Month: October 2018

A Lot of Websites Don’t Fix Security Issues

Last year Google announced that it would be removing the Symantec root certificate from Chrome’s list of trusted certificates (this is because Symantec signed a lot of invalid certificates). This notification was meant to give web administrators time to acquire new certificates to replace their Symantec signed ones. The time of removal is fast approaching and many web administrators still haven’t updated their certificates:

Chrome 70 is expected to be released on or around October 16, when the browser will start blocking sites that run older Symantec certificates issued before June 2016, including legacy branded Thawte, VeriSign, Equifax, GeoTrust and RapidSSL certificates.

Yet despite more than a year to prepare, many popular sites are not ready.

Security researcher Scott Helme found 1,139 sites in the top one million sites ranked by Alexa, including Citrus, SSRN, the Federal Bank of India, Pantone, the Tel-Aviv city government, Squatty Potty and Penn State Federal to name just a few.

The headline of this article is, “With Chrome 70, hundreds of popular websites are about to break.” A more accurate headline would have been, “Administrators of hundreds of websites failed to fix major security issue.” Chrome isn’t the culprit in this story. Google is doing the right thing by removing the root certificate of an authority that failed to take proper precautions when issuing certificates. The administrators of these sites on the other hand have failed to do their job of providing a secure connection for their users.

Live Streaming Summary Executions

The Company Formerly Known as Taser (Axon) has announced a new line of body cameras that allow law enforcers to live stream their antics:

Police officers wearing new cameras by Axon, the U.S.’s largest body camera supplier, will soon be able to send live video from their cameras back to base and elsewhere, potentially enhancing officers’ situational awareness and expanding police surveillance.

[…]

Axon plans to test the device, the Axon Body 3, with a group of agencies early next year and ship to U.S. customers in the summer. (The initial price of $699 doesn’t include other costs, like a subscription to Axon’s Evidence.com data management system.) A built-in antenna transmits HD video over dedicated 4G LTE cellular networks, while another feature triggers the camera to start recording and alerts command staff once an officer has fired their weapon, a possible corrective to the problem of officers forgetting to switch them on.

Now the whole department can tune in for the summary execution of the unarmed black man!

Less you mistakenly believe that this live streaming capability might give oversight committees the ability to oversee law enforcers by randomly activating the live streaming capability, never fear, the live streaming capability can only be activated when the officer wearing the camera enables it:

Giving supervisors the ability to live-stream from officers’ chests has raised privacy concerns among police too. Axon’s system does not allow supervisors to remotely begin live-streaming from an officer’s camera unless it is in recording mode–that is, once an officer presses a large button in the center of the camera or is activated automatically by the sound of a gunshot, for instance. The video streams will also be limited to those with permission through the Evidence.com software.

That’s a relief! I was almost worried that there was a chance that an overseer might randomly activate an officer’s body camera can catch them doing something unlawful!

Of course the live video is streamed to Evidence.com, which is a service geared towards preventing the use of collected evidence from being used to defend an accused party or from bring charges against a law enforcer who has been caught doing something illegal.

Axon has covered all of its bases. There’s no possibility that these new features will be used to hold law enforcers accountable, which will make them popular with law enforcement departments.

Overcooking the Numbers

A lot of journalists rely on numbers reported by government agencies for research. When it comes to government reported numbers I tended to follow the advice of George Carlin who said, “I have certain rules I live by. My first rule: I don’t believe anything the government tells me.” This advice has proven its value time and again because the government has a tendency to make shit up. Take the Center for Disease Control (CDC). The agency has been cooking the numbers when it comes to gun violence. In fact the agency has overcooked the numbers so thoroughly that even anti-gun organizations like The Trace, which should be happily gobbling up the fallacious numbers, had to call bullshit:

But the gun injury estimate is one of several categories of CDC data flagged with an asterisk indicating that, according to the agency’s own standards, it should be treated as “unstable and potentially unreliable.” In fact, the agency’s 2016 estimate of gun injuries is more uncertain than nearly every other type of injury it tracks. Even its estimates of BB gun injuries are more reliable than its calculations for the number of Americans wounded by actual guns.

An analysis performed by FiveThirtyEight and The Trace, a nonprofit news organization covering gun violence in America, found that the CDC’s report of a steady increase in nonfatal gun injuries is out of step with a downward trend we found using data from multiple independent public health and criminal justice databases. That casts doubt on the CDC’s figures and the narrative suggested by the way those numbers have changed over time.

This isn’t unprecedented behavior. The CDC has lied about gun violence statistics before.

In addition to not believing anything the government tells me, I’m also automatically skeptical of statistics. Statistics in of itself isn’t bad. There are a lot of great uses for statistics. However, statistics can be easily manipulated to show a desired result and more often than not it seems that people reporting statistics are reporting numbers that were specifically crafted to show the outcome that they desired.

Living in a Surveillance State

People often argue about whether Brave New World or Nineteen Eighty-Four more accurately predicted our current predicament. I tend to believe that both books predicted different aspects of the present. Governments have certainly invested heavily in dumbing down and distracting the population in order to make them more docile and therefore easier to rule. But they have also invested heavily in ensuring that they can watch everything you do wherever you go:

The next time you drive past one of those road signs with a digital readout showing how fast you’re going, don’t simply assume it’s there to remind you not to speed. It may actually be capturing your license plate data.

