Month: August 2015

Gun Control Is Still Synonymous With Establishing A Surveillance State

Anti-gunners claim gun control is about reducing gun violence (but only non-state gun violence since they still need armed state goons to enforce gun control). To the state it’s really about, and I honestly think anti-gunners are completely ignorant of this, having another excuse to establish a surveillance state. Background checks, for example, are the currently darling child of the gun control movement but implementing them requires allowing the state to collected and store a ton of personal information on every American. Sometimes the surveillance aspect of gun control isn’t so abstract. The Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) has taken surveillance to a new level by placing cameras around Seattle under the guise of finding violators of gun control laws:

The Federal Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) confirmed Thursday that they have placed video cameras throughout Seattle to, according to Special Agent Brian Bennett, “support an ongoing federal criminal investigation.” This comes in response to questions regarding a camera installed on 23rd Avenue and S. Jackson St. The location of other cameras is unclear.

ATF is the lead agency of the Puget Sound Regional Crime Gun Task Force – a partnership to reduce gun violence that includes the Seattle Police Department, Washington State Patrol and the Washington State Department of Corrections.

Gun control isn’t unique in this manner. The state preys on the public’s fear of all crimes and uses that fear to justify surveillance. Whether it’s muggers, rapists, gun runners, murders, or terrorists the solution is always the same: more spying on the people.

Another thing worth noting about this story is that the goal of reducing gun violence has no set goal, which means it can be used to justify leaving these cameras in place forever. When it talks of reducing crime the state never gives concrete cutoffs. It’s a nice way to continue justifying surveillance even when crime has dropped in an area. Any time the state expresses a non-specific goal the people should be concerned because that means it’s justifying a permanent power for itself.

The Dangers Of Centralization

Markets tend to have redundancies. We generally refer to this characteristic as “competition.” When there is demand for a good or service everybody wants a piece of the action so monopolies are almost nonexistent in free markets. Statism, on the other hand, tends towards centralization. Where markets have competitors trying to provide you with the best good or service possible states actively try to push out any competition and establish monopolies.

The problem with centralization is that when a system fails any dependent system necessarily fails along with it. The State Department, which has a monopoly on issuing visas, recently experienced, what it referred to as, a computer glitch that effectively stopped the issuance of any visas:

The State Department says it is working around the clock on a computer problem that’s having widespread impact on travel into the U.S. The glitch has practically shut down the visa application process.

Of the 50,000 visa applications received every day, only a handful of emergency visas are getting issued.

I’m sure this news made the neocons and neoliberals giddy because it meant foreign workers couldn’t enter the country. But this news should give everybody cause for concern because it gives us another glimpse into how fragile statism is. In a free market this kind of failure would be a minor annoyance as another provider would need to be sought out.

Centralization is the antithesis of robustness, which is one reason statism is so dangerous. Under statism a single failure can really hurt millions of people whereas failures in a free market environment tend to be limited in scope and only insomuch as forcing customers to seek alternate providers.

Focus On The Situation, Not The Tool

An anti-gunner walks into a bar, err, a restaurant. He sees somebody there minding their own business. That person happens to be openly carrying a firearm and doesn’t have a badge so the anti-gunner feels the need to write a lengthy piece of hysterical nonsense. I’ll save you most of the crap and cut right to answering the questions he puts forth:

How am I, just an average person, supposed to know if the person with the firearm is a “good guy” or a “bad guy?”

How am I, just an average person, supposed to know if any stranger I meet is a “good guy” or “bad guy?” Most anti-gunners only freak out when they see a person without a badge openly carrying a firearm. Truth be told I could just go buy a police uniform and one of those completely asinine “concealed carry badges” and most anti-gunners would be perfectly fine with me openly carrying a firearm (and violent individuals do that specifically because it assists them in approaching their target).

There is no sure way to distinguish “good guys” from “bad guys.” This is why so many of us carry firearms. While 99.99 percent (number pulled out of my ass to illustrate a sizable majority) of people are good, or at least good enough not to be a direct threat to my life, there is that tiny percentage of the population that may decide shooting up the restaurant I’m eating at sounds like the makings for a fun afternoon. Since I can’t tell who they are I can only ensure I have the tools necessary to defend against them if I should encounter them.

