Category: News You Need to Know

Doublethink

In George Orwell’s Nineteen Eighty-Four doublethink is described as, “The power of holding two contradictory beliefs in one’s mind simultaneously, and accepting both of them… To tell deliberate lies while genuinely believing in them, to forget any fact that has become inconvenient, and then, when it becomes necessary again, to draw it back from oblivion for just as long as it is needed, to deny the existence of objective reality and all the while to take account of the reality which one denies – all this is indispensably necessary.” That is the most accurate term to describe the White House’s claim that what the Federal Bureau of Investigations (FBI) is demanding of Apple isn’t a back door:

The White House says a court ruling asking Apple to help the FBI access data on a phone belonging to the San Bernardino gunman does not mean asking for a “back door” to the device.

By definition a backdoor, as it pertains to security, is a purposely placed mechanism that allows an unauthorized party to bypass security measures. What the FBI is asking Apple to develop is a special version of iOS that attempts to brute force the device’s password and doesn’t contain the increasing timed lockout functionality when entering incorrect passwords or the functionality that erases the phone after 10 incorrect passwords have been entered. The FBI is asking for a backdoor.

Just because the FBI is demanding this special firmware for a specific iPhone doesn’t mean the firmware isn’t a backdoor. But through the magic of doublethink the White House is able to claim what the FBI is demanding isn’t a backdoor.

Legally Speaking, You’re The Property Of The State

The All Writs Act is a piece of legislation that made it clear in vague but certain terms that everybody in the United States is the property of the State:

Basically, it’s “a very short, cryptic statute” that gives the courts “all sorts of incidental powers” to require things not specifically covered by other laws, according to Stephen Vladeck, a law professor at American University.

In the past, the act has been used to compel non-parties — like service providers of tech companies — to help in criminal investigations, Vladeck said. But that help has typically been limited to straightforward requests, like activating or turning off particular features and using systems that are already in place, he said.

The new order is different: It tells Apple to help the government by creating an entirely new software to help investigators bypasses security features. “That requires Apple to go much further than any company has ever been required to go in one of these cases,” said Vladeck.

Although the statue is short and rather vague its intention is quite clear: to give the State the legal authority to compel people into performing actions. It’s currently being cited to compel Apple to create a custom backdoor for the Federal Bureau of Investigations (FBI). But this isn’t he first time this archaic law has been used to force technology companies to perform the State’s will.

Can a court compel a person to act? If so that effectively makes everybody the slave of any judge with an order. It’s clear that the State believes a judge has such authority because it allows them to hold disobedient individuals in a cage for being in contempt of court. Therefore it must be said that the All Writs Act creates a form of legalized slavery.

TANSTAAFL

Free K-12 schooling! Free college! Free healthcare! The State sure is magnanimous!

Unfortunately, to the chagrin of utopians, there ain’t no such thing as a free lunch:

WILLOW RIVER — Scott Killerud was about to throw away a mailing about the 2016 enrollment period for MNsure last November when something caught his eye.

“Just as I was going to drop it in the trash, I was like — wait a second. What did I just read?” the Pine County farmer said.

What caught his eye was a notification that if you’re 55 or older and on Medical Assistance — Minnesota’s version of Medicaid — the state places an estate claim with which to recover its costs after you and your spouse have died.

Killerud was younger than 55, but his wife, Ellen, had reached that age the previous September. The couple, who supplement their farm income with part-time jobs, were told when they signed up for insurance through MNsure in 2014 that their income level qualified them for Medical Assistance.

But they didn’t know about the estate claim until Scott saw that mailing.

The State is in the business of stealing wealth, not handing it out. Whenever it claims to be giving something out for free you can be assured it’s part of a scam that is actually granting it further power to plunder the people.

Health insurance is the peak of the latest pyramid scheme. Acknowledging the fact that income taxes offer little in the way of plunder from people with little income, the State has created a program that allows it to take assets instead. This is especially important because it’s not unusual for retired individuals to have little in the way of income but a sizable sum in assets. By getting these individuals to sign up with MNsure, the State of Minnesota can give itself access to wealth that was previously outside of its grasps.

There is a lengthy list of things you should always be wary off. At the top of that list should people offering free stuff.

Apple Tells The Feds To Pound Sand

The technology industry has a long history of being run by antiauthoritarians who bark a lot but roll over as soon as Uncle Sam commands it. This has lead to a great deal of disappointment for me. Fortunately, after the Edward Snowden leaks, some technology companies have started developing a bit of a spine.

Yesterday a robed one in a court room commanded Apple to produce a custom firmware that would allow the Federal Bureau of Investigations (FBI) to more easily brute force the passcode on a suspect’s iPhone:

On Tuesday, a federal judge in Riverside, California, ordered Apple to help the government unlock and decrypt the iPhone 5C used by Syed Rizwan Farook, who shot up an office party in a terrorist attack in nearby San Bernardino in December 2015.

Specifically, United States Magistrate Judge Sheri Pym mandated that Apple provide the FBI a custom firmware file, known as an IPSW file, that would likely enable investigators to brute force the passcode lockout currently on the phone, which is running iOS 9.

