[Stoner]

http://www.villagevoice.com/issues/0310/hentoff.php

Nat Hentoff
Ashcroft Out of Control
Ominous Sequel to USA Patriot Act
February 28th, 2003 3:00 PM
Many of the new security measures proposed by our government in the name of fighting the "war on terror" are not temporary. They are permanent changes to our laws. Even the measures that, on the surface, appear to have been adopted only as long as the war on terror lasts, could be with us indefinitely. Because, as Homeland Security director Tom Ridge himself has warned, terrorism is a "permanent condition to which America must . . . adjust." —American Civil Liberties Union, January 29



--------------------------------------------------------------------------------

Since September 11, 2001, a number of us at the Voice have been detailing the Bush administration's accelerating war on the Bill of Rights—and the rising resistance around the country. This battle to protect the Constitution, and us, has entered a new and more dangerous dimension.

On February 7, Charles Lewis, head of the Washington-based Center for Public Integrity, received a secret, but not classified, Justice Department draft of a bill that would expand the already unprecedented government powers to restrict civil liberties authorized by the USA Patriot Act. This new bill is called the Domestic Security Enhancement Act of 2003. Lewis, in an act of patriotism—since this still is a constitutional democracy—put the 86-page draft on the center's Web site, where it still remains (www.publicintegrity.org).

On the evening of February 7, Charles Lewis discussed this new assault on our fundamental liberties on Bill Moyers's PBS program, Now.

Three days later, on the editorial page of the daily New York Sun, primarily a conservative newspaper, Errol Louis wrote: "[The] document is a catalog of authoritarianism that runs counter to the basic tenets of modern democracy."

I have the entire draft of the bill. Section 201 would overturn a federal court decision that ordered the Bush administration to reveal the identities of those it has detained (imprisoned) since 9-11. This sequel to the USA Patriot Act states that "the government need not disclose information about individuals detained in investigations of terrorism until . . . the initiation of criminal charges."

Many of the prisoners caught in the Justice Department's initial dragnet were held for months without charges or contact with their families, who didn't know where they were. And these prisoners were often abused and out of reach of their lawyers—if they'd been able to find a lawyer before being shifted among various prisons. When, after much pressure, the Justice Department released the numbers of the imprisoned, there were no names attached, until a lower court decided otherwise.

Under the proposed Ashcroft bill reversing that court decision, for the first time in U.S. history, secret arrests will be specifically permitted. That section of bill is flatly titled: "Prohibition of Disclosure of Terrorism Investigation Detainee Information." In Argentina, those secretly taken away were known as "the disappeared."

Moving on, under Section 501 of the blandly titled Domestic Security Enhancement Act of 2003, an American citizen can be stripped of citizenship if he or she "becomes a member of, or provides material support to, a group that the United States has designated as a 'terrorist organization,' if that group is engaged in hostilities against the United States."

Until now, in our law, an American could only lose his or her citizenship by declaring a clear intent to abandon it. But—and read this carefully from the new bill—"the intent to relinquish nationality need not be manifested in words, but can be inferred from conduct." (Emphasis added).

Who will do the "inferring"? A member of the Justice Department. Not to worry. As John Ashcroft's spokeswoman, Barbara Comstock, says of objections to this draft bill: "The [Justice] department's deliberations are always undertaken with the strongest commitment to our Constitution and civil liberties." (This is a faith- based administration.)

What this section of the bill actually means is that if you provide "material support" to an organization by sending a check for its legal activities—not knowing that it has been designated a "terrorist" group for other things it does—you can be stripped of your citizenship and be detained indefinitely as an alien. While South Africa was ruled by an apartheid government, certain activities of the African National Congress were categorized as "terrorist," but many Americans provided support to the legal anti-apartheid work of that organization.

Under Section 302 of John Ashcroft's design for our future during the indefinite war on terrorism, there is another change in our legal system. Under current law, the FBI can collect DNA identification records of persons convicted of various crimes. But under the USA Patriot Act II, the "Attorney General or Secretary of Defense" will be able to "collect, analyze, and maintain DNA samples" of "suspected terrorists." And as Georgetown law professor David Cole notes—"mere association" will be enough to involve you with suspected terrorist groups. What does "association" mean? For one thing, "material support," under which you could lose your citizenship.

In reaction to the stealth with which the Justice Department has been crafting this invasion of the Bill of Rights, Democratic senator Patrick Leahy of Vermont, ranking minority member of the Senate Judiciary Committee, said on February 10: "The early signals from the administration about its intentions for this bill are ominous. . . .

"For months, and as recently as just last week, Justice Department officials have denied to members of the Judiciary Committee that they were drafting another anti-terrorism package. There still has not been any hint from them about their draft bill."

Leahy continued: "The contents of this proposal should be carefully reviewed, and the public must be allowed to freely engage in any debate about the merits of any new government powers the administration may seek."

But where is the debate in Congress or in the media? After a few initial press stories about the USA Patriot Act II, there has been little follow-up. To be continued here.


