Category Archives: Technology

State Dept Spox on outages at embassies: “separate”, “unconnected”, “unrelated” — wowie zowie!

– Domani Spero

 

We’ve blogged about the outages at overseas posts yesterday (see State Department’s “Technical Difficulties” Continue Worldwide, So What About the CCD?).  On November 17, US Embassy Albania’s internet connection was down and US Embassy London could not accept credit card payments and its online forms for visa and passport inquiries were not working. US embassies in Moscow, Madrid, Manila, Beirut, Ankara, Cameroon, Oslo and Astana tweeted that they were “experiencing technical difficulties that may result in delays in visa processing.”

Unofficial sources tell us that State Department employees are now able to send email outside the Dept but still no Internet access. The Department’s mobile access site GO (go.state.gov) and Web PASS  (Web Post Administrative Software Suite Explorer) are both still offline.

What’s WebPASS?   via WebPASS Privacy Impact Assessment (2009):

WebPASS Explorer (“WebPASS”) is a suite of business applications used by overseas posts to administer a variety of internal activities. Some but not all applications under WebPASS collect and maintain personally identifiable information (PII) about post employees, their family members, and visitors. WebPASS is web-enabled and operates within the confines of OpenNet, the Department’s sensitive but unclassified (SBU) network.

The main application is Web Post Personnel (Web.PS), which is a database of the American employees (AEs), their dependents, and Locally Employed Staff (LES). Whereas the official record for an AE employee is maintained in Washington, DC, the Web.PS database supports local personnel-related tasks. Its LES-related features support personnel actions for LES staff directly hired at the post such as intake, assignments, transfers, grade increases, and terminations.

After an AE or LES staff is established in Web.PS, some of their basic identifiers (e.g., name, employee type, office) may be pulled electronically into other WebPASS applications that support separate functions such as motor pool operations, residency in government-held real property, and distribution of pharmaceutical medications.

The most sensitive unique identifier in WebPASS is the record subject’s SSN, which is stored in Web.PS.

 

Hey, if Professor Boyd, the American ambassador’s husband in Homeland had access to WebPASS, he could have saved himself some sneaking around just to discover (and tamper) with Carrie’s medication!

In any case, on November 18, the State Department spokesman Jeff Rathke was asked about the recent reported hacking and the outages at our embassies. The official word seems to be that these outages at ten posts (maybe more, but those posts have not tweeted their technical difficulties) are separate, unconnected, unrelated or [insert preferred synonym]  to the “technical difficulties” at Main State. Simply put, you folks stop racking your brains with suspicions, these outages are simply, and purely  coincidental.

Of course, coincidences happen every day, but the more I watch these official press briefings, the less I trust coincidences.

Excerpt:

QUESTION: Hacking?

MR. RATHKE: Yes, Lara, please.

QUESTION: Everybody’s favorite topic. You had talked yesterday from the podium about how the – it’s only the unclassified email systems at the State Department that was affected by this most recent data breach that prompted the suspension of – sorry, I’ve got suspended on my mind – (laughter) – but that prompted the shutdown over the weekend. But there’s been some suggestions that some of the missions and embassies and consulates have had some problems or could have some problems with processing passports or visas.

MR. RATHKE: No.

QUESTION: No? Not at all?

MR. RATHKE: No, no. These are unconnected. I mean, we have a separate system that deals with those types of consular issues – passports, visas, and so forth. Now there may be other technical issues that have arisen in one place or another. Is there a specific –

QUESTION: Yeah. Embassy Beirut, I think, had to –

MR. RATHKE: Yeah. No, that’s unrelated to the outage that we’ve had here.

QUESTION: Well, what’s going on in Embassy Beirut, then?

MR. RATHKE: Well, I don’t have the specifics, but it’s a separate issue. And I – from what I understand, they were able to continue doing their operations today, so it was not any major impediment.

I can give you an update, though, on the outage. I can report that our external email services from our main unclassified system are now operating normally, and for those who feel they are tethered to their Blackberries, they are once again, because the Blackberry service is working. So our unclassified external email traffic is now normal, so we’ve had some progress since yesterday’s discussion. So much of it is now operational. Much of our systems that had connectivity to the internet are now operational. We have a few more steps that’ll be taken soon to reach full restoration of our connectivity.

QUESTION: But just to clarify, no consular services, no client-based services –

MR. RATHKE: That’s a separate –

QUESTION: — have been affected by this outage?