By issuing this order Judge Pym openly stated that he believes Apple is a slave to the federal government and therefore can be forced to perform labor against its will. This is the point where a lot of technology companies would simply roll over and accept their place. Apple has decided it doesn’t want to play ball:

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

[…]

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

It will be interesting to see how far Apple can go in resisting this order but even if it does end up folding under the threat of government guns I want to give the company a hell of a lot of credit for this.

As Apple’s letter notes, this ruling as consequences far greater than this case alone. First, it would set a precedence that everybody is little more than a slave to the robed overlords of the courtrooms. Second, it would introduce an officially signed firmware that is purposely weakened to allow law enforcers to bypass built-in security mechanisms.

The first consequence isn’t anything new since the State has always viewed the people as slaves. But the second consequence is severe. I’m sure the FBI has pinky swore that it will never use this firmware again but anybody familiar with the agency’s history knows such a promise will be broken. And the state of the federal government’s network security means this custom firmware will almost certainly end up online at some point. Then it will be available to nongovernmental terrorists, domestic abusers, and other violent individuals with a vested interest in snooping on their targets.

Whether you like Apple or not, I believe the company deserves a lot of credit for this. I hope it inspires other companies to follow suit.

Uncle Sam Wants His Money


Dennis Farina plays Uncle Sam in Get Shorty.

Let this story be a lesson to everybody, be careful when you’re taking out a loan with the country’s biggest gang:

It might seem odd in an era defined by stagnant wages and rising income inequality for the long arm of the law to be cuffing Americans who default on their federal student loans. But according to reports out of Texas, that’s exactly what’s happening.

Paul Aker, 48, tells the New York Daily News and a local Fox broadcast affiliate that a coterie of heavily armed US Marshals showed up at his door in Houston last Thursday. His alleged crime? Failing to pay Uncle Sam back for a $1,500 student loan he took out to attend Prairie View A&M in 1987, he claims.

If you fail to pay back the mafia there’s a good chance armed men will come to your door, kidnap you, and take you to the Don.

This is another example of the rules being different from private individuals and the State. If you or a private institution loans money to somebody and they refuse to pay you cannot kidnap them and place them in a cage until they pay you back. Uncle Sam can. So think twice before taking any of his filthy lucre.

You Can’t Stop The Signal

What would happen if the United States government passed a bill mandating the inclusion of backdoors in cryptographic algorithms? Not much. The politicians in Washington DC, like many denizens of this nation, forget that there is an entire world outside of this nation’s borders. A recent report put together by actual security experts shows that any domestic laws hindering encryption will be futile because a lot of cryptography software comes from abroad:

An estimated 63 percent of the encryption products available today are developed outside US borders, according to a new report that takes a firm stance against the kinds of mandated backdoors some federal officials have contended are crucial to ensuring national security.

The report, prepared by security researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar, identified 865 hardware or software products from 55 countries that incorporate encryption. Of them, 546 originated from outside the US. The most common non-US country was Germany, a country that has publicly disavowed the kinds of backdoors advocated by FBI Director James Comey and other US officials. Although the Obama administration is no longer asking Congress for legislation requiring them, it continues to lobby private industry to include ways law enforcement agencies can decrypt encrypted data sent or stored by criminal or terrorism suspects.

We’re told that mandatory backdoors are necessary to make the lives of law enforcers easier. But passing a law mandating backdoors in systems that utilize cryptography would only effect domestic companies. Most devices are manufactured outside of the United States. Any law mandating ineffective cryptography would only applies to domestic devices, which means the mandated backdoors would likely only be included in devices meant for sale in the United States. That means avoiding a purposely weakened device would be as simple as ordering it from a foreign reseller.

Most of the boogeymen the politicians point to to justify mandating backdoors are primarily based in foreign countries. The terrorist and sex trafficking organizations are already buying their communication equipment outside of the United States so they will be entirely unaffected by any new domestic laws. Furthermore, being criminal organizations, nothing will change for them since they’re already breaking numerous laws.

At most a mandatory backdoor law will put the denizens here, at least those dumb enough to continue buying domestic devices, at risk of being exploited by domestic and foreign governments as well as malware producers.

Registering A Drone Puts Your Home Address Publicly To The Internet

When a handful of drone owners made some poor choices the Federal Aviation Administration (FAA) saw the opportunity to drum up some cash. It mandated that all drones must be registered with the FAA. Registering as a drone pilot costs $5.00 and failing to register can cost up to $250,000 and/or up to three years in a cage. Either way the FAA wins and you lose. Why do you lose? Because a hidden costs of registering your drone is making your home address publicly available on the Internet:

The FAA is delighted that signups for its new drone registry have hit 300,000. But the agency’s buoyant mood is destined for a nosedive. The FAA isn’t warning drone owners their names and addresses are easily searchable and downloadable (47MB) in the agency’s online registry.

To add a bit more insult than usual to public registries, the FAA’s drone pilot registry even includes minors:

While drone owners must be 13 years old to register, the privacy threat posed by this registry is particularly concerning for minors — for obvious reasons.