--------------------------------------------------------------------------------

[Stoner]

Notice the frequency of certain names that keep coming up in regard to the encroachment of civil liberties:
U.S. Attorney General John Ashcroft
Defense Secretary Donald Rumsfeld
Sen. Orrin Hatch


http://www.cnn.com/2001/US/12/06/inv.ashcroft.hearing/

Ashcroft: Critics of new terror measures undermine effort

U.S. Attorney General John Ashcroft displays what he called a terror manual from the al Qadea network


--------------------------------------------------------------------------------



--------------------------------------------------------------------------------

WASHINGTON (CNN) -- Attorney General John Ashcroft lashed out Thursday at critics of the administration's response to terrorism, saying questions about whether its actions undermine the Constitution only serve to help terrorists.

"To those who pit Americans against immigrants, citizens against non-citizens, to those who scare peace-loving people with phantoms of lost liberty, my message is this: Your tactics only aid terrorists for they erode our national unity and diminish our resolve," Ashcroft told the Senate Judiciary Committee. "They give ammunition to America's enemies and pause to America's friends. They encourage people of good will to remain silent in the face of evil.

"Our efforts have been crafted carefully to avoid infringing on constitutional rights, while saving American lives."

Ashcroft flatly rejected criticism of the administration's policies, including President Bush's decision to allow the use of military tribunals to try non-U.S. citizens suspected of terrorism, the detention of hundreds of immigrants in connection with the terrorism probe, the "voluntary" questioning of thousands of men from mostly Middle Eastern countries, and eavesdropping between attorneys and their clients in terrorism cases.




Each of those initiatives, he said, balance constitutional rights against the threat of terrorism.

"Charges of kangaroo courts and shredding the Constitution give new meaning to the term 'fog of war,'" Ashcroft said.

But Sen. Patrick Leahy, D-Vermont, the chairman of the committee, opened the hearing with some implied criticism of the administration, insisting "tremendous government power" had to be balanced against civil liberties.

"The need for congressional oversight is not -- as some mistakenly describe it -- to protect terrorists," Leahy said. "It is to protect Americans and protect our American freedoms that you and everyone in this room cherish so much. And every single American has a stake in protecting our freedoms."

Senators, mostly Democrats but some Republicans, pressed Ashcroft to outline what kind of guidelines would apply to the military tribunals. Sen. Edward Kennedy, D-Massachusetts, conceded the tribunals could be effective, but said they had "enormous potential for abuse" unless they were conducted with a clear set of rules and limits.

The specific guidelines for the tribunals, Ashcroft said, would be drafted by Defense Secretary Donald Rumsfeld, but he said Bush's order had been for "full and fair proceedings." Those tribunals, however, could be held in secret when the president determined it was in the interest of "national security" to do so, Ashcroft said.

The attorney general said his day begins with a rundown of terrorist threats from the around the world, describing it as "a chilling daily chronicle of the hatred of Americans by fanatics."

To buttress that point, Ashcroft said the Justice Department will post on its Web site "several lessons" from a terrorist manual "so that Americans can know about the enemy."

Ashcroft said the manual came from the al Qaeda network and was first made public during the trial earlier this year of men who were later convicted of bombing two U.S. embassies in Africa.

The attorney general said the manual shows that terrorists are taught to manipulate the U.S. judicial system and news media to their advantage.

The administration had its defenders at the hearing. Sen. Orrin Hatch, R-Utah, the top Republican on the panel, suggested the criticism of the White House's policies was nothing more than a reflection of Senate egos.

"I would implore my colleagues, let's keep our focus where it matters: on protecting our citizens," Hatch said.

[Stoner]

http://news.bbc.co.uk/2/hi/world/americas/1120440.stm

Profile: John Ashcroft



John Ashcroft is accused of racism, a charge he denies

The strongly conservative, deeply religious John Ashcroft was always going to be a controversial choice for US attorney-general.
Pro-death penalty, anti-abortion, anti gay rights, and opposed to gun control - Mr Ashcroft's firmly-held views make him unsuitable to be the country's chief law officer, argue many Democrats.



He is not the person who should be entrusted with the significant responsibilities of the attorney-general

Judith Schaefer, civil rights activist
Women's rights advocates and black people are particularly angered by the nomination, as Mr Ashcroft has opposed abortion rights and school desegregation in his home state of Missouri.

The former senator famously once boasted of his conservatism, saying there are two things you find in the middle of the road: "a moderate and a dead skunk", adding he did not want to be either.



Mr Ashcroft has caused anger among Democrats and minority groups

"John Ashcroft is an extremist; he has a record of insensitivity, if not outright hostility towards women and minorities," said civil rights activist Judith Schaefer.

But Republican Senator Orrin Hatch has strongly dismissed the charges of racism and sexism against his former colleague.

"I don't think anybody in their right mind who knows John Ashcroft would say that he's biased in any way shape or form, " he said. "John is a very fine man."

Mr Ashcroft's record as a senator helps explain why he is so controversial. The conservative Christian Coalition gave him a 100% rating for the year 2000, while the environmentalist League of Conservation Voters and the left-leaning National Organisation for Women each gave him a zero.

The main points that his opponents want answers on are:


his opposition to the appointment of a black Missouri judge, Ronnie White, to a federal court bench;

his opposition to voluntary school desegregation plans in his home state when he was attorney-general of Missouri;

comments praising Southern war heroes from the American Civil War;

his opposition to a voter registration campaign in St Louis, which has a large black and traditionally Democratic population;

allegations of improper fund-raising in his campaigns for various Missouri offices.
Regrets

Mr Ashcroft has denied he is a racist, one of the most emotive charges against him.

In one of his few public statements since his nomination in December, Mr Ashcroft said he opposed the police practice of targeting members of racial minorities for questioning.

