Thursday, February 28, 2008

1 in 100 American adults are in prison

The United States has now reached an incarceration rate of 1 in every 99.1 adults, the highest rate in the world. We're spending an enormous amount of money to train people to be hardened criminals by throwing people convicted of nonviolent drug-related crimes into prisons with real criminals.

Finland, by contrast, has one of the lowest incarceration rates in the world, which has been in place for over 30 years. There is no correlation between crime rates and incarceration rates. In my opinion, we should decriminalize drug use, get rid of mandatory minimums, and adopt a model much closer to Finland's, where only violent offenders are imprisoned. Those who cause other kinds of harm to others should be required to make restitution to their victims.

Phoenix Flippers in Trouble

I'd seen similar blogs for California cities, now I'm glad to see there's one for Phoenix. The site lists homes currently for sale at a loss, ordered from greatest total loss to least. Most of these homes have been flipped multiple times before the current flipper got stuck with it.

Despite what a realtor might tell you, when you see homeowners repeatedly reducing prices like this, it is not a good time to buy. It's a good time to wait and watch prices continue to drop. When you start seeing prices go back up for a while, then it might be a good time to buy--it's much better to buy after things have bottomed out and started to increase again than it is to buy on the way down. That's sometimes referred to as "catching a falling knife."

I wouldn't consider buying anything until 2010 at the earliest. We haven't yet even seen the peak of subprime ARM resets, which should hit in the next few months. Then we still have Alt-A ARM resets to peak after that.

Tuesday, February 26, 2008

Arizona #4 for January foreclosures

Nationwide, foreclosures are up 57% for January 2008 vs. January 2007 (and up 8% vs. December 2007), and the top states for foreclosures in January (on a per-capita basis) were:

1. Nevada
2. California
3. Florida
4. Arizona
5. Colorado
6. Massachusetts
7. Georgia
8. Connecticut
9. Ohio
10. Michigan

Repossessions are up 90% or January 2008 compared to January 2007.

Of course I'm right

I do try to be accurate and correct my mistakes. I was happy to read on the Village Voice's blog that I'm "right." But I think they mean politically right. In some cases, I'm sure I'm to the right of the Village Voice. In others, I'm sure I'm right there with them on the left.

I suppose it could be argued that defending InfraGard from falsehoods is "right" in both senses.

Here's the comment I posted at the Village Voice blog:
I'll happily have my blog characterized as "right" meaning "correct," but I don't think it's terribly accurate to refer to much of its content as politically right wing. I would be happy to hear that ending the war in Iraq, ending the war on drugs, legalizing gay marriage, impeaching George W. Bush, abolishing the CIA, strict separation of church and state, and free speech absolutism (all positions defended at my blog) are now endorsed by the political right--it's about time.

Thanks for the link.
(Obligatory xkcd cartoon about being right. Kat can vouch for its accuracy.)

Monday, February 25, 2008

Pakistan takes out YouTube, gets taken out in return

As ZDNet reports, yesterday afternoon, in response to a government order to filter YouTube (AS 36561), Pakistan Telecom (AS 17557, pie.net.pk) announced a more-specific route (/24; YouTube announces a /23) for YouTube's IP space, causing YouTube's Internet traffic to go to Pakistan Telecom. YouTube then re-announced its own IP space in yet more-specific blocks (/25), which restored service to those willing to accept routing announcements for blocks that small. Then Pakistan Telecom's upstream provider, PCCW (AS 3491), which had made the mistake of accepting the Pakistan Telecom /24 announcement for YouTube in the first place, shut off Pakistan Telecom completely, restoring YouTube service to the world minus Pakistan Telecom. They got what they wanted, but not quite in the manner they intended.

Don't mess with the Internet.

Martin Brown gives more detail at the Renesys Blog, including a comment on how this incident shows that it's still a bit too easy for a small ISP to disrupt service by hijacking IPs, intentionally or inadvertently. Danny McPherson makes the same point at the Arbor Networks blog, and also gives a good explanation of how the Pakistan Internet provider screwed up what they were trying to do.

Somebody still needs to update the Wikipedia page on how Pakistan censors the Internet to cover this incident.

UPDATE: BoingBoing reports that the video which prompted this censorship order was an excerpt from Dutch Member of Parliament Geert Wilders' film "Forbidden" criticizing Islam, which was uploaded to YouTube back on January 28. I've added "religion" and "Islam" as labels on this post, accordingly. The two specific videos mentioned by Reporters without Borders as prompting the ban have been removed from YouTube, one due to "terms of use violation" and one "removed by user." The first of these two videos was supposedly the Geert Wilders one; the second was of voters describing election fraud during the February 18 Parliamentary elections in Pakistan. This blog suggests that the latter video was the real source of the attempted censorship gone awry, though the Pakistan media says it was the former. So perhaps the former was the pretext, and the latter was the political motivator.

A "trailer" for Wilders' film is on YouTube here. Wilders speaks about his film on YouTube here and here. Ayaan Hirsi Ali defends Wilders on Laura Ingraham's show on Fox News here. (Contrary to the blog post I've linked to, Hirsi Ali was not in the Theo Van Gogh film "Submission Part One," which can itself be found here, rather, she wrote it. Van Gogh was murdered as a result of it. The beginning and end is in Arabic with Dutch subtitles, but most of it is in English with Dutch subtitles.)

UPDATE (February 26, 2008): This just in, from Reuters--Pakistan "might have been" the cause of the YouTube outage. Way to be on the ball with breaking news, Reuters!

The Onion weighs in on the controversy!

Sunday, February 24, 2008

New Mexico InfraGard conference

On Friday, I attended the New Mexico InfraGard Member Alliance's "$-Gard 2008" conference in Albuquerque. It was an excellent one-day conference that should be used as a model by other chapters. The conference was open to the public, and featured an informative and entertaining two-hour seminar on fraud and white collar crimes by Frank Abagnale, author of the autobiographical Catch Me If You Can and anti-fraud books The Art of the Steal and Stealing Your Identity. (Another version of Abagnale's talk can be viewed as an online webinar courtesy of City National Bank.) Abagnale argued that fraud has become much easier today than it was when he was a criminal forger, with numerous examples, and also offered some simple and relatively inexpensive ways for businesses and individuals to protect themselves. For example, he recommended the use of microcut shredders, and observed that his own business keeps shredders near every printer, and no documents get thrown away, everything gets shredded. He recommended the use of a credit monitoring service like Privacy Guard, and that if you write checks, you use a black uniball 207 gel pen, which is resistant to check-washing chemicals. For businesses that accept cash, he recommended training employees in some of the security features of U.S. currency rather than relying on pH testing pens, which are essentially worthless at detecting counterfeit money. By recognizing where bills use optical variable ink, for example, you can easily test for its presence in the time it takes you to accept bills from a customer and transfer them into a cash register. He also recommended that businesses use bank Positive Pay services to avoid having business checks altered.

Other speakers included Anthony Clark and Danny Quist of Offensive Computing, who gave a talk on "Malware Secrets," based on their research and collection of 275,000 malware samples. Their talk included an overview of the economics of malware, which I believe is essential for understanding how best to combat it. They looked at the underground economy fairly narrowly focused on malware itself, and the cycle of its production, use, reverse engineering by whitehats, the development of antivirus patterns, and then demand for new undetectible malware, and observed that in that particular cycle it's probably the legitimate security companies such as antivirus and IDS vendors who make the most money. They didn't really look at the broader features of the underground economy, such as how botnets are used as infrastructure for criminal enterprises, or the division of criminal labor into different roles to disperse risk, though they certainly mentioned the use of compromised machines for spamming and phishing attacks. They skipped over some of the technical details of their work on automating the unpacking and decryption of malware, which was probably appropriate given the mixed levels of technical background in this audience. A particularly noteworthy feature of their research was their list of features of antivirus software that should be examined when making a purchase decision--performance, detection rates, miss rates, false positive rates, system intrusiveness, a product's own security, ease of mass deployment, speed, update frequency, use of signatures vs. other detection methods, ability to clean, capabilities with various categories of malware (rootkits, trojans, worms, backdoors, spyware), and ability to detect in real time vs. during a scan.

Alex Quintana of Sandia National Labs also spoke about current trends in malware, in the most frightening talk of the conference. He talked about how malware has gone from something that attacks exposed servers on the Internet to something that individual clients pull to their machines from the Internet, usually via drive-by downloads. He demonstrated real examples of malware attacks via web pages and via Shockwave Flash, PowerPoint, and Word documents, and explained how one of his colleagues has coined the word "snares" for emails or web pages that lure individuals into targeted drive-by malware downloads. There was a wealth of interesting detail in his presentation, about trojans that use covert tunnels and hiding techniques, injecting themselves into other running processes, using alternate data streams, and obfuscated information in HTTP headers and on web pages. One trojan he described rides on removable media such as USB thumbdrives and runs when inserted into a PC thanks to Windows Autorun; it drops one component that phones home to accept instructions from a command and control server, and another that causes the malware to be written out on any other removable device inserted into the machine. It's a return of the old-fashioned virus vector of moving from machine to machine via removable media rather than over the network.

