Hugh Pickens DOT Com writes "Ellen Nakashima reports at the Washington Post that morale has taken a hit at the National Security Agency in the wake of controversy over the agency's surveillance activities and officials are dismayed that President Obama has not visited the agency to show his support. 'It is not clear whether or when Obama might travel the 23 miles up the Baltimore-Washington Parkway to visit Fort Meade, the NSA's headquarters in Maryland,' writes Nakashima, 'but agency employees are privately voicing frustration at what they perceive as White House ambivalence amid the pounding the agency has taken from critics.' Though Obama has asserted that the NSA's collection of virtually all Americans' phone records is lawful and has saved lives, the administration has not endorsed legislation that would codify it. And his recent statements suggest Obama thinks some of the NSA's activities should be constrained. 'The agency, from top to bottom, leadership to rank and file, feels that it is had no support from the White House even though it's been carrying out publicly approved intelligence missions,' says Joel Brenner, NSA inspector general from 2002 to 2006. 'They feel they've been hung out to dry, and they're right.' Former officials note how President George W. Bush paid a visit to the NSA in January 2006, in the wake of revelations by the New York Times that the agency engaged in a counterterrorism program of warrantless surveillance on U.S. soil beginning after the Sept. 11, 2001, terrorist attacks. 'Bush came out and spoke to the workforce, and the effect on morale was tremendous,' Brenner said. 'There's been nothing like that from this White House.' Morale is 'bad overall' says another former NSA official. 'It's become very public and very personal. Literally, neighbors are asking people, 'Why are you spying on Grandma?'"
tsu doh nimh writes "In early October, news leaked out of Russia that authorities there had arrested and charged the malware kingpin known as 'Paunch,' the alleged creator and distributor of the Blackhole exploit kit. Today, Russian police and computer security experts released additional details about this individual, revealing a much more vivid picture of the cybercrime underworld today. According to pictures of the guy published by Brian Krebs, if the Russian authorities are correct then his nickname is quite appropriate. Paunch allegedly made $50,000 a month selling his exploit kit, and worked with another guy to buy zero-day browser exploits. As of October 2013, the pair had budgeted $450,000 to purchase zero-days. From the story: 'The MVD estimates that Paunch and his gang earned more than 70 million rubles, or roughly USD $2.3 million. But this estimate is misleading because Blackhole was used as a means to perpetrate a vast array of cybercrimes. I would argue that Blackhole was perhaps the most important driving force behind an explosion of cyber fraud over the past three years. A majority of Paunchâ(TM)s customers were using the kit to grow botnets powered by Zeus and Citadel, banking Trojans that are typically used in cyberheists targeting consumers and small businesses.'"
Hugh Pickens DOT Com writes "Lindsay Abrams reports at Salon that the Obama administration is offering wind farms 30 years of leeway to kill and harm bald and golden eagles. The new regulations, which were requested by the wind industry, will provide companies that seek a permit with legal protection, preventing them from having to pay penalties for eagle deaths (PDF). An investigation by the Associated Press earlier this year documented the illegal killing of eagles around wind farms, the Obama administration's reluctance to prosecute such cases and its willingness to help keep the scope of the eagle deaths secret. President Obama has championed the pollution-free energy, nearly doubling America's wind power in his first term as a way to tackle global warming. Scientists say wind farms in 10 states have killed at least 85 eagles since 1997, with most deaths occurring between 2008 and 2012, as the industry was greatly expanding. Most deaths — 79 — were golden eagles that struck wind turbines. However the scientists said their figure is likely to be 'substantially' underestimated, since companies report eagle deaths voluntarily and only a fraction of those included in their total were discovered during searches for dead birds by wind-energy companies. The National Audubon Society said it would challenge the decision."
