“18% of online adults have had important personal information stolen such as their Social Security Number, credit card, or bank account information. That’s an increase from the 11% who reported personal information theft in July 2013.
21% of online adults said they had an email or social networking account compromised or taken over without their permission.The same number reported this experience in a July 2013 survey.”—More online Americans say they’ve experienced a personal data breach | Pew Research Center (via onaissues)
Defined by paradoxes and anomalies, the trickster is clever and foolish at once, the deceiver and the deceived, breaker of rules, and inventor of culture. He is both cruel and kind, intelligent and obtuse. He is a shapeshifter who crosses not only physical…
By Alex Stamos, Chief Information Security Officer
When I joined Yahoo four weeks ago, we were in the middle of a massive project to protect our users and their data through the deployment of encryption technologies as we discussed in our November 2013 Tumblr.
Avoid use of oils, lotions and detergents because they can trap the chemicals and thereby prolong exposure. Wash your clothes, your hair and your skin beforehand in a detergent-free soap (such as Dr.Bronner’s or most eco-friendly products).
We recommend using a water or alcohol-based sunscreen (rather than oil-based). If your choice is between oil-based or nothing, we advocate using the sunscreen. Getting pepper sprayed on top of a sunburn is not fun.
We also recommend minimizing skin exposure by covering up as much as possible. This can also protect you from the sun, as can a big hat.
Gas masks provide the best facial protection, if properly fitted and sealed. Alternatively, goggles (with shatter-proof lenses), respirators, even a wet bandana over the nose and mouth will help.
How to deal:
STAY CALM. Panicking increases the irritation. Breathe slowly and remember it is only temporary.
If you see it coming or get a warning, put on protective gear, if able, try to move away or get upwind.
Blow your nose, rinse your mouth, cough and spit. Try not to swallow.
If you wear contacts, try to remove the lenses or get someone to remove them for you, with CLEAN, uncontaminated fingers.
DO NOT RUB IT IN.
We have been doing trials with pepper spray to find good remedies and have found some things will definitely help minimize the discomfort. None of these are miracle cures; using these remedies will help people to feel better faster, but it will still take time.
For the eyes and mouth:
We recommend a solution of half liquid antacid (like Maalox) and half water. A spray bottle is ideal but a bottle that has a squirt cap works as well. Always irrigate from the inside corner of the eye towards the outside, with head tilted back and slightly towards the side being rinsed. It seems from our trials that it needs to get into the eye to help. This means that if the sprayed person says it’s okay you should try to open their eye for them. They most likely won’t be able/willing to open it themselves, and opening will cause a temporary increase in pain, but the solution does help. It works great as a mouth rinse too.
For the skin:
We recommend canola oil followed by alcohol. Carefully avoiding the eyes, vigorously wipe the skin that was exposed to the chemical with a rag or gauze sponge saturated with canola oil. Follow this immediately with a rubbing of alcohol. Remember that alcohol in the eyes hurts A LOT. Anyone whose eyes you get alcohol in will not be your friend. Secondary treatments can include: spitting, blowing your nose, coughing up mucous (you don’t want to swallow these chemicals!), walking around with your arms outstretched, removing contaminated clothing, and taking a cool shower. In fact, it is essential to shower and wash your clothes (this time in real detergents—no eco-friendly stuff here) as soon as you are able. This shit is toxic, and will continually contaminate you and everyone around you until you get rid of it. Until then, try not to touch your eyes or your face, or other people, furniture, carpets etc. to avoid further contamination.
Dorian Satoshi Nakamoto: I did not create, invent or otherwise work on Bitcoin
My name is Dorian Satoshi Nakamoto. I am the subject of the Newsweek story on Bitcoin. I am writing this statement to clear my name.
I did not create, invent or otherwise work on Bitcoin. I unconditionally deny the Newsweek report.
The first time I heard the term “bitcoin” was from my son in mid-February 2014. After being contacted by a reporter, my son called me and used the word, which I had never before heard. Shortly thereafter, the reporter confronted me at my home. I called the police. I never consented to speak with the reporter. In an ensuing discussion with a reporter from the Associated Press, I called the technology “bitcom.” I was still unfamiliar with the term.
My background is in engineering. I also have the ability to program. My most recent job was as an electrical engineer troubleshooting air traffic control equipment for the FAA. I have no knowledge of nor have I ever worked on cryptography, peer to peer systems, or alternative currencies.
