|Contents||Bulletin||Scripting in shell and Perl||Network troubleshooting||History||Humor|
|News||Danger of overcentralization||Recommended Links||Bureaucratic avoidance of responsibility||Bureaucracy as a Political Coalition|
|Bureaucracies||Bureaucratic ritualism||Bureaucratic Inertia||Bureaucratic Collectivism||Number of Servers per Sysadmin|
|Parkinson Law||The Peter Principle||The Power Elite||Corporate bullshit as a communication method||Unix flavors|
|Admin Horror Stories||Tips||History||Humor||Etc|
Shadow IT can be defined as software and hardware solutions as well as associated manpower used in organization that are neither approved not supported by the formal IT organization. Typically this is a reaction on excessive centralization and bureaucratization of IT, endemic for large corporations.
In the past few years, it's gone from being considered a problem to being consider something more or less tolerated because over-centralized IT is essentially unable to solve user problems. Helpdesk tickets are travelling two or more days in a bureaucratic maze before assigning to a specialist who can resolve them, laptops are unable to install patches and take 10 minutes to boot; Bluetooth stop working two years ago and nobody care why. Servers can be down for a week. Sounds familiar. It is ;-)
At the same time IT management is unwilling to acknowledge that the strategy to save cost via over-centralization is dead-ended and quickly reaches the stage of unintended consequences or as they are often called "centralization blowback". So, as we mentioned above, shadow IT naturally develops and mature as a reaction to excessive bureaucratization of central IT typical for large corporations. As well as loss of flexibility of IT (fossilization) resulting in the inability of IT to serve user needs. When a simple helpdesk ticket travels to central helpdesk and then is lingering somewhere for two days and then is assigned to clueless outsourcer, the user community quickly adapt, creates its own experts (out of the most knowledgeable users who run complex home networks, are involved with home automation or robotics) and knowledge centers and start ignoring official IT functions and services.
The term "blowback" is richer then the term of "unintended consequences" and includes the elements of hidden revolt or at least active counteraction to the policies of central IT. (The Full Wiki) :
Blowback is the espionage term for the violent, unintended consequences of a covert operation that are suffered by the civil population of the aggressor government. To the civilians suffering it, the blowback typically manifests itself as “random” acts of political violence without a discernible, direct cause; because the public—in whose name the intelligence agency acted—are ignorant of the effected secret attacks that provoked revenge (counter-attack) against them. Specifically, blowback denotes the resultant, violent consequences — reported as news fact, by domestic and international mass communications media, when the actor intelligence agency hides its responsibility via media manipulation. Generally, blowback loosely denotes every consequence of every aspect of a secret attack operation, thus, it is synonymous with consequence—the attacked victims’ revenge against the civil populace of the aggressor country, because the responsible politico-military leaders are invulnerable.
Originally, blowback was CIA internal coinage denoting the unintended, harmful consequences—to friendly populations and military forces—when a given weapon is carelessly used. Examples include anti-Western religious fanatics who, in due course, attack foe and sponsor; right-wing counter-revolutionaries who sell drugs to their sponsor’s civil populace; and banana republic juntas who kill American reporters.
This is the situation when, unfortunately, implicitly sending central IT to hell became politically correct in regional offices. But as everything it is important to remember Talleyrand advice to young diplomats "first and foremost, not too much zeal" ;-).
Shadow IT has several forms:
All-in-all rise of "Shadow IT" signify both loss of control and loss of influence that IT organizations experienced during the last decade. It is the most pronounced when due to over-centralization the quality of service became unacceptably low (despite Potemkin villages of official reporting with their excellent and completely fake "incident resolution time" metrics)
There are several major symptom of this loss of flexibility and alienation from user needs:
Like with any counterculture there are risks in using shadow IT. It you overstep your boundaries you can lose your job. But if everybody is suffering from the same problem attempt to find a solution outside normal IT channel usually is not punished severely. Typically such cases are just swiped under the rag. Often solution initiated as part of "shadow IT' later find its way into mainstream. In this sense it serves as internal innovation incubator.
Reagan citing old Russian proverb "Trust but verify" was right not only about international relations, but also about best policy for the user laptops. "Trust but verify" compliance is a better approach then "scan and block".
Removal of administrative privileges is essentially declaration from the central IT that the user lost the trust. And it rises the classic question "Who are the judges ?" Why often incompetent (in comparison with staff of engineering and research departments often having Ph.Ds among members) and detached from reality central IT staff should impose without consultation and consent from business departments measures that undermines productivity in those departments? After all central IT is a parasitic organization that spends money earned by business units. Why business units can't be consulted what that need and want and treated like children, who are just told what to do and what don't?
That's why users without administrator privileges on his/her laptops often rebel. Sometimes there is no direct removal, but severe restrictions are imposed via Active Directory (AD fascism). Restrictions that make doing useful work for certain tasks within the framework imposed by organization next to impossible. Again, this typically is not a problem in accounting department (which actually can squeeze overzealous IT jerks pretty easily ;-) but in research units and labs who have creative people able to smash those restrictions, and who understand some part of IT much better then central IT (especially people involved with such things like genome sequencing, molecular modeling, etc where community is generally extremely computer literate.)
At this point it is the central IT which is a loser as people are much more creative and often invent elegant tricks to bypass restrictions imposed by IT infrastructure and create more usable alternative. In other words shadow IT exists because the business unit(s) perceive that IT is not meeting their needs and using official tools is either unsuitably cumbersome and slow or is detrimental to the success of business.
The key performance indicator for IT is availability. But users satisfaction is equally important and disgruntled users represent much bigger danger to IT infrastructure. The danger that stupid and/or overzealous members of security group that invert those measure fail to understand... In other words instead of improving security such measures are undermining it.
Let's discuss countermeasures that "deprived" members of corporate units (and that typically includes some It members, for example Unix administrators) can use to restore status quo. There are several avenue for undermining this decision.
Those points are of course raw and incomplete. But stupidity of official policy is the gasoline that fuels "shadow IT renaissance" and inventions of those who are affected. Creatively bypassing of those restrictions is a banner of real IT professional. Pleas note that this often puts company data on far less protected then a regular corporate PC environment. Excessive zeal in security often backfire in a very interesting ways.
In many instances, corporate IT policies and standardization efforts are simply stupid in the very exact meaning of this word. They are often created by a clueless bureaucrat that does not understand (and don't want to) understand the situation "in the trenches". That means that even parts of official IT staff can be engaged in "shadow IT" activities.
The existence of Shadow IT implies a failure on the part of IT to provide the services to meet the users need. As such this problem is a typical sign of the rotting of IT organizations ("fish rots from the head") -- a widespread phenomenon due to promotion of incompetent manages, outsourcing and other related phenomenon. IT is no longer young and losing IQ this is just one of the ailment of the old age.
Deployment of unreliable, slow, resource hungry systems like Lotus Notes, Lotus Sametime, Documentum and to a certain extent SAP/R3 (which often has very slow response that defeats the purpose and benefits of the centralization) also stimulate search for alternatives.
Like any counterculture creating your own Web services entails certain risks including security risks but it would be simplistic just to condemn it like many writers do. For example
The existence of Shadow IT within an organization is symptomatic of a lack of alignment between business units and IT and, possibly, even senior management and IT. Shadow IT is, at best, a shortsighted strategy that may work well for a given business unit, but be detrimental for the organization overall.
(see The Dangers that Lurk Behind Shadow IT — Datamation.com). One precondition for creation of shadow Web services is the ability to run virtual mashine on you laptop desktop. Or on remote sites, availability of some local Linux expertise
Often Shadow IT is associated with Unix culture and open source software. Linux essentially started as countercultural phenomenon and only recently got corporate respectability. Firewall on Linux box can easily configured to exclude any outsiders. In with special non-routable network used the service is not visible outside the particular site and it represents much lesser security risks.
Any modern desktop is extremely capable and powerful server in disguise, often superior to the "real" server from HP or Dell that is five years old. If ti allow "dual boot" configuration you already has all the necessary infrastructure.
Also on remote sites there is always possibility to get "departmental" desktop and use it as departmental server. In case central IT goes nuts this is one path that might be considered. Using Internet ISPs and places like Amazon cloud is another possibility, but here the problem is that your data migrates outside of It infrastructure. This is a definite security risk and this way you might violate some corporate policy.
If using corporate file servers is too painful or the became too slow one extra laptop of desktop in the group can fill the void. A simple linux box with Samba is a decent and quick solution.
To a certain extent alternative email infrastructure existed as long as Web connectivity exist. Hotmail, Gmail and other Web-based mail applications automatically mean alternative email infrastructure. That only question if how widely it is used (it definitely should be used for all private emails). The fact that it is impossible to synchronize with corporate Blackberry or other smart phone works against shadow email infrastructure but many people have their own smart phones those days in additional to a corporate one.
Shadow IT is a reaction of users to the problem of fossilization and loss of efficiently and competence of over centralized IT organizations. As such it is just a symptom of the disease. In perverted world of corporate IT it is often serves to increase productivity and as such has the right for existence.
It is naive to think that an official edict can stop shadow IT from emerging in a typical large, bureaucratized IT organization with its multiple sites, multiple datacenters and multiple jerks, authoritarians ("kiss up, kick down" type), and psychopaths (especially dangerous are female psychopaths) at the top and middle levels of IT management.
Budgets cuts also stimulate looking for alternatives for officially supported IT products but not to the extent that bureaucratization and stagnation of "official" IT organizations.
Mar 28, 2015 | Zero Hedge
If, as one claims, one is innocent of i) using a personal email account to send out confidential information and/or to take advantage of one's political position to abuse opponents and ii) deleting said confidential emails against government regulations, what would one do when faced with a government subpoena demand? If one is the IRS' Lois Lerner, one would claim, against subsequently revealed facts, that a hardware error led to a permanent loss of all demanded emails, even though by email protocol definition, said emails are always stored on at least one off-site server. Or, if one is Hillary Clinton, one would just format the entire server.
This, according to the Hill, is precisely what Hillary Clinton has done as the recent clintonemail.com scandal continues to grow bigger and impair ever more the already frail credibility and decision-making skills of the former first lady and democratic presidential hopeful. According to the head of the House Select Committee on Benghazi says former Secretary of State Hillary Clinton has erased all information from the personal email server she used while serving as the nation's top diplomat.
"We learned today, from her attorney, Secretary Clinton unilaterally decided to wipe her server clean and permanently delete all emails from her personal server," Rep. Trey Gowdy (R-S.C.) said in a statement Friday.
What difference does it make if she deleted all her emails?
Apparently a lot.
The key question is when said server formatting took place. This appears to have taken place after the first production request had come in, which means that Clinton may well be guilty of destruction of evidence. He said while it's "not clear precisely when Secretary Clinton decided to permanently delete all emails from her server, it appears she made the decision after October 28, 2014, when the Department of State for the first time asked the Secretary to return her public record to the Department."
What's worse, the evidence destroyed officially is US government property, since it was all created when Clinton was an employee of Uncle Sam.
Last week, Gowdy sent a letter to Clinton's attorney asking that the email server be turned over to a third party in the hopes that an investigation could recover about 30,000 emails that her team deleted before turning the rest over to the State Department.
Gowdy said "it is clear Congress will need to speak with the former Secretary about her email arrangement and the decision to permanently delete those emails."
"Not only was the Secretary the sole arbiter of what was a public record, she also summarily decided to delete all emails from her server, ensuring no one could check behind her analysis in the public interest," Gowdy said.
Those intent on defending the former Secretary of State, such as the panel's top Democrat, Elijah Cummings may have their work cut out for them but that doesn't stop them from trying: Cummings said the letter the select committee received from Clinton's attorney detailing what happened the server proves she has nothing to hide.
"This confirms what we all knew — that Secretary Clinton already produced her official records to the State Department, that she did not keep her personal emails, and that the Select Committee has already obtained her emails relating to the attacks in Benghazi," he said in a statement.
"It is time for the Committee to stop this political charade and instead make these documents public and schedule Secretary Clinton's public testimony now."
Clinton has maintained that the messages were personal in nature, but Gowdy and other Republicans have raised questions over whether she might have deleted messages that could damage her expected White House run in the process.
"I have absolute confidence that everything that could be in any way connected to work is now in the possession of the State Department," Clinton said during a press conference in New York earlier this month.
Sadly, there is nothing but her word to go by at this moment: a word whose credibility has now been fatally compromised by her recent actions.
She said she had culled through more than 60,000 emails from her time at State and determined that roughly 30,000 of them were public records that should have been maintained.
Gowdy said given Clinton's "unprecedented email arrangement with herself and her decision nearly two years after she left office to permanently delete" information, his panel would work with House leadership as it "considers next steps."
Speaker John Boehner (R-Ohio), Gowdy and other members of the Benghazi panel in the past have hinted that the full House could issues a subpoena for Clinton's server.
The Hill concludes by treating the population to the next upcoming kangaroo court: House Oversight Committee Chairman Jason Chaffetz (R-Utah) has suggested his panel could hold hearings over Clinton's use of private email, emphasizing his panel's jurisdiction over violations of the Federal Records Act.
Will anything change as a result? Of course not, because the real decision-maker has already hedged its bets. Recall Blankfein has already indicated that despite his strong preference for a democrat president, one which would perpetuate the Fed's policies, "he would be fine with either a Bush or Clinton presidency." Which in a country controlled and dominated by lobby interests, and which happens to be the "best democracy that money can buy" is all that matters.
All you need to know about this toxic duo right there.
March 28, 2015 | State of the Nation
Emails disclosed by a hacker show a close family friend was funneling intelligence about the crisis in Libya directly to the Secretary of State's private account starting before the Benghazi attack.
This story was co-published with Gawker.
Update, March 27, 6:48 p.m.: This story has been updated to include responses from the FBI and the State Department.
Starting weeks before Islamic militants attacked the U.S. diplomatic outpost in Benghazi, Libya, longtime Clinton family confidante Sidney Blumenthal supplied intelligence to then Secretary of State Hillary Clinton gathered by a secret network that included a former CIA clandestine service officer, according to hacked emails from Blumenthal's account.
The emails, which were posted on the internet in 2013, also show that Blumenthal and another close Clinton associate discussed contracting with a retired Army special operations commander to put operatives on the ground near the Libya-Tunisia border while Libya's civil war raged in 2011.
