Microsoft-loving (former) security czar calls for closed internet

By Cade Metz in Santa Clara
Published Tuesday 2nd October 2007 22:24 GMT (http://www.theregister.co.uk/2007/10/02/richard_clarke_speech_trust_online_santa_clara_uni versity_microsoft/print.html)

Richard Clarke, the man who served President Bush as a special adviser for cyber security, has a five-point plan for saving the internet.

Speaking at a Santa Clara University conference dedicated to "trust online," Clarke called the net "a place of chaos in many ways, a place of crime in many ways," but laid out several means of righting the ship, including biometric IDs, government regulation, and an industry wide standard for secure software. He even embraces the idea of a closed internet - which seems to have sparked a death threat from net pioneer Vint Cerf.

"A lot of these ideas go against the grain. A lot of these ideas are ones people have already objected to - because of certain shibboleths, because of certain belief systems, because of certain idealogical differences," Clarke said. "But if we're going to create trust in cyberspace, we have to overcome some of those shibboleths, overcome some of those ideological differences, and look anew at these ideas."

According to Clarke - who was also a special assistant to the President for global affairs and national coordinator for security and counter-terrorism - about 35 per cent of all U.S. citizens would rather shoot themselves than carry a national ID card. But he thinks they're being silly. He believes biometric IDs are an essential means of fighting online crime.

"One thing you could do with a biometric ID card - if you wanted to - is prove your identity online," he said, as if taunting his critics.

Yes, he realizes that internet mavens value online anonymity. But he insists this has nothing to do with biometric internet IDs. "One of the ideological underpinnings of the internet is that we're anonymous," he said. "Well, guess what? We're not anonymous. Amazon and DoubleClick and all those other companies already know everything about what you're doing online." ID cards don't eliminate anonymity, he explained, because anonymity is already gone. Then he added that Bill Gates agrees with him.

Next, Clarke called for more government oversight of the net. According to his rough calculations, 75 per cent of all U.S. citizens are against government regulation of any kind. But he thinks they're being silly too. "You don't want government regulation? Then just let your kids eat all that lead off their toys."

In short, he believes the Federal Communications Commission (FCC) should force ISPs to crack down on cyber-crime. "[The FCC] could, for example, say to all the ISPs, 'You will do the following things to reduce fraud, bot nets, malicious activity, etc."

Isn't the government one of the problems where online privacy is concerned? It is, as Clarke pointed out. He also called for a nonpartisan organization dedicated to fighting abuses of government power. "What if we had a champion in the government who we trusted on privacy rights and civil liberties? What if we had a government advocate with real power to ensure that the government doesn't violate privacy rights."

That's three points from the five-point plan. Two more to go.

Number four: A secure software standard. "We should look, as an industry, at improving the quality of secure code, so that we don't need to issue software patches, so there aren't trap doors - intentional or otherwise," he said. "This is not a revolutionary idea. We put this in place a long time ago for electrical appliances."

This is Clarke's least controversial notion, but you have to wonder how effective it can be. Removing all bugs from electrical equipment is one thing. Removing them from software code - some of the most complex stuff ever invented - is another.

In discussing secure software standards, Clarke slipped in another plug for Microsoft. "This is an idea Microsoft has already championed," he said. And then he said it again. Bill and gang sponsored the conference.

And, yes, Clarke's fifth and final idea is a less than open internet. "Another idea that's already been rejected that I think we should look at again is the idea of a closed internet," Clarke said. "Why should the part of the internet that's connected to the power grid be open? Why should that part of the internet that runs nuclear laboratories be open? Why shouldn't there be a closed internet? There are already relatively closed internets - and now we need to think seriously about expanding them."

Several years ago, when Clarke suggested the idea to Vint Cerf, the internet founding father had a fit. "[He] implied he was putting together a firing squad to take me out," Clarke said.

*****

You won't know what you've got till it's gone.

BE VERY AFRAID OF THESE AUTHORITARIAN MANIACS!

They want to be able to 'crash' the 'public' web and leave everyone in the dark so we'll have to rely on old media in a time of emergency. The writing is on the wall.

A free and unregulated internet is the remaining lifeblood of contemporary civil society. (No, talk radio doesn't count).

I don't know about you, I am just afraid of lead-coated terrorist shibboleths!!!

i thought shibboleths were extinct!

Isn't it interesting how those in power will suggest any means, fair or foul, to restrict our freedom? Of course its all wrapped up in a "its-good-for-you" package which they try to sell us, but what they're really seeking is ultimate control over us - what we do, what we think, what we say, where we go, etc etc. I don't know about you folks in the US but already in the UK many people feel their hard-won freedoms are being slowly but surely trampled under foot by the jackboots of our Labour government.

One book everyone should read before they die is Orwell's 1984, it's all there, starkly laid out, we deny it or ignore it at our peril.
"And if all others accepted the lie which the Party imposed—if all records told the same tale—then the lie passed into history and became truth. 'Who controls the past' ran the Party slogan, 'controls the future: who controls the present controls the past.'"
- George Orwell, 1984, Book 1, Chapter 3
"Day by day and almost minute by minute the past was brought up to date. In this way every prediction made by the Party could be shown by documentary evidence to have been correct; nor was any item of news, or any expression of opinion, which conflicted with the needs of the moment, ever allowed to remain on record. All history was a palimpsest, scraped clean and reinscribed exactly as often as was necessary."
- George Orwell, 1984, Book 1, Chapter 3
"Don't you see that the whole aim of Newspeak is to narrow the range of thought?... Has it ever occurred to your, Winston, that by the year 2050, at the very latest, not a single human being will be alive who could understand such a conversation as we are having now?... The whole climate of thought will be different. In fact, there will be no thought, as we understand it now. Orthodoxy means not thinking—not needing to think. Orthodoxy is unconsciousness."
- George Orwell, 1984, Book 1, Chapter 5

I don't know about you folks in the US but already in the UK many people feel their hard-won freedoms are being slowly but surely trampled under foot

Yes Capn, it's a dire situation here in the US also. Perhaps even worse that what you have over there. Not enough people are truly awake, many are brainwashed and silenced by fear.

:eek: SHHHHHHHHH!!!!!! :eek:

Isn't it interesting how those in power will suggest any means, fair or foul, to restrict our freedom? Of course its all wrapped up in a "its-good-for-you" [/LIST]

I have recently read some of the political philosophy of a british scholar named Sir Isaiah Berlin: it seems to me that much of the Labor Party Policy and the subsequent "loss of liberty" stems from a political philosophy similar to that of Sir Isaiah Berlin (http://www.kirjasto.sci.fi/berlin.htm).

Basically (from what I gather) the idea is that "true liberty/freedom" is only possible by some "restriction of freedom/liberty" - I think it is what he refers to as "Positive Liberty".

Have you read his work, and if so: any opinions about his political philosophy.

You mean the freedom to walk down the street, or say what you want without being arrested.

But not the freedom to go running around town hitting people.


At least that is what I gather from your post.....

Experts: Terrorists Exploit Internet to Recruit, Spread Ideology

By Margaret Besheer
Washington
08 November 2007 (http://www.voanews.com/english/2007-11-08-voa7.cfm)

Besheer report (mp3) - Download 758k (http://www.voanews.com/mediaassets/english/2007_11/Audio/Mp3/LCR%20Besheer%20Internet%20Terrorism%202343537%201 10707%20tw.Mp3)
Listen to Besheer report (mp3) (http://www.voanews.com/english/figleaf/mp3filegenerate.cfm?filepath=http://www.voanews.com/mediaassets/english/2007_11/Audio/Mp3/LCR%20Besheer%20Internet%20Terrorism%202343537%201 10707%20tw.Mp3)

Experts say that the weapons of terrorism today are not limited to bombs and guns, but include all the components of technology, and in particular, the Worldwide Web. They warn that extremists are using the Internet to promote violence, spread ideology and recruit. From Washington, VOA's Margaret Besheer has more.

When authorities raid terrorist hideouts these days they come away not only with components for bombs and other weapons, but they usually cart away computers, cellular phones, video equipment and other tools used for creating and spreading extremist ideology over websites and chat rooms, drawing the disenfranchised and the easily influenced into their cause.

Several experts testified this week before a subcommittee of the U.S. House Committee on Homeland Security about how the Internet has become the weapon of choice for terrorists and other radicals. Their testimony comes in the wake of the passage in the House of the Violent Radicalization and Homegrown Terrorism Prevention Act of 2007 (http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=110_cong_bills&docid=f:h1955rfs.txt.pdf) [aka. Thought Crime Bill] (http://www.ocregister.com/opinion/commission-terrorism-harman-1922198-bill-rights). The centerpiece of that legislation is the creation of a National Commission to study violent radicalization and to determine the best way to combat it.


http://img.photobucket.com/albums/v312/Jasonik/131107House.jpg (http://www.c-spanarchives.org/library/index.php?main_page=product_video_info&products_id=202123-1)
Click image to watch an archived CSPAN broadcast
of the subcommittee hearing of the U.S. House
Committee on Homeland Security.


Bruce Hoffman, a professor at Georgetown University says the near limitless communications options the Internet provides such groups is essential to their survival. "Without an effective communications strategy, a terrorist movement would be unable to assure a continued flow of new recruits into its ranks, motivate and inspire existing members as well as expand the pool of active supporters and passive sympathizers from which terrorism also draws its sustenance," he said.

Rita Katz of the private SITE Institute, which tracks terrorist websites, says the Internet enables terror groups such as al-Qaida to exist despite the money the United States and other nations spend to fight them on the ground. "Though guns, IEDs [improvised explosive devices] and other weapons are necessary for terrorists to remain dangerous, the Internet is what enables them to coordinate, share information, recruit new members and propagate their ideology. If we do not treat the Internet as a crucial battleground in the war on terror we will not be able to defeat the jihadist threat. The virtual jihadi network has replaced al-Qaida training camps," she said.

The Internet is a tool not just for Islamic radicals, but for all types of extremists.

Parry Aftab, an attorney who specializes in Internet issues that affect children, says these groups are using the Web to recruit bored, middle-class young people with access to technology. "Kids who would have never been exposed to this otherwise - who are not Muslims, who are not normally interested in radical groups, who see it as a way to become included, a way to become famous, a way to become "in" [popular], a way to find a place to belong," she said.

So what can be done to take this weapon out of the hands of radicals and terrorists?

Katz says the first step is for intelligence officials and law enforcement authorities to infiltrate these chat rooms and message boards and study them so they can target these groups' weaknesses.

Other recommendations from the experts include educating young people about radical groups and how they use the Internet to recruit, and increasing cooperation internationally to lessen the impact of the Internet as an inexpensive and easily accessible resource for extremists.

While I agree it is a problem, the term "Thought Police" is coming to mind.

IF anything like this comes to bear, we have to make DAMN sure it stays transparent. As soon as our windows get foggy or the shades drawn, we are all going back to 1984.

Washington Prepares for Cyber War Games
Week-Long Simulation Tests Agencies', Companies' Response to Online Attacks

By Brian Krebs
washingtonpost.com Staff Writer
Friday, March 7, 2008; 7:44 AM (http://www.washingtonpost.com/wp-dyn/content/article/2008/03/07/AR2008030701157.html?hpid=sec-tech)

The U.S. government will conduct a series of cyber war games throughout next week to test its ability to recover from and respond to digital attacks.

Code-named 'Cyber Storm II,' this is the largest-ever exercise designed to evaluate the mettle of information technology experts and incident response teams from 18 federal agencies, including the CIA, Department of Defense, FBI, and NSA, as well as officials from nine states, including Delaware, Pennsylvania and Virginia. In addition, more than 40 companies will be playing, including Cisco Systems, Dow Chemical, McAfee, and Microsoft.

In the inaugural Cyber Storm two years ago, planners simulated attacks against the communications and information technology sector, as well as the energy and airline industries. This year's exercise will feature mock attacks by nation states, terrorists and saboteurs against the IT and communications sector and the chemical, pipeline and rail transportation industries.

Jerry Dixon, a former director of the National Cyber Security Division at the Department of Homeland Security who helped to plan both exercises, said Cyber Storm is designed to be a situational pressure-cooker for players: Those who adopt the proper stance or response to a given incident are quickly rewarded by having to respond to even more complex and potentially disastrous scenarios. Players will receive information about the latest threats in part from a simulated news outlet, and at least a portion of the feeds they receive will be intentionally misleading, Dixon said.

'They'll inject some red herring attacks and information to throw intelligence analysts and companies off the trail of the real attackers,' Dixon said. 'The whole time, the clock keeps ticking, and things keep getting worse.'

At a cost of roughly $6.2 million, Cyber Storm II has been nearly 18 months in the planning, with representatives from across the government and technology industry devising attack scenarios aimed at testing specific areas of weakness in their respective disaster recovery and response plans.

'The exercises really are designed to push the envelope and take your failover and backup plans and shred them to pieces,' said Carl Banzhof, chief technology evangelist at McAfee and a cyber warrior in the 2006 exercise.

Cyber Storm planners say they intend to throw a simulated Internet outage into this year's exercise, but beyond that they are holding their war game playbooks close to the vest.

Individuals who helped plan the scenarios all have signed non-disclosure agreements about the details of the planned attacks. They will act as puppeteers apart from the participants, injecting events into the game from a command center at U.S. Secret Service headquarters in Washington, D.C. Meanwhile, players will participate via secure online connections from around the world.

At its most basic, organizers say, the exercise tests the strength of relationships and trust between government officials and the private sector companies that control more than 80 percent of the nation's critical physical and cyber infrastructure. In Cyber Storm I, the Department of Homeland Security and the participating companies largely kept the exercise a secret until it was virtually completed. In fact, most of the companies that participated in Cyber Storm I did so anonymously, so that that private sector players only knew each other's respective companies by fictitious business names.

The fact that so many companies have chosen to trumpet their participation in this year's exercise is a testament to how those trust relationships have grown in the intervening years, said Reneaue Railton, manager of critical infrastructure response for Cisco Systems, a company whose hardware devices help direct a large portion of the traffic on the Internet.

'All the companies that played did so anonymously,' Railton said. 'We didn't always know who we were contacting.'

Railton, who helped plan the attack scenarios in this year's exercise, said Cyber Storm II promises to keep all participants on their toes, like an episode of the television show '24,' only for an entire work week at a time. Dozens of companies and government agencies from Australia, Canada, New Zealand and the United Kingdom will also participate in the war games and will keep the game in flux around the clock, she said.

The war games will be far more realistic and inclusive for Australia, whose participation in the first Cyber Storm amounted to what a spokesperson for the Australian Attorney General's department called "a desktop exercise" that did not include any private sector companies.

"This year, we're setting up an exercise control room and will be sending out injects to the players in both the private sector and the government," said Daniel Gleeson of the Australia's Attorney General's office. "So we'll be involved in this as it unfolds in real time, rather than just talking about what we'd do in those situations."

Every Click You Make
Internet Providers Quietly Test Expanded Tracking of Web Use to Target

By Peter Whoriskey
Washington Post Staff Writer
Friday, April 4, 2008; D01 (http://www.washingtonpost.com/wp-dyn/content/article/2008/04/03/AR2008040304052.html?hpid=sec-tech)

The online behavior of a small but growing number of computer users in the United States is monitored by their Internet service providers, who have access to every click and keystroke that comes down the line.

The companies harvest the stream of data for clues to a person's interests, making money from advertisers who use the information to target their online pitches.

The practice represents a significant expansion in the ability to track a household's Web use because it taps into Internet connections, and critics liken it to a phone company listening in on conversations. But the companies involved say customers' privacy is protected because no personally identifying details are released.

The extent of the practice is difficult to gauge because some service providers involved have declined to discuss their practices. Many Web surfers, moreover, probably have little idea they are being monitored.

But at least 100,000 U.S. customers are tracked this way, and service providers have been testing it with as many as 10 percent of U.S. customers, according to tech companies involved in the data collection.

Although common tracking systems, known as cookies, have counted a consumer's visits to a network of sites, the new monitoring, known as "deep-packet inspection," (http://en.wikipedia.org/wiki/Deep_packet_inspection) enables a far wider view -- every Web page visited, every e-mail sent and every search entered. Every bit of data is divided into packets -- like electronic envelopes -- that the system can access and analyze for content.

"You don't want the phone company tapping your phone calls, and in the same way you don't want your ISP tapping your Web traffic," said Ari Schwartz of the Center for Democracy and Technology, an advocacy group. "There's a fear here that a user's ISP is going to betray them and turn their information over to a third party."

In fact, newly proposed Federal Trade Commission guidelines for behavioral advertising have been outpaced by the technology and do not address the practice directly. Privacy advocates are preparing to present to Congress their concerns that the practice is done without consumer consent and that too little is known about whether such systems adequately protect personal information.

Meanwhile, many online publishers say the next big growth in advertising will emerge from efforts to offer ads based not on the content of a Web page, but on knowing who is looking at it. That, of course, means gathering more information about consumers.

Advocates of deep-packet inspection see it as a boon for all involved. Advertisers can better target their pitches. Consumers will see more relevant ads. Service providers who hand over consumer data can share in advertising revenues. And Web sites can make more money from online advertising, a $20 billion industry that is growing rapidly.

With the service provider involved in collecting consumer data, "there is access to a broader spectrum of the Web traffic -- it's significantly more valuable," said Derek Maxson, chief technology officer of Front Porch, a company that collects such data from millions of users in Asia and is working with a number of U.S. service providers.

Consider, say, the Boston Celtics Web site. Based on its content, it posts ads for products a Celtics fan might be interested in: Adidas, a Boston hotel and so on.

With information about users from deep-packet inspection, however, advertisers might learn that the person looking at the Celtics Web site is also a potential car customer because he recently visited the Ford site and searched in Google for "best minivans." That means car companies might be interested in sending an ad to that user at the Celtics site, too.

For all its promise, however, the service providers exploring and testing such services have largely kept quiet -- "for fear of customer revolt," according to one executive involved.

It is only through the companies that design the data collection systems -- companies such as NebuAd (http://www.bloggingstocks.com/2007/11/19/nebuad-ceo-explains-next-step-in-behavioral-targeting/), Phorm (http://www.techdirt.com/articles/20080306/074534461.shtml) and Front Porch (http://www.frontporch.com/html/privacy_policy_US.html) -- that it is possible to gauge the technology's spread. Front Porch collects detailed Web-use data from more than 100,000 U.S. customers through their service providers, Maxson said. NebuAd has agreements with providers covering 10 percent of U.S. broadband customers, chief executive Bob Dykes said.

In England, Phorm is expected in the coming weeks to launch its monitoring service with BT, Britain's largest Internet broadband provider.

NebuAd and Front Porch declined to name the U.S. service providers they are working with, saying it's up to the providers to announce how they deal with consumer data.

Some service providers, such as Embarq (http://www2.embarq.com/legal/privacy.html?rid=privacy) and Wide Open West (http://www1.wowway.com/wow/wow.aspx?ConIdent=28&RCView=Nothing), or WOW, have altered their customer-service agreements to permit the monitoring.

Embarq describes the monitoring as a "preference advertising service." Wide Open West tells customers it is working with a third-party advertising network and names NebuAd as its partner.

Officials at WOW and Embarq declined to talk about any monitoring that has been done.

