Category: Protecting Yourself and Others

Real Terrorist Prevention

Bruce Schneier once again points out how our government’s policies and methods for preventing terrorism are wrong. He wrote a recent article for the New York Times that describes what is being down incorrectly:

Think about the security measures commonly proposed. Cameras won’t help. They don’t prevent terrorist attacks, and their forensic value after the fact is minimal. In the Times Square case, surely there’s enough other evidence — the car’s identification number, the auto body shop the stolen license plates came from, the name of the fertilizer store — to identify the guy. We will almost certainly not need the camera footage. The images released so far, like the images in so many other terrorist attacks, may make for exciting television, but their value to law enforcement officers is limited.

Check points won’t help, either. You can’t check everybody and everything. There are too many people to check, and too many train stations, buses, theaters, department stores and other places where people congregate. Patrolling guards, bomb-sniffing dogs, chemical and biological weapons detectors: they all suffer from similar problems. In general, focusing on specific tactics or defending specific targets doesn’t make sense. They’re inflexible; possibly effective if you guess the plot correctly, but completely ineffective if you don’t. At best, the countermeasures just force the terrorists to make minor changes in their tactic and target.

Exactly. Our government agencies focus on specific threats and put in countermeasures for threats that have already been used. When somebody put explosives in their shoes TSA made you remove your shoes at their “security” checkpoints. When somebody tried using a liquid bomb on a plane TSA barred you from carrying bottled water on board (unless you purchased it at an exorbitant rate behind the “security” checkpoint). But bad guys are creative and think up new methods that avoid the implemented specific threat countermeasures.

Something I’ve Often Wondered

Tam brings up a good pointer here. I often hear people say you should train like you fight. I agree. But apparently my idea of how I will need to fight and most people who proclaim this different greatly.

When somebody tells me to train like I fight they usually train with tools that I, nor I assume most people, don’t expect to have at my disposal. For the purposes of this post we’ll create a hypothetical gun owner who claims to train like he fights. Let’s call him Timmy Tactical. Timmy Tactical goes to the range every weekend to train. His training regiment is strict and to the letter. His first half hour is spent getting his MOLLE vest, drop leg holster, gloves, knee pads, elbow pads, combination infrared/night vision/4th dimension goggles, radio gear, spike toed ninja combat boots, bullet proof vest equipped with six trauma plates, and sun glasses (super tactical of course) on. He then spends the next couple of hours running drills with his M4gery carbine equipped with a flashlight, laser sight, bayonet, EOTech holographic site with accompanying magnifier, and two extra rounds stored in the pistol grip. He creates scenarios for himself based on likely situations including communist invasion, zombie outbreak, and invasion by aliens hailing from the far reaches of the Betelgeuse system.

What Timmy Tactical doesn’t train with is his concealed .38 caliber snubby revolver that is on his person the rest of the time.

This has always begged the question how do you really plan to fight? Personally the only people I know who fight like Tactical Timmy are the men and women in our military who fight as their daily job. They can fight like that because throughout their day they actually have all their on them. The reason for this should be obvious, they are in a job where extended firefights with multiple enemy combatants is not only possible but down right expected.

Those of us living the lives of sovereign individuals don’t generally have that kind of gear on our person. We don’t walk around all day decked out in combat gear. Well at least nobody I know does or have seen does. Most armed citizens have a small handgun concealed on their person and hopefully a reload in one of their pockets. That’s their fighting gear. And this fighting gear reflects the most likely confrontational scenarios that an average Joe is going to encounter. When walking the streets of a city your most likely enemy is going to be one hostile individual. You may have to defend yourself against multiple people but the number is generally not going to be above three (and before anybody says it, yes I know it can and you should always be as prepared as possible for surprise situations).

That’s why when I train like I fight it involves my carry gun in a concealed holster and a spare magazine in my back pocket. The scenarios I envision usually involve one or two combatants at close range. That’s not to say I don’t bring out my M1A SOCOM 16 every now and then and act like I’m fighting off a zombie invasion, but I don’t really consider it training. That’s just plain fun and games for me. But realistically if our fine country is ever invaded by communists hailing from Alpha Centauri I’m gathering up those I care about and heading for safe territory to hide until the shit settles down.