Blumenthal's emails to Clinton, which were directed to her private email account, include at least a dozen detailed reports on events on the deteriorating political and security climate in Libya as well as events in other nations. They came to light after a hacker broke into Blumenthal's account and have taken on new significance in light of the disclosure that she conducted State Department and personal business exclusively over an email server that she controlled and kept secret from State Department officials and which only recently was discovered by congressional investigators.
The contents of that account are now being sought by a congressional inquiry into the Benghazi attacks. Clinton has handed over more than 30,000 pages of her emails to the State Department, after unilaterally deciding which ones involved government business; the State Department has so far handed almost 900 pages of those over to the committee. A Clinton spokesman told Gawker and ProPublica (which are collaborating on this story) that she has turned over all the emails Blumenthal sent to Clinton.
The dispatches from Blumenthal to Clinton's private email address were posted online after Blumenthal's account was hacked in 2013 by Romanian hacker Marcel-Lehel Lazar, who went by the name Guccifer. Lazar also broke into accounts belonging to George W. Bush's sister, Colin Powell, and others. He's now serving a seven-year sentence in his home country and was charged in a U.S. indictment last year.
The contents of the memos, which have recently become the subject of speculation in the right-wing media, raise new questions about how Clinton used her private email account and whether she tapped into an undisclosed back channel for information on Libya's crisis and other foreign policy matters.
Blumenthal, a New Yorker staff writer in the 1990s, became a top aide to President Bill Clinton and worked closely with Hillary Clinton during the fallout from the Whitewater investigation into the Clinton family. She tried to hire him when she joined President Obama's cabinet in 2009, but White House Chief of Staff Rahm Emanuel reportedly nixed the idea on the grounds Blumenthal was a divisive figure whose attacks on Obama during the Democratic primary had poisoned his relationship with the new administration.
It's unclear who tasked Blumenthal, known for his fierce loyalty to the Clintons, with preparing detailed intelligence briefs. It's also not known who was paying him, or where the operation got its money. The memos were marked "confidential" and relied in many cases on "sensitive" sources in the Libyan opposition and Western intelligence and security services. Other reports focused on Egypt, Germany, and Turkey.
Indeed, though they were sent under Blumenthal's name, the reports appear to have been gathered and prepared by Tyler Drumheller, a former chief of the CIA's clandestine service in Europe who left the agency in 2005. Since then, he has established a consulting firm called Tyler Drumheller, LLC. He has also been affiliated with a firm called DMC Worldwide, which he co-founded with Washington, D.C., attorney Danny Murray and former general counsel to the U.S. Capitol Police John Caulfield. DMC Worldwide's now-defunct website describes it at as offering "innovative security and intelligence solutions to global risks in a changing world."
In one exchange in March 2013, Blumenthal emailed Drumheller, "Thanks. Can you send Libya report." Drumheller replied, "Here it is, pls do not share it with Cody. I don't want moin speculating on sources. It is on the Maghreb and Libya." Cody is Cody Shearer, a longtime Clinton family operative—his brother was an ambassador under Bill Clinton and his now-deceased sister is married to Clinton State Department official Strobe Talbott—who was in close contact with Blumenthal. While it's not entirely clear from the documents, "Moin" may refer to the nickname of Mohamed Mansour El Kikhia, a member of the Kikhia family, a prominent Libyan clan with ties to the Libyan National Transition Council. (An email address in Blumenthal's address book, which was also leaked, was associated with his Facebook page.)
There's no indication in Blumenthal's emails whether Clinton read or replied to them before she left State on February 1, 2013, but he was clearly part of a select group with knowledge of the private clintonemail.com address, which was unknown to the public until
Gawker published it this year. They do suggest that she interacted with Blumenthal using the account after she stepped down. "H: got your message a few days ago," reads the subject line of one email from Blumenthal to Clinton on February 8, 2013; "H: fyi, will continue to send relevant intel," reads another.
The memos cover a wide array of subjects in extreme detail, from German Prime Minister Angela Merkel's conversations with her finance minister about French president Francois Hollande–marked "THIS INFORMATION COMES FROM AN EXTREMELY SENSITIVE SOURCE"—to the composition of the newly elected South Korean president's transition team. At least 10 of the memos deal in whole or in part with internal Libyan politics and the government's fight against militants, including the status of the Libyan oil industry and the prospects for Western companies to participate.
One memo was sent on August 23, 2012, less than three weeks before Islamic militants stormed the diplomatic outpost in Benghazi. It cites "an extremely sensitive source" who highlighted a string of bombings and kidnappings of foreign diplomats and aid workers in Tripoli, Benghazi and Misrata, suggesting they were the work of people loyal to late Libyan Prime Minister Muammar Gaddafi.
While the memo doesn't rise to the level of a warning about the safety of U.S. diplomats, it portrays a deteriorating security climate. Clinton noted a few days after the Benghazi attack, which left four dead and 10 people injured, that U.S. intelligence officials didn't have advance knowledge of the threat.
On September 12, 2012, the day after the Benghazi attack, Blumenthal sent a memo that cited a "sensitive source" saying that the interim Libyan president, Mohammed Yussef el Magariaf, was told by a senior security officer that the assault was inspired by an anti-Muslim video made in the U.S., as well as by allegations from Magariaf's political opponents that he had CIA ties.
Blumenthal followed up the next day with an email titled "Re: More Magariaf private reax." It said Libyan security officials believed an Islamist radical group called the Ansa al Sharia brigade had prepared the attack a month in advance and "took advantage of the cover" provided by the demonstrations against the video.
An October 25, 2012 memo says that Magariaf and the Libyan army chief of staff agree that the "situation in the country is becoming increasingly dangerous and unmanageable" and "far worse" than Western leaders realize.
Blumenthal's email warnings, of course, followed a year of Libyan hawkishness on the part of Clinton. In February of 2011, she told the UN Human Rights Council in Geneva that "it is time for Gaddafi to go." The next month, after having described Russian reluctance over military intervention as "despicable," Clinton met with rebel leaders in Paris and drummed up support for a no-fly zone while in Cairo. On March 17, 2011, the UN Security Council voted to back Libyan rebels against Gaddafi.
It's this buildup, which Clinton still proudly recalled in her 2014 memoir, that Blumenthal appears to join in on 2011. In addition to the intel memos, his emails also disclose that he and his associates worked to help the Libyan opposition, and even plotted to insert operatives on the ground using a private contractor.
A May 14, 2011 email exchange between Blumenthal and Shearer shows that they were negotiating with Drumheller to contract with someone referred to as "Grange" and "the general" to place send four operatives on a week-long mission to Tunis, Tunisia, and "to the border and back." Tunisia borders Libya and Algeria.
"Sid, you are doing great work on this," Drumheller wrote to Blumenthal. "It is going to be around $60,000, coverting r/t business class airfare to Tunis, travel in country to the border and back, and other expenses for 7–10 days for 4 guys."
After Blumenthal forwarded that note to Shearer, he wrote back questioning the cost of the operation. "Sid, do you think the general has to send four guys. He told us three guys yesterday, a translator and two other guys. I understand the difficulty of the mission and realize that K will be repaid but I am going to need an itemized budget for these guys."
"The general" and "Grange" appear to refer to David L. Grange, a major general in the Army who ran a secret Pentagon special operations unit before retiring in 1999. Grange subsequently founded Osprey Global Solutions, a consulting firm and government contractor that offers logistics, intelligence, security training, armament sales, and other services. The Osprey Foundation, which is a nonprofit arm of Osprey Global Solutions, is listed as one of the State Department's "global partners" in a 2014 report from the Office of Global Partnerships.'
Among the documents in the cache released by Lazar is an August 24, 2011, memorandum of understanding between Osprey Global Solutions and the Libyan National Transition Council—the entity that took control in the wake of Qadaffi's execution—agreeing that Osprey will contract with the NTC to "assist in the resumption of access to its assets and operations in country" and train Libyan forces in intelligence, weaponry, and "rule-of-land warfare." The document refers to meetings held in Amman, Jordan between representatives of Osprey and a Mohammad Kikhia, who represented the National Transition Council.
Five months later, according to a document in the leak, Grange wrote on Osprey Global letterhead to Assistant Secretary of State Andrew Shapiro, introducing Osprey as a contractor eager to provide humanitarian and other assistance in Libya. "We are keen to support the people of Libya under the sponsorship of the Ministry of Finance and the Libyan Stock Exchange," Grange wrote. Shapiro is a longtime Clinton loyalist; he served on her Senate staff as foreign policy advisor.
Another document in the cache, titled "Letter_for_Moin," is an appeal from Drumheller to then-Libyan Prime Minister Ali Zeidan offering the services of Tyler Drumheller LLC, "to develop a program that will provide discreet confidential information allowing the appropriate entities in Libya to address any regional and international challenges."
The "K" who was, according to Shearer's email, to be "repaid" for his role in the Tunisia operation appears to be someone named Khalifa al Sherif, who sent Blumenthal several emails containing up-to-the-minute information on the civil war in Libya, and appears to have been cited as a source in several of the reports.
Contacted by ProPublica and Gawker, Drumheller's attorney and business partner Danny Murray confirmed that Drumheller "worked" with Blumenthal and was aware of the hacked emails, but declined to comment further.
Shearer said only that "the FBI is involved and told me not to talk. There is a massive investigation of the hack and all the resulting information." The FBI declined to comment.
Blumenthal, Grange, and Kikhia all did not respond to repeated attempts to reach them. Nick Merrill, a spokesman for Clinton had no comment on Blumenthal's activities with Drumheller.
Whatever Blumenthal, Shearer, Drumheller, and Grange were up to in 2011, 2012, and 2013 on Clinton's behalf, it appears that she could have used the help: According to State Department personnel directories, in 2011 and 2012—the height of the Libya crisis—State didn't have a Libyan desk officer, and the entire Near Eastern Magreb Bureau, which which covers Algeria, Tunisia, Morocco and Libya, had just two staffers. Today, State has three Libyan desk officers and 11 people in the Near Eastern Magreb Bureau. A State Department official wouldn't say how many officers were on the desk in 2011, but said there was always "at least one" officer and "sometimes many more, working on Libya."
Reached for comment, a State Department public affairs official who would only speak on background declined to address questions about Blumenthal's relationship to Clinton, whether she was aware of the intelligence network, and who if anyone was paying Blumenthal. Asked about the Tunisia-Libya mission, the official replied, "There was a trip with the secretary in October of 2011, but there was also a congressional delegation in April, 2011. There were media reports about both of these at the time." Neither trip involved travelling via Tunis.
Mar 21, 2015 | The GuardianThe National Security Agency want to be able to hack more people, vacuum up even more of your internet records and have the keys to tech companies' encryption – and, after 18 months of embarrassing inaction from Congress on surveillance reform, the NSA is now lobbying it for more powers, not less.
NSA director Mike Rogers testified in front of a Senate committee this week, lamenting that the poor ol' NSA just doesn't have the "cyber-offensive" capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody's guess, but the idea that the NSA is somehow hamstrung is absurd.
The NSA runs sophisticated hacking operations all over the world. A Washington Post report showed that the NSA carried out 231 "offensive" operations in 2011 - and that number has surely grown since then. That report also revealed that the NSA runs a $652m project that has infected tens of thousands of computers with malware.
And that was four years ago - it's likely increased significantly. A leaked presidential directive issued in 2012 called for an expanded list of hacking targets all over the world. The NSA spends ten of millions of dollars per year to procure "'software vulnerabilities' from private malware vendors" – i.e., holes in software that will make their hacking much easier. The NSA has even created a system, according to Edward Snowden, that can automatically hack computers overseas that attempt to hack systems in the US.
Moving further in this direction, Rogers has also called for another new law that would force tech companies to install backdoors into all their encryption. The move has provoked condemnation and scorn from the entire security community - including a very public upbraiding by Yahoo's top security executive - as it would be a disaster for the very cybersecurity that the director says is a top priority.
And then there is the Cybersecurity Information Sharing Act (Cisa) the downright awful "cybersecurity" bill passed by the Senate Intelligence Committee last week in complete secrecy that is little more than an excuse to conduct more surveillance. The bill will do little to stop cyberattacks, but it will do a lot to give the NSA even more power to collect Americans' communications from tech companies without any legal process whatsoever. The bill's text was finally released a couple days ago, and, as EFF points out, tucked in the bill were the powers to do the exact type of "offensive" attacks for which Rogers is pining.
While the NSA tries to throw every conceivable expansion of power against the wall hoping that something sticks, the clock continues to tick on Section 215 of the Patriot Act – the law which the spy agency secretly used to collect every American's phone records. Congress has to re-authorize by vote in June or it will expire, and as Steve Vladick wrote on Just Security this week, there seems to be no high-level negotiations going on between the administration and Congress over reforms to the NSA in the lead-up to the deadline. Perhaps, as usual, the NSA now thinks it can emerge from yet another controversy over its extraordinary powers and still end up receiving more?
Chad Castellano -> Kevin OConnor 21 Mar 2015 13:58
Actually it doesn't matter if it is an American phone or computer. The NSA actually has no laws stopping them from doing this to foreign companies. The tens of thousands of computers they hacked in this article are computers outside US jurisdiction. And they have put hardline taps on companies overseas. So right now the only computers or phones with any legal protections are the ones in the U.S. The rest of the world is a legal target for the NSA. Always have been.
What we need is to disband the NSA and replace it with a 100% transparent agency not made up of megalomaniacs.
Kevin OConnor 21 Mar 2015 13:46
After reading this article , you need to ask yourself...
Anybody want to buy an American computer ?
How about an American phone ?
Hmm...I see an economic problem here ...
Mike5000 21 Mar 2015 13:34
The West has transitioned from democracies and republics to criminal empires run by spook gangs.
With total information comes total blackmail capability. Lawmakers and judges are puppets.
Fictional 007 was licensed to kill. Real spook gangs get away with murder, kidnapping, torture, blackmail, commercial espionage, narcotics, and arms trafficking.
ondelette -> zelazny 21 Mar 2015 12:29
Do tell. And when did stopping teenagers from joining ISIS become a problem of analyzing vacuumed foreign intelligence data? Do you really want the government to be the party making decisions for teenagers and sorting them out into ones who should be changed and ones who are safe the way they are? Based on surveillance?