MR. RATHKE: No, not to my knowledge. That’s – those are separate.

Yeah.

QUESTION: Do you have internet access from the unclassified system now?

MR. RATHKE: No, we are not – we do not have internet access at this stage. That will be restored soon, we expect. Sorry, yes?

QUESTION: Anything else major that you don’t have now?

MR. RATHKE: No. No, I think that’s mainly it. But it – this has not stopped us from doing our work, so –

QUESTION: The classified system never went down, correct?

MR. RATHKE: No, it was never affected at any point. So as mentioned yesterday, that hasn’t changed. It was not affected.

 

Congress remains more than interested:

 

And now the FBI is wading into the breaches:

* * *

About these ads

Leave a comment

Filed under Congress, Diplomatic Attacks, Huh? News, Leadership and Management, Security, State Department, Technology, Technology and Work, U.S. Missions, Visas

State Dept’s Critical National Security Database Crashes, Melts Global Travelers’ Patience

– Domani Spero

 

The first announcement about the troubled Consular Consolidated Database (CCD) went out on Wednesday, July 23:

The Department of State Bureau of Consular Affairs is currently experiencing technical problems with our passport/visa system.  This issue is worldwide and is not specific to any particular country, citizenship document, or visa category.  We apologize to applicants who are experiencing delays or are unable to obtain a passport, Consular Report of Birth Abroad, or visa at this time. We are working urgently to correct the problem and expect our system to be fully operational again soon.

The AP reported on July 23 that unspecified glitches have resulted in performance issues since Saturday, which would be July 19.

On July 25, CA announced:” Our visa and passport processing systems are now operational, however they are working at limited capacity. We are still working to correct the problem and expect to be fully operational soon.”

A State Department official speaking on background told us the same day that this issue was not/not caused by  hackers. We were told that the CCD crashed shortly after maintenance was performed and that the root cause of the problem is not yet known.

On July 27, CA released an update:

As of July 27, the Department of State has made continued progress on restoring our system to full functionality. As we restore our ability to print visas, we are prioritizing immigrant cases, including adoptions visas. System engineers are performing maintenance to address the problems we encountered. As system performance improves, we will continue to process visas at U.S. Embassies and Consulates worldwide. We are committed to resolving the problem as soon as possible. Additional updates will be posted to travel.state.gov as more information becomes available.

On July 29, CA posted this on FB:

The Department of State Bureau of Consular Affairs continues to make progress restoring our nonimmigrant visa system to full functionality. Over the weekend, the Department of State implemented system changes aimed at optimizing performance and addressing the challenges we have faced. We are now testing our system capacity to ensure stability. Processing of immigrant visas cases, including adoptions, remains a high priority. Some Embassies and Consulates may temporarily limit or reschedule nonimmigrant visa interview appointments until more system resources become available to process these new applications. We sincerely regret the inconvenience to travelers, and are committed to resolving the problem as soon as possible. Additional updates will be posted to travel.state.gov as more information becomes available.

 

The CA Bureau’s Facebook page has been inundated with comments. There were complaints that at one post the visas were printing fine and then they were not. There were complains from people waiting for visas for adopted kids, for fiancees, for family members, for family waiting at the border, for students anxious to get to their schools, people worried about time running out for diversity visas, applicants with flights already booked, and many more.  One FB commenter writes, “I feel that the problem most people have is not that the system broke, but the lack of clear, meaningful information so people can make appropriate plans.

Other than what the CA Bureau chose to tell us, we cannot pry any substantial detail from official sources.  We, however, understand from sources familiar with the system but not authorized to speak for the bureau that the CCD has been having problems for sometime but it got worse in the last couple weeks.   If you’re familiar with the highs and lows of visa operation, this will not be altogether surprising.  Whatever problems already existed in the system prior to this “glitch” could have easily been exacerbated in July, which is the middle of the peak travel season worldwide. A source working in one of our consular posts confirmed to us that the system is back running, but not at the normal level and that the backlogs are building up. Another source told us that Beijing already had a 15k NIV backlog over the weekend.  We haven’t yet heard what are the backlogs like in mega visa-issuing posts like Brazil, Mexico and India.

We understand that everyone is currently doing all they can to get the process moving, but that some cases are getting through the system, while some are not. No one seems to know why this is happening. These machine readable visas are tied to the system and there are no manual back-ups for processing these cases (more of that below).

 

So who owns CCD?