According to recently released US federal contracting data, the Drug Enforcement Administration will be expanding the footprint of its nationwide surveillance network with the purchase of “multiple” trailer-mounted speed displays “to be retrofitted as mobile LPR [License Plate Reader] platforms.” The DEA is buying them from RU2 Systems Inc., a private Mesa, Arizona company. How much it’s spending on the signs has been redacted.

This is why I laugh at people who leave their cellphone at home when they “don’t want to be tracked.” If you drive your vehicle somewhere, there’s an ever increasing chance that the license plate will be recorded by a government scanner. If you take public transit, there’s an almost guaranteed chance that your face will be caught on a surveillance cameras inside of the vehicle (and an ever increasing chance that facial recognition software will automatically identify you). If you walk, you’ll likely be recorded on any number of private and public surveillance cameras (which, again, are more and more being tied to facial recognition software to automatically identify you).

Everything has pros and cons. One of the cons of technology becoming more powerful and cheaper is that surveillance technology has become more powerful and cheaper. Tracking an individual, especially in metropolitan areas, is trivial. Fortunately, surveillance is a cat and mouse game. One of the pros of technology becoming more powerful and cheaper is that countersurveillance technology is becoming more powerful and cheaper.

The Power of Not Voting

People like to talk about the power of voting but few bother to mention the power of not voting:

BUCHAREST (Reuters) – A referendum to change Romania’s constitution to prevent same sex couples from securing the right to marry failed to draw enough voters to validate the result on Sunday, after a campaign that led to a rise in hate speech against the gay community.

[…]

Dozens of human rights groups had said a successful referendum would embolden further attempts to chip away at the rights of minority groups and push Romania onto a populist, authoritarian track.

They have encouraged people to boycott the ballot, with several companies and popular musicians and artists following. A library chain even offered a book discount over the weekend for those who wanted to stay in and read rather than vote.

If voter turnout had been higher, the referendum may have passed. Since not enough people bothered to show up to validate the results, the referendum couldn’t pass.

Governments that describe themselves as democratic prefer to make it appear as though their power is endorse by “the people.” That means that they like to see high voter turnout. If a vast majority of people go to the polls during an election, a government can argue that it enjoys the endorsement of the majority of “the people.” If almost nobody shows up during an election, a government has a much tougher time making that claim.

Your Password, Please

Since I live in the United States, I spend most of my time lambasting its government’s infringements on privacy. But the United States doesn’t have a monopoly on violating individuals’ privacy. Every government has an interesting in violating rights. The hot privacy violation at the moment is demanding access to cell phones. Cell phones are becoming more integrated into our daily lives every day, which makes them a treasure trove of personal information. Here in the United States the government has made several efforts to force cell phone manufacturers to include a backdoor it can access. New Zealand has taken a different approach. If you don’t hand over your password to law enforcers, you will be fined:

New Zealand privacy activists have raised concerns over a new law that imposes a fine of up to NZ$5,000 (more than $3,200) for travelers—citizens and foreigners alike—who decline to unlock their digital devices when entering the country. (Presumably your phone would be seized anyway if it came to that.)

The Southern Pacific nation is believed to be the first in the world to impose such a law.

As a general rule, especially when crossing borders, it’s best to travel with clean devices and access whatever information you need remotely when you arrive at your destination. For example, instead of storing contract information on your cell phone when traveling, you might consider have your contract information on a remotely accessible server. When you get to your destination, you can log into the server and grab the phone numbers you need when you need them. When you’re ready to leave the country, you can factory reset your phone so your call log is erased.

Such a plan isn’t bulletproof. A factory reset phone is suspicious in of itself. Unfortunately there are no silver bullets. Every defensive measure has a list of pros and cons. You have to decide which set of pros and cons best fit your situation.

The Difficulty of Classifying People

It must be difficult being a collectivist. Their philosophy requires that 7 billion unique individuals fit neatly into a handful of boxes. Is an individual male or female? Is an individual a proletariat or a bourgeois? Is an individual black or white? These questions often seem straight forward but then you run into intersex individuals, workers who also own a stake in means of production, and individuals with white skin who have black ancestry:

In 2010, Taylor took an AncestryByDNA test, he said, “just to confirm what we’d already known.” The results said that he was 90 percent European and 6 percent indigenous American, as well as 4 percent sub-Saharan African.

[…]

Still, the results were enough for Taylor to update his birth certificate last November: It now says that he is black, Native American and Caucasian.

Taylor acknowledges that he looks white. But despite being “visually Caucasian,” as he puts it, he considers himself to be multiracial.

“I’m a certified black man,” he told The Post. “I’m certified black in all 50 states. But the federal government doesn’t recognize me.”

What qualifies an individual as being black? This is a question collectivists have to wrestle with. Is it based on ancestry? Is it based solely on skin color? Is there a minimum DNA threshold? Is so, what is that threshold and what is the justification for setting it there?

Every historical attempt to categorize individuals into a handful of tidy boxes has failed. It turns out that a species with 7 billion individuals is rather complex and contains a lot of variety.