Prop 8 Ruling: The Measure of a Court

Sheila Kuehl

posted on Wednesday, 27 May 2009

Originally posted at: http://www.sheilakuehl.org/ as: Prop 8 Ruling: The Court Has Lost Its Way.

no on prop 8 unite2 Prop 8 Ruling: The Measure of a CourtYesterday, the California Supreme Court ruled on the validity of Proposition 8, the measure adopted by California voters last November to add a new section 7.5 to Article I of the California Constitution, as follows: “Only marriage between a man and a woman is valid or recognized in California”.

The measure was challenged by a coalition of organizations and individuals who favor the ability of same-sex couples to marry on three bases:

 

  1. That the measure adopted by the voters 52% to 48% was not a simple amendment to the state Constitution, which may be adopted by a majority vote, but, rather, a revision to the Constitution, which may not. The Constitution may only be changed in one of these two ways, and, if the change is actually a revision to the Constitution, it must either be passed by a two-thirds vote of each house of the state Legislature and put to a vote of the people, or proposed through a constitutional convention and put to a vote
  2. The second challenge theorized that Prop 8 violated the separation of powers principle because it abrogated a previous Supreme Court decision which held that, under Equal Protection and Due Process principles, same sex couples had the same right to marry in California as opposite sex couples.
  3. The Attorney General advanced a different theory: that the “inalienable” right articulated by the Court in the Marriage Cases could not be abrogated by a majority vote unless there was a compelling state interest in doing so.

The Court rejected all three, holding that they were required to find that the Constitution could be amended by a majority of voters in any election, even if the amendment abrogated a fundamental right previously articulated by the Court.

How Could They Say That?
The Court set out the legal principle that distinguishes an amendment from a revision: That it must change the basic governmental plan or framework of the Constitution. In deciding whether Prop 8 did, indeed, change the Constitution at such a basic level, the Court decided it did not, and, also, that it did not “entirely repeal or abrogate” the rights articulated in the Marriage Cases.

This is where the Court seriously lost its way.

Marriage Is Just A Word….Not
Here’s what the majority opinion said, which I think is not only seriously in error, but a cowardly about-face from their language in the Marriage Cases, which is reprinted in the next section.

First: today’s decision:

“In analyzing the constitutional challenges presently before us, we first explain that the provision added to the California Constitution by Proposition 8, when considered in light of the majority opinion in the Marriage Cases, supra, 43 Cal.4th 757 (which preceded the adoption of Proposition 8), properly must be understood as having a considerably narrower scope and more limited effect than suggested by petitioners in the cases before us. Contrary to petitioners’ assertion, Proposition 8 does not entirely repeal or abrogate the aspect of a same-sex couple’s state constitutional right of privacy and due process that was analyzed in the majority opinion in the Marriage Cases - that is, the constitutional right of same-sex couples to “choose one’s life partner and enter with that person into a committed, officially recognized, and protected family relationship that enjoys all of the constitutionally based incidents of marriage” (Marriage Cases, supra, 43 Cal.4th at p. 829). Nor does Proposition 8 fundamentally alter the meaning and substance of state constitutional equal protection principles as articulated in that opinion. Instead, the measure carves out a narrow and limited exception to these state constitutional rights, reserving the official designation of the term “marriage” for the union of opposite-sex couples as a matter of state constitutional law, but leaving undisturbed all of the other extremely significant substantive aspects of a same-sex couple’s state constitutional right to establish an officially recognized and protected family relationship and the guarantee of equal protection of the laws.”

In other words….what’s the big deal about the word “marriage”?

As it turns out, quite a bit. Here’s what the same Court said about it in the Marriage Cases:

First, it set out the principle it quotes in the new opinion:

“In responding to the Attorney General’s argument, the majority opinion stated that “[w]e have no occasion in this case to determine whether the state constitutional right to marry necessarily affords all couples the constitutional right to require the state to designate their official family relationship a ‘marriage,’ ” because “[w]hether or not the name ‘marriage,’ in the abstract, is considered a core element of the state constitutional right to marry, one of the core elements of this fundamental right is the right of same-sex couples to have their official family relationship accorded the same dignity, respect, and stature as that accorded to all other officially recognized family relationships.

But, then, the Court answers its own question as to the importance of the word Marriage:

“The current statutes - by drawing a distinction between the name assigned to the family relationship available to opposite-sex couples and the name assigned to the family relationship available to same-sex couples, and by reserving the historic and highly respected designation of marriage exclusively to opposite-sex couples while offering same-sex couples only the new and unfamiliar designation of domestic partnership _ pose a serious risk of denying the official family relationship of same-sex couples the equal dignity and respect that is a core element of the constitutional right to marry.”

It is a distinction that makes an enormous difference and, therefore, should be seen as a revision to the state’s Equal Protection and Due Process requirements.

By hanging its decision that Prop 8 was an amendment and not a revision on the slim and dishonest statement that same sex couples are not denied legal rights by denying them the “word” marriage, the Court errs.

Justice Moreno, in Dissent
Bless his heart and his mind. Here is what he says:

“The question before us is not whether the language inserted into the California Constitution by Proposition 8 discriminates against same-sex couples and denies them equal protection of the law; we already decided in the Marriage Cases that it does. The question before us today is whether such a change to one of the core values upon which our state Constitution is founded can be accomplished by amending the Constitution through an initiative measure placed upon the ballot by the signatures of 8 percent of the number of persons who voted in the last gubernatorial election and passed by a simple majority of the voters. (Cal. Const., art. II, § 8.) Or is this limitation on the scope of the equal protection clause to deny the full protection of the law to a minority group based upon a suspec
t classification such a fundamental change that it can only be accomplished by revising the California Constitution, either through a constitutional convention or by a measure passed by a two-thirds vote of both houses of the Legislature and approved by the voters? (Cal. Const., art. XVIII.)

For reasons elaborated below, I conclude that requiring discrimination against a minority group on the basis of a suspect classification strikes at the core of the promise of equality that underlies our California Constitution and thus “represents such a drastic and far-reaching change in the nature and operation of our governmental structure that it must be considered a ‘revision’ of the state Constitution rather than a mere ‘amendment’ thereof.” (Amador Valley Joint Union High Sch. Dist. v. State Bd. of Equalization (1978) 22 Cal.3d 208, 221 (Amador Valley).) The rule the majority crafts today not only allows same-sex couples to be stripped of the right to marry that this court recognized in the Marriage Cases, it places at risk the state constitutional rights of all disfavored minorities. It weakens the status of our state Constitution as a bulwark of fundamental rights for minorities protected from the will of the majority. I therefore dissent.”

Sheila KuehlMe, too.


Sheila James Kuehl

Sheila James Kuehl was appointed to the California Integrated Waste Management Board on December 1, 2008, after having served eight years in the State Senate and six years in the State Assembly. Senator Kuehl served as chair of the Senate Natural Resources and Water Committee from 2000-2006. Her website is www.sheilakuehl.org


Target of RIAA lawsuit says music piracy case has been an ordeal

College student Joel Tenenbaum claims trade group wanted to make an example of him

Jaikumar Vijayan

Click here to find out more!

December 19, 2008 (Computerworld) To hear Joel Tenenbaum's version of the story, at least, it isn't hard to see why the Recording Industry Association of America's campaign against music piracy has earned the RIAA so many enemies — perhaps contributing to the trade group's decision this week to stop filing lawsuits against people like Tenenbaum.

Tenenbaum, who turns 25 on Christmas day, is a doctoral student in physics at Boston University. He also is involved in a high-profile legal fight with the RIAA for allegedly downloading and distributing songs belonging to several music labels. The recording companies claim to have discovered more than 800 songs stored illegally in a shared folder on Tenenbaum's computer, although the RIAA's case against him only identifies seven of the songs.

The RIAA says that despite its change in strategy, it doesn't plan to drop existing lawsuits. If found guilty of willful copyright infringement, Tenenbaum faces financial penalties that could exceed $1 million dollars — $150,000 per song, the maximum fine allowed by the federal statute under which he is being sued.

Tenenbaum is being represented in the case byHarvard University law professor Charles Nesson, who in October filed a counterclaimchallenging both the constitutionality of the Digital Theft Deterrence and Copyright Damages Improvement Act and the attempted use of it against Tenenbaum by the music labels.

A hearing on Nesson's counterclaim — which is much broader in scope than previous legal challenges to the constitutionality of the RIAA's antipiracy campaign — is scheduled to be held Jan. 22 in U.S. District Court in Boston.

Tenenbaum's run-in with the RIAA began in September 2005, when he was an undergrad at Goucher College in Baltimore. His parents, who live in Providence, R.I., received a pre-litigation notice from Sony BMG, Warner Bros. and other recording companies directing them to contact an RIAA "settlement hotline" and pony up $5,250 for alleged online music piracy involving a computer in their home.