New submitter krakman writes "The Washington Post has an interesting story about how the FBI can investigate and collect details from computers over the net, without knowing anything about the computer location. Here's an example of the FBI's network investigative techniques: 'The man who called himself "Mo" had dark hair, a foreign accent and — if the pictures he e-mailed to federal investigators could be believed — an Iranian military uniform. When he made a series of threats to detonate bombs at universities and airports across a wide swath of the United States last year, police had to scramble every time. Mo remained elusive for months, communicating via e-mail, video chat and an Internet-based phone service without revealing his true identity or location, court documents show. ... The FBI’s elite hacker team designed a piece of malicious software that was to be delivered secretly when Mo signed on to his Yahoo e-mail account, from any computer anywhere in the world, according to the documents. The goal of the software was to gather a range of information — Web sites he had visited and indicators of the location of the computer — that would allow investigators to find Mo and tie him to the bomb threats. ... Even though investigators suspected that Mo was in Iran, the uncertainty around his identity and location complicated the case. Had he turned out to be a U.S. citizen or a foreigner living within the country, a search conducted without a warrant could have jeopardized his prosecution. ...But, [a court document] said, Mo’s computer did send a request for information to the FBI computer, revealing two new IP addresses in the process. Both suggested that, as of last December, Mo was still in Tehran.'"
theodp writes "Among the patents granted to Facebook this week by the USPTO is one for Inferring Household Income for Users of a Social Networking System. 'For example,' Facebook explains, 'an assumption might be made about a user that reads CNN.com and nytimes.com every day that the user is in a higher income bracket than another user that only reads TMZ.com and PerezHilton.com on the theory that a user who reads newspapers might be assumed to make more money than a user who only reads celebrity gossip blogs.' Advertisements such as those for travel packages, cars, and home mortgages, Facebook adds, 'are targeted to users based on income bracket,' which might also be inferred by 'gathering and analyzing different types of information about a user's geographic location.' Hey, what could go wrong?"
walterbyrd sends this news from Techworld: "A Microsoft storage patent that was used to get a sales ban on products from Google-owned Motorola Mobility in Germany has been invalidated by the German Federal Patent Court. Microsoft's FAT (File Allocation Table) patent, which concerns a 'common name space for long and short filenames' was invalidated on Thursday, a spokeswoman for the Federal Patent Court said in an email Friday. She could not give the exact reasons for the court's decision before the written judicial decision is released, which will take a few weeks."
itwbennett writes "An estimated one in four user applications sent from HealthCare.gov to insurance providers have errors introduced by the website, an official with the U.S. Department of Health and Human Services said during a press briefing Friday. The errors include missing forms, duplicate forms and incorrect information in the applications, such as wrong information about an applicant's marital status, said Julie Bataille, communications director for HHS Centers for Medicare and Medicaid Services (CMS). While the software bugs leading to the errors have largely been fixed, as many as 10 percent of insurance applications may still have errors and consumers who have used HealthCare.gov to buy insurance and have concerns that their applications haven't been processed or have errors should contact their insurers, Bataille said."
sciencehabit writes "The company 23andMe will no longer provide health information to people who purchase its DNA testing kit, it announced last night.The change was 'to comply with the U.S. Food and Drug Administration's directive to discontinue new consumer access during our regulatory review process,' the statement said. While current customers will still have access to a 23andMe online database noting the health issues associated with their particular DNA, the company will not update that information, and customers who purchased its Personal Genome Service (PGS) on or after 22 November will receive only information about their ancestry and their raw genetic data without interpretation." It would be great to see a secondary market in this kind of analysis emerge.
New submitter Error27 writes "Last month Wikileaks leaked a draft of the Trans-Pacific Partnership treaty. Here is Congresswoman Zoe Lofgren's response to the leaked documents. She points out that there several troubling issues with the trade agreement. It locks countries into extremely long copyright terms. It limits fair use. It includes DRM provisions which would make it illegal to unlock your cell phone. These laws come from the Stop Online Piracy Act (SOPA) which Americans already rejected."
New submitter chrylis writes "SCOTUSblog is reporting that the U.S. Supreme Court has accepted an appeal in Alice v. CLS Bank, a case in which the Federal Circuit ruled haphazardly that the particular patents in question were invalid but did not address the issue of software patents generally. 'The case will provide a new test of the Patent Act’s most basic provision — Section 101, which broadly outlines what kinds of inventions are patentable. One of the long-standing exceptions to the types of inventions mentioned in that section is that an abstract idea can never be patented. That issue arises frequently these days, especially with rapidly developing technology in computer software. The EFF wrote a summary of the issues in the case when it was before the Federal Circuit this spring. The case files are also available."
