Month: September 2013

Another Reason Why the GOP is a Joke

There’s no two ways to put this, the Republican Party (GOP) is dying. Actually, the GOP is already dead, it’s advocates simply don’t know it yet. I think the major turning point for the GOP was when it began to embrace religious fanaticism. We live in a post-Enlightenment world, religion doesn’t count for what it once did, and anybody trying to implement religious laws in the Western world is in for a bad time. Not satisfied with merely adopting religious zealotry, the GOP has also gone out of its way to adopt some of the most ironic politicians. Take Tony Sutton, the former chair of the Minnesota Republican Party. The GOP constantly advertises itself as the party of fiscal responsibility so one can only laugh when the chair of the Minnesota Party files for bankruptcy:

A hard-charging former state Republican Party chairman whose constant refrain to DFLers and even GOP lawmakers was “live within your means” has declared personal bankruptcy, the latest twist in one of the most dramatic political downfalls in recent state history.

At the height of his power, Tony Sutton demanded that Republican legislators oppose all tax increases and keep state spending strictly in line with revenue. Few realized it at the time, but the GOP’s finances under Sutton’s management were a shambles, and the same scenario was playing out in his personal life.

Sutton and his wife, Bridget Sutton, an Inver Grove Heights school board member and former Republican operative, say they owe $2.1 million, including $70,000 of credit card debt, $20,000 in federal student loans, unpaid state and federal taxes, and hundreds of thousands of dollars in unsecured personal loans to cover business expenses. At the time they filed, the Suttons had no life or health insurance.

If this was an isolated incident it wouldn’t be a big deal but it seems GOP politicians are constantly getting caught in situations where they practice what they preach against. There’s no hope for a party when it’s higher ups aren’t ideologically consistent. Any plan that involves the Republican Party should be abandoned and a plan B put into action.

Starting Off Somewhere

I received a comment from Sonia on my post detailing Bruce Schneier’s tips for protecting yourself from the National Security Agency (NSA):

This kind of endeavor only works is everybody does it, otherwise is useless. Also inviting laymen to “learn” reveals how much you underestimate the fact that being a programmer gives you all the mental models you need.

Those people who “learn” will only end up compromising their own security under the impression that they are doing something secure.

Although I addressed these concerns in a reply I wanted to write a post because I feel what I’m about to say is relevant to anybody interested in computer security.

In another comment Sonia mentioned she (I’m assuming Sonia is female based on name, this being the Internet I could be incorrect) is a Ph.D. That being the case, I can see where her views on this subject come from. Oftentimes those of us who have been involved in the computer field for some time fall victim to two issues. First, we develop a form of elitist attitude that causes us to think of ourselves as somehow superior to non-techie people. Second, we forget about the early days when we knew little about computers. I’ve fallen victim to these issues before and I believe Sonia has fallen victim to them in her comment.

She does make a very important point. When you first dive into computer security you’re going to make mistakes. This is a problem all people face when learning something new. Just because you know how to utilize OpenPGP to encrypt your e-mail doesn’t mean you fully grasp underlying concepts such as private key security, the inability to know whether or not a closed system is secure, the value of a proper security audit, or the potential issue of generating keypairs on a system that lacks a true cryptographically secure pseudorandom number generator. All of these things, and more, play a part in OpenPGP and computer security.

You know what? That’s OK. You don’t need to know everything right away. Everybody has to start from the beginning. I didn’t become a computer programmer or system administrator overnight. I wasn’t blessed with the innate knowledge required to operate and manage an OpenBSD system. At one point I had no idea what Postfix was, let alone how to run and maintain a Postfix server. The difference between C and C++ were unknown to me back in the day. All of this knowledge came with due time. I’ve invested years into learning what I now know about computers and will likely invest a lifetime into learning more. When I started to program I made countless amateur mistakes. That didn’t discourage me because I learned from those mistakes. I’m happy to report that I’m still learning from my mistakes today.

Learning how to use the tools necessary to keep yourself safe online isn’t going to happen overnight. You’re going to make mistakes. Those mistakes will compromise your security. But you will learn from those mistakes and you will become more secure because of it.