The Consular Systems and Technology (CA/CST) manages the CCD.  We have previously blogged about its troubled past:

CST is currently headed by a new Director, Greg D Ambrose who reports to the CA Bureau’s Assistant Secretary.  It looks like despite the 2011 OIG recommendation, the CST deputy position remains vacant. We should also note that the  Asst Secretary for Consular Affairs Janice Jacobs retired this past April.  No replacement has been nominated to-date and Michele T. Bond has been Acting Assistant Secretary since Ms. Jacobs’ departure.

Last September, Mr. Ambrose was with FedScoopTV and talked about Consular One, the future of consular IT.

 

CST Just Got a New Data Engineering Contract

In Many 2014, ActioNet, Inc., headquartered in Vienna, Virginia,announced a 5-year task order for data engineering, supporting CST.

ActioNet, Inc. announced today the award of a five (5)-year task order entitled Data Engineering (DE) in support of Department of State (DOS). This task order will provide data engineering and database infrastructure support services necessary for planning, analysis, design, and implementation services for the Bureau of Consular Affairs.  These service also include contract and program management support to ensure that innovation, efficiency, and cost control practices are built into the program. […] The Office of Consular Systems and Technology (CST) within the Bureau develops, deploys and maintains the unclassified and classified IT infrastructures that help execute these missions. The Bureau currently manages over 800 servers worldwide, in order to comply with the fast paced changes inherent to data processing and telecommunications, CST requires that contractor services provide for rapid provisioning of highly experienced and trained individuals with the IT (information technology) backgrounds and the security clearances required of CA’s environment of workstation-based local and wide-area network infrastructures.

Due to limited information available, we don’t know if the new Consular One and/or the new DE contract are related to ongoing issues or if there are hardware issues, given the multiple legacy systems, but we do know that CST has both an impressive and troubled history. Let’s take a look.


Records Growing by the Day

The 2010 Consular Consolidated Database (CCD) Privacy Impact Assessment (PIA) describes (pdf) the CCD as “one of the largest Oracle based data warehouses in the world that holds current and archived data from the Consular Affairs (CA) domestic and post databases around the world.”  According to the PIA, in December 2009, the CCD contained over 100 million visa cases and 75 million photographs, utilizing billions of rows of data, and has a current growth rate of approximately 35 thousand visa cases every day. The 2011 OIG report says that in 2010, the CCD contained over 137 million American and foreign case records and over 130 million photographs and is growing at approximately 40,000 visa and passport cases every day.

That was almost four years ago.


A Critical Operational and National Security Database with No Back-Up System?

According to publicly available information, the CCD’s chief functions are 1) to support data delivery to approved applications via industry-standard Web Service queries, 2) provide users with easy-to-use data entry interfaces to CCD, and 3) allow emergency recovery of post databases.  The CCD also serves as a gateway to IDENT and IAFIS fingerprint checking databases, the Department of State Facial Recognition system, and the NameCheck system. It  provides access to passport data in Travel Document Issuance System (TDIS), Passport Lookout Tracking System (PLOTS), and Passport Information Electronic Records System (PIERS).  The OIG says that the CCD serves 11,000 users in the Department and more than 19,000 users in other agencies, primarily the Department of Homeland Security (DHS) and various law enforcement elements, and is accessed more than 120 million times every month.

Given that the CCD is considered “a critical operational and national security database,” there is surprisingly no redundancies or any back-up system.


Resurrect the Standard Register protectograph aka: `Burroughs visas’?

No one is actually suggesting that but when the CCD system is down, there is no manual way to issue a visa. No post can  handprint visas  because security measures prevent consular officers from printing a visa unless it is approved through the database system. Here is a quick history of the handprinted ‘Burroughs visas’ and the machine readable visas via the GPO:

November 18, 1988, mandated the development of a machine-readable travel and identity document to improve border entry and departure control using an automated data-capture system. As a result, the Department developed the Machine Readable Visa, a durable, long-lasting adhesive foil made out of Teslin.

Before MRVs, nonimmigrant visas were issued using a device called a Standard Register protectograph, otherwise known as a Burroughs certifier machine. It produced what was colloquially known as a “Burroughs visa,” an indelible ink impression mechanically stamped directly onto a page in the alien’s passport. Over time, Burroughs machines were gradually replaced by MRV technology, which is now used exclusively by all nonimmigrant visa issuing posts throughout the world.

