Andrea

Earlier today, we wrote about Senator Dianne Feinstein's justified anger over the CIA "spying" on the Senate Intelligence Committee staffers as they went about putting together a massive (and apparently incredibly damning) report condemning the CIA's torture program. Having now watched the whole video of her speech, as well as read the transcript, there's a lot more here to discuss. You can watch the speech yourself if you'd like, or read the full transcript, which we've embedded below: Apparently, some of the concerns actually stem from an earlier incident, from back in 2010, during which the CIA deleted access to a bunch of documents that it had previously given to the committee staffers. This came after an initial fight over whether or not the CIA would interfere with the staffers' efforts. The Intelligence Committee eventually agreed with the CIA's request that the research work be carried out on the CIA's premises, but only after the CIA promised not to interfere and to leave the staffers alone. The staffers requested lots of documents, and the CIA did a full pure data dump on them, just handing over piles and piles of documents with no context at all. Basically, it appears the CIA sought to bury the staffers in bullshit, hoping to hide many of the important bits. In response, the staffers asked the CIA to provide an electronic search engine, in order to go through the electronic documents. Also, to keep things organized, the staffers would regularly make local copies and/or print out key documents so they could more easily organize them and keep track of them. Based on this, they noticed that some documents that had initially been available "went missing" in 2010:

In May of 2010, the committee staff noticed that [certain] documents that had been provided for the committee’s review were no longer accessible. Staff approached the CIA personnel at the offsite location, who initially denied that documents had been removed. CIA personnel then blamed information technology personnel, who were almost all contractors, for removing the documents themselves without direction or authority. And then the CIA stated that the removal of the documents was ordered by the White House. When the committee approached the White House, the White House denied giving the CIA any such order.

After a series of meetings, I learned that on two occasions, CIA personnel electronically removed committee access to CIA documents after providing them to the committee. This included roughly 870 documents or pages of documents that were removed in February 2010, and secondly roughly another 50 were removed in mid-May 2010.

This was done without the knowledge or approval of committee members or staff, and in violation of our written agreements. Further, this type of behavior would not have been possible had the CIA allowed the committee to conduct the review of documents here in the Senate. In short, this was the exact sort of CIA interference in our investigation that we sought to avoid at the outset.

Apparently, this snafu was settled quietly between the intelligence committee and the CIA, with the CIA promising not to do it again.

Now, as we've been pointing out, and which was revealed by McClatchy and the NY Times last week, this latest fight is focused mostly on a draft of an internal review by the CIA of the torture program, conducted for then director Leon Panetta. Feinstein reveals some more key details about this document. First, it appears that Panetta more or less ordered the CIA to conduct what appears to be a "shadow review" of the very same documents that were being handed over to the Senate staffers. The report, as noted, appears to come to the same basic conclusions about the CIA's torture program (i.e., that it went to insane lengths and produced absolutely nothing in the way of useful intelligence). This internal review also contradicted the CIA's "official response" to the Intelligence Committee's own report.

Here's where it gets a bit trickier. When current CIA director John Brennan was asked for the full internal report, rather than the draft that the staffers had, there appears to have been a freakout at the CIA, because no one had intended for the intelligence committee to see the report, either as a draft or final report. The CIA appears to have believed that Senate staffers got access to the report illegally (hence the CIA's request that the staffers be investigated for illegal activity). Feinstein denies all of this and notes that the draft report was among the many documents provided in the data dump -- in what now looks like an accident by the CIA folks (and some contractors) in charge of compiling the data dump for the intelligence committee. The staffers "found" this document by using that search tool, which they'd asked the CIA to provide.

Feinstein goes on to reject the claims made by the CIA and CIA supporters that (1) the staffers should have known not to read the documents since they were marked "deliberative" or "privileged" and (2) that they somehow "mishandled" those classified documents by printing them out and bringing them to the Senate. As she notes, both of those claims make little sense. On the classification:

As with many other documents provided to the committee at the CIA facility, some of the Internal Panetta Review documents—some—contained markings indicating that they were “deliberative” and/or “privileged.” This was not especially noteworthy to staff. In fact, CIA has provided thousands of internal documents, to include CIA legal guidance and talking points prepared for the CIA director, some of which were marked as being deliberative or privileged.

Moreover, the CIA has officially provided such documents to the committee here in the Senate. In fact, the CIA’s official June 27, 2013, response to the committee study, which Director Brennan delivered to me personally, is labeled “Deliberative Process Privileged Document.”

We have discussed this with the Senate Legal Counsel who has confirmed that Congress does not recognize these claims of privilege when it comes to documents provided to Congress for our oversight duties.

That takes care of that. On the question of mishandling the documents, the argument is not quite as strong, but still quite reasonable. Yes, it does appear that staffers did not follow the exact process for removing the documents -- in that they were supposed to first review it with CIA staffers, but the reasoning here is not so crazy. The review process was supposedly just so that the CIA could make sure that names of key people or details of operations weren't revealed. The staffers made sure that all such info had been redacted before moving the document -- and, of course, they recognized that this document was a bit of a smoking gun for the CIA in that it appeared to confirm that Director Brennan had been lying to the committee. Taking it to the CIA to review would be an odd move -- especially for staffers tasked with oversight of the CIA itself. Even more important, the staffers noticed that, like back in 2010, that draft review document suddenly "disappeared" from their computer system, despite the previous promises that the CIA wouldn't do that any more (also, she points out that the CIA had previously destroyed early evidence about their torture program). So they made the entirely reasonable decision to make a copy and store it in the Senate:

When the Internal Panetta Review documents disappeared from the committee’s computer system, this suggested once again that the CIA had removed documents already provided to the committee, in violation of CIA agreements and White House assurances that the CIA would cease such activities.

As I have detailed, the CIA has previously withheld and destroyed information about its Detention and Interrogation Program, including its decision in 2005 to destroy interrogation videotapes over the objections of the Bush White House and the Director of National Intelligence. Based on the information described above, there was a need to preserve and protect the Internal Panetta Review in the committee’s own secure spaces.

Now, the Relocation of the Internal Panetta Review was lawful and handled in a manner consistent with its classification. No law prevents the relocation of a document in the committee’s possession from a CIA facility to secure committee offices on Capitol Hill. As I mentioned before, the document was handled and transported in a manner consistent with its classification, redacted appropriately, and it remains secured—with restricted access—in committee spaces.

Now that brings us to the latest "fight." In late 2013, after the intelligence committee had seen that draft report, it had requested the final report from the CIA. That set off alarm bells in the CIA when they realized that the committee knew such a report existed, leading to a freakout and further "searching" the staffers' supposedly private computers and networks:

Shortly thereafter, on January 15, 2014, CIA Director Brennan requested an emergency meeting to inform me and Vice Chairman Chambliss that without prior notification or approval, CIA personnel had conducted a “search”—that was John Brennan’s word—of the committee computers at the offsite facility. This search involved not only a search of documents provided to the committee by the CIA, but also a search of the ”stand alone” and “walled-off” committee network drive containing the committee’s own internal work product and communications.

According to Brennan, the computer search was conducted in response to indications that some members of the committee staff might already have had access to the Internal Panetta Review. The CIA did not ask the committee or its staff if the committee had access to the Internal Review, or how we obtained it.

Instead, the CIA just went and searched the committee’s computers. The CIA has still not asked the committee any questions about how the committee acquired the Panetta Review. In place of asking any questions, the CIA’s unauthorized search of the committee computers was followed by an allegation—which we have now seen repeated anonymously in the press—that the committee staff had somehow obtained the document through unauthorized or criminal means, perhaps to include hacking into the CIA’s computer network.

As I have described, this is not true. The document was made available to the staff at the offsite facility, and it was located using a CIA-provided search tool running a query of the information provided to the committee pursuant to its investigation.

Of course, as Julian Sanchez points out, from this description, it certainly appears that the CIA was collecting "just metadata," and, as you may recall, Feinstein has been at the forefront of arguing that no one should care about the NSA's activities, because it's just metadata. Kinda funny how perspective shifts when it's your metadata being discussed. Suddenly, it becomes a constitutional issue:

Based on what Director Brennan has informed us, I have grave concerns that the CIA’s search may well have violated the separation of powers principles embodied in the United States Constitution, including the Speech and Debate clause. It may have undermined the constitutional framework essential to effective congressional oversight of intelligence activities or any other government function.

[....]

Besides the constitutional implications, the CIA’s search may also have violated the Fourth Amendment, the Computer Fraud and Abuse Act, as well as Executive Order 12333, which prohibits the CIA from conducting domestic searches or surveillance.

And yet that doesn't apply when the NSA spies on all Americans? Yes, Feinstein is absolutely right to be angry about this. It is an astounding breach of protocol, and given that it's the Senate Intelligence Committee's job to oversee the CIA, it appears to be quite a brazen move by the CIA to effectively undermine the Senate's oversight. It's just too bad she doesn't see how the very same things she's angry about concerning her own staff apply equally to everyone else.

There's one other issue in the speech that should be highlighted as well. She notes both of the referrals (that we've previously discussed) to the DOJ: the request to investigate the CIA's activities, and the CIA's tit-for-tat response asking for an investigation into the staffers' access and removal of the draft Panetta review. Feinstein also points out that the person at the CIA who filed the crimes report against her staffers at the DOJ was heavily involved in the torture program the report condemns, and certainly suggests that the move is much more about intimidating Senate overseers:

Weeks later, I was also told that after the inspector general referred the CIA’s activities to the Department of Justice, the acting general counsel of the CIA filed a crimes report with the Department of Justice concerning the committee staff’s actions. I have not been provided the specifics of these allegations or been told whether the department has initiated a criminal investigation based on the allegations of the CIA’s acting general counsel.

As I mentioned before, our staff involved in this matter have the appropriate clearances, handled this sensitive material according to established procedures and practice to protect classified information, and were provided access to the Panetta Review by the CIA itself. As a result, there is no legitimate reason to allege to the Justice Department that Senate staff may have committed a crime. I view the acting general counsel’s referral as a potential effort to intimidate this staff—and I am not taking it lightly.

I should note that for most, if not all, of the CIA’s Detention and Interrogation Program, the now acting general counsel was a lawyer in the CIA’s Counterterrorism Center—the unit within which the CIA managed and carried out this program. From mid-2004 until the official termination of the detention and interrogation program in January 2009, he was the unit’s chief lawyer. He is mentioned by name more than 1,600 times in our study.

And now this individual is sending a crimes report to the Department of Justice on the actions of congressional staff—the same congressional staff who researched and drafted a report that details how CIA officers—including the acting general counsel himself—provided inaccurate information to the Department of Justice about the program.