"It's wrong, it's inappropriate, it shouldn't be done," he said.

Mr Ashcroft has also said he regrets his meeting last September with the leader of a conservative group who holds controversial views on racial issues. He took a lot of criticism for that meeting, but later said he would not have done it if had known of the man's opinions.

He angered Democrats in 1999 by accepting an honorary degree from South Carolina's Bob Jones University, which until last year banned interracial dating. Students still have to have parental permission.

Relgious upbringing

Born 9 May 1942, in Chicago, Mr Ashcroft grew up in Springfield, Missouri, where his family had moved to be nearer to the world headquarters of the Assembly of God Church.

His father was a minister in the church, and a dominant influence on the young John Ashcroft, who attended Hillcrest High School in Springfield.

In his book, Lessons from a Father to his Son, Mr Ashcroft said he woke up every morning hearing "the magisterial wake-up call" of his father's prayers.

Before entering politics, the former senator taught business law at Southwest Missouri State University. He graduated with honours from Yale University in 1964, and earned a law degree from the University of Chicago in 1967.

Since then he has held a number of political posts.

He was Missouri's state auditor from 1973-75, and then became the state's assistant attorney-general in 1975. The following year he moved up to the attorney-general job, where he stayed until 1985.

During that time he was president of the National Association of Attorneys-General, and received the organisation's top award in 1983.

Political ladder

Then in 1984 he was elected governor of Missouri, and won a second term in 1988. He served as chairman of the Republican Governors' Association 1989-90, and served as chairman of the National Governor's Association in 1991 and 1992.



John cannot see a person in need without trying to reach out and help

Janet Ashcroft
Mr Ashcroft took up a seat in the Senate in 1995, and briefly considered running for the Republican presidential nomination in 2000, with backing from religious conservatives.

In the end he ran for Senate re-election, but lost his seat to a dead man: Mel Carnahan, whose widow Jean stepped in as the Democrat candidate when her husband died after the ballot papers had already been printed.

But that meant the way was clear for him to become George W Bush's nomination for attorney-general.

When he lost the Senate seat, colleagues from both parties said he handled the situation graciously, and praised him for being an ethical, fair-minded lawmaker.

John Ashcroft's wife, Janet, has described her husband, a non-smoker and non-drinker, as "a man of integrity and decency and honesty, and compassion".

"He is reasoned and flexible and, you know, everybody likes John Ashcroft," she said. "This whole firestorm has been a total shock."

The couple have three children and one grandchild.

[Tipacanoe]

People in the UK have been coping with many of these issues for over a decade or more.

See here:

http://www.spy.org.uk/wtwu.htm

[Stoner]

http://zdnet.com.com/2100-1107-997590.html

News Commentary


New spy tools--for good or evil?

By Declan McCullagh
CNET News.com
April 21, 2003, 5:13 AM PT






COMMENTARY--Cisco Systems has created a more efficient and targeted way for police and intelligence agencies to eavesdrop on people whose Internet service provider uses their company's routers.

The company recently published a proposal that describes how it plans to embed "lawful interception" capability into its products. Among the highlights: Eavesdropping "must be undetectable," and multiple police agencies conducting simultaneous wiretaps must not learn of one another. If an Internet provider uses encryption to preserve its customers' privacy and has access to the encryption keys, it must turn over the intercepted communications to police in a descrambled form.

Cisco's decision to begin offering "lawful interception" capability as an option to its customers could turn out to be either good or bad news for privacy.

Because Cisco's routers currently aren't designed to target an individual, it's easy for an Internet service provider (ISP) to comply with a police request today by turning over all the traffic that flows through a router or switch. Cisco's "lawful interception" capability thus might help limit the amount of data that gets scooped up in the process.




On the other hand, the argument that it hinders privacy goes like this: By making wiretapping more efficient, Cisco will permit governments in other countries--where court oversight of police eavesdropping is even more limited than in the United States--snoop on far more communications than they could have otherwise.

Marc Rotenberg, head of the Electronic Privacy Information Center, says: "I don't see why the technical community should hardwire surveillance standards and not also hardwire accountability standards like audit logs and public reporting. The laws that permit 'lawful interception' typically incorporate both components--the (interception) authority and the means of oversight--but the (Cisco) implementation seems to have only the surveillance component. That is no guarantee that the authority will be used in a 'lawful' manner."

U.S. history provides many examples of government and police agencies conducting illegal wiretaps. The FBI unlawfully spied on Eleanor Roosevelt, Martin Luther King Jr., feminists, gay rights leaders and Catholic priests. During its dark days, the bureau used secret ~~~~~ and hidden microphones to blackmail the Kennedy brothers, sway the Supreme Court and influence presidential elections. Cisco's Internet draft may be titled "lawful interception," but there's no guarantee that the capability will always be used legally.

Still, if you don't like Cisco's decision, remember that they're not the ones doing the snooping. Cisco is responding to its customers' requests, and if they don't, other hardware vendors will. If you're looking for someone to blame, consider Attorney General John Ashcroft, who asked for and received sweeping surveillance powers in the USA Patriot Act, along with your elected representatives in Congress, who gave those powers to him with virtually no debate.

I talked with Fred Baker, a Cisco fellow and former chairman of the Internet Engineering Task Force (IETF), about his work on the "lawful interception" draft.