Each company allows users to opt out of the monitoring, though that permission is buried in customer service documents. The opt-out systems work by planting a "cookie," or a small file left on a user's computer. Each uses a cookie created by NebuAd.

Officials at another service provider, Knology (http://www.knology.com/about/legal.cfm), said it was working with NebuAd and is conducting a test of deep-packet inspection on "several hundred" customers in a service area it declined to identify.

"I don't view it as violating any privacy data at all," said Anthony Palermo, vice present of marketing at Knology. "My understanding is that all these companies go through great pains to hash out information that is specific to the consumer."

One central issue, of course, is how well the companies protect consumer data.

NebuAd promises to protect users' privacy in a couple of ways.

First, every user in the NebuAd system is identified by a number that the company assigns rather than an Internet address, which in theory could be traced to a person. The number NebuAd assigns cannot be tracked to a specific address. That way, if the company's data is stolen or leaked, no one could identify customers or the Web sites they've visited, Dykes said.

Nor does NebuAd record a user's visits to pornography or gaming sites or a user's interests in sensitive subjects -- such as bankruptcy or a medical condition such as AIDS. The company said it processes but does not look into packets of information that include e-mail or pictures.

What it does do is categorize users into dozens of targeted consumer types, such as a potential car buyer or someone interested in digital cameras.

Dykes noted that by a couple of measures, their system may protect privacy more than such well-known companies as Google. Google stores a user's Internet address along with the searches made from that address. And while Google's mail system processes e-mail and serves ads based on keywords it finds in their text, NebuAd handles e-mail packets but does not look to them for advertising leads.

Such privacy measures aside, however, consumer advocates questioned whether monitored users are properly informed about the practice.

Knology customers, for example, cull the company's 27-page customer service agreement (http://www.knology.com/about/pdf/custService_agree_121207.pdf) or its terms and condition for service to find a vague reference to its tracking system.

"They're buried in agreements -- who reads them?" said David Hallerman, a senior analyst at eMarketer. "The industry is setting itself up by not being totally transparent. . . . The perception is you're being tracked and targeted."

Now the question rises, is there a program or service that allows encryption of your internet traffic? Either by deliberately funneling through a, is the right name, Proxy server? Either by doing that or simply making it impossible to read what you have sent.

Bad stuff though, but predictable. In order to "better serve you" they need to find out more about you, whether you want them to or not.

How else would they know you needed Prep H unless they found you searching for Hemorrhoids on Google? :p

Transcript: FBI director on surveillance of 'illegal' Internet activity

April 23, 2008 5:57 PM PDT
Posted by Declan McCullagh (http://www.news.com/8301-13578_3-9927552-38.html?tag=nefd.blgs)

http://i.i.com.com/cnwk.1d/i/bto/20080423/mueller2_270x171.jpg
FBI director Robert Mueller, shown here at Wednesday's
hearing, says 'legislation has to be developed' that would
'identify the illegal activity as it comes through and give
us the ability to preempt that illegal activity.'
(Credit: Anne Broache/CNET News.com)

When the FBI suggested (http://www.news.com/8301-10784_3-9926899-7.html) that it should be able to perform wide-scale Internet monitoring to detect "illegal activity" on Wednesday, the bureau raised more questions than it answered.

To help clear things up, we're providing the transcript of FBI Director Robert Mueller's exchange at a House of Representatives hearing with Rep. Darrell Issa, a California Republican. Issa made his fortune by founding Directed Electronics (http://www.directed.com/), a publicly traded company that sells car alarms and home theater loudspeakers.

Issa also is a member of the House Intelligence Committee, which is holding a closed hearing (http://intelligence.house.gov/EventsItem.aspx?id=327) on Thursday devoted to the Bush administration's so-called Cyber Initiative (http://news.slashdot.org/article.pl?sid=08/04/15/125235&from=rss). In January, President Bush signed a pair (http://www.dhs.gov/xnews/releases/pr_1207684277498.shtm) of secret orders--National Security Presidential Directive 54/Homeland Security Presidential Directive 23--that apparently deal with detecting and preventing Internet disruptions.

Here's the relevant section of the transcript from the House Judiciary hearing on Wednesday:

Rep. Issa: Director, there isn't enough time in five minutes to open and close the subject of the Cyber Initiative, but this committee, in my opinion, is going to be the lead committee on, ah, the actual effectiveness of that initiative. As we both know it's compartmented, highly classified. But I'd like to concentrate just on what laws or changes that you would need from this committee if you were to do the following, and I'll set out a scenario.

If you go into a place and there's a crime actively being committed, let's say there's a bookie joint, and there's tens of thousands of illegal transactions going on every minute. And you know that. And you have proof of that. You don't question your ability to go in and to harvest the fruit of all the activities in there, is that correct?

Mueller: That's correct.

Mueller: With a search warrant, quite honestly.

Rep. Issa: With a search warrant. Today every ISP is being maliciously attacked--this goes beyond the .mils and .govs--but I think that's the important reason that we approach it today. Every ISP is being attacked, maliciously both from in the United States and outside of the United States, by those who want to invade people's privacy. But more importantly they want to take control of computers, they want to hack them, they want to steal information. This is also true of the .mils and .govs. Every one of our congressional offices, every day, is under attack.

Every portal leading out of the United States, some of them going in and out of the United States, but talking only about your jurisdiction in the United States. Every portal coming into this country is being attacked by those who would harvest information, both national security secrets and just the common information of private individuals and private individuals.

That crime is going on, every day, on a single entity known as the Internet. What authorities do you need to monitor, looking for those illegal activities, and then act on those, both defensively and, either yourselves or certainly other agencies, offensively in order to shut down a crime in process?

Now, I'm a civil libertarian. I was with Bob Barr arguing some of the elements of the Patriot Act that we still don't agree should have been there. But when I set up the crime scenario, how is it that you're going to get the right to react when today, people would say that if they, if you're addressing an action from an American person, you don't have that right? How are you going to do it, and how can we help you do it appropriately and constitutionally?

Mueller: I think legislation has to be developed that balances on one hand, the privacy rights of the individual who are receiving the information, but on the other hand, given the technology, the necessity of having some omnibus search capability utilizing filters that would identify the illegal activity as it comes through and give us the ability to preempt that illegal activity where it comes through a choke point as opposed to the point where it is diffuse on the Internet.

And it is a question of the legislation catching up to the technology. Understanding that these crimes are being committed every moment. But then identifying our ability to focus on the particular criminal element as it's coming through and preempt that criminal element, whether it be .mil, .gov, .com, whichever network you're talking about.

Rep. Issa: OK, and one follow-up question, or two follow-up questions, because I know we're not going to get it all resolved today. One, can you have someone on your staff designated to work with members of Congress on trying to craft that legislation? I'd appreciate being able to work with that person.

And secondly, and this goes to a legal opinion you may or may not be able to help us with today, but I'd like you to try to work on it. If ISPs or other private entities, a Lockheed Martin on one hand, and my old company, Directed Electronics on the other, if they consented to participation voluntarily in being, in fact, defended in a Cyber Initiative--and that includes ISPs that hypothetically got consent from every single person who signed up to operate under their auspices.

If that consent were granted, do you believe that current laws either can or reasonably easily could be made to protect them? In other words, a voluntary program that would begin allowing federal agencies to counter-attack and to defend on behalf of those who waive current possible restrictions in that sense. And that's probably my most important question to get this committee thinking of.

Mueller: I think that's going to require some thought because an individual company can say "OK, I consent to have somebody protect me." But if the filter is inappropriately placed just protecting that particular company, it may have to be one or two or three institutions or ISPs off, and that's where you would have a problem. whether it would be, i forget what company you mentioned, but Lockheed Martin saying," I'm willing for somebody to protect me," but the protection may be two or three companies off. Lockheed Martin has no mechanism in order to affect the company that's two or three off, if you see what I'm getting at.

Rep. Issa: Thank you, and thank you, Mr. Chairman. Hopefully 163.33.33.0 will be protected if they ask to be, whoever they are. (Editor's note: 163.33.33 seems to be an Internet protocol address near San Jose, Calif.)

Rep. Conyers: As you wish, Mr. Issa.

Rep. Issa: Mr. Chairman, I do hope that when we look at the Cyber Initiative, we view ourselves as the primary committee that has to clear the way for appropriate action on behalf of our government, all branches.

Rep. Conyers: (Nods)

*****

So Fatherland Security wants internet "choke points" with total traffic monitoring "utilizing filters" searching for "illegal activity" with the goal being to "preempt" the activity.

Some questions this raises:
Don't intentional choke points defeat the purpose of the decentralized diffuse internet?
Can the government be trusted to not shut down or restrict content for the entire internet if given the ability, i.e. act like China?
Presuming the "preemption" described restricts the violators access to the greater internet what recourse will there be for erroneous preemption? Will ISPs be required to execute any aspect of such a "preemption?"
Will the accused be victims of pre-conviction property confiscation, like suspected drug criminals?
Will thought crimes, e.g. gov't sanctioned free speech, and limits placed upon free association, with the purpose of limiting the free exchange of ideas - political and otherwise, be part of the forbidden "illegal activity?"
Will there be any oversight of intelligence agencies' information gathering that will undoubtedly result from these "choke points?"

FBI's Net surveillance proposal raises privacy, legal concerns

April 25, 2008 12:25 PM PDT
Posted by Declan McCullagh (http://www.news.com/8301-13578_3-9929085-38.html)

The FBI director and a Republican congressman sketched out a far-reaching plan this week for warrantless surveillance of the Internet.

During a House of Representatives Judiciary Committee hearing, the FBI's Robert Mueller and Rep. Darrell Issa of California talked about (http://www.news.com/8301-10784_3-9926899-7.html) what amounts to a two-step approach. Step 1 involves asking Internet service providers to open their networks to the FBI voluntarily; step 2 would be a federal law forcing companies to do just that.

Both have their problems, legal and practical, but let's look at step 1 first. Issa suggested that Internet providers could get "consent from every single person who signed up to operate under their auspices" for federal police to monitor network traffic for attempts to steal personal information and national secrets. Mueller said "legislation has to be developed" for "some omnibus search capability, utilizing filters that would identify the illegal activity as it comes through and give us the ability to pre-empt" it.

These are remarkable statements. The clearest reading of them points to deep packet inspection (http://en.wikipedia.org/wiki/Deep_packet_inspection) of network traffic--akin to the measures Comcast took against BitTorrent and to what Phorm in the United Kingdom has done (http://news.zdnet.com/2100-9588_22-6230613.html), in terms of advertising--plus additional processing to detect and thwart any "illegal activity." (See the complete transcript (http://www.news.com/8301-13578_3-9927552-38.html) here.)

"That's very troubling," said Greg Nojeim, director of the project on freedom, security, and technology at the Center for Democracy and Technology (http://www.cdt.org/). "It could be an effort to achieve, through unknowing consent, permission to monitor communications in a way that would otherwise be prohibited by law."

Unfortunately, neither Issa nor Mueller recognized that such a plan is probably illegal. California law, for instance, says (http://caselaw.lp.findlaw.com/cacodes/pen/630-637.9.html) anyone who "intentionally and without the consent of all parties to a confidential communication" conducts electronic surveillance shall be imprisoned for one year. (I say "probably illegal" because their exchange didn't offer much in the way of details.)

"I think there's a substantial problem with what Mueller's proposing," said Al Gidari (http://www.perkinscoie.com/professionals/professionals_detail.aspx?professional=0a69ed46-211a-4ceb-bb8b-9f41df8d92f7&op=news), a partner at the Perkins Coie law firm who represents telecommunications providers. "He forgets the states have the power to pass more restrictive rules, and 12 of them have (http://www.aapsonline.org/judicial/telephone.htm). He also forgets that we live in a global world, and the rest of the world doesn't quite see eye to eye on this issue. That consent would be of dubious validity in Europe, for instance, where many of our customers reside."

For its part, the FBI isn't talking. After we made repeated attempts to get the bureau to explain what Mueller was talking about, FBI spokesman Paul Bresson responded by saying, "At this point, I'm going to let the director's comments, in the context of the exchange with Rep. Issa, speak for themselves."

What step 1 appears to involve is persuading Internet providers to amend their terms of service and insert an FBI-can-monitor-everything clause. Informed consent is one thing. But does anyone actually read the fine print on their contracts with their broadband or wireless provider? If not, is that fine print good enough?

Informed consent is important because of the wording of the Electronic Communications Privacy Act (http://www.law.cornell.edu/uscode/18/usc_sec_18_00002702----000-.html), or ECPA, which says providers may share the contents of customers' communications only "with the lawful consent" of the user. Otherwise, providers are breaking the law and can be sued for damages. And without consent, the FBI would bump up against the Fourth Amendment's prohibition on unreasonable searches.

Originally, Congress seemed to take a liberal view of what constituted "lawful consent." When ECPA was enacted in 1986, a House committee report said "consent may be inferred from a course of dealing," and if "those rules are available to users," consent can be implied.

But that was written way back in the early, pre-Internet days of Compuserve and bulletin board systems. More recently, courts have interpreted ECPA more strictly.

The 2003 In Re Pharmatrak decision (http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=1st&navby=case&no=022138&exact=1) from the U.S. Court of Appeals for the 1st Circuit offers one useful measuring stick. The court ruled in a case involving Web tracking "that it makes more sense to place the burden of showing consent on the party seeking the benefit of the exception." The judges approvingly cited a second case, which said "consent can only be implied when the surrounding circumstances convincingly show that the party knew about and consented to the interception."

The Federal Trade Commission, too, has taken a relatively strict view of informed consent. In its lawsuit filed against Odysseus Marketing (http://www.ftc.gov/os/caselist/0423205/0423205.shtm), the FTC argued that it was unlawful for a company not "to adequately disclose" to customers that it was sharing information with third parties. The case ended in a settlement.

Translation: Obtaining "lawful consent" for FBI monitoring means making sure that your customers actually know what's going on and agree. Hiding it in the terms of service doesn't qualify.

But assume that the FBI can persuade Internet providers to include a prominent notice in every monthly bill, or some other mechanism that would be legally sufficient. Another problem is that even if the person who pays the bills consents to monitoring, other people may use the connection--think homes with open wireless connections. ECPA's legal protections follow individual people, not customer accounts.

Rewriting U.S. surveillance laws
Because the FBI would run into serious problems doing wide-scale Internet surveillance under existing state and federal law, step 2 may be necessary. That means rewriting U.S. surveillance law.

Issa said he wants to "craft" legislation that would give the FBI the power to look "for those illegal activities, and then act on those, both defensively and, either yourselves or certainly other agencies, offensively in order to shut down a crime in process." He worried about "national-security secrets and just the common information of private individuals" being at risk. In his response, Mueller said he wants Congress to "give us the ability to pre-empt that illegal activity."

"Looking for" a crime in process on the Internet can take multiple paths. If it's a denial-of-service attack against eBay or Amazon.com originating from Russian servers, it can be detected by measuring the amount of traffic without inspecting the contents each packet. But to detect fraud and "national-security secrets," as well as personal information being transferred, deep packet inspection would be necessary--roughly on a scale of the Great Firewall of China (http://en.wikipedia.org/wiki/Internet_censorship_in_the_People's_Republic_of_Ch ina).

Needless to say, detecting "illegal activity" would soon be extended to copyright infringement and peer-to-peer networks. Under the No Electronic Theft Act (http://www.news.com/Perspective-The-new-jailbird-jingle/2010-1071_3-982121.html), swapping music or video files is a federal crime, if the total value of the files exceeds $1,000. If the value tops $2,500, the penalties jump up to not more than five years in prison. And as Jammie Thomas found out (http://www.news.com/8301-13578_3-9791764-38.html) last year, allegedly sharing 24 files can lead to $222,000 in civil penalties.

"I think you bump squarely into the Fourth Amendment when you get into the required waiver of constitutional protections to use a service," said Gidari, the attorney at Perkins Coie. "Why don't we extend it to include not criticizing the government? Which right is next? 'You may use our service, as long as you don't disparage Verizon?' Why not that one?...You've still got to have, at the end of the day, a constitutionally supportable legal process to get access to anyone's communications. This cannot be an end run around that."

The problem of how to "shut down a crime in process" and "pre-empt that illegal activity" is more difficult and, perhaps, more worrisome.

Here's what Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation (http://www.eff.org/) in San Francisco, had to say when I asked him to read the transcript of Wednesday's hearing:
It certainly is Mueller's responsibility to explain what it is that he's looking for. But it seems that he's saying, essentially, that the surveillance society is the best society. A society in which the government has complete information about illegal activities and is able to enforce that. Throughout our country's existence, we've lived in a society where the government doesn't have perfect information.

Is (Mueller) suggesting that there's a search capability using filters that would identify an infringing work and fail to deliver a message containing that work? Is that the choke point? If that is the case, how can that be done well? How about fair uses? How will the government tell whether a copyrighted work is sent pursuant to a license? Will it have a centralized database of licenses? How does he propose to have this work, so it only identifies illegal activities and doesn't overly choke?

The FBI has some obligation to explain: what is it going to focus on here? Once you have the technology in place, will it then be used for more and more?
If you thought the tussles over Net neutrality were heated before, imagine a broadband provider throttling certain applications--and being able to blame that throttling capability on law enforcement. At the very least, it would be a wonderful excuse.

Which is why it's a shame, and somewhat troubling, that the FBI has chosen not to say what its director is proposing (and apparently will be working with Congress to write into law).

Odds of FBI-filtering legislation: Zero?
One possible germ for this Internet-monitoring idea lies in Homeland Security's so-called Einstein program, which is designed to monitor Internet mischief and network disruptions aimed at federal agencies. Not much about Einstein is public, but a privacy impact assessment (http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_eisntein.pdf) offers some details.

Homeland Security Spokeswoman Laura Keehner said in a telephone interview that the primary focus of Einstein at the moment is protecting federal-government networks. "Obviously, the FBI could clarify or elaborate on what they said," Keehner said. "I do know that (from Homeland Security's perspective) we now first need to get our .gov in order. We need to concentrate on our federal networks...We're also bringing in the private sector to open those lines of discussion and figure out ways that the private sector can better equip themselves to stop any cyberincursions."

Another possibly related effort is the Bush administration's so-called Cyber Initiative. In January, President Bush signed a pair of secret orders (http://intelligence.house.gov/EventsItem.aspx?id=327)--National Security Presidential Directive 54/Homeland Security Presidential Directive 23--that apparently deal with detecting and preventing Internet disruptions. Issa is a member of the House Intelligence Committee, which held a closed-door hearing (http://intelligence.house.gov/EventsItem.aspx?id=327) on Thursday devoted to the Cyber Initiative--and, during the exchange with Mueller a day earlier, he said his monitoring idea was related.

The House Intelligence committee didn't want to talk. But a representative of the House Homeland Security committee chaired by Rep. Bennie Thompson (D-Miss.) sent us three bullet points in an e-mail message:
1. Chance of a legislative initiative that would allow FBI to place filters to identify illegal activity at choke points on the .com space: 0

2. We still have concerns and questions about the initiative, and we continue to do oversight.

3. Legislation is not being considered for any of the new proposals, outside of the budget requests made by the administration.
Point No. 3 seems to relate to the administration's 2009 budget request (http://www.news.com/8301-10784_3-9882031-7.html), which asks Congress for $293.5 million to expand Einstein to the entire federal government.

