Wikileaks release of TPP deal text stokes ‘freedom of expression’ fears

Wikileaks release of TPP deal text stokes ‘freedom of expression’ fears
Intellectual property rights chapter appears to give Trans-Pacific Partnership countries’ countries greater power to stop information from going public
By Sam Thielman in New York
Oct 9 2015

Wikileaks has released what it claims is the full intellectual property chapter of the Trans-Pacific Partnership (TPP), the controversial agreement between 12 countries that was signed off on Monday.

TPP was negotiated in secret and details have yet to be published. But critics including Democrat presidential hopefuls Hillary Clinton and Bernie Sanders,unions and privacy activists have lined up to attack what they have seen of it. Wikileaks’ latest disclosures are unlikely to reassure them.

One chapter appears to give the signatory countries (referred to as “parties”) greater power to stop embarrassing information going public. The treaty would give signatories the ability to curtail legal proceedings if the theft of information is “detrimental to a party’s economic interests, international relations, or national defense or national security” – in other words, presumably, if a trial would cause the information to spread. 

A drafter’s note says that every participating country’s individual laws about whistleblowing would still apply.

“The text of the TPP’s intellectual property chapter confirms advocates warnings that this deal poses a grave threat to global freedom of expression and basic access to things like medicine and information,” said Evan Greer, campaign director of internet activist group Fight for the Future. “But the sad part is that no one should be surprised by this. It should have been obvious to anyone observing the process, where appointed government bureaucrats and monopolistic companies were given more access to the text than elected officials and journalists, that this would be the result.”

Among the provisions in the chapter (which may or may not be the most recent version) are rules that say that each country in the agreement has the authority to compel anyone accused of violating intellectual property law to provide “relevant information […] that the infringer or alleged infringer possesses or controls” as provided for in that country’s own laws. 

The rules also state that every country has the authority to immediately give the name and address of anyone importing detained goods to whoever owns the intellectual property.

That information can be very broad, too: “Such information may include information regarding any person involved in any aspect of the infringement or alleged infringement,” the document continues, “and regarding the means of production or the channels of distribution of the infringing or allegedly infringing goods or services, including the identification of third persons alleged to be involved in the production and distribution of such goods or services and of their channels of distribution.”

TPP is now facing a rough ride through Congress where President Obama’s opponents on the right argue the agreement does not do enough for business while opponents on the left argue it does too much.

Obama has pledged to make the TPP public but only after the legislation has passed.


What’s in a Boarding Pass Barcode? A Lot

What’s in a Boarding Pass Barcode? A Lot
By Brian Krebbs
Oct 6 2015

The next time you’re thinking of throwing away a used boarding pass with a barcode on it, consider tossing the boarding pass into a document shredder instead. Two-dimensional barcodes and QR codes can hold a great deal of information, and the codes printed on airline boarding passes may allow someone to discover more about you, your future travel plans, and your frequent flyer account.

Earlier this year, I heard from a longtime KrebsOnSecurity reader named Cory who said he began to get curious about the data stored inside a boarding pass barcode after a friend put a picture of his boarding pass up on Facebook. Cory took a screen shot of the boarding pass, enlarged it, and quickly found a site online that could read the data.

“I found a website that could decode the data and instantly had lots of info about his trip,” Cory said, showing this author step-by-step exactly how he was able to find this information. ‘

“Besides his name, frequent flyer number and other [personally identifiable information], I was able to get his record locator (a.k.a. “record key” for the Lufthansa flight he was taking that day,” Cory said. “I then proceeded to Lufthansa’s website and using his last name (which was encoded in the barcode) and the record locator was able to get access to his entire account. Not only could I see this one flight, but I could see ANY future flights that were booked to his frequent flyer number from the Star Alliance.”

The access granted by Lufthansa’s site also included his friend’s phone number, and the name of the person who booked the flight. More worrisome, Cory now had the ability to view all future flights tied to that frequent flyer account, change seats for the ticketed passengers, and even cancel any future flights.

The information contained in the boarding pass could make it easier for an attacker to reset the PIN number used to secure his friend’s Star Alliance frequent flyer account. For example, that information gets you past the early process of resetting a Star Alliance account PIN at United Airline’s “forgot PIN” Web site.

After that, the site asks for the answer to a pre-selected secret question. The question in the case of Corey’s friend was “What is your Mother’s maiden name?” That information can often be gleaned by merely perusing someone’s social networking pages (e.g., does your aunt or uncle on your mom’s side have your mother’s maiden name as their last name? If so, are they friends with you on Facebook?)