Q: Why did Cisco decide to build "lawful interception" into its products? What prompted this?
A: Cisco's customers, not just in United States but in many countries, are finding themselves served with subpoenas to mandate lawful intercept functionality. Cisco received requests from its customers for this capability.

When I found out about the project, I asked to be involved because I wanted to ensure that it was done in a manner that was as close to balanced as I could get. From an engineering perspective, the easiest thing is to give everything to law enforcement and let them sort it out. But I wanted to do better than that.

When was that?
The actual development of this document started probably seven to eight months ago.

What was the reaction of the Internet community and the IETF after you released the draft?
I've seen very little reaction so far. We have been contacted by Verisign, with which we had an NDA relationship. They said, "We'd like to work with you on this." That's about all we've had. John Gilmore (of the Electronic Privacy Information Center) posted comments to an IETF mailing list. He wanted to ensure that the capability would be as difficult to use as possible.

When will Cisco's customers be able to buy "lawful interception" products or an upgrade?
We haven't yet announced anything. Any product that a service provider is likely to purchase will have an option to provide lawful interception. That's not for all of our products but for a fairly broad subset.

We're in the process of doing early field trials on that capability. In most cases it's a software upgrade. What we're doing is putting the capability in a separate image so you know what you're getting when you get it. Under U.S. law, if you have that ability, you could be required to use it. Our service provider customers have asked us not to put it in the standard image, so that they can't be forced to use it.

How much will it cost?
We haven't announced that. There was some discussion at some point about putting in a nuisance fee.

What percentage of your customers who have asked for "lawful interception" capability are within the United States?
We have service provider customers in a number of countries that have asked us for it. Some have been more insistent than others.

Do you have any moral problems with helping to make surveillance technology more efficient?
I have some moral and ethical issues, but I think quite frankly that the place to argue this is in Congress and in the courtroom, not a service provider's machine room when he's staring down the barrel of a subpoena.

There are two sides. One is that Cisco as a company needs to let its customers abide by the law. The other is the moral and ethical issues. There are two very separate questions.

The current draft does not include an audit trail. Could you do that by having your equipment digitally sign a file that says who's been intercepted and for how long? That could be turned over to a judge. It could indicate whether the cops were or weren't staying within the bounds of the law.
I'm not entirely sure that the machine we're looking at could make that assurance... In fact, the way lawful interception works, a warrant comes out saying, "We want to look at a person." That's the way it works in Europe, the United States, Australia and in other western countries. The quest then becomes figuring out which equipment a person is reasonably likely to use, and it becomes law enforcement's responsibility to discard any information that's irrelevant to the warrant. That kind of a thing would probably be maintained on the mediation device.

Who controls the mediation device?
The Internet provider. The mediation device picks out the subset that relates to a particular warrant.

A few years ago (in RFC 2804) the IETF rejected the idea of building eavesdropping capability into Internet protocols. The FBI supported the idea, but the IETF said, no way. You were chair of the IETF at the time. How do you reconcile your proposal with the decision made then?
I thought that what the IETF decided to do was actually the right thing to decide. What it said is that the IETF would not modify protocols that were designed for some other purpose in order to support lawful interception.

Will you discuss this at the next IETF meeting in Austria in July?
We're hoping for community review. If people see any problems with what we're doing on a technical level, we're all ears. We want to produce the best possible capability in terms of security and the capability required.

Have you had requests for this capability, directly or indirectly, from government agencies?
Yes and no. We got the request from our customers. The laws relate to the ISPs, which are our customers. Certainly, if we get a request from our customers that we can't support, there are penalties that accrue.

We've had direct contact with the FBI and other agencies. When I was in Holland I (spoke at a conference with the head of the equivalent of the country's Central Intelligence Agency). The fact that he came out and said something made the 8 o'clock news. I had a meeting with him and some of his people a few days later to figure out what he wanted and what he intended to do with this. As an engineer I wanted to understand a customer's problem.

We've had discussions with government agencies, but (they're generally not) asking us to build a product. They do that with ISPs, who then come to us.

What other companies are going a similar route?
We're a little bit more open than everyone else. It really wouldn't be appropriate for me to talk about other companies. It's not like we're coming out and saying, "Hey, this is the reason you should buy a Cisco router." This is something we're doing because our customers want it.

What do you think of governments with scant respect for privacy rights using "lawful interception" technology to become more efficient eavesdroppers? Do you ever stay up late at night worrying about what they might do with it?
Of course I do. But that problem is the reason I got involved. We have some capabilities in some of our equipment that will allow you to take all the traffic that goes across an interface and send it to another interface. Right now that is used in some cases as a lawful interception technology.

When we first started talking, some engineers said, "Let's turn this on and use that." I said, "Heavens no, if we can narrow the range of information, let's do it." Let's let our customers meet their requirements in as privacy-protecting a way as possible. So yes, there's a conflict, but the conflict is why I got involved.

[Mulderator]

Quote:

Originally posted by Tuppence2:
Hey, right at the begining of this thread, Mulder said he would not dignify(!!) it with any more posts - I see he didn't keep his word!

Penny

Huh??? What are you talking about?

[Stoner]

More on how poorly written law affects technology!

http://www.securityfocus.com/news/4004

Use a Honeypot, Go to Prison?

By Kevin Poulsen, SecurityFocus Apr 16 2003 4:44PM

SAN FRANCISCO--Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap, a Justice Department attorney warned Wednesday.