chicksdaddy writes "The Federal Trade Commission announced on Thursday that it settled with the maker of 'Brightest Flashlight Free,' a popular Android mobile application, over charges that the company used deceptive advertising to collect location and device information from Android owners. The FTC says the company failed to disclose wanton harvesting and sharing of customers' locations and mobile device identities with third parties. Brightest Flashlight Free, which allows Android owners to use their phone as a flashlight, is a top download from Google Play, the main Android marketplace. Statistics from the site indicate that it has been downloaded more than one million times with an overall rating of 4.8 out of 5 stars. The application, which is available for free, displays mobile advertisements on the devices it is installed on. However, the device also harvested a wide range of data from Android phones which was shared with advertisers, including what the FTC describes as 'precise geolocation along with persistent device identifiers.' As part of the settlement with the FTC, Goldenshores is ordered to change its advertisements and in-app disclosures to make explicit any collection of geolocation information, how it is or may be used, the reason for collecting location information and which third parties that data is shared with."
Hugh Pickens DOT Com writes "Josh Gerstein writes on Politico that President Barack Obama told Chris Matthews in an interview recorded for MSNBC's 'Hardball' that he'll be reining in some of the snooping conducted by the NSA, but he did not detail what new limits he plans to impose on the embattled spy organization. 'I'll be proposing some self-restraint on the NSA. And...to initiate some reforms that can give people more confidence,' said the President who insisted that the NSA's work shows respect for the rights of Americans, while conceding that its activities are often more intrusive when it comes to foreigners communicating overseas. 'The NSA actually does a very good job about not engaging in domestic surveillance, not reading people's emails, not listening to the contents of their phone calls. Outside of our borders, the NSA's more aggressive. It's not constrained by laws.' During the program, Matthews raised the surveillance issue by noting a Washington Post report on NSA gathering of location data on billion of cell phones overseas. 'Young people, rightly, are sensitive to the needs to preserve their privacy and to retain internet freedom. And by the way, so am I,' responded the President. 'That's part of not just our First Amendment rights and expectations in this country, but it's particularly something that young people care about, because they spend so much time texting and-- you know, Instagramming.' With some at the NSA feeling hung out to dry by the president, Obama also went out of his way to praise the agency's personnel for their discretion. 'I want to everybody to be clear: the people at the NSA, generally, are looking out for the safety of the American people. They are not interested in reading your emails. They're not interested in reading your text messages. And that's not something that's done. And we've got a big system of checks and balances, including the courts and Congress, who have the capacity to prevent that from happening.'"
Diamonddavej writes "TorrentFreak reports a potentially troubling court decision in Germany. The company Appwork has been threatened with a 250,000 Euro fine for functionality committed to its open-source downloader (JDownloader2) repository by a volunteer coder without Appwork's knowledge. The infringing code enables downloading of RTMPE video streams (an encrypted streaming video format developed by Adobe). Since the code decrypted the video streams, the Hamburg Regional Court decided it represented circumvention of an 'effective technological measure' under Section 95a of Germany's Copyright Act and it threatened Appwork with a fine for 'production, distribution and possession' of an 'illegal' piece of software."
snydeq writes "The U.S. House of Representatives has passed the Innovation Act, dealing trolls a severe blow despite opposition from universities looking to protect patents, InfoWorld's Simon Phipps reports. The act cleared the House of Representatives with an overwhelming majority of 325 to 91 despite opposition from the organizations most likely to feed new patents to the trolls. 'So bravo to the Innovation Act. It's far from perfect, as the EFF documents and as I commented before the holiday. But it's a step in the right direction, and the tidal surge of support it's seeing suggests legislators' appetite for proper patent reform is finally growing strong enough for them to contemplate substantial change.'"
Berin Szoka is president and founder of the tech policy think tank TechFreedom. The group promotes a wide variety of digital rights and privacy issues. Most recently, they have started a petition demanding reforms to the Electronic Communications Privacy Act (ECPA) so that law enforcement will have to get a warrant before accessing emails stored in the cloud. With so much attention paid to the NSA snooping, Berin believes that the over 25-year-old ECPA has been overshadowed and is in dire need of changes. Mr. Szoka has agreed to answer your questions about privacy and government policy online. As usual, ask as many as you'd like, but please, one question per post.
