Brindle

Only weeks after making a deal with cargo company Air Transport Services Group (ATSG) to lease a fleet of 20 planes to use for shipping packages, Amazon is now a part owner of the company.

In a recent filing with the Securities and Exchange Commission, Amazon revealed that it was taking advantage of its option to acquire approximately 7.1 million shares of ATSG, giving the online retailer a 9.9% ownership stake in the company.

Being just a hair short of 10% ownership is important here, as Amazon would be entitled to a seat on the ATSG board at that point. Though that does seem inevitable, as Amazon’s arrangement with ATSG leaves open the door for the retailer to acquire a total of 1/5 of the company’s common stock.

While ATSG gets a $69 million cash shot in the arm with the investment, Amazon is getting ATSG shares at significantly less than they are currently worth. As of Friday, when the deal was announced, this stock was selling for a little more than $14/share, while Amazon paid $9.73.

[via the Seattle Times]

Perhaps this weekend’s 7-Eleven promotion where you can fill any sufficiently narrow container with Slurpee isn’t of interest to you because you would rather have your Wild Cherry-flavored sweetness in the form of a baked good. The convenience store chain is happy to indulge that very specific preference: they have a limited-time offering of a cherry-iced donut under the Slurpee brand.

The pastry is not served frozen, but does have pink speckles throughout the cake donut, and red frosting and sugar crystals on top meant to simulate the Wild Cherry Slurpee. The suggested price is 99 cents; it could cost more in some markets.

There is not, to our knowledge, a Wild Cherry flavored coffee to go along with the Slurpee, but anything could happen later on in this 50th anniversary year.

7-Eleven Offers New Slurpee Donut [Brand Eating]

Chelsea Manning has obtained her "Insider Threat" report from the US government through a FOIA request. It's published in full at The Guardian and it provides additional insight into this administration's war on whistleblowers. Set up in the wake of Manning's Wikileaks document dump, the "Insider Threat" program seeks to weed out future Mannings and Snowdens -- both of whom turned over documents to journalists and activists, rather than the nation's enemies. Manning, in an accompanying editorial, calls it a "blank check for surveillance." And it is.

The list of possible indicators is so broad as to cover nearly the entirety of the government's workforce -- not just those with security clearances.

(U)Insider Threat Motives

Greed or financial difficulties
Disgruntled or wants revenge
Ideology
Divided loyalties
Vulnerable to blackmail
Ego/Self-lmage
lngratiation
Family/personal issues

To be seen as a threat by the government, one only needs to experience the rigors of everyday life, like "financial difficulties" or "family issues." If a person's viewpoint is not totally aligned with the agency they work for, the person may be viewed as holding a hostile "ideology" and will likely be "disgruntled."

The document also has a list of indicators related to job functions. Any straying from the confines of the position could be viewed as threatening.

(U) Behavior Indicators

Interest in matters outside their scope of responsibilities.
lnappropriately seeks to obtain classified information on subjects not related to their work.
Downloads/transfers information without proper authorization or need via media devices or email.
Deliberate and unnecessarily copies of documents or media.
Works unusual times outside normal duty hours.
Unexplained affluences.
Engaged in suspicious personal contacts.
Unreported foreign contacts.
Overwhelmed by life crises and/or career disappointments.
Compulsive and destructive behavior.

The following page of the report shows this part of the Insider Threat program is specifically based on Chelsea Manning, as every single one of these items is listed under "PVT. Manning's Behavior Indicators." That includes the mysterious "Unexplained affluences," which continues to go unexplained in the detailing of Manning's behavior. (I would assume this refers to outward signs of wealth not supported by pay grade, but the report just tosses the ungainly wording into the list without specifying what it is, how it's determined, or how it applies to Manning.)

Somewhat comically, Manning's assigned shift is referred to as being "outside normal duty hours."

Works unusual times outside normal duty hours.

PVT Manning utilized his 12 hour shift from late evening (~7pm) until the morning (~7am) to conduct his illegal activity.

As The Guardian points out, documents obtained by Steven Aftergood of the Federation of American Scientists show over 100,000 government employees have already been targeted for insider threat surveillance. The program calls it "continuous evaluation," which is the government's innocuous terminology for surveillance of all activities, including those outside of work, like financial transactions, political affiliations and activism.

In total, the report does almost nothing to allay fears that the Insider Threat program will be used to hunt down whistleblowers. Manning's report indicates the government feels advocates for transparency ("promoted the ideology that all information should be public") and people who don't fit into binary gender confines ("[Manning] struggled with his self-image as a man when he wanted to be openly accepted as a female") should be subjected to pervasive surveillance by their own government.

The bottom line is that even if an employee is otherwise satisfied with their government employment, they still need to "fit in" with fellow employees, live a life mostly free of financial or personal stress, advocate only for their employer's official/unofficial positions and hopefully identify as straight male/female. Anything outside of these confines is asking for trouble. Whistleblowers don't even stand a chance.

Permalink | Comments | Email This Story

Let's start out with this story, which is graphically (and tragically) illustrative of the problem discussed later in this post.

A former police detective and Drug Enforcement Agency task force member committed suicide after being arrested for allegedly setting up drug sales involving substances seized by his department, WBNS-TV reported.

Authorities said 43-year-old Tye Downard hung himself inside his cell on Monday morning. The 20-year veteran officer for the Reynoldsburg Police Department had been arrested on Feb. 18 and charged with possession of drugs with the intent to distribute.

WSYX-TV reported that Downard made nearly $35,000 from the transactions leading up to his arrest. He faced up to 20 years in prison as a result of the charges against him, and nearly 50 cases in which he was involved will be reviewed.

The DEA seems very concerned about controlled substances. Internal control of these substances? Not so much. A recent Inspector General's audit found multiple problems with the DEA's handling of seized drugs, the most egregious of which appears to be this particular aspect.

We reviewed the DEA-6s for 250 exhibits to determine whether the gross weight of the exhibit was documented as required by the DEA Agents Manual. We found the gross weight was not listed on the DEA-6 for 128 of the 250 exhibits.

Over 50% of those audited had no weight listed. The New York office was the worst of those sampled, with 80% of its seized evidence paperwork missing this crucial element.


Considering the fact that sentencing is partially predicated on weight, you'd think the DEA would show more interest in maintaining an "unimpeachable chain of custody." Not so. The OIG spoke to DEA supervisors about this missing info and received a shrug, a post facto promise to fix, and a statement almost too stupid to be believed.

One manager provided no explanation, another stated that the missing weights were an oversight that would be corrected, and the third manager informed us that he was not aware of the requirement to document the gross weight of the exhibit.

Recording the weight is incredibly important. The above case -- where an untold amount of drugs simply "walked out" of DEA evidence rooms -- illustrates why the DEA must not only record this weight, but verify it periodically. But those in charge of maintaining the chain of custody seem less than concerned about their underlings' failure to do so. It's because of that attitude that a task force member was able to personally profit from the illegal sale of seized evidence.

The requirements established in the Agents Manual helps ensure the integrity of the exhibit for prosecution, minimize suspicions regarding the theft or loss of drugs during the seizure process, and provide a benchmark for future weight calculations.

The OIG recommends the DEA start doing the thing it should have been doing 100% of the time already. The DEA concurs and will presumably correct it at the speed of bureaucracy. The problem is that this is obviously a systemic issue that has gone unaddressed for years. This lax handling of evidence should call into question the amounts cited during prosecution, not to mention any statements in court regarding the integrity of the evidence it supplies.

Permalink | Comments | Email This Story

You had to know this was coming eventually, but the latest John Oliver main story was his take on the Apple v. FBI encryption fight. If you haven't seen it yet, here it is: Not surprisingly, Oliver's take is much clearer and much more accurate than many mainstream press reports on the issues in the case, appropriately mocking the many law enforcement officials who seem to think that, just because Apple employs smart engineers, they can somehow do the impossible and "safely" create a backdoor into an encrypted iPhone that won't have dangerous consequences. He even spends a bit of time reviewing the original Crypto Wars over the Clipper Chip and highlights cryptographer Matt Blaze's contribution in ending those wars by showing that the Clipper Chip could be hacked.