Likewise when it comes to home defense I train with my carry gun (the one I’m most likely to have should somebody go bump in the night) and shotgun (the gun I’ll try to get should I have the chance) assuming I’ll be in tight corridors and hallways.

Protecting yourself, like anything involving security, is all about threat profiles. I agree you should train like you fight. But how you fight should be based on threat profile. Always ask yourself what the most common situation is. For most people it’s either going to be a mugger coming at you on the street in the middle of the night or some jerk off busting into your home at a similar time frame. Due to this your should train with what equipment you will likely have at hand in those situations (and unless you sleep in your MOLLE gear it’s not going to be that). It certainly doesn’t hurt to train with your super cool combat rifle but you should be most proficient in the use of your carry and home defense gun assuming you won’t have time to gear up.

How Police Should Be

Uncle let’s us know what it means to be a good police officer. An 89 year-old woman successfully defended her home with a gun (which impossible, according the the anti-gunners the bugler would have just taken her gun and used it against her). The police responded in the following manner:

“This is a .22. And the police reloaded it for me,” said Turner. “I know how to work that gun. I just hope and pray to God it don’t happen again.”

Good on you officers.

In Security the Key Phrase is Trust No One

Last month I posted a story about an interesting Windows security issue dealing with how the operating system handles SSL root certificates. After reading the linked research paper I’ve started scrounging the sourced information within and I must say the phrase trust no one is made very apparently. The paper cites several stories dealing with government entities coercing private companies into allowing bypassing in place security measures to allow surveillance. Lets look at a few of these stories.

The first one relates to an online e-mail service called Hushmail. According to Hushmail’s own site:

Every day, people around the world send billions of emails. The vast majority of these are transmitted without using any form of encryption. When you send an email without encryption, it can be monitored, logged, analyzed and stored by your employer, your internet service provider, or worse – a hacker
….
Hushmail keeps your emails private by encoding each message using encryption. Encryption is a way of transforming a message so that it is unreadable to anyone but the sender and its recipients. Hushmail makes encryption seamless and transparent – we encrypt your message automatically before it is sent, and then restore it back to its original form when the recipient reads it.

And from another section on their site:

In some countries, government sponsored projects have been set up to collect massive amounts of data from the Internet, including emails, and store them away for future analysis. This data collection is done without any search warrant, court order, or subpoena. One example of such a program was the FBI’s Carnivore project. By using Hushmail, you can be assured that your data will be protected from that kind of broad government surveillance.

You’ll notice they chose their wording very carefully. They imply their service will prohibit government surveillance but only so long as it’s warrantless. That page also describe in detail the fact that they will surrender information upon lawful request. Of course there is a reason they disclose this information now:

Zimmermann, who sits on Hushmail’s advisory board, spoke to THREAT LEVEL after we published a piece contrasting the site’s promises that it had no access to the contents of customers’ encrypted emails stored on their servers with a court case showing that the Canadian company turned over 12 CDs of readable emails to U.S. authorities.

At one point Hushmail advertised itself as not being able to access user’s e-mails. Of course they eventually turned over 12 CDs worth of customer e-mails and then backtracked. Mr. Zimmermann makes a very good point that everybody should realize:

“If your threat model includes the government coming in with all of force of the government and compelling service provider to do things it wants them to do, then there are ways to obtain the plaintext of an email ,” Zimmermann said in a phone interview. “Just because encryption is involved, that doesn’t give you a talisman against a prosecutor. They can compel a service provider to cooperate.”

It should go without saying that if the company can get access to the plain text of the e-mails stored on its servers then somebody else can as well. Needless to say even if an online service proclaims they securely store your data and it can not be accessed that is not usually true. The only secure option is to encrypt the data while it’s still on your machine and then send it out. For instance I backup much of my data to an online store service. Before the data leaves my system it’s put into a TrueCrypt partition. Only I have the key to decrypt the partition so even if a government entity forced my storage provider to hand over my data there is no way for that provider nor the government to decrypt it (obviously I mean before I die, they could brute force the key but it would take practically a century and I doubt I’ll still be alive when they find out my encrypted partition contained nothing important nor incriminating).