Generally speaking though if the person with the holstered firearm isn’t shooting at random people there’s a very good chance they’re one of the “good guys.”

Suppose that I am armed, too. Should I fire preemptively at the other person with the gun just in case that person is a “bad guy,” and take the chance of killing a “good guy,” or should I hold my fire and take the chance that the other person will not be a “bad guy” or be a “good guy” and think I am a “bad guy” and fire at me first?

Is there a secret handshake that “good guys” use to identify each other? If so, what if a “bad guy” uses that secret handshake to pretend he is a “good guy” and then performs his nefarious acts?

It’s very simple actually. Hold your fire until there’s an immediate threat that you reasonable believe could kill you or cause great bodily harm? If the person in the restaurant has their firearm holstered they are not an immediate threat because holstered firearms can’t hurt anybody.

I’d be more concerned about the random person walking up to me asking to borrow a lighter for their cigarette (because I don’t smoke and one should therefore not assume I have a lighter) than an openly armed person sitting at a restaurant eating a meal. The former is creating a situation that gives them a plausible reason to close distance, which means they could be a deadly threat if they have a conceal knife, whereas the latter isn’t approaching me or trying to involve me in their business.

In my experience anti-gunners are poor risk at risk assessment. They focus on the tool as the threat instead of the person. People don’t need firearms to be dangerous but having a firearm greatly increases your odds of survival if you’re attacked by a dangerous person. Focusing on individuals openly carrying a firearm is especially poor risk assessment. Most violent individuals try to conceal the fact that they’re a threat until they get close. They want to appear friendly and unarmed so you let them get close enough to take you by surprise.

If you are worried about identifying “good guys” and “bad guys” pay attention to the situation and your gut instinct. Threats will try to create a situation that is favorable to them. As a human being you a gifted with a great ability to read other human beings. If a violent individual is creating a situation that favors them they are likely doing other things that will make the little voice in your head say, “I think he’s bad, you should flee.” Learn to identify those situations and don’t dismiss that little voice as mere paranoia. Those two things, which many of us refer to as “situational awareness”, will do more to increase your odds of survival than focusing on tools such as firearms.

Using The Market To Fight Poachers

Poaching is an issue in various parts of the world. Most species of rhino, for example, have been hunted to near extinction, in part, because a lot of cultures believe its horn carries magical properties that make human dicks bigger (or harder or whatever). Governments have been trying to solve this problem in the only way they know how, creating prohibitions. These prohibitions, like all prohibitions, have failed. Fortunately the market is here to bail us out. A group of researchers have come up with a clever way to reduce the demand for poaching rhinos:

Pembient, based in San Francisco uses keratin — a type of fibrous protein — and rhino DNA to produce a dried powder which is then 3D printed into synthetic rhino horns which is genetically and spectrographically similar to original rhino horns.The company plans to release a beer brewed with the synthetic horn later this year in the Chinese market.

The Chinese and Vietnamese rhino horn craze has caused an unprecedented surge in rhino poaching throughout Africa and Asia bringing the animal to the brink of extinction. In South Africa, home to 80 percent of Africa’s rhino population, 1,215 rhinos were killed in 2014.

Matthew Markus, CEO of Pembient says his company will sell rhino horns at one-eighth of the price of the original, undercutting the price poachers can get and forcing them out eventually.

Who said counterfeits were always bad? Rhino horn is worth a lot of money so poachers will continue to take bigger risks in pursuit of the few remaining animals on the planet. By creating an artificial substitute that is indistinguishable from the real deal and flooding the market with it the demand for rhino horn can be fulfilled and therefore reduce. This is the strategy that stands a chance of reducing rhino poaching because it address the root cause.

Why You Want Paranoid People To Comment On Features

When discussing security with the average person I’m usually accused of being paranoid. I carry a gun in case I have to defend myself? I must be paranoid! I only allow guests at my dwelling to use an separate network isolated from my own? I must be paranoid! I encrypt my hard drive? I must be paranoid! It probably doesn’t help that I live by the motto, just because you’re paranoid doesn’t mean they’re not out to get you.