The poor manner in which this registry program has been handled just adds credence to the entire thing being a quick cash grab. Even a little bit of thought would have caused the developers to realize how bad of an idea making people’s name and addresses publicly available is. It’s especially damning when it’s so easy to make a more anonymized database.

Microsoft Makes Windows 10 A Recommended Upgrade For Users Of Older Versions Of Windows

File this under things that really annoy me:

From Monday, Windows Update will start making the upgrade to version 10 of the operating system a recommended update, rather than an optional one, a spokesperson for the software giant confirmed.

So if you’ve got Windows Update set up to automatically fetch and install recommended items – and the vast majority of people do because it’s the default setting – expect to, well, download and install a few gigabytes of Windows 10.

I understand Microsoft’s position. Its getting tried of sinking resources into supporting older versions of its operating system. Moving more people to Windows 10 reduces the amount of resources it has to invest in older versions. At the same time, this makes my life difficult.

One of the simplest pieces of security advice that can be given is to tell users to turn on automatic updates. A lot of malware infections are the result of a user failing to apply the latest security patches for their operating system. Turning on automatic updates ensures the latest security patches are automatically downloaded and installed soon after they’re released.

But a lot of users don’t want to upgrade to Windows 10. By moving Windows 10 into the recommended updates category users with automatic updates turned on will, unless they jump through a few hoops, find themselves running Windows 10.

This is an awkward position for me because I feel as though I must continue recommending people use automatic updates but I don’t want to force them into using the latest version of Windows if they don’t want to.

Getting Off The No-Fly List

With the rekindled excitement for prohibition people on the government’s terrorist watch lists from purchasing firearms it’s a good time to review how terrible of an idea the lists themselves are. The lists and the criteria for appearing on them are secret so there is no due process involved. We know approximately 40 percent of the names on the lists aren’t affiliated with any known terrorist organization. To make matters even worse there’s no way to know whether you’re on the lists until you try to fly and end up being detained and interrogated for hours. And once you’re on the lists getting off of them is no simple matter:

Kadura, an American citizen, was placed on the federal government’s no-fly list in 2012. Since then, in addition to being prevented from boarding flights, he has been detained, interrogated, and harassed at border crossings and pressured by authorities to become a government informant.

yaseen Yaseen Kadura Photo: Courtesy of Yaseen KaduraThe 25-year-old American medical student, who was raised in Indiana, has spent the last three years trying to coax information out of the government and clear his name. Last year, he sued in federal court over his watchlisting, joining four other Muslim Americans represented by lawyers from the Michigan chapter of the Council on American-Islamic Relations. That case was still ongoing, when, this past September, Kadura suddenly received a brief, terse letter from the government indicating that he was no longer on the list and could board a plane without impediment.

Since 2012 Kadura hasn’t been able to fly. He finally found his ability to fly restored but there is no indication of why. There was no known process for him to file an appeal. He initiated a lawsuit, which hadn’t concluded when his ability to fly was restored so no information of how one might restore their privileges was drawn out during the hearing. Like getting on the list, getting off of the list is a black box.

Proponents of barring people on the terrorist watch lists from purchasing firearms like to say, “If you can’t fly, you shouldn’t be able to own a gun.” It’s idiocy that ignored the fact that nobody on the terrorist watch lists should be prohibited from flying since there is no due process involved in appearing on the lists nor is there a known way of getting remove.

Mandatory Tracking

Fitness trackers are convenient devices for tracking health related information. Unfortunately many organizations see genuinely good ideas and decide they must be mandatory. That’s what the Oral Roberts University in Oklahoma has decided:

Oral Roberts University in Tulsa, Oklahoma, is requiring incoming freshmen to wear Fitbit fitness trackers to record 10,000 steps per day, with the information being made available to professors.

“ORU offers one of the most unique educational approaches in the world by focusing on the Whole Person — mind, body and spirit,” ORU President William M. Wilson said in a statement, a local CBS News affiliate reported.

“The marriage of new technology with our physical fitness requirements is something that sets ORU apart,” he said. “In fact, when we began this innovative program in the fall of 2015, we were the first university in the world to offer this unique approach to a fitness program.”

The Fitbit device uses GPS technology to track how and where students exercise, eat and sleep, as well as the calories they burn, how much they weigh and other personal information, EAGNews reported.

This raises so many privacy related questions. How does the university verify each student has taken the right number of steps per day? Is the information synced to the student’s smartphone (assuming the student has a smartphone)? If so, is the data collected by an app created by the university or Fitbit’s app? If the latter does the university demand students hand over their Fitbit account credentials? Is the health data accessible at any time to the university?

More concerning is how this technology will be mandated in the future. Will health insurance companies begin mandating that customers must wear Fitbits and meet a certain number of daily steps? While one can choose not to attend the Orwell, err, Oral Roberts University they cannot decide to forgo health insurance less they be fined by the State. Could businesses require employees to wear Fitbits as part of a wellness program (one of my friends works a place where wearing a Fitbit is required to receive a health insurance discount but it’s not mandatory yet)?

Technology is great so long as it remains voluntary. It’s when organizations start mandating the use of a technology that things become frightening.