Computer security isn’t an all-or-nothing thing. Even if you don’t practice proper private key security or generate an easily determinable keypair because your system lacks a secure pseudorandom number generator you’re more secure by using OpenPGP or Off-the-Record Messaging than not. Every encrypted communication requires potential spies to throw time and resources at decrypting it just to find out what’s in it. Simply put, every encrypted communication helps defend everybody’s privacy. As the number of encrypted communications increase potential spies must either prioritize the computing resources available to them or invest other resources into more computing resources.

Julian Assange is Tracking Spyware Contractors

Another weapon we have against the state’s surveillance apparatus is Julian Assange. Mr. Assange, through his Wikileaks project, has provided a platform whistle blowers can use to leak information and remain anonymous. Wikileaks has now announced another project called the Wikileaks Counterintelligence Unit, which will attempt to actively surveil surveillance contractors:

The inaugural release zeroes in on 19 different contractors as they travel visit countries like Bahrain, Kazakhstan, Spain, and Brazil. The location data displays only a time stamp and a country for each entry, but occasionally displays the message, “phone is currently not logged into the network,” indicating the data likely comes from some kind of cell-tracking service. The contractors in question work for Western companies like Gamma International, designer of the infamous FinFisher spyware tool — and as with previous Wikileaks releases marked as “Spy Files,” readers will also find marketing brochures for surveillance products to intercept and monitor web traffic.

I think this is a great idea and needs to be expanded. It would be great if we could eventually do to the surveillance apparatus what it has done to us. Imagine a world where anybody working to spy on us, whether they be private contractors or public National Security Agency (NSA) employees, was being spied on 24/7. Perhaps losing all sense of privacy would be enough to discourage people from working for these bastards.

Protect Yourself from the NSA

As I said, those of us who dwell on the Internet aren’t going to take the NSA and GCHQ’s attack lightly. We have more firepower than they realize and have unleashed one of our best weapons, Bruce Schneier. Mr. Schneier has been working with Mr. Greenwald for the last two weeks and has written a short list of things, based on the information provided by Mr. Snowden, you can do to keep yourself secure online:

1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it’s work for them. The less obvious you are, the safer you are.

2) Encrypt your communications. Use TLS. Use IPsec. Again, while it’s true that the NSA targets encrypted connections – and it may have explicit exploits against these protocols – you’re much better protected than if you communicate in the clear.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t. If you have something really important, use an air gap. Since I started working with the Snowden documents, I bought a new computer that has never been connected to the internet. If I want to transfer a file, I encrypt the file on the secure computer and walk it over to my internet computer, using a USB stick. To decrypt something, I reverse the process. This might not be bulletproof, but it’s pretty good.

4) Be suspicious of commercial encryption software, especially from large vendors. My guess is that most encryption products from large US companies have NSA-friendly back doors, and many foreign ones probably do as well. It’s prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier for the NSA to backdoor than open-source software. Systems relying on master secrets are vulnerable to the NSA, through either legal or more clandestine means.

5) Try to use public-domain encryption that has to be compatible with other implementations. For example, it’s harder for the NSA to backdoor TLS than BitLocker, because any vendor’s TLS has to be compatible with every other vendor’s TLS, while BitLocker only has to be compatible with itself, giving the NSA a lot more freedom to make changes. And because BitLocker is proprietary, it’s far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can.

Mr. Schneier does rightly point out that many Internet users aren’t currently capable of doing all of these things. To those of you who don’t know how to use the above mentioned tools, learn. Information on all of the tools Mr. Scheneier mentioned is freely available online. If you’re still having trouble I’m more than happy to help. Shoot me an e-mail at blog [at] christopherburg [dot] com and I’ll give you as much assistance as I can. Together we can push back against the state’s surveillance apparatus and return the Internet to its original form, a network where those wanting to remain anonymous can do so.