Paranoid people aren’t given enough credit. They see things that others fail to see. Consider all of the application programming interface (API) calls the average browser has available to website developers. To the average person, and even to many engineers, the API calls available to website developers aren’t particularly threatening to user privacy. After all, what does it matter if a website can see how much charge is left in your batter? But a paranoid person would point out that such information is dangerous because it gives website developers more data to uniquely identify users:

The battery status API is currently supported in the Firefox, Opera and Chrome browsers, and was introduced by the World Wide Web Consortium (W3C, the organisation that oversees the development of the web’s standards) in 2012, with the aim of helping websites conserve users’ energy. Ideally, a website or web-app can notice when the visitor has little battery power left, and switch to a low-power mode by disabling extraneous features to eke out the most usage.

W3C’s specification explicitly frees sites from needing to ask user permission to discover they remaining battery life, arguing that “the information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants”. But in a new paper from four French and Belgian security researchers, that assertion is questioned.

The researchers point out that the information a website receives is surprisingly specific, containing the estimated time in seconds that the battery will take to fully discharge, as well the remaining battery capacity expressed as a percentage. Those two numbers, taken together, can be in any one of around 14 million combinations, meaning that they operate as a potential ID number. What’s more, those values only update around every 30 seconds, however, meaning that for half a minute, the battery status API can be used to identify users across websites.

The people who developed the W3C specification weren’t paranoid enough. It was ignorant to claim that reporting battery information to websites would have only a minimal impact on private, especially when you combine it with all of the other uniquely identifiable data websites can obtain about users.

Uniquely identifying users becomes easier with each piece of data you can obtain. Being able to obtain battery information alone may not be terribly useful but combining it with other seemingly harmless data can quickly give a website enough data points to identify a specific user. Although that alone may not be enough to reveal their real identity it is enough to start following them around on the web until enough personal information has been tied to them to reveal who they are.

The moral of this story is paranoia isn’t properly appreciated.

Ad Blockers Are Security Tools

If you’re not already running an ad blocker I highly recommend you start. In addition to reducing bandwidth usage ad blockers also protect against ad network delivered malware. Because they span so many separate websites ad networks are common targets for malicious hackers. When they find an exploit they usually use the compromised network to deliver malware to users who access websites that rely on the ad network. Yahoo’s network is the most recent example of this scenario:

June and July have set new records for malvertising attacks. We have just uncovered a large scale attack abusing Yahoo!’s own ad network.

As soon as we detected the malicious activity, we notified Yahoo! and we are pleased to report that they took immediate action to stop the issue. The campaign is no longer active at the time of publishing this blog.

This latest campaign started on July 28th, as seen from our own telemetry. According to data from SimilarWeb, Yahoo!’s website has an estimated 6.9 Billion visits per month making this one of the largest malvertising attacks we have seen recently.

When a single ad network can see almost 7 billion visits per month it’s easy to see why malware distributors try to exploit them.

Many websites rely on advertisements for revenue so they understandably get upset when users visit their pages while using ad blockers. But their revenue model requires their users put themselves at risk so I don’t have any sympathies. If you run a website that relies on ads you should be looking at different revenue models, preferable ones that don’t put your users in harm’s way.

Security Is A Growing Threat To Security

Where a person stands on the subject of effective cryptography is a good litmus test for how technically knowledgeable they are. Although any litmus test is limited you can tell immediately that an individual doesn’t understand cryptography if they in any way support state mandated weaknesses. Mike Rogers, a former Michigan politician, expressed his ignorance of cryptography in an editorial that should demonstrate to everybody why his opinion on this matter can be safety discarded:

Back in the 1970s and ’80s, Americans asked private companies to divest from business dealings with the apartheid government of South Africa. In more recent years, federal and state law enforcement officials have asked — and required — Internet service providers to crack down on the production and distribution of child pornography.

You know where it is going when the magical words “child pornography” are being mentioned in the first paragraph.

Take another example: Many communities implement landlord responsibility ordinances to hold them liable for criminal activity on their properties. This means that landlords have certain obligations to protect nearby property owners and renters to ensure there isn’t illicit activity occurring on their property. Property management companies are typically required to screen prospective tenants.