From law enforcement, there were presentations from Melissa McBee-Anderson of the Internet Crime Complaint Center (IC3, another public-private partnership, which acts as a clearinghouse for Internet crime complaints and makes referrals of complaints to appropriate federal, state, , local, and international law enforcement agencies) and from various agents of the Cyber Squad of the Albuquerque FBI office. These presentations were somewhat disappointing in that they demonstrated how huge the problem is, yet how few prosecutions occur. For example, after the 2004 tsunami disasters, there were over 700 fake online charities set up to prey on people's generosity after a disaster, yet only a single prosecution came of it. In 2005, the number of fake online charities for hurricanes Katrina and Rita was over 7,000, yet only five prosecutions came of those, including one in Albuquerque. Yet even that "successful" prosecution led to no jail time, only community service and probation. Frank Abagnale's presentation also included some woeful statistics about prosecutions for white collar crime and check fraud that explicitly made the same point that was implicit in several of the law enforcement presentations. To IC3's credit, however, the showed an example of a link chart generated from their crime complaint data, a very tiny portion of which was brought to them by a law enforcement agency seeking more information, the rest of which came from multiple received complaints. That link chart showed many interconnected events by five organized fraud gangs. Ms. McBee-Anderson also reported on successful international rosecutions against individuals at Lagos, Nigeria's "walking Wal-Mart," where people were selling goods purchased with stolen credit card information and using forged cashier's checks. (I'm still amazed that anyone actually falls for the Nigerian online fraud schemes, but they do.)

The conference did a good job of making clear some specific threats and offering recommendations on necessary (yet unfortunately individually insufficient) defenses. It's quite clear that relying solely on law enforcement to provide you with a remedy after the fact is a bad idea. It's essential that private enterprises take preventative measures to protect themselves, and use a layered, defense-in-depth approach to do so.

Saturday, February 23, 2008

Dirty Politician: Rick Renzi indicted

Arizona Republican Rep. Rick Renzi has finally been indicted, on 35 counts that include extortion, embezzlement, and money laundering. The investigation has been conducted by the FBI (working on priority #4, "combat public corruption at all levels"), the IRS, the U.S. Attorney's office, and the Department of Justice's Office of Public Integrity.

More InfraGard FUD and misinformation

Gary D. Barnett, president of a financial services firm in Montana, has written an article about InfraGard for The Future of Freedom Foundation, apparently inspired by the Progressive article. Thankfully, he avoids the bogus "shoot to kill" claims, but he introduces some erroneous statements of his own. It's apparent that he didn't bother speaking to anyone in InfraGard or doing much research before writing his article, which is another attempt to spread fear, uncertainty, and doubt about the program.

Barnett first goes wrong when he writes:

InfraGard’s stated goal “is to promote ongoing dialogue and timely communications between members and the FBI.” Pay attention to this next part:

Infragard members gain access to information that enables them to protect their assets and in turn give information to government that facilitates its responsibilities to prevent and address terrorism and other crimes.
I take from this statement that there is a distinct tradeoff, a tradeoff not available to the rest of us, whereby InfraGard members are privy to inside information from government to protect themselves and their assets; in return they give the government information it desires. This is done under the auspices of preventing terrorism and other crimes. Of course, as usual, “other crimes” is not defined, leaving us to guess just what information is being transferred.
First, there isn't a "distinct tradeoff." There is no "quid pro quo" required of InfraGard members. All InfraGard members get the same access to bulletins as the others, regardless of whether they share information back. There are some specific sector-oriented subgroups that share information only with each other (and such private groups also exist independently of InfraGard, such as the sector Information Sharing and Analysis Centers, or ISACs). The FBI may come to a company from time to time with specific threat information relevant to them (I've seen this happen once with respect to my own company), but that happens whether a company is a member of InfraGard or not. (Where InfraGard membership might give added benefit is that the FBI knows that the InfraGard member has undergone some rudimentary screening. There are companies that are set up and run by con artists, as well as by foreign intelligence agents, believe it or not, and where there is apparent risk of such a setup, the FBI is obviously going to be less forthcoming than with somebody they already know.)

Second, "not available to the rest of us" suggests that InfraGard membership is difficult to come by. It's not. I suspect Mr. Barnett himself could be approved, as could whoever does IT security for his company.

Third, there's no need to guess about the "other crimes." The FBI's own priority list tells you:

1. Protect the United States from terrorist attack. (Counterterrorism)
2. Protest the United States against foreign intelligence operations and espionage. (Counterintelligence)
3. Protect the United States against cyber-based attacks and high-technology crimes. (Cyber crime)
4. Combat public corruption at all levels.
5. Protect civil rights.
6. Combat transnational/national criminal enterprises.
7. Combat major white collar crime.
8. Combat significant violent crime.
9. Support federal, state, local, and international partners.
10. Upgrade technology to successfully perform the FBI's mission.

Some might question this list, in particular #5, on the basis of the FBI's past record, but my interactions with law enforcement lead me to believe that there are many who do take #5 quite seriously and would challenge and speak out against actions contrary to it. I was at an InfraGard conference in New Mexico yesterday at which an exchange occurred that went something like this:

Me: I work for a global telecommunications company.
He: You're not one of those companies that's been eavesdropping on us, are you?
Me: No.
He: Good.

"He" was a member of New Mexico's InfraGard--and a member of law enforcement. I'll have more to say about warrantless wiretapping in a moment.

The real issue with this list is that the top two are probably misplaced, and 6-8 (and #10!) have been suffering, as I've previously written about.

Barnett goes on:
Since these members of InfraGard are people in positions of power in the “private” sector, people who have access to a massive amount of private information about the rest of us, just what information are they divulging to government? Remember, they are getting valuable consideration in the form of advance warnings and protection for their lives and assets from government. This does not an honest partnership make; quite the contrary.
There are several key ways in which private industry helps the FBI through InfraGard. One is securing their own infrastructure against attacks so that it doesn't create a problem that the FBI needs to devote resources to. Two is by bringing criminal issues that are identified by private companies to the attention of the FBI so that it can investigate and bring prosecutions. Three is by assisting the FBI in its investigations by explaining what evidence that requires technical skills to understand means, and giving them guidance in how to successfully track down criminals.

Barnett goes on to talk about Rep. Jane Harman's bill in Congress, HR1955/S.1959, which I've also briefly commented on at this blog, and makes some significant errors of fact. He writes this this bill "if passed, will literally criminalize thought against government." That's false--the bill doesn't criminalize anything, it just creates a commission that will write a report and make recommendations. That commission has no law enforcement powers of any kind, not even the power of subpoena. Barnett also mistakenly thinks that this bill contains a reference to InfraGard. He writes:
S.1959, if passed, will be attached to the Homeland Security Act and InfraGard is already a part of the Department of Homeland Security. This is not a coincidence. Under section 899b of S.1959 it is stated:
Preventing the potential rise of self radicalized, unaffiliated terrorists domestically cannot be easily accomplished solely through traditional Federal intelligence or law enforcement efforts, and can benefit from the incorporation of State and local efforts.

This appears to be a direct reference to the InfraGard program.

The reference to "the incorporation of State and local efforts" into "traditional Federal intelligence or law enforcement efforts" in counterterrorism contains no reference to private partnerships, only to combining law enforcement efforts at federal, state, and local levels. This is a reference to what are called "fusion centers," like the Arizona Counter-Terrorism Information Center (ACTIC). The people who work in those centers are people from government agencies (at the federal, state, and local levels) with government security clearances. InfraGard in Phoenix does partner with ACTIC, which in practice means that ACTIC representatives give presentations to InfraGard (all of which I believe have also been open to the general public), ACTIC shares threat information with InfraGard much like the FBI does, and that InfraGard members are encouraged to report potential terrorist tip information to ACTIC. (ACTIC also encourages the general public to do this, which I think is far more likely to waste resources than identify any actual terrorists.)

Note that Barnett is mistaken when he writes that InfraGard is part of the Department of Homeland Security. InfraGard is not a government agency or part of a government agency--it is a non-governmental organization, or actually a collection of non-governmental organizations, which are 501(c)(3) nonprofits, with leadership provided by board members who are InfraGard members. Each chapter has a coordinator from the FBI who is not on the board. The FBI provides guidance and suggestions, but the organizations are run by the boards.

Now Barnett goes into Matt Rothschild territory when he writes: "I’m just speculating, of course, but is it possible that InfraGard will be a domestic police and spying arm for the government concerning “thought crime”?" It's not just speculation, it's uninformed speculation. InfraGard is not part of government and has no police powers of any kind. I've previously addressed the degree to which I think the "spying" is a risk--I think it's relatively low, but worth talking about.

Barnett continues in a Rothschild vein when he says "InfraGard, on the other hand, is an organization cloaked in secrecy. It holds secret meetings with the FBI." This talk of InfraGard being "cloaked in secrecy" is grossly exaggerated. The group has fairly open membership and most meetings are open to the public. When there are meetings restricted to membership, those typically wouldn't be accurately described as "secret meetings with the FBI." I and other members of InfraGard have had private meetings with FBI agents with respect to particular investigations, but it would be inaccurate to describe those as "InfraGard meetings." Law enforcement by its very nature requires a high degree of confidentiality for ongoing investigations, but it is a mistake to infer that this means conspiratorial plotting or spying.

