Secret Document Calls Wikileaks ‘Threat’ to U.S. Army: Via Threat Level.

Wikileaks presents a “threat to the U.S. Army” and publishes “potentially actionable information” for targeting military personnel, according to a classified intelligence report posted Monday on the whistleblowing site.

The 32-page report entitled Wikileaks.org – An Online Reference to Foreign Intelligence Services, Insurgents, or Terrorist Groups? (.pdf) indicates the government’s concern that “current employees or moles” within the Defense Department or the U.S. government “are providing sensitive or classified information to Wikileaks.” To stop this, the 2008 report had suggested a campaign to expose and punish those who leak to the site, which was founded in 2007 by Chinese dissidents, journalists and mathematicians.

“Wikileaks.org uses trust as a center of gravity by assuring insiders, leakers, and whistleblowers who pass information to Wikileaks.org personnel or who post information to the website that they will remain anonymous,” according to the report. “The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using Wikileaks.org to make such information public.” [ Read more ... ]

Global Internet Freedom and the U.S. Government: Via Freedom to Tinker.

Over the past two weeks I've testified in both the Senate and the House on how the U.S. should advance "Internet freedom." I submitted written testimony for both hearings which can be downloaded in PDF form here and here. Full transcripts will become available eventually but meanwhile you can click here to watch the Senate video and here to watch the House video. In both hearings I advocated a combination of corporate responsibility through the Global Network Initiative backed up by appropriate legislation given that some companies seem reluctant to hold themselves accountable voluntarily; revision of export controls and sanctions; and finally, funding and support for tools, and technologies and activism platforms that will counter-act suppression of online speech.
[ Read more ... ]

European Parliament Rips Global IP Accord: Via Threat Level.

The European Parliament delivered a political blow to Hollywood and the Obama administration, voting Wednesday 663 to 13 in opposition to a proposed and secret intellectual property agreement being negotiated by the European Union, United States and a handful of others.

Wednesday’s developments concerning the Anti-Counterfeiting and Trade Agreement are substantial because the European Union’s 27 countries vastly outnumber the remaining countries negotiating the deal. They are Australia, Canada, Japan, South Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the United States. Ambassador Ron Kirk, the top U.S. trade official, is spearheading the deal that began being crafted under the George W. Bush administration.

Kirk’s office declined comment.

To be sure, there is a dispute and heavy confusion concerning whether internet service providers under ACTA would be forced to punish customers deemed copyright scofflaws by reducing or eliminating service, according to a string of leaked documents. So Parliament members also agreed Wednesday to oppose the measure if it contains so-called “three strikes” or “graduated response” policies — regardless of whether that’s now in the text.

And because of the text’s secrecy, Parliament on Wednesday also demanded (.pdf) that the private agreement still under negotiation be publicly released. [ Read more ... ]

White House Cyber Czar: ‘There Is No Cyberwar’: Via Threat Level.

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.

“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.

“I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.

His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it. [ Read more ... ]

U.S. Declassifies Part of Secret Cybersecurity Plan: Via Threat Level.

The Obama administration declassified part of the government’s cybersecurity plan Tuesday, publishing parts of it that discuss intrusion detection systems for federal computer networks and the government’s role in securing critical infrastructure.

The declassification announcement was made by Howard A. Schmidt, a former Microsoft security executive who in December was appointed cybersecurity coordinator by President Barack Obama. Schmidt was speaking at the RSA Security Conference in San Francisco, an annual industry conference for computer security professionals.

The government’s Comprehensive National Cybersecurity Initiative was launched in 2008 by President George W. Bush under a shroud of secrecy. The plan has 12 directives that cover the government’s strategy to protect U.S. networks — including military, civilian,  government networks and critical infrastructure systems — as well as the government’s offensive strategy to combat cyber warfare.

Civil libertarians criticized the Bush administration for failing to disclose the contents of the plan or allowing independent oversight of its implementation. Schmidt said that Obama recognized the need for some transparency. [ Read more ... ]

Susan Collins spreads central myth about the Constitution: Via Salon: Glenn Greenwald.