Burroughs visas contained a space in which a consular employee was required to write the name of the alien to whom the visa was being issued. An alien’s passport might also include family members, such as a spouse, or children, who also had to be listed on the visa. In March 1983, in order to expedite the issuance of nonimmigrant visas and to improve operational efficiency, the Department authorized the use of a “bearer(s)” stamp for certain countries so that consular officers would not have to spend time writing in the applicant’s name (and those of accompanying family members). MRVs, however, must be issued individually to qualified aliens. Consequently, the “bearer”annotation has become obsolete.

The problem with the old Burroughs machine, besides the obvious, was maybe — you run out of ink, the plates are ruined/broken or you need it oiled. We could not remember those breaking down. With the MRV technology, all posts are connected to a central database, and the new machines by themselves cannot issue visas.  Which brings us to the security of that system.

 

Management Alert on Information System Security Program

The State Department PIA says that “To appropriately safeguard the information, numerous management, operational, and technical security controls are in place in accordance with the Federal Information Security Management Act (FISMA) of 2002 and information assurance standards published by the National Institute of Standards and Technology (NIST).” Must be why in November 2013, the Office of the Inspector General issued a Management Alert  for significant and recurring weaknesses found in the State Department’s Information System Security Program over the past three fiscal years (FY 2011-2013).

In 2011, State/OIG also issued a report on CA’s CST division and has, what appears to be a lengthy discussion of the CCD, but almost all of it but a paragraph had been redacted:

Screen Shot 2014-07-30 at 8.40.37 AM

That OIG report also includes a discussion of the Systems Development Life Cycle Process and notes that decision control gates within CST’s SDLC process are weak. It cites a couple of examples where this manifested: 1) the development of the Consular report of Birth Abroad (CRBA) system. “The ownership of development and deployment shifted throughout the process, and the business unit’s requirements were not clearly communicated to the development team. As a result, CST designed and tested the CRBA for a printer that did not match the printer model identified and procured by the business unit;” 2)  the Crisis Task Force application, for which CST was tasked to enhance its Web-facing interaction. “The deployment of this application has been challenged by the lack of project ownership and decision controls, as well as by the incomplete requirements definition. The use of incorrect scripts that were provided by the CM group has further delayed the Crisis Task Force application’s deployment.”

 

If there’s somethin’ strange in your CCD, who ya gonna call? (Glitchbusters!)

The Consular Consolidated Database (CCD) is central to all consular operations. It is run by CST where according to the OIG, “the smooth functioning of every part of the office depends on its contractors.” And because it runs such an important element of U.S. national security systems, if all CST’s contractors, all 850 of them quit, this critical consular data delivery to the State Department and other Federal agencies would screech to a a halt.

To carry out its mandate, CST must provide uninterrupted support to 233 overseas posts, 21 passport agencies, 2 passport processing centers, and other domestic facilities, for a total of 30,000 end users across 16 Federal agencies and in nearly every country. CST faces 24/7/365 service requirements, as any disruption in automated support brings operations to an immediate halt, with very serious implications for travelers and the U.S. image.
[…]
CST is led by a director and is staffed by 68 full-time equivalent (FTE) employees (62 Civil Service and 6 Foreign Service). There are 12 positions (3 Foreign Service and 9 Civil Service) currently vacant. CA recently authorized CST 19 additional FTE positions. There are also more than 850 contractors operating under nearly 30 different contracts. In FY 2010, CST’s annual operating budget was approximately $266 million.

If CCD is compromised for a lengthy period such as the last couple of weeks, what is the back up plan to keep the operation going?  Obviously, none. It’s either down or running under limited or full capacity.  No one we know remember CCD problems persist this long.  Right now, we know from a reliable source that the system is not down, and some cases and going through but — what if the CCD is completely down for two weeks … four weeks … wouldn’t international travel come to a slow stop?

What if CCD goes down indefinitely whether by hardware or software glitch or through malicious penetration by foreign hackers, what happens then?

Currently, it appears nothing can be done but for folks to be patient and wait until the fixes are in.  We know they’re working hard at it but there’s got to be a better way.   Perhaps we can also agree that this has very serious national security implications on top of disgruntled travelers and a grave impact on the U.S. image overseas.

 

 Related items:

May 2011 |  Inspection of The Bureau of Consular Affairs, Office of Consular Systems and Technology (CST) Report Number ISP-I-11-51

-11/30/13   Audit of Department of State Information Security Program (FISMA) (AUD-IT-14-03)  [3610 Kb]  Posted January 29th, 2014

-01/13/14   Management Alert on OIG Findings of Significant, Recurring Weaknesses in Dept of State Info System Security Program (MA-A-0001)  [6298 Kb]  Posted on January 16, 2014

 

 Related articles

 

 

1 Comment

Filed under Bugs, Consular Work, Contractors, Federal Agencies, Foreign Service, Govt Reports/Documents, Huh? News, Legacy, Security, Spectacular, Staffing the FS, State Department, Technology, Technology and Work, Visas

State/OIG Issues Alert on Recurring Weaknesses of State Department’s Computer Security

|| >    We’re running our crowdfunding project from January 1 to February 15, 2014. If you want to keep us around, see Help Diplopundit Continue the Chase—Crowdfunding for 2014 via RocketHub  <||

 

– By Domani Spero

In November 2013, Inspector General Steve Linick issued a management alert memo to the State Department’s Management Control Steering Committee concerning the “significant and recurring weaknesses” of its information system security program over the past three fiscal years (2011-2013).

The recurring weaknesses identified were in six areas: Authority to Operate (ATO), Baseline Controls, Scarming and Configuration Management Controls, Access Controls, Cyber Security Management, and Risk Management and Continuous Monitoring Strategies.

A backgrounder from the OIG report:

The Department of State (Department) is entrusted to safeguard sensitive information, which is often the target of terrorist and criminal organizations. Cyber attacks against Government organizations appear to be on the rise,’ including state-sponsored efforts to exploit U.S. Government information security vulnerabilities. The Department is responsible for preserving and protecting classified information vital to the preservation of national security in high risk environments across the globe. The Department also undertakes significant numbers of financial and other transactions, including, for instance, the daily collection of millions of dollars in consular fees. In addition, the Department maintains records on approximately 192 million current passports,5 which contain such sensitive personally identifiable information (PII) as dates of birth and social security numbers. To protect this information, the Department must ensure that its Information System Security Program and management control structure are operationally effective.

Some of the examples of weaknesses cited include the following:

  • In FY 2013, OIG found another instance of access control weakness. Specifically, OIG reported that 36 employees assigned to the [Redacted] (b) (5).  Pursuant to 12 FAM 232, those systems can only be accessed by individuals possessing appropriate clearances. The 36 employees did not possess such clearances.
  • On August 20, 2013, the Bureau of Information Resource Management (IRM) reported that the Department had a total of 6,369  system administrators. According to IRM officials, system administrators are given network-wide permissions to allow them to collaboratively manage and troubleshoot issues.“ However, such broad access by large numbers of system administrators also subjects the system to risk. The recent, highly-publicized breach of information pertaining to national security matters by Edward Snowden, a contract systems administrator, starkly illustrates the issue.”
  • The Bureau of Diplomatic Security did not have the administrative credentials needed for Demilitarized Zone servers  to perform periodic scanning.

State/OIG made three recommendations including directing the Office of the Chief Information Officer to employ the services of the National Security Agency (NSA) to conduct independent penetration testing to further evaluate the Information System Security Program and outline a range of technical and procedural countermeasures to reduce risks.

On December 13, 2013, James Millette, the chairman of the Steering Committee and the State Department’s Comptroller who also heads the State Department’s Bureau of the Comptroller and Global Financial Services (CGFS) sent the OIG a written response which says  that they “respectfully disagree on the level of severity these weaknesses collectively represent.” Part of the response also includes the following:

Your memo recommended that the MCSC direct IRM to employ the services of the National Security Agency (NSA) to conduct independent penetration testing. The Committee believes that DS, like the OIG, has direct lines to the Secretary and has the capability to be independent in these matters. In addition, DS assured the Committee that they have the capability and work with and have the confidence of NSA in these matters. We believe OIG would not disagree that DS has the capability to adequately perform the testing. However, we fully understand the issue of perception of independence. Therefore the MCSC is supportive of DS and IRM having further discussions with the OIG on this matter to determine the best plan of action to perform penetration testing that meets the needs of the OIG and Department management. In addition, at the meeting, we suggested that there may be other alternatives to NSA, such as using a 3rd party to review the methodology used by DS.

That’s an old timer at the State Department telling the new IG that the Committee believes that Diplomatic Security (DS)  like the Office of the Inspector General (OIG) has “direct lines” to the Secretary?  Really!  It is a fact that DS reports to “M” or the Under Secretary for Management  and not directly to the Secretary.  (Unless, the Committee thinks the OIG also reports to “M” just like DS)?  OIG is one of the ten offices at State that reports directly to the Secretary.  If  the Secretary in practice delegates that authority, he has two deputies above the under secretaries, and one of them is for management and resources.