The FBI warns of weaknesses in chip-and-sign credit card systems

The FBI warns of weaknesses in chip-and-sign credit card systems

By Russell Brandom
Oct 9 2015

The FBI has a stern warning for the credit card industry’s latest security measure, the EMV chip. In a statement today, the FBI’s Internet Crime Complaint Center warned that the new chips don’t prevent against online fraud or point-of-sale compromises of the type seen in the Target hack. The warning emphasizes the weakness of signature-based systems (“chip and sign” rather than “chip and PIN”), and instructs merchants to require a PIN number in place of a signature wherever possible. “This fully utilizes the security features built within the EMV card,” the warning states.

The underlying weaknesses in the warning were already known to much of the industry, but it emphasizes the frustration many feel with the current deployment. “The FBI’s alert should be a wake-up call to the banks and card networks that continue to stand in the way of making PIN authentication the standard in the US just as it has been around the world for years,” said Brian Dodge, executive vice president of the Retail Industry Leaders Association, in a provided statement.

Even with the new system, the US is still woefully behind the curve in payment technology, as most major markets have finished the transition to chip-and-PIN systems a decade ago. The current system is more relaxed, allowing for signatures in place of PIN numbers, but a recent study found less than two-thirds of retailers have been able to implement the system before an industry-wide deadline earlier this month.

DecodeDC: Military has its fingers in your food

DecodeDC: Military has its fingers in your food
U.S. military has more to do with the food you eat than you realize.
By Rachel Quester
Oct 8 2015

Nestled in the woods just outside of Boston sits the U.S. Army Natick Soldier Systems Center. The base does research on the necessities soldiers need on the frontline, such as clothing, shoes, body armor and food.

Part of Natick’s mandate is to get the food science it uses in producing military combat rations onto grocery store shelves and into your kitchen. That’s what Anastascia Marx de Salcedo writes about in her new book, “Combat Ready Kitchen: How the U.S. Military Shapes the Way You Eat.”

On the latest DecodeDC podcast, we sit down with de Salcedo to discuss the military’s massive influence on the American diet and its ultimate goal of creating a nation that is in a constant state of preparedness for the next war.

Audio: 18:24 min

Making Money from Misery? Disaster Capitalism from the Migrant Crisis to Afghanistan and Haiti

Making Money from Misery? Disaster Capitalism from the Migrant Crisis to Afghanistan and Haiti
Oct 9 2015

When disaster strikes, who profits? That’s the question asked by journalist Antony Loewenstein in his new book, “Disaster Capitalism: Making a Killing out of Catastrophe.” Traveling across the globe, Loewenstein examines how companies such as G4S, Serco and Halliburton are cashing in on calamity, and describes how they are deploying for-profit private contractors to war zones and building for-profit private detention facilities to warehouse refugees, prisoners and asylum seekers. Recently, Loewenstein teamed up with filmmaker Thor Neureiter for a documentary by the same name that chronicles how international aid and investment has impacted communities in Haiti, Afghanistan, Papua New Guinea and beyond.

Antony Loewenstein, Australian independent journalist and author of Disaster Capitalism: Making a Killing out of Catastrophe.


Government Likens Ending Bulk Surveillance to Opening Prison Gates

[Note:  This item comes from friend David Rosenthal.  DLH]

Government Likens Ending Bulk Surveillance to Opening Prison Gates
By Jenna McLaughlin
Oct 8 2015

A Justice Department prosecutor said Thursday that ordering the immediate end of bulk surveillance of millions of Americans’ phone records would be as hasty as suddenly letting criminals out of prison.

“Public safety should be taken into consideration,” argued DOJ attorney Julia Berman, noting that in a 2011 Supreme Court ruling on prison overcrowding, the state of California was given two years to find a solution and relocate prisoners.

By comparison, she suggested, the six months Congress granted to the National Security Agency to stop indiscriminately collecting data on American phone calls was minimal.

Ending the bulk collection program even a few weeks before the current November 29 deadline would be an imminent risk to national security because it would create a dangerous “intelligence gap” during a period rife with fears of homegrown terrorism, she said.

The argument came during a hearing before U.S. District Court Judge Richard Leon on plaintiff Larry Klayman’s request for a preliminary injunction that would immediately halt the NSA program that tracks who in the United States is calling who, when, and for how long.

The bulk telephony metadata program, which the NSA said was authorized under section 215 of the USA Patriot Act, was closed down by Congress in June with the passage of new legislation—the USA Freedom Act. However, the new bill allowed for a grace period of six months in which the government could set up a less all-inclusive alternative..