So that’s one example that was cited in the paper. The next one is even more insidious in my opinion but has a happier ending. I’m sure everybody who is reading this is at least familiar with OnStar. It’s an in vehicle service provided with Government General Motors produced vehicles. It allows such services as calling somebody via the press of a button or getting help in an emergency. It also allows law enforcement personnel to track and find the vehicle should it get stolen. To do it’s services there are two things that it needs: The ability to output vocal data which is provided by the car’s stereo system, and a microphone so you can communicated with OnStar employees.

People buying GM cars see this services as a convenience but government sees it as something else, a mechanism of spying on the citizenry:

The court did not reveal which brand of remote-assistance product was being used but did say it involved “luxury cars” and, in a footnote, mentioned Cadillac, which sells General Motors’ OnStar technology in all current models. After learning that the unnamed system could be remotely activated to eavesdrop on conversations after a car was reported stolen, the FBI realized it would be useful for “bugging” a vehicle, Judges Marsha Berzon and John Noonan said.

Yes the FBI decided OnStar was a great service. You simply flip on the microphone remotely and you can monitor conversations taking place inside the vehicle. Great! Fortunately after doing this the courts decided it was a no-no:

In a split 2-1 rulingthe majority wrote that “the company could not assist the FBI without disabling the system in the monitored car” and said a district judge was wrong to have granted the FBI its request for surreptitious monitoring.

But not for the reasons you’re thinking:

David Sobel, general counsel at the Electronic Privacy Information Center, called the court’s decision “a pyrrhic victory” for privacy.

“The problem (the court had) with the surveillance was not based on privacy grounds at all,” Sobel said. “It was more interfering with the contractual relationship between the service provider and the customer, to the point that the service was being interrupted. If the surveillance was done in a way that was seamless and undetectable, the court would have no problem with it.”

See in order to activate the microphone remotely without the vehicle occupants knowing OnStar’s recovery mode had to be disabled. This presented a violation of the service agreement between OnStar and the vehicle owner:

Under current law, the court said, companies may only be ordered to comply with wiretaps when the order would cause a “minimum of interference.” After the system’s spy capabilities were activated, “pressing the emergency button and activation of the car’s airbags, instead of automatically contacting the company, would simply emit a tone over the already open phone line,” the majority said, concluding that a wiretap would create substantial interference.

Personally I don’t trust any system in my vehicle that can be remotely activated and for good reason. Having a remotely activated microphone in your vehicle is just asking to be eavesdropped on. This also includes cellular phones but Tam pointed out a simple solution for that.

The final cited source I’m going to bring up from that paper (seriously go read it [PDF]) deals with RIM’s Blackberry phones. In this case the problem wasn’t related to RIM but a cellular phone carrier who cells their devices. I know the United Arab Emirates aren’t known for their love of basic human rights but when you get carriers to install spyware on phones to monitor all users of Blackberry devices that’s simply shitting all over privacy.

Details on the spyware application itself can be found here. Although the spyware did appear to be actively monitoring peoples’ communications by default it was capable of being remotely activated at any time. Of course the expected activation would be done by law enforcement personnel but anything they can activate a resourceful malicious hacker can activate. Now I do want to make it clear RIM didn’t have any knowledge of this and did release the following public statement:

In the statement, RIM told customers that “Etisalat appears to have distributed a telecommunications surveillance application… independent sources have concluded that it is possible that the installed software could then enable unauthorised access to private or confidential information stored on the user’s smartphone”.

It adds that “independent sources have concluded that the Etisalat update is not designed to improve performance of your BlackBerry Handheld, but rather to send received messages back to a central server”.

This was a case of the UAE government getting a local carrier, Etisalat, to cooperate and install the spyware. The scariest thing here is the software wouldn’t have even been noticed if it wasn’t for the fact it was poorly coded and causing phone instabilities. Needless to say the phrase trust no one is very relevant everywhere in the world.

These stories exemplify that security is something you need to take into your own hands. You can’t expect other people to do it nor can you expect your government to do it. Nobody is going to protect your life, property, or privacy except you. This requires you obtain pertinent knowledge on the technology you use. Take time to understand the technology and devices you use in your everyday life and try to come up with ways those things can be used against you. Once you realize how those things can be used you can develop countermeasures.