Towards the end of his article, Barnett talks about warrantless wiretapping, telecom immunity, and the secrecy of InfraGard membership:
Considering the recent attempts by President Bush and his administration to protect many telecommunications companies and executives from prosecution for releasing private information, how many of the top telecom executives are members of InfraGard? I, for one, would be very interested in this information, but alas, it is not public information; it is secret.
What's the sense in which InfraGard membership is secret? Only in that it's not made available to the general public. Barnett writes that "no one outside InfraGard is to know who is a member unless previous approval has been given," but this is his misinterpretation of a guideline he quotes, not what it says. There's nothing prohibiting an InfraGard member from identifying themselves as such, only from identifying others as such without their consent. And if you're going to speak on behalf of InfraGard, you need to get approval from the organization first. (And note that I'm not speaking on behalf of InfraGard here, and have had no approval from InfraGard for what I've written on my blog.) If you're an InfraGard member, you have access to the online directory of InfraGard members. If Barnett is really interested in knowing who is a member, all he has to do is join.

As for "how many of the top telecom executives are members of InfraGard," I haven't looked, but I would be willing to wager that the answer is none. I know that none of the members of the "Senior Leadership Team" of my company are members of InfraGard, though my boss, our VP of Global Security, heads the Rochester, NY chapter of InfraGard. Senior executives of large corporations don't have time or interest to belong to InfraGard, and it's not really geared to them, as opposed to members of their physical and IT security organizations.

And as for warrantless wiretapping (I said I'd get back to it), InfraGard has nothing to do with that and it's foolish to think that it would. That activity has involved direct relationships between incumbent telecom providers (AT&T certainly, and probably Verizon as well) and the National Security Agency, with information restricted to employees holding government security clearances on a "need to know" basis, as the ACLU and EFF lawsuits have revealed. These relationships also probably include commercial relationships, and have included movement of personnel from one to the other--for example, AT&T has a Director of Government Solutions who came from the NSA. InfraGard members, many if not most of which hold no government security clearances, are not in the loop on that activity. (For that matter, I suspect few FBI personnel are in the loop on that, either.)

I find it discouraging that articles like Barnett's are written and published. Such inaccurate information serves to distract from real issues and real government abuses and to discredit those who repeat it, when they have other things to say that are worth hearing, paying attention to, and acting upon. I hope that Barnett and FFF will strive for greater accuracy in the future.

Thursday, February 21, 2008

Canada busts 17 in botnet ring

This morning Canada arrested 17 people of ages ranging from 17 to 26 years old for running botnets containing "up to one million computers" in 100 countries. They face charges that could result in up to 10 years in prison.

This barely scratches the surface of online criminal activity. Niels Provos of Google did a study (PDF) that found that of 4.5 million websites scanned between March of 2006 and February of 2007, 450,000 of them attempt to load malware on visiting machines. Sophos' similar survey in July of last year that found that 29% of websites host malware, 28% host porn or gambling content, and 19% are spam-related. Drive-by malware installations (where merely visiting a website causes malware to be loaded onto your machine) are definitely the method of choice for creating botnets today. I recommend using Firefox with the NoScript plugin and the MyWOT plugin to help prevent getting infected by such sites.

Tomorrow, I'll be attending a New Mexico InfraGard conference at which I hope to learn more about recent malware trends (and get my copy of Catch Me If You Can and/or The Art of the Steal autographed by their author). This is another one open to the general public, so I expect no talk about "shoot to kill" powers except in jest.

UPDATE (February 22, 2008): I'm quoted in Brian Jackson's article on the Quebec botnet hacker bust on itbusiness.ca. I'm not entirely happy with the quotes attributed to me--I didn't say "tens of millions," though I said there have been botnets with more than a million hosts, and there are multiple millions of compromised hosts out there. If tens of millions is not accurate today, it will be in the future. The other quotation about IRC got a little bit garbled, but is not far off--I made the point that the bots of today have evolved from a combination of IRC bots of the past combined with denial of service attack tools, remote access trojans, and other malware, and many of them still use IRC as their mode of communication.

Con artists in desperate need of money

Although I've gone for the last several years with extremely few illegal prerecord telemarketing calls, I've received three to my cell phone in the last three weeks, all scams. (I wonder how many of these people were working in the mortgage business until recently?) Two of them came from faked caller IDs that look like UK telephone numbers (starting with +44), but which appear to actually be from Florida, a popular location for all kinds of scammers. The first call, on January 30, came from 44-207-490-6113and was selling auto warranties, no doubt at far above market prices, and was phrased in such a way as to attempt to deceive the recipient into thinking they needed to renew an existing warranty that is expiring. When I got to a human operator and asked to be put on their do-not-call list, the woman hung up on me. I need to learn to be more subtle in my questioning to get more information from these con artists.

The second call, on February 12, gave caller ID of 866-526-9732, and said that I had won a no-catch, all-expenses-paid vacation for two, and asked me for my name and number so that I could be called and told where to pick it up. Unfortunately, it hung up on me while I was trying to provide a fake name and real phone number, so that I could identify the caller and sue them.

The third call, today, gave caller ID of 44-207-414-4370 and was offering a credit card deal to "reduce my interest rate." Again the wording expressed urgency about a limited-time offer and made it sound like it was with regard to a card I already hold. This time, I asked the human operator (after waiting quite some time to get one) what company he's with. I had to ask three times--he kept repeating his script about "any Mastercard or Visa," and I kept saying "no, what company are YOU with." Finally, he said "United Debt Aid," which is no doubt a fake name. I asked him to put me on their do-not-call list and again was hung up on as I was telling him he was working for a bunch of criminals. I didn't get a chance to ask for a written do-not-call policy from any of these three, but I'm sure they don't have them since they're violating the law in several ways already. Prerecord calls with advertising to cell phones are flat out illegal, just as prerecord calls with advertising to residential phones is illegal (without an existing business relationship, according to the FCC, which has incorrectly added an exception not present in the actual statute). So is falsifying caller ID information, so is failing to identify the business calling or on whose behalf the call is being made. So is failing to put me on their do-not-call list, and so is failing to send a written do-not-call policy upon request.

If anybody happens to come across more information that might identify who is behind these calls, let me know--I'd love to sue them.

UPDATE (February 25, 2008): I got another auto warranty one today, Caller ID said 442074791697 and it began "Your auto warranty has expired" and claimed they had been trying unsuccessfully to contact me via mail--two lies in the first two sentences. I pressed 1 to talk to a live operator, who immediately asked me for the year and make of my car. I asked what company is providing the warranty, and he hung up on me. Apparently any questioning at all is reason for these scammers to proceed to the next call recipient.

UPDATE (March 27, 2008): I received two more of these in quick succession--one on March 17 (auto warranty call from 505-217-2684) and one on March 19 (credit card rate reduction call from 305-654-1842).

ConsumerAffairs.com has a story about ripoff auto warranties sold by companies in St. Louis.

Verizon Wireless has filed a law suit against John Does to go after these auto warranty calls.

UPDATE (April 7, 2008): Another auto warranty one, from 305-672-6663.

I believe that at least some of these calls are coming from businesses run by former associates of Fax.com, a defunct broadcast fax and prerecord telemarketing business that received a $5,379,000 fine from the FCC in 2002 which was never collected, and was successfully sued by the D.C. law firm of Covington & Burling for $2.3 million in 2003, which I believe was also never collected. The legal system is not good at dealing with these sorts of criminals, because it's all being left to civil enforcement, when these are the kind of people who need to be thrown in jail.

UPDATE (April 10, 2008): Another from "Heather at account services," caller ID 561-482-7092, for credit card rate reduction. The human being I spoke with confirmed that she's in Boca Raton, FL--on a previous call the company was identified as "United Debt Aid" in Boca Raton.

UPDATE (August 11, 2008): There's a wealth of information about these calls and who's behind them at the Stopping Heather Forums.

Wednesday, February 20, 2008

Scientology critic Shawn Lonsdale dies

Shawn Lonsdale, who began picketing the Church of Scientology in Clearwater, Florida in 2006, was found dead in his home of an apparent suicide. A garden hose was run from his car's exhaust into a window of his home, and a suicide note was found.

His protests against Scientology had declined last year, when he didn't renew the domain registration for his critical website and stopped posting much on his blog. His conflict with Scientology began and peaked in 2006, when Scientology-hired PI's dug up and publicized his two misdemeanor convictions for lewd and lascivious conduct, and subpoenaed him for a deposition regarding their claim that he was an agent of a group prohibited from protesting in downtown Clearwater. I would guess that the group in question was the Lisa McPherson Trust, and that the prohibition was the result of a legal settlement.

Lonsdale appeared in the BBC Panorama episode on Scientology, which can be found on YouTube in its entirety.

Michael Shermer on Anonymous protest of Scientology

Monday's Los Angeles Times featured a short op-ed piece by Michael Shermer of the Skeptics Society about Anonymous' protests against Scientology, which is rightly both critical of Anonymous and Scientology.

