News You Need to Know – Page 35

Minnesota Department of Human Services Questions Whether Mayo’s Desire to Get Paid Violates the Law

Minnesota really is a socialist shithole. The CEO of the Mayo Clinic, Dr. John Noseworthy, announced that his organization will give preference to holders of private insurance because Medicaid has a rather nasty habit of not paying for services rendered. His announcement sparked a lot of controversy because idiot socialists (a redundant term, I know) think profit is evil. The State of Minnesota is so heavily infected with this idiotic belief that it has announced that the Department of Health and Human Services will investigate the Mayo to determine whether its desire to get paid violates the law:

The Minnesota Department of Human Services is probing the Mayo Clinic for possible violations of civil- and human-rights laws by putting a higher priority on patients with commercial insurance.

The review, confirmed Thursday by DHS Commissioner Emily Piper, follows reports that Mayo will give preference to privately insured patients.

Piper’s department is also evaluating its various contracts with the Mayo Clinic system, which reaches far beyond its Rochester home base. Those contracts served over 150,000 public program enrollees last year, including lab work and pharmacy services.

What the fuck is wrong with this state? Hell, what the fuck is wrong with this country? Anybody expressing an interest in wanting to get paid for services rendered shouldn’t even merit an acknowledgement in the back page of the local section of a newspaper. It should be assumed that everybody wants to get paid for providing goods or services.

Critics have been pointing out that the Mayo Clinic made a good amount of revenue last year. It’s as if they believe there is some amount of revenue that when exceeded is too much and therefore bad. Whether the Mayo Clinic made $100 million or $100 billion is irrelevant. Okay, I lied. Revenue is relevant because the more revenue a provider makes the more it can invest in provided better services in the future. This is especially true when you look at the costs the Mayo Clinic faces. Being involved in the medical industry in the United States is damn expensive. Upgrading wings to the latest and greatest doesn’t come cheap. The more revenue Mayo makes the better equipment and services it can provide. The less revenue Mayo makes the more dilapidated its facilities become and by extension the worse its services become.

Today’s Arbitrary Rule Changes

What’s the difference between a dictatorship and a democracy? A lot of people claim that one of the major differences is that under a dictatorship an individual ruler or their ilk can arbitrarily make new laws whereas under a democracy laws are created through a process that requires input by many. If that’s the difference then I’m sorry to inform all of you that we live under a dictatorship.

Laws in the United States are often passed by Congress and signed by the president. However, not every law passed in this country has to go through that process. Many laws are created out of thin air by regulators. In one of today’s example of this arbitrary process I bring you the Department of Homeland Security (DHS) newly declared rules:

US authorities will no longer allow travelers from 13 African and Middle Eastern countries to bring computers and laptops into airplane cabins anymore, two news agencies have reported.

The new rules were laid out in an e-mail sent to airlines today by the US Transportation Safety Administration. This is according to The Guardian, which was first to report on the matter. Cell phones will still be allowed, but anything larger—including laptops, tablets, and cameras—must be put in checked baggage. CNN, citing two unnamed “administration officials,” confirmed the report.

And as Billy Mays often said, “But wait, there’s more!”

In a decision that could have broad implications throughout the silencer industry as well as with shooters/consumers, the Bureau of Alcohol Tobacco and Firearms (BATFE or ATF) has notified silencer manufacturer Dead Air Armament that the wipes used in their Ghost M silencer is a silencer part.

[…]

At this point, it is unclear why the ATF has decided to reverse their opinion on a nearly 20 year old issue. Once used in a variety of now dated silencer designs, the wipe has seen a limited resurgence as of late in modular suppressors and small silencers that require the use of an ablative media (“wet”) for increased noise reduction.

DHS and the ATF both created new rules out of thin air. In the case of ATF, the rule change contradicted previous declarations made by the agency. But it doesn’t matter because both agencies enjoy dictator-like powers over their domains and can make any arbitrary declaration they so choose.

Government Weed

I’ve searched high and low for something government does better than private entities. So far the only thing I’ve found that the government is competent at is causing death and destruction. In fact, the government can’t even get weed right:

All federal marijuana is grown at a single facility at the University of Mississippi, overseen by the National Institute on Drug Abuse (NIDA). Last summer the DEA formally took steps to allow other entities to supply marijuana for research purposes. So far, none have been approved.