The purpose of the government isn't to act as in loco parentis in place of idiots who don't know what to do with a child once it's not a cute baby anymore.
thankgodimanatheist -> zelazny 21 Mar 2015 11:41
You are assuming that the real powers in the world want to stop Daesh (ISIS) and other groups like that.
What if it is all a drama (a bizarre disgusting TV reality show) to keep us (the 99.9999999%) scared (terrorized) so we allow them to spend more money on arms (including more money for the NSA) and forget about real issues such as the fact that in the USA the net worth of the 6 children of Sam Walton is more than that of 50% of us (while our real incomes goes down every day - for the 95% of us) and in the world 80 people's net worth is more than that of 50% of the world population.
Be afraid, don't think, be very afraid...
That's their mantra!
Gary Paudler 21 Mar 2015 11:18
Not that surprising, when was the last time the Department of Defense did something that wasn't entirely offensive on some other country's soil?
mikedow -> Delaware 21 Mar 2015 11:15
You can left-click on that pop-up and nuke it if you have Adblocker. I had fun with Rusbridger's Coal Divestment Promo, by blasting it.
Eric Moller 21 Mar 2015 11:02
Why discuss anything .. The GOP has already shown a willingness to hand the NSA illegal powers under the table so to speak .. and even if the deadline for section 215 of the ( Benedict Arnold Act) expires it's not a problem ..
One thing Obama and Congress can agree on is the Continuation of our Tax dollars being spent on our Government spying on us .. The People .. They seem to be in lock step on that illegality .. Kinda like the Hitler High step ..
Quadspect -> zelazny 21 Mar 2015 11:00
Theoretically, NSA, in all its cyber-omniscience, watched arms smuggling by various governments into countries with factions that wanted to kill each other, watched the increasing justifiable fury at being droned and bombed and politically and economically interfered with that caused formation of terrorist groups --- Hardly an institution bent on protecting the 99 percent. NSA is up to Something Else Other Than National Security.
zelazny 21 Mar 2015 09:58
The NSA has learned that despite its ability to vacuum up massive amounts of data, it lacks the intelligence to sort it out and analyze it. Garbage in, garbage out.
Take for example the inability of the GCHQ or the NSA to stop teenagers, including teen age girls, from attempting, and actually succeeding, in joining ISIS and other groups.
They may have everyone's information, but they can't sort out the "good" guys from the "bad" guys.
So instead, they will do what the USA always has done -- attack the innocent to make sure they pose no threat, even if they never would pose a threat.
robtal 21 Mar 2015 09:40
Let the NSA do all the hacking they want if your so out of it you put sensitive stuff anywhere on a computor your loss.
Eccles -> whatdidyouexpect 21 Mar 2015 09:25
Using the standard US definition of terrorism they have had them for some decades. Using them, for example, to program missile targets, control drones, communicate, and hack fellow UN diplomats.
And your point is?
Mar 14, 2015 | The Register
Phil Barnett, a VP at mobile device management vendor Good Technology, questioned Clinton's data management practices.
"Personal and highly sensitive corporate data are very different and should be treated as such," Barnett said. "But that's not to say you can't have them on the same device. The user experience must be high quality to keep data secure – if your corporate security model is too heavy, people will find a way around it.
"Separating and containerising sensitive data allows one device to do both jobs while balancing usability and security. And the more sensitive the data, the more critical this approach becomes," he added.
The affair has created issues around using personal vs. government issued e-mail addresses, as well as the preservation requirements that apply to each case. The incident has also thrown up regulatory, compliance and storage/e-discovery issues.
Mark Noel, a former litigator for Latham & Watkins who went on to co-found an electronic discovery software firm before moving onto Catalyst Repository System, is more sympathetic to Clinton's DIY email set-up, arguing that there's a good chance that historically significant data will be recovered one way or another.
"The use of a personal email account doesn't necessarily mean there's any intent to hide things," Noel said. "It's very common for busy professionals to try to funnel everything into one email account or one device, because multiple devices or accounts are too much of a pain to deal with and take up way too much time. When the government or corporate system isn't set up to allow that kind of efficiency, people often craft their own solutions purely for the sake of getting their jobs done."
Emails sent or received by Clinton might still be accessible even if here or her staff either deleted or lost them for any reason. There are always copies at the other end, the managing director of professional services at Catalyst Repository System pointed out.
"Analysts who are complaining that 'there's no way we can know if there's anything missing' aren't quite right," Noel said. "We do this all the time in civil litigation and government investigations. Emails tend to leave copies on every server they touch, so even if a sender doesn't keep a copy of it, the receiver's email system probably did. If Ms. Clinton emailed other government issued accounts, those emails are very likely preserved – just in a different location."
Gaps in the record might also be revealed via practices common in commercial litigation, according to Noel.
"Additionally, there are other types of analysis, such as 'gap analysis' that can reveal whether email is likely missing, based on the usual pattern and quantities of email and whether there appear to be 'holes' in the emails that are preserved. These types of analyses are also quite common in civil litigation and government investigations where it is suspected that someone is intentionally hiding or deleting evidence," he concluded. ®
Mar 14, 2015 | The Guardian
flatulenceodor67 -> J.K. Stevens 14 Mar 2015 12:33
"She was on a secured server and has already confirmed that security was not breached."
What an ASININE statement believing a compulsive/corrupt KNOWN LIAR! I guess it takes one to know one.
Spanawaygal -> J.K. Stevens 14 Mar 2015 12:12
She's not a computer tech and hasn't got a clue as to whether security was breached. If the hackers can invade gov't websites (wikileaks) and major corporations, it's not only possible but very likely that her security was breached.
| The Guardian
A criminal suspect can’t be forced to divulge their phone passcode, a US circuit court judge ruled in October 2014. Yet law enforcement officials can compel a suspect to provide a fingerprint – which they can then use to unlock the phone and obtain data which may prove the case against them.
In an ongoing Canadian civil case, activity data from a Fitbit fitness band is being used to determine the truthfulness of an accident victim’s claim that she is less active now than before the accident.
And in another civil case, where a plaintiff argued that his injuries meant he was no longer able to operate a computer for lengthy periods of time, a court ruled that the defendants had a right to access metadata from his hard drive that showed how often the claimant had used his PC.
Keeping in mind David Cameron’s suggestion in January that there should be no such thing as private messaging, how much of this is reasonable? How do we strike a balance between the privacy of the individual and the state’s interest in justice being served?
It might be reasonably argued that the degree of intrusion should be proportional to the seriousness of the accusation. But this principle can easily take us into very grey territory.
Suppose the police and intelligence services are investigating a terrorist attack – a tube bombing. Ten people died: it’s clearly a very serious crime. The authorities know that the bomb was placed on the station platform sometime between 7:13am, when CCTV footage shows the bag definitely wasn’t there, and 7.23am, when the explosion occurred. Is it reasonable to pull the Oyster data from 7am to 7.23am, to identify all the people who entered the station between those times and cross-reference with police and security services files to search for anyone known or suspected to have terrorist links?
What if they do that and draw a blank? They will now want to know more about all those people who entered the first tube station between 7am to 7.23am. More than 250 people per minute enter a busy station during rush hour, so that’s 5,750 suspects. They’re pretty sure from the CCTV footage that the suspect is male, so they narrow it down to 2,875 people. And that’s all there is to go on so far. One of those men is our bomber, the other 2,874 of them are innocent.
Is it reasonable to get a blanket court order to examine the ISP and mobile phone records of all 2,875 people? With that many people, all the authorities are going to do is run a simple search of the metadata – the who-contacted-who part – and see if any of them have been in contact with any known or suspected terrorists. They’re not spying on your sexts to your girlfriend or emails from your credit card company querying a missed payment, they’re just looking at who you might have been in touch with.
No matches. But the explosive used in this attack was found to have been stolen from a demolition company in Leeds one week before the attack. A court order to run a search of the 2,875 suspects’ email records for train bookings to or from Leeds during that week is readied, and their car registration numbers are obtained, to see whether any of them were logged on any ANPR systems on the M1 during that time. That’s all. No other email content will be looked at, nor any other details of their driving history; just those two straightforward searches. Fair enough?
The suspects are narrowed down to 47 people whose cars were spotted at least once on the M1 at some point between London and Leeds during that week. There is got nothing else to go on, so the authorities now need to take a deeper dive into the online lives of those 47 people.
What could that involve? Most of us leave a pretty comprehensive digital footprint these days. Your fitness bank or sleep-tracking app logs the time that you woke up. Your ISP logs show which websites you visited, even which stories you read on Guardian.com over breakfast.
Phone GPS and wi-fi logs can enable your movements to be tracked to within tens of metres: your route to the tube station can easily be mapped. Oyster data logs the details of the subsequent tube journey: stations, dates, times.
Your email records are a goldmine. There’s the obvious stuff – who you were in contact with when, and what was said – but there’s so much more than that to be gleaned.
Ever had a password reminder emailed to you for iCloud or Google? Deleted the mail but failed to empty your trash can? Not an issue if you switched on two-factor authentication, but if you didn’t, the authorities now have remote access to the content of your phone. The entire content. Your phone does regular, automatic backups to Apple or Google servers, and with the right software, anyone can download and access them.
Your contacts. Your calendar. Your photos. Your notes. And more.
Collating the addresses of your contacts with your Oyster data tells us who you’ve been visiting, and how often. The authorities would soon know more about those 47 people than almost any of their friends.
What if they had been left not with 47 suspects but 200? 500? Where do we draw the line?
What if, instead of an actual bombing, it was an aborted attempt at the same, but without hard-and-fast proof – how does that change the equation of what is and isn’t acceptable?
These will always be difficult judgment calls, but while the individual decisions may need to be made in secret, it does not mean that the principles governing these decisions should themselves be secret or – worse – left to the whim of individual judges in individual cases.
It may not be possible to formulate hard-and-fast rules covering every eventuality, but there is every reason to set out clear and transparent guidelines within which decisions can be made – and no reason why the debate to determine these guidelines should not take place in public and in parliament.
CIA researchers have worked for nearly a decade to break the security protecting Apple (AAPL.O) phones and tablets, investigative news site The Intercept reported on Tuesday, citing documents obtained from NSA whistleblower Edward Snowden.
The report cites top-secret U.S. documents that suggest U.S. government researchers had created a version of XCode, Apple's software application development tool, to create surveillance backdoors into programs distributed on Apple's App Store.
The Intercept has in the past published a number of reports from documents released by whistleblower Snowden. The site's editors include Glenn Greenwald, who won a Pulitzer Prize for his work in reporting on Snowden's revelations, and by Oscar-winning documentary maker Laura Poitras.
It said the latest documents, which covered a period from 2006 to 2013, stop short of proving whether U.S. intelligence researchers had succeeded in breaking Apple's encryption coding, which secures user data and communications.
Efforts to break into Apple products by government security researchers started as early as 2006, a year before Apple introduced its first iPhone and continued through the launch of the iPad in 2010 and beyond, The Intercept said.
Breeching Apple security was part of a top-secret program by the U.S. government, aided by British intelligence researchers, to hack "secure communications products, both foreign and domestic" including Google Android phones, it said.
Silicon Valley technology companies have in recent months sought to restore trust among consumers around the world that their products have not become tools for widespread government surveillance of citizens.
Last September, Apple strengthened encryption methods for data stored on iPhones, saying the changes meant the company no longer had any way to extract customer data on the devices, even if a government ordered it to with a search warrant. Silicon Valley rival Google Inc (GOOGL.O) said shortly afterward that it also planned to increase the use of stronger encryption tools.
Both companies said the moves were aimed at protecting the privacy of users of their products and that this was partly a response to wide scale U.S. government spying on Internet users revealed by Snowden in 2013.
An Apple spokesman pointed to public statements by Chief Executive Tim Cook on privacy, but declined to comment further.
"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services," Cook wrote in a statement on privacy and security published last year. "We have also never allowed access to our servers. And we never will."
Leaders including U.S. President Barack Obama and British Prime Minister David Cameron have expressed concern that turning such privacy-enhancing tools into mass market features could prevent governments from tracking militants planning attacks. The CIA did not immediately reply to a request for comment.
10 March 2015 | The Guardian
The former secretary of state said she had preserved official communications but her office said she ‘chose not to keep her private, personal emails’
Hillary Clinton failed to quell mounting criticism over her controversial private email account on Tuesday evening after her office suggested she had erased more than half of her emails before turning them over for release to the American public.
In a statement released after a press conference intended to end a week-long controversy, Clinton’s office said that she did not preserve 31,830 of the 62,320 emails she sent and received while serving as Barack Obama’s secretary of state from 2009 to 2013.
“After her work-related emails were identified and preserved, Secretary Clinton chose not to keep her private, personal emails that were not federal records,” her office said, in a defiant nine-page explanation for the unusual arrangement that has put her under political fire.
Republicans accused Clinton of blocking transparency. It could not be confirmed whether the deleted archives included messages sent and received by Clinton relating to her family’s philanthropic foundation. Donations to the foundation by foreign governments and corporations are the subject of a separate ongoing controversy.
The continuing saga threatened to complicate the plans for her expected second campaign for the US presidency, which were thought to be in their final stages in advance of an announcement in April.
Criticism has grown since it was revealed last week that Clinton did not use an official government email address during her four years at the State Department. She instead conducted all official business using a private address under the ClintonEmail.com domain.
Clinton conceded at a press conference in New York on Tuesday afternoon that she had erred and “it would have been better” to have used separate email accounts for work and personal matters. However, she insisted she had used a single account on one mobile phone for “convenience”, adding: “I thought using one device would be simpler, and obviously, it hasn’t worked out that way.”
The former secretary’s office said she had turned over all 30,490 of her sent and received emails that related to her work to the State Department. They manually searched her archive, the statement said, first by finding all emails involving people with government email addresses, then searching for some people by name and for topics such as Libya.
All these are expected to be published. “You will see everything from the work of government, to emails with State and other administration colleagues, to LinkedIn invites, to talk about the weather – essentially what anyone would see in their own email account,” her office said.
In further defiant remarks on the emails that Clinton will not turn over, her office insisted that none contained material relevant to her work in four years leading Foggy Bottom.
“These were private, personal messages, including emails about her daughter’s wedding plans, her mother’s funeral services, and condolence notes, as well as emails on family vacations, yoga routines, and other items one would typically find in their own email account, such as offers from retailers, spam, etc,” it said.