Cayman Islands bank gets Wikileaks taken offline

As reported in Wired's blog:

Wikileaks, the whistleblower site that recently leaked documents related to prisons in Iraq and Guantanamo Bay, was taken offline last week by its U.S. host after posting documents that implicate a Cayman Islands bank in money laundering and tax evasion activities.

In a pretty extraordinary ex-parte move, the Julius Baer Bank and Trust got Dynadot, the U.S. hosting company and domain registrar for Wikileaks, to agree not only to take down the Wikileaks site but also to "lock the wikileaks.org domain name to prevent transfer of the domain name to a different domain registrar." A judge in the U.S. District Court for Northern California signed off on the stipulation between the two parties last week without giving Wikileaks a chance to address the issue in court.

The Julius Baer Bank, a Swiss bank with a division in the Cayman Islands, took issue with documents that were published on Wikileaks by an unidentified whistleblower, whom the bank claims is the former vice president of its Cayman Islands operation, Rudolf Elmer. The documents purport to provide evidence that the Cayman Islands bank helps customers hide assets and wash funds.

After failing to convince Wikileaks to take down the documents, the bank went after its U.S. hosting service, which responded by agreeing not only to remove the Wikileaks account from Dyndadot's server but also to help prevent Wikileaks from moving its site to a different host.

Wikileaks is actually still online, even though its domain has been taken out of its control in this highly unusual and inappropriate move by the courts. Bank Julius Baer and its attorneys are making a huge mistake that is now going to drive far more attention to the documents in question than they would have received otherwise.

Wikileaks publishes the correspondence between the organization and the bank's attorneys, in which they refuse to identify their client or the specific documents that they take issue with.

Wikileaks board member Julian Assange (author of the security tool "strobe" and technical advisor and researcher for the excellent book Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier, by Suelette Dreyfus), has been quoted saying that Wikileaks will continue to publish:
"The order is clearly unconstitutional and exceeds its jurisdiction," Wikileaks spokesman Julian Assange said in the e-mail statement issued from Paris on Monday. "Wikileaks will keep on publishing. In fact, given the level of suppression involved in this case, Wikileaks will step up publication of documents pertaining to illegal or unethical banking practices."
Wikileaks was set up primarily to allow the leaking and publishing of documents from non-Western authoritarian regimes, but it has gotten the most press for its earlier leak of the Guanatanomo Bay operating manual and now for this report of a Cayman Islands/Swiss bank's activities.

In my opinion, Wikileaks is subject to abuse--just like the Internet in general, as well as newspapers and other forms of publication--but that organizations which attempt to use trade secret and copyright law as a tool to conceal illegal or immoral activity should not be permitted to succeed. This particular case appears to be somewhat complex and based on a particular whistleblower's account, and if it only involves tax avoidance (as opposed to evasion), then it doesn't involve the violation of any laws. It is, however, clearly inappropriate for the entire site to be shut down just because of a few specific documents from one case--that would be like shutting down Wikipedia because of the content in one set of articles, or shutting down Blogger because of material posted on one blog. That's the kind of censorship we have seen from some authoritarian regimes in response to critical material, but it's not how the law should work in the United States.

UPDATE (March 4, 2008): Judge White wisely reversed his decision and Wikileaks.org is back at its own domain name.

Sunday, February 17, 2008

Malware in digital photo frames

The Mocmex virus and other trojans have been found on digital photo frames from China sold at Target, Costco, Sam's Club, and Best Buy. The photo frames are connected to a computer via USB to load photographs; on a Windows machine this will cause an executable stored on the photo frame to run, infecting the computer.

The SANS Internet Storm Center has documented more details here and here.

As more and more devices have built-in storage and can be connected via USB to PCs, we'll see more and more attacks like this.

Saturday, February 16, 2008

Spies who love you

Mark Fiore helps teach kids about the importance of warrantless wiretapping.

(Hat tip to Bob Hagen.)

Friday, February 15, 2008

FBI responds to "shoot to kill" claims about InfraGard

The FBI has issued an official response to Rothschild's Progressive article (PDF), which says, in part:
In short, the article's claims are patently false. For the record, the FBI has not deputized InfraGard, its members, businesses, or anything else in the program. The title, however catchy, is a complete fabrication. Moreover, InfraGard members have no extraordinary powers and have no greater right to "shoot to kill" than other civilians. The FBI encourages InfraGard members -- and all Americans -- to report crime and suspected terrorist activity to the appropriate authorities.
The FBI response also states that Rothschild has "refused even to identify when or where the claimed 'small meeting' occurred in which issues of martial law were discussed," and promises to follow up with further clarifying details if they get that information.

I've updated my own response to Rothschild to include the above information.

Wednesday, February 13, 2008

Pentagon-commissioned Rand report on Iraqi occupation

A Pentagon-commissioned study from the Rand Corporation on U.S. military occupation in the Middle East, titled "War by Other Means: Building Complete and Balanced Capabilities for Counterinsurgency," argues that the U.S. military efforts are "at best inadequate, at worst counter-productive, and, on the whole, infeasible":

The United States should instead focus its priorities on improving "civil governance" and building "local security forces," according to the report, referring to those steps as "capabilities that have been lacking in Iraq and Afghanistan."

"Violent extremism in the Muslim world is the gravest national security threat the United States faces," said David C. Gompert, the report's lead author and a senior fellow at Rand. "Because this threat is likely to persist and could grow, it is important to understand the United States is currently not capable of adequately addressing the challenge."

The report argues for some of the things that have been done as part of the "surge," such as training and equipping local security forces, but maintains that this needs to be done by professional police trainers, not by the military. Building local governments, an efficient and fair justice system, and accessible mass education are also recommendations. A bullet list of recommendations:

  • American military forces can't keep up with training local militaries to match the growth of Muslim insurgent groups and that must improve. Police should be trained by professional police trainers.
  • American military prowess should focus "on border and coastal surveillance, technical intelligence collection, air mobility, large-scale logistics, and special operations against high-value targets."
  • A new information-sharing architecture should be created. This "Integrated Counterinsurgency Operating Network" would promote "universal cell phone use, 'wikis' and video monitoring." [They could call it InfraGard Iraq.]
  • "Pro-America" themes should be dropped "in favor of strengthening local government" and emphasizing the failure of jihadists to meet people's needs.
  • U.S. allies and international organizations, such as NATO, the European Union, and the United Nations could help the United States in areas such as "building education, health and justice systems, and training police and" military forces that perform civilian police duties.
  • Dave Bird, RIP

    Noted Scientologist critic and tireless picketer of Scientology's London Org, Dave Bird, died on Sunday, the same day as the largest London Scientology picket that has ever occurred.

    David Gerard has posted a nice couple of obituaries and some photos at his blog.

    Dave Bird had a crazy mountain man look, and I thought his postings and tactics were sometimes over the top, but he also had a gift for showmanship and entertainment, as you can see from the photos of his props that he brought to protests. He was one of the protesters that Scientology took seriously enough to attack on their "Religious Freedom Watch" website (which seems to still be offline since being attacked by "Anonymous").

    Tuesday, February 12, 2008

    Chasing ghosts with joint terrorism task forces

    The latest issue of Rolling Stone has an excellent article by Guy Lawson, "The Fear Factory," about how joint terrorism task forces across the U.S. are engaging in wild goose chases and exaggerating the terrorist threat to justify their existence.

    A companion article, Tim Dickinson's "Truth or Terrorism? The Real Story Behind Five Years of High Alerts," reports on the real stories behind repeated terror scares that have been used to elevate the DHS advisory system over the last five years.

    Visual depictions of quantity in art


    The picture is of a pair of breasts, composed of 32,000 Barbie dolls. 32,000 is the number of elective breast augmentation surgeries in the U.S. in 2006.

    This picture, along with a partial zoom and closeup and other similar works by Chris Jordan, may be found at his website. The photos depict such things as 2 million discarded plastic bottles (the number used in the United States every five minutes), a skull made from images of 200,000 packs of cigarettes (the number of Americans who die from cigarette smoking every six months), a version of Seurat's "Sunday Afternoon on the Island of La Grande Jatte" made from 106,000 images of aluminum cans (the number used in the U.S. every 30 seconds), and so forth.

    Hat tip to Barry Williams, who posted this on the SKEPTIC list.

    UPDATE (June 11, 2009): Jordan gave a TED Talk about his work last year:

    Niece of David Miscavige speaks out against Scientology

    Jenna Hill, niece of David Miscavige, head of the Church of Scientology, left the church in 2005 (her parents left in 2000). Her main point in this Inside Edition clip is to confirm claims that the church has a policy of "disconnection" that cuts off Scientologists from critical family members outside the church. (I wasn't aware that the Church actually denied that it does this, as it's quite well documented.)

    A NY Post story about Hill is a bit more informative than the clip.

    UPDATE (April 24, 2008): Jenna Miscavige Hill is now one of the admins at the Ex-Scientology Kids website.