But the biggest contribution to the debate -- which I hope that people pay most attention to -- is the point that Oliver made in the end with his faux Apple commercial. Earlier in the piece, Oliver noted that this belief among law enforcement that Apple engineers can somehow magically do what they want is at least partially Apple's own fault, with its somewhat overstated marketing. So, Oliver's team made a "more realistic" Apple commercial which noted that Apple is constantly fighting security cracks and vulnerabilities and is consistently just half a step ahead of hackers with malicious intent (and, in many cases, half a step behind them).

This is the key point: Building secure products is very, very difficult and even the most secure products have security vulnerabilities in them that need to be constantly watched and patched. And what the government is doing here is not only asking Apple to not patch a security vulnerability that it has found, but actively forcing Apple to make a new vulnerability and then effectively forcing Apple to keep it open. For all the talk of how Apple can just create the backdoor just this once and throw it away, this more like asking Apple to set off a bomb that blows the back off all houses in a city, and then saying, "okay, just throw away the bomb after you set it off."

Hopefully, as in cases like net neutrality, Oliver's piece does it's job in informing the public what's really going on.

Permalink | Comments | Email This Story

We've written quite a few times about Polk County, Florida, Sheriff Grady Judd. You may recall him from the time he arrested two teenagers because they admitted to "bullying" another teen who committed suicide. Judd also promised to arrest the parents of both girls as well, stretching an already ridiculous understanding of the law to absolute breaking points (in fact all of the charges were dropped against the girls, because, all the talk of bullying was basically not true).

Judd also has made news for falsely arresting and then publicly shaming men, saying that they're "sexual predators" and parading them in front of the press, seizing their money and possessions and then "negotiating" to only give them back some of what they seized. Oh, and then there was the time that Judd used Craigslist to help arrest prostitutes... but then blamed Craigslist for the problem.

Judd certainly has a reputation for generating press attention by saying the most outrageous things, and he's keeping that up now, by holding a press conference to announce that if Apple CEO Tim Cook doesn't decrypt an iPhone for him, Judd will arrest Cook. Yeah, good luck with that plan.

"Let me tell you, the first time we do have trouble getting into a cell phone, we're going to seek a court order from Apple and when they deny us I'm going to go lock the CEO of Apple up," Judd said in a press conference Wednesday.

Another report of the press conference said that Judd followed this up, for emphasis, with: "I'll lock the rascal up."

Yeah, you see, that's not how the law actually works. And you'd think, as Sheriff, Judd should know that. But he doesn't. Or he does and he doesn't care. Neither of which is a good sign in a sheriff.

"You cannot create a business model to go, 'we're not paying attention to the federal judge or to the state judge, because we're above the law,'" Judd said.

Of course, that's not the issue at all. It's not about ignoring a judge, it's about building a secure product, and what kinds of things a court can or cannot force a company to do to the security of its products. No one is saying they're "above the law." Except, it seems, Sheriff Grady Judd, who thinks that he can put Apple's CEO in jail based on his own desires, rather than what the law actually says.

Permalink | Comments | Email This Story

It must be admitted that the Apple/FBI fight over iPhone encryption has had much more "outside the courtroom" drama than most cases -- what with both sides putting out their own blog posts and commenting publicly at length on various aspects. But things have been taken up a notch, it seems, with the latest. We wrote about the DOJ's crazy filing in the case, which is just chock full of incredibly misleading claims. Most of the time, when we call out misleading claims in lawsuits, the various parties stay quiet about it. But this one was apparently so crazy that Apple's General Counsel Bruce Sewell called a press conference where he just blasted the DOJ through and through. It's worth looking at his whole statement (highlights by me):

First, the tone of the brief reads like an indictment. We've all heard Director Comey and Attorney General Lynch thank Apple for its consistent help in working with law enforcement. Director Comey's own statement that "there are no demons here." Well, you certainly wouldn't conclude it from this brief. In 30 years of practice I don't think I've seen a legal brief that was more intended to smear the other side with false accusations and innuendo, and less intended to focus on the real merits of the case.

For the first time we see an allegation that Apple has deliberately made changes to block law enforcement requests for access. This should be deeply offensive to everyone that reads it. An unsupported, unsubstantiated effort to vilify Apple rather than confront the issues in the case.

Or the ridiculous section on China where an AUSA, an officer of the court, uses unidentified Internet sources to raise the spectre that Apple has a different and sinister relationship with China. Of course that is not true, and the speculation is based on no substance at all.

To do this in a brief before a magistrate judge just shows the desperation that the Department of Justice now feels. We would never respond in kind, but imagine Apple asking a court if the FBI could be trusted "because there is this real question about whether J. Edgar Hoover ordered the assassination of Kennedy — see ConspiracyTheory.com as our supporting evidence."

We add security features to protect our customers from hackers and criminals. And the FBI should be supporting us in this because it keeps everyone safe. To suggest otherwise is demeaning. It cheapens the debate and it tries to mask the real and serious issues. I can only conclude that the DoJ is so desperate at this point that it has thrown all decorum to the winds....

We know there are great people in the DoJ and the FBI. We work shoulder to shoulder with them all the time. That's why this cheap shot brief surprises us so much. We help when we're asked to. We're honest about what we can and cannot do. Let's at least treat one another with respect and get this case before the American people in a responsible way. We are going before court to exercise our legal rights. Everyone should beware because it seems like disagreeing with the Department of Justice means you must be evil and anti-American. Nothing could be further from the truth.

Somehow, I don't think Apple and the DOJ will be exchanging holiday cards this year. Apple's reply brief is due on Tuesday. I imagine it'll be an interesting weekend in Cupertino.

Permalink | Comments | Email This Story

Over at MAKE, Mike Senese comments on this stock photo of a “Beautiful Woman Soldering.” It's an unintentional "how many things are wrong in this picture?" puzzle.

Rather than holding the iron by its insulated handle, this woman is grabbing onto the heated element, which if turned on, would be at a bit over 600ºF. As much as any of us have wanted to choke up on our irons for more precise control, you would be dealing with nasty burns for quite some time if you were to grip your iron like this.

...

But the biggest irker of all is the photo’s title: “Beautiful woman repair soldering a printed circuit board.” I understand how marketing works, but I still lament that we continue to point out the physical attributes of a person doing an activity.

Image: Shutterstock

The wall separating "foreign" intelligence operations from domestic criminal investigations has finally, fully collapsed. The FBI is now acting on a rule change initiated by the Bush administration, and finally massaged into actionable policy by Obama: Now, FBI agents can query the NSA's database of Americans' international communications, collected without warrants pursuant to Section 702 of the 2008 FISA Amendments Act. That law put congress' stamp of approval on the Bush administration's warrantless wiretapping program, which was widely denounced as totalitarian when the New York Times' James Risen exposed it to the world in 2005. Remember when they told us this wouldn't be a slippery slope? Cute.

Last year, FBI Director James Comey floated a ridiculous idea that retweeting ISIS tweets could be seen as "material support" for terrorism. Indeed, an American teenager got sentenced to 11 years in jail for pro-ISIS tweets, with the "material support" being that some of those tweets linked to pages that taught people how to use Bitcoin. Some have taken this idea even further, and argued that internet companies can be slapped with "material support for terrorism" claims or charges if they let ISIS members or other terrorists make use of their services.

This is ridiculous for many, many reasons, not the least of which is that (like in the encryption debate) it seems to presume that there's some algorithm to magically determine who is good (not a terrorist) and who is bad (terrorist!). And just like ridiculous and impossible arguments for "kicking ISIS off the open web" -- it would be ridiculously counterproductive. Not only would it be ridiculously costly to internet companies, but it would actually take away a major source of intelligence about terrorist groups, since they often reveal useful things on social media.