But the Republican party, which accused Clinton of “putting our national security at risk for ‘convenience’” by operating the private email server, said there could be no independent verification that Clinton had preserved all messages related to her work.
“Because only Hillary Clinton controls her personal email account and admitted she deleted many of her emails, no one but Hillary Clinton knows if she handed over every relevant email,” Reince Priebus, the chairman of the Republican National Committee, said in a statement.
Clinton rejected suggestions that an independent monitor could review her email server to examine emails not turned over. “I believe that I have met all of my responsibilities and the server will remain private,” she said at the press conference.
Despite separately indicating all personal messages were erased, she said the server “contains personal communications from my husband and me”. Clinton’s spokesman did not respond to an email seeking clarification on what precisely had been erased.
Other critics pointed to remarks made by Clinton at an onstage interview last month, in which she said she used both an iPhone and a Blackberry. Discussing devices later in the conversation, Clinton said, “I don’t throw anything away, I’m like two steps short of a hoarder.” It was not clear when Clinton began using two devices.
The statement from Clinton’s office addressed other questions raised by the news of her email server – several relating to security and her interaction with foreign governments. The statement said her team’s review of Clinton’s email archive “revealed only one email with a foreign (UK) official”. It clarified that “during her time at State, she communicated with foreign officials in person, through correspondence, and by telephone”.
Clinton said during her press conference that she had never used the email account to send classified material. She insisted that the server had been secure by being placed on property protected by the secret service and claimed to know that the system had never been breached.
Mar 08, 2015 | The Guardian
captainjohnsmith 2015-03-07 18:06:55
Questions, questions. Doesn't the FBI, NSA, or some part of Homeland Security vet what government agencies are doing with their computer security? Wouldn't that have turned up Hillary's private scheme? And how could Obama not know about this, unless he never exchanged e-mail with Hillary, which seems unlikely.
kgb999again -> BeckyP
Hillary Clinton was not serving as a politician. She was serving as a high official in a non-elected office of the U.S. Government. She is required by law to maintain accessible records within the government of every meeting and communication she conducted - for both accountability and historic legacy reasons.
If she wanted to behave as a politician, she shouldn't have accepted the role of Secretary of State.
The basic question is still: why would she do such a thing? Why would she insist that all her email and that of her principal staff be handled by this private server?
And I guess I would also wonder how this could go undetected and unscrutinized for so long? Why would not anyone receiving email from the Clinton people wonder why they were getting email from an account that was non government in its address?
I also wonder why Kerry would not question the absence of Clinton's correspondence when he took office? Doesn't he, as the successor, have to establish a historical record? Wouldn't her communications be part of that process?
I recall when Obama won the nomination in 2008, he had a meeting with Clinton re her appt to sec of state. He was surprised when she turned up with a "contract" that listed items she needed him to agree to if she were to join his administration. Was this server business in that contract?
Why do I have these questions but reporters do not?
thegradycole -> macktan894
Why does anybody do it? Jeb Bush used a personal server while he was governor of Florida and then handed over 275,000 emails, of course just like Clinton he didn't release those that he determined were of a personal nature. Kerry is the first SOS to use the official .gov server.
The main focus of the controversy comes because she could have deleted any emails she wanted to. But I always thought that nothing could really be deleted. If they have the server don't they have everything?
This whole thing better be more than the usual it-looks-bad-but-we-can't-find-anything. It gets to the point where the appearance of impropriety becomes a conspiracy, they add "gate" to it and it has a life of its own. If there's something there let's see it. Scott Walker and Chris Christie have similar problems as their emails are part of criminal investigations.
Funny, we're back to paper as the only secure way to communicate anything (as in Roman Polanski's The Ghost).
BradBenson chiefwiley 8 Mar 2015 06:48
Well yes, in theory. In actual practice Freedom of Information Requests were always treated with disdain by the agencies. Since I left Government in 1999, it has gotten much worse.
You are absolutely correct that she should not be mixing official and private business or the servers, which carry them. All of her official correspondence should have been retained in a Government Server.
Despite the fact that digital record keeping continues to advance, the record keeping requirements go back to the early 50's and there is simply no reason that she should now be in possession of these records instead of either the State Department or the National Archives.
FloodZilla 8 Mar 2015 06:43
The fact that she has criminally violated at least a dozen US Federal laws has nothing to do with the fact that she is lower than pond scum.
God help us if she gets elected to POTUS!
Anne Vincent 8 Mar 2015 03:19
If she was too insecure to utilize the US Government's own computer system, then she is too insecure to reside in the White House or to work as a US Government official. She needs to "move on".
Her dishonesty and corruption already have been well documented for many decades, and she has proven that despite all her "image makeovers", she is the same untrustworthy person we always knew she was.
David Egan 7 Mar 2015 22:34
Mayer added that speculation that Clinton had created a "homebrew" internet system was "plainly inaccurate", at least when talking about the current configuration of the service.
Newsflash!!! Hillary had no business, legal or otherwise, to create her own network!!
This way she has total control over the e-mails that she wants to make public.... GET IT.....??
David Egan -> anthonylaino 7 Mar 2015 22:28
I agree!!! The elitist one percent have made billions and knowingly sent tens of thousands of people to their deaths, just for a buck (ok, well, lots of bucks) and to further their jack boot on the throat of the average citizen from any country...
Financial Bondage For Everyone!!!!
Zooni_Bubba 7 Mar 2015 20:58
Maybe Clinton had security and maybe she didn't. It is not her decision to create her own web accounts to avoid public scrutiny. This is exactly what is wrong with Washington. No accountability or transparency. When someone under investigation gets to decide what to supply, they not the authorities control the evidence.
Stephen_Sean 7 Mar 2015 20:25
Bottom line if official State Department business was being routed through a personal email system she needs to go down for it. I work a mundane middle class job as a data analyst and my employer would be furious and fire me instantly if I routed work related emails and attachments through my personal email so why should Hillary get off the hook?
Dems better start looking for an alternative. Hillary isn't the one you want answering the phone at 3am.
Trixr -> Miles Long 7 Mar 2015 19:54
From a technical point of view, saying it's a 'high security' system is cobblers. Anti malware is the LEAST you can do for email security in a corporate system. Having a domain registered in one location and traffic coming from another means absolutely nothing in these days of shared hosting and dynamically-provisioned server farms. No-one puts their personal details on a WHOIS these days. I don't, and I just have a dinky little personal domain.
The fact that the email traffic isn't encrypted makes this strictly amateur hour. The fact that the email isn't immediately controlled and discoverable by the govt is appalling enough. The fact it's apparently secured using small business standards just makes it worse.
And this 'expert' is an idiot, or not giving the full story.
John Hemphill -> imipak 7 Mar 2015 19:12
Just curious if know by chance, how did the State Department do in their last couple ot FISMA audits ?
Was there any footnotes or exceptions noted concerning use of a private email server ? If not, then we should get our money back from auditing contractor. If they didn't discover and report it as an exception, then they should be barred from federal contracting for gross incompetence or complicity in this deception.
ElmerFuddJr -> MakeBeerNotWar 7 Mar 2015 18:37
"Dick Cheney in a pantsuit" is gonna live forever, or at least as long as she remains in the public arena.!.
MakeBeerNotWar -> ElmerFuddJr 7 Mar 2015 18:48
- yes but one risks the label of misogynist by her many followers. Cheney is a true psychopath tho and Clinton could reach being one thus why the Dems who really care about our country need to find an alternate candidate so HRC will not be given the chance to start another idiotic fraud war that benefits Wall $t, I$rael and the MIC.
What a bunch of liberal spin by ABC. I've run mail servers for 20 years. Scanning for viruses etc is trivial and every email provider does it. Not having encryption (google smtps), which is easily determined if the mail server is still running, is a very bad sign.
macktan894 -> GuardianIsBiased127
Agree. Saying that her system scanned for viruses and was therefore "secure" is a laugh. My computer scans for viruses, too, as do most computers. We all know that does not equate with topnotch security. I also use an Apple. Still, the NSA or any other cyberterrorist can easily hijack my computer if that's the goal.
"internap" is not a good company by any measure -- my company has been a client for years.
If Clinton is using Internap right now, that should be the subject of ridicule, not praise.
Look, let's be clear. People lost their jobs when Hillary was in charge over there for doing the EXACT SAME THING.
Where's the email that has Hillary wanting these poor people being brought back to work. Hillary has in the past spoken of the danger of using a private domain.
This is once again the rules don't apply to Clintons. And I'm going to tell Ya all something: the investigators will be going to gmail, or yahoo, or whoever, and making 100% sure they get it all. I truly do not care for this woman. I find her to be a shifty giant egoed elitist. However, I'm not ready to yell guilty. Decency and fair play require that I see the pudding before I declare the truth. But, she damn well knew the rules, so why hide the emails? It won't be a mystery lover, that's for sure. She didn't want them seen, there's gotta be a reason for that.
The ruling elite plays by their own rules.
Kelly Kearns -> Miles Long
Actually, the rules were there before.
12 FAM 544.2 Automated Information System (AIS)
Processing and Transmission
November 4, 2005 above.
Kelly Kearns -> imipak
"12 FAM 544.3 Electronic Transmission Via the Internet
a. It is the Department's general policy that normal day-to-day operations be
conducted on an authorized AIS, which has the proper level of security control
to provide nonrepudiation, authentication and encryption, to ensure
confidentiality, integrity, and availability of the resident information. The
Department's authorized telework solution(s) are designed in a manner that
meet these requirements and are not considered end points outside of the
Department's management control. "
March 5, 2015 | alternet.org
A White House-backed bill would give the corporate elite control over how our data is used.Editor's note: The following is the latest in a new series of articles on AlterNet called Fear in America that launched this March. Read the introduction to the series.
The Internet and our digital media are quietly becoming a pervasive and manipulative interactive surveillance system. Leading U.S. online companies, while claiming to be strong supporters of an open and democratic Internet, are working behind the scenes to ensure that they have unlimited and unchecked power to "shadow" each of us online. They have allied with global advertisers to transform the Internet into a medium whose true ambition is to track, influence and sell, in anever-ending cycle, their products and political ideas. While Google, Facebook and other digital giants claim to strongly support a "democratic" Internet, their real goal is to use all the "screens"we use to empower a highly commercialized and corporatized digital media culture.
Last Thursday was widely viewed as a victory for "Internet Freedom" and a blow to a "corporatized" Internet as the Federal Communications Commission (FCC) endorsed a historic public utility framework for Network Neutrality (NN). It took the intervention of President Obama last year, who called for "the strongest possible rules to protect net neutrality," to dramatically transform the FCC's plans. Its chairman, Thomas Wheeler, a former cable and telecom lobbyist, had previously been ambivalent about endorsing strong utility-like regulations. But feeling the pressure, especially from the president, he became a "born again" NN champion, leading the agency to endorse "strong, sustainable rules to protect the Open Internet."
But the next day, the Obama White House took another approach to Internet Freedom, handing the leading online companies, including Google, Facebook, and their Fortune-type advertising clients, a major political victory. The administration released its long-awaited "Consumer Privacy Bill of Rights" legislation. The bill enables the most powerful corporations and their trade associations to greatly determine what American privacy rights will be. By giving further control over how data are gathered and used online, the administration basically ceded more clout to a corporate elite that will be able to effectively decide how the Internet and digital applications operate, today and in the near future.
How do privacy rules impact the openness of the Internet, and the ability to promote and sustain progressive and alternative perspectives? While much of the public debate on pervasive data mining has focused on the role of the NSA and other intelligence agencies that were exposed by Edward Snowden, there has not been as much discussion on the impact of the commercial data system that is at the core of the Internet today. Google, Facebook, and others use our data as the basis of an ever-expanding global system of commercial surveillance. This information is gathered from our mobile devices, PCs, apps, social networks, and increasingly even TVs—and stored in digital profiles. These far-reaching dossiers—which can be accessed and updated in milliseconds—can include information on our race/ethnicity, financial status, health concerns, location, online behavior, what our children do, whom we communicate with on social media, and much more.
The major online companies are continually expanding their commercial data gathering practices. They now merge and use our online and offline data (what we do online and information collected from store loyalty cards, etc.); track us across all the devices we use (PCs, mobile, etc.); and amass even more data about us supplied by a vast network of data broker alliances and partnerships (such asFacebook with its myriad of data partners, including Acxiom and Epsilon). A U.S. digital data industry "arms race," with companies vying to own the most complete set of records on every consumer, has also led to a wave of mergers and acquisitions, where companies that have already compiled huge datasets on Americans (and global consumers) being swallowed up by even larger ones.
Leading corporations are investing vast sums to harvest and, in their own words, make "actionable" information we now generate nearly 24/7. So-called "Big Data" technologies enable companies to quickly analyze and take advantage of all this information, including understanding how each of us uses online media and mobile phones. A score of "Math Men and Women"-led advertising-technology companies have pioneered the use of super fast computers that track where we are online and, in milliseconds, crunch through lots of our data to decide whether to target us with advertising and marketing (regardless of whether we use a PC or mobile device and, increasingly, using our geolocation information).
These machines are used to "auction" us off individually to the highest bidder, so we can be instantly delivered some form of marketing (or even political) message. Increasingly, the largest brands and ad agencies are using all this data and new tactics to sell us junk food, insurance, cars, and political candidates. For example, these anonymous machines can determine whether to offer us a high-interest pay day loan or a lower interest credit card; or an ad from one political group versus another.
But it's not just the ability to harvest data that's the source of increased corporate clout on the Internet. Our profiles are tied to a system of micro-persuasion, the 21st century updating of traditional "Madison Avenue" advertising tactics that relied on "subliminal" and cultural influence. Today, online ads are constructed by connecting our information to a highly sophisticated digital marketing apparatus. At places like Google's BrandLab, AT&T's Adworks Lab, or through research efforts such as Facebook IQ, leading companies help their well-heeled clients take advantage of the latest insights from neuromarketing (to deliberately influence our emotions and subconscious), social media monitoring, new forms of corporate product placement, and the most effective ways to use all of our digital platforms.
The online marketing industry is helping determine the dimensions of our digital world. Much of the Internet and our mobile communications are being purposely developed as a highly commercialized marketplace, where the revenues that help fund content go to a select, and largely ad-supported, few. With Google, Facebook, major advertisers and agencies all working closely together throughout the world to further commercialize our relationship to digital media, and given their ownership over the leading search engines, social networks, online video channels, and how "monetization" of content operates, these forces pose a serious obstacle to a more democratic and diverse online environment.