    Sunday, February 10, 2008

    Scientology protests

    "Anonymous" came through today with protests at Scientology organizations worldwide, getting media coverage for protests in Sydney, London, Edinburgh, Dallas, Detroit, Toronto, Amsterdam, Minneapolis, Los Angeles, Clearwater, Seattle, Montreal, Milwaukee, and Boston, among other cities. There's an excellent description of the London protests here.

    A protest here in Phoenix brought about 60 protesters.

    Today, February 10, was chosen because it was the birthday of Lisa McPherson, who died in Scientology care in Clearwater, Florida in 1995, and whose death was brought to public attention on the Internet through the efforts of Scientology critic Jeff Jacobsen, my co-author on our Skeptic magazine article about Scientology.

    Overcompensating has a cartoon on the Scientology protests.

    UPDATE (February 13, 2008): Here's some British media coverage in which the Church of Scientology representative refers to the protesters as a "terrorist group."

    Another creationist-leaning paper published

    Another paper that seems to advocate creationism has somehow managed to fly under the radar and get published in a science journal, Proteomics, authored by a couple of South Koreans. Unfortunately for creationists, the paper is not only badly argued, it is full of plagiarism.

    Pharyngula has a two-part summary, and one of the authors whose work has been copied has put together a side-by-side comparison of the plagiarized sections and their original sources (PDF). Lars Juhl Jensen has also reported details of the plagiarism at his blog.

    The authors, Mohamad Warda and Jin Han, are both in South Korea. South Korea, perhaps not coincidentally, is the home to four of the world's ten largest megachurches and a young-earth creationist movement second only to the one in the U.S. in size, and larger in percentage of the population with having membership in creationist organizations. Ronald L. Numbers' The Creationists (2nd ed.) states that "By 2000 the member ship [in the Korea Association of Creation Research] stood at 1,365, giving Korea claim to being the creationist capital of the world, in density if not in influence" (p. 418).

    UPDATE (February 11, 2008): Mike O'Risal at Hyphoid Logic finds someone (apparently a creationist) defending Warda and Han's paper at something called "AcademicFreedomBlog." That poster, "DrMC," apparently thinks that plagiarism should be published as part of academic freedom. As it turns out, part of the reason that the logic seems so awry in the Warda and Han paper is that almost the entire thing (aside from a single paragraph, presumably the one with the God reference) has been cobbled together from pieces of other people's work.

    UPDATE (February 13, 2008): The Guardian's blog has an article on this issue, including a non-apologetic response from one of the authors (Warda) which denies plagiarism.

    UPDATE (March 14, 2008): A month later, Proteomics still hasn't explained how it came to publish such an awful paper. Lars Juhl Jensen points out:

    The manuscript contains four parts with unsupported claims that should have been caught by any peer reviewer or editor:

    1. Title - “Mitochondria, the missing link between body and soul”.
    2. Abstract - “These data are presented with novel proteomics evidence to disprove the endosymbiotic hypothesis of mitochondrial evolution that is replaced in this work by a more realistic alternative”.
    3. Section 3.4 - “More logically, the points that show proteomics overlapping between different forms of life are more likely to be interpreted as a reflection of a single common fingerprint initiated by a mighty creator than relying on a single cell that is, in a doubtful way, surprisingly originating all other kinds of life”.
    4. Conclusions - “We realize so far that the mitochondria could be the link between the body and this preserved wisdom of the soul devoted to guaranteeing life”.
    Attila Csordas, PZ Myers, and Steven Salzberg joined with Lars Juhl Jensen to post on their blogs pointing out that Proteomics editor Prof. Michael J. Dunn still hasn't answered these questions about those parts of the paper:
    1. Were they already in the initial version that was submitted to Proteomics and sent out for peer review?
    2. Did they appear in a revised version that was sent to the peer reviewers?
    3. Were they introduced in a revised version that was accepted without sending it to the reviewers?
    4. Or were they added at the copy editing stage, that is after the manuscript had formally been accepted?
    UPDATE (March 23, 2008): Commenter JPCollado at William Dembski's Uncommon Descent blog has linked to this post as supporting evidence for his claim that the Warda and Han paper "seems like" a "false flag" operation to make creationists look bad. I don't think there's any evidence for that here or in the sources I've linked to. I don't think we do know the motivations behind their paper at this point, though we do know from Han's response to P.Z. Myers that his English is very poor and his explanation for how the paper came to be written makes no sense.

    Friday, February 08, 2008

    Tinfoil hat brigade generates fear about Infragard

    An article in The Progressive by Matthew Rothschild worries that the FBI's InfraGard program is deputizing businesses, training them for martial law, and giving them a free pass to "shoot to kill." Rothschild writes:
    The members of this rapidly growing group, called InfraGard, receive secret warnings of terrorist threats before the public does—and, at least on one occasion, before elected officials. In return, they provide information to the government, which alarms the ACLU. But there may be more to it than that. One business executive, who showed me his InfraGard card, told me they have permission to “shoot to kill” in the event of martial law.
    Nonsense. I've been a member of the Phoenix InfraGard Members Alliance for years. It's a 501(c)(3) organization sponsored by the FBI whose members have been subjected to some rudimentary screening (comparable to what a non-cleared employee of the federal government would get). Most InfraGard meetings are open to the general public (contrary to Rothschild's statement that "InfraGard is not readily accessible to the general public"), but the organization facilitates communications between members about sensitive subjects like vulnerabilities in privately owned infrastructure and the changing landscape of threats. The FBI provides some reports of threat information to InfraGard members through a secure website, which is unclassified but potentially sensitive information. InfraGard members get no special "shoot to kill" or law enforcement powers of any kind--and membership in the organization is open to anyone who can pass the screening. As Rothschild notes in the first sentence of his article, there are over 23,000 members--that is a pretty large size for a conspiracy plot.

    At one point in the article, Rothschild quotes InfraGard National Members Alliance chairman Phyllis Schneck referring to a "special telecommunications card that will enable your call to go through when others will not." This is referring to a GETS card, for the Government Emergency Telecommunications Service, which provides priority service for call completion in times of emergency or disaster to personnel who are working to support critical infrastructure. There is a similar service for wireless priority (Wireless Priority Service), and yet another for critical businesses and organizations (like hospitals) which need to have their telecommunications service re-established first after a loss of service due to disaster (Telecommunications Service Priority). These programs are government programs that are independent of InfraGard, though InfraGard has helped members who represent pieces of critical infrastructure obtain GETS cards.

    The ACLU's concern about InfraGard being used as a tip line to turn businesses into spies is a more plausible but still, in my opinion, unfounded concern. Businesses are not under any pressure to provide information to InfraGard, other than normal reporting of criminal events to law enforcement. The only time I've been specifically asked to give information to InfraGard is when I've been asked to speak at a regular meeting, which I've done a few times in talks that have been open to the public about malware threats and botnets.

    Check out the comments in The Progressive for some outright hysteria about fascism and martial law. I saw similar absurdity regarding the Department of Homeland Security's TOPOFF 4 exercise, which was a sensible emergency planning exercise. Some people apparently are unable to distinguish common-sense information sharing and planning in order to defend against genuine threats from the institution of a fascist dictatorship and martial law.

    Now, I think there are plausible criticisms to be made of the federal government's use of non-governmental organizations--when they're used to sidestep laws and regulations like the Freedom of Information Act, to give lots of government grant money to organizations run by former government employees, to legally mandate funding of and reporting to private organizations and so forth. The FBI has created quite a few such organizations to do things like collect information about missing and exploited children, online crime, and so forth, typically staffed by former agents. But personally, I've not witnessed anything in InfraGard that has led me to have any concerns that it's being used to enlist private businesses into questionable activities--rather, it's been entirely devoted to sharing information that private businesses can use to shore up their own security and for law enforcement to prosecute criminals.

    UPDATE (February 9, 2008): The irony is that Matthew Rothschild previously wrote, regarding 9/11 truthers:
    We have enough proof that the Bush administration is a bunch of lying evildoers. We don't need to make it up.
    He's right about that, but he's now helped spread nonsense about InfraGard and seriously damaged his own credibility. I find it interesting that people are so willing to conclude that InfraGard is a paramilitary organization, when it's actually an educational and information sharing organization that has no enforcement or even emergency, disaster, or incident response function (though certainly some of its members have emergency, disaster, and incident response functions for the organizations they work for).

    UPDATE (February 10, 2008): I suspect tomorrow Christine Moerke of Alliant Energy will be getting calls from reporters asking what specifically she confirmed. I hope they ask for details about the conference in question, whether it was run by InfraGard or DHS, what the subject matter was, and who said what. If there's actually an InfraGard chapter endorsing the idea that InfraGard members form armed citizen patrols authorized to use deadly force in time of martial law, that's a chapter that needs to have its leadership removed. My suspicion, though, is that some statements about protection of infrastructure by their own security forces in times of disaster or emergency have been misconstrued. Alliant Energy operates nuclear plants, nuclear plants do have armed guards, and in Arizona, ARS 13-4903 describes the circumstances under which nuclear plant security officers are authorized to use deadly force. Those people, however, are thoroughly trained and regularly tested regarding the use of force and the use of deadly force in particular, which is not the case for InfraGard members.

