The White House rejected a call Tuesday to pardon Edward Snowden, saying the former intelligence contractor should "be judged by a jury of his peers" for leaking US government secrets.

The US administration re-iterated its tough stance against the exiled fugitive, whom supporters regard as a whistleblower, in response to a petition on the White House website signed by more than 167,000 people.

Lisa Monaco, an advisor on homeland security and counterterrorism, said Snowden's "dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it."

She said that Snowden, who has been granted asylum in Russia after he leaked documents on vast US surveillance programs to journalists, is "running away from the consequences of his actions."

"If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: challenge it, speak out, engage in a constructive act of protest, and -- importantly -- accept the consequences of his actions," she wrote.

"He should come home to the United States, and be judged by a jury of his peers -- not hide behind the cover of an authoritarian regime."

The US administration has branded Snowden a hacker and a traitor who endangered lives by revealing the extent of the National Security Agency spying program.

But his revelation that the NSA siphons vast quantities of telephone data from private US citizens struck a cord and Congress has begun to amend once secret laws.

Snowden has been nominated for the Nobel Peace Prize for the second year in a row and has received a string of international awards for free speech and civil liberties.

The petition took up this call.

"Edward Snowden is a national hero and should be immediately issued a a full, free, and absolute pardon for any crimes he has committed or may have committed related to blowing the whistle on secret NSA surveillance programs," it said.

Earlier this year, Congress passed a law which requires the NSA to end bulk data collection. The administration said Monday the NSA will stop a

In spite of self-congratulatory pats on the back from several corners of the security world, this week's decision from the Commerce Department's Bureau of Industry and Security (BIS) to rewrite the proposed U.S. implementation of the Wassenaar Arrangement rules was an expected outcome—albeit an unusual one.

A 60-day comment period ended on July 20 and an outpouring of opposition from more than 300 technology companies and individual researchers against the first round of rules helped sway BIS. The rules, most argued, were too broad, sweeping up legitimate technologies such as penetration testing software, as well as encompassing white-hat research that involves the development of proof of concept exploits for new vulnerabilities.

The intent of the rules is to prevent not only the sale, but also support of, so-called intrusion software developed by companies such as Gamma International (FinFisher) or Hacking Team (Remote Control System). Intrusion software is used by law enforcement agencies and government agencies, including those in sanctioned nations, to monitor the activities of citizens, not only introducing computer security and privacy concerns, but also human rights issues as the personal safety of some individuals could be put at risk through the use of these tools. Some experts said that vague language in the rules' first draft demonstrated a lack of understanding of computer security, in particular of how terms such as zero-day apply in this context.

Collin Anderson, a security researcher in the Washington, D.C., area who has studied Wassenaar and export controls, was among those who expected BIS to come out with a second proposal and another comment period, calling the first round an "information-seeking process." He points out that in the history of BIS and the implementation of Wassenaar rules there generally isn't a proposed rule or a comment process, and that this was a much more engaged process between the affected parties than the norm.

"I think [BIS] understood and was reflective of the process and comments made that they understood at a certain point they didn't have the information they needed," Anderson said. "They understood they had hit a limit in their ability to understand the impact to the security industry."

The new rules proposal could show up anywhere in the next couple of months through the next scheduled Wassenaar Plenary in December. Until then experts urge the security community to continue to work with BIS in refining critical issues and avoiding some of the landmines that plagued the first round.

"So this is a minor win, but only a first step. The real hard work comes now," said Nate Cardozo, staff attorney for the Electronic Frontier Foundation (EFF). Cardozo said EFF has been engaging with the Commerce Department since May 20 when the first draft was published.

"What we're hoping for is a rethink on how export controls on software can work in a way that protects human rights, which this rule would not have accomplished," Cardozo said, in addition to protecting security research, academics and innovators. "We have some thoughts on how this export control regime might look different: We want to define the end uses and end users you want to control sales and support to."

Cardozo applauds the security industry's outreach to BIS in an attempt to educate them and lobby for rules that balance goals on both ends of the spectrum. He too saw a knowledge gap for BIS and that its focus on zero-day development is not in line with how the intrusion software they're trying to control works.

"[BIS] pretty clearly didn't understand the actual market for the type of software they're trying to get at. There's this whole focus in the proposed rule on zero days, but HackingTeam and FinFisher have a couple of zero days but that's not what they rely on," Cardozo said. "The sorts of software they're worried about relies on old exploits and social engineering. This focus on zero day out of BIS was weird and frankly came from NSA which is focused on zero day."

Moving forward, experts in the U.S. figure to be involved in crafting the next draft of the rules.

"I'm hopeful and looking forward to being part of the solution of helping with the noble goal of protecting human rights, while not hindering defense," said Katie Moussouris, chief policy officer at HackerOne. "The rule as it was written would have harmed internet defense far more than offense could have done alone.