Over the weekend, Sen. Susan Collins released a five-minute video in which she sounded as though she were possessed by the angriest, most unhinged version of Dick Cheney.  Collins recklessly accused the Obama administration of putting us all in serious danger by failing to wage War against the Terrorists.  Most of what she said was just standard right-wing boilerplate, but there was one claim in particular that deserves serious attention, as it has become one of the most pervasive myths in our political discourse:  namely, that the U.S. Constitution protects only American citizens, and not any dreaded foreigners.  Focusing on the DOJ's decision to charge the alleged attempted Christmas Day bomber with crimes, Mirandize him and provide him with counsel, Collins railed:  "Once afforded the protection our Constitution guarantees American citizens, this foreign terrorist 'lawyered up' and stopped talking" (h/t).  This notion that the protections of the Bill of Rights specifically and the Constitution generally apply only to the Government's treatment of American citizens is blatantly, undeniably false -- for multiple reasons -- yet this myth is growing, as a result of being centrally featured in "War on Terror" propaganda. [ Read more ... ]

Report: Critical Infrastructures Under Constant Cyberattack Globally: Via Threat Level.

Critical infrastructure systems around the world are the targets of repeated cyberattacks, according to a new global survey of technology executives in these industries. They believe some of the attacks are coming not just from individual cybercriminals but terrorists and foreign nation states.

The United States and China are believed to be the most likely countries to conduct a cyberattack against the critical infrastructure of another nation, according to the respondents.

Companies and agencies operating in the banking and finance sectors, energy and natural resources, telecommunications and internet service providers, transportation and mass transit, chemical production and storage, food distribution and government services are considered critical infrastructure companies.

The attacks that are occurring include massive denial of service attacks, stealthy efforts to penetrate networks undetected, DNS poisoning, SQL injection attacks and malware infections. The aims of the attacks vary from shutting down services or operations to theft of services and data or extortion attempts. [ Read more ... ]

Happy Data Privacy Day!: Via Privacy Lives.

January 28 is Data Privacy Day. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. Also, please donate to any number of organizations out there trying to protect your rights generally.

Visit the official site to find events near your area. Here are a few highlights in the United States and internationally:

United States: [ Read more ... ]

Browser Versions Carry 10.5 Bits of Identifying Information on Average: Via EFF.org Updates.

This is part 3 of a series of posts on user tracking on the modern web. You can also read part 1 and part 2.

Whenever you visit a web page, your browser sends a "User Agent" header to the website saying precisely which operating system and web browser you are using. This information could help distinguish Internet users from one another because these versions differ, often considerably, from person to person. We recently ran an experiment to see to what extent this information could be used to track people (for instance, if someone deletes their browser cookies, would the User Agent, alone or in combination with some other detail, be unique enough to let a site recognize them and re-create their old cookie?). [ Read more ... ]

Senator Demands IP Treaty Details: Via Threat Level.

That a U.S. senator must ask a federal agency to share information regarding a proposed and “classified” international anti-counterfeiting accord the government has already disclosed is alarming. Especially when the info has been given to Hollywood, the recording industry, software makers and even some digital-rights groups.

Sen. Ron Wyden (D-Oregon) is demanding that U.S. Trade Representative Ron Kirk confirm leaks surrounding the unfinished Anti-Counterfeiting Trade Agreement, being negotiated largely between the European Union and United States. Among other things, Wyden wants to know if the deal creates international guidelines that mean consumers lose internet access if they are believed to be digital copyright scofflaws.

He also wants to know whether internet service providers could lose “safe harbor” protection for failing to police their customers’ digital content for copyright infringement violations. Such a move would heap copyright liability onto the ISP, and fundamentally alter U.S. copyright law.

What “legal incentives,” Wyden asked Kirk in a Wednesday letter, would “encourage Online Service Providers (OSPs) to cooperate with copyright owners to deter the unauthorized storage or transmission of copyrighted materials.”

The questions came weeks after leaked documents from the European Union suggested the United States was taking those positions on the accord’s draft internet section. [ Read more ... ]

Threshold for Getting Onto No-Fly List Lowered: Via Threat Level.

The government has lowered the criteria for putting someone on a watch list or no-fly list, and has revoked several U.S. visas as a result, according to CNN.