On Jan 13, 2014, the Inspector General sent another memo to the Management Control Steering Committee. The memo indicates closure of one recommendation but left the other two issues “unresolved.” This is also where the OIG patiently explains to the Committee what it means by “independence.”

OIG considers Recommendation 3, pertaining to independent penetration testing, unresolved. The MCSC indicated that it is supportive of the Bureau of Diplomatic Security (DS) and IRM having further discussions with OIG on this matter, but it further stated that “OIG would not disagree that DS has the capability to adequately perform the testing.” The issue, however, is not about DS’s “capability” but its independence and perceived independence.

According to the National Institute of Standards and Technology (NIST):

An independent assessor is any individual or group capable of conducting an impartial assessment of security controls employed within or inherited by an information system. Impartiality implies that the assessor is free from any perceived or actual conflicts of interest with respect to the development, operation, and/or management of the information system or the determination of security control effectiveness.

Because DS is actively involved in the Department’s Information System Security Program, it cannot be considered an independent, impartial assessor. The recommendation will remain open until OIG reviews and accepts documentation showing that independent penetration testing has been implemented. The penetration testing must be performed by the National Security Agency or an equally qualified organization independent of the Department and approved by OIG.

The NSA is already conducting pentest on critical U.S. infrastructures among other things.  Why is State thinking only DS, or third party and not NSA?

* * *

Related item:

-01/13/14   Mgmt Alert on OIG Findings of Significant and Recurring Weaknesses in the Dept of State Info System Security Program (MA-A-0001)  [6298 Kb]

Leave a comment

Filed under Diplomatic Security, Federal Agencies, Leadership and Management, Security, State Department, Technology, Technology and Work

Telephone Scam: Infected Computer? But…But…I Live in a Tent and Don’t Have a Computer

—By Domani Spero

The Internet Crime Complaint Center (IC3®) released its 2012 report recently.  Here’s one of the scams described:

In a twist to the pop-up scareware scheme, victims began receiving telephone calls from individuals allegedly claiming to be from legitimate well-known software companies. The victims of these calls were advised malware had been detected on their computers and posed an impending threat. The fraudsters tried to instill a feeling of urgency so victims would take immediate action and log on to their computers. Once the victims logged in, the fraudsters directed them to the utility area of the computers, where they appeared to demonstrate how the computers were infected. The fraudsters offered to rid the computers of the malware for fees ranging from $49 to $450. When the victims agreed to pay the fees, they were directed to a website where they entered a code or downloaded a software program that allowed the fraudsters remote access to their computers.

These folks are actually quite persistent.  The first time I got this call, the caller spoke in heavily accented English. I told the person politely that I have difficulty understanding what he was saying. The person connected me to his supervisor who was no better at it. Finally they gave up on me since I was dumb and dumber and they had to repeat half a dozen times their explanation of what’s a malware. That was fun!

Another time, I scolded the caller for implying that my computer is some sort of ET who can call “home.” That was not even fun and a waste of time since they interrupted my favorite chore of laundry making.

Now when these folks call, I just tell them I live in a tent and do not own a computer.  You can hear their minds literally crash.  Oh, and they haven’t called since.

(^-^)V

 

 

 

 

 

 

Leave a comment

Filed under Funnies, Hall of Shame, Scams, Technology

Take Time Today to Tell Your Senators to #StopCISPA

Via the Electronic Frontier Foundation.  Click on the image below to use EFF’s automated system to email your senators.  Sunlight Foundation shows that backers of the Cyber Intelligence Sharing and Protection Act had $605 million in lobbying expenditures from 2011 through the third quarter of last year compared to $4.3 million spent by opponents of the bill. Lopsided resources in action.

Screen Shot 2013-04-21

EFF: U.S. House of Representatives Shamefully Passes CISPA; Internet Freedom Advocates Prepare for a Battle in the Senate

ACLU:  CISPA Explainer #1: What Information Can Be Shared?

ACLU: CISPA Explainer #2: With Whom Can Information Be Shared?

ACLU:  CISPA Explainer #3: What Can Be Done With Information After It Is Shared?