    UPDATE (February 11, 2008): Somehow, above, I neglected to make the most obvious point--that the FBI doesn't have the authority to grant immunity to prosecution for killing. If anyone from the FBI made that statement to InfraGard members, they were saying something that they have no authority to deliver on.

    UPDATE (February 12, 2008): I've struck out part of the above about the ACLU's concern about spying being unfounded, as I think that's too strong of a denial. There is a potential slippery slope here. The 9/11 Commission Report pointed to various communication problems that led to the failure to prevent the 9/11 attacks. These problems included failure to share information (mainly from the CIA to the FBI and INS), failure to communicate information within the FBI (like Phoenix Special Agent Ken Williams' memo about suspicious Middle Easterners in flight schools), and failure to have enough resources to translate NSA intercepts (some specific chatter about the attacks was translated after the attacks had already occurred). As a result, the CIA has been working closely with the FBI on counterterrorism and counterintelligence at least since 2001. (Also see Dana Priest, "CIA Is Expanding Domestic Operations," The Washington Post, October 23, 2002, p. A02, which is no longer available on the Post's site but can be found elsewhere on the web, on sites whose other content is so nutty I refuse to link, as well as this January 2006 statement from FBI Director Robert Mueller on the InfraGard website, which includes the statement that "Today, the FBI and CIA are not only sharing information on a regular basis, we are exchanging employees and working together on cases every day.")

    The slippery slope is this--the CIA is an organization which recruits and develops in its officers a sense of flexible ethics which has frequently resulted in incredible abuses, and which arguably has done more harm than good to U.S. interests. (My opinion on the CIA may be found in my posts on this blog labeled "CIA"; I highly recommend Tim Weiner's Legacy of Ashes: The History of the CIA.) Some of that ethical flexibility may well rub off on FBI agents who work closely with CIA case officers. (The FBI itself has also had a history of serious abuses, an objective account of which may be found in Ronald Kessler's book The Bureau: The Secret History of the FBI.) And then, that same ethical flexibility may rub off on InfraGard members as a result of their relationships with the FBI (and potentially relationships with the CIA, as well). The intelligence community seems to have a hunger for more and more information from more and more sources, but it is already awash in a sea of information that it has trouble processing today. (It doesn't help that the Army fires direly needed Arabic translators because they are gay.) The need is to accurately assess the information that it has, and ensure that bits and pieces aren't cherry-picked to produce desired conclusions, as well as ensure that information isn't sought or assembled to serve personal and political ends of particular interests rather than combatting genuine threats to the country and its citizens.

    My recommendation is that all InfraGard members read Kessler's The Bureau, Weiner's Legacy of Ashes, and view the film that won the 2007 Academy Award for best foreign film, "The Lives of Others," to help innoculate them against such a slippery slope.

    UPDATE: Amy Goodman interviewed Matt Rothschild for "Democracy Now!" on Wisconsin Public Television, in which it is pretty clear to me that Rothschild is exaggerating something he doesn't understand--what he cites as evidence doesn't support what he claims. Here's a key excerpt, see the link for the full transcript:
    MR: [...] And one other member of InfraGard [Christine Moerke of Alliant Energy] confirmed to me that she had actually been at meetings and participated in meetings where the discussion of lethal force came up, as far as what businesspeople are entitled to do in times of an emergency to protect their little aspect of the infrastructure.
    AG: But just to clarify, Matt Rothschild, who exactly is empowered to shoot to kill if martial law were declared? The business leaders themselves?
    MR: The business leaders themselves were told, at least in this one meeting, that if there is martial law declared or if there’s a time of an emergency, that members of InfraGard would have permission to protect—you know, whether it’s the local utility or, you know, their computers or the financial sector, whatever aspect. Whatever aspect of the infrastructure they’re involved with, they’d have permission to shoot to kill, to use lethal force to protect their aspect of the infrastructure, and they wouldn’t be able to be prosecuted, they were told.
    [...]
    You know, this is a secretive organization. They’re not supposed to talk to the press. You need to get vetted by the FBI before you can join it. They get almost daily information that the public doesn’t get. And then they have these extraordinary, really astonishing powers being vested in them by FBI and Homeland Security, shoot-to-kill powers. I mean, this is scary stuff.
    MR: The business leaders themselves were told, at least in this one meeting, that if there is martial law declared or if there’s a time of an emergency, that members of InfraGard would have permission to protect—you know, whether it’s the local utility or, you know, their computers or the financial sector, whatever aspect. Whatever aspect of the infrastructure they’re involved with, they’d have permission to shoot to kill, to use lethal force to protect their aspect of the infrastructure, and they wouldn’t be able to be prosecuted, they were told.
    It looks to me like the following transformation has occurred:

    1. At a DHS conference on emergency response, somebody asks if owners of critical pieces of infrastructure should be expected to use deadly force if necessary to protect it (e.g., a nuclear power plant).
    2. Somebody at DHS answers yes. They may even add that in some cases the law provides specific justification for use of deadly force (as in the Arizona statute I cite above).
    3. Matt turns that into a general right to "shoot-to-kill" in times of martial law by any InfraGard member.
    4. The blogosphere turns that into roving citizen patrols unleashed on the nation as the Bush hit squad after declaration of martial law.

    I don't see his key source--Christine Moerke--confirming anything beyond #1 and #2.

    Note other exaggerations and contradictions--Rothschild claims that InfraGard is highly secretive and selective, yet has quickly grown to over 23,000 members and has multiple public websites. He fails to note that most InfraGard meetings are open to the general public, or that it has been discussed in many articles in the national press over the last decade. Rothschild speaks of "business leaders," which the blogosphere has turned into "CEOs," yet I suspect the most common "business leader" represented in InfraGard is an IT or physical security manager.

    UPDATE (February 15, 2008): The FBI has issued an official response to Rothschild's Progressive article (PDF), which says, in part:
    In short, the article's claims are patently false. For the record, the FBI has not deputized InfraGard, its members, businesses, or anything else in the program. The title, however catchy, is a complete fabrication. Moreover, InfraGard members have no extraordinary powers and have no greater right to "shoot to kill" than other civilians. The FBI encourages InfraGard members -- and all Americans -- to report crime and suspected terrorist activity to the appropriate authorities.
    The FBI response also states that Rothschild has "refused even to identify when or where the claimed 'small meeting' occurred in which issues of martial law were discussed," and promises to follow up with further clarifying details if they get that information.

    UPDATE (February 25, 2008): Here's another blogger with a rational response to The Progressive article.

    UPDATE (March 2, 2008): Matthew Rothschild has responded to the FBI's response on Alex Jones' Info Wars blog, and he stands behind every word of his original article. He doesn't display any knowledge of or response to any of the criticisms I've offered.

    Thursday, February 07, 2008

    Academic fraud petition

    The Discovery Institute is behind an attempt to gather signatures and push state legislation to defend "the rights of teachers and students to study the full range of scientific views on Darwinian evolution." "The full range of scientific views on Darwinian evolution" is apparently the new code phrase for creationist misinformation and nonsense.

    The proposed legislation prohibits termination, discipline, denial of tenure or other discrimination against K-12 teachers who lie to their students by teaching them creationist nonsense.

    The promotion is tied in with the dishonest film, Expelled.

    Great Lakes health issues

    The Center for Public Integrity has released details of a report from the Centers for Disease Control and Prevention that has been blocked from publication for more than seven months. The report, titled Public Health Implications of Hazardous Substances in the Twenty-Six U.S. Great Lakes Areas of Concern, was supposed to be released in July 2007.

    The Center for Public Integrity has obtained the study, which warns that more than nine million people who live in the more than two dozen “areas of concern”—including such major metropolitan areas as Chicago, Cleveland, Detroit, and Milwaukee—may face elevated health risks from being exposed to dioxin, PCBs, pesticides, lead, mercury, or six other hazardous pollutants.

    In many of the geographic areas studied, researchers found low birth weights, elevated rates of infant mortality and premature births, and elevated death rates from breast cancer, colon cancer, and lung cancer.

    ...

    Last July, several days before the study was to be released, ATSDR suddenly withdrew it, saying that it needed further review. In a letter to Christopher De Rosa, then the director of the agency’s division of toxicology and environmental medicine, Dr. Howard Frumkin, ATSDR’s chief, wrote that the quality of the study was “well below expectations.” When the Center contacted Frumkin’s office, a spokesman said that he was not available for comment and that the study was “still under review.”

    De Rosa, who oversaw the study and has pressed for its release, referred the Center’s requests for an interview to ATSDR’s public affairs office, which, over a period of two weeks, has declined to make him available for comment. In an e-mail obtained by the Center, De Rosa wrote to Frumkin that the delay in publishing the study has had “the appearance of censorship of science and distribution of factual information regarding the health status of vulnerable communities.”

    Some members of Congress seem to agree. In a February 6, 2008, letter to CDC director Dr. Julie Gerberding, who’s also administrator of ATSDR, a trio of powerful congressional Democrats—including Rep. Bart Gordon of Tennessee, chairman of the Committee on Science and Technology—complained about the delay in releasing the report. The Center for Public Integrity obtained a copy of the letter to Gerberding, which notes that the full committee is reviewing “disturbing allegations about interference with the work of government scientists” at ATSDR. “You and Dr. Frumkin were made aware of the Committee’s concerns on this matter last December,” the letter adds, “but we have still not heard any explanation for the decision to cancel the release of the report.”