The action will result in more people being grounded from flights or undergoing secondary screening at airports. Officials wouldn’t indicate how many people might be affected.

The terrorist watch list has about 400,000 names on it, according to the most recent figures reported by the government. Most of them are non-U.S. citizens, and the list includes those suspected of providing financial assistance or aid to terrorists.

The “no fly” list, a subset of the watch list, contains about 3,400 names, of which about 170 are U.S. citizens or residents.

In addition to being used by airport security personnel to single out some travelers for extra screening or interrogation, the watchlist is used for, among other things, screening U.S. visa applicants and gun buyers as well as suspects stopped by local police. [ Read more ... ]

Alleged Ponzi Mastermind Stanford Pwned in Antigua: Via Threat Level.

In early 2008, while federal investigators were busy looking into disgraced financier Robert Allen Stanford for his part in an alleged $8 billion fraudulent investment scheme, Eastern European hackers were quietly hoovering up tens of thousands of customer financial records from the Bank of Antigua, an institution formerly owned by the Stanford Group.

According to a fraud investigator with firsthand knowledge of the break-in, the hackers responsible infiltrated a component of the Stanford Group’s network by exploiting vulnerabilities in the company’s web servers and databases. On the condition of anonymity, the investigator shared with this author files recovered from the breach, which were stored in plain text for at least several weeks on a website controlled by the attackers. This source said he forwarded the same information on to the FBI shortly after discovering it in early 2008.

Once inside Stanford’s network, the unidentified hackers appear to have swiped the credentials from an internal network administrator. They soon had downloaded the user names and password hashes for more than 1,000 employees of Stanford Financial, Stanford Group, Stanford Trust and Stanford International Bank. [ Read more ... ]

The Joys of Airstrikes and Anonymity: Via Salon: Glenn Greenwald.

Each time the U.S. bombs a new location in the Muslim world, the same pattern emerges.  First, officials from the U.S. or allied governments run to their favorite media outlet to claim -- anonymously -- that some big, bad, notorious, "top" Al Qaeda leader "may have been" or "likely was" killed in the strike, and this constitutes a "stinging" or "devastating" blow against the Terrorist group.  These compliant media outlets then sensationalistically trumpet that claim as the dominant theme of their "reporting" on the attack, drowning out every other issue.  [ Read more ... ]

Torrent Search Engines Unlawful, U.S. Judge Says: Via Threat Level.

The operator of a popular BitTorrent search site said Monday he will likely challenge last week's landmark decision by a U.S. judge declaring such sites unlawful and no different from conventional peer-to-peer piracy services.

"We do think from our preliminary review there are a number of issues for appeal," said Ira Rothken, attorney for popular torrent search engine ISO Hunt, the defendant in the case.

The long-awaited decision, while not unexpected, was the first in the United States in which a federal judge found that BitTorrent search engines are an unlawful avenue (.pdf) to free movies, music, videogames and software. A contrary ruling likely would have sparked a gold rush of BitTorrent prospectors in the United States.

Targeted in the case was Gary Fung, a Canadian who operates ISO Hunt and other torrent search engines. Among other things, he argued that U.S. laws did not attach to him, and if they did, that his websites were protected under the Digital Millennium Copyright Act. [ Read more ... ]

Report: U.S. Fears Public Scrutiny Would Scuttle IP Treaty Talks — Update: Via Threat Level.

The proposed Anti-Counterfeiting Trade Agreement, or ACTA, has been shrouded in secrecy, and the Bush and the Obama administrations have declared it unsuitable for public debate because divulging its contents could harm America’s “national security.”

A few recent leaks have showed that the unfinished agreement, which is being negotiated largely between the European Union and the United States, is likely to benefit the content industry. At the same time, it might pave the way for international guidelines that could lead to consumers losing their internet accounts if they are believed to be digital copyright scofflaws.

But we now know that the real reason for secrecy, the one suspected all along, was that the United States does not think it could reach an accord with Europe and the nearly dozen other nations if the proposal came under public scrutiny. [ Read more ... ]

Keeping a Global Eye on Copyright Law: Via EFF.org Updates.