The problems with the Mississippi weed go well beyond aesthetics.

For instance, the pot grown there maxes out, potency-wise, at about 13 percent THC (the main chemical that gets you high). And that might be an overstatement — Sisley’s own testing found that one of NIDA’s strains purported to be 13 percent THC was actually closer to 8 percent.

By comparison, the typical commercial weed available in Colorado is at about 19 percent THC, according to a laboratory that tests commercial marijuana in the state. And that’s just the average — some of the higher-end strains are pushing 30 percent THC or more.

For a researcher, it’s difficult to assess the real-world impact of high-end pot if you only have access to the low-quality stuff. It’s akin to investigating the effects of bourbon by giving people Bud Light.

This news has some pretty significant results. The federal government continues to claim that cannabis has no medicinal uses. It may be true that the shitty cannabis the government has approved for testing has no medical uses but the government approved cannabis doesn’t reflect the cannabis people actually use.

Why would anybody trust any federally sanctioned research into cannabis knowing that such research is hampered by artificially placed restrictions that guarantee that the results won’t reflect real world usage?

Without Government, Who Will Plow the Roads

If you live somewhere that gets hammered by frequent snow storms, you’ve probably heard some statist tell you that the government is necessary to plow the roads. After all, without government, who would plow the roads? It turns out that porn websites will:

When Boston plow truck drivers get to work clearing snow during tomorrow’s big storm, they’ll have some help—from Pornhub.

Pledging to assist anyone who “wants to get plowed,” the adult entertainment site says it is sending out a fleet of branded trucks to clean the city’s streets and parking lots for free.

“The Pornhub team understands that by this time of year, most cities have run up their budget in snow removal,” Pornhub Vice President Corey Price tells Boston, “and we thought we’d lend a hand in getting our fans plowed.”

[…]

The trucks will also be available on demand to clear lots owned by small businesses, Price says. Requests for a plowing are being accepted via email at phubplows@gmail.com. They are not offering to plow driveways, he says.

And unlike government, Pornhub won’t force you to use its service or steal your fucking property if you refuse to pay it for services you’re not using.

There’s No Vengeance Like Government Vengeance

If you live outside of Minnesota you may not be aware that it’s currently illegal here to buy alcohol for offsite consumption on Sunday. A law was recently passed to overturn this ridiculous restriction but it doesn’t take affect until July. However, one local liquor store decided to jump ahead of the game and was selling alcohol for offsite consumption Sunday. Needless to say, even though that very action will be legal in a few months the government doesn’t tolerate any amount of disobedience:

The liquor license at Surdyk’s Liquor and Cheese Shop will be suspended for 30 days in July, the city of Minneapolis ruled Monday, and the business must pay a $2,000 fine.

Owner Jim Surdyk opened for business Sunday, even though the repeal of the state’s 159-year-old ban on Sunday liquor sales won’t go into effect until July 2.

Instead of temporarily suspending the store’s license immediately the government chose to wait until July when it could cause the maximum amount of damage (Sunday alcohol sales will be legal plus there’s the whole July 4th alcohol sales bonanza). Why? It certainly wasn’t because Surdyk’s caused anybody any harm. It was because the store failed to respect some random government goon’s authority and to the State there is no greater transgression than failing to respect its authority.

Vault 7 isn’t the End of Privacy

There has been a lot of bad stories and comments about Vault 7, the trove of Central Intelligence Agency (CIA) documents WikiLeaks recently posted. Claims that the CIA has broken Signal, can use any Samsung smart television to spy on people, and a whole bunch of other unsubstantiated or outright false claims have been circulating. Basically, idiots who speak before they think have been claiming that Vault 7 is proof that privacy is dead. But that’s not the case. The tools described in the Vault 7 leak appear to be aimed at targeted surveillance:

Perhaps a future cache of documents from this CIA division will change things on this front, but an admittedly cursory examination of these documents indicates that the CIA’s methods for weakening the privacy of these tools all seem to require attackers to first succeed in deeply subverting the security of the mobile device — either through a remote-access vulnerability in the underlying operating system or via physical access to the target’s phone.