The Senate Homeland Security and Governmental Affairs Committee, which is headed by Joe Lieberman of Connecticut, also held a classified hearing (http://hsgac.senate.gov/public/index.cfm?FuseAction=PressReleases.Detail&Affiliation=C&PressRelease_id=fb5b20a1-0c0a-4770-9f58-19924f78dbd2&Month=3&Year=2008) last month on the administration's Cyber Initiative.

But a committee aide told us, "The idea of filtering for criminal activity has never been discussed with us. Nor has any new statutory authority been discussed. In fact, the administration explicitly said it didn't need any legislation. Furthermore, the idea of monitoring nongovernment domains has never been proposed in briefings the committee has received."

It's true that, at least in the current political climate, legislation of the sort Issa wants to draft isn't likely to slide through Congress unopposed.

Still, it's worth keeping in mind that the FBI has a recent, and not very flattering, history of trying to expand the scope of surveillance methods. Bureau agents used so-called exigent letters (http://www.washingtonpost.com/wp-dyn/content/article/2007/03/10/AR2007031000983.html) to obtain records from telephone companies, claiming that an emergency situation existed.

In reality, there was often no emergency at all. The Justice Department's inspector general found similar abuses of national-security letters (http://www.news.com/Report-FBIs-snooping-did-not-follow-rules/2100-1028_3-6166015.html). The FBI also tried to bypass the Foreign Intelligence Surveillance Court (http://www.washingtonpost.com/wp-dyn/content/article/2008/03/13/AR2008031302277.html) when it denied requests to obtain records.

Perhaps Mueller can provide a convincing argument for why laws giving the FBI "omnibus search capability utilizing filters that would identify the illegal activity" would be wise. Perhaps not. But when politicians weigh the idea of trusting the FBI with such broad and unprecedented authority, they should consider the abuses that have already taken place with far less powerful tools.

CNET News.com's Anne Broache contributed to this report.

FCC proposes free Internet... as long as it's censored

http://rawstory.com/images/new/computer_chains_censorship.jpg

05/29/2008 @ 7:47 pm
Filed by Reuters
By Peter Kaplan (http://rawstory.com/news/2008/FCC_proposes_free_Internet..._as_long_0529.html)

WASHINGTON (Reuters) - U.S. communications regulators are considering auctioning a piece of the airwaves to buyers willing to provide free broadband Internet service without pornography.

Federal Communications Commission Chairman Kevin Martin is proposing to auction an unused piece of 25 megahertz wireless spectrum, with the condition that the winning bidder offer free Internet access and filter out obscene content on part of those airwaves, a spokesman for the FCC said on Thursday.

"We're hoping there will be increased interest in the proposal; and because this will provide wireless broadband services to more Americans, it is certainly something we want (http://web.cn.edu/kwheeler/documents/Censorship.pdf) to see," said FCC spokesman Rob Kenny.

Under Martin's proposal, the winner would be allowed to use the rest of the airwaves for commercial services.

The plan would address criticism from some consumer advocates, who say the government has not done enough to get broadband service into more households. It also could win praise from anti-obscenity watchdog groups.

"I think there are a number of features of the plan that would be attractive to various constituencies (http://www.cp80.com/)," said Stifel Nicolaus analyst Blair Levin.

But the plan got a lukewarm response from existing wireless carriers. The industry's chief trade group, called CTIA, said auction provisions such as the free-service requirement were too rigid.

"CTIA supports flexible auction rules that allow any and all entities (http://www.nframe.com/antiporn.html) to participate," the group said in a statement.

The winning bidder also would have to build out the system to serve 50 percent of the U.S. population within four years and 95 percent within 10 years.

Further details of the plan have yet to be worked out, but Martin's plan is expected to come up at the FCC's next meeting on June 12.

Martin's proposal is similar to a plan put forth previously by a start-up company called M2Z. Under that plan, which was not approved by the FCC, M2Z would have been given the spectrum at no up-front cost. It would have provided free service, generating revenue partly through advertising.

The 25 MHz spectrum at issue is not viewed as highly attractive to wireless carriers, unlike the 700 MHz spectrum auctioned by the FCC earlier this year. There has been little previous interest in it, aside from the M2Z proposal.

(Editing by Tim Dobbyn and Gerald E. McCormick)

Weird.

First, is that a Mac Classic?

Second, I can see where they would like to offer a section of bandwidth for free access, but restrict pornography and other venues (gambling may be one of them).

This would be akin to the current OTA television channels now being broadcast.

Although our definition of pronography is a little, puritan, when compared to most of the other "western" civilizations, there is way too much that can be seen by youngsters that could mess them up royally without a few years of social buffering.

Anywho, it looks lik ethey are offering a carrot to these guys, but that 95% bit seems like they are trying to get the providers to carry the mule over to get it.

Interesting though...

Rights like free speech don't always extend online

By ANICK JESDANUN
AP Internet Writer (http://news.wired.com/dynamic/stories/T/TEC_DISAPPEARING_FREEDOMS?SITE=WIRE&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2008-07-06-14-17-49)

NEW YORK (AP) -- Rant all you want in a public park. A police officer generally won't eject you for your remarks alone, however unpopular or provocative.
Say it on the Internet, and you'll find that free speech and other constitutional rights are anything but guaranteed.
Companies in charge of seemingly public spaces online wipe out content that's controversial but otherwise legal. Service providers write their own rules for users worldwide and set foreign policy when they cooperate with regimes like China. They serve as prosecutor, judge and jury in handling disputes behind closed doors.

The governmental role that companies play online is taking on greater importance as their services - from online hangouts to virtual repositories of photos and video - become more central to public discourse around the world. It's a fallout of the Internet's market-driven growth, but possible remedies, including government regulation, can be worse than the symptoms.

Dutch photographer Maarten Dors met the limits of free speech at Yahoo Inc.'s photo-sharing service, Flickr, when he posted an image of an early-adolescent boy with disheveled hair and a ragged T-shirt, staring blankly with a lit cigarette in his mouth.

Without prior notice, Yahoo deleted the photo on grounds it violated an unwritten ban on depicting children smoking. Dors eventually convinced a Yahoo manager that - far from promoting smoking - the photo had value as a statement on poverty and street life in Romania. Yet another employee deleted it again a few months later.

"I never thought of it as a photo of a smoking kid," Dors said. "It was just of a kid in Romania and how his life is. You can never make a serious documentary if you always have to think about what Flickr will delete."

There may be legitimate reasons to take action, such as to stop spam, security threats, copyright infringement and child pornography, but many cases aren't clear-cut, and balancing competing needs can get thorny.
[Market driven? Government mandates provider monitoring for certain instances.]

"We often get caught in the middle between a rock and a hard place," said Christine Jones, general counsel with service provider GoDaddy.com Inc. "We're obviously sensitive to the freedoms we have, particularly in this country, to speak our mind, (yet) we want to be good corporate citizens and make the Internet a better and safer place."

In Dors' case, the law is fully with Yahoo. Its terms of service, similar to those of other service providers, gives Yahoo "sole discretion to pre-screen, refuse or remove any content." Service providers aren't required to police content, but they aren't prohibited from doing so. [A lie. Or a blatant distortion insofar as providers aren't required to police for smoking children.]

While mindful of free speech and other rights, Yahoo and other companies say they must craft and enforce guidelines that go beyond legal requirements to protect their brands and foster safe, enjoyable communities - ones where minors may be roaming.

Guidelines help "engender a positive community experience," one to which users will want to return, said Anne Toth, Yahoo's vice president for policy.

Dors ultimately got his photo restored a second time, and Yahoo has apologized, acknowledging its community managers went too far.

Heather Champ, community director for Flickr, said the company crafts policies based on feedback from users and trains employees to weigh disputes fairly and consistently, though mistakes can happen.

"We're humans," she said. "We're pretty transparent when we make mistakes. We have a record of being good about stepping up and fessing up."

But that underscores another consequence of having online commons controlled by private corporations. Rules aren't always clear, enforcement is inconsistent, and users can find content removed or accounts terminated without a hearing. Appeals are solely at the service provider's discretion.

Users get caught in the crossfire as hundreds of individual service representatives apply their own interpretations of corporate policies, sometimes imposing personal agendas or misreading guidelines.

To wit: Verizon Wireless barred an abortion-rights group from obtaining a "short code" for conducting text-messaging campaigns, while LiveJournal suspended legitimate blogs on fiction and crime victims in a crackdown on pedophilia. Two lines criticizing President Bush disappeared from AT&T Inc.'s webcast of a Pearl Jam concert. All three decisions were reversed only after senior executives intervened amid complaints.

Inconsistencies and mysteries behind decisions lead to perceptions that content is being stricken merely for being unpopular.

"As we move more of our communications into social networks, how are we limiting ourselves if we can't see alternative points of view, if we can't see the things that offend us?" asked Fred Stutzman, a University of North Carolina researcher who tracks online communities.

First Amendment protections generally do not extend to private property in the physical world, allowing a shopping mall to legally kick out a customer wearing a T-shirt with a picture of a smoking child.

With online services becoming greater conduits than shopping malls for public communications, however, some advocacy groups believe the federal government needs to guarantee open access to speech. That, of course, could also invite meddling by the government, the way broadcasters now face indecency and other restrictions that are criticized as vague.

Others believe companies shouldn't police content at all, and if they do, they should at least make clearer the rules and the mechanisms for appeal.

"Vagueness does not inspire the confidence of people and leaves room for gaming the system by outside groups," said Lauren Weinstein, a veteran computer scientist and Internet activist. "When the rules are clear and the grievance procedures are clear, then people know what they are working with and they at least have a starting point in urging changes in those rules."

But Marjorie Heins, director of the Free Expression Policy Project, questions whether the private sector is equipped to handle such matters at all. She said written rules mean little when service representatives applying them "tend to be tone-deaf. They don't see context."

At least when a court order or other governmental action is involved, "there's more of a guarantee of due process protections," said Robin Gross, executive director of the civil-liberties group IP Justice. With a private company, users' rights are limited to the service provider's contractual terms of services.

Jonathan Zittrain, a Harvard professor who recently published a book on threats to the Internet's openness, said parties unhappy with sensitive materials online are increasingly aware they can simply pressure service providers and other intermediaries.

"Going after individuals can be difficult. They can be hard to find. They can be hard to sue," Zittrain said. "Intermediaries still have a calculus where if a particular Web site is causing a lot of trouble ... it may not be worth it to them."

Unable to stop purveyors of child pornography directly, New York Attorney General Andrew Cuomo recently persuaded three major access providers to disable online newsgroups that distribute such images. But rather than cut off those specific newsgroups, all three decided to reduce administrative hassles by also disabling thousands of legitimate groups devoted to TV shows, the New York Mets and other topics.

Gordon Lyon, who runs a site that archives e-mail postings on security, found his domain name suddenly deactivated because one entry contained MySpace passwords obtained by hackers.

He said MySpace went directly to domain provider GoDaddy, which effectively shut down his entire site, rather than contact him to remove the one posting or replace passwords with asterisks. GoDaddy justified such drastic measures, saying that waiting to reach Lyon would have unnecessarily exposed MySpace passwords, including those to profiles of children.

Meanwhile, in response to complaints it would not specify, Network Solutions LLC decided to suspend a Web hosting account that Dutch filmmaker Geert Wilders was using to promote a movie that criticizes the Quran - before the movie was even posted and without the company finding any actual violation of its rules.

Service providers say unhappy customers can always go elsewhere, but choice is often limited.

Many leading services, particularly online hangouts like Facebook and News Corp.'s MySpace or media-sharing sites such as Flickr and Google Inc.'s YouTube, have acquired a cachet that cannot be replicated. To evict a user from an online community would be like banishing that person to the outskirts of town.

Other sites "don't have the critical mass. No one would see it," said Scott Kerr, a member of the gay punk band Kids on TV, which found its profile mysteriously deleted from MySpace last year. "People know that MySpace is the biggest site that contains music."

MySpace denies engaging in any censorship and says profiles removed are generally in response to complaints of spam and other abuses. GoDaddy also defends its commitment to speech, saying account suspensions are a last resort.

Few service providers actively review content before it gets posted and usually take action only in response to complaints.

In that sense, Flickr, YouTube and other sites consider their reviews "checks and balances" against any community mob directed at unpopular speech - YouTube has pointedly refused to delete many video clips tied to Muslim extremists, for instance, because they didn't specifically contain violence or hate speech.

Still, should these sites even make such rules? And how can they ensure the guidelines are consistently enforced?

YouTube has policies against showing people "getting hurt, attacked or humiliated," banning even clips OK for TV news shows, but how is YouTube to know whether a video clip shows real violence or actors portraying it? Either way, showing the video is legal and may provoke useful discussions on brutality.

"Balancing these interests raises very tough issues," YouTube acknowledged in a statement.

Unwilling to play the role of arbiter, the group-messaging service Twitter has resisted pressure to tighten its rules.

"What counts as name-calling? What counts as making fun of someone in a way that's good-natured?" said Jason Goldman, Twitter's director of program management. "There are sites that do employ teams of people that do that investigation ... but we feel that's a job we wouldn't do well."

Other sites are trying to be more transparent in their decisions.

Online auctioneer eBay Inc., for instance, has elaborated on its policies over the years, to the extent that sellers can drill down to where they can ship hatching eggs (U.S. addresses only) and what items related to natural disasters are permissible (they must have "substantial social, artistic or political value"). Hypothetical examples accompany each policy.

LiveJournal has recently eased restrictions on blogging. The new harassment clause, for instance, expressly lets members state negative feelings or opinions about another, and parodies of public figures are now permitted despite a ban on impersonation. Restrictions on nudity specifically exempt non-sexualized art and breast feeding.

The site took the unusual step of soliciting community feedback and setting up an advisory board with prominent Internet scholars such as Danah Boyd and Lawrence Lessig and two user representatives elected in May.

The effort comes just a year after a crackdown on pedophilia backfired. LiveJournal suspended hundreds of blogs that dealt with child abuse and sexual violence, only to find many were actually fictional works or discussions meant to protect children. The company's chief executive issued a public apology.

Community backlash can restrain service providers, but as Internet companies continue to consolidate and Internet users spend more time using vendor-controlled platforms such as mobile devices or social-networking sites, the community's power to demand free speech and other rights diminishes.

Weinstein, the veteran computer scientist, said that as people congregate at fewer places, "if you're knocked off one of those, in a lot of ways you don't exist."

© 2008 The Associated Press.

*****

This telecom immunity thing has ISPs over a barrel. They'll continue to do whatever the gov't says, including their dirty work for them under the guise of the unrestrained free market.

Hunting down pedophiles and child pornography will be our tortured path to tyranny. Any coincidence that child rapists aren't given the death penalty (http://www.al.com/opinion/birminghamnews/index.ssf?/base/opinion/121464098634020.xml&coll=2)?

Army Secretary: We're Falling Behind Online

By David Axe, July 17, 2008 (http://blog.wired.com/defense/2008/07/army-secretary.html)

Senior Army leaders have fallen behind the breakneck development of cheap digital communications including cell phones, digital cameras and Web 2.0 Internet sites such as blogs and Facebook, Army Secretary Pete Geren said at a trade conference on July 10. That helps explain how "just one man in a cave that's hooked up to the Internet has been able to out-communicate the greatest communications society in the history of the world -- the United States," Geren said, according to Inside Defense (http://www.insidedefense.com/). (Subscription required.)

"It's a challenge not only at home, it's a challenge in recruiting, it's a challenge internationally, because effective communication brings people over to our side and ineffective communication allows the enemy to pull people to their side," Geren continued. He said the Army brass needs to catch up -- fast. But how exactly?

One solution: "Find a blog to be a part of," Geren said.

Young people embrace social media "as a fluent second language," he added. Army leaders have to do the same.
But embracing that high-tech, second language could be hard for the Army, just as it poses challenges for the defense industry.

"I was talking to a senior executive this week, one of our major defense contractors," Geren recounted. "And he said that they've assigned a young person to every senior executive to be like his or her translator and connect with the new information technologies."

This remark triggered laughter throughout the hotel ballroom.
This isn't the first time an Army big wig has called for the service to embrace the digital, Do-It-Yourself age. Despite the occasional crackdown on soldier-bloggers (http://blog.wired.com/defense/2008/07/bosses-delete-o.html) in Iraq, the Army is still way ahead of the other military services when it comes to the Internet.

At the U.S. Military Academy in West Point, a tiny office of Web-savvy mavericks is creating Army-specific Web 2.0 tools (http://www.worldpoliticsreview.com/article.aspx?id=2068) (blogs, forums, social networks) for soldiers. At the Army's graduate school in Kansas, blogging is a new addition to the curriculum (http://washingtonindependent.com/view/the-militarys2). And just recently the Army launched its own "blogger's roundtable" program to arrange press conference for online journalists.

Meanwhile, the Air Force, the Pentagon's main agency for "cyberwarfare," continues to view the Internet primarily as a battlefield to be "dominated (http://blog.wired.com/defense/2008/06/marlborough-mas.html)."

I've noticed G-Mail will tailor the banner ads to the subject matter of your e-mail.

An e-mail titled: Australian snake in Tank farm.

brings forth this ad:

Beautiful Corn Snake Cage - www.CagesByDesign.com (http://www.CagesByDesign.com) - Unique attractive custom enclosures Request a free color catalog today!><Sponsored

:eek:

Hackers find 'critical' internet flaw

July 25, 2008 - 8:51AM
SAN FRANCISCO (http://www.brisbanetimes.com.au/news/technology/hackers-find-critical-internet-flaw/2008/07/25/1216492687015.html?s_rid=smh:top5) - Internet security researchers have warned that hackers have caught on to a "critical'' flaw that lets them control traffic on the internet.

An elite squad of computer industry engineers that laboured in secret to solve the problem released a software "patch'' two weeks ago and sought to keep details of the vulnerability hidden for at least a month to give people time to protect computers from attacks.

"We are in a lot of trouble,'' said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution.

"This attack is very good. This attack is being weaponised out in the field. Everyone needs to patch, please,'' Kaminsky said. ``This is a big deal.''

DNS is used by every computer that links to the internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.

The vulnerability allows "cache poisoning'' attacks that tinker with data stored in computer memory caches that relay internet traffic to its destination.

Attackers could use the vulnerability to route users wherever they want, no matter what address is typed into a web browser.

The threat is greatest for business computers handling online traffic or hosting websites, according to security researchers.

The flaw is a boon for ``phishing'' cons that involve leading people to imitation web pages of businesses such as banks or credit card companies to trick them into disclosing account numbers, passwords and other information.

"I was not intentionally seeking to cause anything that could break the internet,'' Kaminsky said today during a conference call with peers and media. ``It's a little weird to talk about it out loud.''

Kaminsky built a web page, www.doxpara.com, where people can find out whether their computers have the DNS vulnerability. As of today, slightly more than half the computers tested at the website still needed to be patched.

"People are spending tens of thousands of hours getting this patch out the door,'' Kaminsky said.