One of the few barriers standing in the way of their digital dominance is the growing public concern about our commercial privacy. U.S. companies have largely bitterly opposed proposed privacy legislation—in the U.S. and also in the European Union (where data protection, as it is called, is considered a fundamental right). Effective regulations for privacy in the U.S. would restore our control of the information that has been collected about us, versus the system now in place that, for the most part, enables companies to freely use it. But under the proposed Obama plan, Google, Facebook and other data-gathering companies would be allowed to determine the rules. Through a scheme the White House calls a "multi-stakeholder" process, industry-dominated meetings—with consumer and privacy groups vastly outnumbered and out-resourced—would develop so-called self-regulatory "codes of conduct" to govern how the U.S. treats data collection and privacy. Codes would be developed to address, for example, how companies can track and use our location information; how they compile dossiers about us based on what we do at the local grocery store and read online; how health data can be collected and used from devices like Fitbit; and more. This process is designed to protect the bottom line of the data companies, which the Obama White House views as important to the economy and job growth. (Stealing other people's data, in other words, is one of America's most successful industries). Like similar self-regulatory efforts, stakeholder codes are really designed to sanction existing business practices and enable companies to continue to accumulate and use vast data assets unencumbered. The administration claims that such a stakeholder process can operate more effectively than legislation, operating quickly in "Internet time." Dominated by industry as they are, stakeholder bodies are incapable of doing anything that would adversely impact their own future—which currently depends on the ability to gather and use all our data.
The administration's bill also strips away the power of the Federal Trade Commission (FTC), which now acts as the leading federal watchdog on privacy. Instead of empowering the FTC to develop national rules that enable individuals to make their own privacy decisions, the bill forces the agency to quickly review (in as little as 90 days) the proposed stakeholder codes—with little effective power to reject them. Companies become largely immune to FTC oversight and enforcement when they agree to abide by the self-regulatory policies their lobbyists basically wrote. In a rare rebuke to the administration, the FTC, leading Congressional Democrats, and the majority of consumer and privacy organizations rejected the White House's privacy plan. But the administration does not appear to be willing, for now, to change its support for the data companies; and as we know, Silicon Valley and their business allies have strong support in Congress that will prevent any privacy law from passing for now.
To see how the online lobby has different views on Internet Freedom, compare, for example the statements of the "Internet Association"—the lobbying trade organization that represents Google, Facebook, Amazon and dozens of other major online data-gathering companies—on last week's two developments. It praised the FCC NN decision for creating "strong, enforceable net neutrality rules … banning paid prioritization, blocking, and discrimination online." But the group rejected the Administration's privacy proposal, as weak as it was, explaining that "today's wide-ranging legislative proposal outlined by the Commerce Department casts a needlessly imprecise net." At stake, as the Internet Association knows, is the ability of its members to expand their businesses throughout the world unencumbered. For example, high on the agenda for the Internet Association members are new U.S. brokered global trade deals, such as the Transatlantic Trade and Investment Partnership, which will free our digital giants from having to worry about strong privacy laws abroad.
While the NN battle correctly viewed Comcast, Verizon, and other cable and phone giants as major opponents to a more democratic digital media environment, many of the online companies were seen as supporters and allies. But an "open" network free from control of our cable/telco monopolies is just one essential part for a more diverse and public interest-minded online system. Freedom must also prevent powerful interests from determining the very structure of communications in the digital age. Those companies that can collect and most effectively use our information are also gatekeepers and shapers of our Internet Future.
The NN victory is only one key step for a public-interest agenda for digital media. We also must place limits on today's digital media conglomerates, especially their ability to use all our data. The U.S is one of the only "developed" countries that still doesn't have a national law protecting our privacy. For those concerned about the environment, we must also address how U.S. companies are using the Internet to encourage the global public to engage in a never-ending consumption spree that has consequences for sustainability and a more equitable future.
There is ultimately an alignment of interests between the so-called "old" media of cable and the telephone industry with the "new" online media. They share similar values when it comes to ensuring the media they control brings eyeballs and our bank accounts to serve them and their advertising clients. While progressive and public interest voices today find the Internet accessible for organizing and promoting alternative views, to keep it so will require much more work.Jeffrey Chester is executive director of the Center for Digital Democracy ( www.democraticmedia.org).
March 3, 2015 | delawareonline.com
Hillary Clinton may not have a serious opponent for the Democratic nomination – except herself.
The Clintons' unfortunate tendency to be their own worst enemy is on display, again, with reports that, as secretary of state, Hillary Clinton conducted official business solely from a personal email account.
This is a problem – and not only because it presents a particularly unflattering contrast with the move by former Florida Gov. Jeb Bush to release a flood of official emails. It illustrates Clinton's reflexive impulse to secrecy over transparency, a tendency no doubt bolstered by the bruising experience of her White House years, yet one that she would be well advised to resist rather than indulge.
Indeed, Clinton herself was once worked up about this very issue. "We know about the secret wiretaps, the secret military tribunals, the secret White House email accounts," she said back then.
So what to make of the revelation that Clinton avoided official email entirely while at State? This had to be a deliberate decision. After all, the issue of the Bush emails was still in the news.
And, as The Washington Post's Philip Bump reports, the email domain clintonemail.com that she appears to have been using was created on Jan. 13, 2009, the very day Clinton's confirmation hearings began.
To back up: The Federal Records Act requires agencies to maintain records of official business, including emails. The National Archives, which oversees such collection, had this to say in 2013 about the use of personal email accounts:
"While agency employees should not generally use personal email accounts to conduct official agency business, there may be times when agencies authorize the use of personal email accounts, such as in emergency situations when federal accounts are not accessible or when an employee is initially contacted through a personal account. In these situations, agency employees must ensure that all federal records sent or received on personal email systems are captured and managed in accordance with agency recordkeeping practices."
So far, the explanation from Clintonworld about the failure to comply with this basic rule of modern archiving has been inadequate and unpersuasive.
Clinton spokesman Nick Merrill "declined to detail why she had chosen to conduct State Department business from her personal account," reported The New York Times, which broke the story.
This has the distinct odor of hogwash. First, the basic rule that government business is to be transacted from government accounts doesn't have a well-we'll-capture-it-anyway exception.
Second, the government records to be retained aren't only intra-agency communications. If Clinton is emailing with world leaders or others about official business, the entire point of the Federal Records Act is to ensure that those communications are captured for history.
This should have been clear. Certainly, the intersection of email and federal records law has been evolving. Former Secretary of State Colin Powell writes about his effort to use "the then-newfangled email system" to communicate with counterparts overseas. His successor, Condoleezza Rice, rarely used email to transact business but employed her government address when she did.
What is the legitimate reason for conducting official business on a personal back-channel? Why, if not for purposes of secrecy, would Clinton choose to operate that way?
That Clinton has recently turned over 55,000 pages of email records in response to an overdue burst of documentary housekeeping by State does not excuse her lack of compliance while in office.
That her proto-campaign describes her activities as complying with "both the letter and spirit" of the rules would be jaw-dropping, if it weren't so sadly familiar.
Ruth Marcus' email address is firstname.lastname@example.org.We may need a new metaphor to describe the situation Clinton faces now.
Is Hillary Clinton's challenge that she's been set up for failure, or for success?
- Hillary Clinton, too cautious for her own good Her secretive ways with official e-mail repeats the same mistake she has made for nearly a quarter-century. Dana Milbank | Opinions | Mar 6, 2015
- What Democrats are missing about Hillary Clinton The Hillary Clinton e-mail scandal is not just about rule-breaking. Jennifer Rubin | Opinions | Mar 6, 2015
- The 'Texts from Hillary' meme isn't so funny anymore. An image that evoked Clinton as a boss has taken on new meaning following her e-mail controversy. Hunter Schwarz | Politics | Mar 6, 2015
- House committee subpoenas Clinton emails in Benghazi probe. A House committee investigating the Benghazi, Libya, attacks issued subpoenas Wednesday for the emails of Hillary Rodham Clinton, who used a private account exclusively for official business when she was secretary of state - and also used a computer email server now traced back to her family's New York home. Associated Press | Technology | Mar 5, 2015
- House committee subpoenas Clinton emails in Benghazi probe. A House committee investigating the Benghazi, Libya, attacks issued subpoenas Wednesday for the emails of Hillary Rodham Clinton, who used a private account exclusively for official business when she was secretary of state - and also used a computer email server now traced back to her family's New York home. Associated Press | Technology | Mar 4, 2015
- White House says Clinton did not heed e-mail policy. Hillary Clinton's official e-mail habits once again draw attention to her penchant for secrecy - a trait that has created political problems since her years as first lady.
Mar 06, 2015 | The Guardian
Hillary Clinton has been on the defensive this week over the revelation that she exclusively used a private email account while serving as secretary of state. The presumptive 2016 presidential candidate has tried to douse the flames, but key questions about the controversy remain unaddressed.
Where are the missing emails?
Two months ago, a team of Clinton people combed through a vast stack of her emails – from the period covering 2009 to 2013, when she served as America's top diplomat. Having reviewed the emails, they handed over 55,000 pages to the State Department.
... ... ..
That begs the question: how many pages did she not hand over? More importantly, what did they contain?
... ... ...
But we still don't know who those advisers were, and whether they had any training in the art of preserving official records.
So: who vetted the Clinton emails? Why should they be trusted to preserve something as precious to the nation as its historic records?
... ... ...
Why was email vetting even permitted?
The question of who vetted Clinton's emails before their transfer to the State Department raises another question: why was this allowed in the first place?
Since 2009, US government rules have been very clear on this subject. The National Archives and Records Administration stated categorically in that year – the first of Clinton's term as secretary – that "agencies that allow employees to send and receive official electronic mail messages using a system not operated by the agency must ensure that Federal records sent or received on such systems are preserved in the appropriate agency recordkeeping system."
Alas: why did senior State Department officials allow Clinton to override clear official rules? What role did Clinton herself play in circumventing the regulations?
Was the secret server secure?We now know that Team Clinton set up its own domain name, ClintonEmail.com, shortly before Hillary Clinton took up the job as secretary of state. It was linked to a "homebrew" server at her home in Chappaqua, New York.
Given that Clinton was dealing with highly sensitive diplomatic issues, and that President Obama has declared cybersecurity a top priority for the nation, one might have expected additional protection.
But simple tests conducted by experts suggest that the server's security shield was not particularly sophisticated – though neither was that of the State Department.
What was done to protect Clinton's private server from hacking attacks? Were any vulnerable loopholes cut off? Were state secrets at risk?
Republicans accuse Clinton of 'scheme to conceal' emails from public viewState Department officials do not expect 50,000 pages of email to be released for several months, as Clinton – a lone tweet aside – chooses to stay silent
Why did she do it?
Perhaps the most intriguing question that still hangs in the air – and one that the public may never have satisfactorily answered, much to the chagrin of Benghaziphiles – is the simplest: why would Hillary Clinton decide, in effect, to privatise her own official emails? Was it an innocent move made for the sake of convenience – one which Clinton supporters have emphasised was made by her predecessors and by leading Republican politicians?
Or: were the private emails a conscious manoeuvre? As watchdogs at the Sunlight Foundation put it: "There is shock at what Secretary Clinton did because the most likely explanation of her intent seems clear – she created a system designed to avoid accountability, potentially in violation of the law."
Hillary Clinton behaves very strangely on the background of Obama's statements about cybersecurity. We are used our authorities and special services are watching us through internet. FBI and other may read our e-mails, look through our accounts in social networks.
Actions of Hillary are too unpatriotic against the background of her applications for participation in presidential elections 2016. It is already known fact she was sponsored by foreign residents. It is crime.
Anyway she has something to conceal. I don't want Hillary to become our president. I know believe her as well as Obama. They have too many skeletons in the closet.
"Perhaps the most intriguing question that still hangs in the air" - "why would Hillary Clinton decide, in effect, to privatise her own official emails?"
That's also the easiest question to answer. And my five year old nephew figured it out: so people won't find out what was in the emails.
Theodore Svedberg -> osprey1957
It is not just the right that is alarmed over Hillary's actions but also many progressive Democrats. This is definitely not a manufactured scandal created by the Republicans but one created by Hillary herself. It reflects on her character and her belief she is above the rules that the rest of us must obey.
These are the basic questions I have. Should all elected and appointed govt officials have the right to privatize govt business, in effect removing it from the sunlight that democracy requires? I really don't understand why she would do something like this, why she thought conducting business using secure govt servers would be such a bad idea. Nor do I get how she got away with making govt records her personal property.
Additionally, wouldn't John Kerry have needed to review the communications of his predecessor? Typically when one starts a new job,reviewing the files of one's predecessor is the way you get up to speed.
Is anyone able to ask her these questions?
GrammaW -> macktan894
How soon we forget...bush (aka Karl Rove) used a private account for gov bus, and somehow 100s were 'lost'. Have they been found and turned over yet?
AistheWay -> macktan894
I agree with you about the gov't privatizing what should be public and transparent dealings. This issue is a major concern that requires immediate legislation. For example the outsourcing of prison "care". I have spoken to ex-inmates who have served time in these private correctional facilities and to my disgust found out that they (private prison company) basically denied inmates, of most if not all, of the rights mandated by federal/state statutes regarding prisoner treatment.
Under the guise of budget savings and tax cuts our politicians are once again attacking citizen's rights.
macktan894 -> AistheWay
Don't get me started on the criminal justice system. I'll just say here that what's going on in Ferguson is happening all over the country, mainly to poor people no matter the race. And it is disgusting. I suggest emergency donations to the ACLU since the govt clearly has no inclination to correct this injustice.
This is not analysis -- this is muck raking.
Was the secret server secure?
I'd say it was a far sight more secure than a government server. Frankly, I would not trust a government server. The more we know about cyber intrusions, the more I would argue government emails are at risk.
Besides -- the first thing Hillary detractors would do is look for quotes they could take out of context.
