New York Times Suffers Redaction Failure, Exposes Name Of NSA Agent And Targeted Network In Uploaded PDF

from the make-sure-to-dot-all-i's-and-blot-out-all-sensitive-info dept

It appears as if the New York Times, in its latest publication of leaked NSA documents, failed to properly redact the PDF it uploaded, exposing the name of the NSA agent who composed the presentation as well as the name of a targeted network.

Cryptome seems to have been the first site that noticed the redactions that actually weren't, issuing a couple of tweets that informed its followers of this fact. This led to Bob Cesca at the Daily Banter turning the NYT's error into an anti-Snowden rant (which I found via F-Secure's blog) that decried everyone involved while "virtuously" refusing to name the entity that had discovered the poorly-done redactions (but including the uncredited tweets in full for easy searching).

As soon as the article was posted, someone from or associated with a popular cryptography website claims to have downloaded a pdf of the Snowden document from The New York Times and discovered that three of the redactions that were intended to obscure sensitive national security information were easily accessible by highlighting, copying and pasting the text. The poorly-redacted file was subsequently posted to the cryptography website, then promoted via Twitter. (We’re not going to post the name of the website that posted the file to protect the information contained within.)

…

So, the identity of an NSA agent is out there in public view within the same document in which a target of this program is named. All of this is due to the incompetence of whoever failed to properly redact the pdf before publishing it for the world to see — as well as for the aforementioned cryptography site to nab and republish it.'

…

This was bound to happen at some point in this ongoing saga: the name of an American agent has been leaked to the public via a document stolen by Edward Snowden. To add to the irresponsibility of how Snowden went about this operation, he distributed untold thousands of documents to a gaggle of technological neophytes who barely understand how to used Adobe Acrobat, much less the phenomenally complicated details of top secret NSA operations.

Cesca somehow feels the privacy of a single NSA agent trumps the public's interest in infringements on their own privacy -- not just here in the US but all over the world. Certainly, the New York Times should have made sure its redactions were actually redactions before publishing the document, but Cesca's hyperbolic attack isn't doing his side any favor.

One agent's name was exposed, one who may not even be employed by the agency at this point. (The documents are from 2010.) The target revealed is nothing more than the Al Qaeda's "branch operation" in Mosul, Iraq. Al Qaeda has been the focus of counterterrorism efforts since before the 9/11 attacks and the revelation that the NSA is targeting mobile networks in Mosul shouldn't come as a shock to anybody, least of all Al Qaeda members.

This doesn't excuse the NYT's carelessness, however. It is disseminating some very sensitive NSA documents and should be ensuring any information it chooses to withhold stays withheld. But this error doesn't invalidate Snowden's exposure of the NSA's programs, no matter how Cesca (and those like him) spin it.

The NSA and other government agencies have suffered redaction failures as well, accidentally exposing information they would rather have withheld from the public. Does the government get held to the same standard by the NSA's booster club? Hardly. Humans make mistakes, no matter which side of this issue they're on.

[The original document uploaded by the NY Times is posted below (via Cryptome). To see the unredacted text, simply click on the Text tab.]

Filed Under: ed snowden, errors, journalism, nsa, redactions
Companies: ny times

Cameron's Anti-Porn Program Tells ISPs To Do The Impossible: Only Block Bad Content; Don't Block Good Content

from the stop-not-controlling-things-you-can't-control! dept

The Great Internet Porn Firewall of Britain is now in full effect and, contrary to earlier reports, the no-porn filter will be mandatory even for smaller, "boutique" ISPs. How this will play with Andrews & Arnold, the ISP inviting customers seeking internet filtering to check with North Korea, remains to be seen.

All "questionable content" boxes are to be pre-ticked to provide maximum sanitization, per UK policy, and if someone wishes for a less censored internet experience, they'll have to go through the trouble of informing their ISP that they are indeed a responsible adult capable of handling NSFW material.

In addition, the UK government wants a guarantee that legitimate content won't accidentally get sucked into the filter. How it imagines this will be accomplished remains a mystery. I doubt anyone in Parliament will be staying up late trying to solve this problem as the government has decided to "allow" the ISPs to figure it out on their own.

Finally, DCMS demand ISPs give them magic beans (“We want industry to continue to refine and improve their filters to ensure they do not – even unintentionally – filter out legitimate content”) and threaten them with regulation if they do not answer to future demands, or “maintain momentum”.