Once again, it's worth noting that these are the very same folks that, just weeks ago, Feinstein was insisting would never abuse their positions because they're professionals. She said that on January 19th. That was just four days after CIA Director Brennan had told her about how the CIA had conducted the almost certainly illegal search on her own staffers.\

And, of course, this is the point that many of us have been making all along to Feinstein and other kneejerk defenders of the intelligence community. No matter how "professional" they are, they're still human. And given situations where their own jobs may be threatened, they're going to do what they do, and that often leads to serious abuses, like the ones that now have Feinstein so angry. That's why we're so concerned by her lack of real oversight of the intelligence community for years, as well as the rather permissive attitude that both Congress and the courts have taken for years to the intelligence community, by insisting that they only do what they do for the purposes of "national security." I'm curious what kind of "national security" reason the CIA has for spying on the very staffers who were investigating the CIA's torture program?

Permalink | Comments | Email This Story

Every few years a website somewhere on the internet decides that it's a good idea to treat ad block technology users like violent criminals. You might recall a few years back when Ars Technica whined a bit about how ad blocking was "destroying" the websites you love. As we noted at the time, if your ads are so obnoxious that they have users running to block them, that says more than about your advertising choices, management and business model than it does your users. As we also discussed in great detail, there are a myriad of ways that users bring value to a community, outside of forcing their eyeballs to stare at ads.

You might recall that a few years back the Escapist website launched a rather misguided attack on ad blocking technology, banning users in the website's forums for simply mentioning Adblock. The since-deleted thread in question involved a user complaining about a specific ad that seemed to be slowing down his machine's performance, to which responders suggested that he might want to try AdBlock. Those users, who didn't even state that they used Adblock themselves, found themselves completely banned from the forums. After some Internet-wide hysteria over the ham-fisted nature of that decision, Escapist backed off the policy, unbanned the users, and then just tried to shame all of them into feeling guilty.

Fast forward a few years, and it's not particularly clear that the website has learned much of anything from the experience. In a video rant by The Escapist's reviews editor Jim Sterling, Sterling acknowledges that he doesn't think using Adblock is technically stealing, and he blames bad advertisers and bad advertising for a lot of the problem. Still, he apparently believes that using Adbblock is very, very naughty, you should feel horrible, and if you want to get back on the right side of morality you should send him toys (he provides a handy link to his Amazon wishlist). But it's the Escapist forums where things continue to be, well, weird.

Users still seem to get banned if they so much as mention the word Adblock outside of threads specifically designed to discuss Adblock. Even in the thread specifically designed to discuss Adblock and Sterling's video about Adblock, the thread is pockmarked by moderation where users are given repeated slaps on the wrist for simply discussing the website's ad choices. Unsurprisingly, users then get confused about what the hell they can and can't talk about:

"Can mods give clarification on how we're to discuss this? Normally adblock threads are instantly closed with participants warned and if there's to even be a comments section for this video they'll have to be some sort of exception."

On page six, Escapist staff member "Kross" tries to explain the website's thinking on banning the very mention of an incredibly common Internet tool:

"...in order to save our very overworked moderators from having to deal with constant sophistry on what does or does not constitute discussion, we've added the line that says don't talk about it at all. Very little of use was lost (people on a non-advertising forum that isn't read by anyone who makes such decisions can no longer talk about a topic that only causes more work for moderators), but threads like this can open the discussion in a more controlled manner."

I've moderated a significantly larger Internet forum (DSLReports.com) driven almost solely by ads for almost fifteen years now. I can't even imagine the epic shitstorm we would face if I started blaming our users for failures in our business model, then started banning everyone who talked about a common technology I just happened to dislike. I do know such a position would be an utterly ingenious way to drive our userbase away. Kross proceeds to explain to users that life as an Internet website is hard, effectively admitting that massive annoying ads tend to show up more on the website because they pay so much:

"AS FAR AS OBNOXIOUS ADS are concerned, they come from two directions. One is from an advertiser saying "hey we know this is obnoxious, but we'll pay you SEVERAL TIMES MORE per view for this because it is so obnoxious. The other is from "filler ads" that bring in a whole network. When we can't run targeted ads (due to nobody wanting to buy that space or not being selected for the ad lottery that month and getting no real ads) we run filler ads, which are a network that we tell "give us X categories of ads". These networks allow us to retro-actively block certain ads, but we mostly rely on them to block "bad" ads from getting through."

Obviously it's the Escapist's forum and it's certainly their prerogative to do anything they see fit, including banning the discussion of waffles, aardvarks, acrylic painting and recombination gene technology. Still, I don't see the logic in being this adversarial with your userbase, then expecting it to help drive up site revenues when you're the one fracturing and annoying the community with horrible ad choices and bans (hyperbole + blame + censorship surely = profit!). If it's your obnoxious ad choices that are driving users to Adblock in the first place, then fix your obnoxious ad choices. That's not on users, it's on you. Don't beat your users about the head and face with censorship and public shaming because you can't adapt to a new market reality you just happen to dislike.

Permalink | Comments | Email This Story

Here's a little-known fact about Amazon's Prime membership: The company guarantees your package will be delivered at the promised time. If it's not, Prime members can get a one-month extension of their membership.

Read more...