    You can find the Center for Public Integrity's summary and excerpts from the report here.

    Science meets stupid

    Daniel Brooks has written a fascinating summary of a 2006 conference put together by intelligent design advocates as a retrospective of the famous 1966 Wistar conference on evolution that is often cited by creationists who haven't bothered to understand what actually happened at that conference. (It was an example of what happens when you try to come up with models for phenomena you don't understand well enough to formulate models for.) The ID advocates invited numerous prominent scientists to the conference, including Brooks, whose book with E.O. Wiley, Evolution as Entropy, is a classic on evolution, thermodynamics, and information theory of the sort that creationists ignore except to quote mine (e.g., as Duane Gish did in his Creation Scientists Answer Their Critics). My favorite part of the summary is this paragraph, which ends the summary of a talk by ID advocate Ann Gauger:
    She was then prompted by one of her colleagues to regale us with some new experimental finds. She gave what amounted to a second presentation, during which she discussed “leaky growth,” in microbial colonies at high densities, leading to horizontal transfer of genetic information, and announced that under such conditions she had actually found a novel variant that seemed to lead to enhanced colony growth. Gunther Wagner said, “So, a beneficial mutation happened right in your lab?” at which point the moderator halted questioning. We shuffled off for a coffee break with the admission hanging in the air that natural processes could not only produce new information, they could produce beneficial new information.
    Quick--time for an emergency coffee break, and let's just forget that last question...

    The ID advocates repeatedly evaded tough questions from the scientists, and at the end of the conference...
    A few days after the meeting ended, we all received an email stating that the ID people considered the conference a private meeting, and did not want any of us to discuss it, blog it, or publish anything about it. They said they had no intention of posting anything from the conference on the Discovery Institute’s web site (the entire proceedings were recorded). They claimed they would have some announcement at the time of the publication of the edited volume of presentations, in about a year, and wanted all of us to wait until then to say anything.
    So it's left to the real scientists, not the ID advocates, to publicly discuss their conference and its implications.

    Read the full summary at The Panda's Thumb, as well as some revealing exchanges in the comments between ID advocate and young-earth creationist Paul Nelson, Dan Brooks, and Nick Matzke. John Lynch also has a nice brief summary.

    There is one notable error in Brooks' summary, and that is his erroneous claim that Richard von Sternberg was fired as editor of the Proceedings of the Biological Society of Washington. Sternberg is actually a false martyr who hasn't actually lost any jobs, positions, or status as a result of his opinions.

    Wednesday, February 06, 2008

    Institute for Justice argument against Clean Elections

    I agree with most of the positions taken by the Institute for Justice, an organization that fights for economic rights of entrepreneurs (especially small businesses fighting ridiculous regulations designed as barriers to entry), for freedom of speech, against eminent domain abuse, and for school choice. But I don't understand its argument against Arizona's Clean Elections law, which strikes me as conflicting with some of its other arguments.

    Tim Keller, head of the Arizona chapter of the Institute for Justice, makes the following argument:
    Direct government limits on expenditures are unconstitutional. Instead of a direct limit, Arizona created so-called “matching funds” to enforce the caps. The system’s drafters knew that many candidates like Martin would reject taxpayer funding on principle and simply opt out, freeing them of the government caps. That would give them an advantage over those who accept taxpayer funds and thus discourage participation in the scheme. So there had to be a way to punish those who opt out. “Matching funds” is the punishment: Whenever a privately financed candidate or an independent group outspends a taxpayer-funded candidate, the government steps up to the ATM (in this case, Arizona Taxpayers’ Money) and matches those expenditures dollar-for-dollar, up to two times the initial payout.
    “Matching funds” are how Arizona rewards those who take taxpayer money for politics and punishes those who refuse it—as well as private citizens or groups who want to support them. “Matching funds” are how Arizona reins in speech about politics.
    Indeed, the dirty little secret of Arizona’s law is that it is designed to limit speech: Government controls the purse strings, so government decides how much speech is “enough.” But, in a free society, the government has no business micromanaging how citizens debate, of all things, who should run the government.
    State-imposed limits, even indirect limits, on grassroots advocacy and campaigns for public office violate the free speech and association guarantees of the First Amendment. That is why Dean Martin, the Freedom Club PAC and Taxpayer Action Committee joined with the Institute for Justice to ask the federal courts to vindicate their First Amendment rights. The 9th U.S. Circuit Court of Appeals recently reinstated this lawsuit, originally filed in 2004 by IJ and Martin. Now we return to the trial court to argue the merits of the case.
    Arizona’s election scheme, one of the most far-reaching in the nation, adds up to less speech from fewer voices resulting in a less robust public debate. If the Arizona model spreads, as so-called campaign finance “reformers” hope, our core rights as citizens to speak on political matters will give way to government control. But IJ is fighting back with a case that can set an important precedent against taxpayer-funded campaigns and in favor of unfettered First Amendment rights.
    In Arizona, candidates can either choose to be "clean elections" candidates receiving public funding, or not. If they choose public funding, they need to find a certain number of "grassroots" supporters to each make $5 donations (a number dependent upon the number of people in the district, or in the state, for statewide offices), and then they are eligible for matching funds for advertising if any non-"clean elections" candidates exceed the "clean elections" spending cap. Those funds come from money earmarked for the purpose by Arizona taxpayers when they file their state income tax returns--many people check the box that allows a $5 tax credit ($10 for married filing jointly) if the money is passed on to the clean elections fund.
    The IJ argument is that this violates the First Amendment because a non-"clean elections" candidate's speech is chilled by the fact that matching funds will go to any "clean elections" candidates running for the same office if they exceed the spending cap. There's nothing else preventing them from exceeding the spending cap--only the knowledge that their opponent will get comparable funding. I don't see how this constitutes any restriction at all on a candidate's freedom of speech. The fact that someone else will get funding to promote their speech if I spend money to promote mine doesn't impact my ability to speak at all. This isn't like the Fairness Doctrine where some media outlet is being compelled to give equal time for opposing views, rather it's that taxpayers who have given money to clean elections are providing funding for such candidates to speak with a comparably loud voice to their opponents funded by special interests.

    This is not to say there aren't good arguments against the clean elections law. I think one good argument against it is that it has been used by social conservatives to get fringe candidates elected to office. Another is that it makes complicated and seemingly arbitrary rules (PDF) about how a candidate can spend money, and involved the creation of a new bureaucracy, the Citizens Clean Elections Committee. It also used to (until successfully overturned by a previous lawsuit) involve compelled funding of speech, when it was funded by parking fines.

    IJ has argued (rightly, in my opinion) that a tax credit for donations to school choice organizations doesn't constitute a violation of the First Amendment if it goes to religious schools, since it's an individual taxpayer choosing to give their own money to a religious organization, not the government passing money along. I agree with Sam Coppersmith that similar reasoning should apply to the clean elections tax credit.

    UPDATE (February 7, 2008): Tim Keller has sent me a copy of the decision in Day v. Holohan, the case that overturned clean elections in Minnesota, as well as informing me that contrary to what I say above, 2/3 of Arizona's clean elections funding still comes from surcharges on civil and criminal fines--which I agree amounts to compelled speech for parking and traffic violators. I was under the (apparently mistaken) impression that that source of funding had already been eliminated.

    Tim also points out that, contrary to Sam Coppersmith, the clean elections tax credit doesn't quite work the same way as the school tuition credit. When a taxpayer checks the box for a $5 donation to the clean elections fund, $5 goes as a tax credit to the taxpayer and another $5 goes to the clean elections fund, so the general fund really is out $5 ($10 if you count the taxpayer being allowed to keep $5 of his own money to be a taking from the government, which I don't). The school tuition credit, by contrast, involves the taxpayer making a donation (up to $1,000 for a married couple filing jointly) directly to a school tuition organization which then counts as a tax credit on the return. No money at all goes from the treasury to the school, though it gets the amount of the donation less in taxes paid. With the clean elections credit, the state is out the money it has to pay to clean elections AND it doesn't get the money from the taxpayer, while with the school tuition organization tax credit, the state is only out the money it doesn't get from the taxpayer. Tim says that if clean elections was funded the same way, IJ wouldn't be suing.

    UPDATE (September 3, 2008): The Institute for Justice argument prevailed in court. Last Friday Judge Roslyn Silver ruled that the matching funds provision of the Clean Elections Act violates the First Amendment, following the Supreme Court case of Davis v. FEC. There will be a hearing today to determine what the implications are--whether matching funds will continue to be provided to candidates in this November's general election or not. IJ has asked for an injunction against matching funds.