How The NSA and GCHQ Defeat Privacy

Glenn Greenwald has done it again. With the help of Edward Snowden he has been buy leaking many of the National Security Agency’s (NSA) dirty little secrets. Yesterday he dropped another bomb as he laid out the methods used by the NSA and British Government Communications Headquarters (GCHQ) to destroy online privacy:

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

[…]

The files, from both the NSA and GCHQ, were obtained by the Guardian, and the details are being published today in partnership with the New York Times and ProPublica. They reveal:

• A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made “vast amounts” of data collected through internet cable taps newly “exploitable”.

• The NSA spends $250m a year on a program which, among other goals, works with technology companies to “covertly influence” their product designs.

• The secrecy of their capabilities against encryption is closely guarded, with analysts warned: “Do not ask about or speculate on sources or methods.”

• The NSA describes strong decryption programs as the “price of admission for the US to maintain unrestricted access to and use of cyberspace”.

• A GCHQ team has been working to develop ways into encrypted traffic on the “big four” service providers, named as Hotmail, Google, Yahoo and Facebook.

I think the most important thing to note is that, from the information leaked, it doesn’t appear as though the NSA or the GCHQ have actually broken common encryption algorithms. In cryptography terms an encryption algorithm is only broken if an attack finds a method of decrypting data encrypted with that protocol faster than can be done via brute force (guessing every possible decryption key). What the NSA and GCHQ are doing is buying off commercial entities to insert back doors into their security products. Keep this in mind as major media outlets wrongly (as far as we know) begin reporting about how the NSA is able to break all known encryption algorithms.

None of the information in this latest leak surprises me. It’s been apparent for a while that the state’s surveillance apparatus has been relying on a fascist marriage between private and public entities. The game is afoot and the NSA and GCHQ believe they can wage war on the Internet without suffering repercussions. Those of us who dwell may not be as agreeable as they think.

Crowd Sourcing, an Alternative to Copyrights

I seldom talk about video games on this blog because I personally have little time to partake in the hobby anymore. Back in the day I was a gamer and one of the men who had an aptitude for taking my money was Keiji Inafune. If you’re unfamiliar with the name, Mr. Inafune is one of the creator of the video game series MegaMan. MegaMan was, and still is, my favorite game series so it was all but inevitable that Mr. Inafune, after announcing he was planning what looks to be a spiritual successor to the MegaMan series, would take more of my money.

What does this have to do with copyrights? Instead of producing a game and releasing it, Mr. Inafune and his team decided to crowd source funding via Kickstarter (yes, I did throw my money at the project). As long time readers know, I oppose all forms of intellectual property. I cannot justify the use of force needed to maintain monopolies on ideas. Whenever I discuss my opposition to intellectual property I usually meet resistance from individuals concerned about people who make their money via intellectual property laws. Authors, software developers, and game makers would all go broke if copyright laws no longer existed, right? Wrong.

The idea behind copyright laws is that a creative person can create a work, release it to the world, and make money for his or her efforts. Changing that order slightly allows a creative person to make a profit without copyright laws. Crowd sourcing allows a creative person or team to get money up front so they can create a work and release it to the world.

Mr. Inafune and his team are asking for money up front before they begin development. Their goal has been met with a lot of extra money still rolling in. There’s no reason authors or software developers couldn’t do the same thing. Of course this strategy often requires a little priming of the pump. People are unlikely to throw money at a complete unknown so an author, software developer, or game maker would likely have to release some work for free in order to demonstrate their competence. Authors, software developers, and game makers already have to do this so, in the grand scheme of things, nothing would change. Authors often get advances by publishers to write new books but only after writing a book and gaining the interest of the publisher. No publisher is going to give a complete unknown an advance. Software developers have to write their software and release it to the world before they can expect any payment. Game makers, likewise, have to create a game and release it before anybody will give them money for it. Little changes when you move away from copyright laws and rely on up front funding instead.

Intellectual property is dying. The Internet, by offering a venue to share infinitely reproducible copies of intellectual works, has cut intellectual property laws off at the knees. Politicians are scrambling to make more asinine laws to delay the inevitable. People who have relied on intellectual property laws are adapting to new ways of making money. In the end, intellectual property will die an agonizing death but the release of creative works will continue. I believe crowd sourcing is one of the solutions that will allows creative individuals to make money off of their ideas without having to rely on a forcefully protected monopoly.