Origins of common UI symbols   (larger)

We’re excited to announce that starred items are now live in The Old Reader.  This has been one of the most requested features and something we’ve felt belongs in the application for a long time.  Hotkey (f) and API support are also available.  Starred items will automatically be sent to pocket for users that have it activated.

As most of you know, our focus over the past few months was to increase performance and stability of The Old Reader.  We’ve made tremendous strides and can now focus on adding functionality and making this tool a long-term sustainable platform built for the Open Web.  The best is yet to come.

Thanks for using The Old Reader!

(www.catgifs.org/2013/09/07/cat-surprised-cat-animated-gif/)

What’s the next step in door-to-door delivery for online purchases? According to Amazon’s Jeff Bezos, it’s self-piloting drone helicopters, which isn’t at all terrifying.

On Sunday’s 60 Minutes, Bezos dragged Charlie Rose out of his black-backgrounded studio and to Amazon HQ to show off “Amazon Prime Air” octo-copters, tiny, electric drone aircraft that he believes could someday bring packages directly to customers’ homes and offices.

“I know this looks like science-fiction,” Bezos tells a jaw-dropped Rose. “It’s not. It’s early; this is still years away… we can do half-hour delivery, and we can carry objects — we think — up to five pounds, which covers 86% of the items that we deliver.”

Bezos says the current generation of test drones have a 10-mile radius from a fulfillment center. Given the growing number of Amazon warehouses out there, that would cover quite a substantial portion of some major metro areas.

“It won’t work for everything,” he admits. “We’re not going to carry kayaks or table saws this way.”

Unlike most currently operating drones that are remotely piloted by someone on the ground with a monitor and controls, these Amazon copters do the flying themselves.

“You give them instructions of which GPS coordinates to go to, and they take off and they fly to those GPS coordinates,” explains Bezos. “The hard part here is putting in all the redundancy, all the reliability, all the systems you need… this thing can’t land on somebody’s head while they’re walking around their neighborhood. That’s not good.”

He admits that the project is still years away from becoming a reality.

“I know it can’t be before 2015 because that’s the earliest that we could get the rules from the FAA,” Bezos says. “My guess is that’s pretty a little optimistic. But could it be four to five years? I think so. It will work and it will happen, and it’s gonna be a lot of fun.”

Speaking of the future, Bezos confesses that while Amazon may be the unrivaled titan of e-tail today, it will someday be unseated by some punk upstart startup.

“Companies have short life spans” he says. “Amazon will be disrupted one day… I don’t worry about it because I know it’s inevitable. Companies come and go and the companies that are the shiniest and most important of any era, you wait a few decades and they’re gone.”

As for when he predicts Amazon’s fated downfall, Bezos laughs and says, “I would love for it to be after I’m dead.”

It's been nearly a year since the Sandy Hook tragedy and if we've learned anything at all in the aftermath it's that we've learned nothing at all in the aftermath. Whether you're an advocate of gun control, an advocate for the link between violence and video games, or an advocate of the NRA, it really doesn't matter. The only thing to come out of the tragedy was a ton of talk, a boon for our stupid cable news networks' ratings, and the exceptional vacuum in which absolutely no conclusions were drawn and nothing was done. Twenty-six people were murdered, most of them children, and the needle hasn't moved in either direction one iota. Well done, everyone.

Wait, I forgot one other lesson we should all have learned from the tragedy: major media and a large swath of our fellow citizens somehow combine being reactionary and willfully ignorant in a way that would be cartoonishly hilarious if it weren't so damned maddening. And now we have the opportunity to re-learn that lesson as we watch the reaction to a "video game" inspired by Sandy Hook in which everyone gets everything wrong from every side possible. Here's how the game is described in the media:

"The Slaying of Sandy Hook Elementary" directs gamers to storm virtual classrooms with an AR-15 assault rifle in the same vein as Lanza and displays a kill ratio at the end. The game's release comes less than a month before the first anniversary of the Dec. 14 massacre.

This is, at best, only half the story. What most reports omit or bury is that the second part of the game has you attempt the same assault, but you're forced to use a sword because theoretical gun-control laws have kept you from being able to use a gun. Under the limitations of a countdown, the entire point of the game is that with a sword you can't rack up the body-count you can with a gun. It's an artistic statement on gun-control.

Now, I can already hear my friends in the comments section gearing up for a conversation about freedom, the 2nd amendment, and the uselessness of gun control. Don't. Not because I disagree with you or think your arguments are invalid (I don't), but because that isn't what this post is about. This is about freedom of speech and the importance of artistic expression on the issues of our day, as well as how completely incapable our media and some citizens are at having even a semblance of an intelligent conversation about this. And this comes from all sides, gun-rights folks and gun-control folks, conservative or liberal, it doesn't matter. Everyone comes out of this sounding stupid, because nobody seems to bother actually learning what this game is and is all about. Take a family member of one victim, for instance:

"I'm just horrified," Llodra said. "I just don't understand, frankly, why anyone would think that the horrible tragedy that took place here in Sandy Hook would have any entertainment value. It just breaks my heart."

Great, except the game isn't designed for entertainment purposes, it has a message about the useless reaction to the tragedy. In other words, you don't know what you're talking about. Because you didn't actually see the game or the site, where you would have heard:

In an audio recording on the site, Lambourn describes himself as a U.S. expatriate from Houston who resides in Australia. There, he said, gun laws enacted after the fatal shooting of 35 people at a popular tourist destination in 1996 have stemmed the tide of violence.