    UPDATE (June 27, 2011): The U.S. Supreme Court has sided with the Institute for Justice on this (PDF), in a 5-4 decision.  The dissenting argument makes some of the same points I do above, and I still have to agree that it's a better argument.  As the dissent puts it:
    the program does not discriminate against any candidate or point of view, and it does not restrict any person's ability to speak.  In fact, by providing resources to many candidates, the program creates more speech and thereby broadens public debate. ...
    At every turn, the majority tries to convey the impression that Arizona's matching fund statute is of a piece with laws prohibiting electoral speech. The majority invokes the language of "limits," "bar[s]," and "restraints." ... It equates the law to a "restrictio[n] on the amount of money a person or group can spend on political communication during a campaign." ...

    There is just one problem. Arizona's matching funds provision does not restrict, but instead subsidizes, speech. The law "impose[s] no ceiling on [speech] and do[es] not prevent anyone from speaking." ... The statute does not tell candidates or their supporters how much money they can spend to convey their message, when they can spend it, or what they can spend it on. ...

    In the usual First Amendment subsidy case, a person complains that the government declined to finance his speech, while financing someone else's; we must then decide whether the government differentiated between these speakers on a prohibited basis--because it preferred one speaker's ideas to another's. ... But the speakers bringing this case do not make that claim--because they were never denied a subsidy. ... Petitioners have refused that assistance. So they are making a novel argument: that Arizona violated their First Amendment rights by disbursing funds to other speakers even though they could have received (but chose to spurn) the same financial assistance. Some people might call that chutzpah.

    Indeed, what petitioners demand is essentially a right to quash others' speech through the prohibition of a (universally available) subsidy program. Petitioners are able to convey their ideas without public financing--and they would prefer the field to themselves, so that they can speak free from response. To attain that goal, they ask this court to prevent Arizona from funding electoral speech--even though that assistance is offered to every state candidate, on the same (entirely unobjectionable) basis. And this court gladly obliges.

    Saturday, February 02, 2008

    Middle East subsea cable cuts

    I've seen some speculation (at sites of dubious credibility) that the recent subsea cable cuts, which have apparently reduced Internet connectivity to Iran (though the impact to India has been more prominent), are a prelude to a U.S. attack of Iran. I don't think so.

    First of all, subsea cable cuts (and the word "cut" is unfortunately overused to mean a non-functional cable even when it's not actually severed) occur on a regular basis, and every company that owns subsea cables (such as employer, Global Crossing) contracts with a cable-laying company such as Global Marine (which Global Crossing used to own) to do repairs. Second, in December 2006, there were nine cable breaks in east Asia as a result of earthquakes. In this instance, we are up to only three cable breaks--the first two were FLAG Telecom's Europe-Asia link and SeaMeWe-4, which were broken by a tanker in the Mediterranean between Alexandria, Egypt and Palermo, Sicily, causing disruption to Internet access in Egypt, Jordan, Saudi Arabia, and India. Those cables follow pretty much the same path, from Mumbai, India, to Djibouti, and from there into the Red Sea, past Egypt, through the Suez Canal, and into the Mediterranean to Sicily. It's not surprising that both were cut simultaneously by the same tanker dragging its anchor, they are perhaps a quarter mile apart. An offshoot from those cables goes north from just off the coast of India into the Persian Gulf, past Oman, the United Arab Emirates, Qatar, and Bahrain, and lands in Kuwait. In the other direction, it goes to Sri Lanka. The third cable cut was on this offshoot, FLAG Telecom's FALCON cable, off the coast of Dubai, between Oman and the United Arab Emirates. Some have erroneously claimed that four cables were cut, on the basis of a report that a cable was cut between Sri Lanka and the Suez Canal--that's the FALCON cable off the coast of Dubai, not yet another cut.

    None of these cables land in Iran or Iraq, at least on my cable map, though there is apparently a Kuwait-Iran subsea cable, so any impact from these cable breaks to Iran is incidental. I don't see any evidence that these are anything other than normal accidental subsea cable breaks. (Correction: FLAG FALCON has a segment from Kuwait to Bandar Abbas, Iran, that was built in 2005 and isn't on my map, which was printed in May 2004.)

    You can see Telegeography's submarine cable map of the world for yourself here.

    UPDATE (February 3, 2008): I didn't check earlier, but I note that at the moment I have no problem reaching hosts in Iran, such as Mahmoud Ahamdinejad's official blog, or pinging the primary mail server of the Datacommunications Company of Iran (mail.dci.co.ir). Others have previously noted the continuing availability of Ahamdinejad's blog, which is hosted by DCI (AS 12880) and gets upstream connectivity from Singapore Telecom and TTNet (a Turkish ISP). I would hazard a guess that Iran's TTNet connectivity is via terrestrial cable from Turkey.

    UPDATE: Egypt claims no ships were in the vicinity in the Mediterranean when the cable cuts there occurred. There is now a report of a fourth cable cut, in the Persian Gulf between the Qatari island of Haloul and the United Arab Emirates island of Das. This outage is now being attributed to a power system problem.

    UPDATE (February 4, 2008): The Renesys Blog has analyzed the breaks from a routing perspective, showing which countries have been affected, in a series of posts. In part one, they look at the first two breaks in the Mediterranean, and show that the most impacted countries were Pakistan and Egypt. In part two, they look at the impact by ISP. In part three, they look at how providers addressed their connectivity before and after the breaks. You'll notice one country conspicuously absent from the list of impacted countries--Iran. This is because while Iran has had some impact, it has not been significant. In a fourth post, The Renesys Blog discusses the Iran impact and the misinformation about it that has appeared in places like Slashdot and the blog of the first commenter on this post. In a fifth post, they look at how Indian providers weathered the problems. And in a sixth post, they sum up lessons learned.

    UPDATE: These cuts are all associated with bad weather in the region, which is also delaying repairs. Here's a report from FLAG Telecom posted by a commenter at the Renesys Blog:

    Update on Submarine Cable Cut - Daily Bulletin
    @ 0900 GMT February 4 2008
    Bulletin will be updated Daily with Progress.
    Cut # 1:
    − FLAG Europe-Asia cable was reported cut at 0800 hrs GMT on January 30 2008.
    − Location of cut is at 8.3 kms from Alexandria, Egypt on segment between Egypt and Italy.
    − The Repair ship loaded with spares is expected to reach the repair ground by February 5 2008.
    − We have received the necessary permits to commence work from the Egyptian Authorities.
    − FLAG has restored circuits of customers covered under Pre-planned Restoration service.
    − FLAG has restoration on alternative routes for customers who have requested Ad hoc Restoration service.
    Cut # 2:
    − FALCON cable was reported cut at 0559 hrs GMT on February 1 2008.
    − Location of cut is reported at 56 kms from Dubai, UAE on segment between UAE and Oman.
    − The repair Ship is loaded with all spares and ready to sail. Awaiting clearance from Port Authorities due to 36 knots winds.
    − FLAG is executing restoration on alternative routes for customers who have requested Ad hoc Restoration service.
    UPDATE (February 7, 2008): There have been some additional cable faults on FLAG's cable systems, to a total of four or five. In addition to the two listed above (FLAG Europe-Asia, 8.3 km from Alexandria and FLAG FALCON 56 km from Dubai), there has been another on FLAG Europe-Asia 28 km from Penang, Malaysia scheduled for repair on February 11, and possibly two faults on FLAG FALCON near Bandar Abbas, Iran, on a segment that runs from Iran to Kuwait, which will be visited by a repair ship around February 19.

    The current list is this:

    1. Consortium cable SeaMeWe-4, 12.334 km from Alexandria, in the Mediterranean. Currently under repair, should be fixed by this weekend.

    2. Qtel's cable from Haloul (Qatar) to Das (UAE), in the Persian Gulf. Probably not a cut, but damaged power system due to weather.

    3. FLAG's Europe-Asia (FEA Segment D), 8.3 km from Alexandria, in the Mediterranean. Currently under repair, should be fixed by this weekend by cable ship CS Certamen.

    4. FLAG's FALCON (FALCON Segment 2), 56 km from Dubai, UAE in the Persian Gulf, on the route to Al Seeb, Oman. Currently under repair, should be fixed by this weekend. This cut was due to a ship's anchor--an abandoned 5-6 ton anchor was recovered by FLAG at the site (see photo in FLAG's update, PDF)

    5. FLAG's Europe-Asia (FEA Segment M), 28 km from Penang, Malaysia. Scheduled for repair on February 11 by cable ship CS Asean Restorer.

    6. FLAG's FALCON (FALCON Segments 7a and 7b), two faults on the cable between Kuwait and Bandar Abbas, Iran, scheduled for repair on February 19.

    There's an article in Technology Review about the cable breaks.

    Alex at the Yorkshire Ranter is a breath of fresh air on this subject, his commentary presents some common sense opinions with a factual basis and accompanied by lots of good links.

    UPDATE (February 11, 2008): The Economist also has an excellent summary.

    UPDATE (April 16, 2008): Two ships have been identified as the cause of damage to undersea cables in the Persian Gulf. An Indian officer a Syrian chief engineer of an impounded Iraqi ship are being held for trial in Dubai, and the ship owner will have to pay $350,000 in compensation. Another Korean ship was impounded and then released after its owners paid $60,000 in compensation to Flag Telecom. The two ships, the MV Hounslow and the MV Ann, were identified by satellite photos.