"There are some legal issues here, and they are not necessarily trivial, and they're not necessarily easy," said Richard Salgado, senior counsel for the Department of Justice's computer crime unit, speaking at the RSA Conference here Wednesday.

An increasingly popular technique for detecting would-be intruders, a honeypot is a type of hacker flypaper: a system that sits on an organization's network for no other purpose than to be hacked, in theory diverting attackers away from genuinely valuable targets and putting them in an closely monitored environment where every keystroke can be analyzed.

But that monitoring is what federal criminal law calls "interception of communications," said Salgado, a felony that carries up to five years in prison. Fortunately for honeypot operators, there are exemptions to the Federal Wiretap Act that could be applied to some honeypot configurations, but they still leave many hacker traps in a legal danger zone.

One exemption permits interception of a communication if one of the parties consents to it the monitoring. To that end, Salgado suggested that honeypots display a banner message warning that use of the computer is monitored. "You can banner your honeypot... and you've got the argument that they saw the banner, continued using the system, and consented to monitoring," he said. But most hackers don't penetrate a system through the front door -- telneting in or surfing to a web page -- and if they never see the banner, they haven't consented to monitoring. "It's not the silver bullet."
'The very purpose of your honeypot is to be attacked... so it's a little odd to say we're doing our monitoring of this computer to prevent it from being attacked.'
-- Richard Salgado
The consent exemption might apply without a banner if a court determines that the honeypot itself is one of the "parties" to the communication, Salgado said. But that goes out the window -- or at least becomes more legally complicated -- the moment the hacker uses the honeypot to connect to another machine, or sets up a chat system on the box. Now the honeypot operator is intercepting communications between two or more parties. "Those kinds of situation become problematic."

Another relevant exemption passed in the USA-PATRIOT Act in October 2001, but only applies to cases where the government steps in to do the spying. The so-called "computer trespasser exemption" allows the government to intercept the communications of a computer intruder at the invitation of the victim. "Everyone coming into that honeypot is a trespasser... So this exception may work very nicely with honeypots when the government is coming in to do the monitoring," said Salgado. "But it has to be relevant to an ongoing investigation."

Can a Hacker Sue You?
That leaves a third "provider exemption" as the most promising for honeypot fans. This allows the operator of a system to eavesdrop for the purpose of protecting their property or services from attack. But even that exemption probably wouldn't apply to a system that's designed to be hacked, Salgado said. "The very purpose of your honeypot is to be attacked... so it's a little odd to say we're doing our monitoring of this computer to prevent it from being attacked."

Instead, Salgado favors configurations where a hacker is invisibly rerouted to a honeypot after beginning an attack on a production machine. "The closer the honeypot is to the production server, the less likely that it's going to have some of the legal issues that we're talking about," he said, because the monitoring becomes part of the normal process of protecting the production machine.

Despite the legal issues, Salgado praised honeypots as a valuable tool. But he cautioned attendees to consult with their company's legal department before deploying them. In addition to the danger of criminal liability, and myriad state laws that may be more restrictive than the federal statutes, Salgado warned that honeypot operators might get sued if they become an unwitting conduit to an attack on another victim.

And because the Federal Wiretap Act has civil provisions, as well as criminal, there's even a chance that a hacker could file a lawsuit against a honeypot operator that doesn't have their legal ducks in a row.

That's not as incredible as it sounds, the lawyer said, in an interview after the presentation. "It would take chutzpah," said Salgado. "But there's a case where an accused kidnapper who was using a cloned cell phone sued for the interception of the cell phone conversations... And he won."

In contrast, he said he's not aware of anyone being prosecuted for hacking a honeypot, which, after all, is meant to be hacked. "What I can tell you is that under the federal hacking laws, an attempt to hack can constitute a felony... The fact that it turned out to be a honeypot may not change the legality, but I haven't seen a court case yet."

[Stoner]

Another gov't function going under the cloak of Home Land Security




http://dc.internet.com/news/article.php/2194481

April 21, 2003
White House To Lose Top Cybersecurity Advisor
By Roy Mark

Less than a week after telling the RSA Security conference that the government is having problems getting private industry to get behind the administration's National Strategy to Secure Cyberspace, White House cybersecurity advisor Howard Schmidt is reportedly planning on resigning his post by the end of the month.

According to published reports, Schmidt has e-mailed an "informal letter of resignation" to his colleagues.

"With the historic creation of the Department of Homeland Security, the transfer of many of the responsibilities from the Critical Infrastructure Protection Board to DHS and the release of the strategy, I have decided to retire after approximately 31 years of public service and return to the private sector," Schmidt wrote in the e-mail.

Schmidt's resignation follows the February departure of Richard Clarke, who served as chairman of the President's Critical Infrastructure Protection Board. When Clarke announced his resignation, the White House said it would abolish the board and move its responsibilities to the New Department of Homeland Security, which is consolidating five different federal cybersecurity offices.

Although the board was eliminated, Schmidt, Microsoft's former chief of security, remained at the White House. According to the Washington Post, Schmidt unsuccessfully maneuvered to become Homeland Security Secretary Tom Ridge's top cybersecurity advisor.

The job eventually went to Robert Liscouski, who was named assistant secretary of infrastructure protection at the Department of Homeland Security. Liscouski is the former director of information assurance at Coca Cola.