The Security Skeptic:  What you (still) need to know about CISPA

– DS

 

 

 

 

 

Leave a comment

Filed under Congress, Current Stuff, Privacy, Technology, Uncategorized

Mubarak Govt shuts down Internet, Egypt is now in an undisclosed location online

Via Renesys CTO, James Cowie:

Confirming what a few have reported this evening: in an action unprecedented in Internet history, the Egyptian government appears to have ordered service providers to shut down all international connections to the Internet. Critical European-Asian fiber-optic routes through Egypt appear to be unaffected for now. But every Egyptian provider, every business, bank, Internet cafe, website, school, embassy, and government office that relied on the big four Egyptian ISPs for their Internet connectivity is now cut off from the rest of the world. Link Egypt, Vodafone/Raya, Telecom Egypt, Etisalat Misr, and all their customers and partners are, for the moment, off the air.

At 22:34 UTC (00:34am local time), Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet’s global routing table. Approximately 3,500 individual BGP routes were withdrawn, leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt’s service providers. Virtually all of Egypt’s Internet addresses are now unreachable, worldwide.

Read the whole thing here.

This may turn out to be a dumb and dumber move. Roll back the tape to 1986 and the people power in the Philippines. That was before Google, Facebook and Twitter.  One dictator, family and best friends booted out of that country after years of plunder. Before ISPs.       

 


Leave a comment

Filed under Countries 'n Regions, Current Stuff, Dissent, Foreign Affairs, Technology, US Embassy Egypt

Which part of the US has been googling WikiLeaks the most?

Here’s a clue – 10% of all U.S. federal procurement money is spent in this state. 

Clue #2, this state hosts several federal agencies which include  the Central Intelligence Agency, the Department of Defense, the National Geospatial-Intelligence Agency (NGA) and others.

Ta-dah!

What’s in Virginia? Besides the headquarters of several federal agencies? About 263,552 federal employees and retirees according to 2008 stats, not to mention a host of defense contractors that call the state home.  And within Virginia, the most googlers come from — Sterling –

What’s in Sterling, Virginia?

Screen capture above from Google Insights for Search which “analyzes a portion of worldwide Google web searches from all Google domains to compute how many searches have been done for the terms you’ve entered, relative to the total number of searches done on Google over time.” The snapshots change according to search parameters.

Probably just interesting to nerdy cats like us …


Leave a comment

Filed under Federal Agencies, Google Stuff, Leaks|Controversies, Technology

New FS Blog: Former FS Brat writes about FS Brat 2.0

Four Globetrotters is “the (most likely) incoherent ramblings of a sleep-deprived single mother living overseas with her trio of kiddos.” The blog is by a Foreign Service Officer who have almost 10 years with State, “currently live overseas in a country which for now shall remain unnamed.” She also has the distinction of being a former FS brat (brat used in a good way) or third culture kid now looking at FS kids growing up in the white glare of the web 2.0 galaxy. Excerpt below:

Foreign Service Brats — That Was Then, This Is Now

I’m an old school Foreign Service brat.

In some of the places where I grew up we only got mail every couple months.  We didn’t have a telephone.  We didn’t have cable.  We didn’t have internet.

Our social lives consisted of other families at post and our classmates at school.  If we wanted to talk to each other we’d use our radio and everyone and their mother would listen in (“Gunsmoke Alpha, this is Cherry Bravo.  Would you like to come over for a Sierra Lima Echo Echo Papa Oscar Victor Echo Romeo, over?”).
[…]
When I was a kid, you left post and you knew that was it.  You said your goodbyes, you grieved, and you moved on and focused on your next post, your next school, your next set of friends.  Now with the Internet, Skype, Vonage, Facebook, Twitter, APO/DPO, etc making it much easier to stay connected, you can maintain a virtual presence pretty much anywhere in the world.
[…]
What I’m seeing around me, both with my own children and the children of some of my colleagues, are much longer “transition periods”.  Thanks to Facebook and Skype primarily, the FS Brat 2.0 clings to his or her past and refuses to see the possibilities in front of them.  They’re bogged down in an information overload, emotions pulled between the past and the present — loyalties are questioned.  Are you betraying your friends at post X by going out and building a life in post Y?

It’s like pulling a bandaid off s-l-o-w-l-y and suffering the pain over a longer period of time.  Or to be even more dramatic, it’s like dating again after your spouse has died.  Are you betraying your spouses’ memory by going out and continuing to live your life?  Except in the case of the poor FS Brat 2.0 their “spouse” never dies; he or she just lingers on life support forever.
[…]
My heart really goes out to this new generation.  At least when I was a kid the bandaid was yanked off as soon as the plane went wheels up.