There's nothing quite like a faith-based technological platform crafted by a crack team of professional busybodies and bureaucrats, especially one that assumes the only fuel needed is good intentions and the "momentum" will sustain itself into perpetuity. OR ELSE.

The not-so-veiled threat on the end really drives the point home. What happens if the ISPs fail to deliver the impossible with their inability to prevent something that is by definition unpreventable? What are the consequences of failing to "maintain momentum" or "proactiveness" or whatever term the government is using to redefine "doing what they're told?" The "strategy guide" spells it out this way.

And while Government looks to the industry to deliver, through the self-regulatory mechanisms already established under UKCCIS, we are clear that if momentum is not maintained, we will consider whether alternative regulatory powers can deliver a culture of universally-available, family-friendly internet access that is easy to use.

Jesus. That's frightening. If ISPs don't march in lockstep with Cameron's orders, they'll simply be beaten into shape by restrictive government mandates that ensure "a culture of universally-available, family-friendly internet access." If that doesn't sound like a slightly kinder, gentler version of any totalitarian regime's homegrown "internet," then I didn't just throw up a little in my mouth while typing out that quote.

Why would the government threaten to set up its own internet, one dangerously low on a.) blackjack and b.) hookers? For the children, of course. Every form of media, not just the internet, is subject to these guidelines.

This should be underpinned by a basic, common set of media standards, building on existing standards that already apply in many places. We would expect this to include:

• Protection of minors: including protecting children’s exposure to material that seeks to sexualise them, strong sexual content, violence, imitable and dangerous behaviour, any specific health priorities, safety of children in content and protecting against commercial influence.

Well, Cameron might want to contact the Daily Mail and ask if it's willing to stop sexualizing minors, something it's never been shy about doing even if the front page is making all sorts of noise about rampant child pornography. I'm sure Cameron will also be clamping down on advertisers who push products pretty much anywhere they can aimed at the wide open wallets of teens and tweens (or ultimately, their parents). (P.S. Have the cast of Jackass shot.)

The UK government's neverending quest to turn the internet into a Disney-esque wonderland where no one sees anything they don't want to and are never even mildly insulted is pathetic. And disturbing. Cameron's plans infantilize the nation's children and adults, treating them both as precious bundles of stupidity too incompetent to make their own decisions on appropriate content.

If Cameron's ultimate goal is to govern a nation of infants, he's well on his way. But he's going to find the behavior behind the disturbing images will continue on unabated. His solutions will work about as well as slapping band-aids on someone bleeding internally. At some point down the road, he or his successors will triumphantly point at the unstained bandages as proof of their effectiveness. And if something should actually mar the surface, the call will out go out for bigger bandages -- and more of them.

Filed Under: david cameron, errors, filters, porn, uk

Copyright Trolls So Sloppy They Sue The Same Guy Multiple Times

from the i'm-sure-tat's-effective dept

In yet another copyright trolling case, it appears that the trolls are so sloppy that they're suing over the same IP address for sharing the same file (the animated movie, Zambezia) in multiple cases. The story focuses on one guy, who has filed a motion to quash in response, noting that the sloppiness of filing three times raises significant questions about the trolling operation. Either they're incredibly sloppy and not very careful, or they're hoping that by repeating the same IP address in multiple lawsuits, at least one judge will let the subpoena go through, leading to the inevitable demand letter. Either way, it should raise some eyebrows from the court about why anyone would file against the same IP address for the same movie in three different cases.

Filed Under: copyright, copyright trolls, errors, lawsuits, sloppy

It's Not About Whether Amateur Internet Journalism Is Good Or Bad, But That It Happens And Will Continue To Happen

from the look-forward,-not-back dept

There's been a lot of hand-wringing among the types of people who hand-wring about these things, that there was a flurry of activity on Reddit and Twitter late last night / early this morning believing that one of the suspects in the Boston Bombings was Sunil Tripathi, a Brown student who went missing last month (and, for what it's worth, when people thought it was him, folks from 4Chan started complaining that they had done the real sleuthing, and were pissed off that Reddit got the credit -- but, now that it turned out to be wrong, 4Chan seems happy to let Reddit take the heat). Alexis Madrigal has the basics of the story, which has allowed the usual crew of folks who hate the concept of "citizen journalism" or whatever it's called today to whine about how awful "Reddit" journalism is. Defender of legacy newspapers, Ryan Chittum, seemed particularly gleeful in calling out that Reddit "fails again," and saying that the mainstream media did it right.