The US Computer Emergency Readiness Team (CERT), a joint government-private sector security partnership, is among the chorus urging people to quickly protect computers linked to the internet.

"Just like you should wear a seat belt going down the road to be safe in a car accident, the same applies here,'' said Jerry Dixon, a former director of cyber security at the US Department of Homeland Security.

Two "exploits,'' software snippets that take advantage of the vulnerability, have been unleashed on the internet in the past 24 hours, Securosis analyst Rich Mogul said during the conference call.

"The threat is there,'' Mogul said.

AFP

I've noticed G-Mail will tailor the banner ads to the subject matter of your e-mail.

An e-mail titled: Australian snake in Tank farm.

brings forth this ad:

Beautiful Corn Snake Cage - www.CagesByDesign.com (http://www.CagesByDesign.com) - Unique attractive custom enclosures Request a free color catalog today!><Sponsored

:eek:

Well, in all fairness it is well known and even mentioned in the user agreements of GMail that Google will do contextually based advertisement, so yeah, they 'read' your mail of sorts. Not a big fan of that myself either, but I think we might as well realize that privacy is roadkill on the information highway.

Well, in all fairness it is well known and even mentioned in the user agreements of GMail that Google will do contextually based advertisement, so yeah, they 'read' your mail of sorts. Not a big fan of that myself either, but I think we might as well realize that privacy is roadkill on the information highway.

I agree and suppose it's a small price to pay for having the e-mail service.

DHS stays mum on new 'Cyber Security' center

Posted by Stephanie Condon | July 31, 2008 5:33 PM PDT (http://news.cnet.com/8301-13578_3-10004266-38.html)

The Bush administration's newly created National Cyber Security Center remains shrouded in secrecy, with officials refusing to release information about its budget, what contractors will run it, and how its mission relates to Internet surveillance.

In correspondence with the U.S. Senate posted on Thursday, the Bush administration said it would not provide that information publicly. An 18-page, partially redacted letter (http://hsgac.senate.gov/public/_files/Dem_Files/DHSCyberLetter.pdf) from DHS said that disclosure could affect "the conduct of federal programs, or other programs or operations essential to the interests of our nation."

The censored letter--a nonredacted, "For Official Use Only" version was provided to senators--came in response to queries from the top Democratic and Republican members of the Senate's Homeland Security committee.

Sen. Susan Collins, a Maine Republican, indicated that the nonredacted version satisfied her, at least for now. "Increased information sharing will benefit the department, Congress and the public, as well as the private-sector, which controls the vast majority of the nation's cyber infrastructure," Collins said in e-mail to CNET News. "It is my hope that the release of this information will assist in improving security in both the public and private sectors."

Sen. Joe Lieberman, an independent from Connecticut who caucuses with Democrats, did not respond to our queries on Thursday.

In March, DHS announced (http://news.cnet.com/8301-10784_3-9899047-7.html) that Rod Beckström, 47, would be appointed as director (http://www.dhs.gov/xnews/releases/pr_1206047924712.shtm) of the National Cyber Security Center. Secretary Michael Chertoff said at the time that Beckström would "implement cyber security strategies in a cohesive way" and contribute to the "protection of federal networks and the security of our homeland."

Oddly, DHS seemed to change its mind about whether even the mere existence of the National Cyber Security Center was classified or not.

"On March 20th, you announced that Rod Beckstrom would be the director of the new National Cyber Security Center within DHS," Lieberman and Collins said in a letter (PDF) (http://hsgac.senate.gov/public/_files/5108LiebermanCollinslettertoChertoff.pdf) to DHS in May. "Prior to this announcement, committee staff had been instructed that the existence of the NCSC was itself classified."

Their letter to DHS in May asked for a detailed account of the department's role in the Comprehensive National Cyber Security Initiative, noting a lack of information from the department, in spite of the fact that the administration had claimed (http://www.dhs.gov/xnews/releases/pr_1205587694398.shtm) that cybersecurity was one of Chertoff's "top four priorities for '08."

The DHS has requested an additional $83 million for National Cyber Security Center for fiscal year 2009 (which begins in October 2009); including the $115 million awarded for the initiative in 2008, that would increase its budget by $200 million, tripling the amount the DHS has spent on cyber security since 2007.

The department's new National Cyber Security Center is taking the lead on the CNCI, a "multi-agency, multi-year plan to secure the federal government's cyber networks" that was established in January (http://news.cnet.com/8301-10784_3-9914391-7.html) by a directive signed by President Bush. In the letter made public on Thursday, DHS described the center as a way to "coordinate and integrate information necessary to help secure U.S. cyber networks and systems and help foster collaboration among federal cyber groups," and serve as a "single location for all-source situational awareness about cyber activity and security status of the U.S. networks and systems."

Though just made public Thursday, the letter was initially sent to the senators on June 2. The subsequent redacted version eliminated the department's response to questions such as: "Why was the determination made that the contract will be for a 10-month period?" and "How will the DHS provide appropriate oversight to ensure that the contractors support efforts do not intrude on inherently governmental functions?"

One question left unanswered is how the National Cyber Security Center will interact with DHS's so-called Einstein program, which is designed to monitor Internet mischief and network disruptions aimed at federal agencies. (Not much about Einstein is public, but a privacy impact assessment (http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_eisntein.pdf) offers some details.)

A Homeland Security spokeswoman told us (http://news.cnet.com/8301-13578_3-9929085-38.html) in April that the primary focus of Einstein at the time was protecting federal-government networks--not monitoring the privately operated Internet, a move that would raise unique legal, technical, and privacy challenges.

The DHS letter refused to divulge any information about Einstein. It said: "Technological upgrades and planning activities are classified. DHS will be happy to provide the committee with a briefing in the appropriate (classified) setting."

CNET News' Declan McCullagh contributed to this report

Bush classifies $200 million cybersecurity program, redacts questions about contractors

John Byrne
Published: Friday August 8, 2008 (http://rawstory.com/news/2008/Bush_classifies_200_million_cybersecurity_program_ 0808.html)

Redacts answers to Congress' questions about contractors

As Americans focus on the Olympics and the 2008 presidential campaign, the Bush Administration is finalizing plans to establish yet another massive surveillance program -- and has classified almost every single detail.

The Comprehensive National Cyber Security Initiative, established by National Security Presidential Directive 54 and Homeland Security Presidential Directive 23 in January, is intended to improve the government's ability to defend against cybersecurity attacks.

But the Bush Administration has refused to release details on the program's budget, how contracts will be administered, or what contractors might be involved. A whopping $115 million was allocated for the program this year, without any disclosure of progress or accomplishment.

Earlier this week, the Senate Homeland Security Committee released vague details about the program, after receiving some documentation from the Administration following a hearing in March. But the Administration's response redacted information regarding the contractors involved -- despite a history of giving away massive no-bid Iraq reconstruction contractors to companies such as Halliburton, Vice President Cheney's former firm.

“The response includes information on the National Cyber Security Center, how privacy will be protected under the CNCI, how success of the initiative will be measured, and how the Department views the private sector’s role in the initiative,” wrote the committee's Sen. Joe Lieberman (I-CT) and Sen. Susan Collins (R-ME). “The Department chose to redact information relating to contracting at the National Cyber Security Division. The senators have asked DHS explain their reasons for the redactions.”

Among the redacted questions: "Why was the determination made that the contract will be for a 10-month period?" and "How will the DHS provide appropriate oversight to ensure that the contractors support efforts do not intrude on inherently governmental functions?"

According to CNET's Stephanie Condon (http://news.cnet.com/8301-13578_3-10004266-38.html), the Administration won't even related how the program's "mission relates to Internet surveillance."

In one of the few details actually known about the program, Homeland Security Secretary Michael Chertoff announced that it would be led by Internet entrepreneur Rod Beckström in March. According to The Washington Post (http://www.washingtonpost.com/wp-dyn/content/article/2008/03/19/AR2008031903125.html), however, Beckström is not a cybersecurity expert. His background is in open source wikis and in risk management software.

The announcement was dubbed a faux pas by Sen. Collins, who said in a letter that she was under the impression that the entire National Cyber Security Center was classified.

"Prior to this announcement, committee staff had been instructed that the existence of the NCSC was itself classified," Collins wrote.

"Their letter to DHS in May asked for a detailed account of the department's role in the Comprehensive National Cyber Security Initiative, noting a lack of information from the department, in spite of the fact that the administration had claimed that cybersecurity was one of Chertoff's 'top four priorities for '08,'" Condon notes.

Chertoff has requested $83 million for the center for 2009 on top of the $115 awarded for 2008, pushing the entire budget for cybersecurity over $200 million.

Even the Wall Street Journal, generally a fan of privatized government, has questioned the program.

"Rod Beckstrom, the director of the national cyber security center in DHS, continued the pattern [of providing few details] during his keynote at the Black Hat security conference Thursday in Las Vegas," the Journal's Ben Worthen wrote Thursday (http://blogs.wsj.com/biztech/2008/08/07/cyber-chief-big-on-history-short-on-specifics/). "Instead of getting into specifics–both examples of real threats and what the government is trying to do about it–he mainly talked in general terms about how businesses need to understand better the economics of security and the need to improve collaboration between people and governments throughout the world. He also talked at length about Abraham Lincoln and George Washington, and how those two would have approached tech security."

"Beckstrom started in March, so he’s still pretty new. Plus, this administration has gone through cyber chiefs like Spinal Tap goes through drummers," Worthen added. "So we should cut him a little slack. Still, we couldn’t help but feel disappointed by what we consider another missed opportunity."

According to reports, the cybersecurity initiative is aimed at securing the government's cybernetworks across multiple federal agencies.

*****

Given that "Beckström is not a cybersecurity expert" and that "his background is in open source wikis and in risk management software," take a look at (http://wirednewyork.com/forum/blog.php?b=140) some (mildly disturbing/alarming) video I've come across recently, featuring leading experts on the future of the internet.

Some Web Firms Say They Track Behavior Without Explicit Consent

By Ellen Nakashima
Washington Post Staff Writer
Tuesday, August 12, 2008; D01 (http://www.washingtonpost.com/wp-dyn/content/article/2008/08/11/AR2008081102270_pf.html)

Several Internet and broadband companies have acknowledged using targeted-advertising technology without explicitly informing customers, according to letters released yesterday by the House Energy and Commerce Committee.

And Google, the leading online advertiser, stated that it has begun using Internet tracking technology that enables it to more precisely follow Web-surfing behavior across affiliated sites.

The revelations came in response to a bipartisan inquiry of how more than 30 Internet companies might have gathered data to target customers. Some privacy advocates and lawmakers said the disclosures help build a case for an overarching online-privacy law.

"Increasingly, there are no limits technologically as to what a company can do in terms of collecting information . . . and then selling it as a commodity to other providers," said committee member Edward J. Markey (D-Mass.), who created the Privacy Caucus 12 years ago. "Our responsibility is to make sure that we create a law that, regardless of the technology, includes a set of legal guarantees that consumers have with respect to their information."

Markey said he and his colleagues plan to introduce legislation next year, a sort of online-privacy Bill of Rights, that would require that consumers must opt in to the tracking of their online behavior and the collection and sharing of their personal data.

But some committee leaders cautioned that such legislation could damage the economy by preventing small companies from reaching customers. Rep. Cliff Stearns (R-Fla.) said self-regulation that focuses on transparency and choice might be the best approach.

Google, in its letter to committee Chairman John Dingell (D-Mich.), Markey, Stearns and Rep. Joe L. Barton (R-Tex.), stressed that it did not engage in potentially the most invasive of technologies -- deep-packet inspection, which companies such as NebuAd have tested with some broadband providers. But Google did note that it had begun to use across its network the "DoubleClick ad-serving cookie," a computer code that allows the tracking of Web surfing.

Alan Davidson, Google's director of public policy and government affairs, stated in the letter that users could opt out of a single cookie for both DoubleClick and the Google content network. He also said that Google was not yet focusing on "behavioral" advertising, which depends on Web site tracking.

But on its official blog last week, Google touted how its recent $3.1 billion merger with DoubleClick provides advertisers "insight into the number of people who have seen an ad campaign," as well as "how many users visited their sites after seeing an ad."

"Google is slowly embracing a full-blown behavioral targeting over its vast network of services and sites," said Jeffrey Chester, executive director of the Center for Digital Democracy. He said that Google, through its vast data collection and sophisticated data analysis tools, "knows more about consumers than practically anyone."

Microsoft and Yahoo have disclosed that they engage in some form of behavioral targeting. Yahoo has said it will allow users to turn off targeted advertising on its Web sites; Microsoft has yet to respond to the committee.

More than a dozen of the 33 companies queried said they do not conduct targeted advertising based on consumers' Internet activities. But, Chester said, a number of them engage in sophisticated interactive marketing. Advertisers on Comcast.net's site, for instance, are able to target advertising based on "over 3 billion page views" from "15 million unique users."

Comcast spokeswoman Sena Fitzmaurice stressed that the data are gathered exclusively for advertising on that site.

In their letters, Broadband providers Knology and Cable One acknowledged that they recently ran tests using deep-packet-inspection technology provided by NebuAd to see whether it could help them serve up more relevant ads, but their customers were not explicitly alerted to the test. Cable One is owned by The Washington Post Co.

Both companies said that no personally identifiable information was used and that they have ended the trials. Cable One has no plans to adopt the technology, spokeswoman Melany Stroupe said. "However, if we do," she said, "we want people to be able to opt in."

Ari Schwartz, vice president of the Center for Democracy and Technology, said lawmakers are beginning to understand the convergence across platforms. "People are starting to see: 'Oh, we have these different industries that are collecting the same types of information to profile individuals and the devices they use on the network," he said. "Internet. Cellphones. Cable. Any way you tap into the network, concerns are raised."

Markey said yesterday that any legislation should generally require explicitly informing the consumer of the type of information that is being gathered and any intent to use it for a different purpose, and a right to say 'no' to the collection or use.

The push for overarching legislation is bipartisan. "A broad approach to protecting people's online privacy seems both desirable and inevitable," Barton said. "Advertisers and data collectors who record where customers go and what they do want profit at the expense of privacy."

As of yesterday evening, the committee had posted (http://energycommerce.house.gov/Press_110/080108.ResponsesDataCollectionLetter.shtml) letters from 25 companies on its Web site.

*****

Can't have third party cookie hosting or IP masking or any kind of privacy ensuring workarounds taking hold online. These corporate guys want the government to enshrine their revenue streams in legislation (and doubtless the gov't will slowly seek to criminalize anonymous online activity) all in the name of Consumer Protection.

Maybe there should be some sort of regulation that keeps the information gatherd pertaining only to public sites visited or something?

I don't know, I do not like teh idea of Big Brother looking over my shoulder, but I would rather have ads for things that pertain to me than random plugs for feminine hygene and adult sites.

Comcast to limit customers' broadband usage

By Yinka Adegoke Thu Aug 28, 10:20 PM ET (http://news.yahoo.com/s/nm/20080829/wr_nm/comcast_internet_dc)

SAN FRANCISCO (Reuters) - Comcast Corp, the largest U.S. cable operator, said on Thursday it will cap customers' Internet usage starting October 1, in a bid to ensure the best service for the vast majority of its subscribers.

Comcast said it was setting a monthly data usage threshold of 250 gigabytes per account for all residential high-speed Internet customers, or the equivalent of 50 million e-mails or 124 standard-definition movies.

"If a customer exceeds more than 250 GB and is one of the heaviest data users who consume the most data on our high-speed Internet service, he or she may receive a call from Comcast's Customer Security Assurance (CSA) group to notify them of excessive use," according to the company's updated Frequently Asked Questions on Excessive Use.

Customers who top 250 GB in a month twice in a six-month timeframe could have service terminated for a year.

Comcast said up to 99 percent of its 14 million Internet subscribers would not be affected by the new threshold, which it said would help ensure the quality of Internet delivery is not degraded by a minority of heavy users.

U.S. Internet subscribers are typically not aware of any limit on their Internet usage once they sign up to pay a flat monthly fee to their service provider.

As Web usage has rocketed, driven by the popularity of watching online video, photo-sharing and music downloading services, cable and phone companies have been considering various techniques to limit or manage heavy usage.

But Comcast has come under fire from a variety of sources for its network management techniques.

The U.S. Federal Communications Commission investigated complaints by consumer groups that it was blocking peer-to-peer applications like BitTorrent, and earlier this month ordered Comcast to modify its network management.

Comcast has said that by the end of the year it will change its network management practices to ensure all Web traffic is treated essentially the same, but has also been exploring other ways to prevent degradation of its Internet service delivery.

One consumer group said while Comcast's new 250 GB limit was "relatively high," it could eventually ensnare customers as technology progresses.

"If Comcast has oversold their network to the point of creating congestion problems, then well-disclosed caps for Internet use are a better short-term solution than Comcast's current practice of illegally blocking Internet traffic," said S Derek Turner of Free Press, a Washington, D.C.-based consumer advocacy group that filed a complaint about Comcast's network management practices earlier this year.

The Philadelphia-based company is not alone in trying to come up with ways to limit heavy Internet usage.

Time Warner Cable Inc, the second-largest U.S. cable operator, said in January it would run a trial of billing Internet subscribers based on usage rather than a flat fee.

Comcast spokesman Charlie Douglas said Comcast was also considering so-called consumption-based billing, but no decisions had been made.

(Editing by Braden Reddall)

*****

Will we see local node bandwidth trading markets? Think i.n.t.e.r.n.e.t ! There are ways to optimize P2P traffic without node congestion. Too many years as a centralized utility rotted the cable companies' sense of what the internet really is -- a platform for decentralized sharing and collaboration. I hope FiOS and U-Vision eat their lunch.

Comcast sucks!!! Good thing they're not available here in NYC.

They all suck.

I do like that they are disclosing thnigs though, but I do not think they are going far enough with this.

"Unlimited" should be removed. It should have been removed, legally, a LONG time ago. If I am sold an unlimited connection, I should be able to UL/DL on it full-tilt 24/7. If they want to limit it? Fine, but they have to TELL me first what they are limiting and how.

I hate this blind capping where they do not tell you and they do not tell you what the criteria are. (Plural of Criteria?).

Another thing would be inclusion of some sort of gas-gague that you can easily access that will tell you what your current usage is, and what you have left to use. This mailing you when you go over 250G in a month is not preventative, it is penal.

Hopefully they find a way to de-regulate a lot of these connections to try and make the backbone more universally available. Cablevision and Verizon should, for teh most part, only be able to sell services on the backbone, not control the price of it. I think Verizon would have it tougher since theirs is a service that can be offered by others if provided the bandwidth. Cable companies purchase rights to broadcast shows, so they still have some protection.....


How can we get Verizon, Cablevision and others to provide the basics as a utility and only be able to charge the others as a company service though?

They usually put in a clause about 'excessive use' to give them a get out of free jail card. I agree they should tell you exactly how much you can download.

U.N. agency eyes curbs on Internet an:eek:nymity

September 12, 2008 4:00 AM PDT
Posted by Declan McCullagh (http://news.cnet.com/8301-13578_3-10040152-38.html)

A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous.

The U.S. National Security Agency is also participating in the "IP Traceback" drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.