But guess who's seriously thinking about looking to see if it's possible to slap "material support of terrorism" charges on internet companies? Why, it's a Senator who actually is supposed to be representing many of their interests as California companies, Senator Dianne Feinstein. Jenna McLaughlin, a national security reporter for The Intercept, noted that Feinstein floated the idea this week, as if Feinstein had just thought of it:

DiFi: have we tried slapping material support charges on companies for letting terrorists use their services?

— Jenna McLaughlin (@JennaMC_Laugh) March 9, 2016

We've already discussed how dumb an idea this is (even more so that it comes from a California Senator), but ACLU deputy legal director Jameel Jaffer had an excellent response as well, highlighting the sheer stupidity of Feinstein's suggestion:

I heard that terrorists use hotels, credit cards, and phones, too. We're going to need a lot of indictments. https://t.co/N6HsYIz2Tb

— Jameel Jaffer (@JameelJaffer) March 9, 2016

Permalink | Comments | Email This Story

Teens sexting can't be addressed by existing laws. Law enforcement -- which far too often chooses to involve itself in matters best left to parents -- bends child pornography laws to "fit" the crime. They often state they're only doing this to save kids from the harm that might result by further distribution of explicit photos. How exactly turning a teen into a child pornographer who must add his or herself to the sex offender registries is less harmful than the imagined outcomes cited by law enforcement is never explained.

Over in New Mexico, legislators are making an honest attempt to keep sexting teens from being treated like sex offenders. And it's law enforcement that's leading the opposition to the proposed changes. The bill would continue to uphold harsh penalties for actual child pornographers while decriminalizing sexting between teens.

The New Mexico Attorney General is having none of it, as Reason's Robby Soave reports:

"I cannot support an amendment that weakens protections for teenagers from predatory activity, creates a dangerous new child exploitation loophole, and places New Mexico's federal Internet Crimes Against Children Task Force funding in jeopardy,” said Attorney General Hector Balderas in a statement, according to the Alamogordo Daily News.

This statement is not only ridiculous, but it shows the AG is more interested in budget lines than the future of teens who do the sort of things teens are inevitably going to do. Balderas is explicitly stating that he's willing to sacrifice young lives in order to secure his task force's funding. That's just sickening. In Balderas' world, sexting teens are nothing more than a revenue stream.

As Soave points out, the legislation still contains harsh punishments for child pornographers and does nothing to create a "loophole" for accused offenders. What it would do is keep teens from being charged for exchanging explicit photos with their peers by carving out an exception for photos exchanged by teens ages 14-17.

There's nothing logical about applying sexual predator/child pornography laws in this way. But Balderas has helpfully explained why many law enforcement officials are more than happy to do exactly that. There's good money in chasing down child pornographers -- a criminal act reviled by a majority of their constituents. Anything that might jeopardize these funds -- like treating sexting teens as a disciplinary/educational problem rather than a criminal one -- is to be rejected out of hand.

Soave notes Balderas was so incensed by this threat to his funding that he and his staff walked out of the hearing in a show of outrageously stupid, callously self-centered solidarity. Balderas may want to play hardball with child pornographers, but he's also shown he's more than willing to fuck a few kids himself when there's money on the line.

Permalink | Comments | Email This Story

Support our crowdfunding campaign to help us keep covering stories like these! Blake Ross (boy genius Firefox founder and later Facebook product guy) has written a somewhat bizarre and meandering -- but totally worth reading -- article about the whole Apple v. FBI fight, entitled (believe it or not): Mr. Fart's Favorite Colors. There are a few very good points in there, about the nature of programming, security and the government (some of which even make that title make sense). But I'm going to skip over the farts and colors and even his really excellent description of the ridiculousness of TSA security theater in airports, and leap forward to a key point raised in the article, focused on airplane security, which presents a really good analogy for the iPhone encryption fight. He points out that the only thing that has truly helped stop another 9/11-style plane hijacking (as Bruce Schneier points out repeatedly) is not the TSA security theater, but reinforced, locked cockpit doors that make it impossible for people in the cabin to get into the cockpit.

However, Ross notes, there are scenarios in which those in the cockpit need to leave the cockpit (usually to use the bathroom), and therein lies an interesting security challenge for those designing the security of the planes. How do you let that pilot (or another crew member) back in, but not a bad guy? Here's the solution that airlines have come up with, as described by Ross (or you can read the NY Times version, which is a little drier):

1. When the pooping pilot wants to reenter the cockpit, he calls the flying pilot on the intercom to buzz him in.
2. If there’s no answer, the outside pilot enters an emergency keycode. If the flying pilot doesn’t deny the request within 30 seconds, the door unlocks.
3. The flying pilot can flip a switch to disable the emergency keypad for 5 to 20 minutes (repeatedly).

Like Asimov’s three laws, these checks and balances try to approximate safety while accounting for contingencies. If the flying pilot risked Delta’s gefilte fish and passed out, you want to make sure the other pilot can still re-enter. But add all the delays and overrides and backstops you want; you still have to make a fundamental decision. Who controls entry: the people on the inside, or the people on the outside?

Governments decided that allowing crew members to fully override the flying pilot using a key code would be insecure, since it would be too easy for that code to leak. Thus, there is nothing the outside pilot can do — whether electronically or violently — to open the door if the flying pilot is both conscious and malicious.

And as Ross notes, this is a pretty reasonable tradeoff in nearly all circumstances. It's quite difficult for someone bad to get in, and yet those in the cockpit can mostly be okay with leaving and getting back in even if a pilot remaining in the cockpit suddenly drops dead. But, there is still one scenario in which that security gets totally messed up -- and it's with Germanwings Flight 9525 almost a year ago, in which a mentally ill co-pilot locked the captain out of the cockpit and then deliberately crashed the plane into a mountain.

As Time Magazine noted, this is the tricky part of security systems: "sometimes it’s important to keep people out; sometimes it’s important to get inside."

And, of course, there's a little of that in the Apple v. FBI fight. The FBI is arguing that it's important to let people in, because 14 people died after a husband and wife killed 14 people and wounded more. But lots of other people are pointing out that there are much bigger security benefits in keeping people out. And that's why this is really a debate about "security v. security" rather than "security v. privacy."

Strong encryption on devices is like that locked cockpit door. Under most scenarios, it keeps people much safer. It's a useful and powerful security feature. But, yes, in some cases -- such as that of the suicidal Germanwings co-pilot -- it is less secure. And, there do seem to be ways to mitigate that kind of risk without harming the wider security (many airlines now require that even if someone leaves the cockpit, a second crew-member must be present in the cockpit). But, in the end, we look at the likelihood and probability of the need for such security solutions. And it's not hard to realize that, in the grand scheme of things, locking people out protects many, many, many more people from the rare instances of suicidal co-pilots (and or quasi-terrorist attacks).

And that's the real issue here. Strong encryption on our devices is much more likely to lead to much more protection and security for many more people than without such encryption. Nearly all of us are likely to be safer because of strong encryption. But, that might not include everyone. Yes, there will be some instances -- though likely few and far between -- where such encryption allows someone to secretly plan and (potentially) get away with some sort of heinous act. And it will be reasonable and expected that people will whine and complain about how the security feature got in the way of stopping that attack. But the likelihood of that is much, much smaller, than the very real possibility of attacks on weak phones affecting many of us.

Or, as Ross concludes (in a way that makes even more sense if you read the whole piece...):

Unfortunately it’s not that complicated, which means it’s not that simple. Unbreakable phones are coming. We’ll have to decide who controls the cockpit: The captain? Or the cabin? Either choice has problems, but — I’m sorry, Aunt Congress — you crash if you pick 2.