Radio? what’s a radio?  She’s a fun read.  See the whole thing here.

And while you’re visiting her blog, do not/not miss reading her story on why you must be kind to your OMS.

Leave a comment

Filed under Foreign Service, FS Blogs, FSOs, Realities of the FS, Technology

Want an iPod Touch? Get Touched by TSA on 11/24

iPod touch - My PDA.Image by MJTR (´・ω・) via FlickrWhy TSA did not think of this first, baffles my brain.  An iPad would be nice, too. Or anything that’s in short supply this holiday season would probably do the trick (jobs are in short supply, of course, but that may be too tricky for giveaways). Want a turkey? Get touched by TSA (just make sure it’s not a frozen turkey). Want a tussle? Get touched by TSA. But absolutely no biting! Oh, my – one can go on and on with this with a beginning rhymes dictionary.

Via Loopt.com:

National Opt-Out Day – the day before Thanksgiving – is the busiest travel day of the year. In light of recent controversy, many plan to refuse a backscatter scan at airport security, and instead choose a (fairly invasive) pat-down. Either way, people can count on longer-than-usual airport lines.

As a slight gift to opt-outers out there, Loopt is giving away 10 iPod Touches for TSA touching. Just check into your airport on Loopt* on Wednesday, November 24 (with iPhone, iPod Touch or Android), share a bit about your experience, push it to Twitter with the hashtag #touchedbyTSA, and you can win an iPod Touch. That simple.

The company Loopt was formed in 2006 “to build mobile applications that use location to help you enjoy the friends, places, and events around you right now.” Loopt offers a suite of mobile applications that run on over 100 different phones and are enjoyed by more than 4 million people.


Leave a comment

Filed under Current Stuff, Federal Agencies, Huh? News, Technology

Quickie: Biometric bureaucracy swaps sanity for safety in Turkey

Biometrical Turkish PassportImage via Wikipedia

Işıl Eğrikavuk has a first person account in Turkey‘s Hürriyet Daily News about the country’s new biometric passports:

The biometric passports, or e-passports, introduced June 1 in Turkey are supposed to make travel easier and reduce the amount of time spent at borders and customs checkpoints.
[…]
These features give e-passports a higher level of security and make it easier to verify a traveler’s identity, hence preventing identity theft and document forgery. Officials say they also represent an important phase in Turkey’s EU harmonization process.
[…]
On June 9, I went to the Eyüp police station, right at the appointed time, and with all my papers ready. I was still confident that I could apply for a passport, but as I moved through the bureau, the cold truth hit me. “We can’t see the online appointments, you have to come here at 6 a.m. and put your name on the list,” an officer said. He was not joking. My eyes started to well up with tears.

For the third time, I had been turned away, and I had a valid passport in my hand. What could I say? I had even received a text message the day before reminding me about my appointment. I tried explaining this, but they repeated the same words: “We cannot see the online appointments. You have to come here early.”

The next day I woke up at 5 a.m. and went to Eyüp. I was in front of the police station at 6 a.m., yet I was already the 26th person on the list. A police officer told me that people had started to show up at 3 a.m. “We started writing their names at 5:30 a.m.,” he said. “You are lucky to have put your name down, because they only take 40 people a day.”
[…]
I waited for six long hours at the police station. At a quarter to noon, my name was called. I was fingerprinted and joined the line to present my papers.

“I cannot see your passport registration in the archives,” the officer said. “You need to either go to the police office where you first got your passport, or you need to apply for a new one. But if you apply for a new one, we can’t transfer your valid dates into your new passport. You have to pay to extend your new passport’s date.”

So this was my choice: Go to another station and wait for another six hours, or pay 754 liras to get a new passport valid for five years. I was out of time, strength and patience. I paid the money.
[…]
Getting an e-passport costs 71 euros in Belgium and 28 euros in Estonia (both valid for five years.) In Italy, the cost is 44 euros and the passport is valid for 10 years. In Russia, a passport valid for 10 years costs the equivalent of 66 euros.

Mine cost me the equivalent of 394 euros.

At prices like that, Turkey surely has the world’s most expensive passport.
[…]
If the e-passports really make Turkey more prestigious, give me humble and simple any day.

Read the whole thing here.


Leave a comment

Filed under Consular Work, Countries 'n Regions, Technology, Technology and Work