I have not been able to find steady work as an engineer or programmer for ten years. I have worked as a laborer, polltaker, and substitute teacher. I discontinued my internet service in 2013 due to severe financial distress. I am trying to recover from prostate surgery in October 2012 and a stroke I suffered in October of 2013. My prospects for gainful employment has been harmed because of Newsweek’s article.
Newsweek’s false report has been the source of a great deal of confusion and stress for myself, my 93-year old mother, my siblings, and their families. I offer my sincerest thanks to those people in the United States and around the world who have offered me their support. I have retained legal counsel. This will be our last public statement on this matter. I ask that you now respect our privacy.
Dorian Satoshi Nakamoto Temple City, California March 17, 2014
Senator Feinstein recently claimed that the CIA may have violated the federal computer hacking statute, the Computer Fraud and Abuse Act, by searching computers used by the Intelligence Committee to conduct CIA oversight. Based on the facts we know so far, I’m skeptical of the claim that the CIA violated the statute. This post explains why.
Let me start with some background on the Computer Fraud and Abuse Act (CFAA), codified at 18 U.S.C. 1030. The CFAA is a computer trespass statute. It prohibits intentional unauthorized access to computers much like physical trespass laws prohibit unauthorized physical entry. The structure of the CFAA presumes that there is a computer owner or operator who controls access rights to each computer, much like an owner/operator controls access rights to physical property. The statute then punishes a person who obtains unauthorized access to the computer in violation of the access rights set by the owner/operator of the computer.
The scope of the CFAA is really murky in part because there is great uncertainty as to what kinds of access rights set by the owner/operator have the force of law. Everyone agrees that if the owner/operator sets up a code-based barrier to access, such as a password gate, then bypassing the code-based barrier is a violation. But there’s a circuit split on whether violating a written restriction or other contractual agreement is enough to trigger the statute. For example, if an employer says that an employee can only use the company’s network for official business, does an employee commit an unauthorized access if he uses the computer for personal reasons in violation of the policy? Some courts say “yes,” and other courts say “no.”
With this background in place, let’s turn to the CIA monitoring. According to Senator Feinstein, the CIA provided computers to the Intelligence Committee for its members to use, with the promise that only CIA IT people would access the computers. The CIA allegedly then broke that promise and looked through the computers anyway outside the IT context. The question is, did this access violate the CFAA?
I think there are four reasons to be skeptical that the CIA’s conduct violated the statute.
First, it’s not at all clear who controls access rights to the accessed computers. Who is the owner/operator of the computers? The CIA owns the machines, but the Committee was their primary operator. Who has the superior claim to control access? I don’t think there’s an obvious answer. There is no caselaw on how to resolve conflicting claims of control between owners and operators. Courts haven’t even been clear that it’s the owner/operator who controls access generally; the statute assumes this and the cases reflect it, but courts haven’t been clear on the point because it hasn’t come up. So it’s a pretty murky area. My instinct is that the CIA probably has a better claim to controlling access than the Committee, as it is both the owner of the machine and maintains some residual rights to have IT people access the computers. But that’s just my instinct.
Second, assuming that the Committee has access rights, there’s the subsequent question of whether the CIA’s access violated an access restriction that the CFAA protects. Was the only barrier to CIA access the agreement between the CIA and the Intelligence Committee? If so, that implicates the circuit split over whether violation of contractual terms can trigger CFAA liability.
Third, assuming the Committee controls access rights and the CIA breached an access restriction, was the access intentional with respect to the element of lacking authorization? If the CIA thought that it had rights to access the computer, then perhaps the access was not intentionally unauthorized and therefore not a CFAA crime.
Fourth, there’s an exception to the statute that may apply. 18 U.S.C. 1030(f) states: “This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity … of an intelligence agency of the United States.” We don’t know exactly what this means, and especially what makes an activity “lawfully authorized,” because no court has interpreted that section. But it’s possible that it applies and negates CFAA liability.
Taking these four legal issues together, I think it’s an uphill climb to argue that the CIA violated the CFAA. Establishing CFAA liability requires concluding that the Committee properly controlled access; that the CIA violated an access restriction that the CFAA protects; that the violation was intentional; and that the exception doesn’t apply. Each of these issues are significant, and reaching the opposite conclusion on any of these issues would negate any CFAA liability.