Except, that's ridiculous. Mathew Ingram points out that people attacking Reddit for this are missing the point, which is true by a wide, wide margin. First of all, as he notes, mainstream news folks also got parts of the story wrong. As we noted yesterday, the mainstream TV folks got a hell of a lot wrong. Hell, the NY Post even put the wrong two guys on the cover and falsely claimed that the feds were seeking them.

But the bigger problem is this idea that it's "Reddit" or, as some people have argued) "the internet" against the legacy media. That's not true at all. Everyone made mistakes during the rapidly changing story, but only on Reddit did you actually see the details of the process. The legacy news organizations present things as if coming from a place of authority, while Reddit is like an open newsroom where anyone can jump in. The conversation about Tripathi, for example, was about whether or not Suspect #2 was him -- it wasn't based on a declaration that it absolutely was him. Furthermore, when you look at the reason why the story actually spread, it was after some more known "press" names retweeted the initial tweet from Greg Hughes, which claimed (incorrectly) that Tripathi's name went out on the police scanner (ironically, he posted that about a minute after posting "This is the Internet's test of 'be right, not first' with the reporting of this story").

But here's the real issue: people can fret about all of this, but it doesn't change one thing: this is going to happen and continue to happen. People are naturally curious and they're going to talk to people when there's a news story going on and they'll try to figure things out. That happens all the time in newsrooms already before stuff goes on the air or is officially published. It's just that the public doesn't see the process. On Reddit, or anywhere else that the public can converse, it does happen in public. The problem is to assume the two things are the same. Furthermore, it's even more insane to blame "Reddit" or "the internet" as if those are singular entities that anyone has control over. They're not. As Karl Bode noted, they're just massive crowds of people.

An even better point was made by Charles Luzar, who noted that "the crowd doesn't implicitly profess its empirical correctness like the media does," but rather admits quite openly that it's a process in action. Further, he notes that even if the crowd presents false information before finding factual information, that's still "effective crowdsourcing" and, if anything, provides a greater role to the media to be effective curators of the actual facts.

In the end, it seems likely that this incident will actually help a lot the next time there's a big breaking news story, because (hopefully) it will give people more reason to be at least somewhat skeptical of stories coming out, but it's not going to change the fact that groups on various platforms are going to talk about things, and often try to do a little sleuthing themselves. Sometimes they'll get it right, and sometimes they won't -- just the same as many others. It seems like a much better focus looking forward is in providing more training and tools to help the world be better at it.

Filed Under: amateurs, blame, boston bombing, cnn, corrections, crowdsourcing, errors, journalsim
Companies: reddit, twitter

'Intellectual Bulwark' Of Austerity Economics Collapses Because Of Three Major Errors

from the getting-it-wrong dept

Amongst economists and those who draw on their thinking, the names Reinhart and Rogoff are well known for work published under the title "Growth in a Time of Debt," which sought to establish the relationship between public debt and GDP growth. The key result, that median growth rates for countries with public debt over 90% of GDP are about one percent lower than otherwise, and that the mean growth rate is much lower still, has been cited many times, and invoked frequently to justify austerity economics -- the idea being that if the public debt is not reduced, growth is likely to suffer badly.

Given the economic, political and social importance of that finding, many have tried to reproduce it, but failed. A post by Mike Konczal on The Next New Deal blog explains how three researchers finally succeeded -- with surprising consequences:

In a new paper, "Does High Public Debt Consistently Stifle Economic Growth? A Critique of Reinhart and Rogoff," Thomas Herndon, Michael Ash, and Robert Pollin of the University of Massachusetts, Amherst successfully replicate the results. After trying to replicate the Reinhart-Rogoff results and failing, they reached out to Reinhart and Rogoff and they were willing to share their data spreadsheet. This allowed Herndon et al. to see how how Reinhart and Rogoff's data was constructed.

They find that three main issues stand out. First, Reinhart and Rogoff selectively exclude years of high debt and average growth. Second, they use a debatable method to weight the countries. Third, there also appears to be a coding error that excludes high-debt and average-growth countries. All three bias in favor of their result, and without them you don't get their controversial result.