But when you have people like the technically ignorant San Bernardino District Attorney Michael Ramos insisting that he needs to be able to get into that iPhone, just recognize that he's arguing that we should unlock cockpit doors just in case there's a suicidal co-pilot in there, without recognizing how frequently such unlocked cockpit doors will be used by others who wish to do even more harm.

Support our crowdfunding campaign to help us keep covering stories like these!

Permalink | Comments | Email This Story

In an interesting move from Google, the Mountain View tech giant has just hired the founder of 4chan, Chris Poole (aka "Moot"). It wasn't immediately clear what his position will be, Google+ co-founder Bradley Horowitz tweeted he was excited to have him join the team.

As Techdirt reported recently, the controversial "right to be forgotten" -- actually more of a right to be de-linked in search engines -- is starting to spread around the world. But its spiritual home is definitely in Europe, where privacy concerns tend to outweigh other considerations, like freedom of speech, that are regarded as paramount elsewhere -- in the US, for example. Leading the charge in the EU is France, which has been pushing Google to de-link items even more widely. According to a report in The Telegraph, France's zeal in protecting everyone's privacy may turn out to have some rather unexpected consequences:

Under France's stringent privacy laws, parents could face penalties as severe as a year in prison and a fine of €45,000 [about $49,000] if convicted of publicising intimate details of the private lives of others -- including their children -- without their consent.

As if that weren't enough, French parents may also find themselves being sued by their own offspring for posting all those cute pictures of them when they were babies:

Eric Delcroix, an expert on internet law and ethics, said: "In a few years, children could easily take their parents to court for publishing photos of them when they were younger."

Grown-ups who sue their parents for breaching their right to privacy as children could obtain substantial compensation awards, according to French legal experts.

Leaving aside the question of whether it's really appropriate for children to sue their own parents for this kind of thing, there is another important point here: the fact that people are posting intimate pictures of their family life online with no thought for the immediate or long-term consequences. There's little awareness that once something has been disseminated online it's very hard to remove it afterwards. The good news is that Facebook, at least, is aware of the problem, and working on a possible solution:

Jay Parikh, a vice-president of Facebook, said the service was considering setting up a system to notify parents who put photographs of children online without restricting their privacy settings.

Mr Parikh said: "If I was putting online a photo of my kids playing in the park, and I accidentally shared it with everyone, the system could say: "Hey, wait a minute, this is a picture of your children. Usually you only send them to members of your family. Are you sure you want to do this?' "

Even here, of course, there are issues to do with Facebook's use of facial recognition capabilities, which would presumably be needed in order to provide this new system. But a gentle reminder that posting pictures of your children for all the world to see might not be a really wise idea -- just before you publish -- seems like a reasonable approach. It's certainly better than fining you, suing you or throwing you in prison afterwards, when nothing can be done about it.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Permalink | Comments | Email This Story

This is the Smart Rope, a jump rope with 23 LEDs embedded in the middle of the rope that light up in front of you to display your current jump count while you're roping. Alternatively, do things the old fashioned way and count in your head. Or out loud -- I won't make fun of you provided 1. you don't get your numbers and letters confused and 2. you don't cheat and skip a bunch of numbers to make everybody think you're a better jump roper than you really are. The Smart Rope can also be paired with a smart phone to keep track of calories burned and other fitness stats. It also costs $90, making it the first jump rope anybody will care if they lose. Keep going for a video demonstration before leaving a comment that Skip-Its had this technology 20 years ago. Thanks to Slippy, who's too afraid to jump rope anymore after the Double Dutch Disaster of 09'.

Last year you'll recall Verizon Wireless found itself in hot water after being caught modifying user packets to insert stealth tracking technology. By embedding each packet with a unique identifier traffic header, or X-UIDH. Verizon and its marketing partners were not only able to ignore user browser preferences and track their behavior around the Internet, they were then able to use this technology to build detailed user profiles. Verizon Wireless launched and operated the technology for two years before security researchers even noticed the program, and it required another six months of public pressure for Verizon to even offer an opt-out option.

According to the FCC's full press announcement (pdf), the fairly measly $1.35 million settlement doesn't stop the program, which likely won't please many privacy advocates. Verizon Wireless will however need to transparently notify users of the system and get their explicit opt-in (a rare dinosaur in online tracking rules) consent before sharing any of this data with third parties. The FCC is quick to highlight how Verizon previously proclaimed the technology couldn't be abused by third parties to build detailed profiles of users -- right before it was.

The FCC's full order (pdf) indicates that the regulator is leaning heavily on both the transparency requirement embedded in the FCC's net neutrality rules, and the agency's authority under Title II of the Communications Act to enforce the settlement:

"Section 222 of the Communications Act imposes a duty on carriers to protect their customers’ proprietary information and use such information only for authorized purposes. It also expressly prohibits carriers that obtain proprietary information from other carriers for the provision of telecommunications services to use such information for any other purpose. Section 8.3 of the Commission’s rules, known as the Open Internet Transparency Rule, requires every fixed and mobile broadband Internet access provider to publicly disclose accurate information regarding the network management practices, performance, and commercial terms of its broadband Internet access services sufficient for consumers to make informed choices regarding use of such services and for content, application, service, and device providers to develop, market, and maintain Internet offerings."

When the FCC reclassified ISPs as common carriers under Title II, ISPs became subject to Title II’s Section 222 privacy protections regarding "customer proprietary network information" (CPNI). That portion of Title II was written specifically for phone companies, so the FCC is planning (prompted in large part by Verizon's behavior) to update the CPNI rules to create new broadband consumer privacy protections. While the FCC politely lauds Verizon's cooperation in the investigation, these kinds of consumer protections are precisely what Verizon was trying to stop when it sued to cripple net neutrality (both in 2010 and again last year).

Granted Verizon could have easily avoided the new privacy rules. It has argued for years that tougher privacy protections for broadband weren't necessary because the industry could self-regulate. And regulators appeared to buy that claim for a while. But Verizon's decision to covertly fiddle with packets and track tens of millions of customers without bothering to tell any of them indicates just how well that plan actually worked in practice.

Permalink | Comments | Email This Story

Okay, this is just getting silly now. A bunch of reactionary French politicians have voted to put tech execs in jail if they refuse to decrypt data for criminal investigations:

The controversial amendment, drafted by the rightwing opposition, stipulates that a private company which refuses to hand over encrypted data to an investigating authority would face up to five years in jail and a €350,000 (£270,000) fine.

Telecoms operating companies would be liable to lesser penalties but would still face up to two years in jail.

Of course, this comes at the same time that basically the entire tech industry is rallying in support of Apple's stance of refusing to hack into its own systems to remove security features and make it easier to decrypt data. And it's coming right as the world was ridiculing Brazil for arresting (and then releasing) a Facebook exec for refusing to hand over data from subsidiary Whatsapp.

This kind of move is so stupid on so many levels that it defies any kind of logic. It's bad for security, because weak encryption puts us all at much greater risk than the threat of terrorists or criminals using encryption (in part, because this kind of thing won't stop them from using secure encryption, and in part because those threats are very low probability risks). It's also bad for the economy, because you've just given a ton of important tech companies every reason in the world to no longer operate in France due to such a ridiculous law that may put execs in jail. It's bad for the public in that it will mean less secure services and devices that put them at risk, while also potentially cutting off more innovative and useful products and services.

This is the kind of kneejerk reaction from people who are too ignorant and too scared to understand the actual technology and the actual issues at stake. Why do citizens in these countries continue to allow ignorant scared people to make such blatantly bad rules?

Permalink | Comments | Email This Story

Nothing quite tells the public to mind its own business like attaching a ridiculous fee demand to an FOIA response. It's pretty easy to price the public out of the transparency market, seeing as it doesn't have access to the monetary resources its tax dollars are paying for.