Because of the title of the editorial I know this is supposed to be about encryption. By using the words “child pornography” I know this article is meant to argue against effective cryptography. However, I have no bloody clue how landlords play into this mess.

The point of all these examples?

There’s a point?

That state and federal laws routinely act in the interest of public safety at home and abroad. Yet now, an emerging technology poses a serious threat to Americans — and Congress and our government have failed to address it.

Oh boy, this exercise in mental gymnastics is going to be good. Rogers could be going for the gold!

Technology companies are creating encrypted communication that protects their users’ privacy in a way that prevents law enforcement, or even the companies themselves, from accessing the content. With this technology, a known ISIS bomb maker would be able to send an email from a tracked computer to a suspected radicalized individual under investigation in New York, and U.S. federal law enforcement agencies would not be able to see ISIS’s attack plans.

Child pornography and terrorism in the same editorial? He’s pulling out all the stops! Do note, however, that he was unable to cite a single instance where a terrorist attack would have been thwarted if only effective encryption hadn’t been in the picture. If you’re going to opt for fear mongering it’s best to not create hypothetical scenarios that can be shot down. Just drop the boogeyman’s name and move on otherwise you look like an even bigger fool than you would.

What could a solution look like? The most obvious one is that U.S. tech companies keep a key to that encrypted communication for legitimate law enforcement purposes. In fact, they should feel a responsibility and a moral obligation to do so, or else they risk upending the balance between privacy and safety that we have so carefully cultivated in this country.

Here is where his entire argument falls apart. First he claims “state and federal laws routinely act in the interest of public safety” and now he’s claiming that state and federal laws should work against public safety.

Let’s analyze what a hypothetical golden key would do. According to Rogers it would allow law enforcement agents to gain access to a suspect’s encrypted data. This is true. In fact it would allow anybody with a copy of that key to gain access to the encrypted data of anybody using that company’s products. Remember when Target and Home Depot’s networks were breached and all of their customers’ credit card data was compromised? Or that time Sony’s PlayStation Network was breached and its customers’ credit card data was compromised? How about the recent case of that affair website getting breached and its customers’ personal information ending up in unknown hands? And then there was the breach that exposed all of Hacking Team’s dirty secrets and many of its private keys to the Internet. These are not hypothetical scenarios cooked up by somebody trying to scare you into submission but real world examples of company networks being breached and customer data being compromised.

Imagine the same thing happening to a company that held a golden key that could decrypt any customer’s encrypted data. Suddenly a single breach would not only compromise personal information but also every device every one of the company’s customers possessed. If Apple, for example, were to implement Rogers’ proposed plan and its golden key was compromised every iOS user, which includes government employees I might add, would be vulnerable to having their encrypted data decrypted by anybody who acquired a copy of the key (and let’s not lie to ourselves, in the case of such a compromise the key would be posted publicly on the Internet).

Network breaches aren’t the only risk. Any employee with access to the golden key would be able to decrypt any customer’s device. Even if you trust law enforcement do you trust one or more random employees at a company to protect your data? A key with that sort of power would be worth a lot of money to a foreign government. Do you trust somebody to not hand a copy of the key over to the Chinese government for a few billion dollars?

There is no way a scenario involving a golden key can end well, which brings us to our next point.

Unfortunately, the tech industry argues that Americans have an absolute right to absolute privacy.

How is that unfortunate? More to the point, based on what I wrote above, we can see that the reason companies don’t implement cryptographic backdoors isn’t because they believe in some absolute right to privacy but because the risks of doing so are too great of a liability.

The only thing Rogers argued in his editorial was his complete ignorance on the subject of cryptography. Generally the opinions of people who are entirely ignorant on a topic are discarded and this should be no exception.

