Ultra-secret national security letters that come with a gag order on the recipient are an unconstitutional impingement on free speech, a federal judge in California ruled in a decision released Friday.

Federal Judge Finds National Security Letters Unconstitutional, Bans Them | Threat Level | Wired.com

Unfortunately, somewhere in this new wave of open data we forgot some of the most fundamental information about our government, the basic “who”, “what”, “when”, and “where”.

Do you know all the different government bodies and districts that you’re a part of? Do you know who all your elected officials are? Do you know where and when to vote or when the next public meeting is? Now perhaps you’re thinking that this information is easy enough to find, so what does this have to do with open data?

The Biggest Failure of Open Data in Government | Open Knowledge Foundation Blog

It seems to me that both of these episodes represent examples of what might be called “libertarian hijacking”–wherein libertarians form a short-term coalition with progressive Democrats on national security issues, only to pack up and basically go home once they have extracted concessions that don’t actually resolve the real issues.

Lawfare › Drones, Domestic Detention, and the Costs of Libertarian Hijacking

Groening also did other artwork for Apple.  Before his brochure, he created a poster titled, 'Networking in Hell,' which was also based around his Life in Hell characters.  The poster is rather amusing, and the headline reads, “Looking for advanced communications between your Macintosh and that ‘Big Blue’ mainframe? Then bring your floppies down to Akbar ‘n’ Jeff’s Communications Hut.” Jeff Miller, an engineer at Apple during that time, recalls that Groening did the poster in exchange for a LaserWriter, which retailed for many thousands of dollars back in the 80s.  

I remember this poster!

Matt Groening's Artwork for Apple — VintageZen

I wrote up the following response to Rob Graham's cyberwar blog post. I'm posting here because it is too large for his comment system:

I think the problem here is that the question of whether or not cyberwar is real is being conflated with the question of what the right response ought to be.

There is no question that the powers that be are over hyping this issue in an attempt to grab power. Our new Secretary of State John Kerry referred to "cyber weapons" as a "the modern day, 21st century nuclear weapons equivalent." Thats just silly.

I think that a lot of people in the computer security "scene" have responded to that overhyping by swinging the pendulum too far in the other direction. Are they taking that position because there really is no problem, or are they taking that position because they don't like the solutions that men like John Kerry have on offer?

The computer security "scene," such as it is, is incredibly guilty of claiming to be, as Dan Holden says, "holier then though." A lot of these people are primarily motivated by a desire to feel smarter than the establishment. Its a good feeling, but sometimes it is a self-delusion.

Take Advanced Persistent Threat. Its a real problem and its very difficult to manage. But you get this constant counterpoint being offered by people in the "scene."

Here you argue that spear phishing isn't an "Advanced" technique. These people are not trying to get a talk accepted at Blackhat. They are trying to break into computer networks. They will use whatever technique is effective, no matter whether or not people in the "scene" think it deserves to be called "Advanced." They have the capability to do things that are very sophisticated. They use that capability when they need to. Often, they don't.

Computer based espionage is real. Its a hard problem. Comparing it to "basic teenager attacks" comes dangerously close to confirming all the BS marketing out of the vendors at RSA this year. "Just buy my product and it will block all the APTs at your perimeter." If it were easy, those claims would have merit. Just press the "easy" button, problem solved!

Denial of Service attacks are real. Computer based sabotage of physical infrastructure is real. Yes, it fits into a greater geopolitical context. No, I don't have lots of information about the kind of stuff the NSA has cooked up in the lab, but I can imagine, and I'll bet they've shown John Kerry some pretty wicked software in a classified briefing somewhere.

The question is, what do we do about it?