We've covered a few of the more ridiculous FOIA fee demands here at Techdirt, like:

The City of Ferguson charging $135/hour for FOIA response work -- a rate roughly 10 times the hourly wage of entry-level city clerk's office employees.

The City of McKinney telling Gawker emails related to a police misconduct investigation would run 9,000 hours and cost $79,000.

The Florida State's Attorney's Office demanding $180,000 to turn over records on a questionable suicide.

The FBI telling MuckRock that it would cost $270,000 to respond to an FOIA request about Booz Allen -- and that's with an electronic file "discount" of over $6,000 applied.

MuckRock has now topped that last number… exponentially. Martin Peck's FOIA request for information on the Dept. of Defense's use of "HotPlug" systems (a portable power pack that keeps seized devices from powering down) has resulted in an FOIA fee estimate exceeding a half-billion dollars.

Mr. Robert R. Jarrett, Director of Operations, Defense Procurement Acquisition Policy, and a FOIA Initial Denial Authority, stated that it is possible that contracts that acquired the requested items are present in the Electronic Documents Access (EDA) system; however, there are more than 30 million contracts in EDA, consisting of more than 45 million documents. No method exists for a complete text search of EDA, as some documents are scans of paper copies. The estimated time required to perform the necessary redactions of proprietary data, assuming 20 minutes per document, is estimated to be 15 million labor hours at an estimated cost of $660 million.

While this amount may be couch change for the DoD (0.1% of its $573 billion budget), it's ridiculously out of reach for any US citizen without billions of dollars to their name. Then there's the question of feasibility. Even if every man, woman and child in America tossed MuckRock a couple of bucks to push this request forward, the estimate of 15 million labor hours suggests the DoD will never fulfill it. If the DoD throws 30 people at the problem 24 hours a day without a day off, Peck still shouldn't expect a response until 2073 at the earliest.

This astronomical estimate says two things about the DoD, though. One, it apparently uses these forensic devices frequently enough that searching for responsive documents will be a massive undertaking. Two, it says the Electronic Document Access system is not nearly as useful as its name would suggest, what with document scans not being searchable. This is a government-wide problem and one that no one's too interested in fixing.

Many FOIA responses contain documents scanned at skewed angles using the worst hard copy available. It happens often enough that it almost appears the government is seeking to maintain a level of obfuscation while still paying lip service to transparency. Sure, a released document is better than no response at all, but the insistence on releasing documents capable of defeating OCR software prevents collation of similar documents and thwarts search efforts for relevant info -- both on the government's end and the public's.

This decision will be appealed and the request narrowed significantly, but I imagine the DoD's database will continue to thwart both its FOIA response team and requesters like Peck, for years to come.

Permalink | Comments | Email This Story

Global terrorism has accomplished one thing: the continual generation of stupid legislation. Add some panicked law enforcement voices to the mix and some lawmaker is going to feel compelled to throw a Kneejerk Convention.

Legislators on both coasts are pushing a ban on the sale of encrypted phones. And now this, as reported by Zack Whittaker of ZDNet.

Republican lawmaker Rep. David Jolly (R-FL, 13th) has introduced a bill that would ban Apple products across government.

Jolly said the legislative effort was in protest of the company's refusal to help federal agents unlock an iPhone belonging to one of the San Bernardino terrorists.

Jolly, it must be said, is the paragon of efficient stupidity.

The bill, dubbed the "No Taxpayer Support for Apple Act," or HR 4663, is just 11 lines long.

Here's the official wording.

No agency or other entity within the executive, legislative, or judicial branch of the Federal Government may purchase any product manufactured by, licensed by, or otherwise sold under the trademark of Apple Inc. of 1 Infinite Loop, Cupertino, California (hereafter referred to “Apple”) until a court of Federal jurisdiction certifies that Apple has provided the Federal Government with the technical support necessary to access encrypted information sought by a judicial warrant that may be materially relevant to the investigation of commission of terrorism.

This would be a boon for Apple's competitors, except for the fact that they've all backed Apple in its fight against the FBI. Is Rep. Jolly going to be happy that the lesser of two evils has supplanted Apple's government marketshare, or will he be amending this to encompass the companies who have shown support for Apple's material support for terrorism refusal to assist the FBI in setting a dangerous precedent?

I sincerely hope he does go that route. Because if he does, government agencies will not only be locked out (irony!) of purchasing Apple devices, but they won't be able to use Android or Microsoft devices either.

Agencies might have to move towards a more paperful office, what with a variety of tech companies expressing their support for Apple. Government employees will also find themselves without an internet browser option -- which will probably be fine as Reddit, Twitter and Facebook would all be on Jolly's "enemies of the state" list. Perhaps the elimination of unproductive web surfing will make up for efficiency loss resulting from the lack of an email or cloud storage options.

But perhaps the most hilarious thing about Jolly's dumbass proposal is his statement in support of it.

“Taxpayers should not be subsidizing a company that refuses to cooperate in a terror investigation that left 14 Americans dead on American soil,” Jolly said.

While we've often noted the FBI's over-zealousness when it comes to terrorism investigations, we honestly had no idea it had gotten this far out of hand. Apparently, the FBI has already killed 14 Americans during its investigation of the San Bernardino shooting. How many more will it have to kill before this investigation is concluded? If Apple's swift compliance can prevent the FBI from killing more people, perhaps it's time to reconsider its stance.

Permalink | Comments | Email This Story

There's been lots of press coverage over the fact that basically a ton of organizations and experts have filed amicus briefs in support of Apple in its legal fight with the FBI/DOJ -- and we'll have a post on that shortly -- but on the flip side, the District Attorney for San Bernardino Country, hilariously arguing that he represents "the people of California" as his client, has filed one of the nuttiest amicus briefs you'll see in favor of the FBI. The full brief application to file a brief is incredibly short and basically makes no actual legal argument pertaining to the actual questions in the case, involving the power of the All Writs Act, or the necessity of Apple's involvement. Instead, it tosses out two insane reasons why it's necessary to get into this phone -- which, again, is the work iPhone of Syed Farook (the DA spells it Sayed) -- both of which are speculative in the extreme:

1. Initial reports suggested there were three shooters, instead of two. And even though that was later discounted by basically everyone, perhaps this one phone will reveal a third shooter.
2. Perhaps the phone has some sort of mythical cyber weapon that could wreak havoc on the world.

Really. Here are the key paragraphs from the amicus brief:

At the time that the murders were being perpetrated at least two 911 calls to the San Bernardino Police Dispatch center reported the involvement of three perpetrators. Although the reports of three individuals were not corroborated, and may ultimately be incorrect, the fact remains, that the information contained solely on the seized iPhone could provide evidence to identify as of yet unknown co-conspirators who would be prosecuted for murder and attempted murder in San Bernardino County by the District Attorney.

The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized IPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino County's infrastructure, a violation of Cal. Penal Code §502 (Lexis 2016) and poses a continuing threat to the citizens of San Bernardino County.

What?!? On that first point, as detailed in On the Media's wonderful "Breaking News Consumer Handbook," when it comes to active shooter situations, there will almost always be a false report of more shooters than their actually are. On the second point... just wow. San Bernardino County District Attorney Michael Ramos is apparently now making up shit out of thin air. Aren't law enforcement searches supposed to involve "probable cause" rather than "um... what's the scariest computery thing I could think of based on what I've seen in TV and movies?"

As iPhone forensics expert Jonathan Zdziarski told Dave Kravets at Ars Technica, this is the equivalent of the idea that a "magical unicorn might exist on this phone." He also noted "the world has never seen what he is describing coming from an iPhone." And also:

It sounds like he’s making up these terms as he goes. We've never used these terms in computer science. I think what he’s trying to suggest is that Farook was somehow working with someone to install a program on the iPhone that would infect the local network with some kind of virus or worm or something along those lines. Anything is possible, right? Do they have any evidence whatsoever to show there is any kind of cyber pathogen on the network or any logs or network captures to show that Farook's phone tried to introduce some unauthorized code into the system?