The “No True Anarchist” Fallacy

I think the most entertaining aspect about anarchism is the fragmentation that exists within the philosophy. Such fragmentation isn’t unusual. No philosophy that I’m aware of has remained united. But anarchism, as a philosophy I personally identify with, is more entertaining to write about than most other philosophies.

There are many heated debates within anarchist communities. My favorite debate at the moment is whether or not anarcho-capitalists are real anarchists. For the sake of transparency I will note that my path to anarchism started in libertarianism and move towards anarcho-capitalism. While I now identify primarily with discordianism, I feel that I’m still marginally qualified to speak on matters involving anarcho-capitalism. With that out of the way, let’s discuss the argument.

The reason this is currently my favorite argument is because it’s quite clear that traditional anarchists, who identify with socialism, don’t like the term anarcho-capitalists and anarcho-capitalists don’t care what traditional anarchists like or don’t like. Traditional anarchists are spending a great deal of their time and energy explaining why anarcho-capitalists aren’t real anarchists and anarcho-capitalists are saying “We don’t care. Have fun with your semantic argument.” If you participate in any online anarchist communities you quickly learn that traditional anarchists have a tendency to isolate themselves from anarcho-capitalists. This isolation has two effects. First, it creates an echo chamber where ideological dissent is crushed. Crushing ideological dissent is the most effective way to ensure your movement never advances. Second, it leaves anarcho-capitalists free to go about their business unfettered. While traditional anarchists are telling anybody who will listen, which is only other traditional anarchists, that anarcho-capitalists aren’t real anarchists, anarcho-capitalists are expanding their philosophy and proselytizing to gain more memebers.

What’s even funnier is the common justification traditional anarchists give for spending so much time declaring anarcho-capitalists heathens. Their reason is that they are trying to prevent the term anarchism from being hijacked. Considering the majority of the world believes anarchism is synonymous with molotov-cocktail-throwing-asshole-who-wants-to-bring-death-and-destruction-down-upon-all I believe it’s accurate to say that the term has already been hijacked. The definition of anarchism used by traditional anarchists is a minority definition compared to the definition used by most people. At this point traditional anarchists can only claim to be trying to reclaim the term. If I were going to reclaim the term anarchism I would start by trying to change the common vernacular definition.

As for me, I don’t care. One of the reasons I identify with discordianism is because it encourages schisms and cabals. You don’t have to worry about philosophical arguments about who is a real discordian because the philosophy itself encourages everybody to define the term however they want. That frees me from worthless semantic arguments and allows to go focus on what I love: promoting the idea of freedom.

Taking Bets

The Committee on Foreign Relations voted to enter the United States into another Middle Eastern war. Syria will become the next Iraq and Afghanistan as the military first move in with cruise missiles and later decided to “stabilize” the region by sending young men and women to die in yet another desert country. The Senate is expected to vote on the matter next week:

A US Senate panel has approved the use of military force in Syria, in response to an alleged chemical weapons attack.

By 10-7, the Committee on Foreign Relations moved the measure to a full Senate vote, expected next week.

Who wants to bet that the Senate will choose Wednesday, 9/11, to vote on the matter? I think it’s a pretty good possibility.

Some Suckers Invited Me to Participate in a Privacy Panel

Through, what I can only assume is, a complete lapse in judgement, I have been invited to participate in a panel discussion on privacy and surveillance later tonight (sorry for the late notice, the Facebook event was only posted last night). For those of you who don’t have access to Facebook the event will occur today, September 4th, at 19:00. The discussion will be held at 4200 Cedar Avenue in Minneapolis, Minnesota.

Although the details I have been given are slim, I do know that the panel discussion will center around the current state of privacy and surveillance. In other words, it should be entertaining. I do promise to bring a notable level of weirdness along with a fair amount of serious business (if you’ve ever heard me speak you know what to expect). Hopefully I’ll see some of you there.