Besides -- given Snowden's revelations -- if we were tapping Merkel's phone, NSA probably has all of Hillary's emails. They may not want to divulge that fact but I will bet dollars to doughnuts that her emails are under government wraps right now.
terrible analysis -- is Guardian slipping? I don't see the Guardian in the same high regard as I did, say 12 month ago. Who left?
macktan894 -> SteveLight
It's not her decision to make. She may have some political fears about her job, but if her fears were that great, then she shouldn't have taken the job. She cannot privatize sensitive govt records. They aren't her property. If she's that fearful, she should just stay retired and not work for an open govt such as ours.
MaxBoson -> SteveLight
The muckrakers—the most famous of whom was Sinclair Lewis—were early twentieth-century American journalists who exposed corrupt politicians and robber-baron industrialists.
So If you want to call Ed Pilkington a muckracker, go ahead, it's a compliment I'm sure he will appreciate, even if he hasn't raked in any mud yet— the New York Times did that when it published the e-mail revelations. What the author has done is pose some very interesting questions, which, by your choice of the word "muckraking," you seem to think pose a danger to Hillary Clinton. I think they do, too.
Incredibly lazy reporting.
The server is not in Chappaqua. It is a service provided by Optimum, which offers both website and e-mail hosting. And, you can use any e-mail domain you like. http://www.ip-tracker.org/locator/ip-lookup.php?ip=184.108.40.206
Climb off the Edward Snowden Gravy Train, Guardian. Get back to doing real reporting.
macktan894 -> Corinne Marasco
Well, that's even worse. A Secretary of State shopping for a website and email hosting service to manage the govt.'s official records. Was this company certified by the govt as secure to handle the govt.'s sensitive official records?
chiefwiley -> macktan894
If people got personal, political, State Department, and Clinton charitable e-mails all from a single non-government account, that would deliver an interesting hidden message, too. It's all intermingled and interconnected with the Clintons.
Elton Johnson -> Corinne Marasco
"The server is not in Chappaqua."
I didn't realize they searched her home to determine this. Do you have a link to the story where they did?
Now it makes sense why Hillary continued to receive all those foreign contributions during her time as Secretary of State. She could make deals via e-mail and then destroy the evidence and nobody would know.
And her homebrew e-mail server was guarded by Secret Service agents using taxpayer dollars.
This story has larger implications other than severely harming her 2016 prospects. A home server is much more vulnerable to security attacks compared to one run by professionals with experience. As Sec. of State her emails would contain sensitive information. Her behavior places the U.S. at risk. Not a bright move on her part, but then again she failed the D.C. Bar exam so I guess it's not unexpected.
Those emails are not hers. They belong to all of us. Stop apologizing for her.
You couldn't be involved in this many blunders and scandals unless you were trying.
Regardless of how smart HRC may be, she is a magnet for scandals and blunders. If you are always having to explain why what you didn't isn't technically wrong, you're doing the wrong things. Stop expecting to get a pass every time, HRC.
en again she failed the D.C. Bar exam so I guess it's not unexpected.
Elton Johnson MillbrookNY
Her "intelligence" is a myth. She wants to be President yet she can't even come out and speak to the people on this matter?
She can't even manage her own mess, how can she be entrusted to manage the country?
JJHLH1 Elton Johnson
Hillary isn't very bright. Just look at all the gaffes she makes like saying they left the White House "dead broke".
She failed the D.C. Bar exam in 1973. Over 2/3 pass it. That's why she ended up in Arkansas.
I'll bet that Obama & Kerry where recipients of email from her account. Of course there is a cover story and cover up. Here it is in Black and White. (It is a felony)
Title 18 §641. Public money, property or records
Whoever embezzles, steals, purloins, or knowingly converts to his use or the use of another, or without authority, sells, conveys or disposes of any record, voucher, money, or thing of value of the United States or of any department or agency thereof, or any property made or being made under contract for the United States or any department or agency thereof; or
Whoever receives, conceals, or retains the same with intent to convert it to his use or gain, knowing it to have been embezzled, stolen, purloined or converted—
Shall be fined under this title or imprisoned not more than ten years, or both; but if the value of such property in the aggregate, combining amounts from all the counts for which the defendant is convicted in a single case, does not exceed the sum of $1,000, he shall be fined under this title or imprisoned not more than one year, or both.
The word "value" means face, par, or market value, or cost price, either wholesale or retail, whichever is greater.
(June 25, 1948, ch. 645, 62 Stat. 725; Pub. L. 103–322, title XXXIII, §330016(1)(H), (L), Sept. 13, 1994, 108 Stat. 2147; Pub. L. 104–294, title VI, §606(a), Oct. 11, 1996, 110 Stat. 3511; Pub. L. 108–275, §4, July 15, 2004, 118 Stat. 833.)
Homeland security? Start by looking inside Government where a the real criminals hide.
The biggest threat to our Republic is the very people who swore to serve it.
NSubramanian 12h ago
"Why was email vetting even permitted?"
Yes. In the context of Obama's desire for Net security, this is a crucial question and it deserves an honest reply.
However, where Hillary Clinton goes, the question seems to follow: "Was the vetting permitted? "Was the vetter authorised to vet?", destined never to be answered.
During her 2008 campaign for nomination, Hillary Clinton claimed greater fitness to be Commander-in-Chief of the US Armed Forces because as the First Lady, she had fielded those dreaded 3 ' O Clock calls on the Red Phone which always meant nothing but trouble, apparently to vet them for seriousness before passing on the call to the President.
Neither Hillary nor her team chose to answer the logical question which an incredulous America asked "Who had authorised the First Lady to answer calls which came on the Red Phone?"
Husband Bill chose wisely to stay out of it.
She and her minions are obviously trying to hide how easy it was for she and her sisters (Rice, Power and Albright) to lie their way to an unprovoked war against Libya simply by baiting really dumb men always eager to have their military go destroy stuff and kill people. That war was initiated with nothing but a UN resolution specifying only an intent "to protect innocent life" from something that "might" happen, but was in fact intended from the very beginning to effect violent "regime change" by US military force (along with the usual British and French co-conspirators) under a phony "NATO" cover.
These women were able to circumvent the US Constitution and the US Congress based on an "emergency human rights" excuse that was entirely bogus. They did it solely to get a free ride on the naïve "Arab Spring" bandwagon and give Ms Clinton a "foreign policy accomplishment" for her planned 2016 presidential campaign. The only way to get the resolution passed by the UN Security Council - solely to establish a "humanitarian no-fly-zone" - was for those women and their minions to boldly lie to the American people, to the UN Security Council, to the Russians and to the Chinese, and then misuse the American people's military for their own self-serving domestic political agenda.
As soon as the resolution was passed, France and the UK, along with the US, went on the direct attack against Libyan forces trying to maintain some semblance of order in their own country, and killed far more people than those Libyan forces "might" have. It was indeed "clever" to attack a country only AFTER it had given up its weapons of mass destruction and was essentially defenseless against the far superior forces of "NATO" – which sent a powerful message to both Iran and North Korea about what happens AFTER you give up your nukes, what happens AFTER you play by all the rules demanded by the Americans.
And a whole range of "macho" men, even eager to send their military forth to destroy stuff and kill any suspicious people in sight, stupidly took the bait and joined the bandwagon like the predictable fools they are. All the "Four Sisters" had to do was toss some red meat over the kennel fence. And just behold the death and destruction they wrought with their bombs and the totally lawless playground for fanatical crazies they created right at Europe's underbelly. With zero adult consideration to "what comes next", it was all entirely predictable, thoroughly shameful, and completely self-defeating emotional nonsense by people trying to operate far beyond their competence levels.
How can a guy like Vladimir Putin witness the ignominious death of Gadhafi in a sewer pipe and NOT wonder if he and his own country are next? How can he not consider that it was a "defensive" anachronism still called "NATO" that relentlessly attacked another sovereign country for eight months – the same "NATO" ever eager to push its arrogantly offensive nose right up to the Kremlin gate? Why would he sit and wait for it to come, especially after being so shamefully lied to by those American women? The main thing that a single super-power status does for the women who own it is obviate the need for them to think.
There probably won't be a lot of people interested in pouring over THOSE embarrassing e-mails. Far too much potential for EVERYONE to get egg all over their own faces, the same people who for generations have reveled in righteous indignation over the unprovoked bombing of Pearl Harbor. It all makes me ashamed to be a professional American soldier.
Theodore Svedberg AmericanGrunt
Very good set of reasons why Hillary should never be President.
In 2007 as a Senator she thought differently - Hillary Clinton Bashes Bush Officials for Secret Email Accounts
Maybe she's also been secretly trying to start another war for arms profiteering, oil grabbing and Empire like the Bush Officials did...
Or maybe shes just a hypocrite
Your right, she is a hypocrite… but at least she's not responsible for a few hundred thousand dead humans and 5 million refugees not to mention the countless maimed and many tortured like the Bush Officials. Yet.
On Monday night, the New York Times dropped a bomb: As secretary of state, Hillary Clinton didn't use her government email address. She didn't even have one. Her entire correspondence—from notes to staff to talks with diplomats—was done by private email. "Her aides," notes the Times, "took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act."
According to one former official for the National Archives, Jason Baron, this was an extraordinary act of rule breaking.
"It is very difficult to conceive of a scenario—short of nuclear winter—where an agency would be justified in allowing its Cabinet-level head officer to solely use a private email communications channel for the conduct of government business," he said.
It didn't take much to see the danger. Transparency aside, if Clinton was working with an unencrypted email address, she may have put a whole host of official communications at risk of foreign surveillance. And politically, it seems to stand as one more example of Clinton's secrecy and furtiveness. It's why, at the Washington Post, Chris Cillizza declared, "This is a bad story for her and her presidential campaign because it reinforces many things people already don't like about the Clintons."
... ... ...
In the Wall Street Journal, we learn the answer is in Clinton's favor. When she began as secretary of state in 2009, email wasn't a part of federal recordkeeping rules. Later that year, this changed when the National Archives and Records Administration issued regulations "allowing employees to do official business on nonofficial email accounts," as long as they preserved records in "the appropriate agency recordkeeping system."
The next round of guidance came in September 2013, well after Clinton had left the State Department. In those rules, writes the Journal, the National Archives "said federal employees generally shouldn't use personal email accounts to conduct official business, except in limited situations, such as during emergencies when an official may not be able to access an official account." And to that point, Secretary of State John Kerry, confirmed that year, is the first secretary to conduct all of his work over official email.
... ... ...
Look at this story again. Clinton didn't just use a private email account because it was convenient, she specifically registered a new email domain—clintonemail.com—a week before her confirmation hearings. Rules or not, odds are good she wanted to avoid as much transparency as possible, hence her slow move to comply with guidance from five years ago. As one conservative analyst said on Twitter (in somewhat uncharitable terms), "[Clinton] simply valued total and complete control over her image and information with such paranoid fervor that the law was [a] secondary issue."
cranky old man
I'm in the National Guard, and there are certain emails I would only send using an official email account. Anything dealing with classified information, troop movements, security, or soldiers' personal information, for instance. And I am only a platoon sergeant.
Aug 05, 2013 | ForbesThe BYOD trend (bring your own device): There’s no use debating it. It’s here to stay. And it’ll get worse before it gets better.
You need to stop fighting it. Here’s why.
BYOD has plagued IT departments since the 1970s. Annoyance at the dawn of BYOD seems quaint when you consider the problems it causes today.
BYOD makes IT’s work more difficult, creates security and privacy liabilities and potentially causes a wide range of problems and risks for IT systems management—in fact, for the company as a whole.
Advice for fixing or preventing these BYOD problems is beyond the scope of this post. But I will say this: Doing nothing about BYOD is crazy talk.
Get Used To It
The reason BYOD is here to stay is psychological. It’s less about technology and more about culture—or even anthropology. It’s about a belief of what is “me” and what is “not me.”
[See also: BYOD: It's A Question Of Lust (And Trust)]
In the old days, the kinds of devices that could be connected inside the firewall were tools or office equipment.
Today, smartphones—and to a lesser extent, tablets and other devices—aren’t categorizable as tools, but instead are part of the employee.
When you hire an employee, you’re nowadays hiring an augmented human. There are things required for work that the employee pays for, and that enhance that employee’s mind and body. They are associated with that employee’s personal self-identity.... ... ...
For many employees, smartphones are part of their brains, and also part of their identities. Even the simple act of scanning these devices for viruses feels to some employees like an outrageous violation of privacy. That will not change in our lifetimes.
What will change is that even more personal and more problematic BYOD gadgets will be flooding into the office, and soon.
... ... ...
It’s also important to remember that, even as technology advances, the biggest threat remains the lowest-tech threats, such as USB thumb drives and, most of all, employees themselves.
The strongest policy and the strongest password is useless if an employee is socially engineered into giving it away.
The Bottom Line
At the highest level, there are three important things to know about BYOD.
- It’s here to stay and will grow.
- The potential risks are real, so require mitigation.
- It can’t be ignored or wished away.
03.05.2013 | Website Magazine
There is a great deal of talk about Bring Your Own Device (BYOD) and a lot of statistics suggesting that it is a huge phenomenon taking place across the corporate world. Redshift Research, in a report it delivered for Cisco, tells us that “95 percent of organizations allow employee-owned devices in some way, shape or form in the workplace” with 84 percent of these saying that they provide support for these devices.
However, most instances of BYOD currently relate to people’s use of their own smartphones to connect to the Internet or email to access company documents. Five years ago people simply had two mobile phones – one personal and one issued by work. Today, these two devices have merged into one.
However, remote access to office files using personal devices is not really the issue. What has really got IT decision-makers excited is their increasing difficulty to be able to track company data and understand what is happening to it outside of the enterprise environment.
BYOD is not the problem, cloud storage is. It is now very simple for employees to store documents, for free, using any number of file storage providers such as Dropbox or Google drive. There is also an increasing number of applications that can be downloaded that help with office work. Where data is stored and how securely within these applications is often a mystery. In either case, once out of the enterprise IT environment it becomes impossible for CIOs to know where company data is or who has access to it.
However, it is not just technology, but rather the changing relationship we are having with it as a society that is the real driver of change. For the first time, IT decision-makers are no longer in charge of how IT is used in organizations.
Very quickly, we have all got used to being able to easily choose from a limitless supply of applications in our personal lives, all at little or no cost. This is the antithesis to the corporate environment, which has deployed software and services in a top-down and inflexible manner, giving employees little or no choice. This new and growing consumer-based culture allows for IT services to grow organically to meet the ever-changing demands of the enterprise. So on one level this is all very good news. However, the result is that those entrusted with responsibility for IT have a growing lack of control over data and how it is used.