As Bloomberg’s tech op-ed writer Leonid Bershidsky notes, the documentation released here shows that these attacks are “not about mass surveillance — something that should bother the vast majority of internet users — but about monitoring specific targets.”

The threats of mass surveillance and targeted government surveillance are very different. Let’s consider Signal. If the CIA had broken Signal it would be able to covertly collect Signal packets as they traveled from source to destination, decrypt the packets, and read the messages. This would enable mass surveillance like the National Security Agency (NSA) has been doing. But the CIA didn’t break Signal, it found a way to attack Android (most likely a specific version of Android). This type of attack doesn’t lend itself well to mass surveillance because it requires targeting specific devices. However, if the CIA wants to surveil a specific target then this attack works well.

Avoiding mass surveillance is much easier to deal with than defending yourself against an organization with effectively limitless funds and a massive military to back it up that specifically wants your head on a platter. But unlike mass surveillance, very few people have to actually deal with the latter. And so far the data released as part of Vault 7 indicates the surveillance tools the CIA has developed are aimed at targeted surveillance so you most likely won’t have to deal with them.

Privacy isn’t dead, at least so long as you’re not being specifically targeted by a three letter agency.

Taking Down the 911 System

911 is the go-to number for most people when there’s an emergency. But 911 is an old system and old systems are often vulnerable to distributed denial of service attacks:

For over 12 hours in late October, 911 lines across the country were ringing so much that they nearly went down. Nobody knew why this was happening, until Phoenix police discovered that 18-year-old Meetkumar Hitesbhai Desai tweeted a link that caused iPhones to repeatedly dial 911. Now, more details have emerged about how the Twitter prank spiraled out of control.

Desai claimed the attack was a joke gone wrong, telling police he only meant for the link to cause annoying pop-ups, The Wall Street Journal reports. However, he posted the wrong code. It started when, from his @SundayGavin Twitter account, he tweeted the link and wrote, “I CANT BELIEVE PEOPLE ARE THIS STUPID.” When clicked, the URL, which was condensed by Google’s link shortener, launched an iOS-based JavaScript attack that caused iPhones to dial 911 repeatedly. When users hung up, the phone would keep redialing until it was restarted.

This story touches on a lot of different topics. First, it shows how dangerous software glitches can be. Since most people only think to dial 911 when there’s an emergency, a software glitch that allows a section of the 911 system to be taken down could cost people their lives. Second, it shows why URL shorteners are a pet peeve of mine. You never know where they’re going to take you until you’ve already clicked them. Third, it shows how easily a distributed denial of service attack can be created. One tweet with a link to a malicious piece of JavaScript was enough to bring a section of the 911 system to its knees.

The lessons to take away from this story are don’t to click random links and have a backup plan in case 911 is overwhelmed.

Vault 7

WikiLeaks dropped a large archive of Central Intelligence Agency (CIA) leaks. Amongst the archive are internal communications and documents related to various exploits the CIA had or has on hand for compromising devices ranging from smartphones to smart televisions.

I haven’t had a chance to dig through the entire archive yet but there’s one thing that everybody should keep in mind.

The government that claims to protect you, that many people mistakenly believe protects them, has been hoarding vulnerabilities and that has put you directly in harm’s way. Instead of reporting discovered vulnerabilities so they could be patched, the CIA, like the NSA, kept them secret so it could exploit them. Since discovery of a vulnerability doesn’t grant a monopoly on its use, the vulnerabilities discovered by the CIA may very well have been discovered by other malicious hackers. Those malicious hackers could, for example, be exploiting those vulnerabilities to spread a botnet that can be used perform distributed denial of service attacks against websites to extort money from their operators.

Remember this the next time some clueless fuckstick tells you that the government is there to keep you safe.

While I haven’t had a chance to read through the archive, I have had a chance to read various comments and reports regarding the information in the archive. By doing this I’ve learned two things. First, the security advice posted by most random Internet denizens is reminiscent of the legal advice posted by most sovereign citizens. Second, the media remains almost entirely clueless about information security.