The potential for eroding Internet users' right to remain anonymous, which is protected by law in the United States and recognized in international law by groups such as the Council of Europe, has alarmed some technologists and privacy advocates. Also affected may be services such as the Tor (http://www.torproject.org/) anonymizing network.

"What's distressing is that it doesn't appear that there's been any real consideration of how this type of capability could be misused," said Marc Rotenberg, director of the Electronic Privacy Information Center (http://www.epic.org/) in Washington, D.C. "That's really a human rights concern."

Nearly everyone agrees that there are, at least in some circumstances, legitimate security reasons to uncover the source of Internet communications. The most common justification for tracebacks is to counter distributed denial of service, or DDoS, attacks.

But implementation details are important, and governments participating in the process -- organized by the International Telecommunication Union, a U.N. agency -- may have their own agendas. A document submitted by China this spring and obtained by CNET News (http://www.politechbot.com/docs/itu.china.internet.traceback.proposal.091108.doc) said the "IP traceback mechanism is required to be adapted to various network environments, such as different addressing (IPv4 and IPv6), different access methods (wire and wireless) and different access technologies (ADSL, cable, Ethernet) and etc." It adds: "To ensure traceability, essential information of the originator should be logged."

The Chinese author of the document, Huirong Tian, did not respond to repeated interview requests. Neither did Jiayong Chen of China's state-owned ZTE Corporation (http://wwwen.zte.com.cn/), the vice chairman of the Q6/17's parent group who suggested in an April 2007 meeting that it address IP traceback.

A second, apparently leaked ITU document (http://politechbot.com/docs/itu.traceback.use.cases.requirements.091108.txt) offers surveillance and monitoring justifications that seem well-suited to repressive regimes:

A political opponent to a government publishes articles putting the government in an unfavorable light. The government, having a law against any opposition, tries to identify the source of the negative articles but the articles having been published via a proxy server, is unable to do so protecting the anonymity of the author.
That document was provided to Steve Bellovin, a well-known Columbia University computer scientist, Internet Engineering Steering Group member (http://news.cnet.com/Internet%20Engineering%20Steering%20Group), and Internet Engineering Task Force participant (http://www.cs.columbia.edu/~smb/papers/#ietf) who wrote a traceback proposal (http://tools.ietf.org/draft/draft-bellovin-itrace/draft-bellovin-itrace-00.txt) eight years ago. Bellovin says he received the ITU document as part of a ZIP file from someone he knows and trusts, and subsequently confirmed its authenticity through a second source. (An ITU representative disputed its authenticity but refused to make public the Q6/17 documents, including a ZIP file describing traceback requirements posted on the agency's password-protected Web site (http://www.itu.int/md/T05-SG17/new/en/).)

Bellovin said in a blog post (http://www.cs.columbia.edu/~smb/blog/2008-09/2008-09-04.html) this week that "institutionalizing a means for governments to quash their opposition is in direct contravention" of the U.N.'s own Universal Declaration of Human Rights (http://www.unhchr.ch/udhr/lang/eng.htm). He said that traceback is no longer that useful a concept, on the grounds that few attacks use spoofed addresses, there are too many sources in a DDoS attack to be useful, and the source computer inevitably would prove to be hacked into anyway.

Another technologist, Jacob Appelbaum (http://www.appelbaum.net/), one of the developers (http://www.torproject.org/people.html.en) of the Tor anonymity system, also was alarmed. "The technical nature of this 'feature' is such a beast that it cannot and will not see the light of day on the Internet," Appelbaum said. "If such a system was deployed, it would be heavily abused by precisely those people that it would supposedly trace. No blackhat would ever be caught by this."

Adding to speculation about where the U.N. agency is heading are indications that some members would like to curb Internet anonymity more broadly:
• An ITU network security meeting a few years ago concluded that anonymity should not be permitted. The summary (http://www.itu.int/itunews/issue/2002/06/discussion.html) said: "Anonymity was considered as an important problem on the Internet (may lead to criminality). Privacy is required but we should make sure that it is provided by pseudonymity rather than anonymity."

• A presentation (http://www.itu.int/dms_pub/itu-t/oth/21/04/T21040000020095PPTE.ppt) in July from Korea's Heung-youl Youm said that groups such as the IETF should be "required to develop standards or guidelines" that could "facilitate tracing the source of an attacker including IP-level traceback, application-level traceback, user-level traceback." Another Korean proposal -- which has not been made public -- says all Internet providers "should have procedures to assist in the lawful traceback of security incidents."

• An early ITU proposal (http://www.itu.int/ITU-T/tsb-director/cto/visionstatements/RADDataComm.doc) from RAD Data Communications (http://www.rad.com/) in Israel said: "Traceability means that all future networks should enable source trace-back, while accountability signifies the responsibility of account providers to demand some reasonable form of identification before granting access to network resources (similar to what banks do before opening a bank accounts)."


Multinational push to curb anonymous speech

By itself, of course, the U.N. has no power to impose Internet standards on anyone. But U.N. and ITU officials have been lobbying (http://news.cnet.com/Will-the-U.N.-run-the-Internet/2010-1071_3-5780157.html) for more influence over the way the Internet is managed, most prominently through the World Summit on the Information Society (http://www.itu.int/wsis/index.html) in Tunisia and a followup series of meetings (http://news.cnet.com/U.N.-proposes-changes-to-Nets-operation/2100-1028_3-6130549.html).

The official charter (http://www.itu.int/ITU-T/studygroups/com17/sg17-q6.html) of the ITU's Q6/17 group says that it will work "in collaboration" with the IETF and the U.S. Computer Emergency Response Team Coordination Center, which could provide a path toward widespread adoption -- especially if national governments end up embracing the idea.

Patrick Bomgardner, the NSA's chief of public and media affairs, told CNET News on Thursday that "we have no information to provide on this issue." He would not say why the NSA was participating in the process (and whether it was trying to fulfill its intelligence-gathering mission (http://www.nsa.gov/sigint/index.cfm) or its other role of advancing information security (http://www.nsa.gov/ia/index.cfm)).

Toby Johnson, a communications officer with the ITU's Telecommunication Standardization Bureau in Geneva, also refused to discuss Q6/17. "It may be difficult for experts to comment on what state deliberations are in for fear of prejudicing the outcome," he said in an e-mail message on Thursday.

When asked about the impact on Internet anonymity, Johnson replied: "I am not fully acquainted with this topic and therefore not qualified to provide an answer." He said that he expects that any final ITU standard would comport with the U.N.'s Universal Declaration of Human Rights.

It's unclear what happens next. For one thing, the traceback proposal isn't scheduled to be finished until 2009, and one industry source stressed that not all members of Q6/17 are in favor of it. The five "editors" are: NSA's Richard Brackney; Tian Huirong from China's telecommunications ministry; Korea's Youm Heung-Youl; Cisco's Gregg Schudel; and Craig Schultz, who works for a Japan-based network security provider (http://www.lac.co.jp/english/). (In keeping with the NSA's penchant for secrecy, Brackney was the lone ITU participant (http://www.itu.int/ITU-T/worksem/ngn/200612/programme.html) in a 2006 working group who failed to provide biographical information.)

In response to a question about the eventual result, Schultz, one of the editors, replied: "The long answer is, as you can probably imagine, this subject can get a little 'tense.' The main issue is the protection of privacy as well as not having to rely on 'policy' as part of a process. A secondary issue is feasibility and cost versus benefit." He said a final recommendation is at least a year off.

Another participant is Tony Rutkowski, Verisign's vice president for regulatory affairs and longtime ITU attendee (http://www.itu.int/TELECOM/wt95/pressdocs/profiles/rutbio.html), who wrote a three-page summary (http://www.itu.int/osg/csd/cybersecurity/WSIS/3rd_meeting_docs/Rutkowski_IPtraceback_callerID_rev0.pdf) for IP traceback and a related concept called "International Caller-ID Capability."

In a series of e-mail messages, Rutkowski defended the creation of the IP traceback "work item" at a meeting in April, and disputed the legitimacy of the document posted by Bellovin. "The political motivation text was not part of any known ITU-T proposal and certainly not the one which I helped facilitate," he wrote.

Rutkowski added in a separate message: "In public networks, the capability of knowing the source of traffic has been built into protocols and administration since 1850! It's widely viewed as essential for settlements, network management, and infrastructure protection purposes. The motivations are the same here. The OSI (http://en.wikipedia.org/wiki/OSI_model) Internet protocols (IPv5) had the capabilities built-in. The ARPA (http://en.wikipedia.org/wiki/Defense_Advanced_Research_Projects_Agency) Internet left them out because the infrastructure was a private DOD (http://www.defenselink.mil/) infrastructure."

Because the Internet Protocol was not designed to be traceable, it's possible to spoof addresses -- both for legitimate reasons, such as sharing a single address on a home network, and for malicious ones as well. In the early part of the decade, a flurry of academic research focused on ways to perform IP tracebacks, perhaps by embedding origin information (http://www.ece.cmu.edu/~adrian/630-f04/readings/SWKA.pdf) in Internet communications, or Bellovin's suggestion of occasionally automatically forwarding those data in a separate message.

If network providers and the IETF adopted IP traceback on their own, perhaps on the grounds that security justifications outweighed the harm to privacy and anonymity, that would be one thing.

But in the United States, a formal legal requirement to adopt IP traceback would run up against the First Amendment. A series of court cases, including the 1995 decision in McIntyre v. Ohio Elections Commission (http://supct.law.cornell.edu/supct/html/93-986.ZO.html), provides a powerful shield protecting the right to remain anonymous. In that case, the majority ruled: "Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority."

More broadly, the ITU's own constitution (http://www.itu.int/net/about/basic-texts/constitution/chaptervi.aspx) talks about "ensuring the secrecy of international correspondence." And the Council of Europe's Declaration on Freedom of Communication on the Internet (http://www.unesco.nl/images/freedcomminternet.pdf) adopted in 2003 says nations "should respect the will of users of the Internet not to disclose their identity," while acknowledging law enforcement-related tracing is sometimes necessary.

"When NSA takes the lead on standard-setting, you have to ask yourself how much is about security and how much is about surveillance," said the Electronic Privacy Information Center's Rotenberg. "You would think (the ITU) would be a little more sensitive to spying on Internet users with the cooperation of the NSA and the Chinese government."

So now we're going to follow China's lead in defining personal freedom? I thought it was supposed to be the other way around, but hey, it's the post-Olympic era.

McCain in the White House, the smarmy leering hyena Giuliani as Attorney General, and we're on board.

Zippy, Identity Management (http://www.isalliance.org/index.php?option=com_content&task=view&id=43&Itemid=202) will be implemented based on a cyberwarfare national security footing. There are those intent on remaking the internet as a virtual police state war zone complete with checkpoints and government exercised aggression.

The UN will become involved to create a kind of 'Geneva Conventions' framework for cyberwarfare -- to protect civilians of course. (But first there needs to be an internet 9/11 (http://www.youtube.com/watch?v=eq7qxECor_8).)

*****

U.S. urged to go on offense in cyberwar
Networks seen at risk of attack

Shaun Waterman, UNITED PRESS INTERNATIONAL
Monday, September 29, 2008 (http://www.washingtontimes.com/news/2008/sep/29/us-urged-to-go-on-offense-in-cyberwar/)

The United States needs to do more to develop an offensive cyberwar capability rather than just focus on defending its networks from attack, says the chairman of the House cybersecurity subcommittee.

"The best defense is a good offense and an offensive [cyberwar] capability is essential to our national defense," Rep. Jim Langevin told United Press International, calling it "a necessary deterrent."

"Warfare is forever changed. ... Never again will we see major warfare without a strong cyber component executed as part of it," the Rhode Island Democrat added, citing the assault on Georgian government Web sites that accompanied Russia's invasion last month.

Mr. Langevin, chairman of the House Homeland Security subcommittee on emerging threats, cybersecurity and science and technology and a member of the House Permanent Select Committee on Intelligence, also called on the White House to declassify much more of its Comprehensive National Cybersecurity Initiative (CNCI) and said the Department of Homeland Security should be stripped of its lead role in defending the nation's computer networks.

His call for a more robust offensive capacity in cyberwarfare highlights an ongoing debate in government about how best to address the complex challenges posed by U.S. dependence on the Internet and other computer networks - a vulnerability that the nation's enemies could exploit.

One issue that analysts highlight is the difficulty in determining the origins of cyber-attacks, which often are launched using "bot-nets" of compromised computers owned by innocent users anywhere on the planet.

The issue was raised earlier this month in two House hearings in which lawmakers heard testimony from members of a bipartisan, blue-ribbon panel - the Commission on Cyber Security for the 44th Presidency.

"We have a tremendous amount of trouble determining attribution ... where an attack actually came from, who was responsible, who might have been behind that computer. And we have a very, very long way to go on that," commission member Paul Kurtz, a former White House cybersecurity official, told the House intelligence committee.

"Until we start to get clarity in that piece, it's going to be very difficult to contemplate the military option, of responding appropriately," Mr. Kurtz added.

Another issue raised at the hearings was that, in order for any offensive capacity to be a deterrent for adversaries, it would have to be made public, whereas the U.S. military's cyberwar capacities are largely classified.

"Clearly, our offensive capabilities and sources and methods we probably do not want to disclose in any detailed way," AT&T executive John Nagengast, formerly an assistant deputy director at the National Security Agency, told the committee.

"But as part of an overall doctrine and strategy in cyberspace, we need to consider what are the deterrent factors. ... [What] do we want to make public, as part of that deterrence strategy, and what do we need to keep secret because most of our offensive capabilities should be kept secret?" he added.

Former intelligence official Suzanne E. Spaulding told the hearing that focusing on offensive capabilities and giving a lead role to the military might make it harder for the United States to work with other countries on cyber issues, where the lines separating crime, terrorism and warfare are often hard to draw.

"My concern is that [the Defense Department] has been so vocal about the development and deployment of cyberwarfare capabilities that it will be very difficult for that department to develop and sustain the trust necessary to undertake essential collaboration on defense cybersecurity efforts with the private sector and with international stakeholders," she said.

"There is a significant risk that these vital partners will suspect that the collaboration is really aimed at strengthening our offensive arsenal," she concluded.

Mr. Langevin told UPI that work on international treaties to deal with cyberwar offered no real alternative to developing an offensive capability.

"That discussion at the international level may be appropriate at some point," he said. "There are treaties on cybercrime that do exist, but it doesn't mean that cybercrime doesn't occur."

*****

FederalNewsRadio coverage [listen] (http://www.federalnewsradio.com/?nid=169&sid=1481202)

Australia planning to block 10,000 websites

Global Research, November 14, 2008 (http://www.globalresearch.ca/index.php?context=va&aid=10963)
telegraph.co.uk (http://telegraph.co.uk/)

Australia is preparing to block public access to 10,000 websites deemed to carry "unwanted content".

By Bonnie Malkin in Sydney

The websites will be blocked as part of a government-sponsored trial of its filter technology that will start before Christmas and last six weeks.

The government has already identified 1300 websites that it wants to black list as part of the clean feeds scheme.

Communications Minister Stephen Conroy said the sites mostly contained child pornography and other unwatned content, including images and videos.

"While the ACMA blacklist is currently around 1300 URLs, the pilot will test against this list - as well as filtering for a range of URLs to around 10,000 - so that the impacts on network performance of a larger blacklist can be examined," se said.

The government is calling for ISP providers to express interest in taking part in the trial. Just one ISP has volunteered so far.

A spokesman for Mr Conroy said: ''The pilot will provide an invaluable opportunity for ISPs to inform the Government’s approach.

''The live pilot will provide valuable real-world evidence of the potential impact on internet speeds and costs to industry and will help ensure we implement a filtering solution that is efficient, effective and easy for Australian families to use.''

A trial of web-filtering technology earler this year found it could slow internet access by as much as 87 per cent and by at least 2 per cent. Australia's internet service is already notoriously sluggish.

The proposed filter is highly unpopular with civil liberty groups and the internet service industry.

Colin Jacobs, board member of Electronic Frontiers Australia said he was concerned at what would be deemed "unwanted content".

"It is unclear how ACMA will scale up their blacklist to 10,000 websites and what will go on the list," he told the Melbourne Herald-Sun.

"Conroy said the list would contain illegal and unwanted content but we still have to see what would end up on that list.

"Under the current mandate that includes adult material, which would mean most material that could be rated R and, in some circumstances, material rated MA15+."

Free Web Plan Being Pushed by FCC Head

NOVEMBER 30, 2008, 9:00 P.M. ET
By AMY SCHATZ (http://online.wsj.com/article/SB122809560499668087.html?mod=rss_whats_news_techn ology)

Outgoing Federal Communications Commission Chairman Kevin Martin is pushing for action in December on a plan to offer free, pornography-free wireless Internet service to all Americans, despite objections from the wireless industry and some consumer groups.

At its December meeting, the FCC could also consider new rules designed to speed up consideration of disputes between independent cable programmers and cable providers such as Time Warner Cable Inc. and Comcast Corp., which either refuse to carry some channels or put them on specialty tiers of service that cost subscribers more.

The agency also will ask for more feedback on its proposal to require programmers to sell their channels to cable operators individually instead of in bundles.

The free Internet plan is the most controversial issue the agency will tackle in December. Mr. Martin shelved plans to consider a wider variety of sticky issues pending at the agency, including a request by the Hollywood studios to hobble TVs and set-top boxes so studios can offer copy-protected theatrical releases sooner.

The proposal to allow a no-smut, free wireless Internet service is part of a proposal to auction off a chunk of airwaves. The winning bidder would be required to set aside a quarter of the airwaves for a free Internet service. The winner could establish a paid service that would have a fast wireless Internet connection. The free service could be slower and would be required to filter out pornography and other material not suitable for children. The FCC's proposal mirrors a plan offered by M2Z Networks Inc., a start-up backed by Kleiner Perkins Caufield & Byers partner John Doerr.

Consumer advocates have objected to the FCC's proposed pornography filter, while the wireless industry has objected to the entire free Internet plan. To address concerns about the filter, the FCC is proposing that adults could opt out and access all Internet sites.

T-Mobile USA, in particular, has raised concerns. The Deutsche Telekom AG unit paid about $4 billion a few years ago for nearby airwaves and has complained that the free wireless Internet plan will likely result in interference for consumers of its new 3G wireless network. The FCC dismissed the company's interference concerns this fall, although T-Mobile disagreed with that finding.

*****

A comment (http://online.wsj.com/article/SB122809560499668087.html?mod=rss_whats_news_techn ology#articleTabs%3Dcomments) by Shaun Hazen:
"Free Internet can be obtained from our wonderful taxpayer funded libraries. This is another example of the government taking control of an industry; making it so other privately owned companies cannot compete. Once the government has the entire market share, due to the free price tag, they can filter content. China does something similar. Once people actually realize what the government has done, and want to pay for private Internet access - it will be too costly for private markets to enter. When people start realizing that there is no such thing as "free" - because someone has to pay for it - we will be a lot better off."

Jason, you should LOVE this one... ;)

http://www.nytimes.com/2008/11/30/magazine/30google-t.html?ex=1385614800&en=f64b269f4412d488&ei=5124&partner=facebook&exprod=facebook

Google trying to play to its international markets, and Turkey being a whiney little baby.