Schmidt has served at the White House for 17 months. He joined the White House staff shortly after the Sept. 11, 2001, terrorist attacks.

Schmidt, along with Clarke, is a key author of the White House plan to better protect the nation's network infrastructure from terrorist cyber attacks. As finally released by the White House, the plan calls for a voluntary partnership between the public and private sectors to share security intelligence, reduce vulnerabilities and deter malicious entities.

The effort is getting major financial backing. The administration has authorized $900 million dollars for the next five years for cyber security research and development. Schmidt said the money has yet to be appropriated. Overall spending on services and technology across all federal agencies is expected to grow form $45.4 billion in fiscal year 2003 to $68.2 billion in 2008 with e-government and homeland security getting the lion's share.

[Stoner]

The following link is an article too long to post . It is an excellent read, if you can't read it now, save the link for a free moment .






http://www.theatlantic.com/issues/2002/09/mann.htm


Homeland Insecurity

A top expert says America's approach to protecting itself will only make matters worse. Forget "foolproof" technology—we need systems designed to fail smartly

by Charles C. Mann

[Stoner]

The loss of civil Liberties----------


http://www.sptimes.com/2003/04/20/Co...o_jail__.shtml

Go directly to jail, crime or no

BLUMNER
--------------------------------------------------------------------------------
E-mail:
Click here
--------------------------------------------------------------------------------
Archive
By ROBYN E. BLUMNER
© St. Petersburg Times
published April 20, 2003


--------------------------------------------------------------------------------

Sometimes, before an abusive government practice gains widespread attention, bad things have to happen to someone with this bio: American citizen, blond wife, adorable children, good job and high-status friends.

That victim would be Maher "Mike" Hawash, a naturalized American of Palestinian descent who has been held in federal custody as a material witness to a terrorism investigation since March 20.

In an early-morning raid, Hawash was seized by armed FBI agents in the parking lot of his workplace in Portland, Ore. His home was later searched for hours and four computers were confiscated. Hawash has since been held under maximum-security conditions in a federal prison south of Portland. No one who can talk knows why Hawash has been detained or what the FBI agents are looking into, although there is conjecture it might have something to do with his donations to a Muslim charity. Everyone directly associated with the case, including his lawyers, has been ordered by a judge not to speak about it.

But Hawash is lucky. Unlike other Muslim and Middle Eastern men who have found themselves in this predicament, Hawash has well-situated friends. As a former employee and now a contract software engineer for Intel Corp., Hawash has a wide cadre of associates in the computer industry. And they are not sitting on their hands. An Internet-driven information campaign (www.freemikehawash.org) and organized "free Mike" rallies have increased interest in his case and, as a result, in the way Attorney General John Ashcroft has been misusing the material witness statute.

Steven McGeady, a former Intel vice president, is leading the effort on Hawash's behalf. McGeady said he had been a casual observer of the post-Sept. 11 terrorism detentions -- concerned but not engaged. His activism kicked in when his good friend was arrested. What happened to Hawash "is the classical definition of a police state," McGeady said. "Government can hold you in secret at any time and for any length of time. It violates, for me and everyone I know, the pre-existing trust we have in government." McGeady believes firmly that if Hawash were "not of Arabic descent" he would never have been treated in this pre-emptory manner: Instead of waiting in a prison cell, "he'd be home waking up with his wife and kids every morning."

At issue in Hawash's case is the 1984 material witness statute that allows the government to hold a person whose testimony is "material in a criminal proceeding" for an indeterminate time. The law is to be used only when the witness is reticent and will likely flee the country to avoid having to testify. But since the terror attacks Ashcroft has transformed it into a tool of repression, using it to put people behind bars for preventive detention. Ashcroft's approach is to arrest first, investigate possible terrorist ties later -- a patently unconstitutional practice under which the "witness" label has become just a pretext.

Back in November, the Washington Post did a stellar job trying to uncover exactly how Ashcroft's Justice Department has used the statute. The paper counted at least 44 people who were arrested as material witnesses -- a remarkable journalistic achievement given that it is nearly impossible to get information on who has been arrested. Because the detentions are ostensibly to provide grand jury testimony, judges seal the records and issue gag orders. It plays perfectly into Ashcroft's obsession with secrecy.

The paper found that twenty of the "witnesses" were released without ever being asked to appear before a grand jury. And only two were ever indicted on terrorism-related charges. (Another, Jose Padilla, the so-called "dirty bomber," is being held without charge as an enemy combatant.)

Lives and families were destroyed by the incarcerations, with some of the detentions lasting for months. Yet this statute imprisons people who are not accused of doing anything wrong.

As to checks on Ashcroft, Congress has been exceptionally meek. Earlier this month House Judiciary Committee Chairman James Sensenbrenner and ranking member John Conyers sent Ashcroft a letter asking for details regarding each person detained as a material witness. But this is likely to go nowhere. Congress has been unwilling to call Ashcroft to account for his outrages against liberty. Nearly everyone's intimidated.

The courts have been a little better but not much. One federal judge in New York ruled that the material witness statute could not be used in the grand jury context, but that ruling is likely to be set aside on appeal. Courts seem to be failing to vigilantly test the government's claim that the men held on these warrants are a flight risk. Hawash is an American with a good job, a nice home, an American-born wife and three children. He's got just the kind of vita that says he would be a cooperative witness.

