Category: News You Need to Know

The Public-Private Surveillance Partnership

Between government and corporate surveillance I would, nominally, agree that government surveillance is more dangerous. This is because corporations aren’t in the practice of sending armed goons to your home to kick in your door, shoot your dog, and kidnap you based on what their surveillance has uncovered. But the distinction is only nominal because the data collected from corporate surveillance often finds its way into the government’s hands:

Throughout the United States—outside private houses, apartment complexes, shopping centers, and businesses with large employee parking lots—a private corporation, Vigilant Solutions, is taking photos of cars and trucks with its vast network of unobtrusive cameras. It retains location data on each of those pictures, and sells it.

It’s happening right now in nearly every major American city.

The company has taken roughly 2.2 billion license-plate photos to date. Each month, it captures and permanently stores about 80 million additional geotagged images. They may well have photographed your license plate. As a result, your whereabouts at given moments in the past are permanently stored. Vigilant Solutions profits by selling access to this data (and tries to safeguard it against hackers). Your diminished privacy is their product. And the police are their customers.

The company counts 3,000 law-enforcement agencies among its clients. Thirty thousand police officers have access to its database. Do your local cops participate?

One of the biggest risks of corporate surveillance is the collected data, either through sale or warrant, ends up in the hands of the State. While I have no real concerns about Facebook using my social graph to justify sending armed goons to kidnap me I do have concerns about judge granting a warrant to a law enforcement agency to obtain that data as a justification for kidnapping me.

Symbolism

The believed birthplace of the Bill of Rights now more closely matches the actual Bill of Rights:

A Pennsylvania building believed to be the birthplace of the Bill of Rights was partially demolished earlier this month because developers didn’t know the origin of the site, The Sentinel reported.

The building, originally known as the James Bell Tavern, hosted a meeting in 1788 of anti-Federalists opposed to the ratification of the new nation’s Constitution. The group began calling for changes to the document, and their plea was eventually heard when the Bill of Rights was adopted in 1791.

Overall the Constitution was, what I consider, a bad idea. It cemented the power of the federal government by giving it the power to issue and collect taxes and a monopoly on deciding whether any actions performed by the federal government were constitutional. Once the federal government of the United States had those two powers it effectively became unstoppable.

With that said, the Antifederalists made a valiant effort at damage control by getting the Bill of Rights included in the Constitution. Unfortunately the realities of statism became apparent very quickly as the federal government, almost immediately, began curtailing the supposed rights listed in the Constitution.

Federalists: 1, Antifederalists: 0.

Amateur Results

Remember Schneier’s point about expecting amateur results when using amateurs for frontline security? This is the result:

The couple says within twenty minutes, the door to the cabin opened and three, armed Port Authority police officers started walking down the aisle.

They stopped at aisle 23, where Chan and Serrano were sitting. One of them looked at Kathleen Chan.

“And he turns to her and says, ‘Do you have ID?’” Serrano remembered.

Chan showed her New York State driver’s license, with its photo ID and proof that she lived at the same address in Astoria that Serrano did.

In fact, the couple was about to mark nine years together, which included buying their Queens home in 2011 and refurbishing it.

[…]

“I asked him, ‘Can you tell me what this is about?’” Chan recalled. “He told me the flight crew had alerted the police that it was a possible case of sex trafficking. They thought I had not spoken any English, and that I was taking directions from Jay during the flight.”

Somebody on the flight crew saw something and decided to say something. Unfortunately the member of the flight crew wasn’t trained in any meaningful way to identify potential sex trafficking. So their reported ended up being a costly waste of time for everybody involved and needlessly terrorized an innocent couple.

If you see something, and you have no idea what you’re doing, just shut your mouth.