Experts say U.S. needs a cybersecurity agency

Deborah Gage, Chronicle Staff Writer
Tuesday, December 9, 2008
(12-08) 18:11 PST (http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/12/09/BUKT14K4D4.DTL) -- The Department of Homeland Security has failed to secure the Internet and should no longer take the lead role in trying, say government and security experts who on Monday urged President-elect Barack Obama to create a new national office to police cyberspace.

Their report also calls for new laws to protect privacy and speed investigations of cybercrimes; strong identification of all people and devices connecting to networks belonging to power plants and other organizations critical to U.S. security; and secure software for everybody who connects to the Internet - not just the military and national security agencies.

The recommendations are included in a 96-page document (pdf) (http://www.csis.org/media/csis/pubs/081208_securingcyberspace_44.pdf), "Securing Cyberspace for the 44th Presidency," released Monday by the Center for Strategic and International Studies.

The center, a nonprofit think tank in Washington, began working on this report last year after cyberattacks were launched against the country of Estonia and several U.S. federal agencies, including the Pentagon and the departments of commerce and state.

"We still have an industrial-age government that was organized a century ago," Jim Lewis, the center's director, said in an interview in September. "The DHS has a 1970s-style solution to a 21st century problem."

The Department of Homeland Security was formed by the Bush administration from 22 separate agencies after the Sept. 11 terrorist attacks and was the biggest reorganization of the federal government.

Lewis said in the same interview that although the department has made some progress on cybersecurity, the government would still in some cases have to call a committee meeting if it suffered a cyberattack because so many different agencies have jurisdiction over the problem. Every branch of the military, for example, has its own cybercommand.

Members of Obama's transition team - at least five of whom contributed to the report - look forward to reviewing the recommendations, a spokeswoman said. The Department of Homeland Security, however, disagreed with its conclusions.

"We're the first ones to admit that there's more work to be done ... but to stop midstream and reorganize the deck chairs is not an effective use of resources," said department spokeswoman Laura Keener.

The report has bipartisan backing from the lead Democrat and ranking minority member - Rep. James Langevin, D-R.I., and Rep. Michael McCaul, R-Texas - of a House Homeland Security subcommittee in charge of legislation in this area, as well as contributions from more than 50 academics and security experts.

It also comes as an unprecedented amount of malicious code is being released on the Internet, code that in some cases is designed to attack and steal intellectual property from Fortune 500 companies, said Mary Landesman, a researcher at ScanSafe, a security vendor in San Francisco.

ScanSafe scans Web sites for corporate clients and blocks those that it detects as compromised. The company has detected malicious code coming from Russia and especially China that is capable of detecting which systems it has infected and then invisibly redirecting victims to fake Web sites or altering data as it passes between computers in order to steal information.

Energy and oil companies are especially targeted - in October, their rate of exposure to these attacks was up 73 percent, Landesman said - along with banks, financial companies and engineering and construction firms. She said thousands of companies are at risk.

In some cases, the infections were introduced when employees used corporate machines to access Web mail or browse social networks at home. Or they brought infected USB drives into the office and loaded them on corporate machines.

"For the first time, back doors and password stealers outpace all other forms of malware," she said. "The level of sophistication (of these attacks) is very concerning."

Several other security vendors - including SecureWorks, Symantec, McAfee and Finjan - also are releasing reports citing increases in malicious code and various cyberattacks.

How government could tighten Internet security

Cybersecurity experts are urging Obama to:

-- Commit to protecting cyberspace using all instruments of national power.

-- Establish a new National Office for Cyberspace, moving responsibility from the Department of Homeland Security.

-- Foster a public-private partnership on cybersecurity.

-- Require strong authentication of identity on critical infrastructures for both devices and people, and allow consumers to use government-issued credentials online.

-- Streamline laws governing online crime to increase investigation speed.

Source: Securing Cyberspace for the 44th Presidency, Center for Strategic and International Studies


E-mail Deborah Gage at dgage@sfchronicle.com.
This article appeared on page D - 1 of the San Francisco Chronicle

Martin drops porn filtering from FCC free wireless broadband plan

By Matthew Lasar | Published: December 29, 2008 - 11:22PM CT (http://arstechnica.com/news.ars/post/20081229-no-more-porn-filtering-on-fcc-free-wireless-broadband-plan.html)

Kevin Martin, the Chair of the Federal Communications Commission, called Ars Technica today to let us know that he has revised his proposal to roll out a free (and smut-free) wireless broadband service. In an effort to corral more votes, Martin has already circulated a new version of the plan, one that removes the controversial smut filtering requirement.

Why the change? "I'm saying if this is a problem for people, let's take it away," Martin said. "A lot of public interest advocates have said they would support this, but we're concerned about the filter. Well, now there's an item in front of the Commissioners and it no longer has the filter. And I've already voted for it without the filter now. So it's already got one vote."

"Got anybody else?" I asked him.

"Not yet," Martin admitted with a chuckle. Then he expressed a bit of impatience with his four colleagues. "This is an item that has been pending at the Commission for several years, that the Commissioners were originally critical of not having moved forward faster," he said. "Other Commissioners said, 'We're overdue; we've got to do this.' But when an actual item is put forth where you have to make a hard decision, they say, 'Well, I'm not so sure what I want to do anymore'."

Lifeline broadband

As we have been reporting for some time, the FCC's outgoing boss has been championing a proposal (http://arstechnica.com/news.ars/post/20080622-fcc-starts-proceeding-on-smut-free-wireless-broadband-plan.html) to auction off a hefty chunk of the Advanced Wireless Services 3 band (2155-2180MHz) for a free service that (until now) was to come complete with smut filtering.

The license winner would be required to offer the service at a minimum 768Kpbs; it's obviously not the fastest rate in town, but it meets the FCC's new and improved definition (http://arstechnica.com/news.ars/post/20080615-jokes-over-fcc-establishes-new-broadband-measurement-system.html) of "basic" broadband. The provider will have to honor a Carterfone-style rule (http://arstechnica.com/articles/culture/carterfone-40-years.ars) that allows any application or device to connect to the network, and the license will last for ten years, with ten-year renewal periods. The licensee must roll out coverage to half of the US population within four years and reach 95 percent of the country by the end of the first decade.

What Martin calls a "lifeline broadband service" certainly has its supporters, but it has had plenty of detractors, too, including the wireless industry, the Bush administration, key Republicans in the House of Representatives, and civil liberties advocates (http://arstechnica.com/news.ars/post/20080729-22-public-interest-groups-roast-fcc-smutless-broadband-plan.html) who have all but called the scheme government-sanctioned censorship.

But Public Knowledge, Consumers Union, and the Media Access Project, among other groups, have suggested (http://www.publicknowledge.org/node/1902) that the basic idea, sans filtering and bolstered by stronger open access requirements, has potential. "We appreciate the potential of a new service that could provide a genuine alternative to the current wireline cable modem/DSL duopoly," they have written.

Martin wanted the FCC to vote on this issue at an Open Commission meeting scheduled for December 18 but then bowed (http://arstechnica.com/news.ars/post/20081214-smut-free-broadband-on-hold-as-fcc-cancels-big-meeting.html) to Congressional calls for its cancellation. The FCC is scheduled (http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-287587A1.pdf) to meet via audio conference on Tuesday, but there are no agenda items attached to the event. That will be Republican Commissioner Deborah Taylor Tate's last meeting.
"Tate was one of the Commissioners who I thought was most likely to be supportive of the filtering concept," said Martin. "She's been very involved in children's issues and I think that she had spoken favorably in the past of this idea of the filter for children."

The filter concept is history now. As for the revised proposal, the agency is scheduling another Open Commission meeting for January 15. That may very well be Kevin Martin's final formal FCC appearance, and we have no word yet on what dockets will come up during the meeting.

"Typically in January all the Commission does is do reports on the status of the industry," Martin said. "That's what we've done for the last few years, saying 'Here's what the Commission has been trying to achieve. Here's where we are'."

But the Commissioners could give the go-ahead to the re-smuttified free broadband plan at any time—assuming Martin gets at least two more votes for his new proposal, and gets them quick.

"government has no right to censor protected speech on the Internet, and it cannot reduce adults to hearing and seeing only speech that the government considers suitable for children."

Supreme Court strikes down Internet censorship law

Nick Cargo
Published: Wednesday January 21, 2009 (http://rawstory.com/news/2008/Supreme_Court_strikes_down_Internet_censorship_012 1.html)

It took ten years, but free speech advocates are celebrating the demise of a controversial law they said violated the First and Fifth Amendments in its aims to "protect children."

The American Civil Liberties Union announced (http://www.aclu.org/freespeech/internet/38428prs20090121.html) Wednesday that the Supreme Court will not hear Mukasey v. ACLU, the Bush administration's attempt to appeal federal court rulings against the Child Online Protection Act (COPA), passed by Congress in 1998 after the fall of the 1996 Communications Decency Act (http://en.wikipedia.org/wiki/Communications_Decency_Act).

"For over a decade the government has been trying to thwart freedom of speech on the Internet, and for years the courts have been finding the attempts unconstitutional," said ACLU senior staff attorney and lead counsel Chris Hansen. "It is not the role of the government to decide what people can see and do on the Internet. Those are personal decisions that should be made by individuals and their families."

Federal Judge Lowell A. Reed Jr. in Philadelphia struck the first blow to the law with an injunction in 1999, the Third Circuit of the United States Court of Appeals upholding the decision in June 2000. The Supreme Court concurred in June 2004, pending trial. Judge Reed, in early 2007, again ruled COPA unconstitutional, leading to Mukasey.

COPA, as codified (http://www.aclu.org/freespeech/internet/27131res20061020.html), would have made it an offense punishable by a fine up to $50,000 and/or up to 6 months' imprisonment for transmitting "any material that is harmful to minors" for commercial purposes on the World Wide Web if not put behind a safeguard such as a requirement for payment or a special access code. Additional fines would have been levied for "intentionally" violating the law.

Material deemed "harmful to minors" under COPA included written, photographic, recorded and otherwise "communicated" material that, based on the average person's interpretation of "contemporary community standards," is "obscene" or "designed to appeal to, or is designed to pander to, the prurient interest." The law further reads that any material that "depicts, describes, or represents, in a manner patently offensive with respect to minors, an actual or simulated sexual act or sexual contact, an actual or simulated normal or perverted sexual act, or a lewd exhibition of the genitals or post-pubescent female breast," that "taken as a whole, lacks serious literary, artistic, political or scientific value for minors."

Among the plaintiffs in the lawsuit, filed by the ACLU and the Electronic Frontier Foundation (http://www.eff.org/deeplinks/2009/01/copa) was novelist and activist Patricia Nell Warren (http://www.bilerico.com/2009/01/breaking_news_copa_died_today.php) of Wildcat Press (http://www.wildcatpress.com/). "Wildcat's position was this," she said. "[These] two bills were supposedly aimed at hard-core porn but they were so broadly written that they would be used to criminalize the commercial provision of all kinds of legitimate content to minors on the Internet, whether health information or literature. And such laws definitely would be used by ultraconservatives to limit availability of LGBT content on the Web. For this reason, we felt that it was important for us, as a gay-owned small press, to participate in these lawsuits. The Philadelphia Gay News was also involved.

"The Supreme Court decision puts the onus where it belongs -- on parents, who have the right to use software filters to try keeping their minor kids from viewing material that they disapprove of."

"The Court's decision not to review COPA for a third time affirms what we have been saying all along," ACLU Legal Director Steven R. Shapiro said. "[The] government has no right to censor protected speech on the Internet, and it cannot reduce adults to hearing and seeing only speech that the government considers suitable for children."

*****

Part of the ACLU's closing argument [pdf (http://www.aclu.org/pdfs/freespeech/copatranscript_20061120.pdf)] was that loss of anonymity acted as a deterrent to free speech and its dissemination, since many are unwilling to provide truthful personal information or credit card information to simply view or share content.

What does this do to the push by the Federal government to mandate non-anonymity as a requirement for merely accessing the internet? Opposition based on login cost prohibitions by content providers would effectively be neutralized since the National Surveillance Apparatus (NSA) (http://rawstory.com/news/2008/Whistleblower_Bushs_NSA_targeted_reporters_0121.ht ml) would likely administer and control any access ID scheme. The 'chilling effect' on the other hand apparently remains a sturdy opponent to attempts at government mandated loss of internet anonymity.

It was just too vague a law.

Even Salon.com was brought up on charges for this.

Also, when they say "a communities definition of decency" that can get you in a LOT of trouble. What happens when an area becomes a center for a group of ultra-conservatives (such as certain Muslim sects that require women to be covered head to toe).

The law itself was just carte blank for anyone to call something filthy and get it removed from the net.

Obama orders 'sweeping' review of US cybersecurity

Agence France-Presse
Published: Tuesday February 10, 2009 (http://rawstory.com/news/2008/Obama_orders_sweeping_review_of_US_0210.html)

WASHINGTON (AFP) — President Barack Obama announced a sweeping review of US cybersecurity to protect the government's information technology systems from security and economic threats.

The 60-day review is to be overseen by Melissa Hathaway (http://www.ctovision.com/2008/10/melissa-hathaway-op-ed-on-cyber-security.html), a former official in George W. Bush's presidency who coordinated cyber monitoring for the director of national intelligence, according to a White House statement.

During the election campaign, Obama had equated cyber risks to the threat of nuclear or biological attack and promised a high-level review if he became president.

"The national security and economic health of the United States depend on the security, stability, and integrity of our nation's cyberspace, both in the public and private sectors," said Obama's assistant for counterterrorism and homeland security John Brennan.

"The president is confident that we can protect our nation's critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties," he said in the statement.

The Bush administration was accused of trampling on civil liberties through intrusive monitoring of both telephone and computer traffic.

But the threat of cyber attacks on official US systems has been laid bare in recent years with a spate of hacking incidents, including several blamed on China.

A congressional panel warned in November that China had developed a sophisticated cyber warfare program and stepped up its capacity to penetrate US computer networks to extract sensitive information.

And a December report by the Commission on Cybersecurity for the 44th Presidency told the new leader that cybersecurity was "among the most serious economic and national security challenges we will face in the 21st century."

FULL WHITE HOUSE PRESS RELEASE (http://www.whitehouse.gov/the_press_office/AdvisorsToConductImmediateCyberSecurityReview/) follows:
President Obama has directed the National Security and Homeland Security Advisors to conduct an immediate review of the plan, programs, and activities underway throughout the government dedicated to cyber security.

This 60-day interagency review will develop a strategic framework to ensure that U.S. Government cyber security initiatives are appropriately integrated, resourced and coordinated with Congress and the private sector.

"The national security and economic health of the United States depend on the security, stability, and integrity of our Nation’s cyberspace, both in the public and private sectors. The President is confident that we can protect our nation’s critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties," said Assistant to the President for Counterterrorism and Homeland Security John Brennan.

Melissa Hathaway, who has served as Cyber coordination Executive to the Director of National Intelligence, will lead the review and will serve as Acting Senior Director for Cyberspace for the National Security and Homeland Security Councils during the review period.

Do We Need a New Internet?

New York Times
By JOHN MARKOFF | February 15, 2009 (http://www.nytimes.com/2009/02/15/weekinreview/15markoff.html)

Two decades ago a 23-year-old Cornell University graduate student brought the Internet to its knees with a simple software program that skipped from computer to computer at blinding speed, thoroughly clogging the then-tiny network in the space of a few hours.

The program was intended to be a digital “Kilroy Was Here.” Just a bit of cybernetic fungus that would unobtrusively wander the net. However, a programming error turned it into a harbinger heralding the arrival of a darker cyberspace, more of a mirror for all of the chaos and conflict of the physical world than a utopian refuge from it.

Since then things have gotten much, much worse.

Bad enough that there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over.

What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety. Today that is already the case for many corporate and government Internet users. As a new and more secure network becomes widely adopted, the current Internet might end up as the bad neighborhood of cyberspace. You would enter at your own risk and keep an eye over your shoulder while you were there.

“Unless we’re willing to rethink today’s Internet,” says Nick McKeown, a Stanford engineer involved in building a new Internet, “we’re just waiting for a series of public catastrophes.”

That was driven home late last year, when a malicious software program thought to have been unleashed by a criminal gang in Eastern Europe suddenly appeared after easily sidestepping the world’s best cyberdefenses. Known as Conficker, it quickly infected more than 12 million computers, ravaging everything from the computer system at a surgical ward in England to the computer networks of the French military.

Conficker remains a ticking time bomb. It now has the power to lash together those infected computers into a vast supercomputer called a botnet that can be controlled clandestinely by its creators. What comes next remains a puzzle. Conficker could be used as the world’s most powerful spam engine, perhaps to distribute software programs to trick computer users into purchasing fake antivirus protection. Or much worse. It might also be used to shut off entire sections of the Internet. But whatever happens, Conficker has demonstrated that the Internet remains highly vulnerable to a concerted attack.

“If you’re looking for a digital Pearl Harbor, we now have the Japanese ships streaming toward us on the horizon,” Rick Wesson, the chief executive of Support Intelligence, a computer consulting firm, said recently.

The Internet’s original designers never foresaw that the academic and military research network they created would one day bear the burden of carrying all the world’s communications and commerce. There was no one central control point and its designers wanted to make it possible for every network to exchange data with every other network. Little attention was given to security. Since then, there have been immense efforts to bolt on security, to little effect.

“In many respects we are probably worse off than we were 20 years ago,” said Eugene Spafford, the executive director of the Center for Education and Research in Information Assurance and Security at Purdue University and a pioneering Internet security researcher, “because all of the money has been devoted to patching the current problem rather than investing in the redesign of our infrastructure.”

In fact, many computer security researchers view the nearly two decades of efforts to patch the existing network as a Maginot Line approach to defense, a reference to France’s series of fortifications that proved ineffective during World War II. The shortcoming in focusing on such sturdy digital walls is that once they are evaded, the attacker has access to all the protected data behind them. “Hard on the outside, with a soft chewy center,” is the way many veteran computer security researchers think of such strategies.

Despite a thriving global computer security industry that is projected to reach $79 billion in revenues next year, and the fact that in 2002 Microsoft itself began an intense corporatewide effort to improve the security of its software, Internet security has continued to deteriorate globally.

Even the most heavily garrisoned military networks have proved vulnerable. Last November, the United States military command in charge of both the Iraq and Afghanistan wars discovered that its computer networks had been purposely infected with software that may have permitted a devastating espionage attack.

That is why the scientists armed with federal research dollars and working in collaboration with the industry are trying to figure out the best way to start over. At Stanford, where the software protocols for original Internet were designed, researchers are creating a system to make it possible to slide a more advanced network quietly underneath today’s Internet. By the end of the summer it will be running on eight campus networks around the country.

The idea is to build a new Internet with improved security and the capabilities to support a new generation of not-yet-invented Internet applications, as well as to do some things the current Internet does poorly — such as supporting mobile users.

The Stanford Clean Slate project won’t by itself solve all the main security issues of the Internet, but it will equip software and hardware designers with a toolkit to make security features a more integral part of the network and ultimately give law enforcement officials more effective ways of tracking criminals through cyberspace. That alone may provide a deterrent.