The fact is, IT departments are never going to be able to compete with the simplicity and ease-of-use that comes from having an instantly downloadable application. This needs to be accepted by enterprise organizations at the earliest possible opportunity as it is only in doing so that they will be able to change their own worldview and work with the new consumer-led culture of IT deployment that is growing at an ever-increasing pace.
I expect to see an explosion in enterprise-grade applications in the next 18 months as the market recognizes the growth in demand from enterprise organizations and IT decision-makers recognize that they need to give their staff a choice of technology within controlled environments.
We could well see, for example, enterprises partnering with third-party app stores that only allow applications that keep data in a recognized and controlled environment. Employees will benefit from having access to a shopping cart of applications to choose from and IT departments will know that they have tight service level agreements with providers detailing required security and data locations. Developers will have clear instructions as to what data security and other hoops that they need to jump through to have access to the market created by the third-party app provider. This is just one possible outcome of many in what is a rapidly changing and volatile market.
Such paradigm shifts will not be an easy process for many organizations. Staff will still complain that the tools they really want to use sit outside any secure environment and will be tempted to use them. The trick will be to have both sticks and carrots - firm and enforceable data control policies and a never-ending search for the best range of applications to meet changing demands.
Cloud computing has been spoken of as the most revolutionary thing to happen in IT for a generation. However, this is only true for the IT department. The most visible revolution is just around the corner as employees take full control of how they use technology to meet their daily needs in work. BYOD smartphones are just the tip of the iceberg.
About the Author: Simon Bain is the founder and CTO of Simplexo Ltd's software solutions
Dec 02, 2011 | Jesse's Café Américain
Anyone who has ever worked in a large corporation has seen the empty suits that seem to inexplicably rise to positions of power. They talk a great game, possessing extraordinary verbal acuity, and often with an amazing ability to rise quickly without significant accomplishments to positions of great ards rises above the general level of narcissism and sycophancy that often plagues large organizations, especially those with an established franchise where performance is not as much of an issue as collecting their rents.
And anyone who has been on the inside of the national political process knows this is certainly nothing exclusive to the corporate world.
Here is a paper recently published in the Journal of Business Ethics that hypothesizes along these lines. It is only a preliminary paper, lacking in full scholarship and a cycle of peer review.
But it raises a very important subject. Organizational theories such as the efficient markets hypothesis that assume rational behavior on the part of market participants tends to fall apart in the presence of the irrational and selfish short term focus of a significant minority of people who seek power, much less the top one percent of the psychologically ruthless.
Indeed, not only was previously unheard of behavior allowed, it became quite fashionable and desired in certain sections of American management where ruthless pursuit of profits at any cost was highly prized and rewarded. And if caught, well, only the little people must pay for their transgressions. The glass ceiling becomes a floor above which the ordinary rules do not apply.
If you wish to determine the character of a generation or a people, look to their heroes, leaders, and role models.
This is nothing new, but a lesson from history that has been unlearned. The entire system of checks and balances, of rule of law, of transparency in government, of accountability and personal honor, is based on the premise that one cannot always count on people to be naturally good and self-effacing. And further, that at times it seems that a relatively small group of corrupt people can rise to power, and harm the very fabric of a society.‘When bad men combine, the good must associate; else they will fall one by one, an unpitied sacrifice in a contemptible struggle.’These things tend to go in cycles. It will be interesting to see how this line of analysis progresses. I am sure we all have a few candidates we would like to submit for testing. No one is perfect or even perfectly average. But systems that assume as much are more dangerous than standing armies, since like finds like, and dishonesty and fraud can become epidemic in an organization and a corporate culture, finally undermining the very law and principle of stewardship itself.
'And remember, where you have a concentration of power in a few hands, all too frequently men with the mentality of gangsters get control. History has proven that.'
Lord Acton'Our government...teaches the whole people by its example. If the government becomes the lawbreaker, it breeds contempt for law; it invites every man to become a law unto himself; it invites anarchy.'MF Global, and the reaction to it thus far, is one of the better examples of shocking behaviour that lately seems to be tolerated, ignored, and all too often met with weak excuses and lame promises to do better next time, while continuing on as before.
Louis D. Brandeis"These corporate collapses have gathered pace in recent years, especially in the western world, and have culminated in the Global Financial Crisis that we are now in.
In watching these events unfold it often appears that the senior directors involved walk away with a clean conscience and huge amounts of money. Further, they seem to be unaffected by the corporate collapses they have created. They present themselves as glibly unbothered by the chaos around them, unconcerned about those who have lost their jobs, savings, and investments, and as lacking any regrets about what they have done.
They cheerfully lie about their involvement in events are very persuasive in blaming others for what has happened and have no doubts about their own continued worth and value. They are happy to walk away from the economic disaster that they have managed to bring about, with huge payoffs and with new roles advising governments how to prevent such economic disasters.
Many of these people display several of the characteristics of psychopaths and some of them are undoubtedly true psychopaths. Psychopaths are the 1% of people who have no conscience or empathy and who do not care for anyone other than themselves.
Some psychopaths are violent and end up in jail, others forge careers in corporations. The latter group who forge successful corporate careers is called Corporate Psychopaths...
Psychologists have argued that Corporate Psychopaths within organizations may be singled out for rapid promotion because of their polish, charm, and cool decisiveness. Expert commentators on the rise of Corporate Psychopaths within modern corporations have also hypothesized that they are more likely to be found at the top of current organisations than at the bottom.
Further, that if this is the case, then this phenomenon will have dire consequences for the organisations concerned and for the societies in which those organisations are based. Since this prediction of dire consequences was made the Global Financial Crisis has come about.
Research by Babiak and Hare in the USA, Board and Fritzon in the UK and in Australia has shown that psychopaths are indeed to be found at greater levels of incidence at senior levels of organisations than they are at junior levels (Boddy et al., 2010a). There is also some evidence that they may tend to join some types of organisations rather than others and that, for example, large financial organisations may be attractive to them because of the potential rewards on offer in these organizations."
Clive R. Boddy, The Corporate Psychopaths Theory of the Global Financial Crisis, Journal of Business Ethics, 2011
Sep 19, 2006 | CIO Update
The loss of competitive advantage from IT may not be entirely due to its commoditization. It is starting to become clear that at least some of the responsibility lies with business activities taking place outside of the control of IT. Today, business users and knowledge-workers create and modify their IT infrastructures using “plug-and-play” IT products. These commodity IT products are now so easy to use, cheap, and powerful that business users themselves can and do perform much of the work traditionally done by IT.
But without the planning and wider view into the ramifications of their actions provided by IT this often results in disastrous consequences. Forrester Research found 73% of respondents reported incidents and outages due to unplanned infrastructure modifications.
Welcome to the gritty reality of commodity IT. Aside from the opportunity costs and operational losses resulting from this uncontrolled plug-and-play free-for-all, many companies are missing out on the competitive advantage potential that harnessing commodity IT delivers.
Within this disturbing new reality lie both the seeds of competitive advantage and a viable model for 21st century IT. In the Summer 2006 issue of MIT Sloan Management Review , I proposed in “Finishing Off IT” that even though IT is now a commodity it can and does enable significant competitive advantage. Resource dependency creates complex relationships between consumers and providers.
Post a comment Email Article Print Article Share Articles Digg DZone Reddit Slashdot StumbleUpon del.icio.us Facebook FriendFeed FurlThese interdependent relationships in turn produce organizational problems that require organizational solutions. Offered as a solution was the notion that management and organizational structure, not technology, hold the promise of sustainable competitive advantage from IT, and that manufacturing process control techniques hold a viable model for the future of IT.
21st Century IT
To visualize how a 21st century IT organization could look, it helps to consider the production and consumption of IT services as a manufacturing micro-economy.
IT manufactures information processing, communication, and collaboration products that underpin nearly all business operations. Knowledge-workers consume these IT products in pursuit of business objectives using everything from simple emails to more complicated core activities like forecasts and audits.
A deeper exploration of what actually occurs within the IT micro-economy helps to further clarify the issue. Based on real events I documented between December 2005 and July 2006, the following dramatization presents a composite of the experiences reported by a number of mid-to-senior IT managers.
On the way to the office your Blackberry vibrates. It’s a message from your staff. Users on the east side have been tech-swapping again. You know how it goes: “I’ll trade you this color printer for your wide screen monitor.” You know this is going to raise flags with the auditors.
You get to your office and there is a note from the service desk about that system outage on the west side. It turns out the system went down because its users bought some high-resolution scanners and connected them to the system themselves.
You didn’t even know they had scanners until they called demanding support.
Downtown, a group of users decided that to improve performance they needed to regularly transfer gigabytes of video from the main conference room uptown to a storage area network (SAN) they built on their own. As you suspected, these transfers were responsible for slowing down a business-critical application that has managers all over the company grumbling.
An email from the PMO informs you of a new project that will require extra support staffing starting in two weeks; first you've heard of that. You look at the calendar and sigh—budget and staff reductions, increasing user counts, more audits, increased legal regulations, major new and unplanned applications, connectivity and collaboration requirements, and very powerful and unhappy customers to placate.
So much for delivering the IT projects you did know about on-time and on-budget.
This “bad behavior” by the business amplifies the already accelerating velocity of change facing IT whether in-sourced or out-sourced.
The true nature of today's average IT environment is not pretty, and it’s not something most senior executives have fully grasped. It may also turn out to be a critical factor in obtaining competitive advantage from commodity IT.
Rise of the Knowledge-Worker
Post a comment Email Article Print Article Share Articles Digg DZone Reddit Slashdot StumbleUpon del.icio.us Facebook FriendFeed FurlIT commoditization changes the balance of power between IT and the business, and within the business itself. Within the IT micro-economy of plug-and-play commodity IT, the consumer/supplier exchange relationship has shifted. This requires dramatic changes in thinking and management.
Traditional wisdom holds that the consumer for IT services is a functional business unit—sales, marketing, and so on—but, today, the real consumers of IT services are ad-hoc teams of knowledge-workers spanning multiple locations, and crossing business unit and corporate boundaries.
This shift in the exchange relationship has profound implications for the business and IT.
The underlying cause is the unstoppable commoditization of IT as advances accelerate productivity: The ubiquitous availability of information and internet technology is enabling knowledge-workers to traverse geographic, political boundaries, and now functional barriers.
Called “Shadow IT,” they are the millions of knowledge-workers leaping traditional barriers and asserting themselves in ways that challenge traditional IT departments.
Knowledge workers perform vital business functions like numerical analysis, reporting, data mining, collaboration, and research. They use databases, spreadsheets, software, off-the-shelf hardware, and other tools to build and manage sophisticated corporate information systems outside of the auspices and control of traditional IT.
By creating and modifying IT functionality, knowledge-workers are in effect supplanting the traditional role of corporate IT. However, they do so in a management and process control vacuum.
While the business can do these things due to the commoditization of IT, few executives ask if they should do them, and fewer say they must not. Virtually none realize the impact or import. Instead, to the dismay of IT staff, most senior executives and most CIO's condone virtually any demand the business makes.
This lack of control is responsible for many of the problems associated with IT today.
While the IT center-of-gravity has irrefutably shifted to the knowledge-worker, they do not have the long-term vision or awareness of dependencies and planning that IT traditionally provides.
The business wonders why IT doesn’t get "it" and ponders outsourcing when instead they should be taking responsibility for their own IT usage. No product IT can buy, and no outsourced IT utility, can handle these and similar issues encountered in ever-increasing numbers by real IT organizations.
Yet, it is precisely this consumer/supplier shift, increasing dependence upon IT, and the product-oriented nature of commodity IT that provides companies with the opportunity to leverage it for competitive advantage. However many senior executives have so far tipped a blind eye to Shadow IT, implicitly condoning the bad behaviors previously described—and they are throwing away any advantage that IT can provide.
New World Order
This lack of management control over business IT consumption has a tremendous cost. It is partly responsible for loss of the competitive advantage that IT can and does deliver, and is directly responsible for many lost opportunities, increased costs, and service outages.
Over time the erosion of perceived IT quality usually leads to outsourcing, which is increasingly seen as an incomplete solution at best, and a disaster at worst.
In order to recover and expand upon the advantages promised by commodity IT, senior executives have to change their concepts of an IT department, the role of centralized control, and how knowledge workers should contribute. The issue is fundamentally one of management philosophy.
The Nordstrom way promotes a customer/worker management philosophy where management’s first commitment is to the customer. The customer is always right in the Nordstrom way. This accurately reflects is the hands-off position taken by many senior executive leaders with regard to out-of-control Shadow IT practices and bad business behavior.
A better management philosophy for commoditized IT is the ‘Southwest’ way. In the Southwest way, the worker comes first. The customer is not always right, and Southwest has been know to ask misbehaving customers to fly another airline.
Management’s first concern is the worker, because they know that workers following sound processes hold the keys to customer satisfaction, and in turn, competitive advantage.
Making the Southwest model work for 21st century IT requires a more comprehensive view of what constitutes an IT organization, a view that extends well past the borders of what most leaders consider IT.
The rising sophistication and expectations of knowledge workers results in divergence in perceived operational goals between IT and the business—an indicator of task-uncertainty and a key contingency within structural contingency theory.
These changing demographics give new urgency to the need for coordination of knowledge-workers and IT, yet management is trying to centralize IT spend and control via the CIO role.
Instead of embracing Shadow IT, CIOs are trying to shut it down. Consider instant messaging (IM), an application many knowledge worker consider critical. IT's approach to IM is reminiscent of the early days of the Internet.
Instead of realizing the job of IT is to support the needs of knowledge-workers, most IT organizations are trying to stamp out IM—just as they tried to restrict and eliminate Internet access. How will traditional IT respond to Wikis and blogs as corporate IT tools in the future?
The Corporate Executive Board projects that the percentage of IT spend under central control to grow from 50% in 2002, to 95% in 2006, but this does not take into account the knowledge-workers of Shadow IT.
A study by Booze Allen Hamilton found that shadow IT personnel equal as much as 80% of the official IT staff. Clearly, despite the best efforts of senior leaders and IT, the business stubbornly refuses to succumb to centralized IT control.
The problem with the current direction of the CIO role is that is typically has responsibility to support the business without authority to control the business; a classic management mistake leading to the aforementioned dilemmas.