We spend a lot of our time at EFF trying to spot new proposals in copyright across the world, and understanding whether they're good or bad for civil liberties. We're not the only ones: our understanding depends on the work of hundreds of researchers worldwide who are constantly sifting through new drafts and consolidating older reforms in hundreds of nations.

It's a global effort, and that's why we're happy to announce our involvement in a truly global project: Copyright Watch. Working with academics, libraries and copyright monitors from across the world, Copyright Watch brings together the most recent copies of laws from as many countries as we could find. And with that global team, we'll be tracking new proposals, consultations, and freshly passed regulations: finding the promising changes, and highlighting the spectacularly bad ideas hopefully before they can take hold. [ Read more ... ]

New York Court Scores Over Oregon In Recent Email Privacy Opinions: Via EFF.org Updates.

Last week, two new district court opinions took opposing views on the question of whether the Fourth Amendment protects stored email. One of the cases easily adopted the prevailing view that the Constitution protects electronic communications, while the other ignored existing U.S. Supreme Court and Ninth Circuit precedent to find consumers have no expectation of privacy in messages stored with third parties. EFF will be watching these developments closely as we continue to press for email privacy rights in the Sixth Circuit Court of Appeals in U.S. v. Warshak and in other matters.

Email -- like letters, telephone calls or documents you keep in a rented locker -- should be fully protected by the Fourth Amendment. As with letters, calls or rented property, your expectation of privacy against the government does not weaken simply because you entrust the document to a third party for delivery or storage. [ Read more ... ]

Gang of 100 Phishers Charged in U.S. and Egypt: Via Threat Level.

A gang of more than 100 alleged phishers has been charged in the U.S. and Egypt in connection with a global scheme to steal bank credentials of victims and siphon money from their accounts.

A total of 53 defendants (.pdf) ranging in ages 18 to 44 are charged in a thick indictment (.pdf) unsealed Wednesday in federal court in Los Angeles. An additional person is being charged at the state level, and another 47 alleged co-conspirators have been charged in Egypt.

The indictment is the culmination of a two-and-a-half-year investigation, dubbed Operation Phish Phry.

The suspects in Egypt allegedly sent bogus e-mails purporting to be legitimate correspondence from the victims’ banks, urging the victims to update their online banking records. The e-mails referred recipients to a fake bank website under the criminals’ control, which prompted the victims for an account number and password. [ Read more ... ]

Chicago’s Loss: Is Passport Control to Blame?: Via In Transit Blog - NYTimes.com .

Did Chicago lose the chance to host the 2016 Olympics because of airport security issues?

Among the toughest questions posed to the Chicago bid team this week in Copenhagen was one that raised the issue of what kind of welcome foreigners would get from airport officials when they arrived in this country to attend the Games. Syed Shahid Ali, an I.O.C. member from Pakistan, in the question-and-answer session following Chicago’s official presentation, pointed out that entering the United States can be “a rather harrowing experience.”

President Obama, who was there as part of the 10-person team, assured Mr. Ali that all visitors would be made to feel welcome. “One of the legacies I want to see is a reminder that America at its best is open to the world,” he said.”

But Mr. Obama’s assurances may have not been enough to assuage critics like Mr. Ali. A few hours later the Games went to Rio de Janeiro.

The exchange underscores what tourism officials here have been saying for years about the sometimes rigorous entry process for foreigners, which they see as a deterrent to tourism. [ Read more ... ]

License to Kill Innovation: the Broadcast Flag for UK Digital TV?: Via EFF.org Updates.

The British MP Tom Watson has highlighted a digital TV consultation by UK regulator Ofcom, held in response to an inquiry from the BBC (the consultation deadline is this Wednesday):

The BBC has indicated that third party content owners are seeking to ensure that reception equipment will implement ... copy protection. Because [these] requirements are not mandatory, representatives of content owners have asked the BBC to take steps to ensure that reception equipment will implement the specified content management arrangements.

Veterans of the broadcast flag battle in the United States will recognise this language: rightsholders are once again attempting to use the power of the public regulators to force universal DRM on the general public, and place their veto power over the next generation of HD digital TV technology. [ Read more ... ]

Attorneys Can See Classified Info in Coffee Table Spy Suit: Via Threat Level.