Llodra missed the message. As did the NRA:

The NRA called the simulation "reprehensible," but was reluctant to comment further, saying it didn't want to give more ink to "this despicable excuse for a human being."

It's not a simulation, it's artistic commentary, and it's especially funny for an organization that puts out its own "games" about shooting all kinds of things. And those games are targeted to elementary-aged school children. Note: I don't have a problem with the games themselves, only the hypocritical commentary from the NRA. This hatred of hypocrisy isn't reserved for conservative groups like the NRA, either. Here's champion hypocrite Richard Blumenthal, Democrat Senator from Connecticut.

"I find the exploitation of this unspeakable tragedy is just shocking," Blumenthal told Hearst. "From what I've heard and what's been shown to me, it's absolutely abhorrent. My hope is that it will be voluntarily taken down because it's offensive and hurtful."

Got it? It's shocking for anyone to exploit the Sandy Hook tragedy for their own aims. I wonder how shocking Blumenthal found, you know, himself back in March, when he said:

A "sensible compromise" can still be reached on gun-control legislation in the Senate, Sen. Richard Blumenthal said on Sunday, saying the "shock and terror of Newtown" was still a major motivating factor for lawmakers.

So it's cool to exploit the tragedy to pass the laws you want, but not cool to exploit it to advocate for passing...the same damn laws you want? Which you didn't know was the message of the game, because some reporter called you up, told you someone made Doom but set it in Sandy Hook, and your head exploded into a shower of dumbass responses. What the hell?

So, please, please, please learn this lesson: thou shalt know what thou art talking about before talking about it. I know, it's really hard, especially for ratings-driven controversy whores like the media or grandstanding politicians, but just try it out. In other words, it's entirely possible to hate what happened at Sandy Hook while still leaving room for artistic, even controversial, speech on the matter. Cowboy-up, Americans, this really shouldn't be too hard.

Permalink | Comments | Email This Story

What do the controls for two hydroelectric plants in New York, a generator at a Los Angeles foundry, and an automated feed system at a Pennsylvania pig farm all have in common? What about a Los Angeles pharmacy's prescription system ...

Here's hoping this experiment goes well. Design by Ross Nover. Crotchety grousing, as ever, by yours truly.

If you'd like a poster version, it's available here.

Enable JavaScript to check out our fancy slideshow.

1. 1.
2. 2.
3. 3.
4. 4.
5. 5.
6. 6.
7. 7.
8. 8.
9. 9.
10. 10.
11. 11.

[View All on One Page]

Todd Kent’s daughter Katie—who in previous years dressed as the Avengers and every color in the Lantern Corps—turns Halloween into Wholoween by dressing as the Doctor. All eleven of them. That little Nine jacket is… wait for it… fantastic.

(via Todd Kent on Comic Book Literacy)

Are you following The Mary Sue on Twitter, Facebook, Tumblr, Pinterest, & Google +?

A recent copyright infringement (+ "threat to national security") lawsuit filed by a government contractor against its former employee highlights two terms the government frequently fears: open source and hacking.

Open source software (especially free open source software) is often portrayed by government officials as inherently unsafe to deploy. If anyone can see the source code then surely anyone can exploit it, they state. This is institutional resistance is aided greatly by companies like Microsoft who would prefer to see lucrative software licensing contracts continue indefinitely. Not that "closed source" software is any more secure, as Microsoft itself (along with Adobe) can certainly attest. But that irrational fear remains, and greatly hinders the adoption of open source software by government agencies.

Hacking is another of the government's favorite boogeymen. The oft-abused CFAA has turned exploration of software and systems into a crime. The government uses the words "hacking" and "hacker" almost exclusively to denote criminal activities and criminals. This continues long after the words have entered the mainstream to reflect positive activities. (See also: the extremely popular Lifehacker website; any number of events with the word "-hack" appended that result in extremely constructive outcomes.)

Andreas Schou brought this restraining order granted by an Idaho judge to many people's attention on Google+. (H/T to unnamed Techdirt reader for the submission.) It's an ultra-rare "no notice" restraining order that resulted from a wholly ex parte process involving only the plaintiff, government contractor Battelle Energy Alliance. The restraining order allowed Battelle to seize its former employee's computer, as well as prevent him from releasing the allegedly copied software as open source.

Schou details how he heard about the case.

Yesterday afternoon, my good friend (and former client) got a panicked call from his wife. Attorneys for the government contractor he formerly worked for had showed up at his door with some sort of order, demanding to be let in to seize his computers. While his wife was held out on the lawn by private attorneys, the contractor's counsel tried to call in the sheriff to -- I guess -- break down his door.

My first thought, obviously, was: this is all some sort of misunderstanding. Because Corey [Thuen] -- who's a professional security researcher -- has worked for the government his entire career, both at the FBI and as a security researcher specializing in SCADA systems, cyberterrorism, and critical infrastructure. He's a straight-laced, church-attending guy with three kids and an admittedly strange job.

And here's what he's been accused of: threatening national security by open-sourcing a network visualization and whitelisting tool.

The arguments made in Battelle's original complaint were bought almost in their entirety by Judge B. Lynn Winmill. Battelle claims copyright infringement, citing Corey Thuen's software, Visdom, resembles its own Sophia software. As evidence of this, it offers the following:

- Thuen worked on Sophia and had access to the code.
- Visdom's name is remarkably similar to Sophia. (The short version: Sophia is the goddess of wisdom. Wisdom/VISDOM.)
- There's no way Thuen could have come up with his own program in such a short period of time without copying substantial amounts of Sophia's code.