This is not the first time a replacement has been proposed for the current Internet. For example, modern Windows and Macintosh computers already come equipped to support a new Internet protocol known as IPv6 that would fix many of the shortcomings of the current IPv4 version. However, because of cost, performance and compatibility questions it has languished.

That has not discouraged the Stanford engineers who say they are on a mission to “reinvent the Internet.” They argue that their new strategy is intended to allow new ideas to emerge in an evolutionary fashion, making it possible to move data traffic seamlessly to a new networking world. Like the existing Internet, the new network will almost certainly have no one central point of control and no one organization will run it. It is most likely to emerge as new hardware and software are built in to the router computers that run today’s network and are adopted as Internet standards.

For all those efforts, though, the real limits to computer security may lie in human nature.

The Internet’s current design virtually guarantees anonymity to its users. (As a New Yorker cartoon noted some years ago, “On the Internet, nobody knows that you’re a dog.”) But that anonymity is now the most vexing challenge for law enforcement. An Internet attacker can route a connection through many countries to hide his location, which may be from an account in an Internet cafe purchased with a stolen credit card.

“As soon as you start dealing with the public Internet, the whole notion of trust becomes a quagmire,” said Stefan Savage, an expert on computer security at the University of California, San Diego.

A more secure network is one that would almost certainly offer less anonymity and privacy. That is likely to be the great tradeoff for the designers of the next Internet. One idea, for example, would be to require the equivalent of drivers’ licenses to permit someone to connect to a public computer network. But that runs against the deeply held libertarian ethos of the Internet.

Proving identity is likely to remain remarkably difficult in a world where it is trivial to take over someone’s computer from half a world away and operate it as your own. As long as that remains true, building a completely trustable system will remain virtually impossible.

No secuity system will work so long as people are stupid.

No matter how many failsafes you put on there, there will be one idiot in a company that will bring a "joke" or a nude vid into work on a storage device and manage to get several machines infected. Once on an internal LAN, it is easier to infect others than coming frmo outside.

I would bet that 90% of infections come from people doing something stupid rather than actual direct defeats of any cyber security system.

So these "gated communities" sound great until you realize that viruses were around even before the internet. They just got around more after.

Bill proposes ISPs, Wi-Fi keep logs for police

by Declan McCullagh | February 19, 2009 10:45 PM PST (http://news.cnet.com/8301-13578_3-10168114-38.html)

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

The legislation, which echoes a measure proposed (http://news.cnet.com/Congress%20may%20consider%20mandatory%20ISP%20snoo ping/2100-1028_3-6066608.html) by one of their Democratic colleagues three years ago, would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates.

"While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. "Keeping our children safe requires cooperation on the local, state, federal, and family level."

Joining Cornyn was Texas Rep. Lamar Smith, the senior Republican on the House Judiciary Committee, and Texas Attorney General Greg Abbott, who said such a measure would let "law enforcement stay ahead of the criminals."

Two bills have been introduced so far--S.436 (http://thomas.loc.gov/cgi-bin/bdquery/z?d111:s.00436:) in the Senate and H.R.1076 (http://thomas.loc.gov/cgi-bin/bdquery/z?d111:h.r.01076:) in the House. Each of the companion bills is titled "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act," or Internet Safety Act.

Each contains the same language: "A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."

Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on--but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method (http://en.wikipedia.org/wiki/Dhcp) of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.)

"Everyone has to keep such information," says Albert Gidari (http://www.perkinscoie.com/agidari/), a partner at the Perkins Coie law firm in Seattle who specializes in this area of electronic privacy law.

The legal definition (http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002510----000-.html) of electronic communication service is "any service which provides to users thereof the ability to send or receive wire or electronic communications." The U.S. Justice Department's position (http://www.usdoj.gov/criminal/cybercrime/s&smanual2002.htm#_IIIB_) is that any service "that provides others with means of communicating electronically" qualifies.

That sweeps in not just public Wi-Fi access points, but password-protected ones too, and applies to individuals, small businesses, large corporations, libraries, schools, universities, and even government agencies. Voice over IP services may be covered too.

Under the Internet Safety Act, all of those would have to keep logs for at least two years. It "covers every employer that uses DHCP for its network," Gidari said. "It covers Aircell on airplanes--those little pico cells will have to store a lot of data for those in-the-air Internet users."

In the Bush administration, Attorney General Alberto Gonzales had called (http://news.cnet.com/Gonzales-pressures-ISPs-on-data-retention/2100-1028_3-6077654.html) for a very similar proposal, saying that subscriber information and network data should be logged for two years.

Until Gonzales' remarks in 2006, the Bush administration had generally opposed laws requiring data retention, saying it had "serious reservations" about them. But after the European Parliament approved such a requirement (http://news.cnet.com/Europe-passes-tough-new-data-retention-laws/2100-7350_3-5995089.html) for Internet, telephone and VoIP providers, top administration officials began talking (http://news.cnet.com/ISP-snooping-gaining-support/2100-1028_3-6061187.html) about the practice more favorably.

After Gonzales left the Justice Department, the political will for data retention legislation seemed to ebb for a time, but then FBI Director Robert Mueller resumed lobbying efforts (http://news.cnet.com/8301-13578_3-9926803-38.html) last spring.

This tends to be a bipartisan sentiment: Attorney General Eric Holder (http://news.cnet.com/8301-13578_3-10110922-38.html), a Democrat, said (http://www.usdoj.gov/criminal/cybercrime/dagceos.html) in 1999 that "certain data must be retained by ISPs for reasonable periods of time so that it can be accessible to law enforcement." Rep. John Conyers, the Democratic chairman of the House Judiciary Committee, [/URL] that FBI proposals for data retention legislation "would be most welcome."

Smith, who sponsored the House version of the Internet Safety Act, had [URL="http://news.cnet.com/GOP-revives-ISP-tracking-legislation/2100-1028_3-6156948.html"]previously introduced (http://news.cnet.com/8301-13578_3-9926803-38.html) a one-year requirement as part of a law-and-order agenda in 2007.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates (http://news.cnet.com/My-brief-career-as-an-ISP/2010-7355_3-5089267.html) data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity."

Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.)

In addition, Internet providers are required by (http://www.law.cornell.edu/uscode/html/uscode42/usc_sec_42_00013032----000-.html) another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency.

The Internet Safety Act is broader than just data retention. Other portions add criminal penalties to other child pornography-related offenses, increase penalties for sexual exploitation of minors, and give the FBI an extra $30 million for the "Innocent Images National Initiative."

*****

Seems like it could be a fifth amendment violation at least as it applies to individuals.

ITS ALL FOR THE SAFETY OF THE CHILDREN!!!!!!

We MUST keep track of all these things because of all the Pedophiles hanging out at Starbucks!!!!



FAIL! :mad:

Should Obama Control the Internet?

A new bill would give the President emergency authority to halt web traffic and access private data.

—By Steve Aquino | Thu April 2, 2009 12:33 PM PST (http://www.motherjones.com/politics/2009/04/should-obama-control-internet)

Should President Obama have the power to shut down domestic Internet traffic during a state of emergency?

Senators John Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) think so. On Wednesday they introduced a bill to establish the Office of the National Cybersecurity Advisor—an arm of the executive branch that would have vast power to monitor and control Internet traffic to protect against threats to critical cyber infrastructure. That broad power is rattling some civil libertarians.

The Cybersecurity Act of 2009 (PDF) (http://cdt.org/security/CYBERSEC4.pdf) gives the president the ability to "declare a cybersecurity emergency" and shut down or limit Internet traffic in any "critical" information network "in the interest of national security." The bill does not define a critical information network or a cybersecurity emergency. That definition would be left to the president.

The bill does not only add to the power of the president. It also grants the Secretary of Commerce "access to all relevant data concerning [critical] networks without regard to any provision of law, regulation, rule, or policy restricting such access." This means he or she can monitor or access any data on private or public networks without regard to privacy laws.

Rockefeller made cybersecurity one of his key issues as a member of the Senate intelligence committee, which he chaired until last year. He now heads the Committee on Commerce, Science and Transportation, which will take up this bill.

"We must protect our critical infrastructure at all costs—from our water to our electricity, to banking, traffic lights and electronic health records—the list goes on," Rockefeller said in a statement. Snowe echoed her colleague, saying, "if we fail to take swift action, we, regrettably, risk a cyber-Katrina."

But the wide powers outlined in the Rockefeller-Snowe legislation has at least one Internet advocacy group worried. "The cybersecurity threat is real," says Leslie Harris, head of the Center for Democracy and Technology (CDT), "but such a drastic federal intervention in private communications technology and networks could harm both security and privacy."

The bill could undermine the Electronic Communications Privacy Act (ECPA), says CDT senior counsel Greg Nojeim. That law, enacted in the mid '80s, requires law enforcement seek a warrant before tapping in to data transmissions between computers.

"It's an incredibly broad authority," Nojeim says, pointing out that existing privacy laws "could fall to this authority."

Jennifer Granick, civil liberties director at the Electronic Frontier Foundation, says that granting such power to the Commerce secretary could actually cause networks to be less safe. When one person can access all information on a network, "it makes it more vulnerable to intruders," Granick says. "You've basically established a path for the bad guys to skip down."

The bill's scope, she says, is "contrary to what the Constitution promises us." That's because of the impact it could have on Internet users' privacy rights: If the Commerce Department uncovers evidence of illegal activity when accessing "critical" networks, that information could be used against a potential defendant, even if the department never had the intent to find incriminating evidence. And this might violate the Constitutional protection against searches without cause.

"Once information is accessed, it can be used for whatever purpose, no matter the original reason for accessing something," Granick says. "Who's interested in this ? Law enforcement and people in the security industry who want to ensure more government dollars go to them."

Nojeim, though, thinks it's possible the bill's powers could be trimmed as it moves through Congress. "We will be working with them to clarify just what is needed and how to accomplish that," he says. "We're [B]hopeful that some of the very broad powers that the bill would confer won't be included."

*eep*


This is not good. As we saw withthe Patirot Act, giving this broad and undefined a power can, and eventually WILL be misused and abused.

Somehow saying the government is not safe because it uses the public infrastructure and therefore the government has the right to shut it all down is pretty scary, and totalitarian.

The one point that I thought was interesting was this:

Jennifer Granick, civil liberties director at the Electronic Frontier Foundation, says that granting such power to the Commerce secretary could actually cause networks to be less safe. When one person can access all information on a network, "it makes it more vulnerable to intruders," Granick says. "You've basically established a path for the bad guys to skip down."


It is 100% correct, and never occurred to me. Right now the one thing that makes the net hard to control, regulate, AND attack is its lack of a central core or pathway.

You make it so that it can be shut down with a government order, cybercriminals (not just "terrorists") now have a single target they can persue that will yeild them more power (cybernetically) than almost any of the DDoS and other bugs and worms that have been developed so far.

Crack the code and shut down the internet. Period.


I think it would make a great movie! ;)

New Military Command to Focus on Cybersecurity

APRIL 22, 2009
By SIOBHAN GORMAN and YOCHI J. DREAZEN (http://online.wsj.com/article/SB124035738674441033.html)

WASHINGTON -- The Obama administration plans to create a new military command to coordinate the defense of Pentagon computer networks and improve U.S. offensive capabilities in cyberwarfare, according to current and former officials familiar with the plans.

The initiative will reshape the military's efforts to protect its networks from attacks by hackers, especially those from countries such as China and Russia. The new command will be unveiled within the next few weeks, Pentagon officials said.

The move comes amid growing evidence that sophisticated cyberspies are attacking the U.S. electric grid and key defense programs. A page-one story in The Wall Street Journal on Tuesday reported that hackers breached the Pentagon's biggest weapons program, the $300 billion Joint Strike Fighter, and stole data. Lawmakers on the House Oversight and Government Reform Committee wrote to the defense secretary Tuesday requesting a briefing on the matter.

Lockheed Martin Corp., the project's lead contractor, said in a statement Tuesday that it believed the article "was incorrect in its representation of successful cyber attacks" on the F-35 program. "To our knowledge, there has never been any classified information breach," the statement said. The Journal story didn't say the stolen information was classified.

President Barack Obama, when he was a candidate for the White House, pledged to elevate cybersecurity as a national-security issue, equating it in significance with nuclear and biological weapons. A White House team reviewing cybersecurity policy has completed its recommendations, including the creation of a top White House cyberpolicy official. Details of that and other proposals are still under debate. A final decision from the president is expected soon.

A draft of the White House review steps gingerly around the question of how to improve computer security in the private sector, especially key infrastructure such as telecommunications and the electricity grid. The document stresses the importance of working with the private sector and civil-liberties groups to craft a solution, but doesn't call for a specific government role, according to a person familiar with the draft.

Defense Secretary Robert Gates plans to announce the creation of a new military "cyber command" after the rollout of the White House review, according to military officials familiar with the plan.

The Pentagon has several command organizations structured according to both geography and operational responsibility. Central Command, for example, oversees the wars in Iraq and Afghanistan, while the Special Operations Command is responsible for operations involving elite operatives such as Navy Seals.

The cyber command is likely to be led by a military official of four-star rank, according to officials familiar with the proposal. It would, at least initially, be part of the Pentagon's Strategic Command, which is currently responsible for computer-network security and other missions.

Pentagon officials said the front-runner to lead the new command is National Security Agency Director Keith Alexander, a three-star Army general. In a rare public appearance Tuesday at a cybersecurity conference in San Francisco, Gen. Alexander called for a "team" approach to cybersecurity that would give the NSA lead responsibility for protecting military and intelligence networks while the Department of Homeland Security worked to protect other government networks. His spokeswoman said he had no additional comment.

Former President George W. Bush's top intelligence adviser, Mike McConnell, first proposed the creation of a unified cyber command last fall. The military's cybersecurity efforts are currently divided between entities like the NSA and the Defense Information Systems Agency, which is responsible for ensuring secure and reliable communications for the military. The Air Force also runs a significant cybersecurity effort.

Advocates believe the new command will be able to avoid duplication and better leverage the technical expertise of the agencies and the military services' cyberwarriors.

Cyber defense is the Department of Homeland Security's responsibility, so the command would be charged with assisting that department's defense efforts. The relationship would be similar to the way Northern Command supports Homeland Security with rescue capabilities in natural disasters. The NSA, where much of the government's cybersecurity expertise is housed, established a similar relationship with Homeland Security through a cybersecurity initiative that the Bush administration began in its final year.

NSA's increasingly muscular role in domestic cybersecurity has raised alarms among some officials and on Capitol Hill. Rod Beckstrom, former chief of the National Cyber Security Center, which is charged with coordinating cybersecurity activities across the U.S. government, resigned last month after warning that the growing reliance on the NSA was a "bad strategy" that posed "threats to our democratic processes."

Gen. Alexander countered in his speech Tuesday that the NSA did "not want to run cybersecurity for the U.S. government."

—August Cole contributed to this article.
Write to Siobhan Gorman at siobhan.gorman@wsj.com and Yochi J. Dreazen at yochi.dreazen@wsj.com

Printed in The Wall Street Journal, page A2

U.S. regulatory czar nominee wants Net 'Fairness Doctrine'
Cass Sunstein sees Web as anti-democratic, proposed 24-hour delay on sending e-mail

Posted: April 27, 2009
8:41 pm Eastern
© 2009 WorldNetDaily (http://worldnetdaily.com/index.php?fa=PAGE.view&pageId=96301)

WASHINGTON – Barack Obama's nominee for "regulatory czar" has advocated a "Fairness Doctrine" for the Internet that would require opposing opinions be linked and also has suggested angry e-mails should be prevented from being sent by technology that would require a 24-hour cooling off period.

The revelations about Cass Sunstein, Obama's friend from the University of Chicago Law School and nominee to head the White House Office of Information and Regulatory Affairs, come in a new book by Brad O'Leary, "Shut Up, America! The End of Free Speech." (http://shop.wnd.com/store/item.asp?DEPARTMENT_ID=6&SUBDEPARTMENT_ID=20&ITEM_ID=2750) OIRA will oversee regulation throughout the U.S. government.

Sunstein also has argued in his prolific literary works that the Internet is anti-democratic because of the way users can filter out information of their own choosing.

"A system of limitless individual choices, with respect to communications, is not necessarily in the interest of citizenship and self-government," he wrote. "Democratic efforts to reduce the resulting problems ought not be rejected in freedom's name."

Sunstein first proposed the notion of imposing mandatory "electronic sidewalks" for the Net. These "sidewalks" would display links to opposing viewpoints. Adam Thierer, senior fellow and director of the Center for Digital Media Freedom at the Progress and Freedom Center, has characterized the proposal as "The Fairness Doctrine for the Internet."

"Apparently in Sunstein's world, people have many rights, but one of them, it seems, is not the right to be left alone or seek out the opinions one desires," Thierer wrote.

Later, Sunstein rethought his proposal, explaining that it would be "too difficult to regulate [the Internet] in a way that would respond to those concerns." He also acknowledged that it was "almost certainly unconstitutional."

Perhaps Sunstein's most novel idea regarding the Internet was his proposal, in his book "Nudge," written with Richard Thaler, for a "Civility Check" for e-mails and other online communications.

"The modern world suffers from insufficient civility," they wrote. "Every hour of every day, people send angry e-mails they soon regret, cursing people they barely know (or even worse, their friends and loved ones). A few of us have learned a simple rule: don't send an angry e-mail in the heat of the moment. File it, and wait a day before you send it. (In fact, the next day you may have calmed down so much that you forget even to look at it. So much the better.) But many people either haven't learned the rule or don’t always follow it. Technology could easily help. In fact, we have no doubt that technologically savvy types could design a helpful program by next month."

That's where the "Civility Check" comes in.

"We propose a Civility Check that can accurately tell whether the e-mail you're about to send is angry and caution you, 'warning: this appears to be an uncivil e-mail. do you really and truly want to send it?'" they wrote. "(Software already exists to detect foul language. What we are proposing is more subtle, because it is easy to send a really awful e-mail message that does not contain any four-letter words.) A stronger version, which people could choose or which might be the default, would say, 'warning: this appears to be an uncivil e-mail. this will not be sent unless you ask to resend in 24 hours.' With the stronger version, you might be able to bypass the delay with some work (by inputting, say, your Social Security number and your grandfather’s birth date, or maybe by solving some irritating math problem!)."

Sunstein's nomination to the powerful new position will require Senate approval. He is almost certain to face other questions about his well-documented controversial views:

In a 2007 speech at Harvard he called for banning hunting in the U.S.

In his book "Radicals in Robes," he wrote: "[A]lmost all gun control legislation is constitutionally fine. And if the Court is right, then fundamentalism does not justify the view that the Second Amendment protects an individual right to bear arms."

In his 2004 book, "Animal Rights," he wrote: "Animals should be permitted to bring suit, with human beings as their representatives …"

In "Animal Rights: A Very Short Primer," he wrote "[T]here should be extensive regulation of the use of animals in entertainment, in scientific experiments, and in agriculture."

The American Conservative Union is offering an opportunity for Americans to sound off on Sunstein's agenda. The organization has created a website called Stop Sunstein (http://www.stopsunstein.com/) through which readers can submit petition signatures to members of the U.S. Senate.