In his post, Konczal goes on to give a good explanation of just what went wrong. Correcting those three major errors produces the following result:

So what do Herndon-Ash-Pollin conclude? They find "the average real GDP growth rate for countries carrying a public debt-to-GDP ratio of over 90 percent is actually 2.2 percent, not -0.1 percent as [Reinhart-Rogoff claim]." [UPDATE: To clarify, they find 2.2 percent if they include all the years, weigh by number of years, and avoid the Excel error.] Going further into the data, they are unable to find a breakpoint where growth falls quickly and significantly.

That is, not only is there no significant difference between countries whose public debt-to-GDP ratio is over 90%, and those with much lower values, there is apparently no critical number above which growth falls catastrophically. Put another way, from the corrected research, there does not seem to be any reason why the public debt-to-GDP ratio cannot keep on rising while preserving normal levels of growth. That clearly runs entirely contrary to the current dogma that public debt must be reduced at all costs in order to keep growth at a healthy level. As the authors of the new paper conclude (pdf):

RR's [Reinhart and Rogoff's] findings have served as an intellectual bulwark in support of austerity politics. The fact that RR's findings are wrong should therefore lead us to reassess the austerity agenda itself in both Europe and the United States.

That debate about public debt reduction and the need for austerity measures certainly won't stop just because a key justification for the approach has been found to be completely wrong. But it's worth noting that alongside the major political ramifications of this new finding, there is another, rather less contentious, conclusion to be drawn.

The three errors in the original work by Reinhart and Rogoff finally came to light when they allowed other researchers to examine their model and the data they employed in it. It then became clear that the model was flawed, and that not all the relevant data had been included in the calculation. Neither was obvious from the result alone.

This reinforces a point we have made before. Alongside the results of their work, academics also need to release the datasets and any mathematical/computational models that they have used to derive them. Without those additional resources, it is not possible for other researchers to reproduce the results, which may -- as turns out to be the case for Reinhart and Rogoff's famous paper -- contain fundamental errors that completely undermine the conclusions drawn from them.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: austerity, economics, errors, policy, reinhard and rogoff

Congress So Dysfunctional, It Can't Even Fix The Errors It ADMITS It Made In Patent Reform

from the incredible dept

Okay, this one is incredible. As you may recall, back in September of 2011, the "America Invents Act" became law. This was a "patent reform" proposal that had been debated and changed and debated some more for about seven years before finally getting approved in a greatly watered down fashion. We criticized the bill for doing almost nothing to deal with the real problems of the patent system, but there were some incredible, fundamental, blatant mistakes in the final bill. You'd think that with seven years of debate and tweaking that such mistakes would have been whittled away. The first clue to some serious problems was in an analysis by Mark Lemley soon after the bill was approved in which some drafting errors were apparent just in looking at the "effective dates" of various parts of the bill.

Over time, it became clear that Congress had left significant errors in. Recently some of the key people behind the bill admitted that there were errors in the bill, with Eli Lilly's General Counsel, Bob Armitage, stating: "There are a few minor errors in the bill and one major error in the bill." What's the "maajor error"? It's the part on "estoppel" in "post grant review." Basically, there's a provision in the bill which encourages people to seek "post grant review" of questionable patents in the first nine months after they've been approved. In talking about this, Congress was clear that it wanted to encourage more people to use this, and so it wanted to remove barriers. One of those was to make it clear that failing to raise issues during the post grant review shouldn't prevent those issues from being raised later. However, the actual language of the bill says that any issue that "could have been raised" can't be raised later.

As law professors Eric Goldman and Colleen Chien note, it's clear that Congress didn't mean to include this language. The committee report on the bill and direct quotes from both House and Senate sponsors of the bill (Lamar Smith and Patrick Leahy) admitted that this was a mistake:

By all accounts, in the AIA, Congress intended to remove the "could have been raised" language and provide a narrower estoppel for PGR proceedings. As the Congressional committee report explains, the PGR was designed to "remove current disincentives to current administrative processes." But something funny happened on the way to the Congressional floor, and the problematic "could have been raised" language was inadvertently inserted into the bill.