Battelle also points out that Thuen's company, Southfork, made a bid to license Sophia but withdrew it a short while later, inferring that Thuen's allegedly infringing copy made licensing software an unneeded expense. (Thuen's response claims that Southfork withdrew its bid when it became apparent Battelle wasn't interested in pursuing an open source option.)

Schou points out that if Battelle had done any due diligence, it would have realized that its infringement claim -- especially the claim that Thuen couldn't have created competing software in that time frame without copying Sophia -- is just plain wrong.

Somehow, despite spending a great deal of money on a BigLaw firm and getting an unprecedented ex parte order for the seizure of critical business infrastructure, they didn't check Github. And if they had, they'd have found out that the open-source project is built in a different language, using open libraries. They'd have been able to check the code commits to look at the period the software was written in.

And they wouldn't have sued to begin with.

Thuen breaks it down even more simply in his response:

Visdom, unlike Sophia, makes heavy use of third party open source libraries to accomplish many of the tasks for which the Sophia development team had to write code ourselves. An example for illustration: as part of my work on Sophia, I created a scrollbar from scratch, which means I had to implement the click and drag behavior (along with buttons) that causes a scrollbar to do what the average user expects a scrollbar to do. Visdom, on the other hand, builds on top of other, third party components that make scrollbars inherent. In other words, on Sophia development I spent significant time creating basic components to a user interface, whereas Visdom did not require such efforts. Visdom's heavy use of open source libraries facilitated its development in a matter of several months.

As Schou states, it's also written in a completely different coding language. Battelle and its representation may think it's just a simple copy-paste job to "port" software from one language to another, but Thuen dismantles this misperception.

Visdom was written in HTML, Javascript, and Go. As previously mentioned, Sophia was written in C. Visdom is not a translation of Sophia from C to the languages in which Visdom is written. We did not have the Sophia code when we created Visdom.

Further, a program written in one programming language cannot be cut-and-pasted into another programming language. Programming languages have different lexicographical grammars. As an example, if I'm writing code in C I have to deal with memory management; I have to keep track of the resources used by my programs. Javascript has no such concept, and any C code that does these functions would be impossible to translate into Javascript. Further, Javascript is an interpreted language and C is a compiled language. In other words, C creates software that runs on hardware, whereas Javascript creates software that runs in programs that run on hardware.

No two programmers who translate from one language to another, or from C to Javascript in particular, would produce the same output for any complex program. Those two languages, and their paradigms, are incompatible. A program written in C will inherently solve the problem to which it is directed in a different way than a program directed at the same problem but written in Javascript.

In developing Visdom, I specifically avoided any code, modules, sequences, routines, structures, screenshots, or any other materials that may have constituted some part of Sophia, based on my knowledge of Sophia as of the end of my access to it on or about August 2, 2012. Visdom is intended to solve the same problems as Sophia, but it is not a copy of Sophia, just as an electric car is not a copy of a gas-powered car simply because both are used for the same purpose.

What the judge determined to be "adequate circumstantial evidence" to justify ordering a no-notice restraining order (which included the seizure of Thuen's computer -- because he's a "hacker" -- more on that in a bit) completely falls apart when confronted with technical knowledge and observable facts.

Thuen's project is still listed at github where anyone can view related information, including development time, commits and, most importantly, the source code itself, where anyone with the technical knowledge would have seen that a) it pulled from other sources to speed production and b) is written in a completely different language.

Unfortunately, Battelle also abused the term "hacking" to justify the seizure of Thuen's computer without notice. Its arguments in the original complaint quotes one of its own employees in support of its "if we notify him, he'll just wipe the hard drive" theory. The court cites this in its justification of the ex parte restraining order

[B]attelle asserts that defendants are likely to wipe the hard drives on Thuen's computer, thus destroying direct evidence of wrongdoing. Battelle suggests that either of these actions would render further prosecution of the lawsuit fruitless...

The Court finds it significant that defendants are self-described hackers, who say, "We like hacking things and we don't want to stop."

A well-known characteristic of hackers is that they cover their tracks… This makes it likely that defendant Thuen will delete material on the hard drive of his computer that could be relevant to this case...

The Court has struggled over the issue of allowing the copying of the hard drive. This is a serious invasion of privacy and is certainly not a standard remedy, as the discussion of the case law above demonstrates. The tipping point for the Court comes from evidence that the defendants - in their own words - are hackers. By labeling themselves this way, they have essentially announced that they have the necessary computer skills and intent to simultaneously release the code publicly and conceal their role in that act. And concealment likely involves the destruction of evidence on the hard drive of Thuen's computer. For these reasons, the Court finds this is one of the very rare cases that justifies seizure and copying of the hard drive.

The supposedly damning declaration by Thuen comes from Southfork's home page.

We're pretty good at hacking things. The idea is:

Identify what you want looked at
We hack it
You fix it

Your customers love you and you gain a little bit more peace of mind. We wouldn't mind bringing your people in to participate and see first-hand how an attacker views your system. We'd love to train ourselves out of a job.