Hugh Pickens DOT Com writes "The Washington Post reports that the carjackers who set off international alarm bells by absconding with a truckload of highly radioactive cobalt-60, used in hospital radiotherapy machines, most likely had no idea what they were stealing and will die soon from exposure. The robbery occurred as the cobalt-60 was being driven from a public hospital in the border town of Tijuana to a storage facility in central Mexico. While waiting for daybreak at a gas station in the state of Hidalgo the drivers were jumped by two gunmen who beat them and stole the truck. "I believe, definitely, that the thieves did not know what they had; they were interested in the crane, in the vehicle," says Mardonio Jimenez, a physicist with Mexico's nuclear safety commission. The prospect that material that could be used in a radioactive dirty bomb had gone missing sparked an urgent two-day hunt that concluded when the material, cobalt-60, used in hospital radiotherapy machines, was found along with the stolen Volkswagen truck. The cobalt-60 was found, removed from its casing, in a rural area near the town of Hueypoxtla about 25 miles from where the truck was stolen. Jimenez suspects that curiosity got the better of the thieves and they opened the box. So far the carjackers have not been arrested, but authorities expect they will not live long. "The people who handled it will have severe problems with radiation. They will, without a doubt, die.""
Nerval's Lobster writes "Microsoft will encrypt consumer data and make its software code more transparent, in a bid to boost consumer confidence in its security. Microsoft claims that it will now encrypt data flowing through Outlook.com, Office 365, SkyDrive, and Windows Azure. That will include data moving between customers' devices and Microsoft servers, as well as data moving between Microsoft data-centers. The increased-transparency part of Microsoft's new initiative is perhaps the most interesting, considering the company's longstanding advocacy of proprietary software. But Microsoft actually isn't planning on throwing its code open for anyone to examine, as much as that might quell fears about government-designed backdoors and other nefarious programming. Instead, according to its general counsel Brad Smith, "transparency" means "building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors." In addition, Microsoft plans on opening a network of "transparency centers" where customers can go to "assure themselves of the integrity of Microsoft's products." That's not exactly the equivalent of volunteers going through TrueCrypt to ensure a lack of NSA backdoors, and it seems questionable whether such moves (vague as they are at this point) on Microsoft's part will assure anyone that it hasn't been compromised by government sources. But with Google and other tech firms making a lot of noise about encrypting their respective services, Microsoft has little choice but to join them in introducing new privacy initiatives."
DavidGilbert99 writes "The founder of eBay, the parent company of PayPal, Pierre Omidyar has called on U.S. prosecutors to have mercy on the 14 members of Anonymous who are appearing in court this week facing up to 15 years in jail and a $500,000 fine for their part in a DDoS attack against PayPal in 2010. Despite thousands of Anons taking part, and most of the damage being done by two major botnets, the 14 are set to bear all the responsibility if U.S. prosecutors have their way."
tramp writes "The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable. Of course it is 'only metadata' and absolutely not invading privacy if you ask our 'beloved' NSA." Pretty soon, the argument about whether you have in any given facet of your life a "reasonable expectation of privacy" may take on a whole new meaning. Also at Slash BI.
quantr writes with this excerpt from Bloomberg: "China's central bank barred financial institutions from handling Bitcoin transactions, moving to regulate the virtual currency after an 89-fold jump in its value sparked a surge of investor interest in the country. Bitcoin plunged more than 20 percent to below $1,000 on the BitStamp Internet exchange after the People's Bank of China said it isn't a currency with 'real meaning' and doesn't have the same legal status. The public is free to participate in Internet transactions provided they take on the risk themselves, it said. The ban reflects concern about the risk the digital currency may pose to China's capital controls and financial stability after a surge in trading this year made the country the world's biggest trader of Bitcoin, according to exchange operator BTC China. Bitcoin's price jumped more than ninefold in the past two months alone, prompting former Federal Reserve Chairman Alan Greenspan to call it a 'bubble.' 'The concern is that it interferes with normal monetary policy operation,' said Hao Hong, head of China research at Bocom International Holdings Co. in Hong Kong. 'It represents an unofficial leakage to the current monetary system and trades globally. It is difficult to regulate and could be used for money laundering.'"