There was little opportunity to dispute the amount or to even question the validity of the allegations made in the letter, according to Tenenbaum. The operators manning the RIAA hotline appeared to have little information or authority to do anything more than simply "just sit there and keeping asking you for your MasterCard or Visa number" to make the demanded payment, he said in an interview this week.

"It's scary when you know nothing about copyright law and suddenly there's this letter that says you're infringing the law," Tenenbaum said. "You don't even know if it's a criminal or a civil matter and if you could end up in prison."

After initial attempts to resolve the issue failed, Tenenbaum said he offered the RIAA $500 to settle the claims, arguing that as a student, he couldn't afford to pay more. That offer was quickly rejected by the RIAA, and Tenenbaum didn't hear anything more from the trade group for nearly two years. "I had no idea why, and I didn't want to know why," he said. "I didn't know if they had decided that we weren't worth it, or if the case had fallen through the cracks."

Those questions were finally answered in August 2007, in the form of a stack of legal documents in which the music companies formally accused Tenenbaum of copyright infringement. He filed a motion in the Boston court seeking to dismiss the RIAA's civil suit. Then, after some "back and forth" between the two sides, Tenenbaum said, he agreed to pay the $5,250 that the RIAA had demanded as restitution for the alleged violations.

But according to Tenebaum, the RIAA refused to accept the settlement offer and instead increased its payment demand, asking him for $12,000. "At that point, I said 'no' because it was no longer a settlement," he said. Tenenbaum contends that the RIAA seems to be focused more on trying to make an example of him than on seeking restitution for any actual damages caused by the alleged piracy.

The counterclaim filed by Nesson includes similar assertions. Apart from asking for the case against Tenenbaum to be dismissed, the filing seeks damages from the RIAA for what Nesson described as anabuse of process. He accused the music industry of conducting a campaign of intimidation and of seeking absurdly excessive financial restitution for alleged copyright violations.

The approach that the RIAA has been taking "creates grotesquely excessive punitive use of civil process," Nesson said this week. "The RIAA actually claims that actual damage is irrelevant, which we claim is unconstitutional."

Cara Duckworth, a spokeswoman for the RIAA, dismissed the claims that the lawsuits filed against Tenenbaum and others are meant to serve as examples. "This case is no different from all of our other cases," she said. "In fact, Mr. Tenenbaum essentially admitted to illegal activities, and we believe that he should be held accountable under the law."

In an interview before the RIAA's decision to stop filing lawsuits came to light, Duckworth said statistics show that music piracy cost the music industry about $3 billion over the last seven years and also resulted in more than $2 billion in lost wages for American workers. Much of that piracy was tied to illegal downloading by college students, she noted.

"A lot of jobs depend on the legitimate sale of music," Duckworth said. "Regardless of how someone feels about our lawsuits, there are real consequences [as a result of piracy]."

The RIAA's lawsuit against Tenenbaum has certainly had consequences for the college student. In September, Tenenbaum was deposed for what he said was nine hours by RIAA lawyers in Boston. He said that during the deposition, he was barraged with questions about every computer he had owned or used, the names of songs he had downloaded and the peer-to-peer software he used. The lawyers even asked him about certain modifications he made to his car in high school because of photos they found on his computer, he said.

The computer at the center of the case has long since been trashed as a result of what
Tenenbaum claimed was a burned-out CPU. But, he said, the RIAA has asked for a complete copy of the hard disk in his current computer as well as the ones used by his parents and his sister, who lives in Pittsburgh. He described that request as "a disturbing invasion of privacy."

Tenenbaum's parents and sister have also been deposed in the case, as has a friend in Minnesota who called the RIAA hotline on behalf of Tenenbaum's mother after the pre-litigation notice was sent. "She happened to know copyright law and at some point said something about copyright infringement," Tenenbaum said. "She's a college kid. We had to file an affidavit to get them to stop calling her my lawyer."

As a result of the the RIAA's various depositions, Nesson has had to find local attorneys in three states in order to mount a defense against the piracy claims, Tenenbaum said. He added that Nesson's offer to defend him earlier this year has been a huge deal for him and his family. Prior to that, much of the legal work was being done by Tenenbaum's mother, who is a practicing lawyer but has little knowledge of copyright infringement laws.

Tenenbaum said Nesson's presence also means that he himself no longer has to face the RIAA's battery of lawyers. "They are very pushy, very unpleasant people to deal with," Tenenbaum said, adding that any attempt to push back at the lawyers was immediately portrayed as a lack of cooperation and met with threats that they would inform the judge. "Everything you said, they twisted," he claimed.

The RIAA's own description of events, contained in court filings, paints a slightly different picture. According to the trade group, Tenenbaum's parents received the pre-litigation notice only because a computer that was identified as being involved in illegal music sharing was traced back to their house.

The RIAA says that it rejected Tenenbaum's $500 settlement offer and his claims of financial problems because its investigation showed that he had just purchased a $250,000 condo. And the trade group claims in its legal filings that it made several attempts to negotiate a settlement with Tenenbaum before filing the lawsuit against him.

Tenenbaum said that although online piracy is a problem, the larger issue lies with what he characterized as the music industry's continued insistence on seeing the Internet as a threat instead of as a tool that can transform the manner in which music is consumed.

"I don't think anybody thinks artists shouldn't be rewarded for their work," Tenenbaum said. But there are other ways to do so on the Net that the music industry has stubbornly refused to consider, he added. "They are still operating," he said, "on this outdated assumption of the Internet as a threat, a weapon that is being used against them."

Our Mutual Joy

Here are some of the responses to the article below:

http://blog.newsweek.com/blogs/readback/archive/2008/12/08/a-religious-reaction-to-gay-marriage.aspx

Newsweek

Opponents of gay marriage often cite Scripture. But what the Bible teaches about love argues for the other side.

Lisa Miller

NEWSWEEK

From the magazine issue dated Dec 15, 2008

For feedback on this story, head to NEWSWEEK's Readback blog.

Let's try for a minute to take the religious conservatives at their word and define marriage as the Bible does. Shall we look to Abraham, the great patriarch, who slept with his servant when he discovered his beloved wife Sarah was infertile? Or to Jacob, who fathered children with four different women (two sisters and their servants)? Abraham, Jacob, David, Solomon and the kings of Judah and Israel—all these fathers and heroes were polygamists. The New Testament model of marriage is hardly better. Jesus himself was single and preached an indifference to earthly attachments—especially family. The apostle Paul (also single) regarded marriage as an act of last resort for those unable to contain their animal lust. "It is better to marry than to burn with passion," says the apostle, in one of the most lukewarm endorsements of a treasured institution ever uttered. Would any contemporary heterosexual married couple—who likely woke up on their wedding day harboring some optimistic and newfangled ideas about gender equality and romantic love—turn to the Bible as a how-to script?

Of course not, yet the religious opponents of gay marriage would have it be so.

The battle over gay marriage has been waged for more than a decade, but within the last six months—since California legalized gay marriage and then, with a ballot initiative in November, amended its Constitution to prohibit it—the debate has grown into a full-scale war, with religious-rhetoric slinging to match. Not since 1860, when the country's pulpits were full of preachers pronouncing on slavery, pro and con, has one of our basic social (and economic) institutions been so subject to biblical scrutiny. But whereas in the Civil War the traditionalists had their James Henley Thornwell—and the advocates for change, their Henry Ward Beecher—this time the sides are unevenly matched. All the religious rhetoric, it seems, has been on the side of the gay-marriage opponents, who use Scripture as the foundation for their objections.

The argument goes something like this statement, which the Rev. Richard A. Hunter, a United Methodist minister, gave to the Atlanta Journal-Constitution in June: "The Bible and Jesus define marriage as between one man and one woman. The church cannot condone or bless same-sex marriages because this stands in opposition to Scripture and our tradition."

To which there are two obvious responses: First, while the Bible and Jesus say many important things about love and family, neither explicitly defines marriage as between one man and one woman. And second, as the examples above illustrate, no sensible modern person wants marriage—theirs or anyone else's —to look in its particulars anything like what the Bible describes. "Marriage" in America refers to two separate things, a religious institution and a civil one, though it is most often enacted as a messy conflation of the two. As a civil institution, marriage offers practical benefits to both partners: contractual rights having to do with taxes; insurance; the care and custody of children; visitation rights; and inheritance. As a religious institution, marriage offers something else: a commitment of both partners before God to love, honor and cherish each other—in sickness and in health, for richer and poorer—in accordance with God's will. In a religious marriage, two people promise to take care of each other, profoundly, the way they believe God cares for them. Biblical literalists will disagree, but the Bible is a living document, powerful for more than 2,000 years because its truths speak to us even as we change through history. In that light, Scripture gives us no good reason why gays and lesbians should not be (civilly and religiously) married—and a number of excellent reasons why they should.