A federal judge in Washington has ordered the government to grant security clearances to lawyers on both sides of a lawsuit claiming illegal spying against a DEA agent, in a ruling that challenges the government’s long-held claim that the executive branch alone has the authority to determine who can access classified material.

The attorneys in the case, which was noted by Secrecy News, need the security clearances to obtain classified knowledge held by their clients so they can adequately argue the lawsuit, the judge said, in an August 26 ruling supported by attorneys on both sides of the lawsuit, but bitterly opposed by the government.

On Thursday, a federal appeals court ordered an emergency stay of the order pending an appeal by the Justice Department. [ Read more ... ]

OpenID Pilot Program to be Announced by US Government: Via ReadWriteWeb Hat Tip to LauraS .

Ten private companies, a number of US Government Federal Agencies primarily in the Health sector and the OpenID and Information Card Foundations will announce this morning in Washington DC the launch of a pilot program to allow members of the public to log in to participating government websites with their credentials from approved independent websites.

That's right - someday soon you'll be able to log in to the websites of the Department of Health and Human Services, the National Insititute of Health and other government agencies with your accounts from Google, Yahoo and similar services. Below we discuss the privacy protection steps being taken, the usability issues and the ultimate significance of this announcement. [ Read more ... ]

Obama appointee previews the imminent preventive detention debate: Via Salon: Glenn Greenwald.

By all accounts, the White House is going to unveil its proposal for indefinite detention within the next four to eight weeks, and it has begun dispatching proponents of that scheme to lay the rhetorical groundwork.  In The Washington Post today, one of the proposal's architects -- Law Professor Robert Chesney, a member of Obama's Detention Policy Task Force -- showcased the trite and manipulative tactics that will be used by advocates of indefinite detention to win support for their radical program [anyone doubting that detention without trials is radical should recall that Obama's own White House counsel Greg Craig told Jane Mayer back in February that it's "hard to imagine Barack Obama as the first President of the United States to introduce a preventive-detention law"; New York Times reporter William Glaberson wrote that "Obama's detention policy "would be a departure from the way this country sees itself"; Sen. Russ Feingold warned that it "violates basic American values," "is likely unconstitutional," and "is a hallmark of abusive systems that we have historically criticized around the world"; The New York Times' Bob Herbert said that "Americans should recoil as one against the idea of preventive detention"; and the Obama policy's most vigorous Congressional proponents are Tom Coburn and Lindsey Graham]. 

According to Chesney, though, the real extremists are those "on the left" who oppose preventive detention; those who believe that radical liberties such as criminal charges, trials and due process are necessary before the state can put someone in a cage for life; those who agree with Thomas Jefferson that trial by jury is "the only anchor ever yet imagined by man, by which a government can be held to the principles of its constitution." [ Read more ... ]

The Homeland Security Lap Dance: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

(Originally posted on Daily Kos.)

Yesterday, a day after we filed a lawsuit over the matter, DHS issued a new policy on laptop searches at the border. We were not impressed. The new policy imposes some limits on the claimed authority of the U.S. Customs and Border Protection (CBP) agency but leaves intact its unconstitutional policy allowing agents to conduct suspicionless searches of travelers’ laptops.

Customs offices in the U.S. and other countries have long had the power to inspect goods being brought into the nation. But it is a radical new step for the government to claim that it can inspect the information being brought across our borders — not only radical, but laughable too.

In a DHS press release, Secretary Janet Napolitano said: [ Read more ... ]

‘The Analyzer’ Pleads Guilty in $10 Million Bank-Hacking Case: Via Threat Level.

Ehud Tenenbaum, aka “The Analyzer,” quietly pleaded guilty in New York last week to a single count of bank-card fraud for his role in a sophisticated computer-hacking scheme that federal officials say scored $10 million from U.S. banks.

The Israeli hacker was arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks. But before Canadian authorities could prosecute him, U.S. officials filed an extradition request to bring him to the States.

Prosecutors alleged in an extradition affidavit that Tenenbaum hacked into two U.S. banks, a credit- and debit-card distribution company and a payment processor, in what they called a global “cash-out” conspiracy. But he was only charged with one count of conspiracy to commit access-device fraud and one count of access-device fraud. [ Read more ... ]