Southfork will test system security when hired by a company specifically for that purpose. Battelle's filing attempts to spin Southfork's technical knowledge into a purely evil thing. According to Battelle, hackers are always adversaries, even when the company's own front page statement proclaims otherwise. Just because the knowledge is there doesn't mean it will only be deployed to cause damage. Thuen's response points out the flaw in this reasoning.

As a cybersecurity professional, I am aware of, and possess ability for, many “hacking” techniques that may be used in illegal ways, but I put them to use improving my customers’ security. In other words, I’m much like a locksmith who possesses the ability to pick a lock and uses his knowledge to help as a contributing member of society… In my career, I have held government clearances with the Federal Bureau of Investigation and the United States Department of Energy, which required me to pass multiple lie detector tests, psychological tests, extensive background checks, and other miscellaneous tests.

Battelle's goes even further than this in its complaint, painting Thuen's hacking ability and his "threat" to take his project open source as a danger to national security.

BEA's copyrighted software is called Sophia and protects the United States' energy infrastructure by alerting utility administrators of potential hackers or other threats to the integrity of the nation's energy grid.

Given the nature of Sophia, Defendants' actions have implications for our national security. Defendants know of these implications but have ignored them.

Fortunately, this stretched argument doesn't weigh in the judge's restraining order, but it's still a part of Battelle's complaint against Thuen. This argument is baseless as well, relying heavily on the allegation that Thuen's code is Battelle's code. Theun points out the flaw in Battelle's portrayal of open source code as inherently dangerous.

I disagree with Battelle that security software like Sophia or Visdom cannot be open source because then hackers would have access to the source code. Security systems are better served by being open source so that complicated things, like cryptographic algorithms and implementations, can be reviewed by independent expert auditors rather than sitting behind smoke screens. The plethora of open source software used in secure systems today completely debunks the notion that you cannot have valuable and secure software that is also open source…

In the statements dealing with irreparable harm, Battelle claims it wouldn't be able to compete with Southfork's Visdom if Thuen chose to give it away (earning money from support packages and custom modules). Clearly, Battelle and its lawyers are unaware that top selling programs like Microsoft Office (LibreOffice) and Photoshop (GIMP) compete with fully-featured (and open source) free programs all the time.

There are many more flawed arguments in Battelle's filing, but it appears that both the plaintiff and the presiding judge had just enough knowledge between them to reach a bad conclusion. Thuen's response tackles every accusation from Battelle's complaint, punching some big holes in its filing. Unfortunately, the court decided to handle this ex parte and is only now aware of the weaknesses of Battelle's allegations.

What this looks like is a government contractor hoping to shut down a competitor by deploying two "chilling" favorites: copyright infringement and "threats to national security." It also hurts itself by falling for government FUD -- "open source is dangerous" and "hackers are bad" -- both of which contributed to the general level of failure contained in its complaint.



Permalink | Comments | Email This Story

It's not terribly often that two regular themes we discuss at Techdirt come together in an almost perfect way. Yet that's exactly what's happened recently with a story that combines the value of allowing citizens to record public servants, particularly law enforcement officers, and the complete travesty known as stop and frisk. While that program is perhaps most infamous in New York, the basis for it is a court case, Terry v. Ohio, and that has been the groundwork for similar law enforcement policies throughout the country. Included in that is the city of Philadelphia, where we are able to see and hear firsthand a stop by two officers that all began when someone said hello to a stranger. Here's the entire video.

In case you can't view or would just like highlights, two men were stopped by police, according to the officers, because they said hello to a stranger and people just don't do that. So now we're outlawing being polite? Outstanding. It gets worse from there.

"I didn't accuse you of anything, can you hear? I said we could have got a call that somebody wearing the clothes that you're wearing just robbed someone, that's why we stopped you, so is that wrong of us?"

Well, gee, officer, in that completely hypothetical that you aren't confirming actually happened, that would not be wrong. But that isn't what was said initially. Instead, the stop occurred because of so-called suspicious activity that consisted of someone saying hello to another person. A stop due to a BOLO (be on the lookout) probably wouldn't have started with questioning suspects about saying hello.

"You're under investigation right now"

"Investigation of what? I was walking."

"That's not what I saw"

"I was walking."

"You're gonna be in violation if you keep running your mouth when I split your wig open."

I'm pretty sure we have a right to remain silent, not a requirement to under penalty of a split wig, whatever the hell that is. Further, as the video continues with threats for taking the men in for "running" their mouth illustrates wonderfully how far outside the bounds of serving and protecting these two esteemed officers went.

If you can stomach the video all the way through, you end up hearing the officers admit these two gentlemen did nothing wrong and would be let go, offered up via an extremely patronizing admission that they're "good guys." Without the right to record, not only would the abhorrent actions of the officers be subject to review, but those more privileged in life like myself might not understand that complete humiliation and unfairness involved in randomly stopping people without any reasonable suspicion wrong-doing. Stop and frisk and its cousin programs need to go the way of the dodo now.

Permalink | Comments | Email This Story

A pair of researchers have uncovered more than two dozen vulnerabilities in products used in critical infrastructure systems that would allow attackers to crash or hijack the servers controlling electric substations and water systems.

I had the best gelato of my life when I was in Rome the week before last. I bought it at Caffè Tomeucci on Viale Europa. It wasn't too sweet and it had a great texture. The flavors were pistachio and chocolate pistachio. I'll never forget it.