In the Old Testament, the concept of family is fundamental, but examples of what social conservatives would call "the traditional family" are scarcely to be found. Marriage was critical to the passing along of tradition and history, as well as to maintaining the Jews' precious and fragile monotheism. But as the Barnard University Bible scholar Alan Segal puts it, the arrangement was between "one man and as many women as he could pay for." Social conservatives point to Adam and Eve as evidence for their one man, one woman argument—in particular, this verse from Genesis: "Therefore shall a man leave his mother and father, and shall cleave unto his wife, and they shall be one flesh." But as Segal says, if you believe that the Bible was written by men and not handed down in its leather bindings by God, then that verse was written by people for whom polygamy was the way of the world. (The fact that homosexual couples cannot procreate has also been raised as a biblical objection, for didn't God say, "Be fruitful and multiply"? But the Bible authors could never have imagined the brave new world of international adoption and assisted reproductive technology—and besides, heterosexuals who are infertile or past the age of reproducing get married all the time.)

Ozzie and Harriet are nowhere in the New Testament either. The biblical Jesus was—in spite of recent efforts of novelists to paint him otherwise—emphatically unmarried. He preached a radical kind of family, a caring community of believers, whose bond in God superseded all blood ties. Leave your families and follow me, Jesus says in the gospels. There will be no marriage in heaven, he says in Matthew. Jesus never mentions homosexuality, but he roundly condemns divorce (leaving a loophole in some cases for the husbands of unfaithful women).

The apostle Paul echoed the Christian Lord's lack of interest in matters of the flesh. For him, celibacy was the Christian ideal, but family stability was the best alternative. Marry if you must, he told his audiences, but do not get divorced. "To the married I give this command (not I, but the Lord): a wife must not separate from her husband." It probably goes without saying that the phrase "gay marriage" does not appear in the Bible at all.

If the bible doesn't give abundant examples of traditional marriage, then what are the gay-marriage opponents really exercised about? Well, homosexuality, of course—specifically sex between men. Sex between women has never, even in biblical times, raised as much ire. In its entry on "Homosexual Practices," the Anchor Bible Dictionary notes that nowhere in the Bible do its authors refer to sex between women, "possibly because it did not result in true physical 'union' (by male entry)." The Bible does condemn gay male sex in a handful of passages. Twice Leviticus refers to sex between men as "an abomination" (King James version), but these are throwaway lines in a peculiar text given over to codes for living in the ancient Jewish world, a text that devotes verse after verse to treatments for leprosy, cleanliness rituals for menstruating women and the correct way to sacrifice a goat—or a lamb or a turtle dove. Most of us no longer heed Leviticus on haircuts or blood sacrifices; our modern understanding of the world has surpassed its prescriptions. Why would we
regard its condemnation of homosexuality with more seriousness than we regard its advice, which is far lengthier, on the best price to pay for a slave?

Paul was tough on homosexuality, though recently progressive scholars have argued that his condemnation of men who "were inflamed with lust for one another" (which he calls "a perversion") is really a critique of the worst kind of wickedness: self-delusion, violence, promiscuity and debauchery. In his book "The Arrogance of Nations," the scholar Neil Elliott argues that Paul is referring in this famous passage to the depravity of the Roman emperors, the craven habits of Nero and Caligula, a reference his audience would have grasped instantly. "Paul is not talking about what we call homosexuality at all," Elliott says. "He's talking about a certain group of people who have done everything in this list. We're not dealing with anything like gay love or gay marriage. We're talking about really, really violent people who meet their end and are judged by God." In any case, one might add, Paul argued more strenuously against divorce—and at least half of the Christians in America disregard that teaching.

Religious objections to gay marriage are rooted not in the Bible at all, then, but in custom and tradition (and, to talk turkey for a minute, a personal discomfort with gay sex that transcends theological argument). Common prayers and rituals reflect our common practice: the Episcopal Book of Common Prayer describes the participants in a marriage as "the man and the woman." But common practice changes—and for the better, as the Rev. Martin Luther King Jr. said, "The arc of history is long, but it bends toward justice." The Bible endorses slavery, a practice that Americans now universally consider shameful and barbaric. It recommends the death penalty for adulterers (and in Leviticus, for men who have sex with men, for that matter). It provides conceptual shelter for anti-Semites. A mature view of scriptural authority requires us, as we have in the past, to move beyond literalism. The Bible was written for a world so unlike our own, it's impossible to apply its rules, at face value, to ours.

Marriage, specifically, has evolved so as to be unrecognizable to the wives of Abraham and Jacob. Monogamy became the norm in the Christian world in the sixth century; husbands' frequent enjoyment of mistresses and prostitutes became taboo by the beginning of the 20th. (In the NEWSWEEK POLL, 55 percent of respondents said that married heterosexuals who have sex with someone other than their spouses are more morally objectionable than a gay couple in a committed sexual relationship.) By the mid-19th century, U.S. courts were siding with wives who were the victims of domestic violence, and by the 1970s most states had gotten rid of their "head and master" laws, which gave husbands the right to decide where a family would live and whether a wife would be able to take a job. Today's vision of marriage as a union of equal partners, joined in a relationship both romantic and pragmatic, is, by very recent standards, radical, says Stephanie Coontz, author of "Marriage, a History."

Religious wedding ceremonies have already changed to reflect new conceptions of marriage. Remember when we used to say "man and wife" instead of "husband and wife"? Remember when we stopped using the word "obey"? Even Miss Manners, the voice of tradition and reason, approved in 1997 of that change. "It seems," she wrote, "that dropping 'obey' was a sensible editing of a service that made assumptions about marriage that the society no longer holds."

We cannot look to the Bible as a marriage manual, but we can read it for universal truths as we struggle toward a more just future. The Bible offers inspiration and warning on the subjects of love, marriage, family and community. It speaks eloquently of the crucial role of families in a fair society and the risks we incur to ourselves and our children should we cease trying to bind ourselves together in loving pairs. Gay men like to point to the story of passionate King David and his friend Jonathan, with whom he was "one spirit" and whom he "loved as he loved himself." Conservatives say this is a story about a platonic friendship, but it is also a story about two men who stand up for each other in turbulent times, through violent war and the disapproval of a powerful parent. David rends his clothes at Jonathan's death and, in grieving, writes a song:

I grieve for you, Jonathan my brother;
You were very dear to me.
Your love for me was wonderful,
More wonderful than that of women.

Here, the Bible praises enduring love between men. What Jonathan and David did or did not do in privacy is perhaps best left to history and our own imaginations.

In addition to its praise of friendship and its condemnation of divorce, the Bible gives many examples of marriages that defy convention yet benefit the greater community. The Torah discouraged the ancient Hebrews from marrying outside the tribe, yet Moses himself is married to a foreigner, Zipporah. Queen Esther is married to a non-Jew and, according to legend, saves the Jewish people. Rabbi Arthur Waskow, of the Shalom Center in Philadelphia, believes that Judaism thrives through diversity and inclusion. "I don't think Judaism should or ought to want to leave any portion of the human population outside the religious process," he says. "We should not want to leave [homosexuals] outside the sacred tent." The marriage of Joseph and Mary is also unorthodox (to say the least), a case of an unconventional arrangement accepted by society for the common good. The boy needed two human parents, after all.

In the Christian story, the message of acceptance for all is codified. Jesus reaches out to everyone, especially those on the margins, and brings the whole Christian community into his embrace. The Rev. James Martin, a Jesuit priest and author, cites the story of Jesus revealing himself to the woman at the well— no matter that she had five former husbands and a current boyfriend—as evidence of Christ's all-encompassing love. The great Bible scholar Walter Brueggemann, emeritus professor at Columbia Theological Seminary, quotes the apostle Paul when he looks for biblical support of gay marriage: "There is neither Greek nor Jew, slave nor free, male nor female, for you are all one in Jesus Christ." The religious argument for gay marriage, he adds, "is not generally made with reference to particular texts, but with the general conviction that the Bible is bent toward inclusiveness."

The practice of inclusion, even in defiance of social convention, the reaching out to outcasts, the emphasis on togetherness and community over and against chaos, depravity, indifference—all these biblical values argue for gay marriage. If one is for racial equality and the common nature of humanity, then the values of stability, monogamy and family necessarily follow. Terry Davis is the pastor of First Presbyterian Church in Hartford, Conn., and has been presiding over "holy unions" since 1992. "I'm against promiscuity—love ought to be expressed in committed relationships, not through casual sex, and I think the church should recognize the validity of committed same-sex relationships," he says.

Still, very few Jewish or Christian denominations do officially endorse gay marriage, even in the states where it is legal. The practice varies by region, by church or synagogue, even by cleric. More progressive denominations—the United Church of Christ, for example—have agreed to support gay marriage. Other denominations and dioceses will do "holy union" or "blessing" ceremonies, but shy away from the word "marriage" because it is polit
ically explosive. So the frustrating, semantic question remains: should gay people be married in the same, sacramental sense that straight people are? I would argue that they should. If we are all God's children, made in his likeness and image, then to deny access to any sacrament based on sexuality is exactly the same thing as denying it based on skin color—and no serious (or even semiserious) person would argue that. People get married "for their mutual joy," explains the Rev. Chloe Breyer, executive director of the Interfaith Center in New York, quoting the Episcopal marriage ceremony. That's what religious people do: care for each other in spite of difficulty, she adds. In marriage, couples grow closer to God: "Being with one another in community is how you love God. That's what marriage is about."