We're not the only ones to recognize the error. House Judiciary Chairman Lamar Smith referred to the AIA's PGR estoppel standard as "an inadvertent scrivener's error." Senate Judiciary Chairman Patrick Leahy, in advocating that the Senate adopt the technical corrections bill, said the PGR estoppel standard in AIA was "unintentional," and it was "regrettable" the technical corrections bill doesn't address the issue. Sen. Leahy expressed "hope we will soon address this issue so that the law accurately reflects Congress's intent." The PTO also thinks Congress made a mistake, saying "Clarity is needed to ensure that the [PGR] provision functions as Congress intended."

To fix some of the errors in the AIA, Congress rushed through a "technical corrections" bill, intended to fix some of the problems with the bill. During all the fiscal cliff mess, with some back and forth between the House and Senate, they approved this bill which will be signed any moment, if it hasn't been already.

Just one problem. For a bill about technical fixes, it didn't actually address this one *admitted* major error in the original bill. Yeah, they left that one out.

Let's recap, because this is quite incredible:

1. Congress spends seven years debating patent reform.
2. It finally approves patent reform in late 2011, and despite seven years of debate, had a ton of clear errors in the drafting of the bill.
3. The official sponsors of the bill flat out admit that there's a major error in a part of the bill that they did not intend to be in there.
4. A year plus later, Congress finally introduces a bill to "fix problems" in the original bill.
5. This "technical corrections" bill does not fix the one major problem that all admit was a flat out mistake in the original bill.

And people wonder why Congress' approval rating is so low.

Filed Under: america invents act, congress, errors, estoppel, lamar smith, patents, patrick leahy, post grant review

Anti-Medical Marijuana Committee Fails To Register Published URL, Hilarity Ensues

from the you-can't-like,-OWN-a-URL,-man dept

Time for a pop quiz: get out your no. 2 iPads and see if you can figure out which steps in this process are out of order.

It's election season, a time when man's (and more recently, woman's) thoughts turn towards shutting off the TV, radio and phone until mid-November. But! Things must be voted on, including such controversial issues as legalizing medical marijuana and authorizing dispensaries. As an opponent of weed-based medicines, you vow to fight this with every ounce/gram of your being. You set your plan in action.

1. Pick a name for your committee. ("No on Question 3")
2. Pick out a suitable URL ("votenoonquestion3.org")
3. Get your committee and its pertinent information added to the official voters' guide (both print and online.)
4. Register URL.
5. Become aghast.

Can anyone point out where Vote No on Question 3 went wrong? Here are some visual aids, taken from votenoonquestion3.org:

You see, the internet is like magic. And like most magic, it can be used for entertainment purposes. All the do-gooding in the world doesn't amount to much if you forget to register your URL. While you're busy enjoying that "new ink" smell of freshly printed Voter's Guides, someone quicker on the draw is undermining your "marijuana is bad" propaganda proselytizing information with hilariously over-the-top headlines. 

The good news is that the online voters' guide sports the corrected URL: mavotenoonquestion3.com

The bad news is that the paper version will carry the old URL permanently. Of course, very few people are willing to type in a URL by hand, but as news of this blunder spreads, the fake site with the real URL will be receiving much more attention, voters' guide correction or no.

Here's the official reaction from No on Question 3 spokesman, Kevin Sabet:

"It's funny and upsetting, I guess, at the same time."

Yeah. Largely the first part. And to think, the committee can't even blame a late afternoon smokeout for the mental slip.

This statement, however, seems both more on point and more disingenuous:

The group sent out a press release saying proponents of medical marijuana were tampering with the democratic process through “underhanded efforts.”

Sabet admits the committee made a mistake and yet, the press release attempts to paint No on Question 3 as the victim of villainous pot smokers rather than treating it like the self-inflicted wound it is.

Oh, and here's more bad news for the "No" side:

The Globe notes that the No on Question 3 campaign has managed to collect all of $600 so far, compared to the $1 million or so that supporters of the initiative have received from Peter Lewis, a longtime patron of drug policy reform.

Maybe it's time to admit your fears of a weed-loaded America are overblown, especially when you've just been outmaneuvered (and outspent) by a bunch of stoners.