Security researchers are now cracking all kinds of jokes about this:

Cyber pathogens are so unspeakably dangerous that the open research community has wisely never published a single paper about them.

— matt blaze (@mattblaze) March 4, 2016

When the security world is making jokes about your legal filing, perhaps it wasn't a good idea.

Of course, it should also be noted that this is not actually the first time San Bernardino County DA Michael Ramos has been mentioned here on Techdirt. Last year he was blathering on about charging drone operators for murder for flying drones near wildfires. One would hope that magistrate judge Sheri Pym knows better than to give any weight to an argument that is based on magic pixie dust fantasy-land arguments.

Permalink | Comments | Email This Story

For a few years now, the city of Portland and the state of Oregon have been jumping through hoops to try and make Portland as attractive as possible for Google Fiber. That has involved rewriting city ordinances so that Google can place its utility cabinets along public rights of way, something previously banned in the city.

But the state of Oregon also notably reworked state tax law to provide Google with significant tax breaks. But the effort turned into a comedy of errors after initial rewrites technically disqualified Google Fiber (the revision said companies only qualified for tax breaks if they offered broadband speeds of at least 1 Gbps, while Google offers speeds "up to" 1 Gbps). But after several years of back and forth, the state this week moved to finalize the changes and craft a special Google Fiber loophole:

"An unusual Oregon tax may be the major factor that delayed the company's Portland rollout. The Oregon Supreme Court ruled in 2014 that cable TV and Internet companies are subject to "central assessment," a rare practice dating to the 19th Century that levies property taxes based partly on the value of certain companies' brands. Applying the tax to Google would have added millions of dollars – perhaps tens of millions of dollars – to its annual operating costs, and the company threatened to drop its Portland plans if Oregon lawmakers didn't exempt it from the tax."

But while Google Fiber has yet to even start construction, Comcast has already rushed in to nab the tax incentives. You see, Comcast offers something it calls "Gigabit Pro," a two gigabit per second service it has been offering to select areas since last year. The service promises 2 Gbps fiber to housing developments and other easy-to-wire locations, though the availability of the offering has been murkily defined at best. It's also aggressively expensive: in contrast to Google's $70 1 Gbps offering, Comcast's Gigabit Pro costs $300 a month, plus $1000 in installation and activation fees (and a $1000 ETF for good measure).

Ironically, Comcast has been trying to get out of paying Oregon's central assessment tax for years, only to be defeated before the Oregon Supreme Court in 2014. But thanks to the city and state tripping over themselves to please Google Fiber, Comcast gets a major tax break while the state takes a notable income hit:

"If the application is approved, schools, libraries and local governments across the state would receive significantly less revenue," wrote Mary Beth Henry, director of Portland's Office of Community Technology, in a letter to state regulators. "This application was not the kind anticipated by the Legislature."

Comcast, in other words, is now enjoying rich new tax breaks despite offering a service four times more expensive than Google Fiber -- which few people in Oregon will actually be able to afford. And while few people actually like Comcast or its business practices, it's hard to fully fault the company for simply taking advantage of law rewrites the state of Oregon apparently didn't fully think through.

Permalink | Comments | Email This Story

Congressional hearings involving law enforcement and intelligence folks tend to be fawning affairs, with most of Congress willing to accept whatever these guys have to say. Sure, you'll always have a few people critical of certain aspects, but generally speaking, Congress is especially friendly to the FBI, NSA, CIA, etc. So it must have come as a bit of a shock to FBI Director James Comey that during a long House Judiciary Committee hearing yesterday, they seemed pretty pissed off at Comey's belief that the courts should force Apple to help him open up encrypted iPhones.

One judiciary member questioned how the FBI managed to mess up so badly during the San Bernardino investigation and reset the shooter’s password, which is what kicked this whole controversy and court case in motion in the first place. And if the case was such an emergency, why did they wait 50 days to go to court? Another member questioned what happens when China inevitably asks for the same extraordinary powers the FBI is demanding now. Others questioned whether the FBI had really used all the resources available to break into the phone without Apple’s help. For example, why hasn’t the FBI attempted to get the NSA’s help to get into the phone, since hacking is their job?

[....]

More than anything, though, the members of Congress expressed anger that the FBI director didn’t follow through earlier on his stated intention to engage in a debate in Congress and the public about the proper role for encryption in society. Instead, he decided to circumvent that debate altogether and quietly go to court to get a judge to do what the legislative branch has so far refused to do.

In some cases, they directly called out Comey for appearing to use the San Bernardino tragedy for political purposes:

“I would be deeply disappointed if it turns out the government is found to be exploiting a national tragedy to pursue a change in the law,” Rep. John Conyers (D-MI) told Comey.

[....]

“But what concerns me, Mr. Chairman, is that in the middle of an ongoing Congressional debate on this subject, the Federal Bureau of Investigation would ask a federal magistrate to give them the special access to secure products that this committee, this Congress, and the administration have so far refused to provide,” he said. “Why has the government taken this step and forced this issue?”

He went on to speculate that the reason could be found in an email from “a senior lawyer in the intelligence community,” obtained and published in part by the Washington Post in September 2015. The email said that the “the legislative environment [with respect to mandating backdoors] is very hostile today,” but that “it could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement.”

“I’m deeply concerned by this cynical mindset,” said Conyers, implying that the Department of Justice and the FBI might be exploiting the San Bernardino attacks in order to mandate backdoors.

To be fair, contrary to what some articles are saying, this is not the first time Congress has been skeptical about the FBI's view on the encryption wars. A little less than a year ago, a hearing set up by a different committee, the House Oversight Committee included some similar points with Congressional reps being quite skeptical of the claims by law enforcement about the need for encryption backdoors. However, the drumbeat from Congress appears to be getting louder -- and that's a good thing.

Of course, some of the annoyance from Congress appears to just be about who gets to decide what happens here. That is, some of the anger seemed to be over the DOJ's decision to rush to the judicial branch, rather than let the legislative branch figure out what it wants to do. However, there's definitely a clear (and, amazingly, bipartisan) group of folks in Congress who recognize that the FBI's arguments about how it "needs" this information is a bunch of hogwash.

Permalink | Comments | Email This Story

We’re honored to announce that Zimperium’s Mobile Threat Protection solution won Cyber Defense Magazine’s award for ‘Best in Breed’ in Mobile Endpoint Security Solutions. Leading independent information security experts selected Zimperium as a winner after months of careful review and will be recognizing our solution at the RSA Conference in San Francisco as well as in the annual edition of Cyber Defense Magazine’s Infosec Innovators of 2016 listing.

CDM’s recognition validates Zimperium’s tireless commitment to protecting enterprises from today’s advanced mobile threats. Judging ended in January, but now our award-winning product is even better with the recent launch of our 3.0 Mobile Threat Protection suite. We are now the first ever to offer a mobile threat management platform that delivers continuous and real-time cyberthreat protection for both mobile devices and applications.

 

Here’s the breakdown of our new product suite:

• zIAP: In-App Protection SDK to identify threats and apply immediate risk mitigation actions for devices under attack.
• zIPS: Revolutionary on-device technology continuously monitors the whole mobile device for malicious behaviors and detects known and unknown threats in real time.

Our underlying threat management console, zConsole, now offers a newly refreshed interface and a new organization-wide vulnerability risk management capability as well.

“We’re thrilled to recognize next-generation innovation in the information security marketplace and that’s why Zimperium has earned this award from Cyber Defense Magazine,” said Pierluigi Paganini, Editor-in-Chief, Cyber Defense Magazine. “Some of the best INFOSEC defenses come from these kinds of forward thinking players who think outside of the box.”

 

Williams Lake, British Columbia apparently has a bit of a crime problem. According to CTV News, it consistently ranks towards the top end of the violent crime charts for communities of its size. Early last week, the Royal Canadian Mounted Police released a video of a man pulling a gun on a Williams Lake resident and stealing his bike.