More basic than theology, though, is human need. We want, as Abraham did, to grow old surrounded by friends and family and to be buried at last peacefully among them. We want, as Jesus taught, to love one another for our own good—and, not to be too grandiose about it, for the good of the world. We want our children to grow up in stable homes. What happens in the bedroom, really, has nothing to do with any of this. My friend the priest James Martin says his favorite Scripture relating to the question of homosexuality is Psalm 139, a song that praises the beauty and imperfection in all of us and that glorifies God's knowledge of our most secret selves: "I praise you because I am fearfully and wonderfully made." And then he adds that in his heart he believes that if Jesus were alive today, he would reach out especially to the gays and lesbians among us, for "Jesus does not want people to be lonely and sad." Let the priest's prayer be our own.

Due to the high volume of traffic, we have had to temporarily suspend the comments function on this story. We regret the inconvenience, and will have it restored as soon as possible. Thank you for reading. To read feedback, head to NEWSWEEK's Readback blog

With Sarah Ball and Anne Underwood

URL: http://www.newsweek.com/id/172653

© 2008

The New E-spionage Threat

Cover Story April 10, 2008, 5:00PM EST

A BusinessWeek probe of rising attacks on America's most sensitive computer networks uncovers startling security gaps

by Brian Grow, Keith Epstein and Chi-Chu Tschang

The e-mail message addressed to a Booz Allen Hamilton executive was mundane—a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network.

The Pentagon hadn't sent the e-mail at all. Its origin is unknown, but the message traveled through Korea on its way to Booz Allen. Its authors knew enough about the "sender" and "recipient" to craft a message unlikely to arouse suspicion. Had the Booz Allen executive clicked on the attachment, his every keystroke would have been reported back to a mysterious master at the Internet address cybersyndrome.3322.org, which is registered through an obscure company headquartered on the banks of China's Yangtze River.

The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. "It's espionage on a massive scale," says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. "They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands," Croom says. Cyber attackers "are not denying, disrupting, or destroying operations—yet. But that doesn't mean they don't have the capability."

A MONSTER

When the deluge began in 2006, officials scurried to come up with software "patches," "wraps," and other bits of triage. The effort got serious last summer when top military brass discreetly summoned the chief executives or their representatives from the 20 largest U.S. defense contractors to the Pentagon for a "threat briefing." BusinessWeek has learned the U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. And President George W. Bush on Jan. 8 quietly signed an order known as the Cyber Initiative to overhaul U.S. cyber defenses, at an eventual cost in the tens of billions of dollars, and establishing 12 distinct goals, according to people briefed on its contents. One goal in particular illustrates the urgency and scope of the problem: By June all government agencies must cut the number of communication channels, or ports, through which their networks connect to the Internet from more than 4,000 to fewer than 100. On Apr. 8, Homeland Security Dept. Secretary Michael Chertoff called the President's order a cyber security "Manhattan Project."

But many security experts worry the Internet has become too unwieldy to be tamed. New exploits appear every day, each seemingly more sophisticated than the previous one. The Defense Dept., whose Advanced Research Projects Agency (DARPA) developed the Internet in the 1960s, is beginning to think it created a monster. "You don't need an Army, a Navy, an Air Force to beat the U.S.," says General William T. Lord, commander of the Air Force Cyber Command, a unit formed in November, 2006, to upgrade Air Force computer defenses. "You can be a peer force for the price of the PC on my desk." Military officials have long believed that "it's cheaper, and we kill stuff faster, when we use the Internet to enable high-tech warfare," says a top adviser to the U.S. military on the overhaul of its computer security strategy. "Now they're saying, Oh, shit.'"

Adding to Washington's anxiety, current and former U.S. government officials say many of the new attackers are trained professionals backed by foreign governments. "The new breed of threat that has evolved is nation-state-sponsored stuff," says Amit Yoran, a former director of Homeland Security's National Cyber Security Div. Adds one of the nation's most senior military officers: "We've got to figure out how to get at it before our regrets exceed our ability to react."

The military and intelligence communities have alleged that the People's Republic of China is the U.S.'s biggest cyber menace. "In the past year, numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions that appear to have originated within the PRC," reads the Pentagon's annual report to Congress on Chinese military power, released on Mar. 3. The preamble of Bush's Cyber Initiative focuses attention on China as well.

Wang Baodong, a spokesman for the Chinese government at its embassy in Washington, says "anti-China forces" are behind the allegations. Assertions by U.S. officials and others of cyber intrusions sponsored or encouraged by China are unwarranted, he wrote in an Apr. 9 e-mail response to questions from BusinessWeek. "The Chinese government always opposes and forbids any cyber crimes including hacking' that undermine the security of computer networks," says Wang. China itself, he adds, is a victim, "frequently intruded and attacked by hackers from certain countries."

Because the Web allows digital spies and thieves to mask their identities, conceal their physical locations, and bounce malicious code to and fro, it's frequently impossible to pinpoint specific attackers. Network security professionals call this digital masquerade ball "the at
tribution problem."

A CREDIBLE MESSAGE

In written responses to questions from BusinessWeek, officials in the office of National Intelligence Director J. Michael McConnell, a leading proponent of boosting government cyber security, would not comment "on specific code-word programs" such as Byzantine Foothold, nor on "specific intrusions or possible victims." But the department says that "computer intrusions have been successful against a wide range of government and corporate networks across the critical infrastructure and defense industrial base." The White House declined to address the contents of the Cyber Initiative, citing its classified nature.

The e-mail aimed at Booz Allen, obtained by BusinessWeek and traced back to an Internet address in China, paints a vivid picture of the alarming new capabilities of America's cyber enemies. On Sept. 5, 2007, at 08:22:21 Eastern time, an e-mail message appeared to be sent to John F. "Jack" Mulhern, vice-president for international military assistance programs at Booz Allen. In the high-tech world of weapons sales, Mulhern's specialty, the e-mail looked authentic enough. "Integrate U.S., Russian, and Indian weapons and avionics," the e-mail noted, describing the Indian government's expectations for its fighter jets. "Source code given to India for indigenous computer upgrade capability." Such lingo could easily be understood by Mulhern. The 62-year-old former U.S. Naval officer and 33-year veteran of Booz Allen's military consulting business is an expert in helping to sell U.S. weapons to foreign governments.

The e-mail was more convincing because of its apparent sender: Stephen J. Moree, a civilian who works for a group that reports to the office of Air Force Secretary Michael W. Wynne. Among its duties, Moree's unit evaluates the security of selling U.S. military aircraft to other countries. There would be little reason to suspect anything seriously amiss in Moree's passing along the highly technical document with "India MRCA Request for Proposal" in the subject line. The Indian government had just released the request a week earlier, on Aug. 28, and the language in the e-mail closely tracked the request. Making the message appear more credible still: It referred to upcoming Air Force communiqués and a "Teaming Meeting" to discuss the deal.

But the missive from Moree to Jack Mulhern was a fake. An analysis of the e-mail's path and attachment, conducted for BusinessWeek by three cyber security specialists, shows it was sent by an unknown attacker, bounced through an Internet address in South Korea, was relayed through a Yahoo! (YHOO) server in New York, and finally made its way toward Mulhern's Booz Allen in-box. The analysis also shows the code—known as "malware," for malicious software—tracks keystrokes on the computers of people who open it. A separate program disables security measures such as password protection on Microsoft (MSFT) Access database files, a program often used by large organizations such as the U.S. defense industry to manage big batches of data.

AN E-MAIL'S JOURNEY

While hardly the most sophisticated technique used by electronic thieves these days, "if you have any kind of sensitive documents on Access databases, this [code] is getting in there and getting them out," says a senior executive at a leading cyber security firm that analyzed the e-mail. (The person requested anonymity because his firm provides security consulting to U.S. military departments, defense contractors, and financial institutions.) Commercial computer security firms have dubbed the malicious code "Poison Ivy."

But the malware attached to the fake Air Force e-mail has a more devious—and worrisome—capability. Known as a remote administration tool, or RAT, it gives the attacker control over the "host" PC, capturing screen shots and perusing files. It lurks in the background of Microsoft Internet Explorer browsers while users surf the Web. Then it phones home to its "master" at an Internet address currently registered under the name cybersyndrome.3322.org.

The digital trail to cybersyndrome.3322.org, followed by analysts at BusinessWeek's request, leads to one of China's largest free domain-name-registration and e-mail services. Called 3322.org, it is registered to a company called Bentium in the city of Changzhou, an industry hub outside Shanghai. A range of security experts say that 3322.org provides names for computers and servers that act as the command and control centers for more than 10,000 pieces of malicious code launched at government and corporate networks in recent years. Many of those PCs are in China; the rest could be anywhere.

The founder of 3322.org, a 37-year-old technology entrepreneur named Peng Yong, says his company merely allows users to register domain names. "As for what our users do, we cannot completely control it," says Peng. The bottom line: If Poison Ivy infected Jack Mulhern's computer at Booz Allen, any secrets inside could be seen in China. And if it spread to other computers, as malware often does, the infection opens windows on potentially sensitive information there, too.

It's not clear whether Mulhern received the e-mail, but the address was accurate. Informed by BusinessWeek on Mar. 20 of the fake message, Booz Allen spokesman George Farrar says the company launched a search to find it. As of Apr. 9, says Farrar, the company had not discovered the e-mail or Poison Ivy in Booz Allen's networks. Farrar says Booz Allen computer security executives examined the PCs of Mulhern and an assistant who received his e-mail. "We take this very seriously," says Farrar. (Mulhern, who retired in March, did not respond to e-mailed requests for comment and declined a request, through Booz Allen, for an interview.)

Air Force officials referred requests for comment to U.S. Defense Secretary Robert M. Gates' office. In an e-mailed response to BusinessWeek, Gates' office acknowledges being the target of cyber attacks from "a variety of state and non-state-sponsored organizations to gain unauthorized access to, or otherwise degrade, [Defense Dept.] information systems." But the Pentagon declined to discuss the attempted Booz Allen break-in. The Air Force, meanwhile, would not make Stephen Moree available for comment.

The bogus e-mail, however, seemed to cause a stir inside the Air Force, correspondence reviewed by BusinessWeek shows. On Sept. 4, defense analyst James Mulvenon also received the message with Moree and Mulhern's names on it. Security experts believe Mulvenon's e-mail address was secretly included in the "blind copy" line of a version of the message. Mulvenon is director of the Center for Intelligence Research & Analysis and a leading consultant to U.S. defense and intelligence agencies on China's military and cyber strategy. He maintains an Excel spreadsheet of suspect e-mails, malicious code, and hacker groups and passes them along to the authorities. Suspicious of the note when he received it, Mulvenon replied to Moree the next day. Was the e-mail "India spam?" Mulvenon asked.

"I apologize—this e-mail was sent in error—please delete," Moree responded a few hours later.

"No worries," typed Mulvenon. "I have been getting a lot of trojaned Access databases from China lately and just wanted to make sure."

"Interesting—our network folks are looking into some kind of malicious intent behind this e-mail snafu," w
rote Moree. Neither the Air Force nor the Defense Dept. would confirm to BusinessWeek whether an investigation was conducted. A Pentagon spokesman says that its procedure is to refer attacks to law enforcement or counterintelligence agencies. He would not disclose which, if any, is investigating the Air Force e-mail.

DIGITAL INTRUDERS

By itself, the bid to steal digital secrets from Booz Allen might not be deeply troubling. But Poison Ivy is part of a new type of digital intruder rendering traditional defenses—firewalls and updated antivirus software—virtually useless. Sophisticated hackers, say Pentagon officials, are developing new ways to creep into computer networks sometimes before those vulnerabilities are known. "The offense has a big advantage over the defense right now," says Colonel Ward E. Heinke, director of the Air Force Network Operations Center at Barksdale Air Force Base. Only 11 of the top 34 antivirus software programs identified Poison Ivy when it was first tested on behalf of BusinessWeek in February. Malware-sniffing software from several top security firms found "no virus" in the India fighter-jet e-mail, the analysis showed.

Over the past two years thousands of highly customized e-mails akin to Stephen Moree's have landed in the laptops and PCs of U.S. government workers and defense contracting executives. According to sources familiar with the matter, the attacks targeted sensitive information on the networks of at least seven agencies—the Defense, State, Energy, Commerce, Health & Human Services, Agriculture, and Treasury departments—and also defense contractors Boeing (BA), Lockheed Martin, General Electric (GE), Raytheon (RTW), and General Dynamics (GD), say current and former government network security experts. Laura Keehner, a spokeswoman for the Homeland Security Dept., which coordinates protection of government computers, declined to comment on specific intrusions. In written responses to questions from BusinessWeek, Keehner says: "We are aware of and have defended against malicious cyber activity directed at the U.S. Government over the past few years. We take these threats seriously and continue to remain concerned that this activity is growing more sophisticated, more targeted, and more prevalent." Spokesmen for Lockheed Martin, Boeing, Raytheon, General Dynamics, and General Electric declined to comment. Several cited policies of not discussing security-related matters.

The rash of computer infections is the subject of Byzantine Foothold, the classified operation designed to root out the perpetrators and protect systems in the future, according to three people familiar with the matter. In some cases, the government's own cyber security experts are engaged in "hack-backs"—following the malicious code to peer into the hackers' own computer systems. BusinessWeek has learned that a classified document called an intelligence community assessment, or ICA, details the Byzantine intrusions and assigns each a unique Byzantine-related name. The ICA has circulated in recent months among selected officials at U.S. intelligence agencies, the Pentagon, and cyber security consultants acting as outside reviewers. Until December, details of the ICA's contents had not even been shared with congressional intelligence committees.

Now, Senate Intelligence Committee Chairman John D. Rockefeller (D-W. Va.) is said to be discreetly informing fellow senators of the Byzantine operation, in part to win their support for needed appropriations, many of which are part of classified "black" budgets kept off official government books. Rockefeller declined to comment. In January a Senate Intelligence Committee staffer urged his boss, Missouri Republican Christopher "Kit" Bond, the committee's vice-chairman, to supplement closed-door testimony and classified documents with a viewing of the movie Die Hard 4 on a flight the senator made to New Zealand. In the film, cyber terrorists breach FBI networks, purloin financial data, and bring car traffic to a halt in Washington. Hollywood, says Bond, doesn't exaggerate as much as people might think. "I can't discuss classified matters," he cautions. "But the movie illustrates the potential impact of a cyber conflict. Except for a few things, let me just tell you: It's credible."

"Phishing," one technique used in many attacks, allows cyber spies to steal information by posing as a trustworthy entity in an online communication. The term was coined in the mid-1990s when hackers began "fishing" for information (and tweaked the spelling). The e-mail attacks on government agencies and defense contractors, called "spear-phish" because they target specific individuals, are the Web version of laser-guided missiles. Spear-phish creators gather information about people's jobs and social networks, often from publicly available information and data stolen from other infected computers, and then trick them into opening an e-mail.

DEVIOUS SCRIPT

Spear-phish tap into a cyber espionage tactic that security experts call "Net reconnaissance." In the attempted attack on Booz Allen, attackers had plenty of information about Moree: his full name, title (Northeast Asia Branch Chief), job responsibilities, and e-mail address. Net reconnaissance can be surprisingly simple, often starting with a Google (GOOG) search. (A lookup of the Air Force's Pentagon e-mail address on Apr. 9, for instance, retrieved 8,680 e-mail addresses for current or former Air Force personnel and departments.) The information is woven into a fake e-mail with a link to an infected Web site or containing an attached document. All attackers have to do is hit their send button. Once the e-mail is opened, intruders are automatically ushered inside the walled perimeter of computer networks—and malicious code such as Poison Ivy can take over.

By mid-2007 analysts at the National Security Agency began to discern a pattern: personalized e-mails with corrupted attachments such as PowerPoint presentations, Word documents, and Access database files had been turning up on computers connected to the networks of numerous agencies and defense contractors.

A previously undisclosed breach in the autumn of 2005 at the American Enterprise Institute—a conservative think tank whose former officials and corporate executive board members are closely connected to the Bush Administration—proved so nettlesome that the White House shut off aides' access to the Web site for more than six months, says a cyber security specialist familiar with the incident. The Defense Dept. shut the door for even longer. Computer security investigators, one of whom spoke with BusinessWeek, identified the culprit: a few lines of Java script buried in AEI's home page, www.aei.org, that activated as soon as someone visited the site. The script secretly redirected the user's computer to another server that attempted to load malware. The malware, in turn, sent information from the visitor's hard drive to a server in China. But the security specialist says cyber sleuths couldn't get rid of the intruder. After each deletion, the furtive code would
reappear. AEI says otherwise—except for a brief accidental recurrence caused by its own network personnel in August, 2007, the devious Java script did not return and was not difficult to eradicate.

The government has yet to disclose the breaches related to Byzantine Foothold. BusinessWeek has learned that intruders managed to worm into the State Dept.'s highly sensitive Bureau of Intelligence & Research, a key channel between the work of intelligence agencies and the rest of the government. The breach posed a risk to CIA operatives in embassies around the globe, say several network security specialists familiar with the effort to cope with what became seen as an internal crisis. Teams worked around-the-clock in search of malware, they say, calling the White House regularly with updates.