Filed Under: errors, marijuana, politics, registration, urls, vote no

WSJ Still Hasn't Corrected Its Bogus Internet Revisionist Story, As Vint Cerf & Xerox Both Claim The Story Is Wrong

from the how-do-you-correct-a-story-that's-almost-entirely-wrong? dept

We recently discussed a Wall Street Journal opinion piece by its former publishers, L. Gordon Crovitz, in which he made some fantastically false claims about the origins of the internet. What was noteworthy was that while the WSJ got the story so totally wrong, lots of others, including bloggers, leapt into the fray to explain why Crovitz was wrong. Almost everyone he sourced or credited to support his argument that the internet was invented entirely privately at Xerox PARC and when Vint Cerf helped create TCP/IP, has spoken out to say he's wrong. And that list includes both Vint Cerf, himself, and Xerox. Other sources, including Robert Taylor (who was there when the internet was invented) and Michael Hiltzik, have rejected Crovitz's spinning of their own stories.

Basically, anyone and everyone is telling the WSJ that it got this story totally and completely wrong. You might think the WSJ would start making some corrections. Instead, it's made one single correction: That was a pretty minor correction, involving Crovitz being confused about how to understand how blockquotes work in HTML. But what about all of the other factual errors, including whoppers like saying that Tim Berners-Lee invented hyperlinks? Of course, considering the very premise of the article and nearly all of its supporting factoids were in error, it raises questions about how you do such a correction, other than crossing out the whole thing and posting a note admitting to the error (none of which has yet been done). Given the widespread discussion online about these errors -- both in blogs and in traditional media, it seems like the company's silence about the whole thing is just making the problem worse. Why won't the WSJ step up and issue a real correction on all of the errors?

Filed Under: arpanet, corrections, errors, history, internet, l gordon crovitz, parc, vint cerf
Companies: xerox

Yet Another (Yes Another) Error In Megaupload Case: Search Warrants Ruled Illegal

from the keystone-kops dept

Early on, we pointed out that the legal theories behind the shutting down of Megaupload and the arrest of its founders were highly questionable. And since then, we've seen that it wasn't just the legal theories that were problematic, but nearly everything about the case, including a bunch of procedural issues. There's been lost evidence and plans to destroy evidence. There have been procedural errors that knocked out a restraining order for being improperly filed, as well as the failure to properly serve the company, which may lead the case against the company (but not the individuals) to be dropped entirely. On top of that, the US has been acting as this is all pretty straightforward, but have already been surprised to discover that the New Zealand government won't simply rubberstamp the extradition.

The latest update may create an even bigger headache for the US in its crusade against Kim Dotcom and Megaupload. High Court judge Helen Winkelmann has ruled that the search warrants used to seize Kim Dotcom's property... were illegal. Yeah, that's going to present a problem for the US. She also ruled that the FBI broke the law in taking data from Dotcom's computers out of the country. But the illegal warrants are the big deal here:

She said the search warrants were invalid because they were general warrants which lacked specificity about the offence and the scope of the items to be searched for.

Without a valid warrant, police were trespassing and exceeded what they were lawfully authorised to do.

Justice Winkelmann said no one had addressed whether police conduct also amounted to unreasonable search and seizure, but her preliminary view was that it did.

In other words, it's not only entirely possible that the government won't even be able to use anything from what they seized in a case, but they may, themselves, be in trouble for breaking the law and violating Dotcom's privacy rights.

The specific problem? The warrant did not actually state what US laws were supposedly broken -- which is kind of important, especially since this was about a case in the US and a person in New Zealand. If it's not made clear that the warrant is under US laws, then it "would no doubt cause confusion to the subjects of the searches...they would likely read the warrants as authorising a search for evidence of offences as defined by New Zealand law."

So not only do we have a weak case, the whole process in the case has been a complete joke and may mean that the US is unable to use much of the evidence it collected, can't extradite Dotcom and... has little actual basis to move forward with a lawsuit. Honestly, I'm somewhat amazed at the number of mistakes by the feds in such a case. It increasingly feels like they did this because they felt the need to "do something" right after the effort to pass SOPA and PIPA stalled out -- and in their rush to make Hollywood like them again, the feds didn't bother to actually pay much attention to the details. Sometimes it's "creative" to color outside the lines. At other times, it's called cooking up a case on trumped up charges for political reasons.

Filed Under: errors, fbi, helen winkelmann, illegal search & seizure, kim dotcom, new zealand, procedures
Companies: megaupload