The city council has now sprung into action. It has a solution -- one that has received unanimous support from council members. It's a dystopian sci-fi solution with the emphasis on the "fi" part.

Williams Lake city council voted unanimously on Tuesday on a proposal to inject high-risk offenders with a GPS tracking device.

"Whether they’re walking downtown, whether they’re having a bath, whether they’re having dinner, we don’t care. We want to know where they are and what they’re doing," Williams Lake Coun. Scott Nelson, who introduced the motion, told CTV Vancouver.

The use of monitoring devices to track the movement of "high-risk" criminals is nothing new. Here in the US, ankle bracelets are used to track parolees and the Seventh Circuit Court of Appeals -- somewhat in opposition of a 2015 Supreme Court ruling -- declared that lifetime monitoring of sex offenders is perfectly constitutional.

Canada's constitutional requirements may be bit different, but there's nothing particularly unusual about monitoring the movements of recently-released felons. Lifetime monitoring may be asking a bit much, but the underlying concept is not new.

The problem with the Williams Lake Solution is that what the council wants it can't actually have… at least not at this point.

Despite Nelson and the rest of the Williams Lake council's hopes, the proposed technology doesn't appear to exist.

Radio frequency implants, a type of microchips, have been implanted in pets but they only contain data, not the ability to provide a tracking ability.

Biohackers have recently been able to install microchips in humans, roughly the size of two grains of rice, but they only contain personal identification details.

The B.C. government says it's unaware of the technology desperately wanted by city officials.

So, never mind the constitutional questions. This tracking simply can't be done, at least not in the manner city officials unanimously believe it can. But fearful times call for fearful measures, as council member Scott Nelson so aptly -- and somewhat ironically -- explains:

"Prolific offenders are in every community across British Columbia, and the biggest problem we’ve got in Williams Lake is that they’re putting fear into people," Nelson said.

Someone's definitely "putting fear into people" and I don't think it's just the criminals. Wanting to know where a person is at all times on the off chance that they might commit a crime is no way to solve this problem. There are numerous other approaches that should be explored before the city starts injecting tracking devices into people using guidelines developed by the same people who unanimously voted to utilize technology that doesn't exist.

Permalink | Comments | Email This Story

Courtesy of Harold Pollack

In 2013, University of Chicago professor Harold Pollack offhandedly mentioned that the best money advice fits on a three-by-five inch index card while interviewing financial journalist and author Helaine Olen on The Reality-Based Community blog.

A commenter, Alex M, asked for the actual index card.

Although he was originally speaking in metaphor, to prove his point, Pollack grabbed a pen and four-by-six inch note card, and scribbled the basic financial rules he'd been following the past decade.

Pollack's next blog post, titled "Advice to Alex M," included a picture of the card. It quickly went viral.

Economist Sendhil Mullainathan tweeted the card out. So did top economist Justin Wolfers. Vanguard mentioned the card on its blog. "Pollack's right," wrote Ezra Klein in the Washington Post. "Follow these principles and you'll be in much, much, much better shape than most Americans — or most anyone."

Unlike the majority of money advice out there, Pollack's index card simplifies things, and is based on his personal experience of turning around his and his wife's financial situation.

"Through trial and error, conversations with friends and other academics, I slowly pieced together a new financial regimen," Pollack writes in "The Index Card," the book he and Olen co-authored. "Some was common sense. Some involved teaching myself insights that were actually well known to financial economists but under emphasized in the cacophony put out by the financial services industry. The most important advice was embarrassingly simple."

Here's the original card, which Pollack drafted up in three minutes:

Courtesy of Harold Pollack

The card reads:

1. Max your 401(k) or equivalent employee contribution.

2. Buy inexpensive, well-diversified mutual funds such as Vanguard Target 20XX funds.

3. Never buy or sell an individual security. The person on the other side of the table knows more than you do about this stuff.

4. Save 20% of your money. (In "The Index Card," Pollack and Olen altered this to "10% t0 20%").

5. Pay your credit card balance in full every month.

6. Maximize tax-advantaged savings vehicles like Roth, SEP, and 529 accounts.

7. Pay attention to fees. Avoid actively managed funds.

8. Make financial advisers commit to a fiduciary standard.

9. Promote social insurance programs to help people when things go wrong.

NOW WATCH: This couple ditched their 9 to 5 jobs to make a living traveling the world

Late last night, the NY Times broke a very troubling story. Rather than finally putting an end to Executive Order 12333, it appears that President Obama is going to expand the power of it in dangerous ways. We've written about EO 12333 a bunch of times, but for those of you unfamiliar with it, it's an executive order signed by President Reagan that basically gave the NSA pretty free rein to collect signals intelligence outside of the US. Because it's not (technically) about domestic surveillance, what the NSA does under EO 12333 is not subject to Congressional oversight. That is, Congress is mostly as much in the dark as everyone else is on what the NSA is doing overseas. And, as former State Department official John Napier Tye revealed a couple of years ago, for all the talk of domestic surveillance programs revealed by Ed Snowden, the NSA's real power comes almost entirely from 12333.

And it has no limitations. Napier noted that the other programs -- things like Section 215 (now morphed into whatever the USA FREEDOM Act allows) and Section 702 -- were merely used to "fill in the gaps" not covered by 12333.

And it almost certainly involves both foreign and domestic intelligence. Basically, if any of your data goes outside of US boundaries, the NSA is free to capture it under 12333. Remember those stories of the NSA hacking into datacenters of companies like Google, Yahoo and Microsoft? Those datacenters were in Singapore. And the reason the target was Singapore rather than the US, was because of 12333.

Meanwhile, the NSA likes to insist that it respects the privacy of Americans thanks to its vast minimization program that is supposed to dump inappropriate data on Americans, or in stripping out private information when sharing data with other agencies.

But apparently that's going away. Instead, the White House has plans to let the NSA share data collected under 12333 with other government agencies without any minimization. Basically, whatever the NSA collects overseas might now be freely available to the FBI or Homeland Security or the IRS or the DEA. Doesn't that seem at least somewhat problematic? From the NY Times:

The Obama administration is on the verge of permitting the National Security Agency to share more of the private communications it intercepts with other American intelligence agencies without first applying any privacy protections to them, according to officials familiar with the deliberations.

The change would relax longstanding restrictions on access to the contents of the phone calls and email the security agency vacuums up around the world, including bulk collection of satellite transmissions, communications between foreigners as they cross network switches in the United States, and messages acquired overseas or provided by allies.

The idea is to let more experts across American intelligence gain direct access to unprocessed information, increasing the chances that they will recognize any possible nuggets of value. That also means more officials will be looking at private messages — not only foreigners’ phone calls and emails that have not yet had irrelevant personal information screened out, but also communications to, from, or about Americans that the N.S.A.’s foreign intelligence programs swept in incidentally.

This is crazy. For all the talk of the NSA having access to all of this information, and even a fair number of reports of NSA staff "abuse" of their access to data, in general, the NSA certainly has a reputation for being serious about not allowing any abuse of the data. Other agencies? Not so much. The FBI, CIA, DEA and ATF, for example, have long and colorful histories of abusing data to harass and intimidate people. Giving them much wider access to whatever the NSA slurps up overseas, and then trusting those agencies to handle "minimization" (as is the apparent plan) is downright frightening.

And despite this massive change, the public won't get to weigh in. Instead:

Intelligence officials began working in 2009 on how the technical system and rules would work, Mr. Litt said, eventually consulting the Defense and Justice Departments. This month, the administration briefed the Privacy and Civil Liberties Oversight Board, an independent five-member watchdog panel, seeking input. Before they go into effect, they must be approved by James R. Clapper, the intelligence director; Loretta E. Lynch, the attorney general; and Ashton B. Carter, the defense secretary.