Today I was looking at Tyler Cowan's Marginal Revolution blog, and he linked to an article titled "How To Spot Good Gelato From 15 Feet Away." One thing to look for, says the author, is the color of the gelato:

If the fruit gelati are made of pure, real fruit then they will be the color that fruit would be if you crushed it: berry flavors a deep dark off-black purple/red, apple white or brownish or yellowish sometimes with flecks of peel, and banana a rather unappealing shade of gray. If, on the other hand, banana is a cheery yellow, apple a perky spring green and berry flavors are the light-ish color of blueberry yogurt, then the gelato before you is a mix of milk with food coloring plus fruit extracts or artificial fruit flavor. Pistachio similarly should be the color of crushed nuts, not bright green… The pistachio on the right here is clearly very artificial.

If you want to learn six other ways to spot good gelato from fifteen feet away read the article.

buy this print
Or share on: facebook reddit

Chart: Keith Collins, Jennifer Daniel and Karen Yourish/The New York Times

So. The government of the United States of America, the world's largest superpower, has shut down due to political bickering between the Republicans and the Democrats largely over Obamacare.

You didn't need us to tell you that. That much you already know.

The topic, as you'd expect, is everywhere on the news and Internet. But we'd like to know how this government shutdown - the first in 17 years (the last one was back in 1995 and 1996 when Newt Gingrich-led Congress feuded with President Clinton) - affected you. Government shutdowns are quite rare, and the last time it happened it wasn't as doom-and-gloom as people thought it would be.

But that doesn't mean that the shutdown does not have terrible effects on some people. How about for you? Does the US government shutdown affect you badly? In what ways?

POLL: Does the US Government Shutdown Affect You?

• Yes
• No
• I Don't Know! Just Show me the answers!

Apparently the Sequester is hitting the Defense Department so hard that it can't even afford a new fax machine to handle Freedom of Information Act (FOIA) requests. Now, you might wonder why a fax machine is needed, but since the US government has generally made it as difficult as possible to file FOIA requests, faxing is often the best way. MuckRock, a service that helps others (including us!) file FOIA requests, has noted that the Defense Department (which it also notes has a $31.8 billion -- with a b -- budget for "maintenance and operations") has a broken fax machine, and can't promise a new one will be set up "until the start of the new fiscal year." That's not particularly comforting. Basically, the DOD is telling MuckRock to stop sending it faxes for a few months (at least). Remember that, by (often ignored) law, the DOD is required to respond to FOIA requests within 20 business days. Yet, here, the DOD is saying sit tight and wait for a few months because it can't buy a new fax machine. MuckRock even points out that, these days, you can just get an online faxing service which would probably be a lot more efficient in the first place. But, of course, that's not how the government works.

Permalink | Comments | Email This Story

„The IT Crowd Special will be on your screens Friday 27th September on Channel 4 at 9pm!“ There you have it. Jump around.

archive - contact - sexy exciting merchandise - cute - search - about
← previous	September 3rd, 2013	next
September 3rd, 2013: I've linked these before, but now is as good a time as any to remind you of the Most Wanted Song and the (objectively much superior as it includes operatic hip-hop) Most Unwanted Song! One year ago today: send not to know for whom the bell tolls; it tolls for he, she, Pawnee, the Adriatic Sea, and your computer science degree – Ryan

Shelly wasn’t prepared for the helicopter’s natural defenses. 

buy this print
Or share on: facebook reddit

Pow!

Market researcher Clotaire Rapaille was interviewed for an episode of Frontline on advertising and marketing back in 2003. I like what he had to say about the differences in how the French and Americans think about cheese.

For example, if I know that in America the cheese is dead, which means is pasteurized, which means legally dead and scientifically dead, and we don't want any cheese that is alive, then I have to put that up front. I have to say this cheese is safe, is pasteurized, is wrapped up in plastic. I know that plastic is a body bag. You can put it in the fridge. I know the fridge is the morgue; that's where you put the dead bodies. And so once you know that, this is the way you market cheese in America.

I started working with a French company in America, and they were trying to sell French cheese to the Americans. And they didn't understand, because in France the cheese is alive, which means that you can buy it young, mature or old, and that's why you have to read the age of the cheese when you go to buy the cheese. So you smell, you touch, you poke. If you need cheese for today, you want to buy a mature cheese. If you want cheese for next week, you buy a young cheese. And when you buy young cheese for next week, you go home, [but] you never put the cheese in the refrigerator, because you don't put your cat in the refrigerator. It's the same; it's alive. We are very afraid of getting sick with cheese. By the way, more French people die eating cheese than Americans die. But the priority is different; the logic of emotion is different. The French like the taste before safety. Americans want safety before the taste.

(via @pieratt)

Tags: cheese   Clotaire Rapaille   food

Watch as little girls show off their creativity and make their toys more innovative in this advertisement from toy creators Goldie Blox.  The company wants to put more engineering toys in the “pink aisles” of toy stores, and give little girls and boys the same options for toys that encourage creative thinking and problem solving as well as fun. The girls in the ad can be builders, thinkers, princesses, and tomboys in any combination they want, and Goldie Blox is giving them a toy with the adaptability to match. (via GoldieBlox on Youtube) Previously in Toys

• Vote to Get LEGO Female Scientists Minifigs Made
• Nerf Creates Merida Bows
• Hasbro’s Gender-Neutral Easy-Bake Oven

Are you following The Mary Sue on Twitter, Facebook, Tumblr, Pinterest, & Google +?