. Amazon engineers will oversee the hardware because AWS owns the hardware and is responsible for maintaining it just as they do in the company?s public data centers. Whenever Amazon introduces a new innovation or improvement in cloud services, the IC cloud will evolve. Company officials say AWS made more than 200 such incremental improvements last year, ensuring a sort of built-in innovation to the IC cloud that will help the intelligence community keep pace with commercial advances. Wolfe said AWS? capacity to bring commercial innovation from places like Silicon Valley to the IC is one of the contract?s greatest benefits. Whenever AWS introduces new products, the CIA will be able to implement them. ?The biggest thing we were trying to do?the visionary folks a couple years ago?was answer the question, ?How do we keep up??? Wolfe said. ?The mission we have is important. The pace and complexity is really not [diminishing], in fact, it may be increasing. We feel it is very important to deliver the best IT and best products and services we can to our customers in the IC.? What of the data, though? Intelligence agencies are drowning in it, collecting and analyzing an amalgamation of information from sensors, satellites, surveillance efforts, open data repositories and human intelligence, among other sources. Is that data really secure in the cloud? The CIA is convinced it is. The IC cloud ?will be accredited and compliant with IC standards,? says a senior CIA official familiar with the IC cloud. It will, for example, be able to handle Sensitive Compartmented Information, a type of classified information. ?Security in the IC cloud will be as safe as or safer than security on our current data centers,? the senior CIA official says. Because the IC cloud will serve multiple tenants?the 17 agencies that comprise the IC?administrators will be able to restrict access to information based on the identity of the individual seeking it. The idea is to foster collaboration without compromising security. Visually, the IC cloud can be thought of as a workspace hanging off the IC?s shared network?a place where data can be loaded for a variety of tasks like computing or sharing. The IC cloud gives agencies additional means to share information in an environment where automated security isn?t a barrier to the sharing itself. This could prove vital in situations reminiscent of 9/11, in which national security is an immediate concern. Cloud vendors, including Amazon, have argued that cloud infrastructures can be more secure than traditional data centers because there are fewer points of entry, but the leaks by Snowden illustrate the potential threat from inside an organization. Snowden was able to access and download classified information intelligence officials said he shouldn?t have been able to access. To access information within the IC cloud, analysts must have the proper permissions. In addition, the standardized environment and automation means all activity within the cloud is logged and can be analyzed in near real-time. Some government officials view cloud computing as inherently less secure than computing on locally controlled servers, but the CIA?s acceptance of commercially developed cloud technology ?has been a wake-up call? to those who balk at it, according to John Pirc, a former CIA cybersecurity researcher who is now chief technology officer at NSS Labs, a security research firm. ?You hear so many people on the fence about cloud, and then to see the CIA gobble it up and do something so highly disruptive, it?s kind of cool,? says Pirc. ?To me, this removes the clouded judgment that cloud isn?t secure. Their moving forward with this should send a message to the rest of the industry that cloud is something you shouldn?t be afraid of.? Pirc is no stranger to disruptive technologies. At the CIA?s research labs in the early 2000s, he recalls virtualization?a technology that allows multiple operating systems to run simultaneously on the same servers, allowing for far more efficient computing?before it became an integral component of many IT enterprises. Intelligence agencies use commercial off-the-shelf technology all the time, but to Pirc, the importance of the cloud capabilities the CIA gets through leveraging Amazon Web Services? horsepower is best exemplified in computing intelligence data. Scalable computing is critical for fostering shared services and enhanced collaboration between disparate intelligence agencies. ?What it allows them to do is spin up servers and add more [computing power] fast, and when you?re computing intelligence data, the more compute power you have, the faster you can react,? Pirc says. ?In the private sector, compute is all about money and profit, but from my viewpoint when I worked for the agency, you?re working with extremely time-sensitive information. Being able to have that compute power, something that might have taken a couple of hours might instead take a few seconds. Profits aren?t lost when you make mistakes in the intelligence community?people die when you make mistakes.? A test scenario described by GAO in its June 2013 bid protest opinion suggests the CIA sought to compare how the solutions presented by IBM and Amazon Web Services could crunch massive data sets, commonly referred to as big data. Solutions had to provide a ?hosting environment for applications which process vast amounts of information in parallel on large clusters (thousands of nodes) of commodity hardware? using a platform called MapReduce. Through MapReduce, clusters were provisioned for computation and segmentation. Test runs assumed clusters were large enough to process 100 terabytes of raw input data. AWS? solution received superior marks from CIA procurement officials, according to GAO documentation, and was one of the chief reasons the agency selected Amazon. Limited Details The CIA declined to comment when Government Executive asked about the extent of the IC cloud?s capabilities or that of the National Security Agency?s cloud. Amazon also declined to describe the IC cloud?s technical capabilities. It is a good bet, though, that the AWS-built cloud for the IC will have capabilities at least equal to existing capabilities Amazon has already implemented across government. For example, the company provides the cloud bandwidth for the Securities and Exchange Commission?s collection of more than 1 billion trade records and more than a terabyte of new data per day through its Market Information Data Analytics System. This example may be prescient given that now-public surveillance efforts indicate the IC collects billions and perhaps trillions of pieces of metadata, phone and Internet records, and other various bits of information on an annual basis. The potential exists for the CIA to become one of AWS? largest customers. Within the intelligence community, examples abound where the cloud?s capabilities could significantly boost the mission. As the geospatial hub of the community, the National Geospatial-Intelligence Agency ingests, analyzes, metatags and reports all geo-intelligence and multisource content in its flagship program called Map of the World. Geospatial data?s importance to the IC has increased in recent years, as evidenced by NGA?s nearly $5 billion budget and its staff nearly doubling in size since 2004. For intensive applications like ingesting or analyzing geospatial data, scalable computing could have a significant impact on mission performance. The cloud also could improve the way the agency shares its large data sets. What the IC has done with cloud is not easily replicable, according to American Council for Technology President Rick Holgate, but it is worth paying attention to. ?The IC has a model other agencies should look to and aspire to in terms of transforming the way they think about delivering services across a large enterprise,? Holgate says. ?They are looking to common platforms and service delivery models across an entire enterprise, and not just gaining cost efficiencies, but to provide foundational capabilities to really allow it to operate.? Whether or not the IC cloud serves as an example for the rest of government, the CIA?s quest to buy innovation will loom large for years to come. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 14 11:31:47 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Jul 2014 12:31:47 -0400 Subject: [Infowarrior] - On the NSA, a White House credibility problem Message-ID: <928E4858-39E8-4347-A706-28C31AB82D13@infowarrior.org> 11:20 AM - July 14, 2014 On the NSA, a White House credibility problem The AP report on the destruction of The Guardian?s hard drives is just the latest evidence that reporters can?t trust the Obama administration on spying claims By David Uberti http://www.cjr.org/behind_the_news/a_white_house_credibility_prob.php On Friday, The Associated Press reported that the Obama administration had advance knowledge last year that the British government would force The Guardian to destroy hard drives containing documents leaked by Edward Snowden. Indeed, as declassified emails obtained through a Freedom of Information request show, National Security Agency officials even applauded the move. And Guardian editors, under government supervision, used power tools to destroy the hardware in the belly of their London offices on July 20, 2013. ?Good news, at least on this front,? current NSA Deputy Director Richard Ledgett wrote in an email, upon learning of the plan. James Clapper, the director of National Intelligence, subsequently confirmed the destruction of the hard drives. A month later, reporters asked then-White House Deputy Press Secretary Josh Earnest whether the administration knew of London?s move. Earnest said he couldn?t answer that question, adding, ?It?s hard for me to evaluate the propriety of what they did based on incomplete knowledge of what happened.? Of course, the highly redacted emails acquired by the AP contradict that claim, as The Guardian pointed out on Friday. But it should come as no surprise that the White House knowingly misled reporters. Obama administration officials have repeatedly relied on dishonesty and deception to shield the NSA?s surveillance programs from media scrutiny. Hand in glove? President Barack Obama listens as British Prime Minister David Cameron speaks during a news conference at the G7 summit in Belgium in June. (AP Photo/Charles Dharapak) In March 2013, for instance, just weeks before revelations surfaced that the NSA was sweeping up user data from Verizon, Clapper told the Senate Intelligence Committee that the United States did not collect intelligence on Americans. After the story broke in June of that year, Obama himself argued that NSA programs had helped avert 50 terrorist attacks worldwide, an assertion with little evidence behind it. US officials claimed Snowden couldn?t access thousands of emails collected under the Foreign Intelligence Surveillance Act?those messages have since been described in a Washington Post expose. And Obama told Jay Leno on The Tonight Show in August 2013, ?We don?t have a domestic spying program.? No matter how conservatively one defines ?spying,? continued reporting has repeatedly shown that?s not the case. The White House on Thursday told the AP that the British government had acted alone in destroying The Guardian?s hard drives. Glenn Greenwald, who broke the NSA story for The Guardian and continues to cover surveillance programs for The Intercept, argued Friday that such a lack of collaboration is ?virtually inconceivable.? Unlike their British counterparts, American officials must at least pay lip service to the First Amendment. While critics like Greenwald claim that American media have been complicit in NSA secrecy by accepting official statements as fact, stateside publications have continued reporting on Snowden?s documents, which comprise the largest national security leak in at least 40 years. That?s not to say that the White House has made it easy to report on national security. The Obama administration has pursued twice as many criminal leak investigations as any of its predecessors. Federal agencies, meanwhile, have tightened restrictions on officials speaking to the media. At a press briefing