A federal judge has ordered Hawash detained "but not indefinitely," with a closed-door hearing to review his status set for April 29. By that time he will have spent more than five weeks in prison with no formal accusation or charge against him. Welcome to Ashcroft's America.

[Stoner]

Be sure to check out http://www.breakyourchains.org/jpao.htm

------------

Mulder approved site with a little Poindexter humor!
http://www.cato.org/dailys/01-15-03.html

The Poindexter Awareness Office: Turning the Tables on Mr. Supersnoop
by Clyde Wayne Crews Jr.

Clyde Wayne Crews Jr. is director of technology studies at the Cato Institute.

Talk is cheap, but surveillance is, too.

The federal government's post-9/11 efforts to monitor the public have culminated in the widely disparaged Total Information Awareness (TIA) project, the Pentagon's counterterrorism program that seeks to assemble databases of our credit-card purchases, car rentals, library books, airline-ticket purchases, official records and the like.

The TIA project, headed by John Poindexter (the Reagan national security adviser of Iran-contra fame), comes on the heels of other recent and controversial public surveillance episodes such as the use of biometric face cameras, red-light cameras, enhanced wiretaps, escalated e-mail monitoring facilitated by the USA Patriot Act, and proposals for a national ID card.

In full flower, TIA would require banks, airlines, hotels, Internet service providers and other businesses to routinely transfer all our private transactional information to the government for real-time monitoring aimed at gleaning suspicious patterns that somehow might indicate terrorist planning or activity.

What George Orwell never anticipated, though, was that total surveillance technology cuts both ways.

The TIA's unpopular director now finds himself the direct target of the "John Poindexter Awareness Office": a Web page (http://www.breakyourchains.org/jpao.htm), verging on harassment, that documents his phone number, home address and other personal information, complete with satellite photos and open invitations to the public to keep the site abreast of Poindexter's every move.

Meanwhile, on the TIA's official Web site, the bios of Poindexter and other key staff have been removed, along with the creepy "eye in the sky" logo. But nothing ever dies on the Internet, so cached copies remain available at JPAO and elsewhere online.

Some consider the John Poindexter Awareness Office just desserts, that government officials and contractors like Poindexter should be prepared to accept the consequences of their unpopular actions. Indeed, the tactic exemplifies the outrageous invasiveness of the Total Information Awareness database itself. But vigilantism and a seeming call for harassment aren't the answers.

For now, at least, TIA faces a formidable barrier: It can't occur without high-profile debate in Congress. Companies retain a right to say "no" to grabby government information collectors, since privacy laws forbid the government from getting personal information from companies without a subpoena.

We count on government to protect our rights, not to be the leading offender. Even the so-called "public" information that government has on us -- the very kind used to harass Poindexter and even his neighbors -- is surrendered by us for limited purposes: taxes, licenses and so forth. The government's combining it in a deliberate manner for purposes of profiling an identified individual will at some point constitute an unreasonable search -- particularly given that we cannot "opt out" of government information collection.

Ironically, TIA can undermine society's goals, not merely of privacy enhancement, but of protection from terrorism itself. True, there are lots of private databases on us. But it's appropriate for them to remain separate, not be combined in TIA, since separateness can have security advantages in its own right. Moreover, TIA will destabilize continually evolving commercial privacy standards, and even drive transactions underground (thereby perhaps even making criminals out of ordinary people). TIA can further undermine national security by creating a tempting target database for hackers. And to the extent that TIA results in information overload, diversion and wasted effort, it almost goes without saying how costly it could be for America.

So there's much to consider before embracing TIA. Meanwhile, the undeniable bright spot -- given TIA proponents' apparent disdain for Fourth Amendment protections -- is that surveillance and communication technologies are cheap and readily available, not just for governments, but for individuals. The public forevermore can turn the electronic eyes right back on governments and expose abuses of individual rights.

From relatively low-tech, stick-it-to-the-man offerings like the Speed Trap Exchange on the Internet, to the Electronic Privacy Information Center's "Observing Surveillance" project that documents Washington, D.C.'s surveillance-camera networks, to the Witness project that documents human rights abuses worldwide -- surveillance now looks both ways.

The Poindexter Awareness Office in its own disconcerting way shows people won't put up with being spied on without a fight. In a way, that's comforting to know. But perhaps not for John Poindexter and his neighbors.

This article was published in the Orange County Register, Jan. 5, 2003.

[Stoner]

While not security related, this article does show the problems of laws enacted that are not technologically aware.
No one involved in the request for disclosure is advocating the digital transmition of child pornography.
The concern is whether the Pennsylvania attorney general's recent decision not to disclose the list of Internet Protocol (IP) addresses is violating the civil liberties of non-offenders caught up in the broad application of the law.
Pornographers are the main evil here, but secrecy might also play a part.

----------------------

http://rss.com.com/2100-1028-997935....feed&subj=news

Group questions state site-blocking law


By Declan McCullagh
Staff Writer, CNET News.com
April 22, 2003, 6:50 PM PT


A civil liberties group is again trying to gain access to a secret list to determine if Pennsylvania's attempt to block access to child-pornography Web sites is affecting innocuous sites.
On Tuesday, the Washington-based Center for Democracy and Technology (CDT) appealed the Pennsylvania attorney general's recent decision not to disclose the list of Internet Protocol (IP) addresses to sites suspected of featuring child pornography. CDT is seeking the list because it suspects the government's campaign is overly broad and has forced Internet service providers (ISPs) to cordon off unoffending sites as well.