Getting Pulled Over When You’re Armed

On thing that those of us who carry need to be concerned about is what to do when an officer pulls us over while we’re armed. The rules about this vary state to state but what I’m writing can only be considered applicable in Minnesota.

The rules in Minnesota are simple. You do not need to inform an officer that you’re armed but if asked you must answer truthfully. When an officer runs your license plate number the returned information will include whether the registered owner of the vehicle has a carry permit or not [Pending official verification. See comments below.]. With this knowledge the officer can chose to ask if you’re armed or not.

There are two schools of thought on how to respond to this situation. The first school says you should inform the officer right away. The second school of thought is that you shouldn’t disclose any information to the officer unless he or she asks first. I’m in the second school of thought and this post is my justification.

First the police officer should know whether I have a permit when they pull me over as my vehicle is registered to me. With this knowledge if they want to know I’m armed then they can ask. Duty of information is their burden not mine. Second a police officer’s job requires them to use anything you say against you. Because of this, outside of casual conversation, my rule of thumb is the only answer questions asked by the police. I never give any information they don’t ask for directly and when they ask a question I answer it as to the point as possible. I’m always polite because they are doing their job after all and I’m glad there are police officers out there. But I’m not going to give them any rope to hang me with either.

My third reasoning is the most important to me though. That’s the fact that criminals have impersonated police officers. These criminals have pulled over innocent people and robbed, raped, or murdered those people. Now if you’re like me you obvious take some time and consideration on the subject of self defense. We’re taught to always be in condition yellow and aware of our surroundings. We’re also taught to be suspicious of anybody we don’t know. So why take somebody’s word that their a police officer without question?

A little known fact is that you can call 911 when you’re being pulled over and ask the operator if there is actually a cop pulling you over. They will tell you whether the person behind you is a cop or not. This is advice they now give in driver education course as a mechanism to verify the person pulling you over at 3 a.m. in the middle of nowhere is actually a cop or not. Additionally a person impersonating a cop is not going to have access to your license and registration information. Unless the impersonator knows you personally or has access to the police database they will not know you are armed. This brings us to the whole subject of not informing the person pulling you over that you’re armed. If the person pulling you over is a real cop they know you have a carry permit and therefore can ask if you’re armed. On the other hand if the person who is pulling you over isn’t a cop they have no way of knowing you have a carry permit and therefore will most likely not ask you if you’re armed. If they ask if you have a carry permit be suspicious because a real officer will have access to such information.

If the person is actually a criminal impersonating a cop do you want to volunteer the information that you’re armed? I sure wouldn’t. I have a gun as a mechanism to use in self-defense. I also carry concealed because I don’t want people knowing I’m armed, the element of surprise is a good thing in my book. Therefore I’m not going to divulge the face I’m armed to somebody who could be a potential criminal.

Stay alert. Don’t trust people you don’t know, especially when that person appears to be a person of authority. Criminals do use disguises of authority to gain peoples’ trust and obedience. You shouldn’t drop out of condition yellow just because the person in front of you looks like an authority figure.

Bad Ass

Another article I found via The Firearm Blog. This story is about a man’s man who is obviously a bad ass and a good father:

“I shot him in the nuts with bird-shot because he was beating my daughter,” Kelly said.

That line alone allows me to overlook the fact the man was using a Taurus Judge. Seriously that one sentence extrudes bad ass. Anyways the daughter isn’t happy but you know what? I’m giving the father the benefit of the doubt since I wouldn’t react well to somebody beating my daughter (If I had one).

Body Scanner Fail

Bruce Schneier linked to a video of a person sneaking bomb components pasted on of those fancy full body scanners the TSA wants to put everybody through.

The video is in German but you can tell what’s going on even without knowing the language the French fear.

Two Schools of Carry Permit Holders

In the world of carry there are always two or more schools of thought on each subject. Right now I want to talk about the two schools of though pertaining to the potential court case after a self defense shooting. It seems to me not enough people take this into consideration. Everybody can talk ages about what type of ammunition is best, what is the best carry gun, what is the best holster, but very seldom do I hear a conversation about what are the best practices to avoid getting yourself thrown in jail afterwards.