"As one of America's leading constitutional scholars, Cass Sunstein has distinguished himself in a range of fields, including administrative law and policy, environmental law, and behavioral economics," said Obama at his nomination of his regulatory czar. "He is uniquely qualified to lead my administration's regulatory reform agenda at this crucial stage in our history. Cass is not only a valued adviser, he is a dear friend and I am proud to have him on my team."

O'Leary disagrees.

"It's hard to imagine President Obama nominating a more dangerous candidate for regulatory czar than Cass Sunstein," he says. "Not only is Sunstein an animal-rights radical, but he also seems to have a serious problem with our First Amendment rights. Sunstein has advocated everything from regulating the content of personal e-mail communications, to forcing nonprofit groups to publish information on their websites that is counter to their beliefs and mission. Of course, none of this should be surprising from a man who has said that 'limitless individual choices, with respect to communications, is not necessarily in the interest of citizenship and self-government.' If it were up to Obama and Sunstein, everything we read online – right down to our personal e-mail communications – would have to be inspected and approved by the federal government."

For media inquiries for Brad O'Leary, please send an e-mail here (press@wnd.com).

Sign the petition to block federal government attacks on freedom of speech and freedom of the press! (http://www.wnd.com/index.php?pageId=87882)

Obama Aides Debate Role Of Proposed Cyber Czar

By Ellen Nakashima and Spencer S. Hsu
Washington Post Staff Writers
Wednesday, May 13, 2009 (http://www.washingtonpost.com/wp-dyn/content/article/2009/05/12/AR2009051201743.html)

The nation's top military, intelligence and homeland security officials are recommending that President Obama establish a new White House cyber czar under the National Security Council with broad policy-setting authority for protecting both public- and private-sector computer networks, according to sources familiar with the discussions.

Other top administration officials, at a Friday meeting of Cabinet members and other presidential advisers, argued that the new official -- a deputy assistant to the president -- should also report to the National Economic Council, said sources familiar with the discussions.

In recent weeks, White House economic adviser Lawrence H. Summers and others have expressed concern that security measures not unduly threaten economic growth and other national interests. Obama aides concluded at the meeting that the new official's role would be limited to security and not broader cyber policy issues, such as tax or antitrust matters.

The debate caps a comprehensive review initiated by Obama of the U.S. government's cyber policies and programs. The varied options are now being put before Obama, who will make the final decision about the scope and authority of the new official's role, according to the sources, who spoke on the condition of anonymity to discuss an internal policy matter. A decision could come as early as next week, sources said.

As a candidate last year, Obama pledged to "appoint a national cyber adviser who will report directly to me." In fact, the review has prompted vigorous debate over how much power to give the position, whether measured by closeness to the president, staff, budget authority or ability to reach into the operations of government departments and the private sector.

Security officials have cited the threat to national security posed by the mounting capabilities of criminal, terrorist or potentially state-supported hackers in countries such as Russia and China.

"The United States must treat cybersecurity as one of the most important national security challenges it faces," stated a report issued in December by a commission formed by the Center for Strategic and International Studies.

The report recommended that the president appoint an assistant and set up a National Office for Cyberspace to oversee the intelligence community's and Homeland Security Department's cyber operations.

James A. Lewis, who directed the CSIS project, said the recommendation to name a deputy assistant to the president appears "to match the broad outlines" of the commission's report, but it depends on what's in "the rest of the package."

"The bottom line is, whatever title this person has, if they don't have real authority, then they will not be effective," said Richard A. Clarke, a security adviser to the administrations of Bill Clinton and George W. Bush.

Turf fights have complicated the review, which was supposed to last 60 days but just hit the three-month mark. The sides were evident at Friday's meeting, which was chaired by Summers, national security adviser James L. Jones and his deputy, John O. Brennan, representing White House economic, national security and homeland security councils.

Several sources said Director of National Intelligence Dennis C. Blair argued that the cyber official should report to Jones. That view was backed by Adm. Mike Mullen, chairman of the Joint Chiefs of Staff; Homeland Security Secretary Janet Napolitano; and Energy Secretary Steven Chu, one source said.

A senior White House official said anyone criticizing the cyber coordinator's rank "misses a much broader understanding of the question -- namely that this person would be doing work of immense interest . . . to the president himself."

Clarke said yesterday that if the White House fails to give the cyber adviser authority through the Office of Management and Budget over federal budgets and through the National Economic Council to work with the private sector, "I don't think it's going to get very far."

Obama has to ask "some tough questions," Clarke said, "because this is a growing issue, of growing importance, and we have to get it right."

Accompanying audio interview here (http://www.washingtonpost.com/wp-dyn/content/audio/2009/05/12/AU2009051202945.html?sid=ST2009051203081) with Spencer Hsu.

Pentagon Plans New Arm to Wage Wars in Cyberspace

By DAVID E. SANGER and THOM SHANKER
Published: May 28, 2009
(http://www.nytimes.com/2009/05/29/us/politics/29cyber.html?_r=1)
WASHINGTON — The Pentagon plans to create a new military command for cyberspace, administration officials said Thursday, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare.

The military command would complement a civilian effort to be announced by President Obama on Friday that would overhaul the way the United States safeguards its computer networks.

Mr. Obama, officials said, will announce the creation of a White House office — reporting to both the National Security Council and the National Economic Council — that will coordinate a multibillion-dollar effort to restrict access to government computers and protect systems that run the stock exchanges, clear global banking transactions and manage the air traffic control system.

White House officials say Mr. Obama has not yet been formally presented with the Pentagon plan. They said he would not discuss it Friday when he announced the creation of a White House office responsible for coordinating private-sector and government defenses against the thousands of cyberattacks mounted against the United States — largely by hackers but sometimes by foreign governments — every day.

But he is expected to sign a classified order in coming weeks that will create the military cybercommand, officials said. It is a recognition that the United States already has a growing number of computer weapons in its arsenal and must prepare strategies for their use — as a deterrent or alongside conventional weapons — in a wide variety of possible future conflicts.

The White House office will be run by a “cyberczar,” but because the position will not have direct access to the president, some experts said it was not high-level enough to end a series of bureaucratic wars that have broken out as billions of dollars have suddenly been allocated to protect against the computer threats.

The main dispute has been over whether the Pentagon or the National Security Agency should take the lead in preparing for and fighting cyberbattles. Under one proposal still being debated, parts of the N.S.A. would be integrated into the military command so they could operate jointly.

Officials said that in addition to the unclassified strategy paper to be released by Mr. Obama on Friday, a classified set of presidential directives is expected to lay out the military’s new responsibilities and how it coordinates its mission with that of the N.S.A., where most of the expertise on digital warfare resides today.

The decision to create a cybercommand is a major step beyond the actions taken by the Bush administration, which authorized several computer-based attacks but never resolved the question of how the government would prepare for a new era of warfare fought over digital networks.

It is still unclear whether the military’s new command or the N.S.A. — or both — will actually conduct this new kind of offensive cyberoperations.

The White House has never said whether Mr. Obama embraces the idea that the United States should use cyberweapons, and the public announcement on Friday is expected to focus solely on defensive steps and the government’s acknowledgment that it needs to be better organized to face the threat from foes attacking military, government and commercial online systems.

Defense Secretary Robert M. Gates has pushed for the Pentagon to become better organized to address the security threat.

Initially at least, the new command would focus on organizing the various components and capabilities now scattered across the four armed services.

Officials declined to describe potential offensive operations, but said they now viewed cyberspace as comparable to more traditional battlefields. [With traditional collateral damage?]

“We are not comfortable discussing the question of offensive cyberoperations, but we consider cyberspace a war-fighting domain,“ said Bryan Whitman, a Pentagon spokesman. “We need to be able to operate within that domain just like on any battlefield, which includes protecting our freedom of movement and preserving our capability to perform in that environment.”

Although Pentagon civilian officials and military officers said the new command was expected to initially be a subordinate headquarters under the military’s Strategic Command, which controls nuclear operations as well as cyberdefenses, it could eventually become an independent command.

“No decision has been made,” said Lt. Col. Eric Butterbaugh, a Pentagon spokesman. “Just as the White House has completed its 60-day review of cyberspace policy, likewise, we are looking at how the department can best organize itself to fill our role in implementing the administration’s cyberpolicy.”

The creation of the cyberczar’s office inside the White House appears to be part of a significant expansion of the role of the national security apparatus there. A separate group overseeing domestic security, created by President George W. Bush after the Sept. 11 attacks, now resides within the National Security Council. A senior White House official responsible for countering the proliferation of nuclear and unconventional weapons has been given broader authority. Now, cybersecurity will also rank as one of the key threats that Mr. Obama is seeking to coordinate from the White House.

The strategy review Mr. Obama will discuss on Friday was completed weeks ago, but delayed because of continuing arguments over the authority of the White House office, and the budgets for the entire effort.

It was kept separate from the military debate over whether the Pentagon or the N.S.A. is best equipped to engage in offensive operations. Part of that debate hinges on the question of how much control should be given to American spy agencies, since they are prohibited from acting on American soil.

“It’s the domestic spying problem writ large,” one senior intelligence official said recently. “These attacks start in other countries, but they know no borders. So how do you fight them if you can’t act both inside and outside the United States?”

John Markoff contributed reporting from San Francisco.

*****

Will this new "warfare" include storming American's homes and confiscating their computer equipment and digital media (and win them a trip to Gitmo) for having their computer taken over by remote hackers?

Obama's Cyberwar Misfire

by Douglas Rushkoff
May 29, 2009 | 3:48pm (http://www.thedailybeast.com/blogs-and-stories/2009-05-29/obamas-cyberwar-misfire/full/)

The president’s announcement today of a new czar to protect our cybersecurity misses the point, says Douglas Rushkoff. We need a generation of hand-to-hand digital soldiers, not armchair generals.

Neither President Obama's announcement today of a new "cyber czar" nor the Pentagon's simultaneous creation of a central "Cyber-Command" from which to defend our nation's networks will be enough to bring us up to speed in a rapidly evolving global race for digital superiority. For while America is indeed falling behind in network security, the appointment of czar to manage yet another highly centralized, top-down extension of the administration only betrays our chronic, almost constitutional inability to engage in distributed warfare by distributed means.

Cyber security is not like protecting a cannon or some nuclear fissile material. The barbarians are not at the gates. They're inside your PC right now, or just behind that banner ad—the fake one telling you there's a spybot on your hard drive and to "click here" to remove it. Because of the net's decentralized nature, cyber warfare is less like an artillery battle than it is like hand-to-hand combat. We are all on the frontlines; each of our computers the potential weak spot in the network. Our vulnerabilities are the passwords they "phish" from us by faking messages from the bank, the social security numbers they pry from poorly managed university servers, and the computer processing power they rob from the laptops of millions of porn users whose hard drives are now nodes in our enemies' bot-nets.

Cyber defenseless can be measured in how easily we fall for fake news reports and disinformation, how poorly we distinguish between credible sources and sheer propaganda (whether our own or someone else's), and how quickly we will share our most intimate details in return for a chance at a free iPod or new "friend" on Facebook.

Indeed, the better we adapt to our roles as cyber consumers, the more likely we are as a population to mindlessly hit "submit."

We also need real cyber soldiers. But candidates for such jobs aren’t simply invented in military training camps – they’re grown by a society that values cyber skills. I keynoted a cyber security summit this past spring in Louisiana, along with General Robert Elder, then head of the Air Force's cyber command. His main concern? That not enough American kids know how to program.

General Elder has no problem attracting recruits ready to operate robots or fly drones using controllers modeled after the ones that come with the Sony Playstation. Hell, they love playing video games already. His problem is finding high school graduates with any experience or interest in actually programming all this stuff. Unless something changes radically, Elder told me, the United States will be surpassed in cyber skills within a single generation. The best of our kids design video games; the Indians, Chinese, and Russians' kids write the code on which those games run. Our competitiveness in war, as well as in the high tech market, is already being propped up by outsourcing contracts only as durable as the bank loans they're being funded with.

How could this be? It's because in America we don't value programming. We think of it like bricklaying, farming, or any other seemingly menial skill. We ship our networking jobs to India, China, and other formerly Third World nations, whose elementary schools still teach computer programming as if it were an essential language for everyone to learn. Which it is.

Here in the U.S., on the other hand, high school computer classes teach kids how to use the programs in Office for Windows. Instead of learning how to program a computer, our kids learn how to use one as it has been delivered. In a computing marketplace where altering one's iPhone will "brick" its functionality and where user improvement to programs is treated as an intellectual property violation, it's no wonder we have adopted the attitude that our technology is finished and inviolable from the minute it has been purchased. Just clicking on "agree" during installation says as much.

But we relegate and outsource our programming capabilities at our own peril. No, not every kid we teach programming in school is going to become a computer programmer capable of protecting us from the worst the Iranians or North Koreans can throw at us. But some of them will. Enough, hopefully, to give General Elder the cyber soldiers he needs.

It's time for an academic revolution as profound as the one motivated by the Sputnik launch. If the false threat of the Soviets painting a sickle on the moon was enough to get calculus taught in a majority of American high schools, the real threat of a communications infrastructure meltdown should be enough to get us teaching Basic to Boy Scouts.

Moreover, by educating ourselves en masse about how our computers and networks actually function, we will have strengthened the network itself. It's not up to a czar to protect us from digital calamity. In a world where the enemy martial artist can pop up virtually anywhere, everyone must know kung fu.

Douglas Rushkoff, a professor of media studies at The New School University and producer and correspondent for the PBS Frontline Digital Nation project, is the author of numerous books, including Cyberia, ScreenAgers, Media Virus and, most recently, Life Inc. (http://www.amazon.com/Life-Inc-World-Became-Corporation/dp/1400066891/ref=sr_1_1?ie=UTF8&s=books&qid=1243625087&sr=1-1), to be released this week from RandomHouse.

*****

Doesn't the author know that the government hates decentralized power, knowledge, and defensive capabilities in the hands of the people? The US government must have unchallenged centralized power and supremacy over the entire internet -- or we won't get to have an internet.

The ONLY thing that has kept the internet safe is its decentralization. No virus has been able to completely cripple something that has many heads and many more appendages.

Unfortunately, that also makes it like to sleep around a lot, so it has a tendency to pick up a heck of a lot in its "travels".

Bill would give president emergency control of Internet

by Declan McCullagh | August 28, 2009 12:34 AM PDT (http://news.cnet.com/8301-13578_3-10320096-38.html?tag=newsLeadStoriesArea.1)

Internet companies and civil liberties groups were alarmed (http://news.cnet.com/8301-13578_3-10200710-38.html) this spring when a U.S. Senate bill proposed (http://thomas.loc.gov/cgi-bin/bdquery/z?d111:s.00773:) handing the White House the power to disconnect private-sector computers from the Internet.

They're not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft of S.773 (excerpt (http://www.politechbot.com/docs/rockefeller.revised.cybersecurity.draft.082709.pdf )), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.

The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

"I think the redraft, while improved, remains troubling due to its vagueness," said Larry Clinton, president of the Internet Security Alliance (http://www.isalliance.org/), which counts representatives of Verizon, Verisign, Nortel, and Carnegie Mellon University on its board. "It is unclear what authority Sen. Rockefeller thinks is necessary over the private sector. Unless this is clarified, we cannot properly analyze, let alone support the bill."

Representatives of other large Internet and telecommunications companies expressed concerns about the bill in a teleconference with Rockefeller's aides this week, but were not immediately available for interviews on Thursday.

A spokesman for Rockefeller also declined to comment on the record Thursday, saying that many people were unavailable because of the summer recess. A Senate source familiar with the bill compared the president's power to take control of portions of the Internet to what President Bush did when grounding all aircraft on Sept. 11, 2001. The source said that one primary concern was the electrical grid, and what would happen if it were attacked from a broadband connection.

When Rockefeller, the chairman of the Senate Commerce committee, and Olympia Snowe (R-Maine) introduced the original bill in April, they claimed (http://commerce.senate.gov/public/index.cfm?FuseAction=PressReleases.Detail&PressRelease_id=bb7223ef-1d78-4de4-b1d5-4cf54fc38662) it was vital to protect national cybersecurity. "We must protect our critical infrastructure at all costs--from our water to our electricity, to banking, traffic lights and electronic health records," Rockefeller said.

The Rockefeller proposal plays out against a broader concern in Washington, D.C., about the government's role in cybersecurity. In May, President Obama acknowledged (http://news.cnet.com/8301-13578_3-10252154-38.html) that the government is "not as prepared" as it should be to respond to disruptions and announced that a new cybersecurity coordinator position would be created inside the White House staff. Three months later, that post remains empty, one top cybersecurity aide has quit (http://blogs.usatoday.com/ondeadline/2009/08/white-house-cyber-czar-quits.html), and some wags have begun to wonder why a government that receives failing marks (http://news.cnet.com/DHS-scores-F-on-cybersecurity-report-card/2100-1009_3-6050520.html) on cybersecurity should be trusted to instruct the private sector what to do.

Rockefeller's revised legislation seeks to reshuffle the way the federal government addresses the topic. It requires a "cybersecurity workforce plan" from every federal agency, a "dashboard" pilot project, measurements of hiring effectiveness, and the implementation of a "comprehensive national cybersecurity strategy" in six months--even though its mandatory legal review will take a year to complete.

The privacy implications of sweeping changes implemented before the legal review is finished worry Lee Tien (http://www.eff.org/about/staff), a senior staff attorney with the Electronic Frontier Foundation (http://www.eff.org/) in San Francisco. "As soon as you're saying that the federal government is going to be exercising this kind of power over private networks, it's going to be a really big issue," he says.

Probably the most controversial language begins in Section 201, which permits the president to "direct the national response to the cyber threat" if necessary for "the national defense and security." The White House is supposed to engage in "periodic mapping" of private networks deemed to be critical, and those companies "shall share" requested information with the federal government. ("Cyber" is defined as anything having to do with the Internet, telecommunications, computers, or computer networks.)

"The language has changed but it doesn't contain any real additional limits," EFF's Tien says. "It simply switches the more direct and obvious language they had originally to the more ambiguous (version)...The designation of what is a critical infrastructure system or network as far as I can tell has no specific process. There's no provision for any administrative process or review. That's where the problems seem to start. And then you have the amorphous powers that go along with it."

Translation: If your company is deemed "critical," a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.

The Internet Security Alliance's Clinton adds that his group is "supportive of increased federal involvement to enhance cyber security, but we believe that the wrong approach, as embodied in this bill as introduced, will be counterproductive both from an national economic and national secuity perspective."

The internet can be a great educative tool.

Just take a look at these forums as an example.

Bill would give president emergency control of Internet

Given the broadened powers of the Executive Branch instituted under the Bush administration (see "Patriot Act (http://boston.com/news/nation/washington/articles/2006/03/24/bush_shuns_patriot_act_requirement/)' and "Signing Statements (http://www.presidency.ucsb.edu/signingstatements.php#q5)") I'd bet the POTUS can pretty much do whatever he sees fit in the case of an "Emergency" -- and then the courts will sort it out later.

Courts... LOL!

I should have put quotes around the "sort it out" as well :cool:

Don't forget the "plaintiffs" and/or "prosecutors" not to mention the "investigation" and "expert" "sworn testimony"... though largely moot due to executive privilege and national "security" "secrets".

Alarming.