Overregulation presents a risk of tying people down and preventing them from effectively defending themselves. For example, the original draft of the big cybersecurity bill required people who defend critical infrastructure networks to carry professional certifications with a variety of rigid requirements that have no relationship at all to whether or not someone is knowledgeable and effective a... [ Read More (0.1k in body) ]

Errata Security: Cyberwar: you lack imagination

GooGuns posts nothing but strings of letters and numbers, like b39e65fa00000000 in intervals of about five minutes on average. The string of characters always ends with zeroes, occasionally with the location service turned on, so you can see that 554705fa00000000 was allegedly tweeted from the "Region of Khabarovsk." This has been going on all day and all night, for years, with more than 318,000 tweets posted since 2009. But why?

The Real Weird Twitter Is Espionage Twitter | The Awl

I have called one of these indexes “valuation confidence.” It is the percentage of respondents who think that the stock market is not overvalued. Using the six-month moving average ended in February, it was running at 72 percent for institutional investors and 62 percent for individuals. That may sound like a ton of confidence, but it isn’t as high as the roughly 80 percent recorded in both categories just before the market peak of 2007.

Confidence and Its Effects on the Economy - NYTimes.com

Ad some finance to your twitter feed...

The Top 20 Wealth Managers and Financial Experts on Twitter | WSJ.Money Spring 2013 - WSJ.com

DOJ has generally refused to argue that there is reasonable suspicion in order to keep open Supreme Court review if/when the Ninth Circuit takes a narrow view of the exception. Specifically, DOJ has wanted to avoid the situation in which the Ninth Circuit establishes a reasonable suspicion standard, finds reasonable suspicion, and thus prevents DOJ from being able to file a cert petition to reverse the Ninth Circuit’s conclusion that reasonable suspicion is required...

In the en banc decision today, the Ninth Circuit goes on to determine that there is reasonable suspicion and that DOJ therefore wins the case... Ordinarily, then, this would mean that DOJ cannot seek further review: After all, it won the case.

Fascinating.

Indeed.

The long-running friction between the Ninth Circuit and DOJ over how to litigate border search exception cases.

Yesterday, the 9th Circuit Court of Appeals handed down an extremely important ruling on electronics searches at border crossings. After years of writing and talking about this issue I'm very excited to finally see a court take a position that is in-line with what I and many others have been advocating that the policy ought to be.

The court ruled that although customs officials can order you to open up your laptop for them so they can poke around in it manually, they cannot perform a full forensic investigation of the drive without some sort of reason to suspect that you might be guilty of a crime.

The idea is that the contents of your luggage are subjected to search at the border and so the contents of your electronics may be subject to a search at a similar level of intrusiveness. This might mean asking you to boot it up, looking around at the files on the hard drive, looking at the browser history. However, when customs agents seize your laptop from you and mail it off to an analysis center where a team of professional forensic analysts go through it with a fine tooth comb, reading all of the contents and looking even at fragments of deleted data, this is a step far beyond what a "routine" search of physical goods at the border consists of. It should require some sort of suspicion on the part of customs agents and should not be done at random.

Finally, a court has understood the issue well enough to see the distinction between a cursory search through a computer system and a forensic investigation of a computer system and has insisted upon reasonable suspicion in the later circumstance. This is extremely close to the balance first proposed by Mark Rasch in a SecurityFocus column in 2008.

This is probably the best result that civil liberties advocates can hope for under our current border search doctrine. I think it puts searches of electronics in line with the overall doctrine as it exists right now. I therefore see it as a major victory for privacy rights. A result that is more protective of civil liberties than this would require more fundamental changes to our ideas about border searches in general, rather than a specific ruling about electronics.

For example, the EFF states: "We wish it was the probable cause standard, but we’ll take the reasonable suspicion standard in lieu of no standard at all..." I don't think this is terribly realistic. As far as I know, no search at the border, no matter how intrusive, currently requires probable cause. One would need to first establish the circumstances under which probable cause would be required for a border search in order to then argue that searches of electronics fit into that circumstance.

Frankly, I'm not totally happy with the standard set by this ruling either. I don't see any reason that customs officials need to look at the files in my hard drive or read my browser history absent some ... [ Read More (0.9k in body) ]

Border agents need 'reasonable suspicion' for deep search of electronics