"We're trying to determine what other sites have been implicated by this law that have nothing to do with the intent of this law," said Ari Schwartz, a lawyer at CDT, which filed its request under a state open-government law. "We want the IP address to find out how many sites unrelated to the site that is meant to be blocked are also being blocked."




A Pennsylvania state law that took effect last year permits the attorney general to order ISPs to block access to Web sites suspected of featuring child pornography.

As the result of such an order from Pennsylvania Attorney General Mike Fisher, WorldCom said in September that it would block customer access to some offshore Web sites.

But some say the technique that's used to block sites is problematic. It prohibits access by making specific IP addresses off limits. IP addresses are the numeric locators, such as 66.201.69.207, that computers understand, whereas easy-to-remember domain names such as Amazon.com are what most people use to navigate the Web.

A study released in February by Harvard Law School's Berkman Center for Internet & Society concluded that because modern Web standards permit thousands of domain names to share one Internet address, blocking illegal sites tends to lead to innocuous ones being targeted as well. It said the practice of Web sites sharing IP addresses is so commonplace that Yahoo hosts 74,000 Web sites at one address and Tucows.com uses one address for 68,000 domains.

In addition to that problem, backbone provider WorldCom said that because it doesn't have the technical ability to stop residents of only one state from viewing specific Web sites, it would block the sites for all of its North American subscribers.

Fisher's office has sent 313 secret blocking notices to ISPs as of April 1 and has refused to disclose the addresses of the allegedly illegal sites, saying such disclosure would make illegal images accessible. A redacted version of a Dec. 18, 2002, letter to AOL that Fisher released tells the company to "disable access to those items identified as child pornography to your subscribers to your service...within five business days of receipt of this notice."

A spokesman for Fisher did not immediately respond to a request for comment.

Sean Connolly, a spokesman for the Pennsylvania attorney general's office, said in an interview earlier this year that the state's law "has been very successful" and has led to few complaints. "We've worked with Web hosting companies and ISPs to ensure that the illegal and offensive material is taken down and not any legal sites that may share that space," Connolly said.

No other state appears to have enacted the same sort of law, and it has not been tested in court. The list of ISPs being contacted by Pennsylvania includes EarthLink, Microsoft's MSN, Terra Lycos, Verizon, and Comcast Communications.

If CDT's administrative appeal is denied, it has the option to sue in state court. The group said it has not made that decision yet.

[Stoner]

http://www.cdt.org/

CDT Appeals Pennsylvania Attorney General's Secrecy over Blocked Internet Sites - CDT has appealed the refusal by the Pennsylvania Attorney General to disclose the Internet web sites that he has blocked under a controversial state law. Since mid-2002, the Attorney General has issued over 300 secret censorship orders, with no judicial oversight or public review, requiring ISPs to block web sites that allegedly contain child pornography. Those orders also result in the blocking of hundreds or thousands of legitimate web sites that share the same "IP address" as the illegal sites. CDT assisted in the filing of a request under Pennsylvania's "Right to Know" law seeking to force the Attorney General to make his actions public. The Attorney General denied that request on April 1, and CDT has appealed, arguing that the Attorney General cannot continue to shield the censorship orders from public scrutiny. April 21, 2003

[bassetman]

Thanks for the update Stoner!

[Stoner]

The topic of DNA testing has been well discussed, but the issue is coming back and the issue is related to the paranoia of those that support 'The New World Order'-----------Homeland Security, Patriot Act and Patriot Act ll.

http://www.wired.com/news/privacy/0,1848,58600,00.html

DNA Fingerprinting for All!

Reuters Page 1 of 1


01:46 PM Apr. 23, 2003 PT

LONDON -- Everyone should be DNA fingerprinted to help tackle crime and enhance personal security, the British inventor of the modern forensic technique suggested Wednesday.

Professor Sir Alec Jeffreys, of the department of genetics at the University of Leicester, said existing criminal DNA databases were too small to catch criminal suspects


"At the moment, we have a criminal DNA database of about 2 million pro~~~~~ in the U.K.," he told reporters as scientists met at Britain's top scientific body, the Royal Society, to celebrate the discovery of DNA 50 years ago.

"The real problem in a typical crime is that even if you get DNA from a crime scene, you can't pick up a suspect because they don't have a record, so one possibility is to extend the database to include the entire population."

Jeffreys said he would feel "very uncomfortable" if such a database were run by the police.

"That would give entirely the wrong perception. But I would certainly be in favor of a database like that being established by a quite independent agency."

The database would carry a person's individual DNA profile and would certify their identity. "So it is not just a criminal investigation database but a personal security and assurance database as well," he said.

DNA fingerprinting -- from the tiniest of human specimens -- is already widely used in criminal investigations, paternity testing and to help settle applications for immigration, affecting the lives of thousands of people in a way Sherlock Holmes could not have dreamed possible.

The technique was developed in 1984 by Jeffreys after he noticed the existence of certain sequences of DNA that do not contribute to the function of a gene are repeated within the gene and in other genes of a DNA sample.

In most cases it provides an accuracy of identification in the tens to hundreds of millions to one. Its use has trapped perpetrators but has also exonerated the innocent who might otherwise have been found guilty due to circumstantial evidence.