How To Spot A Sex Trafficker According To The DHS

How do you spot a sex trafficker? According to the Department of Homeland Security (DHS) the signs of a sex trafficker in a hotel are almost exactly the same as the signs of anybody else in a hotel that’s ready for a good time:

  • garbage cans containing many used condoms
  • frequent use of “Do Not Disturb” sign on room door
  • excessive foot traffic in and out of a room
  • “excessive sex paraphernalia” in room
  • an “overly smelly room” that reeks of “cigarette, marijuana, sweat, bodily fluids, and musk”
  • a guest who “averts eyes or does not make eye contact”
  • individuals “dressed inappropriate for age” or with “lower quality clothing than companions”
  • guests with “suspicious tattoos”
  • the presence of multiple computers, cell phones, pagers, credit card swipes, or other technology
  • the presence of photography equipment
  • minibar in need of frequent restocking
  • guests with too many personal hygiene products, especially “lubrication, douches”
  • guests with too few personal possessions
  • rooms paid for with cash or a rechargeable credit card
  • “individuals loitering and soliciting male customers”
  • “claims of being an adult though appearance suggests adolescent features”
  • refusal of room cleaning services for multiple days

This list, with an except of a few token points thrown in to make it seem otherwise, appears to be aimed at prostitution instead of sex trafficking. Furthermore, it’s absurd to expect hotel staff to identify sex traffickers. To quote Bruce Schneier, “If you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.” There is no value in having hotel staff act as investigators. I would even say it has less than no value since the cost of chasing false positives, including money paid to investigators following up on leads and the complacency that comes from a continuous stream of false positives, will likely become detrimental to efforts of fighting sex trafficking.

Programs like this are exercises in security theater. By holding these training sessions the DHS can claim it is doing something to thwart sex trafficking without actually having to do anything.

The Never Ending Ended War

Remember the war in Iraq officially declared over? Remember how much he and his supporters bragged about him ending Bush’s war? Guess what? We’re sending more troops there yet again:

FORT CAMPBELL, Ky. – An elite U.S. Special Operations targeting force has arrived in Iraq and will carry out operations against the Islamic State, part of a broader effort in 2016 to strike at the militants and that also includes U.S. Special Operations troops in Syria, Defense Secretary Ashton B. Carter said Wednesday.

The targeting force is now in place and is prepared to work with Iraqis to begin going after militant fighters and commanders, “killing or capturing them wherever we find them,” Carter said, speaking to about 200 soldiers at the home of the Army’s 101st Airborne Division, which is expected to deploy about 500 soldiers next month to Iraq and Kuwait as part of the campaign against the Islamic State, also known as ISIS and ISIL.

If you’re psychopathic enough to want to build an empire there are two ways to go about it. You can do it the smart way, the way the Mongols did it, and leave a conquered area to run its own affairs as long as it pays your demanded tribute. Or you can do it the stupid way, the way the United States prefers, and try to micromanage a conquered area even if they do pay your demanded tribute.

The problem with the stupid way is that the people tend to resent you far more. Because of that they continue actively fighting you, which ensures you can never really lay longterm ownership over the region. Even though the war was declared over the United States will likely be fighting it until it finally decides to leave.

The Pervasiveness Of Government Databases

Let’s discuss government databases. The United States government maintains numerous databases on its citizens. Many of these databases are populated, if not entirely, in part by algorithms. And unlike Amazon’s recommendation algorithms or Google’s search algorithms, government algorithms have real world consequences. Because government databases have become so pervasive these consequences can range from being barred from flying on a plane to signing up for the latest video game:

Last weekend Muhammad Zakir Khan, an avid gamer and assistant professor at Broward College in Florida, booted up his PC and attempted to sign up for Epic Games’ MOBA-inspired Paragon beta. Unbeknownst to Khan, however, was that his name name—-along with many others-—is on the US government’s “Specially Designated Nationals list,” and as such was blocked from signing up.

“Your account creation has been blocked as a result of a match against the Specially Designated Nationals list maintained by the United States of America’s Office of Foreign Assets control,” read the form. “If you have questions, please contact customer service at accounts@epicgames.com.”

There’s an interesting series of connections here. The first connection is Mr. Khan’s name appearing in the Specially Designated Nationals list. The second connection is the database, which is used to enforce the United States government’s various sanctions, applying to the Unreal 4 engine. The third connection is the game utilizing the Unreal 4 engine. In all likelihood Mr. Khan’s name was added to the database by an algorithm that adds anybody who has an arbitrarily selected number of characteristics that include such things as last names and religions.

So, ultimately, Mr. Khan was being prevented from signing up for a game because the government believes if they prevent modern video game technology from entering Iran, North Korea, or other countries under sanctions that the citizenry will start a revolution. Being human (or at least somewhat close approximations thereof) the agents charged with enforcing these sanctions chose to automate the process as much as possible, which resulted in a database likely automatically populated algorithmically.

The Great American Outdoor Show Will Be Safer This Year

There has been some disagreement between the City of Harrisburg and the National Rifle Association (NRA). The NRA is hosting its Great American Outdoor Show in the city. In addition to brining a good deal of money to local businesses the NRA is also making a donation to the Civil War Museum. However, the mayor of Harrisburg wants to shutdown the museum so he’s a bit peeved that the cash is going there instead of his gang in blue. Now the mayor wants to exact revenge:

Harrisburg Mayor Eric Papenfuse says Harrisburg City Police will not staff the upcoming gun show, which is sponsored by the NRA.

In the past, the city staffed officers and the NRA made a donation to Harrisburg City Police in return. In 2015, that donation was $50,000.

This year, Papenfuse says the NRA is donating money and most of it is going to the Civil war Museum, which the mayor wants to close.

And in so doing he inadvertently made the event safer. Without the local gang in blue meddling with the event the attendees don’t have to worry about being extorted, assaulted, or kidnapped.

So the secret to hosting a safe event in Harrisburg is to make a donation to the local Civil War Museum instead of the gang in blue.

When Idiots Write Stories

The Internet, although overall a glorious invention, is rife with bullshit. Unfortunately a lot of the bullshit seems to be widely circulated.

Several of my friends shared a story about all shipping traffic between Europe and the United States stopping:

when-idiots-write-headlines

This story was posted on such reputable sites as SupreStation95 and We Are Change (reputable, like a hipster’s stupid wardrobe, was ironic in this case). And who could argue with it? There’s a map right there clearly showing no ships between Europe and the United States, right? Wrong.

The map is taken from MarineTraffic, a website that gives a live view of ships throughout the world. It uses data collected from ships’ Automatic Identification System (AIS). But the idiot who wrote the story didn’t read MarineTraffic’s FAQ. If they had they would have realized that AIS utilizes ground stations to detect ships and has an approximate range of 15 to 20 nautical miles. Once a ship is outside of the range of any ground stations it is no longer trackable by MarineTraffic. Since there is a lack of landmasses in the Atlantic there are no ground stations to pick up ships’ AIS.

File this under “Life Lessons: Don’t Believe Everything You Read.” With that said, MarineTraffic is really cool and you should poke around on it. Seeing the sheer number of ships in the water at any time is pretty wild.

Centralized Failure

People have been using the attacks in Cologne to argue in favor of stronger border controls because, you know, the attacks must have been caused by immigrants and not the usual drunken debauchery that accompanies New Year’s Eve. Such arguments miss the point (well they miss several points but I’ll only address the biggest one here), which is the danger of centralization. It has been revealed that the police in Cologne were being overwhelmed with reports:

An internal police report reveals officers “could not cope” with the volume of attacks in Cologne on New Year’s Eve, German media say.

Women were “forced to run the gauntlet” through gangs of drunken and aggressive men outside the station, it said.

Police say the number of reported crimes from the incident has risen to 121, about three-quarters of which involve sexual assault.

[…]

“The task forces could not cope with all the events, assaults, and crimes – there were just too many happening at the same time,” the senior officer concluded.

Cologne police chief Wolfgang Albers has rejected claims teams were understaffed, insisting “we were well prepared”.

But he described what happened as “a completely new dimension of crime”.

I’ve discussed the weaknesses inherent in centralized security before. In this case it appears the central point of failure, relying on the police for security, was a major factor in these attacks getting as out of hand as they did. As the number of attacks increased the inability of the police to effectively respond became more obvious so the perceived risk of perpetuating additional attacks decreased. Since the average German citizen is unable to carry a firearm the risk of attacking them is already lower than it is in most states here. Couple that with the inability of the police to respond and you have a feedback loop of more attacks reducing the perceived risk of committing attacks, which in turn increases the likelihood of more attacks.

David Chaum Becomes A Quisling

Online anonymity is important. In fact it’s the difference between life and death for many political dissidents around the world. Recognizing this many developers have put their efforts into developing effective anonymity tools such as Tor and I2P. But what makes an anonymity tool effective? An effective anonymity tool is one designed in such a way where a third party cannot utilize the tool itself to discover the identity of a user (no tool, however, can be designed in such a way to stop a user from voluntarily revealing identifiable information about themselves).

One of the downsides of the current slew of popular anonymity tools is they tend to be slower than tools that don’t attempt to maintain anonymity. Accessing a website over Tor usually takes longer than accessing that same site over the regular Internet. David Chaum, a well-known and previously (I’ll get to that in a second) well-respected cryptographer is promising a new “anonymity” tool that doesn’t suffer from the performance issues of popular tools such as Tor:

With PrivaTegrity, Chaum is introducing a new kind of mix network he calls cMix, designed to be far more efficient than the layered encryption scheme he created decades ago. In his cMix setup, a smartphone communicates with PrivaTegrity’s nine servers when the app is installed to establish a series of keys that it shares with each server. When the phone sends a message, it encrypts the message’s data by multiplying it by that series of unique keys. Then the message is passed around all nine servers, with each one dividing out its secret key and multiplying the data with a random number. On a second pass through the nine servers, the message is put into a batch with other messages, and each server shuffles the batch’s order using a randomized pattern only that server knows, then multiplies the messages with another random number. Finally, the process is reversed, and as the message passes through the servers one last time, all of those random numbers are divided out and replaced with keys unique to the message’s intended recipient, who can then decrypt and read it.

Sounds good, doesn’t it? Chaum even claims PrivaTegrity is more secure than Tor. But as it turns out this “anonymity” tool isn’t effective because it allows third parties to unveil the identity of users:

On top of those security and efficiency tricks, PrivaTegrity’s nine-server architecture—with a tenth that works as a kind of “manager” without access to any secret keys—also makes possible its unique backdoor decryption feature. No single server, or even eight of the nine servers working together, can trace or decrypt a message. But when all nine cooperate, they can combine their data to reconstruct a message’s entire path and divide out the random numbers they used to encrypt it. “It’s like a backdoor with nine different padlocks on it,” Chaum says.

[…]

“It’s like the UN,” says Chaum. “I don’t think a single jurisdiction should be able to covertly surveil the planet…In this system, there’s an agreement on the rules, and then we can enforce them.”

One Key to rule them all, One Key to find them, One Key to bring them all and in the darkness spy on them.

You know who else had an agreement on the rules? The Nazis! Put down the Godwin brand pitchforks, that was purposeful hyperbole. My point is agreement on the rules is meaningless fluff just as his claim that no single jurisdiction should be able to surveil the planet. By implementing a backdoor he has made his network a single jurisdiction capable of surveilling everybody who uses it. His network is also the rule maker. The only reason I would shy away from calling PrivaTegrity a government is because it still outsources enforcement to the State by handing over identifiable information of users deemed guilty by the Nazgûl. PrivaTegrity isn’t about protecting the identity of every user, it’s about protecting the identity of favored users.

This backdoor capability also means PrivaTegrity is less secure than Tor since Tor doesn’t have a built-in method to reveal the identity of users. Every major government in the world will try to compromise PrivaTegrity if it every comes into wide usage. And due to the existence of a backdoor those efforts will bear fruit. Whether compromising the servers themselves, buying off the administrators of the servers, or by other means it will only be a matter of time until governments find a way to utilize the built-in backdoor for their own purposes. That is why the mere existence of a backdoor renders an anonymity tool ineffective.

The only upside to PrivaTegrity is that the existence of a backdoor almost guarantees nobody will adopt it and therefore when it’s compromised nobody will be put in danger.