The two schools of thought are generally those who believe worrying about a court case isn’t something you should waste time at. The idea is in a self defense situation you do anything you have to do in order to preserve you life regardless of the legalities and potential court case afterwards. The other school of thought is to based almost everything you do on what would reflect best in a court case.

I’m certainly of the second school of thought. I avoid carrying reloaded ammunition because a lawyer could jump on that, I don’t make any non-factory approved trigger modifications to a carry gun, etc. So I’m going to talk a little bit about such things and why I think what I think.

First of all let’s talk about carrying reloaded ammunition. I’ve not heard of a court case where somebody has been nailed to the wall for carrying reloaded ammunition but it certainly is something that could be used. The idea is a prosecutor could say you intended to kill your target by loading specially craft ammunition that exceed the performance capabilities of commercial ammunition. It’s stupid but then again prosecutors live to my the jury feel resent towards the accused. The best defense you can have is ask what you local police department use and use it. At least that way if the persecutor asks you why you carry what you carry you can clearly state because that’s what the police department carries. More or less carrying commercial self defense ammunition is an easy way to avoid a potential avenue of attack.

Next up trigger. This argument has been used before in court to prosecute people. See many people like to do trigger work on their guns to make the trigger lighter. This is especially common when the person learned to shoot on a single action platform like the 1911 where the trigger weight is very light. There is nothing wrong with wanting a lighter trigger, unless you’re sitting in court. Prosecutors love to nail people to the wall for whatever they can get. They might not be able to say you murdered a person but they certainly can say you made a mistake and get you with a manslaughter charge. The mistake? Accidentally pulling the trigger. In a stress situation fine motor skills go out the door. You become less aware of things. The prosecutor’s idea here is that your trigger was so light that you pulled it without realizing it while aiming at the attacker, thus firing accidentally. To further add frustration to the case the prosecutor can bring in an engineer from the pistol manufacturer who will state they advise against having such a light trigger. For instance Glock clearly states that their 3.5 pound connector is for competition and target use only (Although I think they make an exception if you pair it with a NY1 spring). The only trigger modification you should make to a carry gun are ones approved by the factory for defensive uses. Likewise if you carry a revolver carry one that is double action online. You don’t want to allow the prosecutor to claim you pulled the hammer back setting the stage for a negligent shooting.

Next potential legal battlefield you could be facing is around your caliber. A poor Arizona man was nailed this way because he was carrying a 10mm. The charge was crap but the prosecutor was able to connivence the jury the accused intended to kill and that is the only reason he carried such a powerful round. My advice to to carry a round that some police department has issue. 9mm, .40 S&W, .45 Auto, .38 Special, .357 magnum, and .357 SIG would all be safe choices.

What else do you have to watch out for? What you post online. Make no mistake nothing you post online is private. A smart prosecution team will do searches on your names and try to find websites you visit and post on. If they find a Facebook posting made by you stating something like, “I plan to kill anybody who attacks me” rest assured they will use it against you. Be careful with your words online. What you may think is harmless could come back and bite you in the ass later. Never advocate violence against somebody. If somebody asks for ideas on the best caliber to kill an attacker don’t post a reply. Make it clear that in a self defense situation you want to stop the attacker, not kill them. Just remember there is nothing confidential on the Internet.

A way to help yourself out in court is how you hand a self defense situation. Don’t risk your life for this but if there is any possibility loudly (Yelling voice here) tell your attacker to back off. Why? Because this way you will most likely attract the gaze of anybody around which means witnesses. The more witnesses your have the better in this case. They can come before the court and say you told the attacker to back off, drop their weapon, get away, whatever. In other words you attempted to resolve the situation without resorting to legal force. This is just something to help you out.

Finally have the name and number of a lawyer who has knowledge in the field of self defense shooting. Of course establish a dialog with the lawyer first so they know who you are. Not knowing who to call after a self defense situation is not a good thing. You should know who you are going to call beforehand.

So don’t just plan for a self defense situation, also plan for the aftermath. The court case could very well be worse than the self defense situation itself if you get tossed in prison for the remainder of your life.