The lure of commodity IT is great. Since shadow IT is a direct result of commoditized IT and resource dependency, it also demonstrates that both corporate IT, and IT utilities, are not delivering the services required by knowledge workers.
However, most IT leaders do not understand the strategic contingencies within the commoditized IT micro-economy. They don’t know their marketplace, and they don’t know who their customer is. In effect, IT is manufacturing the wrong products for the wrong market. IT doesn’t get it either.
They exist for good reasons
As was mentioned in the article, shadow IT exists because the business unit(s) *perceive* that IT is not meeting their needs. Whether or not that is an accurate perception is meaningless, because it is IT's fault that the perception exists.
I was part of a "shadow" IT unit at a major oil company that had (and still has) a monolithic IT department. We built systems in months that would have taken IT the same time just to complete their "JAD" sessions, and one of those projects went on to win the Microsoft Open competition at Comdex in 1993. Our little "shadow" IT unit changed the way Shell did IT - at least for a while. The corporate standard was going to be OS/2 - we demonstrated to them that Windows 3.0 was a better solution for the average desktop. They insisted on buying IBM PS/2's - we proved to them that it was much more economical AND MANAGEABLE to buy less-expensive, more mainstream units (clones). They insisted on buying IBM 8-bit SNA adapters, while we were purchasing Madge 16-bit SNA adapters at almost half the price. We also updated their networks for the whole complex.
At the end of our first year of operations, we had saved the company over $1 million in support costs and were rated the highest support unit in the company.
If you are in IT and have to "deal" with a shadow unit, here's a word of advice. LEARN FROM THEM. They exist for a good reason, and if you want to take them under your wing, let them teach you what they know. Make friends. Work together. Monolithic IT is good at moving slowly, so SLOWLY integrate the shadow units and learn from them.Your assumptions are as much of the problem.
Your description of local IT organizations as "clandestine," ominous," and "illegitimate" are symptoms of an attitude common among those who work for Central IT organizations. This attitude is often as much or more responsible for the problem as you cast it than all of the issues cited in this article combined.
The author of this article creates a neat self-fulfilling prophecy by relying on opinions from people who sell their services to Central IT Managers. Therefore, the perspective is limited to the very narrow interests of IT manager "afflicted" with the problem of informal IT functions. While security, network administration, and configuration management are critical requirements of any enterprise, they are most often peripheral to the organization's primary goals. In this context, the Central IT function becomes a service to the business and IT Staff serviuce providers who must make their services (security for example) relevant to their "customers." Thus, this article does not address the all too common communications failures of IT groups, the "not invented here syndrome" that almost defines the notion of Centralized IT, and the common lack of business savvy that dominates corporate IT.
This is an entirely superficial and incomplete treatment of one of the most costly aspects of modern business.
February 23, 2007 | ericbrown.com
retweetShadow IT has been defined by George Spafford in his article titled The Dangers that Lurk Behind Shadow IT as:
…groups providing information technology solutions outside of the formal IT organization. Their existence is due to groups thinking they can do things cheaper and/or better than the formal IT group.Also, it may be that the formal group can’t meet their service requirements or the formal group is forced to develop generic applications in an attempt to meet the needs of everyone and controlling costs versus customizing applications to meet the needs of business units.
A few examples:
- The IT department of a very large wireless telecom company had very strict guidelines about the types of computers that were allowed on their network. A policy of this nature is understandable if the business needs of the company are considered prior to implementing this policy. Engineers, working with their managers, approached IT to ask that a new type of machine be supported so that they could run their engineering software. The request was denied by IT since they only reviewed new computers at the end of the Fiscal year. As it turns out, engineers within this company had to buy, install and support an entire ‘shadow’ network of computers in order to run the software that they needed to run (the software required very high-performance computers).
- When users within an office of a very large contract manufacturing company needed IT support, they were not able to contact the local IT person who worked with them in the same building, but were required to call a toll-free number that was routed to an IT helpdesk. The helpdesk would then log a ticket and try to help the user, which invariably didn’t resolve the problem. The user would then be told that the local IT rep would be assigned the ticket. After what was usually at least an hour of dealing with the outsourced IT staff, the user would finally be allowed to talk to the local IT rep who would then fix their problem within a few minutes. Eventually, the staff began to ignore the IT helpdesk completely and would resolve their own problems and would even call in an outside IT support person from the local computer store to fix their problems.
- One of the best examples of Shadow IT occurred at one of my previous employers. Our IT department was outsourced to a large IT firm, who was very responsive to our needs…for the most part. The contract with the IT firm had been negotiated and agreed to without any input from the actual users or departments that would be supported. Since the group that I managed was a software support group, we had a need for quite a number of different computers with different configurations, but none of this information was ever captured in the contract. When it came time to get a few more computers to match the configuration of our new clients’ PC’s, were were told that the contract didn’t allow it and despite my efforts, we were never able to get new PC’s through the IT group…we had to purchase them ourselves and support them ourselves. Shadow IT at its finest.
How do we solve the Shadow IT problem? Mike Schaffner over at Beyond Blinking Lights and Acronyms has a few ideas. In a post titled Shadow IT Revisited, he writes:
The bottom line is we have to figure out a way to provide needed user services while meeting the legitimate IT concerns or the users will by-pass IT and do it on their own.
Mike is right. IT needs to be able to provide services to the business that force the business to never have to think about IT…don’t give IT users the opportunity or reason to look outside of the IT group for support. In other words, provide top-notch support to the business. This may require additional costs in adding headcount, but it might be something to consider if a good portion of the IT groups’ time is spent fighting Shadow IT issues.
Another way to solve the Shadow IT problem is for IT groups and senior leadership to understand the value that the IT group can provide to the organization. IT can do so much more than ‘support computers’…they can provide a strategic advantage as well.
Mike’s post, which describes an article titled “Users Who Know Too Much (And the CIOs Who Fear Them)” on CIO.com provides a great overview of how to solve the Shadow IT problem and is definitely worth jumping over and reading the CIO.com article and Mike’s post.
PS – Mike has another good post titled “IT Needs to Become more like Shadow IT” in which Mike describes more ideas for resolving the Shadow IT problem.
Selected commentsAdam Pacio:November 1, 2007 at 1:47 pm
I like the name, ‘Shadow IT’. I have to say that I’ve been a part of it in the past, and I’m a part of Shadow IT in my current workplace, too. Partly due to the fact that for a decade I was working as a graphic designer, and company IT has been less than happy with having to work with Macs until relatively recently (the OS X years), so there is a whole generation of the design industry who are accustomed to providing their own network support and troubleshooting.
The other part seems to be the lack of understanding of technology in general from a senior management level. The old guard of managers don’t understand, for example, that it *might* just be a good idea to check with IT before committing to server solutions and rich internet application builds until it’s usually too late.
The upshot of all of this is that the IT Professional can no longer be expected to be the single-source of Information Technology advice. Nowadays you’ve got content managers and enterprise-level tech departments which operate on a P&L bottom line and outside of the traditional IT chain of command. If IT is going to combat the development of ‘shadow IT’ departments, it needs to become much less of a silo and more of a distributed network of knowledge leadership, but also knowledge support.
Which is very plain from the tech person’s POV, but not so much so from Sr. Mgmt or within the legacy hierarchy structures that most companies are struggling to revise or retool.
Oct 07, 2010 | GovExec.com
America Online, eBay, Google, iTunes, MySpace, instant messaging, Yahoo, YouTube. What would life, or work, be like without these and other popular Internet-driven diversions?
Today's workers are tech savvy, and government employees are no exception. They want and use the latest applications. Whether their information technology administrators like it or not, federal workers are using the software to be more productive or, at times, to be entertained.
These un-approved applications don't come from agency IT shops, though; employees are downloading them directly off the Internet. The practice has become so widespread in all kinds of organizations that it now has its own descriptor: shadow IT.
The problem is that shadow IT poses security risks. The applications could have vulnerabilities that provide the holes hackers need to access employee computers and government networks and steal information or install malware. At a hearing this summer of the House Oversight and Government Reform Committee, security monitoring company Tiversa Inc. testified that it had found 200 government documents during a scan of the top three peer-to-peer software applications, which allow computer users with the same software to share files stored on their PCs or laptops.
Fear of security mishaps has caused some IT managers to ban unapproved technology by issuing strict policies or configuring firewalls to block applications. But how realistic is it to expect users to steer clear of the increasing array of cool technology tools? "Resistance is futile," says Alan Paller, director of research at the SANS Institute, a nonprofit cyber-security research organization in Bethesda, Md.
And fighting shadow IT could be counterproductive. Agencies that institute prohibitive policies will face substantial pushback, Paller predicts. Such policies could radically reduce the convenience of useful information sources and communications platforms, and could make employees less productive in the long run, he says.
Videoconferencing and wireless Internet access, which many agencies initially opposed, serve as examples of how departments could come to accept other new technologies, Paller says. When agencies blocked the use of Wi-Fi, managers sometimes couldn't reach workers, which ushered in the use of wireless technologies.
But the federal government has done little to keep up with the proliferation of applications. The latest policy governing employee use of government-issued PCs or laptops is now eight years old. According to a 1999 report from the interagency Chief Information Officers Council, workers are permitted limited use of office equipment -- including Internet services and e-mail -- for personal needs if it does not interfere with official business and involves minimal expense to the government.
Inappropriate uses are any that could cause congestion, delay or disruption of service to government systems. Creating, downloading, viewing, storing, copying or transmitting materials that are "illegal, inappropriate or offensive to fellow employees or the public" is prohibited as well.
To make sure employees follow proper procedures, some agencies, such as the General Services Administration, inform employees that their computer activities are continuously monitored. But a 16-year GSA veteran, who asked not to be named, says whether managers are "actively doing that is questionable."
The bottom line is "these workstations are not for personal use," he says. Still, this worker routinely checks his personal Yahoo.com e-mail account, which is "unavoidable because you're at work eight or nine hours a day," he says.
Personal applications downloaded from the Internet are widely used in government, including many congressional offices, where instant messaging is practically the primary means of communication. A former chief of staff on the Hill says IM was a necessity in his office. Sometimes he would find himself IMing facts and figures to his press secretary from across the room while his colleague conducted a telephone interview with a reporter.
The frenzy over downloaded software has only just begun, Paller warns. Applications being used without IT managers' blessings are "a tenth of what you'll see in two or three years," he says. The popularity of one of the largest virtual worlds, Second Life, and any number of next-generation Web wonders are going to fuel what he predicts will be an intensely interactive, "high-fidelity, high-bandwidth" culture -- if it hasn't already begun.
Instead of fighting it, Paller advises finding a secure way to allow the technologies. Agencies should embrace the concept of "comply and connect" rather than "scan and block," he says. Since 2005, the Air Force has not allowed any computer to be connected to the Air Force network unless it has a common configuration and all patches and updated security software have been installed, Paller says. In March, the Office of Management and Budget recognized the economic and security benefits of the initiative and issued a similar mandate for all agencies.
Marty Lindner, a senior staffer at Carnegie Mellon University's federally funded Software Engineering Institute, offers a common-sense solution. IT restrictions should be squared with the mission of the agency and the sensitivity of job functions, he says. "If I'm the operator of a nuclear power plant, I don't think anything should be allowed on that [computer] desktop that doesn't have to do with running that power plant," Linder says.
Agencies also should create a detailed policy about what can be loaded onto PCs and laptops. Most important, IT managers then must check individual PCs and laptops to "make sure people are following it," Lindner says. Setting an office policy can define "the things you should not do and the things you're allowed to do based on your business model," he says. "Just highlighting the stuff you cannot do is a bad way to write policy."
One way to let employees know what they can do is to create "white lists" of approved applications and popular Web destinations that employees can download and visit, says Shawn McCarthy, analyst at Government Insights, a Falls Church, Va., IT consulting firm. IT administrators sometimes are reluctant to embrace this approach because it's a big job, and they should not be setting business policies, he says. But the trick, McCarthy says, is to find "the right balance between individual productivity and the needs of the IT department."
Andrew Noyes is a senior writer for National Journal's Technology Daily.
You’ve no doubt heard about the stealth cloud—people “flying under the radar” consuming IT services without the permission or support of IT. Personally, I call it Shadow IT, because SH**IT happens—and whether you want to admit it or not, it’s happening in your company.
Business users are adopting cloud computing in droves—underground. So what can you do? Embrace it. Well, that is if you want to maintain enterprise security and compliance—and retain your customers. Recently, I read a really interesting article on this very topic—which includes some ideas on how to address this growing challenge. It’s a good article. Give it a read if you have a few minutes.
So why are IT organizations still so averse to cloud computing? Most people today will tell you it all boils down to concerns over security. However, most cloud providers can probably provide better security than most enterprises can. After all, their core business depends on it for survival. So I’ve started to wonder if it isn’t more of a case of insecurity. You see, for as long as I can remember, IT’s perceived role has been one of control. Underground cloud computing takes away virtually all of that control and puts it squarely in the hands of business users.
From what I’ve seen over the years, IT people are often insecure about their jobs or abilities. If they lose control of what goes into the cloud, perhaps they fear they won’t have anything to build or manage, or anyone left to control.
What IT perhaps fails to see is that when a business user goes around them and starts using an unapproved cloud-based app, they’re not doing it out of malice. They’re just trying to get their job done—and they view IT as too inflexible and unresponsive to help them. So they take matters into their own hands. Unfortunately, this underground cloud computing opens the company up to untold risk exposure and compliance issues, which could easily drive away customers if something were to go wrong.
So whether IT likes it or not, the time has come to start embracing cloud computing. IT needs to become more flexible and responsive to keep up with the pace of today’s business. Trust me, it’ll make upper management and your auditors much happier.
Intelligent workload management, infused with identity, can make the process that much more painless. Specifically, Novell WorkloadIQ solutions can help you and your IT organization discover the underground cloud applications that are being used, evaluate them and adopt the ones that make sense for your business. Then, you can build, secure, manage and measure your workloads across physical, virtual and cloud environments quicker and easier—and with confidence.
If your head is in the sand, pull it out—get past the insecurities and shine some light on stealth cloud.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.
ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least
Copyright © 1996-2015 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.
Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down currently there are two functional mirrors: softpanorama.info (the fastest) and softpanorama.net.|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: November 15, 2015