Klayman, an idiosyncratic plaintiff with a history of accusing the government of lying, seemed a bit unsure about specifically what relief he sought at the Thursday hearing.

But he argued that the transition period granted to the NSA was too long. “One day of constitutional violation is one day too much,” he said in his opening remarks.

The Second Circuit Court of Appeals in May ruled that the bulk telephony program was illegal.

Judge Leon ruled in Klayman’s favor in 2013, calling the government’s spying “almost Orwellian.”

When Berman made her analogy to releasing prisoners en masse, Leon responded: “That’s really a very different kind of situation, don’t you think?”.

And Berman was unable to cite any evidence that the bulk collection prevented any sort of terrorist attack, or that ending it now would be a serious threat.

“That’s a problem I had before—wonderful high lofty expressions, general vague terms…but [the government] did not share a single example,” Leon said.

Klayman, whose arguments consisted mostly of accusing the government of lying and violating the law, decided by the end of the hearing that he actually wanted the entire USA Freedom Act stricken from the books—because he insisted that Congress, in allowing an unconstitutional program to proceed, had violated the Constitution itself.

Judge Leon promised a ruling “as soon as possible.”

Can Facebook and Apple Kill the Internet? Part 1

Can Facebook and Apple Kill the Internet? Part 1
By Josh Marshall
Oct 9 2015

Broadly speaking you have three groups of players. First, the big telecommunications corporations who control the “pipes” of the modern data world. They largely operate as de facto monopolies or duopolies and depend heavily on captured governmental regulators to protect those monopolies. Name anyone who you buy phone or Internet service from and that’s who we’re talking about. 

Then you have the “content” owners – publishers, movie studios, authors, the music industry, musicians. They have tended to be the biggest losers in this story and yet their “product” is what makes the whole triangular system function.

Then you have the tech companies who play on every side of the struggle, partner with different triangular players at different points – and often at the same time – and more than anything else have pioneered new ways of either consuming or distributing ‘content.’ These new methods are often liberating to consumers, but also have the net effect of engrossing huge amounts of the revenue available from that industry – whether it’s music or book publishing or journalism or whatever.

The music business is perhaps the most extreme and visible example. I love iTunes and I love Spotify (though I’m considerably more conflicted about the latter since it’s a disaster for artists). But the upshot of both has been to take an industry which generated huge amounts of money for record labels and real money for artists, dramatically reduce the amount of revenue anyone makes from music, and then engross a huge amount of what’s left for companies who either didn’t used to exist or had no role in the music business in the past at all. I don’t put this forward as a moral evaluation. It’s just a demonstrable fact.

In my mind, the worst players in the triangular model are the telecom companies. Compared to other affluent and industrialized nations in the world, your internet connection is slower, less reliable and you pay more for it. For all the this, that and the other, the reason is that nearly everywhere, these companies function as monopolies or duopolies, or simply don’t face competition. But let’s leave that for another post. And, big picture, my point here is not to identify good guys and bad guys – again, with the exception of the big telecoms, half kidding, half not – but to look at the struggle between the different players and think about how different outcomes are better or worse for the country as a whole, the US economy and all of us individually, both as consumers and citizens.

This brings me to a small story I saw yesterday, which you probably didn’t see, and the significance of which may not be immediately clear. Google announced something new called Accelerated Mobile Pages. It’s a consortium of Google and a slew of major digital publishers – but Google is clearly the leading force and convener of the effort. So what are Accelerated Mobile Pages? Basically it’s a set of html protocols designed to dramatically speed up web pages on mobile devices. A streamlined ability to cache pages is also part of the set up. If you’re really a technophobe, it’s a new way of coding web pages to make them download a lot faster. I don’t want to get too much into the tech and protocol part of it. Click the link above if you’re interested in more technical details.

Notably, AMP is presented as an open-source project and I have no reason to believe that is not the case, though I haven’t been able to investigate all the details. That means no one owns it. Not Google or anyone else. Anyone can use it and no one should have a proprietary ability to profit from it.

Okay, so faster mobile pages. Great. What’s the bigger point? Here’s the bigger point.

Both Facebook and Apple are currently trying to carve up and basically kill what we call the open internet – particularly as it relates to publishing.

Here’s how – and bear with me because I’m going to set aside Google for a moment to go into some detail about what Facebook and Apple are doing before looping back to Google and how this move by Google is a reaction to it.