The attack began in May, 2006, when an unwitting employee in the State Dept.'s East Asia Pacific region clicked on an attachment in a seemingly authentic e-mail. Malicious code was embedded in the Word document, a congressional speech, and opened a Trojan "back door" for the code's creators to peer inside the State Dept.'s innermost networks. Soon, cyber security engineers began spotting more intrusions in State Dept. computers across the globe. The malware took advantage of previously unknown vulnerabilities in the Microsoft operating system. Unable to develop a patch quickly enough, engineers watched helplessly as streams of State Dept. data slipped through the back door and into the Internet ether. Although they were unable to fix the vulnerability, specialists came up with a temporary scheme to block further infections. They also yanked connections to the Internet.

One member of the emergency team summoned to the scene recalls that each time cyber security professionals thought they had eliminated the source of a "beacon" reporting back to its master, another popped up. He compared the effort to the arcade game Whack-A-Mole. The State Dept. says it eradicated the infection, but only after sanitizing scores of infected computers and servers and changing passwords. Microsoft's own patch, meanwhile, was not deployed until August, 2006, three months after the infection. A Microsoft spokeswoman declined to comment on the episode, but said: "Microsoft has, for several years, taken a comprehensive approach to help protect people online."

There is little doubt among senior U.S. officials about where the trail of the recent wave of attacks leads. "The Byzantine series tracks back to China," says Air Force Colonel Heinke. More than a dozen current and former U.S. military, cyber security, and intelligence officials interviewed by BusinessWeek say China is the biggest emerging adversary—and not just clubs of rogue or enterprising hackers who happen to be Chinese. O. Sami Saydjari, a former National Security Agency executive and now president of computer security firm Cyber Defense Agency, says the Chinese People's Liberation Army, one of the world's largest military forces, with an annual budget of $57 billion, has "tens of thousands" of trainees launching attacks on U.S. computer networks. Those figures could not be independently confirmed by BusinessWeek. Other experts provide lower estimates and note that even one hacker can do a lot of damage. Says Saydjari: "We have to look at this as equivalent to the launch of a Chinese Sputnik." China vigorously disputes the spying allegation and says its military posture is purely defensive.

Hints of the perils perceived within America's corridors of power have been slipping out in recent months. In Feb. 27 testimony before the U.S. Senate Armed Services Committee, National Intelligence Director McConnell echoed the view that the threat comes from China. He told Congress he worries less about people capturing information than altering it. "If someone has the ability to enter information in systems, they can destroy data. And the destroyed data could be something like money supply, electric-power distribution, transportation sequencing, and that sort of thing." His conclusion: "The federal government is not well-protected and the private sector is not well-protected."

Worries about China-sponsored Internet attacks spread last year to Germany, France, and Britain. British domestic intelligence agency MI5 had seen enough evidence of intrusion and theft of corporate secrets by allegedly state-sponsored Chinese hackers by November, 2007, that the agency's director general, Jonathan Evans, sent an unusual letter of warning to 300 corporations, accounting firms, and law firms—and a list of network security specialists to help block computer intrusions. Some recipients of the MI5 letter hired Peter Yapp, a leading security consultant with London-based Control Risks. "People treat this like it's just another hacker story, and it is almost unbelievable," says Yapp. "There's a James Bond element to it. Too many people think, It's not going to happen to me.' But it has."

Identifying the thieves slipping their malware through the digital gates can be tricky. Some computer security specialists doubt China's government is involved in cyber attacks on U.S. defense targets. Peter Sommer, an information systems security specialist at the London School of Economics who helps companies secure networks, says: "I suspect if it's an official part of the Chinese government, you wouldn't be spotting it."

A range of attacks in the past two years on U.S. and foreign government entities, defense contractors, and corporate networks have been traced to Internet addresses registered through Chinese domain name services such as 3322.org, run by Peng Yong. In late March, BusinessWeek interviewed Peng in an apartment on the 14th floor of the gray-tiled residential building that houses the five-person office for 3322.org in Changzhou. Peng says he started 3322.org in 2001 with $14,000 of his own money so the growing ranks of China's Net surfers could register Web sites and distribute data. "We felt that this business would be very popular, especially as broadband, fiber-optic cables, [data transmission technology] ADSL, these ways of getting on the Internet took off," says Peng (translated by BusinessWeek from Mandarin), who drives a black Lexus IS300 bought last year.

His 3322.org has indeed become a hit. Peng says the service has registered more than 1 million domain names, charging $14 per year for "top-level" names ending in .com, .org, or .net. But cyber security experts and the Homeland Security Dept.'s U.S. Computer Emergency Readiness Team (CERT) say that 3322.org is a hit with another group: hackers. That's because 3322.org and five sister sites controlled by Peng are dynamic DNS providers. Like an Internet phone book, dynamic DNS assigns names for the digits that mark a computer's location on the Web. For example, 3322.org is the registrar for the name cybersyndrome.3322.org at Internet address 61.234.4.28, the China-based computer that was contacted by the malicious code in the attempted Booz Allen attack, according to analyses reviewed by BusinessWeek. "Hackers started using sites like 3322.org so that the malware phones home to the specific name. The reason? It is relatively difficult to have [Internet addresses] taken down in China," says Maarten van Horenbeeck, a Belgium-based intrusion analyst for the SANS Internet Storm Center, a cyber threat monitoring group.

TARGET: PRIVATE SECTOR

Peng's 3322.org and sister sites have become a source of concern to the U.S. government and private firms. Cyber security firm Team Cymru sent a confidential report, reviewed by BusinessWeek, to clients on Mar. 7 that illustrates how 3322.org has enabled many recent attacks. In early March, the report says, Team Cymru received "a spoofed e-mail message from a U.S. military entity, and the PowerPoint attachm
ent had a malware widget embedded in it." The e-mail was a spear-phish. The computer that controlled the malicious code in the PowerPoint? Cybersyndrome.3322.org—the same China-registered computer in the attempted attack on Booz Allen. Although the cybersyndrome Internet address may not be located in China, the top five computers communicating directly with it were—and four were registered with a large state-owned Internet service provider, according to the report.

A person familiar with Team Cymru's research says the company has 10,710 distinct malware samples that communicate to masters registered through 3322.org. Other groups reporting attacks from computers hosted by 3322.org include activist group Students for a Free Tibet, the European Parliament, and U.S. Bancorp (USB), according to security reports. Team Cymru declined to comment. The U.S. government has pinpointed Peng's services as a problem, too. In a Nov. 28, 2007, confidential report from Homeland Security's U.S. CERT obtained by BusinessWeek,

"Cyber Incidents Suspected of Impacting Private Sector Networks," the federal cyber watchdog warned U.S. corporate information technology staff to update security software to block Internet traffic from a dozen Web addresses after spear-phishing attacks. "The level of sophistication and scope of these cyber security incidents indicates they are coordinated and targeted at private-sector systems," says the report. Among the sites named: Peng's 3322.org, as well as his 8800.org, 9966.org, and 8866.org. Homeland Security and U.S. CERT declined to discuss the report.

Peng says he has no idea hackers are using his service to send and control malicious code. "Are there a lot?" he says when asked why so many hackers use 3322.org. He says his business is not responsible for cyber attacks on U.S. computers. "It's like we have paved a road and what sort of car [users] drive on it is their own business," says Peng, who adds that he spends most of his time these days developing Internet telephony for his new software firm, Bitcomm Software Tech Co. Peng says he was not aware that several of his Web sites and Internet addresses registered through them were named in the U.S. CERT report. On Apr. 7, he said he planned to shut the sites down and contact the U.S. agency. Asked by BusinessWeek to check his database for the person who registered the computer at the domain name cybersyndrome.3322.org, Peng says it is registered to Gansu Railway Communications, a regional telecom subsidiary of China's Railways Ministry. Peng declined to provide the name of the registrant, citing a confidentiality agreement. "You can go through the police to find out the user information," says Peng.

U.S. cyber security experts say it's doubtful that the Chinese government would allow the high volume of attacks on U.S. entities from China-based computers if it didn't want them to happen. "China has one of the best-controlled Internets in the world. Anything that happens on their Internet requires permission," says Cyber Defense Group's Saydjari. The Chinese government spokesman declined to answer specific questions from BusinessWeek about 3322.org.

But Peng says he can do little if hackers exploit his goodwill—and there hasn't been much incentive from the Chinese government for him to get tough. "Normally, we take care of these problems by shutting them down," says Peng. "Because our laws do not have an extremely clear method to handle this problem, sometimes we are helpless to stop their services." And so, it seems thus far, is the U.S. government.

Grow is a correspondent in BusinessWeek's Atlanta bureau . Epstein is a correspondent in BusinessWeek's Washington bureau. Tschang is a correspondent in BusinessWeek's Beijing bureau.

Even more astute moves from Congress

Spy Act Only Protects Vendors and Their DRM

By Ed Foster
April 24, 2007

Here we go again. Congress has decided it needs to protect us from spyware, but - surprise, surprise - the bill they are most seriously considering actually offers no help in that regard. What's worse, the bill seems designed to make it harder for you to legally go after those who spy on you, particularly if they are doing so to determine if you're authorized to use a software product.