Case in point, a lot of comments and stories have said that the archive contains proof that the CIA has broken Signal and WhatsApp. But that’s not true:

It’s that second sentence that’s vital here: It’s not that the encryption on Signal, WhatsApp (which uses the same encryption protocol as Signal), or Telegram has been broken, it’s that the CIA may have a way to break into Android devices that are using Signal and other encrypted messaging apps, and thus be able see what users are typing and reading before it becomes encrypted.

There is a significant difference between breaking the encryption protocol used by a secure messaging app and breaking into the underlying operating system. The first would allow the CIA to sit in the middle of Signal or WhatsApp connections, collect packets being sent to and from Signal and WhatsApp clients, and decrypting the packets and reading the contents. This would allow the CIA to potentially surveil every WhatsApp and Signal user. The second would allow the CIA to target individual devices, compromise the operating system, and surveil everything the user is doing on that device. Not only would this compromise the security of Signal and WhatsApp, it would also compromise the security of virtual private networks, Tor, PGP, and every other application running on the device. But the attack would only allow the CIA to surveil specific targeted users, not every single user of an app.

The devil is in the details and a lot of random Internet denizens and journalists are getting the details wrong. It’s going to take time for people with actual technical knowhow to dig through the archive and report on the information they find. Until then, don’t panic.

The BBC was Reported for Producing Child Pornography

The BBC, the propaganda arm of the British government, was performing an investigation into supposed child pornography being hosted on Facebook. In the BBC’s zeal to break and scandalous story it inadvertently fell afoul with Britain’s laws against producing child pornography so Facebook reported it:

According to the CPS, extreme care must be taken with illegal material that shows children being sexually abused. Its guidelines state: “Investigation should not involve making more images, or more copies of each image, than is needed in all the circumstances.”

The BBC could have sought help from the NCA or ACPO on how to handle the material, which the CPS says “will give additional certainty to individuals and organisations who are likely to need, frequently, to ‘make’ indecent photograph or pseudo-photograph and, provided the conditions were adhered to, such activities would not be subject to a criminal investigation as it would not be in the public interest to prosecute.”

But it’s unclear whether the corporation did this prior to taking the copied images to Facebook. Facebook’s policy director Simon Milner said in a statement:

We have carefully reviewed the content referred to us and have now removed all items that were illegal or against our standards. This content is no longer on our platform. We take this matter extremely seriously and we continue to improve our reporting and take-down measures.

It is against the law for anyone to distribute images of child exploitation. When the BBC sent us such images we followed our industry’s standard practice and reported them to CEOP [Child Exploitation & Online Protection Centre]. We also reported the child exploitation images that had been shared on our own platform. This matter is now in the hands of the authorities.

I guess the BBC figured that since it’s an arm of the British government that it was above the law. It’ll be interesting to see if the Child Exploitation and Online Protection Centre extends the BBC investigators professional courtesy or actually enforces the law as it is written.

The United States isn’t unique in having more laws on the books than any individual can realistically memorize. Britain has the same issue. This issue is often heartbreaking to witness because it leads to innocent people being kidnapped and tossed in a cage for years. But when employees of the government that wrote the laws encounters this issue it’s hilarious.

What What (In the Butt)

The Transportation Security Administration (TSA) has announced that it’s going to perform even more thorough acts of sexual assault against air travelers:

While few have noticed, U.S. airport security workers long had the option of using five different types of physical pat-downs at the screening line. Now, those have been eliminated, replaced instead with one universal approach. And this time, you will notice.

The new physical touching-for those selected to have a pat-down-will be more invasive in what the federal agency describes as a more “comprehensive” physical screening, according to a Transportation Security Administration spokesman.

Denver International Airport, for example, notified employees and flight crews on Thursday that the “more rigorous” searches “will be more thorough and may involve an officer making more intimate contact than before.”

I guess the TSA hired Agent Flemming:

How much more “intimate” could they get? Current pat downs cover everything except grabbing junk and cavity searches. I wonder if TSA agents will at least inform you if they feel anything potentially cancerous in your colon.

Not surprisingly, the TSA is citing its abysmal failures as justification for performing even more grotesque acts of sexual assault. When government agencies fuck up they always punish the people.