"From a big picture standpoint, the technical security community needs to provide constructive feedback to help point out where these regulations and laws have strayed so far from their intent that they do more harm than good. A little empathy will go a long way to keep the communication lines open."

They say the Senate's CISA cyberthreat information sharing bill would allow businesses to share too much information

U.S. President Barack Obama should oppose legislation intended to let businesses share cyberthreat information with each other and with government agencies because the bill would allow the sharing of too much personal information, a coalition of digital rights groups and security experts said.

The coalition of 39 digital rights and privacy groups and 29 security experts urged Obama to threaten to veto theCybersecurity Information Sharing Act (CISA), a bill that may come to the Senate floor for a vote by early August. CISA would protect from customer lawsuits those businesses that share cyberthreat information.

"CISA fails to protect users' personal information," the coalition said in a letter to Obama, sent Monday. "It allows vast amounts of personal data to be shared with the government, even that which is not necessary to identify or respond to a cybersecurity threat."

The groups compared CISA to the controversial Cyber Intelligence Sharing and Protection Act (CISPA), a cyberthreat sharing bill that the House of Representatives approved in 2013. CISPA failed to become law after Obama threatened to veto it.

Backers of CISA and similar bills say the sharing of cyberthreat information is necessary for businesses and government agencies to respond to ongoing attacks.

"We cannot continue to have citizens' personal information needlessly exposed to foreign adversaries and criminals," Senator Richard Burr, a North Carolina Republican and main sponsor of CISA, said in June. "We can no longer simply watch Americans' personal information continue to be compromised."

A spokeswoman for Burr didn't immediately respond to a request for comment on the letter opposing CISA.

CISA has several problems, the groups said in their letter: It would allow government agencies to use information shared by businesses to investigate crimes unrelated to cyberattacks, and it allows the cyberthreat information to be shared with the National Security Agency and other surveillance agencies.

In addition, CISA would "undermine Internet security" by allowing businesses to deploy countermeasures during cyberattacks, even if those defensive actions would otherwise be illegal under the Computer Fraud and Abuse Act.

Among the groups signing the letter to Obama were the American Civil Liberties Union, the Center for Democracy and Technology, the Electronic Frontier Foundation and the New America Foundation's Open Technology Institute.

Security experts signing the letter included Ronald Rivest, a computer science professor at the Massachusetts Institute of Technology; Bruce Schneier, a fellow at the Berkman Center for Internet and Society at Harvard University; and Dan Wallach, a computer science professor at Rice University.

Fight the Future, one of the groups signing the letter, has set up FaxBigBrother.com, encouraging U.S. residents to call or fax senators in opposition to the bill.

CISA is a "dirty deal that turns Facebook and Google into government spies that are totally immune from the law," the group said on the website.

"Congress is so out of touch with modern technology that they're introducing vulnerabilities into the Internet they can't even begin to fix," the group said. "If they're going to be this 1984-surveillance backwards, we're going to turn any text or tweet into faxes to the whole U.S. Senate until they stop. Hopefully that's old enough tech they can understand."

A New York judge ruled Tuesday that Facebook has no legal standing to challenge the constitutionality of search warrants served on its users, highlighting the limits to online companies' abilities to protect user privacy. Last year, Facebook appealed a court decision requiring it to hand over data, including photos and private messages, relating to 381 user accounts. The data was sought as part of an investigation by the New York County District Attorney's office into a disability fraud case. Other companies including Google and Microsoft filed briefs supporting Facebook's move, as well as the American Civil Liberties Union. In her decision on Tuesday, Judge Dianne Renwick of the New York State Supreme Court said Facebook has no constitutional or statutory right to challenge a warrant before it's issued. Facebook had argued that the warrants function like subpoenas, because they require the company to be responsible for producing data and delivering it to the government. It said the federal Stored Communications Act gave it the right to challenge any order or subpoena served upon it. That argument rested on a misinterpretation of the law, Renwick wrote. The ruling comes as major technology companies tout their efforts to protect users from government data requests, which became a greater concern after Edward Snowden leaked information about government surveillance programs. Renwick said she understood Facebook's concerns about the scope of bulk warrants issued, and the district attorney's right to retain the data indefinitely. "Facebook users share more intimate personal information through their Facebook accounts than may be revealed through rummaging about one's home," she wrote. A Facebook spokesman said the company was considering whether to appeal the decision. "We continue to believe that overly broad search warrants -- granting the government the ability to keep hundreds of people's account information indefinitely -- are unconstitutional and raise important concerns about the privacy of people's online information," he said. Zach Miners covers social networking, search and general technology news for IDG News Service.