following the destruction of The Guardian?s hard drives last year, Earnest was asked whether such a move was possible in the United States. ?It?s very difficult to imagine a scenario in which that would be appropriate,? he said. Let?s hope that answer ? not to mention answers to any future questions on the NSA ? was the whole truth and nothing but. As recent history has shown, however, reporters shouldn?t take the White House?s word for it. - See more at: http://www.cjr.org/behind_the_news/a_white_house_credibility_prob.php#sthash.gCDqkxHz.dpuf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 14 14:57:47 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Jul 2014 15:57:47 -0400 Subject: [Infowarrior] - Pew Research: Global Opinions of U.S. Surveillance Message-ID: <92E63231-2512-4DB6-ADDA-3F8F868BEF0C@infowarrior.org> The Pew Research Center?s 2014 Global attitudes survey asked 48,643 respondents in 44 countries what they thought about the American government monitoring communications, such as emails and phone calls, in the U.S. and other countries. Specifically, global publics were asked whether the U.S. government?s alleged monitoring of communications from individuals suspected of terrorist activities, American citizens, citizens of the survey countries or the leaders of the survey countries is acceptable or unacceptable. http://www.pewglobal.org/2014/07/14/nsa-opinion/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 14 17:14:46 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Jul 2014 18:14:46 -0400 Subject: [Infowarrior] - GCHQ has tools to manipulate online information, leaked documents show Message-ID: <77705E2F-5072-472C-8B8A-A20BF335C0D3@infowarrior.org> GCHQ has tools to manipulate online information, leaked documents show Documents leaked by Edward Snowden reveal programs to track targets, spread information and manipulate online debates ? James Ball ? theguardian.com, Monday 14 July 2014 14.22 EDT http://www.theguardian.com/uk-news/2014/jul/14/gchq-tools-manipulate-online-information-leak The UK intelligence agency GCHQ has developed sophisticated tools to manipulate online polls, spam targets with SMS messages, track people by impersonating spammers and monitor social media postings, according to newly-published documents leaked by NSA whistleblower Edward Snowden. The documents ? which were published on First Look Media with accompanying analysis from Glenn Greenwald ? disclose a range of GCHQ "effects" programs aimed at tracking targets, spreading information, and manipulating online debates and statistics. The disclosure comes the day before the UK parliament is due to begin up to three days' debate on emergency legislation governing British surveillance capabilities. With cross-party support the bill is expected to be voted through this week. Among the programs revealed in the document are: ? GATEWAY: the "ability to artificially increase traffic to a website". ? CLEAN SWEEP which "masquerade[s] Facebook wall posts for individuals or entire countries". ? SCRAPHEAP CHALLENGE for "perfect spoofing of emails from BlackBerry targets". ? UNDERPASS to "change outcome of online polls". ? SPRING BISHOP to find "private photos of targets on Facebook". The document also details a range of programs designed to collect and store public postings from Facebook, Twitter, LinkedIn and Google+, and to make automated postings on several of the social networks. Capabilities to boost views of YouTube videos, or to boost the circulation of particular messages are also detailed. GCHQ has also, the document suggests, developed capabilities to scan and geolocate the IPs of entire cities at a time. The document does not detail the legal restrictions on using any of the programs, nor state how often any were deployed. Several of the programs, though, are described as being at "pilot" stage. GCHQ declined to provide First Look Media with a detailed statement, but told the outlet all its programs were "in accordance with a strict legal and policy framework" with "rigorous oversight". Greenwald characterised the GCHQ statement as "questionable" in his article. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 20 21:13:41 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Jul 2014 22:13:41 -0400 Subject: [Infowarrior] - The Reagan rule that lets the NSA spy on Americans Message-ID: <77FF5B96-CD71-48CF-9D72-FF444C46F3D3@infowarrior.org> Meet Executive Order 12333: The Reagan rule that lets the NSA spy on Americans The National Security Agency campus in Fort Meade, Md. (Patrick Semansky/Associated Press) By John Napier Tye July 18 http://www.washingtonpost.com/opinions/meet-executive-order-12333-the-reagan-rule-that-lets-the-nsa-spy-on-americans/2014/07/18/93d2ac22-0b93-11e4-b8e5-d0de80767fc2_story.html John Napier Tye served as section chief for Internet freedom in the State Department?s Bureau of Democracy, Human Rights and Labor from January 2011 to April 2014. He is now a legal director of Avaaz, a global advocacy organization. In March I received a call from the White House counsel?s office regarding a speech I had prepared for my boss at the State Department. The speech was about the impact that the disclosure of National Security Agency surveillance practices would have on U.S. Internet freedom policies. The draft stated that ?if U.S. citizens disagree with congressional and executive branch determinations about the proper scope of signals intelligence activities, they have the opportunity to change the policy through our democratic process.? But the White House counsel?s office told me that no, that wasn?t true. I was instructed to amend the line, making a general reference to ?our laws and policies,? rather than our intelligence practices. I did. Even after all the reforms President Obama has announced, some intelligence practices remain so secret, even from members of Congress, that there is no opportunity for our democracy to change them. Public debate about the bulk collection of U.S. citizens? data by the NSA has focused largely on Section 215 of the Patriot Act, through which the government obtains court orders to compel American telecommunications companies to turn over phone data. But Section 215 is a small part of the picture and does not include the universe of collection and storage of communications by U.S. persons authorized under Executive Order 12333. From 2011 until April of this year, I worked on global Internet freedom policy as a civil servant at the State Department. In that capacity, I was cleared to receive top-secret and ?sensitive compartmented? information. Based in part on classified facts that I am prohibited by law from publishing, I believe that Americans should be even more concerned about the collection and storage of their communications under Executive Order 12333 than under Section 215. Bulk data collection that occurs inside the United States contains built-in protections for U.S. persons, defined as U.S. citizens, permanent residents and companies. Such collection must be authorized by statute and is subject to oversight from Congress and the Foreign Intelligence Surveillance Court. The statutes set a high bar for collecting the content of communications by U.S. persons. For example, Section 215 permits the bulk collection only of U.S. telephone metadata ? lists of incoming and outgoing phone numbers ? but not audio of the calls. Executive Order 12333 contains no such protections for U.S. persons if the collection occurs outside U.S. borders. Issued by President Ronald Reagan in 1981 to authorize foreign intelligence investigations, 12333 is not a statute and has never been subject to meaningful oversight from Congress or any court. Sen. Dianne Feinstein (D-Calif.), chairman of the Senate Select Committee on Intelligence, has said that the committee has not been able to ?sufficiently? oversee activities conducted under 12333. Unlike Section 215, the executive order authorizes collection of the content of communications, not just metadata, even for U.S. persons. Such persons cannot be individually targeted under 12333 without a court order. However, if the contents of a U.S. person?s communications are ?incidentally? collected (an NSA term of art) in the course of a lawful overseas foreign intelligence investigation, then Section 2.3(c) of the executive order explicitly authorizes their retention. It does not require that the affected U.S. persons be suspected of wrongdoing and places no limits on the volume of communications by U.S. persons that may be collected and retained. ?Incidental? collection may sound insignificant, but it is a legal loophole that can be stretched very wide. Remember that the NSA is building a data center in Utah five times the size of the U.S. Capitol building, with its own power plant that will reportedly burn $40 million a year in electricity. ?Incidental collection? might need its own power plant. A legal regime in which U.S. citizens? data receives different levels of privacy and oversight, depending on whether it is collected inside or outside U.S. borders, may have made sense when most communications by U.S. persons stayed inside the United States. But today, U.S. communications increasingly travel across U.S. borders ? or are stored beyond them. For example, the Google and Yahoo e-mail systems rely on networks of ?mirror? servers located throughout the world. An e-mail from New York to New Jersey is likely to wind up on servers in Brazil, Japan and Britain. The same is true for most purely domestic communications. Executive Order 12333 contains nothing to prevent the NSA from collecting and storing all such communications ? content as well as metadata ? provided that such collection occurs outside the United States in the course of a lawful foreign intelligence investigation. No warrant or court approval is required, and such collection never need be reported to Congress. None of the reforms that Obama announced earlier this year will affect such collection. Without any legal barriers to such collection, U.S. persons must increasingly rely on the affected companies to implement security measures to keep their communications private. The executive order does not require the NSA to notify or obtain consent of a company before collecting its users? data. The attorney general, rather than a court, must approve ?minimization procedures? for handling the data of U.S. persons that is collected under 12333, to protect their rights. I do not know the details of those procedures. But the director of national intelligence recently declassified a document (United States Signals Intelligence Directive 18) showing that U.S. agencies may retain such data for five years. Before I left the State Department, I filed a complaint with the department?s inspector general, arguing that the current system of collection and storage of communications by U.S. persons under Executive Order 12333 violates the Fourth Amendment, which prohibits unreasonable searches and seizures. I have also brought my complaint to the House and Senate intelligence committees and to the inspector general of the NSA. I am not the first person with knowledge of classified activities to publicly voice concerns about the collection and retention of communications by U.S. persons under 12333. The president?s own Review Group on Intelligence and Communication Technologies, in Recommendation 12 of its public report, addressed the matter. But the review group coded its references in a way that masked the true nature of the problem. At first glance, Recommendation 12 appears to concern Section 702 of the FISA Amendments Act, which authorizes collection inside the United States against foreign targets outside the United States. Although the recommendation does not explicitly mention Executive Order 12333, it does refer to ?any other authority.? A member of the review group confirmed to me that this reference was written deliberately to include Executive Order 12333. Recommendation 12 urges that all data of U.S. persons incidentally collected under such authorities be immediately purged unless it has foreign intelligence value or is necessary to prevent serious harm. The review group further recommended that a U.S. person?s incidentally collected data never be used in criminal proceedings against that person, and that the government refrain from searching communications by U.S. persons unless it obtains a warrant or unless such searching is necessary to prevent serious harm. The White House understood that Recommendation 12 was intended to apply to 12333. That understanding was conveyed to me verbally by several White House staffers, and was confirmed in an unclassified White House document that I saw during my federal employment and that is now in the possession of several congressional committees. In that document, the White House stated that adoption of Recommendation 12 would require ?significant changes? to current practice under Executive Order 12333 and indicated that it had no plans to make such changes. All of this calls into question some recent administration statements. Gen. Keith Alexander, a former NSA director, has said publicly that for years the NSA maintained a U.S. person e-mail metadata program similar to the Section 215 telephone metadata program. And he has maintained that the e-mail program was terminated in 2011 because ?we thought we could better protect civil liberties and privacy by doing away with it.? Note, however, that Alexander never said that the NSA stopped collecting such data ? merely that the agency was no longer using the Patriot Act to do so. I suggest that Americans dig deeper. Consider the possibility that Section 215 collection does not represent the outer limits of collection on U.S. persons but rather is a mechanism to backfill that portion of U.S. person data that cannot be collected overseas under 12333. Proposals for replacing Section 215 collection are currently being debated in Congress. We need a similar debate about Executive Order 12333. The order as used today threatens our democracy. There is no good reason that U.S. citizens should receive weaker privacy and oversight protections simply because their communications are collected outside, not inside, our borders. I have never made any unauthorized disclosures of classified information, nor would I ever do so. I fully support keeping secret the targets, sources and methods of U.S. intelligence as crucial elements of national security. I was never a disgruntled federal employee; I loved my job at the State Department. I left voluntarily and on good terms to take a job outside of government. A draft of this article was reviewed and cleared by the State Department and the NSA to ensure that it contained no classified material. When I started at the State Department, I took an oath to protect the Constitution of the United States. I don?t believe that there is any valid interpretation of the Fourth Amendment that could permit the government to collect and store a large portion of U.S. citizens? online communications, without any court or congressional oversight, and without any suspicion of wrongdoing. Such a legal regime risks abuse in the long run, regardless of whether one trusts the individuals in office at a particular moment. I am coming forward because I think Americans deserve an honest answer to the simple question: What kind of data is the NSA collecting on millions, or hundreds of millions, of Americans? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 20 21:13:50 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Jul 2014 22:13:50 -0400 Subject: [Infowarrior] - As China Stalks Satellites, U.S. and Japan Prepare to Defend Them Message-ID: <406D05C0-A614-4C51-AC2D-5D86D293BDE9@infowarrior.org> As China Stalks Satellites, U.S. and Japan Prepare to Defend Them By Brian Bremner July 17, 2014 http://www.businessweek.com/articles/2014-07-17/u-dot-s-dot-japan-prepare-to-defend-satellites-from-chinese-attack#r=rss In May 2013 the Chinese government conducted what it called a science space mission from the Xichang Satellite Launch Center in southwest China. Half a world away, Brian Weeden, a former U.S. Air Force officer, wasn?t buying it. The liftoff took place at night and employed a powerful rocket as well as a truck-based launch vehicle?all quite unusual for a science project, he says. In a subsequent report for the Secure World Foundation, the space policy think tank where he works, Weeden concluded that the Chinese launch was more likely a test of a mobile rocket booster for an antisatellite (ASAT) weapon that could reach targets in geostationary orbit about 22,236 miles above the equator. That?s the stomping grounds of expensive U.S. spacecraft that monitor battlefield movements, detect heat from the early stages of missile launches, and help orchestrate drone fleets. ?This is the stuff the U.S. really cares about,? Weeden says. The Pentagon never commented in detail on last year?s launch?and the Chinese have stuck to their story. U.S. and Japanese analysts say China has the most aggressive satellite attack program in the world. It has staged at least six ASAT missile tests over the past nine years, including the destruction of a defunct Chinese weather satellite in 2007. ?It?s part of a Chinese bid for hegemony, which is not just about controlling the oceans but airspace and, as an extension of that, outer space,? says Minoru Terada, deputy secretary-general of Japan?s ruling Liberal Democratic Party. Besides testing missiles that can intercept and destroy satellites, the Chinese have developed jamming techniques to disrupt satellite communications. In addition, says Lance Gatling, president of Nexial Research, an aerospace consultant in Tokyo, the Chinese have studied ground-based lasers that could take down a satellite?s solar panels, and satellites equipped with grappling arms that could co-orbit and then disable expensive U.S. hardware. To defend themselves against China, the U.S. and Japan are in the early stages of integrating their space programs as part of negotiations to update their defense policy guidelines. In May, Washington and Tokyo discussed ways to coordinate their GPS systems to better track what?s going on in space and on the oceans. A recent Japanese cabinet decision eased long-standing limits on the military forces? ability to come to the aid of allies under attack. The U.S. is most vulnerable to a Chinese attack because 43 percent of all satellites in orbit belong to the U.S. military or U.S. companies, according to a Council on Foreign Relations report in May by Micah Zenko. Japan has four spy satellites in service, and a consortium of Japanese companies led by Sky Perfect Jsat Holdings (9412:JP) and NEC (6701:JP) is building two additional communication satellites that will transmit encrypted data. The U.S. has about 30 spy satellites in orbit. Story: China's Xi Ratchets Up Pressure on Japan Both countries have sunk billions of dollars into a sophisticated missile defense system that relies in part on data from U.S. spy satellites. That?s why strategists working for China?s People?s Liberation Army have published numerous articles in defense journals about the strategic value of chipping away at U.S. domination in space. ?How many missile defense tests have Americans carried out?? says Yue Gang, a retired PLA colonel who worked on ASAT technologies. ?China has only conducted a couple of tests, and that?s enough to make them unable to sit still.? Weeden says the U.S. is exploring other ways to mitigate the perceived threat from China, including dispatching a fleet of smaller, mobile satellites that would be harder for adversaries to find and destroy. Enabling satellite transmitters to quickly hop between frequencies could address the Chinese jamming threat, Gatling says. In June the U.S. Air Force awarded Lockheed Martin (LMT) a $914 million contract to build a ground-based radar system that will track objects as small as a baseball, which could help identify a satellite attack as it?s happening. ?Destroying someone?s satellite is an act of war,? says Dave Baiocchi, an engineering professor at the Pardee RAND Graduate School. ?You need to know what?s going on up there.? The bottom line: The U.S. and Japan are integrating their space programs to ward off China in the sky. With Isabel Reynolds, Maiko Takahashi, and Ting Shi Bremner is an assistant managing editor for Bloomberg Businessweek. Follow him at @bxbremner. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Jul 20 22:04:29 2014 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Jul 2014 23:04:29 -0400 Subject: [Infowarrior] - =?windows-1252?q?=93We_Choose_The_Moon=94?= Message-ID: <0E77821C-530A-48BF-B98D-D371C4EFA8B1@infowarrior.org> (NASA-TV doing video replay this evening: http://www.nasa.gov/multimedia/nasatv/ .. Neil just stepped off the LEM as I send this.) ?We Choose The Moon? - TTG http://turcopolier.typepad.com/sic_semper_tyrannis/2014/07/we-choose-the-moon-ttg.html Forty-five years ago this night, Neil Armstrong became the first man to step onto the moon. It was an exhilarating event in the U.S. and in much of the world. I did not see it on TV. Instead, I was camping with two of my friends. On this night, forty-five years ago, we were lying in our sleeping bags on a thick bed of pine needles on top of a pine covered hill overlooking a local reservoir. The land was posted, but we were adept at stealth camping. We had a perfect view of the full moon on a clear warm night. Normally, we never had a radio or even a watch when we camped. But this time we made an exception. I carried a small transistor radio to listen to Walter Cronkite narrate the landing. Looking back on it, we made the right decision. It was glorious to be surrounded by nature looking at the moon with our own eyes while listening to history being made. Given the state of the world today and the craven cowardice of so many of our politicians and pundits, I find solace in what we once were. It's either that or rum. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 22 06:23:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Jul 2014 07:23:55 -0400 Subject: [Infowarrior] - 9/11 Commission Reflects on 10 Years of Security Message-ID: Commission releases updated list of post 9/11 concerns Tuesday - 7/22/2014, 6:14am ET By J.J. Green http://www.wtop.com/215/3667024/10-years-after-911-Commission-report WASHINGTON -- Ten years ago Tuesday, the members of the National Commission on Terrorist Attacks upon the United States issued the 9/11 Commission Report, the official account of the horrific attacks of Sept. 11, 2001. A decade later, the members have reconvened as private citizens to reflect upon the changes of the past 10 years and the emerging threats the U.S. faces as a country. In recent months, they have spoken with some of the country's most senior national security leaders -- current and recently retired. What the former commissioners, now working as the Bi-Partisan Policy Center, found: "counterterrorism fatigue and a waning sense of urgency among the public threaten U.S. security." < -- > They laid out several recommendations encompassing policy changes and budgetary suggestions to remedy their concerns. Their recommendations include: ? To sustain public support for policies and resource levels, national security leaders must communicate to the public -- in specific terms -- what the threat is, how it is evolving, what measures are being taken to address it, why those measures are necessary, and what specific protections are in place to protect civil liberties. In this era of heightened skepticism, platitudes will not persuade the public. Leaders should describe the threat and the capabilities they need with as much granularity as they can safely offer. ? Congress and the president should revise the September 2001 Authorization for the Use of Military Force. The administration should clearly explain (1) whether it needs new legal authority to confront threats like ISIS and (2) how far, in its view, any new authority should extend. ? Reiterating what they said in The 9/11 Commission Report: Congress should oversee and legislate for Department of Homeland Security through one primary authorizing committee. DHS should receive the same streamlined oversight as the Department of Defense. At the very minimum, the next Congress should sharply reduce the number of committees and subcommittees with some jurisdiction over the department. ? These changes should take effect when the next Congress convenes, and the House and Senate adopt new rules in January. Planning should begin now to make this possible. ? Government officials should explain to the public -- in clear, specific terms -- the severity of the cyber threat and what the stakes are for the country. Public and private-sector leaders should also explain what private citizens and businesses can do to protect their systems and data. "The absence of another major attack on the homeland is a success in itself but does not mean that the terrorist threat has diminished," the commissioners concluded. National Commission on Terrorist Attacks upon the United States released the report at midnight Tuesday. Read it below. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 22 06:31:34 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Jul 2014 07:31:34 -0400 Subject: [Infowarrior] - Meet the Online Tracking Device That is Virtually Impossible to Block Message-ID: Meet the Online Tracking Device That is Virtually Impossible to Block A new kind of tracking tool, canvas fingerprinting, is being used to follow visitors to thousands of top websites, from WhiteHouse.gov to YouPorn. by Julia Angwin ProPublica, July 21, 2014, 9 a.m. http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block Update: A YouPorn.com spokesperson said that the website was "completely unaware that AddThis contained a tracking software that had the potential to jeopardize the privacy of our users." After this article was published, YouPorn removed AddThis technology from its website. This story was co-published with Mashable. A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com. First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor?s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user?s device a number that uniquely identifies it. Canvas Fingerprinting in Action Watch your browser generate a unique fingerprint image. This is for informational purposes only and no fingerprint information is sent to ProPublica. (Mike Tigas, ProPublica) Even the slightest change in one pixel ? one dot in the image ? can create a totally new ID. Different computers and web browsers may draw the image differently, resulting in an ID that is semi-unique to a user. Tracking code can use techniques like this to follow users from website to website ? even when cookies are disabled in a user's web browser. Fingerprints used for tracking are normally hidden from the user and ? unlike this demonstration ? don't require a user's permission to draw. Like other tracking tools, canvas fingerprints are used to build profiles of users based on the websites they visit ? profiles that shape which ads, news articles, or other types of content are displayed to them. But fingerprints are unusually hard to block: They can?t be prevented by using standard Web browser privacy settings or using anti-tracking tools such as AdBlock Plus. The researchers found canvas fingerprinting computer code, primarily written by a company called AddThis, on 5 percent of the top 100,000 websites. Most of the code was on websites that use AddThis? social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. (A list of all the websites on which researchers found the code is here). Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace ?cookies,? the traditional way that users are tracked, via text files installed on their computers. ?We?re looking for a cookie alternative,? Harris said in an interview. Harris said the company considered the privacy implications of canvas fingerprinting before launching the test, but decided ?this is well within the rules and regulations and laws and policies that we have.? He added that the company has only used the data collected from canvas fingerprints for internal research and development. The company won?t use the data for ad targeting or personalization if users install the AddThis opt-out cookie on their computers, he said. Arvind Narayanan, the computer science professor who led the Princeton research team, countered that forcing users to take AddThis at its word about how their data will be used, is ?not the best privacy assurance.? Device fingerprints rely on the fact that every computer is slightly different: Each contains different fonts, different software, different clock settings and other distinctive features. Computers automatically broadcast some of their attributes when they connect to another computer over the Internet. Tracking companies have long sought to use those differences to uniquely identifydevices for online advertising purposes, particularly as Web users are increasinglyusing ad-blocking software and deleting cookies. In May 2012, researchers at the University of California, San Diego, noticed that a Web programming feature called ?canvas? could allow for a new type of fingerprint? by pulling in different attributes than a typical device fingerprint. In June, the Tor Project added a feature to its privacy-protecting Web browser to notify users when a website attempts to use the canvas feature and sends a blank canvas image. But other Web browsers did not add notifications for canvas fingerprinting. A year later, Russian programmer Valentin Vasilyev noticed the study and added a canvas feature to freely available fingerprint code that he had posted on the Internet. The code was immediately popular. But Vasilyev said that the company he was working for at the time decided against using the fingerprint technology. ?We collected several million fingerprints but we decided against using them because accuracy was 90 percent,? he said, ?and many of our customers were on mobile and the fingerprinting doesn?t work well on mobile.? Vasilyev added that he wasn?t worried about the privacy concerns of fingerprinting. ?The fingerprint itself is a number which in no way is related to a personality,? he said. AddThis improved upon Vasilyev?s code by adding new tests and using the canvas to draw a pangram ?Cwm fjordbank glyphs vext quiz? ? a sentence that uses every letter of the alphabet at least once. This allows the company to capture slight variations in how each letter is displayed. AddThis said it rolled out the feature to a small portion of the 13 million websites on which its technology appears, but is considering ending its test soon. ?It?s not uniquely identifying enough,? Harris said. AddThis did not notify the websites on which the code was placed because ?we conduct R&D projects in live environments to get the best results from testing,? according to a spokeswoman. She added that the company does not use any of the data it collects ? whether from canvas fingerprints or traditional cookie-based tracking ? from government websites including WhiteHouse.gov for ad targeting or personalization. The company offered no such assurances about data it routinely collects from visitors to other sites, such as YouPorn.com. YouPorn.com did not respond to inquiries from ProPublica about whether it was aware of AddThis? test of canvas fingerprinting on its website. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 22 06:43:22 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Jul 2014 07:43:22 -0400 Subject: [Infowarrior] - DHS: EMS is great time to 'identify' extremists Message-ID: <9291EF2B-3459-4AB0-A157-5D7CF293E6F8@infowarrior.org> (Given the intellectual capacity of both victims and over-zealous responders alike, I can't imagine how many false positives this brain-child will generate, do you? --rick) DHS Tells Firefighters, Paramedics Medical Treatment Provides an Opportunity to Identify Extremists July 22, 2014 https://publicintelligence.net/dhs-medical-treatment-extremists/ A joint bulletin released in March by the Department of Homeland Security, FBI and National Counterterrorism Center instructs firefighters and paramedics to use emergency medical treatment as an opportunity to identify violent extremists. The March 2014 bulletin obtained by Public Intelligence titled ?Emergency Medical Treatment Presents Opportunity for Discovery of Violent Extremist Activities? is part of the Fire Line series distributed to firefighters, emergency medical service personnel and other first responders around the country. The bulletin states that efforts to ?gain expertise with explosive, incendiary, and chemical/biological devices may lead to injuries and emergency treatment, which may provide potential indicators of violent extremist activities to responding emergency medical service (EMS) personnel.? An initial ?size-up? of the scene and ?patient assessment? provide first responders with the ability to ?evaluate whether an injury is a genuine accident or related to violent extremist activity.? For example, ?hastily or expediently treated injuries? observed by first responders ?may be an indicator of illicit activity as actors injured in nefarious activity are often not inclined to seek legitimate medical attention, or use efforts that are designed to mislead or obscure the genuine nature of the injury.? Other indicators include ?shock or infection accompanying healing wounds, or corrective treatment for healed wounds? often without plausable explanation ?may be signs of suspicious activity.? To support its claims, the bulletin cites the January 2014 arrest of a Maryland man named Todd Dwight Wheeler Jr. for making and possessing explosive materials. According to the Baltimore Sun, Wheeler was arrested after one of his relatives called 911 and reported that he may be suicidal. Paramedics reportedly found Wheeler ?suffering from injuries caused by ?chemical or mechanical reactions?? including ?burns to one of his limbs that paramedics determined could have come from a blast.? After speaking with Wheeler, first responders ?became suspicious of his story, suspicious of his injuries and suspicious of his distinct chemical odor.? Police later searched the home with help from Bureau of Alcohol, Tobacco, Firearms and Explosives agents finding several ?completed bombs?, ?more than 100 pounds of chemicals, including acids, fuels, oxidizers and explosives precursors?, ?components of destructive devices, including igniters and detonators?, ?an automatic Ruger Mini-14 rifle, other guns and knives? as well as ?manuals and books detailing explosive manufacturing and booby traps, with titles like The Poor Man?s James Bond, Booby Traps, Deadly Brew and Highly Explosive Pyrotechnic Compositions.? Under a plea agreement entered in May, Wheeler pled guilty to one count of ?being a prohibited person in possession of firearms.? He faces up to ten years in prison. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 22 16:26:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Jul 2014 17:26:49 -0400 Subject: [Infowarrior] - Black Hat Cancels Presentation on Cracking Tor Message-ID: <583FBF58-7B84-4AA9-8EE0-8871A6BA10AC@infowarrior.org> Black Hat Cancels Presentation on Cracking Tor ? By Chloe Albanesius ? July 22, 2014 01:45pm EST http://www.pcmag.com/article2/0,2817,2461204,00.asp A presentation at the Black Hat conference about weaknesses within the Tor network has been canceled. Alexander Volynkin, a researcher with CERT/Carnegie Mellon, was scheduled to give a talk titled "You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget" at the hacker conference, which kicks off Aug. 2. But conference organizers this week announced that the presentation has been pulled form the lineup after the Software Engineering Institute (SEI) and Carnegie Mellon University informed them that "the materials that [Volynkin] would be speaking about have not yet [been] approved by CMU/SEI for public release." Tor is a free network of tunnels for routing Web requests and page downloads. It's supposed to make it impossible for the site you access to figure out who you are, and was once an acronym for "The Onion Network," the implication being there are many layers of security offered. Last year, documents leaked by Edward Snowden suggested that federal agencies were working on cracking Tor to identify those using it. It appeared, however, that only those with vulnerable bugs were susceptible to interception. There are legitimate reasons why law enforcement might want to crack Tor. The online black market Silk Road obscured its activities using Tor, after all. However, Web users who want a little Internet anonymity for non-nefarious purposes might also find themselves in the NSA's clutches. A report released earlier this month from German site Tagesschau found that the NSA flags anyone using the Tor network for long-term surveillance and retention. In a blog post, Roger Dingledine, an original developer of Tor and current project leader, director, and researcher at The Tor Project, said Tor did not ask Black Hat or CERT to cancel Volynkin's talk. "We did (and still do) have questions for the presenter and for CERT about some aspects of the research, but we had no idea the talk would be pulled before the announcement was made," Dingledine wrote. CERT "informally" showed Tor some of its materials in response to Tor's questions, but "we never received slides or any description of what would be presented in the talk itself beyond what was available on the Black Hat Webpage," Dingledine said. In a follow-up post on the Tor Project forums, Dingledine said he believes he has a handle on the exploit that Volynkin identified and how to fix it. But it "would have been smoother if [CERT had] opted to tell us everything." Still, Tor is trying to be "delicate" so as not to discourage researchers from reporting bugs in the future. "We encourage research on the Tor network along with responsible disclosure of all new and interesting attacks," he said. "Researchers who have told us about bugs in the past have found us pretty helpful in fixing issues, and generally positive to work with." For now, Tor plans to roll "out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn't the end of the world. And of course these things are never as simple as 'close that one bug and you're 100 percent safe.?" --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 23 16:18:45 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Jul 2014 17:18:45 -0400 Subject: [Infowarrior] - The Secret Government Rulebook For Labeling You a Terrorist Message-ID: The Secret Government Rulebook For Labeling You a Terrorist By Jeremy Scahill and Ryan Devereaux 23 Jul 2014, 2:45 PM EDT 59 The Obama administration has quietly approved a substantial expansion of the terrorist watchlist system, authorizing a secret process that requires neither ?concrete facts? nor ?irrefutable evidence? to designate an American or foreigner as a terrorist, according to a key government document obtained by The Intercept. The ?March 2013 Watchlisting Guidance,? a 166-page document issued last year by the National Counterterrorism Center, spells out the government?s secret rules for putting individuals on its main terrorist database, as well as the no fly list and the selectee list, which triggers enhanced screening at airports and border crossings. The new guidelines allow individuals to be designated as representatives of terror organizations without any evidence they are actually connected to such organizations, and it gives a single White House official the unilateral authority to place ?entire categories? of people the government is tracking onto the no fly and selectee lists. It broadens the authority of government officials to ?nominate? people to the watchlists based on what is vaguely described as ?fragmentary information.? It also allows for dead people to be watchlisted. Over the years, the Obama and Bush Administrations have fiercely resisted disclosing the criteria for placing names on the databases?though the guidelines are officially labeled as unclassified. In May, Attorney General Eric Holder even invoked the state secrets privilege to prevent watchlisting guidelines from being disclosed in litigation launched by an American who was on the no fly list. In an affidavit, Holder called them a ?clear roadmap? to the government?s terrorist-tracking apparatus, adding: ?The Watchlisting Guidance, although unclassified, contains national security information that, if disclosed ? could cause significant harm to national security.? The rulebook, which The Intercept is publishing in full, was developed behind closed doors by representatives of the nation?s intelligence, military, and law-enforcement establishment, including the Pentagon, CIA, NSA, and FBI. Emblazoned with the crests of 19 agencies, it offers the most complete and revealing look into the secret history of the government?s terror list policies to date. It reveals a confounding and convoluted system filled with exceptions to its own rules, and it relies on the elastic concept of ?reasonable suspicion? as a standard for determining whether someone is a possible threat. Because the government tracks ?suspected terrorists? as well as ?known terrorists,? individuals can be watchlisted if they are suspected of being a suspected terrorist, or if they are suspected of associating with people who are suspected of terrorism activity. ?Instead of a watchlist limited to actual, known terrorists, the government has built a vast system based on the unproven and flawed premise that it can predict if a person will commit a terrorist act in the future,? says Hina Shamsi, the head of the ACLU?s National Security Project. ?On that dangerous theory, the government is secretly blacklisting people as suspected terrorists and giving them the impossible task of proving themselves innocent of a threat they haven?t carried out.? Shamsi, who reviewed the document, added, ?These criteria should never have been kept secret.? The document?s definition of ?terrorist? activity includes actions that fall far short of bombing or hijacking. In addition to expected crimes, such as assassination or hostage-taking, the guidelines also define destruction of government property and damaging computers used by financial institutions as activities meriting placement on a list. They also define as terrorism any act that is ?dangerous? to property and intended to influence government policy through intimidation. < - > https://firstlook.org/theintercept/article/2014/07/23/blacklisted/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Jul 23 16:23:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Jul 2014 17:23:00 -0400 Subject: [Infowarrior] - Howard "Hollywood Should You" Berman lobbying for MPAA Message-ID: <063A599D-0120-4512-A413-53D29A75861B@infowarrior.org> Former 'Representative From Disney' Howard Berman Makes It Official: Starts Lobbying For Hollywood from the hollywood-howard-gets-his-payday dept https://www.techdirt.com/articles/20140722/16063827972/former-representative-disney-howard-berman-makes-it-official-starts-lobbying-hollywood.shtml For years, Hollywood's biggest player in Congress when it came to copyright policy was Rep. Howard Berman. He was often referred to as the Representative from Disney for his willingness to always push for more expansive copyright policies. While he was sometimes called the Rep from Hollywood, I believe his actual district was "adjacent to" Hollywood, though it "included parts of" Hollywood as well. Either way, in 2012, thanks to redistricting, Berman went up against another longterm LA Representative, Brad Sherman, and lost. Berman quickly became a lobbyist, and now it's come out that he's officially lobbying for the MPAA on "issues related to intellectual property protection" because of course he is. Not much else to say about this other than it's yet another example of the revolving door and the nature of back-scratching that happens in DC. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 24 12:47:15 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Jul 2014 13:47:15 -0400 Subject: [Infowarrior] - Former FISA Judge: Fixing what ails the FISA Message-ID: <23CD3065-89BB-4F32-8D16-A380A0D36B7D@infowarrior.org> July 24, 2014, 11:00 am Fixing what ails the FISA By Judge James G. Carr http://thehill.com/blogs/congress-blog/judicial/213137-fixing-what-ails-the-fisa Immediately after last year?s Snowden disclosures about NSA?s collection, with approval from the Foreign Intelligence Surveillance Court (FISC), of telephone metadata, Congress appeared determined to mandate significant changes in intelligence gathering activities. The reforms to the Federal Intelligence Surveillance Act (FISA) Congress may be about to implement are less than needed to enhance judicial oversight and public confidence in the FISC. The House-passed ?USA Freedom Act? would require appointment of an ?amicus curiae? (friend of the court) when ?in the opinion? of the FISC an application raises a ?novel or significant interpretation of the law.? An amicus represents no one. Instead, an amicus participates solely for the court?s benefit. This will not achieve true reform, which requires appointment of an attorney to represent the target (whether the target is an individual, group, or the public at large). Unlike an amicus, an attorney would have standing on behalf of the target to appeal to the Foreign Intelligence Surveillance Court of Review. Oversight of the FISC is a judicial, not a legislative function: appellate courts alone oversee and control the work of lower courts. Failure to appoint counsel for the targets will silence the advocate?s voice when it most must be heard ? on appeal. Enabling adversarial appellate review is crucial to increased confidence in the FISC and its work. If Congress is unwilling to authorize counsel before the FISC, it should consider an alternative procedure to enable appellate review of decisions adverse to targets? privacy interests: namely, authorizing the FISC, on application by the amicus, to certify questions for FISCR review. That Court, on accepting an appeal, should also have authority to appoint the amicus to brief and argue on the target?s behalf. Under this approach appellate review is uncertain, but more possible than under the House bill. Another defect in the House bill is that it leaves appointment to the discretion of individual FISC judges, who might differ in similar circumstances as to the need for appointment. Congress can easily eliminate that risk by requiring appointment whenever the government, as Rule 11 of the FISC Rules of Procedure requires, notifies the Court that an application raises an issue not previously presented to the Court. Using FISC Rule 11 as a trigger would ensure appointment when an application involves new surveillance methods. Both new legal issues, as in the House Bill, and new technological issues, as allowed under Rule 11, equally deserve full hearing before the FISC. The House bill improperly gives the executive branch exclusive authority to determine whom the FISC may appoint. To ensure public confidence in the independence of the appointee the FISC should control the appointment decision. Alternatively, the Privacy and Civil Liberties Oversight Board or some other independent agency might select the appointee. Another important change, publication of FISC opinions, can inform the public about and increase its confidence in the Court?s work. While most FISC applications are routine, and opinions are quite few, when FISC judges do write their pronouncements, at least on matters of law, it should become known. The House bill takes a half step by authorizing the Attorney General to declassify and permit publication of FISC opinions. To maximize public awareness of and confidence in the Court?s handiwork, it should play an active role in deciding what it may, without endangering national security, publish. The Court may have inherent authority to issue an order to the government to show cause why publication should not occur. Even if so, Congress should expressly authorize the court to do so. Following a hearing on the government?s objections, with counsel (or amicus) for the target likewise participating, the FISC can decide what the public properly can learn. Appellate review should thereafter be available. The House version of the USA Freedom Act needs reconsideration and revision. Each of my proposed reforms is simple, easy to implement, inexpensive, and should be noncontroversial. These changes can improve oversight, especially by the FISCR, and in that and other ways enhance confidence in the FISC. Most importantly, with these changes, Congress will enhance our constitutional right, in the words of Justice Louis D. Brandeis, ?to be left alone.? Carr is a federal district judge for the United States District Court for the Northern District of Ohio. He was a FISC judge from 2002 to 2008, appointed by former Chief Justice William Rehnquist. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Jul 25 05:55:14 2014 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Jul 2014 06:55:14 -0400 Subject: [Infowarrior] - Intelligence security initiatives have chilling effect on federal whistleblowers, critics say Message-ID: <7D6203F4-E3B0-4660-95CB-367B06C31491@infowarrior.org> Intelligence security initiatives have chilling effect on federal whistleblowers, critics say http://www.washingtonpost.com/world/national-security/intelligence-security-initiatives-have-chilling-effect-on-federal-whistleblowers-critics-say/2014/07/23/c9dfd794-0ea0-11e4-8341-b8072b1e7348_story.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 28 11:39:51 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Jul 2014 12:39:51 -0400 Subject: [Infowarrior] - Regarding unlocking & consumer freedom Message-ID: What a new law about cellphone unlocking has to do with coffee, cars and consumer freedom By Brian Fung July 28 at 11:39 AM http://www.washingtonpost.com/blogs/the-switch/wp/2014/07/28/what-a-new-law-about-cell-phone-unlocking-has-to-do-with-coffee-cars-and-consumer-freedom/ So a bill allowing cellphone unlocking is headed to the president's desk. President Obama has pledged to sign the legislation, giving relief to the more than 114,000 people who signed a White House petition calling for more progressive rules on cellphone use. Now what? The answer is a much wider battle in Congress over not only cellphone unlocking but also the underlying aspects of copyright law that made it an issue in the first place. In the coming months, expect to hear a lot about something called "circumvention"; according to a House Judiciary Committee aide, lawmakers are going to take a specific look this fall at the Copyright Act's provisions that presume cellphone unlocking and similar activities to be illegal by default. The results of that fight, advocates say, will likely shape the future of all technologies involving intellectual property ? ranging from self-driving cars to media and entertainment to the Internet-connected home. In the context of cell phones, circumvention involves bypassing the controls that a wireless carrier has placed on a phone so that the device can't be used with a different network. What the rest of us might call "cellphone unlocking" is vitally important for anyone who's tried to switch carriers ? for a trip abroad, for instance, or to another service provider here at home. Cellphone unlocking makes buying a whole new device unnecessary when switching carriers. For the past couple years it's actually been illegal to unlock your cellphone without first asking permission from your wireless carrier ? something you could only do, by the way, at the end of your contract. The new bill passed by Congress overturns the government decision that made unlocking illegal, but policy experts say this is just a temporary fix. Here's why. Every three years, the Library of Congress ? which handles copyright issues for the government ? has the opportunity to look at technologies designed to circumvent the locks manufacturers place on machines to protect their intellectual property. Cellphone unlocking is one example of this potentially law-breaking technology. Until recently, the Library of Congress generally concluded that cellphone unlocking deserved an exemption. But in 2012, it decided otherwise, opting not to renew the exemption. So it's great for consumer choice that Congress passed this latest bill; it effectively reverses the Library of Congress' 2012 decision. But 2012 + 3 = 2015, meaning that the Library of Congress is going to revisit the question of cellphone unlocking again ? you guessed it ? next year. The LoC could decide all over again to make cellphone unlocking illegal, undoing the effects of the legislation that President Obama's about to sign. To avoid a pointless back-and-forth, copyright reform advocates say the law that makes circumvention illegal should be changed. Some House lawmakers led by Rep. Anna Eshoo (D-Calif.) support a bill that would do just that. Circumvention keeps technology firmly in the manufacturers' hands, preventing customers or third parties from legally making their own repairs or doing the tinkering that has inspired many an inventor, according to the advocates. In November, the Electronic Frontier Foundation wrote about an emerging anti-circumvention system for automobiles being developed by Renault. "Instead of selling consumers a complete car that they can use, repair, and upgrade as they see fit, Renault has opted to lock purchasers into a rental contract with a battery manufacturer and enforce that contract with digital rights management (DRM) restrictions that can remotely prevent the battery from charging at all," EFF wrote in a blog post. It's not just cars that'll increasingly be subject to the circumvention provision of the Copyright Act. Hearing aids, e-books for the blind, Keurig coffee machines, even farm equipment ? all these technologies are reliant on software to a growing degree. And the owners of that software have an interest in protecting it from theft or unsanctioned modification. So applying DRM may make a lot of sense if you're a business, but it makes life harder if you're a consumer. (Anyone who's grappled with DRM for music will probably agree.) "Many manufacturers are realizing that if they put a digital chip in these devices, they're able to control them in a way that traditionally they haven't been able to do," said Derek Khanna, a copyright reform advocate who also pushed for the cellphone unlocking bill. "If a [Keurig] customer wants to use a different K-cup, they're potentially committing a felony." Altering the circumvention provision of the Copyright Act could change all that. And the House Judiciary seems open to considering it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 28 11:40:00 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Jul 2014 12:40:00 -0400 Subject: [Infowarrior] - =?windows-1252?q?Hacker_Breached_NOAA_Satellite_D?= =?windows-1252?q?ata_from_Contractor=92s_PC?= Message-ID: <63AF604D-1D94-495E-ACE8-0440057E24A5@infowarrior.org> Hacker Breached NOAA Satellite Data from Contractor?s PC By Aliya Sternstein 9:56 AM ET http://www.nextgov.com/cybersecurity/2014/07/hacker-breached-noaa-satellite-data-contractors-pc/89771/ National Oceanic and Atmospheric Administration satellite data was stolen from a contractor's personal computer last year, but the agency could not investigate the incident because the employee refused to turn over the PC, according to a new inspector general report. This is but one of the ?significant security deficiencies? that pose a threat to NOAA?s critical missions, the report states. Other weaknesses include unauthorized smartphone use on key systems and thousands of software vulnerabilities. The July 15 report made public on Friday concentrates on information-technology security problems at NOAA's National Environmental Satellite, Data, and Information Service. NOAA is part of the Commerce Department. During the 2013 incident, "an attacker exfiltrated data from a NESDIS system to a suspicious external IP address via the remote connection established with a personal computer," wrote Allen Crawley, Commerce's assistant IG for systems acquisition and IT security, referring to a dodgy computer address. NOAA determined the PC likely was infected with malware, but it was prevented from examining further because "the owner of the personal computer, even though a NESDIS contractor, did not give NOAA permission to perform forensic activities on the personal computer," Crawley said. The inspector general cited this case as an example of why it's a bad idea -- and a violation of Commerce policy -- for any personnel to access NOAA information systems using personal computers. In response to a draft report, NOAA officials noted the system in question was not a "high-impact" system. Satellites a Potential Target for Hackers The report, however, also focused on vulnerabilities to high-impact systems related to weather satellites, such as the Polar-orbiting Operational Environmental Satellites and Geostationary Operational Environmental Satellites. Unauthorized smartphone and thumb drive use was recently detected on 41 percent of components in systems supporting POES; 36 percent of GOES support systems; and 48 percent of components in the Environmental Satellite Processing Center, a system that handles data received from the satellites. Several U.S. earth observation satellites have also been probed by suspected Chinese government hackers in recent years, according to federal officials. In 2011, the Defense Department investigated two unusual incidents a few years prior involving signals targeting a U.S. Geological Survey satellite. NASA also experienced two "suspicious events" with a Terra observational satellite in 2008. A 2011 report by the U.S.-China Economic and Security Review Commission characterized the events as successful interferences that might have been linked to the Chinese government. Crawley said, "As it only takes one infected mobile device to spread malware and allow an attacker access to restricted systems like POES and GOES, NESDIS? critical components are at increased risk of compromise.? IG Also Cites Turf War, Funding Shortfall A clash between the Air Force and NOAA over securing conjoined systems also has created hazards. POES is interwoven with the military?s Defense Meteorological Satellite Program to the point where they are virtually one system. "Because USAF and NOAA disputed for several years (from 2006 to 2010) who was responsible for DMSP?s security, neither organization conducted security assessments" of the military satellites, Crawley said. "POES will remain interwoven with DMSP, and DMSP?s security posture will remain deficient for some time." Inadequate funding might prolong the security lapse further. NOAA "has asserted that if funding is not available it will abandon any corrective actions and accept the risks of leaving the systems interwoven," he said. The Air Force, meanwhile, doesn't expect to conduct a security posture assessment until a technology upgrade in 2016. "There is doubt that the refresh will occur because of the USAF?s funding constraints," the report stated. Linkages between NOAA satellite systems and less secure machines, such as those connected to the Internet, also present a threat. POES and GOES "have interconnections with systems where the flow of information is not restricted, which could provide a cyberattacker with access to these critical assets," Crawley said. Thousands of Vulnerabilities Unremedied A more general issue across NOAA satellite systems are security bugs in software that have remained unfixed for more than a decade. "POES, GOES, and ESPC have thousands of vulnerabilities, where some of the vulnerabilities in the software have been publicly disclosed for as long as 13 years," he said. "The older the vulnerability, the more likely exploits have been incorporated into common hacking toolkits.? Overall, NOAA officials agreed with the report?s findings, but said the agency has already begun addressing the defects, the final report states. "NOAA is committed to maintaining a cost-effective IT security program that manages risk at an acceptable level," Vice Adm. Michael Devany, NOAA deputy undersecretary for operations, wrote in a June letter, responding to the draft report. "We had already identified most of the concerns cited by the OIG in the report and have been implementing remediation efforts" that are documented in a Commerce tracking system. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 28 12:00:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Jul 2014 13:00:49 -0400 Subject: [Infowarrior] - Chris Beard Named CEO of Mozilla Message-ID: Chris Beard Named CEO of Mozilla Jul 28 2014 https://blog.mozilla.org/blog/2014/07/28/chris-beard-named-ceo-of-mozilla/ I am pleased to announce that Chris Beard has been appointed CEO of Mozilla Corp. The Mozilla board has reviewed many internal and external candidates ? and no one we met was a better fit. As you will recall, Chris re-joined Mozilla in April, accepting the role of interim CEO and joining our Board of Directors. Chris first joined Mozilla in 2004, just before we shipped Firefox 1.0 ? and he?s been deeply involved in every aspect of Mozilla ever since. During his many years here, he at various times has had responsibility for almost every part of the business, including product, marketing, innovation, communications, community and user engagement. Before taking on the interim CEO role, Chris spent close to a year as Executive-in-Residence at the venture capital firm Greylock Partners, gaining a deeper perspective on innovation and entrepreneurship. During his term at Greylock, he remained an Advisor to me in my role as Mozilla?s chair. Over the years, Chris has led many of Mozilla?s most innovative projects. We have relied on his judgment and advice for nearly a decade. Chris has a clear vision of how to take Mozilla?s mission and turn it into industry-changing products and ideas. The months since Chris returned in April have been a busy time at Mozilla: ? We released major updates to Firefox, including a complete redesign, easy customization mode and new services with Firefox Accounts. ? Firefox OS launched with new operators, including Am?rica M?vil, and new devices, like the ZTE Open C and Open II, the Alcatel ONETOUCH Fire C and the Flame (our own reference device). ? We announced that the Firefox OS ecosystem is expanding to new markets with new partners before the end of the year. ? We ignited policy discussion on a new path forward with net neutrality through Mozilla?s filing on the subject with the FCC . ? In June, we kicked off Maker Party, our annual campaign to teach the culture, mechanics and citizenship of the Web through thousands of community-run events around the world. President Obama announced the news at the first-ever White House Maker Faire. Today, online life is a combination of desktop, mobile, connected devices, cloud services, big data and social interactions. Mozilla connects all of these in an open system we call the Web ? a system that puts individuals in control, offers freedom and flexibility and that is trustworthy and fun. Mozilla builds products and communities that work to break down closed systems that limit online choice and opportunity. There is a huge need for this work today, as our digital lives become more centralized and controlled by just a few large companies. Toward that end, Mozilla builds products that put the user first, with a focus on openness, innovation and opportunity. Chris has a keen sense of where Mozilla has been ? and where we?re headed. He has unique experience connecting with every constituency that touches our products, including consumers, partners and community members. There?s simply no better person to lead Mozilla as we extend our impact from Firefox on the desktop to the worlds of mobile devices and services. Chris, welcome back. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Jul 28 13:27:53 2014 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Jul 2014 14:27:53 -0400 Subject: [Infowarrior] - =?windows-1252?q?Ford_and_General_Motors_Sued_Ove?= =?windows-1252?q?r_=91CD_Ripping_Cars=92?= Message-ID: <1F7B2CCB-FF7A-4D09-B1CD-888A7B0803B2@infowarrior.org> Ford and General Motors Sued Over ?CD Ripping Cars? ? By Ernesto ? on July 28, 2014 http://torrentfreak.com/music-industry-sues-ford-gm-cd-ripping-cars-140728/ The Alliance of Artists and Recording Companies has launched a class action lawsuit against Ford and General Motors over the CD-ripping capability of their cars. The music industry group claims that the car companies violate federal law and demand millions of dollars in damages. A quarter century ago the music industry was confronted with a new threat ? cassette tape recorders. These devices were able to make ?near perfect? copies of any audio recording and the RIAA and others feared this would be the end of the recorded music industry. The record labels took their fears to Congress, which eventually resulted in the Audio Home Recording Act (AHRA) of 1992. Under this law importers and manufacturers have to pay royalties on ?digital audio recording devices,? among other things. The legislation also applies to some newer recording devices common today, which is now causing trouble for Ford and General Motors. Both companies ship cars with the ability to rip CDs onto internal hard drives and according to a coalition of artists and record companies this violates copyright law. The Alliance of Artists and Recording Companies (AARC), which lists major record labels and 300,000 artists among its members, filed a class action lawsuit on Friday in which they demand millions of dollars in compensation. TorrentFreak obtained a copy of the complaint (pdf) which states that Ford?s ?Jukebox? device and General Motor?s ?Hard Drive Device? allow consumers to rip CDs onto an internal hard drive. According to the music group these devices fall under the Audio Home Recording Act and the car companies are therefore required to pay royalties. Thus far, neither Ford nor General Motors has complied with any requirements of the Act. Both companies have sold cars with these devices for several years on a variety of models including the Lincoln MKS, Ford Taurus, Ford Explorer, Buick LaCrosse, Cadillac SRX, Chevrolet Volt, and GMC Terrain. In addition to the two car companies, the lawsuit also targets their technology partners Denso and Clarion. Commenting on the dispute the AARC notes that a class action lawsuit was unavoidable. ?Twenty-two years ago, cooperation between music creators and device manufacturers resulted in legislation that led to a digital electronics revolution. But having reaped the benefits of this bargain, Ford, GM, Denso, and Clarion have now decided to ignore their obligations to music creators and declare themselves above the law,? AARC Executive Director Linda Bocchi comments ?While no one likes litigation, Ford, GM, Denso, and Clarion have stonewalled long enough, and we are determined to collect the royalties our members ? and all artists and music creators with rights under the AHRA ? are owed,? Bocchi adds. The artists and record labels are looking for both actual and statutory damages, which could amount to hundreds of millions of dollars. In addition, they want to prevent the manufacturers from selling these unauthorized devices in their cars. The case will prove to be an interesting test of the legality of ?recording? devices in car entertainment systems. As is usually true, the law is not as black and white as AARC?s complaint states. For example, the lawsuit doesn?t mention that the Audio Home Recording Act includes various exemptions for personal use and for recording equipment that?s part of a larger device, such as CD-burners in computers. It?s now up to the court to decide how cars fit into this picture. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 29 10:57:23 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Jul 2014 11:57:23 -0400 Subject: [Infowarrior] - U.S. Senate bill proposes sweeping curbs on NSA surveillance Message-ID: <03C5B276-11C8-431A-A0C4-09B5805D55B0@infowarrior.org> U.S. Senate bill proposes sweeping curbs on NSA surveillance By By Doina Chiacu 1 hour ago http://news.yahoo.com/u-senate-bill-proposes-sweeping-curbs-nsa-surveillance-140938211.html WASHINGTON (Reuters) - Senator Patrick Leahy will introduce legislation on Tuesday to ban the U.S. government's bulk collection of Americans' telephone records and Internet data and narrow how much information it can seek in any particular search. The bill, which has White House backing, goes further than a version passed by the U.S. House of Representatives in reducing bulk collection and may be more acceptable to critics who have dismissed other versions as too weak. Revelations last year by former National Security Agency contractor Edward Snowden prompted President Barack Obama to ask Congress in January to rein in the bulk collection and storage of records of millions of U.S. domestic telephone calls. Many American technology companies also have been clamoring for changes after seeing their international business suffer as foreign governments worry they might collect data and hand it over to U.S. spy agencies. The legislation is not expected to come up for a vote in the Senate before Congress leaves for a five-week break on Friday. Leahy, the Democratic chairman of the Senate Judiciary Committee, proposed greater limits on the terms analysts use to search databases held by phone companies such as Verizon Communications Inc or AT&T Inc. The bill, called the USA Freedom Act, would prohibit the government from collecting all information from a particular service provider or a broad geographic area, such as a city or area code, according to a release from Leahy's office. The USA Freedom Act would expand government and company reporting to the public and reform the Foreign Intelligence Surveillance Court, which reviews NSA intelligence activities. The House passed its version in May. Both measures would keep information out of NSA computers, but the Senate bill would impose stricter limits on how much data the spy agency could seek. The Senate bill would end the bulk collection authorized by Section 215 of the USA Patriot Act, which was enacted in the George W. Bush administration after the Sept. 11, 2001, attacks. It instead would authorize searches for telephone call records "two hops" from a search term, with a hop indicating connections between people suspected of links to foreign terrorism. The NSA has had legal authority to collect and hold for five years metadata for all telephone calls inside the United States. Telephone metadata documents the numbers involved, when the calls were made and how long they lasted, but not their content. Leahy's bill would require the government to report the number of individuals - including Americans - whose information has been collected. It gives private companies four options to report on the number of government requests they get. The bill would require the Foreign Intelligence Surveillance Court to appoint a panel of legal advocates to address privacy and civil liberties issues. National Security Council spokesman Ned Price praised Leahy on Monday for having done "remarkable work" balancing security and privacy concerns in the bill. (Reporting by Doina Chiacu, Roberta Rampton, Joseph Menn in San Francisco; Writing by Doina Chiacu; Editing by Lisa Von Ahn) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Jul 29 10:59:18 2014 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Jul 2014 11:59:18 -0400 Subject: [Infowarrior] - Fact Sheet: Senate's USA FREEDOM ACT OF 2014 Message-ID: <42243439-9C46-4696-ABAF-001E366CF18B@infowarrior.org> http://blogs.rollcall.com/technocrat/wp-content/uploads/sites/17/2014/07/USA-FREEDOM-Act-background.pdf USA FREEDOM ACT OF 2014 The USA FREEDOM Act of 2014 bans the bulk collection of Americans? private records. ? ? This bill enacts significant reforms to the surveillance authorities that the government has used to justify collecting Americans? telephone records and Internet metadata in bulk. ? ? It bans bulk collection by requiring the government to narrowly limit the scope of its collection, and makes clear that the government may not collect all information relating to a particular service provider or to a broad geographic region, such as a city, zip code or area code. The USA FREEDOM Act of 2014 provides the Intelligence Community with the authority it needs to collect phone records in a more targeted manner. ? To replace bulk collection, the bill authorizes the use of Section 215 to obtain two hops of ?call detail records? on a daily basis, if the government can demonstrate reasonable, articulable suspicion that its search term is associated with a foreign terrorist organization. The USA FREEDOM Act of 2014 expands government and company reporting to the public. ? ? The bill requires the government to report the number of individuals whose information has been collected under various authorities; the number of those individuals who were likely Americans; and the number of searches run on Americans in certain databases. It contains exceptions for numbers that are not currently possible to generate. ? ? This bill gives private companies four options for reporting public information about the number of FISA orders and national security letters they receive. The USA FREEDOM Act of 2014 reforms the FISA Court process. ? ? This bill requires the FISA Court, in consultation with the Privacy and Civil Liberties Oversight Board, to appoint a panel of special advocates who are to advance legal positions in support of individual privacy and civil liberties. ? ? This bill enhances mechanisms for appellate review of FISA Court decisions. The USA FREEDOM Act of 2014 brings Section 215 and National Security Letter nondisclosure orders into compliance with the First Amendment. The USA FREEDOM Act of 2014 imposes new privacy protections for FISA pen registers. The USA FREEDOM Act of 2014 prohibits the use of unlawfully obtained information under Section 702 of FISA. The USA FREEDOM Act of 2014 extends the June 2015 USA PATRIOT Act sunsets to December 2017, to bring them in line with the current FISA Amendments Act sunset. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 31 06:21:55 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Jul 2014 07:21:55 -0400 Subject: [Infowarrior] - =?windows-1252?q?Cerf=3A_Why_many_programmers_don?= =?windows-1252?q?=92t_bother_joining_the_ACM?= Message-ID: <47C244BC-1B8E-4542-84DD-CF7DCA48CB7A@infowarrior.org> Why many programmers don?t bother joining the ACM In response to a query from Vint Cerf, professional developers explain why they don?t feel a membership in the Association for Computing Machinery is worth the cost By Phil Johnson July 30, 2014, 6:00 AM ? Earlier this month Vint Cerf, co-creator of the TCP/IP protocol and current Google vice president, openly asked professional programmers for feedback regarding the Association for Computing Machinery (ACM), a professional organization that Cerf recently served as president. Specifically, Cerf wondered in both the Communications of the ACM and the ACM Queue, why the membership in the ACM has not grown commensurately with the increase in professional, non-academic programmers? What is it, he asked, that may be preventing programmers from joining and what could the ACM do to make itself more relevant to them going forward? While Cerf invited feedback to his Gmail account, many programmers openly shared their thoughts in comments on ACM Queue and in various online discussions. While some feedback about the ACM was positive, much of it indicated that developers have some strong negative feelings about the way the ACM operates. Before reviewing their feedback, though, let?s take a quick look at what the ACM is and what it offers to programmers. < -- > http://www.itworld.com/cloud-computing/429166/why-many-programmers-don-t-bother-joining-acm --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 31 09:45:26 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Jul 2014 10:45:26 -0400 Subject: [Infowarrior] - Countries don't own their Internet domains, ICANN says Message-ID: <9FAFB181-AECB-4ED2-AD37-58C4FF7F9D33@infowarrior.org> Countries don't own their Internet domains, ICANN says It's fighting an effort to seize Iran's, Syria's and North Korea's domains in a civil settlement, saying they aren't property Stephen Lawson (IDG News Service) on 31 July, 2014 06:15 http://www.computerworld.com.au/article/551289/countries_don_t_own_their_internet_domains_icann_says/ The Internet domain name for a country doesn't belong to that country -- nor to anyone, according to ICANN. Plaintiffs who successfully sued Iran, Syria and North Korea as sponsors of terrorism want to seize the three countries' ccTLDs (country code top-level domains) as part of financial judgments against them. The Internet Corporation for Assigned Names and Numbers, which oversees the Internet, says they can't do that because ccTLDs aren't even property. After the plaintiffs filed papers to ICANN seeking the handover of the domains, the organization said it sympathized with their underlying claims but filed a motion on Tuesday to quash the attempted seizure. A ccTLD is the two-letter code at the end of a country-specific Internet address, such as .us for the U.S. or .cn for China. There are more than 280 of them, all of which need to have managers, administrative contacts and technical contacts who live in the countries they represent. The domains in this case are .ir for Iran and .sy for Syria, plus Arabic script equivalents for each, and .kp for North Korea. But the domains aren't property and don't belong to the countries they point to, ICANN said. Instead, they're more like postal codes, "simply the provision of routing and administrative services for the domain names registered within that ccTLD," which are what let users go to websites and send to email addresses under those domains, ICANN wrote. If ICANN stepped in and reassigned the domains on its own, that would disrupt everyone who uses a domain name that ends in those codes, including individuals, businesses and charitable organizations, the group said. "Forced re-delegation of these ccTLDs would destroy whatever value may exist in these ccTLDs, would wipe out the hundreds of thousands of domain name registrations in the ccTLDs, and could lead to fragmentation of the Internet," ICANN wrote in its motion. It doesn't even have the technical capability to do what the plaintiffs ask, the group said. ICANN actually manages Internet addresses under a contract with the U.S. Department of Commerce, and that contract doesn't allow it to reassign ccTLDs on its own, though it can make recommendations, the organization said. Though ICANN is based in Washington, D.C., and incorporated in California, it was formed in 1998 as an independent body to shift control of the Internet away from the U.S. government. Since then, under a "multi-stakeholder approach," it's moved to spread out responsibility for the global network to other people around the world who have an interest in it. The U.S. National Telecommunications and Information Administration is scheduled to end its oversight of ICANN in September 2015. "Rules for evaluating and certifying ccTLD managers have been established by processes, standards and principles developed by the Internet community," ICANN wrote. ICANN said it has had "very little interaction" with the managers of the three domains, and all those communications have been technical, involving activation of servers or changes in contact information. Iran's domains are managed by the Institute for Research in Fundamental Sciences, in Tehran, and hosted on two servers somewhere in Iran and one apparently in Austria, ICANN said. Syria's are managed by the National Agency for Network Services, in Damascus, and hosted on four servers. "Two servers appear to be physically located somewhere in Syria and it is unclear where the other two are located," ICANN wrote. North Korea's domain is managed by the Star Joint Venture Company, in Pyongyang, and hosted on two servers, both of which appear to be in North Korea. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 31 11:48:09 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Jul 2014 12:48:09 -0400 Subject: [Infowarrior] - C.I.A. Admits Penetrating Senate Intelligence Computers Message-ID: <07A75F1D-6BE9-497D-93CF-6BDF2F5C8FDB@infowarrior.org> C.I.A. Admits Penetrating Senate Intelligence Computers By MARK MAZZETTIJULY 31, 2014 http://www.nytimes.com/2014/08/01/world/senate-intelligence-commitee-cia-interrogation-report.html WASHINGTON ? An internal investigation by the Central Intelligence Agency has found that its officers improperly penetrated a computer network used by the Senate Intelligence Committee in preparing its report on the C.I.A.'s detention and interrogation program. In a statement issued Thursday morning, a C.I.A. spokesman said that agency?s inspector general had concluded that C.I.A. officers had acted inappropriately by gaining access to the computers. The statement said that John O. Brennan, the C.I.A. director, had apologized to the two senior members of the Senate Intelligence Committee and that he would set up an internal accountability board to review the matter. The board will be led by former Senator Evan Bayh, Democrat of Indiana. The statement gave almost no specifics about the findings of the report, written by David Buckley, the agency?s inspector general. Officials said there was a tense meeting earlier this week when Mr. Brennan briefed the two senators ? Dianne Feinstein, Democrat of California and Saxby Chambliss, Republican of Georgia. The officials said Ms. Feinstein had confronted Mr. Brennan about past public statements on the issue, in which he defended the agency?s actions. When the C.I.A.'s monitoring of the committee became public in March, Mr. Brennan said, ?When the facts come out on this, I think a lot of people who are claiming that there has been this tremendous sort of spying and monitoring and hacking will be proved wrong.? Last year, the C.I.A. gained access to a computer network, reserved solely for Senate investigators working at an agency facility in Northern Virginia, after officials suspected the intelligence committee had improperly obtained an internal C.I.A. report about the detention program, which is now defunct. Shortly after the C.I.A. action was made public, Ms. Feinstein gave a blistering speech on the floor of the Senate accusing the agency of infringing on the committee?s role as overseer. The C.I.A. statement was first reported by McClatchy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Jul 31 18:24:49 2014 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Jul 2014 19:24:49 -0400 Subject: [Infowarrior] - Judge Orders Microsoft to Turn Over Customer Data Stored Abroad Message-ID: <2FC9D300-EB82-4E10-9D02-D8BFB15F09CE@infowarrior.org> Judge Orders Microsoft to Turn Over Customer Data Stored Abroad July 31, 2014, 2:24 PM PDT By Joseph Ax, Reuters http://recode.net/2014/07/31/judge-orders-microsoft-to-turn-over-customer-data-stored-abroad/ Microsoft must turn over a customer?s emails and other account information stored in a data center in Ireland to the U.S. government, a judge ruled on Thursday, in a case that has drawn concern from privacy groups and major technology companies. Microsoft and other U.S. companies had challenged the warrant, arguing it improperly extended the authority of federal prosecutors to seize customer information held in foreign countries. Following a two-hour court hearing in New York, U.S. District Judge Loretta Preska said a search warrant approved by a federal magistrate judge required the company to hand over any data it controlled, regardless of where it was stored. ?It is a question of control, not a question of the location of that information,? Preska said. The judge said she would temporarily suspend her order from taking effect to allow Microsoft to appeal her decision to the 2nd U.S. Circuit Court of Appeals. The case appears to be the first in which a corporation has challenged a U.S. search warrant seeking data held abroad. A number of technology companies filed court briefs in support of Microsoft?s position, including AT&T, Apple, Cisco Systems and Verizon Communications. The companies are worried that they could lose billions of dollars in revenue to foreign competitors if customers fear their data is subject to seizure by U.S. investigators anywhere in the world. Thursday?s ruling concerns a search warrant served on Microsoft by prosecutors for a customer whose emails are stored in a data center in Dublin, Ireland. It is unclear which agency issued the warrant because the warrant and all related documents are sealed. The technology companies argued that U.S. search warrants cannot be executed overseas under the law. But lawyers for the U.S. Justice Department said the warrant only required the company to provide documents it controls, just as U.S. banks can be forced to hand over transaction records held in foreign countries. (Editing by Grant McCool) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.