Last week a subcommittee of the House Committee on Energy and Commerce approved H.R. 964, the Spy Act, which bans some of the more blatant forms of spyware such as those that hijack computer or log keystrokes. The bill now goes to the full committee for approval, and it's expected to move quickly as it has strong bipartisan support.

But why? There are already plenty of federal and state laws regarding computer fraud, trespass, and deceptive trade practices that make spyware illegal. The existing laws have been sufficient to allow the FTC and/or state attorneys general to even successfully go after some of the nastier adware companies like Direct Revenue and Zango/180 Solutions. So what is the purpose of this law?

A clue can be found in the Limitations section of the Act, which features this rather broad exception:

Exception Relating to Security- Nothing in this Act shall apply to--

(1) any monitoring of, or interaction with, a subscriber's Internet or other network connection or service, or a protected computer, by a telecommunications carrier, cable operator, computer hardware or software provider, or provider of information service or interactive computer service, to the extent that such monitoring or interaction is for network or computer security purposes, diagnostics, technical support, or repair, or for the detection or prevention of fraudulent activities; or

(2) a discrete interaction with a protected computer by a provider of computer software solely to determine whether the user of the computer is authorized to use such software, that occurs upon -- (A) initialization of the software; or (B) an affirmative request by the owner or authorized user for an update of, addition to, or technical service for, the software.

In other words, it's perfectly OK for basically any vendor you do business with, or maybe thinks you do business with them for that matter, to use any of the deceptive practices the bill prohibits to load spyware on your computer. The company doesn't have to give you notice and it can collect whatever information it thinks necessary to make sure there's no funny business going on. And by the way, another exception provision specifically protects computer manufacturers from any liability for spyware they load on your computer before they send it to you. Of course, the exception for software companies checking to make sure you're an authorized user is the strongest evidence of what this bill is all about. After all, in terms of function, there's not much difference between spyware and DRM. Too bad for Sony this bill wasn't already the law when its rootkit-infected CDs came to light.

Another disturbing aspect of the bill is its enforcement provisions. The bill very specifically pre-empts all state laws that regulate "unfair or deceptive conduct" similar to that covered by the Spy Act. Now, the state spyware laws are pretty useless anyway, so that may not seem like a big problem. But the bill vests all enforcement power in the FTC and says that "no person other than the Attorney General of a State may bring a civil action" under the law. Private rights of action under state consumer protection laws are eliminated. So if you're victimized by a spyware-like deception and want to sue the perpetrator, you've got to talk the FTC or your state attorney general into taking up your case.

Let's sum up. If the Spy Act become law, hardware, software, and network vendors will be granted carte blanche to use spyware themselves to police their customers' use of their products and services. Incredibly broad exceptions will probably allow even the worst of the adware outfits to operate with legal cover. State attempts to deal with the spyware problem will be pre-empted and enforcement left up almost entirely to the FTC. Gee, what's not to like in that deal?

If Congress' approach on this sounds vaguely familiar, it should. It's basically the same formula Congress adopted four years to deal with spam. As we know, the dreadful Can Spam Act of 2003 proved to be the "Yes, You Can Spam Act." If wiser heads in Congress don't prevail - and who knows if there are any - I fear the Spy Act of 2007 will just prove to be the "Vendors Can Spy Act."

About Time

Yahoo! News

Senate limits Gonzales' hiring authority

By PETE YOST and LARA JAKES JORDAN, Associated Press Writers 13 minutes ago

The Senate voted overwhelmingly Thursday to end the Bush administration's ability to unilaterally fill U.S. attorney vacancies as a backlash to Attorney General Alberto Gonzales' firing of eight federal prosecutors.

Amid calls from lawmakers in both parties to resign, Gonzales got a morale boost with an early-morning call from President Bush, their first conversation since a week ago, when the president said he was unhappy with how the Justice Department handled the firings.

With a 94-2 vote, the Senate passed a bill that canceled a Justice Department-authored provision in the Patriot Act that had allowed the attorney general to appoint U.S. attorneys without Senate confirmation. Democrats say the Bush administration abused that authority when it fired the eight prosecutors and proposed replacing some with White House loyalists.

"If you politicize the prosecutors, you politicize everybody in the whole chain of law enforcement," said Judiciary Committee Chairman Patrick Leahy, D-Vt.

The bill, which has yet to be considered in the House, would set a 120-day deadline for the administration to appoint an interim prosecutor. If the interim appointment is not confirmed by the Senate in that time, a permanent replacement would be named by a federal district judge.

The vote came as Gonzales and the White House braced for more fallout from the firings. The White House also denied reports that it was looking for possible successors for Gonzales. "Those rumors are untrue," White House deputy press secretary Dana Perino said.

Bush called Gonzales from the Oval Office at 7:15 a.m. EDT and they spoke for several minutes about the political uproar over the firings of eight U.S. attorneys, an issue that has thrust the attorney general into controversy and raised questions about whether he can survive. The White House disclosed Bush's call to bolster Gonzales and attempt to rally Republicans to support him.

Meeting later with reporters, White House press secretary Tony Snow characterized Bush's call to the attorney general as "a very strong vote of confidence."

Snow said Bush believes the firings were justified.

"Let me put it this way: Nobody was removed for reasons of partisan recrimination; nor was anybody removed for the purposes of trying to influence the course of ongoing investigations," Snow said.

He called reports that Bush was seeking a replacement for Gonzales "just flat false, period."

Former House Republican Leader Tom DeLay had said earlier Tuesday that the scandal "is just a taste of what's going to be like for the next two years."

"And the Bush administration sort of showed their weakness when they got rid of Don Rumsfeld," the Texan said on NBC's "Today" show. "... This is a made up scandal. There is no evidence of wrongdoing whatsoever. ... They ought to be fighting back."

Bush's call came as congressional investigators sifted through 3,000-pages of e-mails and other material concerning the dismissal of the prosecutors. Some of the documents spelled out fears in the Bush administration that the dismissals of eight U.S. attorneys might not stand up to scrutiny.

The documents were not the end of the inquiry. House and Senate panels later in the week expected to approve subpoenas to White House aides Karl Rove, former counsel Harriet Miers and others. Miers' successor, Fred Fielding, was to tell the Judiciary Committees later Tuesday whether and under what conditions Bush would allow the officials to testify.

But the documents told more of the story of the run-up to the firings and the administration's attempt to choreograph them to reduce the bloodletting. It didn't work out that way -- the prosecutors were shocked and angered by the dismissals, the lack of explanation from the Justice Department and news reports that the administration fired the eight for performance reasons.

The documents that Congress will focus on in the coming days show that Gonzales was unhappy with how Deputy Attorney General Paul McNulty explained the firings to the Senate Judiciary Committee in early February.

"The Attorney General is extremely upset with the stories on the US Attys this morning," Justice spokesman Brian Roehrkasse, who was traveling with Gonzales in South America at the time, wrote in a Feb. 7 e-mail. "He also thought some of the DAG's statements were inaccurate."

In a statement Monday night, Roehrkasse said he was referring to Gonzales' concerns over the firing of Bud Cummins in Little Rock, who he believed was dismissed because of performance issues. At the hearing, McNulty indicated Cummins was being replaced by a political ally.

Neither of the two most senior Republicans on the Senate Judiciary Committee are stepping forward to endorse Gonzales, but likewise are not calling for his ouster. Sen. Arlen Specter of Pennsylvania said he will reserve judgment until he gets all the facts. Sen. Orrin Hatch of Utah has not given interviews on the subject, his spokesman said.

Speculation has abounded over who might succeed Gonzales if he doesn't survive the current political tumult. Possible candidates include White House homeland security adviser Frances Fragos Townsend, Homeland Security Secretary Michael Chertoff, former Solicitor General Ted Olson, Assistant Attorney General Kenneth Wainstein, federal appeals judge Laurence Silberman and PepsiCo attorney Larry Thompson, who was the government's highest ranking black law enforcement official when he was deputy attorney general during Bush's first term.

___

On the Net:

House Judiciary Committee: http://judiciary.house.gov

Make way for copyright chaos

From New York Times http://www.nytimes.com/2007/03/18/opinion/18lessig.html?ex=1331870400&en=5a2a6ea9bc52f3fc&ei=5124&partner=permalink&exprod=permalink

 

March 18, 2007

Op-Ed Contributor

Make Way for Copyright Chaos

By LAWRENCE LESSIG

Berlin

LAST week, Viacom asked a federal court to order the video-sharing service YouTube to pay it more than $1 billion in damages for some 150,000 videos that Viacom claims it owns and YouTube users have shared. "YouTube," the complaint alleges, "has harnessed technology to willfully infringe copyrights on a huge scale," threatening not just Viacom, but "the economic underpinnings of one of the most important sectors of the United States economy."

Yet as federal courts get started on this multiyear litigation about the legality of a business model, we should not forget one prominent actor in this drama largely responsible for the eagerness with which business disputes get thrown to the courts: the Supreme Court.