Most international staff I know who are working in the humanitarian field aren’t paying any attention to cybersecurity. Why is that? For starters, it’s an issue rooted in the security community which humanitarians have traditionally tried to maintain at arm’s length. But also humanitarians see themselves as the good guys; "we’re delivering food and water to needy people," the argument goes, "who would want to launch a cyberattack against us?" While this argument has been undermined by the fact that even well-meaning humanitarians are targeted by armed actors using traditional weapons, there’s still a reluctance to pay attention to cybersecurity.  And humanitarian actors are under pressure to keep their overheads low so that they can distribute most of their funds to people in need – not to beefing up their IT departments.

Read more ...

Thousands of t-shirts, hats, sweatshirts and other items containing an ancient mathematical symbol were pulled from an online marketplace last week for allegedly violating a registered trademark: Pi (π.)
 
According to the U.S. Patent and Trademark Office, Brooklyn-based artist Paul Ingrisano was granted a registered trademark on the 3,000 year old mathematical constant (and sixteenth letter of the Greek alphabet) near the end of January. 
 
He had originally filed for a trademark on the Pi symbol in November of 2012 on the grounds that his company "Pi Productions Corp" produced t-shirts featuring the symbol, followed by a period.
 
Wired reports that when Ingrisano discovered a wide array of apparel containing the Pi symbol on Zazzle.com, a massive online retailer that allows users to create their own merchandise, he contacted his lawyer.
 
"It has been brought to our client's attention that your business, Zazzle Com/AKA Zazzle Inc., has been using the mathematical symbol ‘pi,’ referred to herein as the ‘PI trademark,’ in association with the marketing or sale of your products or of products offered through your services," wrote Ingrisano's lawyer, Ronald Millet, in a cease-and-desist letter sent to the company on May 16.  
 
"We have evidence of your unlawful products to preserve as evidence. Accordingly, you are hereby directed to CEASE AND DESIST ALL COPYRIGHT INFRINGEMENT," the letter continued, citing U.S. registered trademark number 4473631
 
 
Zazzle responded by immediately removing all garments including any form of the symbol, which is popular among math geeks and often used as fodder for jokes.
 
"This impacted thousands of products,” said Zazzle spokeswoman Diana Adair to Wired. “How many actually sold would be a much smaller number of course.”
 
Zazzle sent a formal notice to its sellers informing them of the ban and removal, but many were unimpressed with the news.
 
"Yesterday I got a notice that one of my items was being removed due to trademark infringement. Here’s the notice," wrote blogger and Zazzle seller Dave Lartigue, providing a portion of the email he received, along with the design that was being pulled from his shop:
 
 

Outraged by the idea that someone had trademarked a mathematical symbol, Lartigue, like many around the web, argued that the U.S Patent office had made a mistake.

 
"Pi is an irrational constant in mathematics. It’s the name given to the ratio of a circle’s diameter to its circumference. It’s denoted by the Greek letter 'pi'. This symbol is used in every mathematical text and paper involving this ratio, and has been since at least 1706," he wrote "And now someone’s claiming they’ve trademarked it and no one else can use it? That’s like trademarking the number three, or hell, the e in the design, which is another mathematical concept. It’s clearly absurd to anyone except, I guess, Zazzle."
 
Jez Kemp, another blogger and Zazzle seller who has several Pi designs for sale, argued similarly on his blog that "this would be like McDonalds claiming the letter M as a trademark. The trademark is in the combination of style and symbol, not the symbol itself."
 
Both bloggers responded to Zazzle, informing the company that Ingrisano's trademark specifically protects the Pi symbol with a period after it — something neither of their designs included.
 
In a reply to Kemp, published on an active Zazzle forum called "Mathematical 'Pi' symbol is trademarked?" Zazzle's content management team defended its ban.
 
"You are correct in the description of the registered trademark as having a period," wrote Zazzle. "However, representatives of PI Productions Corp. is exercising their rights to protect their mark by not only restricting the use of their trademark, but also any similar marks that is likely to result in consumer confusion as part of the Lanham Act.". Similar replies were sent to other Zazzle users, resulting in an outpouring of rage and frustration online.
After much outcry, Zazzle decided to restore all products that had been removed for making use of Pi on Friday.
 
"After reviewing the take-down request more closely, Zazzle has decided to restore 'Pi' products as of today," wrote the company in a Zazzle forum. "Zazzle is a marketplace for a community of artists, and we want to continue to support artists who are creating original artwork."
 
By Monday, 5,338 different products were being returned under the search term "Pi" on Zazzle.
While many were pleased by Zazzle's decision to ignore the cease and desist letter from Ingrisano's lawyer, the design community is now keeping a close eye on the artist.
 
Several Zazzle forum users have made note of the fact that Ingrisano also has a pending trademark registration for the use of "I<3" — which means "I love" in netspeak.
 
"OH MY GOD! From the same guy????" wrote a user named ArtsmakersWorlds. "Is he going to register every number and symbol possible?"

In a lengthy post about the I<3 filing, Ben Davis summed up what much of the web was feeling on artnet news, writing "The Internet definitely does not <3 Paul Ingrisano right now."
 
original article by: