Category: News You Need to Know

Unproductive Is Better Than Undoing Productivity

Since the news has hit national headlines I’m assuming most of you reading this blog are aware of the Black Lives Matters protest at the Minneapolis Police Department (MPD) Fourth Precinct. If not here is your thumbnail storyline.

Two members of the MPD were involved in the shooting of Jamar Clark. A lot of questions surround the shooting, including the conflict of interest of having law enforcers investigate law enforcers. The protesters are demanding any video footage of the shooting be released for public scrutiny and the investigators are refusing claiming it could hinder the investigation. Although the protest has remained mostly civil five people were shot one night last week.

As with any protest there are both advocates and opponents. Of the two I find the opponents most interesting. Not because the protesters shutdown Highway 94 during rush hour one night but because they keep saying the protesters need to get jobs and be productive members of society. It’s the same argument the tough on crime crowd tends to fall back on whenever people are protesting police.

For me this brings up an interesting question. Is it better to be productive or to undo productivity? Even though many of the people at the protest are employed let’s consider their productivity. Although the protesters have not completely shutdown the precinct they are interfering with its day to day operations to some extent. A lot of officers are on duty guarding the precinct instead of driving around hoping to issue some petty traffic citations. And therein lies my issue. Even if the protesters are being productive the police are actually undoing previous productivity.

Consider what happens when an officer witnesses somebody driving above the arbitrarily posted speed limit. First the officer will turn on his bright flashy lights that divert everybody’s attention to them and cause epileptic people to have a seizure. Then the officers race down the highway and demand the offending motorist pull over to the side of the highway. Because of the way Minnesota’s traffic laws are written other people driving down the highway need to either merge over a lane or slow way down when passing the cop car. While motorists are creating legally mandated conditions that are more likely to cause an accident the officer is walking over to the pulled over car to write him a citation. Most people view the citation as a dollar amount but it really should be viewed as hours of a life. That citation effectively undoes a number of hours of productivity of the motorist. Instead of being able to, for example, buy a new television the motorist now has to give that money to the State.

Traffic citations are just one of many ways police actively undo productivity. Raiding cannabis growers results in a lot of already grown cannabis being destroyed. Civil forfeiture laws result in a lot of productivity being stolen in the form of property an office claims is related to a drug crime.

To me the protest is, at worst, a debate between unproductive people (although I don’t actually see the protesters as unproductive) and people who undo productivity. I’d much rather have a group of unproductive people than a group of people who are working to set back my productivity any day of the week.

What The FBI Demands When It Sends A Gag Order

The first rule about National Security Letters (NSL) is you don’t talk about NSLs. If you do the Federal Bureau of Investigations (FBI) gets to put you in a cage. But a resent lawsuit has allowed us to get the first glimpse of an NSL. Specifically what the FBI demanded an Internet service provider (ISP) hand over about one of its customers:

The National Security Letter (NSL) is a potent surveillance tool that allows the government to acquire a wide swath of private information—all without a warrant. Federal investigators issue tens of thousands of them each year to banks, ISPs, car dealers, insurance companies, doctors, and you name it. The letters don’t need a judge’s signature and come with a gag to the recipient, forbidding the disclosure of the NSL to the public or the target.

For the first time, as part of a First Amendment lawsuit, a federal judge ordered the release of what the FBI was seeking from a small ISP as part of an NSL. Among other things, the FBI was demanding a target’s complete Web browsing history, IP addresses of everyone a person has corresponded with, and records of all online purchases, according to a court document unveiled Monday. All that’s required is an agent’s signature denoting that the information is relevant to an investigation.

This looks like a fishing expedition more than an investigation. Investigations are supposed to involved people who are suspected of specific crimes and any information demanded from investigators should be specific to those suspected crimes. What the FBI demanded in this case was basically all information the ISP could have about their customer and some information it probably didn’t have (such as a history of online purchases). Such a vast amount of unspecific data would be useful if the FBI wanted to find evidence of a crime and charge the target based on that. Because of the secrecy of NSLs it’s impossible to know the exact motives of the FBI so there’s really nothing stopping it from going on fishing expeditions.

I’d like to see more NSLs disclosed because I’m betting most of them will look more like fishing expeditions than investigations.

Consider Estonia When Starting An Online Business

When people tell me they want to start a white market business in the United States I strongly encourage them to think twice. Between the never ending rules and restrictions and the high taxes the United States is a terrible place to start an above the ground business. Fortunately we live in a world where those imaginary lines on maps are becoming less relevant. A while ago Estonia announced it’s e-residency program, which allows people to become virtual residents of Estonia. In an article discussing Estonia’s new deal with BitNation I noticed the e-residency program might include some real benefits:

Estonia, a country at the forefront of modern e-government, has been offering efficient online services to its citizens for more than a decade.

“By offering e-residents the same services, Estonia is proudly pioneering the idea of a country without borders,” proudly states the e-residency website. In particular, e-residents can digitally sign, verify and encrypt documents and contracts, establish an Estonian company online in 24 hours with a physical address in Estonia provided by an external service, and administer the company from anywhere in the world.

Currently, establishing an Estonian bank account for the company requires one in-person meeting at one of the banks that recognize e-resident smart ID cards – currently LHV, Swedbank and SEB – but once the account is established e-residents can manage e-banking and remote money transfers from anywhere in the world.

An appealing feature of e-residency for entrepreneurs is that, in Estonia, company income is not taxed. Therefore, compliance is simplified and all income is available for re-investment. However, since e-residency doesn’t imply tax residency, e-residents are supposed to pay taxes at home for the money that they take out of the company.

The question here is how much information does the Estonian government voluntarily provide other nations. If it hands over all business information upon request this e-residency program probably isn’t going to be that useful. But if it’s unwilling to hand over information and instead relies on business owners voluntarily providing their home countries tax information this could be a boon.

I bring this up because I believe it’s a good idea to keep an eye out for good deals. My preference is for underground businesses but I know a lot of people want to operate in the white market because it’s easier. Just because you want to operate in the white market doesn’t mean you have to play by the United States’ draconian rules or fund its insatiable war machine. E-residencies are likely to become more commonly available as other governments realize the wealth they could steal by offering denizens of foreign countries a better deal. After all, many great conquers managed to sign up a lot of foreign nationals by offering to steal far less from them. There’s no reason you can’t profit a bit by taking such offers when they’re made.

Immigrants, Jellybeans, And Fear Mongering

Even though evidence indicates the Paris attackers weren’t Syrian refugees a lot of assholes have been exploiting the tragedy to forward their xenophobic agenda. One such meme created by these xenophobes goes something like this:

If i gave you a bag of 50,000 jellybeans and told you 100 are poisonous, you wouldnt accept them right? Then why would we accept 50,000 refugees if some of them are bad?

This meme just goes to show, once again, that humans are naturally bad at risk assessment. The Foundation for Economic Freedom address this issue by pointing out some much scarier numbers:

I like jelly beans and numbers so I did a back of the envelope calculation. In the US there are about 15,000 murders per year. Most murderers kill only one person. Even serial killers kill only 2.8 people on average. Thus, 15,000 is also approximately the number of murderers in a year.*

[…]

The current US population is 322 million, so there are .0023 murderers per capita, or 2.33 murderers per 1,000, or 116 murderers per 50,000 people in the United States.

Put differently, about 116 American babies out of every 50,000 will grow up to murder someone. (Perhaps the NYMag should rerun its poll?). In contrast, only 100 of the 50,000 jelly beans were poisonous.

People tend to worry about situations where large numbers of people die at once more than situations where one or two people die even when the latter occurs frequently enough where the total number of dead is higher than the former. This is why a lot of people are scared to fly but think nothing about driving from home and work everyday.

Another problem people have with risk assessment is worrying about things they know nothing about more than things they understand well even if the latter is far more dangerous than the former. That is why many people are scared of allowing in Syrian refugees, a group of people they know little or nothing about, even though no terrorist acts have been perpetrated by a Syrian refugee in the United States and domestic terrorists have killed more people than Middle Eastern terrorists. In fact that brings up another interesting situation few people worry about:

WASHINGTON — In the 14 years since Al Qaeda carried out attacks on New York and the Pentagon, extremists have regularly executed smaller lethal assaults in the United States, explaining their motives in online manifestoes or social media rants.

But the breakdown of extremist ideologies behind those attacks may come as a surprise. Since Sept. 11, 2001, nearly twice as many people have been killed by white supremacists, antigovernment fanatics and other non-Muslim extremists than by radical Muslims: 48 have been killed by extremists who are not Muslim, including the recent mass killing in Charleston, S.C., compared with 26 by self-proclaimed jihadists, according to a count by New America, a Washington research center.

Overall, since 9/11, there have been 48 people killed by non-Muslim extremists. Meanwhile over 1,000 people have been killed by police this year alone. Yet most people would rate the threat of domestic extremists higher than the risks of domestic police. Why? Because few people actually know any domestic extremists and most people believe the vast majority of police officers are good guys.

I could play with numbers all day in an attempt to generate fear of anything I personally dislike. But I feel my time is more productively spent explaining risk assessment so those of you reading this can avoid falling into scary number traps.

It Turns Out The Paris Attackers Didn’t Even Use Encryption

Immediately following the attacks in Paris politicians were demanding bans on effective cryptography. That would lead one to believe that the attackers used cryptography to conceal their communications. As it turns out the attackers coordinated their efforts over regular old unencrypted Short Message Service (SMS):

Yet news emerging from Paris — as well as evidence from a Belgian ISIS raid in January — suggests that the ISIS terror networks involved were communicating in the clear, and that the data on their smartphones was not encrypted.

European media outlets are reporting that the location of a raid conducted on a suspected safe house Wednesday morning was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall massacre. Le Monde reported that investigators were able to access the data on the phone, including a detailed map of the concert hall and an SMS messaging saying “we’re off; we’re starting.” Police were also able to trace the phone’s movements.

This is why jumping to conclusions is foolish. The politicians and other assorted government goons demanding effective cryptography be banned didn’t wait long enough to learn whether the attackers actually used encrypted communications. Now that evidence exists suggesting they didn’t the entire narrative being used to justify the proposed bans has fallen apart.

So how did the various governments’ intelligence services miss the attacks? Probably because the unencrypted messages were buried so deeply in random noise nobody noticed them.

Another possibility is complacency. When you’re looking for boogeymen everywhere you will find them everywhere. Western governments are always looking for terrorist attacks and see them everywhere from foreign nations to local airports. Their security briefings are overflowing with warnings against imminent terrorist attacks. But when you constantly hear about imminent terrorist attacks that never happen you became so numb to the warnings that when a credible threat does exist you dismiss it as yet another overreaction from an overly paranoid intelligence agent seeking a promotion.

Either way mass surveillance did nothing to thwart the attacks and most likely hindered efforts to do so.

Losing The Signal In The Noise

As I’ve mentioned before mass surveillance is not effective at discovering and thwarting terrorists attacks before they happen. When you collect everything the signals are lost in the noise. But government officials continue their demands for weakening encryption so their mass surveillance apparatuses can better spy on us. This in spite of the fact the National Security Agency (NSA) is already so overwhelmed with noise that finding signals has become an exercise in luck:

A TOP-SECRET NATIONAL SECURITY AGENCY DOCUMENT, dated 2011, describes how, by “sheer luck,” an analyst was able to access the communications of top officials of Venezuela’s state-owned oil company, Petróleos de Venezuela.

Beyond the issue of spying on a business, the document highlights a significant flaw in mass surveillance programs: how indiscriminate collection can blind rather than illuminate. It also illustrates the technical and bureaucratic ease with which NSA analysts are able to access the digital communications of certain foreign targets.

The document, provided by NSA whistleblower Edward Snowden, is a March 23, 2011, article in the NSA’s internal newsletter, SIDtoday. It is written by a signals development analyst who recounts how, in addition to luck, he engaged in a “ton of hard work” to discover that the NSA had obtained access to vast amounts of Petróleos de Venezuela’s internal communications, apparently without anyone at the NSA having previously noticed this surveillance “goldmine.”

That the NSA, unbeknownst to itself, was collecting sensitive communications of top Venezuelan oil officials demonstrates one of the hazards of mass surveillance: The agency collects so much communications data from around the world that it often fails to realize what it has. That is why many surveillance experts contend that mass surveillance makes it harder to detect terrorist plots as compared to an approach of targeted surveillance: An agency that collects billions of communications events daily will fail to understand the significance of what it possesses.

Since the analyst made a note of finding the data on Petróleos de Venezuela it must be assumed it was on the agency’s list of desired signals. It was only after a lot of work and some dumb luck that the analyst found it buried in the sea of collected data.

If the NSA already has too much data how is adding more data going to improve matters? It’s not. In fact it will only make its ability to find valuable signals even more hopeless. That being the case, it makes you wonder what the real intentions of making mass surveillance easier are. It certainly isn’t to thwart terrorist attacks since doing that would require greatly trimming down the amount of data collected. On the other hand, if you just want the data at hand to prosecute a thorn in the side at a later date the mass surveillance system could prove to be somewhat useful.

Dial 1-800-ISIS-HLP

The mainstream media has been hard at work trying to make extremely mundane things appear terrifying by pointing out Islamic State of Iraq and the Levant (ISIS) uses them. Take phone-based technical support. It’s something most of us have used at some point in our lives. The only things frightening about it are wait times, trying to explain to the poor sap reading from their script that you’ve already performed the basic trouble shooting steps, and having your call dropped when you miraculously get connected to the one competent support specialist in the entire company. But NBC News decided mundane technical support is something that could be made absolutely terrifying by combining it with ISIS:

NBC News has learned that ISIS is using a web-savvy new tactic to expand its global operational footprint — a 24-hour Jihadi Help Desk to help its foot soldiers spread its message worldwide, recruit followers and launch more attacks on foreign soil.

Counterterrorism analysts affiliated with the U.S. Army tell NBC News that the ISIS help desk, manned by a half-dozen senior operatives around the clock, was established with the express purpose of helping would-be jihadists use encryption and other secure communications in order to evade detection by law enforcement and intelligence authorities.

The relatively new development — which law enforcement and intel officials say has ramped up over the past year — is alarming because it allows potentially thousands of ISIS followers to move about and plan operations without any hint of activity showing up in their massive collection of signals intelligence.

Although I highly doubt the claim that this help desk system is a new development its existence doesn’t change anything. Information on using secure communications technology has been publicly available on the Internet for years. There are numerous well-written step-by-step guides that walk users through setting up and using tools for communicating securely. They’re used by victims of domestic abuse who need to contact help without their abuser knowing, political dissidents in countries ruled by ruthless regimes, buyers and sellers of prohibited goods in countries ruled by regimes willing to storm homes at oh dark thirty and shoot family pets over some plants, and many other at risk individuals.

But technology is amoral and serves both the good and the bad alike. A car can whisk you from home to work but it can also help a bank robber escape after a heist. A gun can allow a frail 80 year-old woman to defend herself against a physically fit 20 year-old rapist but it can also be used by a police officer to murder a cannabis user. Encryption is no different.

Fearing something mundane because an evil person or organization is using it is idiotic. Every technology we have developed has been used by both good and evil people. That will never change.

Better Check That Deoxyribonucleic Acid

Has anybody done a DNA test on John Brennan? With the way he’s swooping down on the corpses of those killed in Paris to argue for more surveillance I’m beginning to think he’s a vulture that developed language skills:

John O. Brennan, the director of the Central Intelligence Agency, appeared to be speaking in part about the National Security Agency’s mass surveillance of phone and Internet communications that were disclosed by Edward J. Snowden in 2013. Those disclosures prompted sharp criticism and new restrictions on electronic spying both in the United States and in Europe.

Mr. Brennan also seemed to be pushing back against complaints from privacy advocates in light of a growing threat from the Islamic State against Western countries, exemplified by the gun and bomb assaults in Paris that killed 129 people on Friday night.

“In the past several years, because of a number of unauthorized disclosures, and a lot of hand-wringing over the government’s role in the effort to try to uncover these terrorists, there have been some policy and legal and other actions that have been taken that make our ability collectively, internationally, to find these terrorists much more challenging,” Mr. Brennan said after a speech at the Center for Strategic and International Studies, a Washington research organization.

As I noted yesterday, not a single terrorist attack was thwarted by the United States’ surveillance apparatus before the Snowden leak. When you have over a decade to show results and don’t there is no reason for anybody to take your program seriously.

This is the exact same shit we’re told whenever there’s a mass shooting. People must be disarmed to protect the people! The only difference is the word “gun” is replaced with the word “encryption.” But disarming people creates soft targets. When you take their guns you put them at the mercy of armed assailants. When you take their encryption you put them at the mercy of both state and non-state malicious hackers.

The “unauthorized disclosures” Brennan mentioned lead to a major overall increase in computer security. Everybody who uses a computer benefited from those disclosures. Common cryptographic libraries were studied under a new level of scrutiny and the result was a lot of bad crypto, which put people at risk, was replaced by better crypto. Political dissidents who lived under repressive regimes that relied on tools that often relied on bad crypto to identify them became safer. Searching for potentially embarrassing medical information became more confidential. Transmitting your credit card number to online retailers became less risky. Thieves who stole mobile devices found it much harder to harvest personal information about the rightful owner from them. Defense as a whole improved.

Considering that tradeoff, zero change in an ineffective program versus improve security for everybody, it’s hard to take Brennan seriously.

War Is Good For Business

I feel like a fool. Why? Because I didn’t buy Raytheon, Lockheed Martin, or any other politically connected weapons manufacturer’s stock when the market opened on Monday! Proving the 34th Ferengi Rule of Acquisition true, war is good for business:

The Paris attacks took place on Friday night. Since then, France’s president has vowed “war” on ISIS and today significantly escalated the country’s bombing campaign in Syria (France has been bombing ISIS in Iraq since last January, and began bombing them in Syria in September).

Already this morning, as Aaron Cantú noticed, the stocks of the leading weapons manufacturers – what is usually referred to as the “defense industry” – have soared:

I should have sought a job at one of these companies. They’re profitable so long as there’s war and there’s always war!

Political App Wants You To Sell Out Your Friends

Privacy is hard because once you lose exclusive knowledge of your personal information you can no longer control its proliferation, which is why Benjamin Franklin said, “Three can keep a secret, if two of them are dead.” Making matters worse is that personal information is very valuable. Can you trust everybody who, for example, has your phone number not to give it out to unsavory sorts, especially when they believe they’re getting something in return? Ted Cruz’s campaign is betting on your friends being Benedict Arnolds by providing them with your contact information in exchange for imaginary Internet points:

Whenever a new user logs in, the app asks for access to their phone’s contact list. Turning over that information earns a user 250 points. By comparison, a contribution only gets 10 points.

“While we don’t keep anything that they share, what it does allow us to do is identify within a person’s contact list, those voters that may be part of our core targeting list,” Wilson says.

The campaign is searching for information — names, address, phone numbers — that match up with possible Cruz voters. “We have scored the entire national voter file, in terms of their likelihood to support Ted Cruz,” Wilson says. “So if we identify that you have 10 friends in Iowa who are potential Cruz supporters, then we’ll ask you to reach out to those people.”

I’m not sure how Wilson can claim Cruz’s campaign doesn’t keep any collected information and then claim it uses that information to identify potential supporters. The only way to match up such data is if you have it on hand. There is also the question of what criteria they use to determine if a person in your contact list is a potential supporter. My guess is they call to hit them up for a campaign contribution.

In addition to being an example of scummy behavior this story is a great demonstration of how hard maintaining privacy is. If one of your friends is a rabid Cruz supporter would you trust them not to hand over your contact information in exchange for imaginary Internet points (which are posted on a leaderboard so Cruz supporters can see who the most pious supporters are)? I know I have several friends who would gladly do that for Rand Paul’s campaign.

Every person or company that possesses personal information about you is a potential leak and often it is in their best interest to leak your information.