For most of the history of copyright law, it was Congress that was at the center of copyright policy making. As the Supreme Court explained in its 1984 Sony Betamax decision, the Constitution makes plain that "it is Congress that has been assigned the task of defining the scope of the limited monopoly," or copyright. It has thus been "Congress that has fashioned the new rules that new technology made necessary." The court explained that "sound policy, as well as history, supports our consistent deference to Congress when major technological innovations alter the market for copyrighted materials." In the view of the court in Sony, if you don't like how new technologies affect copyright, take your problem to Congress.

The court reaffirmed this principle of deference in 2003, even when the question at stake was a constitutional challenge to Congress's extension of copyright by 20 years. Challenges are evaluated "against the backdrop of Congress's previous exercises of its authority under the Copyright Clause" of the Constitution, it wrote. Congress's practice -- not simply the Constitution's text, or its original understanding -- thus determined the Constitution's meaning.

These cases together signaled a very strong and sensible policy: The complex balance of interests within any copyright statute are best struck by Congress.

But 20 months ago, the Supreme Court reversed this wise policy of deference. Drawing upon common law-like power, the court expanded the Copyright Act in the Grokster case to cover a form of liability it had never before recognized in the context of copyright -- the wrong of providing technology that induces copyright infringement. It announced this new form of liability even though at precisely the same time Congress was holding hearings about whether to amend the Copyright Act to create the same liability.

The Grokster case thus sent a clear message to lawyers everywhere: You get two bites at the copyright policy-making apple, one in Congress and one in the courts. But in Congress, you need hundreds of votes. In the courts, you need just five.

Viacom has now accepted this invitation from the Supreme Court. The core of its case centers on the "safe harbor" provision of the 1998 Digital Millennium Copyright Act. The provision, a compromise among a wide range of interests, was intended to protect copyright owners while making it possible for Internet businesses to avoid crippling copyright liability. As applied to YouTube, the provision immunizes the company from liability for material posted by its users, so long as it takes steps to remove infringing material soon after it is notified by the copyright owner.

The content industry was a big supporter of the Digital Millennium Copyright Act in 1998. Viacom is apparently less of a supporter today. It complains that YouTube has not done enough "to take reasonable precautions to deter the rampant infringement on its site." Instead, the Viacom argument goes, YouTube has shifted the burden of monitoring that infringement onto the victim of that infringement -- namely, Viacom.

But it wasn't YouTube that engineered this shift. It was the Digital Millennium Copyright Act. As the statute plainly states, a provider (like YouTube) need not monitor its service or affirmatively seek facts indicating infringing activity. That burden, instead, rests on the copyright owner. In exchange, the law gives the copyright owner the benefit of an expedited procedure to identify and remove infringing material from a Web site. The provision was thus a deal, created to balance conflicting interests in light of the technology of the time.

Whether or not that balance made sense in 1998, Viacom believes it no longer makes sense today. Long ago, Justice Hugo Black argued that it was not up to the Supreme Court to keep the Constitution "in tune with the times." And it is here that the cupidity of the court begins to matter. For by setting the precedent that the court is as entitled to keep the Copyright Act "in tune with the times" as Congress, it has created an incentive for companies like Viacom, no longer satisfied with a statute, to turn to the courts to get the law updated. Congress, of course, is perfectly capable of changing or removing the safe harbor provision to meet Viacom's liking. But Viacom recognizes there's no political support for the change it wants. It thus turns to a policy maker that doesn't need political support -- the Supreme Court.

The conservatives on the Supreme Court have long warned about just this dynamic. And while I remain a skeptic about deferring to Congress on constitutional matters, this case is a powerful lesson about the costs of judicial policy making in an area as complex as copyright. The Internet will now face years of uncertainty before this fundamental question about the meaning of a decade-old legislative deal gets resolved.

No doubt the justices are clever, maybe even more clever than Congress. But however clever, it's hard to believe that their input is worth the millions in economic value that will be wasted long before they announce their decision.

Lawrence Lessig, a professor of law at Stanford, is a fellow at the American Academy, Berlin.

ACTION: Write to Congress in support of federal shield laws for journalists

Note: I know this is an old article but it's a good representation of where we are going to as a country. It saddens me that we're in the same boat as other countries where human rights are in constant danger.


From: http://judithmiller.org/howtohelp/index.php and http://www.pen.org/page.php/prmID/930

July 1, 2005 -- The Supreme Court's recent refusal to review the convictions of journalists Judith Miller and Matthew Cooper means that Miller and Cooper may soon be ordered to serve jail time. And they may not be alone: The day after the Supreme Court announced it would not hear that Miller's and Cooper's case, contempt orders against four reporters in a civil suit brought by scientist Wen Ho Lee were upheld by a federal court in Washington D.C., meaning that the United States could soon have six journalists in prison for refusing to disclose confidential sources.

PEN strongly supports legislation now pending in the U.S. Congress to extend to journalists at the federal level the same protections they enjoy under laws effective in 49 states and the District of Columbia. These state "shield laws" 1) ensure that journalists can honor assurances of confidentiality for sources; and 2) define the circumstances under which law enforcement, prosecutors, and others may compel journalists to surrender confidential information or material. These laws work well and have strong support at the state level, both from press advocates and prosecutors: 34 State Attorneys General filed an amicus curiae brief on behalf of Miller and Cooper asking the Supreme Court to hear their case and supporting federal shield protections for journalists. The Free Flow of Information Act of 2005, which is currently before Congress, would protect Miller, Cooper, and other journalists in their position.

The possibility that the United States may soon join a company of nations in which journalists are imprisoned for carrying out their work has set off alarms in the United States and around the world. Eduardo Bertoni, the Special Rapporteur from the Freedom of Expression of the Inter-American Commission on Human Rights, said in a statement released today:

"In furtherance of the public's right to information, it is imperative that journalists retain the right to confidentiality of sources. This concept is supported by Principle 8 of the Declaration of Principles on Freedom of Expression of the IACHR, which asserts, "Every social communicator has the right to keep his/her source of information, notes, personal and professional archives confidential. The right to confidentiality is essential to a journalist's work in performing the important public service of collecting and disseminating information. The threat of legal action against journalists and/or their sources will ultimately produce a chilling effect on news media and will lead to a less informed general public. The Special Rapporteur is concerned that without legal guarantees of a journalist's right to confidentiality, freedom of the press in the United States is at risk."

We need your help today! Please write your U.S. Senators and Representatives today to urge them to pass the Free Flow of Information Act of 2005.

Here We Go Again

They should have called 2014 instead of 1984


Congress to Send Critics to Jail, Says Richard Viguerie

Congress Wants to Blame the Grassroots for Its Own Corruption

MANASSAS, Va., Jan. 16 /PRNewswire-USNewswire/ -- The following is a statement by Richard A. Viguerie, Chairman of GrassrootsFreedom.com, regarding legislation currently being considered by Congress to regulate grassroots communications:

"In what sounds like a comedy sketch from Jon Stewart's Daily Show, but isn't, the U. S. Senate would impose criminal penalties, even jail time, on grassroots causes and citizens who criticize Congress.

"Section 220 of S. 1, the lobbying reform bill currently before the Senate, would require grassroots causes, even bloggers, who communicate to 500 or more members of the public on policy matters, to register and report quarterly to Congress the same as the big K Street lobbyists. Section 220 would amend existing lobbying reporting law by creating the most expansive intrusion on First Amendment rights ever. For the first time in history, critics of Congress will need to register and report with Congress itself.

"The bill would require reporting of 'paid efforts to stimulate grassroots lobbying,' but defines 'paid' merely as communications to 500 or more members of the public, with no other qualifiers.

"On January 9, the Senate passed Amendment 7 to S. 1, to create criminal penalties, including up to one year in jail, if someone 'knowingly and willingly fails to file or report.'

"That amendment was introduced by Senator David Vitter (R-LA). Senator Vitter, however, is now a co-sponsor of Amendment 20 by Senator Robert Bennett (R-UT) to remove Section 220 from the bill. Unless Amendment 20 succeeds, the Senate will have criminalized the exercise of First Amendment rights. We'd be living under totalitarianism, not democracy.

"I started GrassrootsFreedom.com to fight efforts to silence the grassroots. The website provides updates in the legislation and has a petition to sign opposing Section 220.

"Thousands of nonprofit leaders, bloggers, and other citizens have hammered the Senate with calls in opposition to Section 220, which seeks to silence the grassroots. The criminal provisions will scare citizens into silence.

"The legislation regulates small, legitimate nonprofits, bloggers, and individuals, but creates loopholes for corporations, unions, and large membership organizations that would be able to spend literally hundreds of millions of dollars, yet not report.

"Congress is trying to blame the grassroots, which are American citizens engaging in their First Amendment rights, for Washington's internal corruption problems."

CONTACT: Mark Fitzgibbons, +1-703-392-7676 or +1-703-408-3775, for GrassrootsFreedom.com.