Oh sure. They just need approval from the folks who will benefit most from all of this, and no real discussion with the public who will be impacted by it. What a surprise...

Permalink | Comments | Email This Story

Here's quite a scoop from Joe Mullin over at Ars Technica. Apparently, Disney is getting a bit desperate on the whole TPP thing. The company, which has been having a rough go of things because of the next generation not giving a shit about ESPN, decided to take things up a notch. CEO Bob Iger apparently emailed Disney employees asking them to contribute to DisneyPAC, specifically to help Disney pay for lobbyists to push the TPP across the finish line. They even made it so easy that employees can donate directly from their payroll. Here's the letter, with some commentary (how can I resist?):

As we head into the election year of 2016, the electorate faces significant decisions about the direction of our Nation's future. Besides choosing a new president, we will once again be electing new senators and representatives. These decisions will have a profound impact on the lives of all Americans. The election will also impact issues that affect our company. As such, we will continue to work with our representatives in Congress to ensure that they understand our perspective on critical issues like trade, intellectual property, tax, and travel policies. I write to urge you to consider supporting the Company's efforts through a contribution to DisneyPAC. A well funded DisneyPAC is an important tool in our efforts to maintain our positive profile in Washington.

We're a big giant company, and as such, we've stopped innovating. So we need to keep friends in Washington to protect us from innovation and competition. Please consider taking your hard earned money and giving it to us so we can keep doing that kind of thing.

In the past year, we successfully advocated the Company's position on a number of issues that have a significant impact on our business. We played a major role in ensuring that the "Trade Promotion Authority" legislation set high standards for intellectual property (IP) provisions in our trade negotiations, and we helped get that bill through Congress. We used that language in TPA to advocate successfully for a strong IP chapter in the Trans-Pacific Partnership (TPP) trade negotiations. We also pushed for provisions to promote digital trade and to reduce barriers in media and entertainment sectors. TPP will establish a strong baseline of protection for intellectual property while breaking down trade barriers in the Asia Pacific region. In both TPA and TPP we had to overcome significant efforts to weaken respect for IP, pushed not only by foreign governments but also from within our own Congress and the Administration.

Have you heard about the TPP? It was negotiated in backrooms by special interests -- but good news -- we're one of the big special interests! So we helped craft it and it's got all sorts of goodies for us. Not the public, of course. Or even you workers. But it's really awesome for Disney bosses.

The fight on these issues is far from over. Last year we spent significant time and effort engaged in a series of government reviews of the state of copyright law in the digital environment.

By the way, did we mention that 18 years ago we successfully extended copyright 20 years to keep Mickey Mouse from reaching the public domain, and we have two years left to do it again. Think of the Mouse, Disney employees. Think of the mouse!

We also continued to defend our right to be compensated for carriage of our programming by cable and satellite carriers as well as by emerging "over-the-top" services. With the support of the US Government we achieved a win in the Supreme Court against Aereo—an Internet service claiming the right to retransmit our broadcast signals without paying copyright or retransmission consent fees. With respect to tax issues, Congress extended certain provisions that provide favorable tax treatment for film and television production in the US. It also extended this treatment to live theatrical productions. Last year we also worked closely with the Administration on important veterans employment issues—an issue of critical importance for the men and women who defend our country and an area in which our company is proud to play a leadership role.

Yes, thanks to our efforts, we were able to destroy innovative technologies that consumers really liked! And now we're losing customers who are ditching cable. But rather than help us innovate, please contribute more money so that we can shut down other new innovations. Because we're Disney and thwarting innovation is just what we do these days.

In the coming year, we expect Congress and the Administration to be active on copyright regime issues, efforts to enact legislation to approve and implement the Trans-Pacific Partnership trade agreement, tax reform, and more proposals to weaken retransmission consent, to name a few.

Can you believe those numbskulls in Washington? We already did this once and suddenly they're back again, talking about the public interest and consumer rights and all that crap again. Please help us put an end to it.

On the trade front, we will also look to build on our achievements in other negotiations this year. 2016 should see significant activity in negotiations between the US and China over a Bilateral Investment Treaty (BIT), continued negotiations with the European Union over the proposed Transatlantic Trade and Investment Partnership agreement, the 50-country Trade in Services Agreement negotiations, and efforts by the US Government to raise IP standards and break down trade barriers through a variety of means.

We successfully got awesome anti-public / pro-Disney language into the TPP and now we can do it again in other trade deals. Go team! Help us lock up culture even more! And pretend it's about "free trade."

In 2016, Congress will further discuss various tax reform proposals. While comprehensive reform is unlikely, activity in the coming year will lay the foundation for what many expect to be a genuine opportunity for reform in early 2017. We have been active educating Members of Congress on the importance of lowering the corporate tax rate to be competitive with the rest of the world. The US has one of the highest marginal and effective tax rates among developed countries, creating a significant competitive impediment to companies headquartered in the US.

Because, yes, we know that you, dear Disney employee, are quite concerned about the tax rates of giant conglomerates like Disney. Please give us money to help us get a tax break! We may give you a free ticket to Disneyland in exchange. But no free music or movies. That's bad.

Congress will continue to be very active on intellectual property issues... After three years of hearings and testimony from 100 witnesses, we now expect the House Judiciary Committee to turn to legislating. We expect significant attention on legislation to modernize the Copyright Office, a small agency that can have an enormous impact on our interests.

Did you hear about the newly nominated Librarian of Congress? We hear she actually cares about the public and open access, and that's bad and must be stopped. At the very least, let's rip the Copyright Office out from under her and put it in the hands of people who understand us better. And by "understand" I mean, will soon accept jobs from us when they "transition" out of government work.

And the Copyright Office has launched several proceedings involving possible changes to laws governing the accountability of online services and the laws protecting technologies used to secure distribution of digital content. These discussions obviously have significant implications for a business like ours that is dependent on copyright policy in the face of ongoing change in technology and the marketplace.

Did I mention our successful efforts in killing innovation? This is the next part of our plan. Like the internet? Fuck you. We're Disney and we're going to fuck it up. With your money, hopefully!

We will also need to continue our work to fend off growing and concerted efforts to weaken our ability to freely negotiate the distribution of our broadcast and cable programming. Last year, the FCC teed up several rule makings that could have a significant adverse affect on retransmission consent and how we package and sell our media networks. As the debate becomes much more heated, we will need to remain vigilant.

Did you notice how odd it was that the FCC suddenly seemed to be caring about consumers again? We can't have that. We CANNOT have that. Please help us destroy the FCC. Sure your cable bills will be higher, and the internet will suck, but we're Disney. We've got a mouse.

With all of the challenges we will face this year, it is important that our PAC be strong. We, therefore, respectfully suggest that you consider making a contribution of [REDACTED]. You may give more or less than the suggested amount (although no contribution can exceed $5000 in any year) and any contribution will be appreciated. As always, 100% of your contribution is used in direct support of candidates and political entities that uphold policies and principles that are consistent with the best interests of our company. DisneyPAC contributes equally to Democrats and Republicans each calendar year. For your convenience, DisneyPAC has implemented a payroll deduction system, through which your contributions to the PAC will be deducted from your weekly paycheck. If you prefer, you may instead make a one-time personal contribution to the PAC. Your contribution is important to all of us, but I want to emphasize that all contributions are voluntary and have no impact on your job status, performance review, compensation, or employment. Any amount given or the decision not to give will not advantage or disadvantage you. You have the right to refuse to contribute without reprisal. Your help is truly appreciated.

We'll take money straight from your paycheck and put it to work making corporate Disney's life better. Not yours. Do that with whatever money you have left.

Permalink | Comments | Email This Story

The Le Super Bike (awesome name) is made by LeEco (formerly LeTV). They are new to the smartphone business and even newer to the "smart bike" world. This is essentially a bike with a built-in fitness tracker that happens to run Android.