Surveillance Is For Me, Not For Thee

Law enforcers always want more power to surveil. If they had it their way they would have cameras on every street corner and in very house and every form of communications could be easily tapped whenever they saw fit. They tend to be a bit hypocritical here because they don’t want to be spied up themselves. Santa Ana police officers are coming under fire for a raid they performed on an illegal cannabis dispensary. During the raid surveillance footage shows officers making derogatory comments towards a disabled woman and scarfing down an edible. The dispensary is unhappy with the officers’ conduct and the officers are unhappy that they were recorded:

SANTA ANA – Three Santa Ana police officers want to quash a surveillance video that shows officers making derogatory comments about a disabled woman and possibly snacking on pot edibles during a recent raid of a medical marijuana dispensary.

A lawsuit, filed last week in Orange County Superior Court by three unidentified police officers and the Santa Ana Police Officers Association, seeks to prevent Santa Ana Police Department internal affairs investigators from using the video as they sort out what happened during the May 26 raid of Sky High Collective.

[…]

The lawsuit argues that the video doesn’t paint a fair version of events. The suit also claims the video shouldn’t be used as evidence because, among other things, the police didn’t know they were on camera.

“All police personnel present had a reasonable expectation that their conversations were no longer being recorded and the undercover officers, feeling that they were safe to do so, removed their masks,” says the suit.

The dispensary also did not obtain consent of any officer to record them, the suit says.

“Without the illegal recordings, there would have been no internal investigation of any officer,” the suit says.

Pappas counters that the suit is baseless because the officers were aware the dispensary had video cameras and managed to disable most of them.

As far as arguments go that one is downright laughable. Places that use security cameras usually have a sign indicating the premise is under surveillance so it’s difficult to claim that you don’t know you’re being recorded. Furthermore the officers disabled most of the cameras so they knew the premise was under surveillance. With that knowledge the officers should have expected that they would miss a camera or two.

But the officers’ lawyer seems to be arguing that the officers had a reasonable expectation of privacy because they disabled most of the cameras. Somehow that makes the footage illegal, or something.

You have to hand it to law enforcers, they can twist logic to its absolute limits to justify their surveillance while arguing against being surveilled.

Without Government Who Would Arm The Terrorists

What’s the most effective way reduce gun violence in the United States? According to those who oppose self-defense mandating background checks for every firearm transfer would reduce gun violence. It’s an idea that sounds good to a lot of people on paper but only because they haven’t stopped to think about what that entails. Background checks require government approval for firearm transfers. Mandating background checks for every firearm transfer would, according to opponents of self-defense, ensure bad guys couldn’t acquire firearms. The biggest flaw in this plan is that it relies on government, which is more than happy to provide firearms to violent individuals:

Five years before he was shot to death in the failed terrorist attack in Garland, Texas, Nadir Soofi walked into a suburban Phoenix gun shop to buy a 9-millimeter pistol.

At the time, Lone Wolf Trading Co. was known among gun smugglers for selling illegal firearms. And with Soofi’s history of misdemeanor drug and assault charges, there was a chance his purchase might raise red flags in the federal screening process.

Inside the store, he fudged some facts on the form required of would-be gun buyers.

What Soofi could not have known was that Lone Wolf was at the center of a federal sting operation known as Fast and Furious, targeting Mexican drug lords and traffickers. The idea of the secret program was to allow Lone Wolf to sell illegal weapons to criminals and straw purchasers, and track the guns back to large smuggling networks and drug cartels.

Instead, federal agents lost track of the weapons and the operation became a fiasco, particularly after several of the missing guns were linked to shootings in Mexico and the 2010 killing of U.S. Border Patrol Agent Brian Terry in Arizona.

This is actually the same flaw every plan that relies on government suffers. How can you rely on an entity that steals, kidnaps, assaults, and murders people to stop theft, kidnappings, assaults, and murders? Do you really think an entity that drops bombs on child in foreign countries and pardons the violent actions of its law enforcers is going to have any moral opposition to handing a firearm to a person known to have a history of violence? Fast and Furious was a Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) operation that involved selling firearms to people suspected of being involved with violent drug cartels. Supposedly the operation was meant to track where the firearms went. Those firearms did end up in the hands of drug cartels but the ATF didn’t do a very good job of tracking them.

A background check systems can’t work if it relies on an entity that is motivated to provide firearms to violent people. Since the government is motivated to do exactly that the background check system supported by opponents of self-defense can’t decrease gun violence.