Protecting Yourself and Others – Page 6

Verification Is The Reason Why Random People Standing In Front Of Recruitment Centers Isn’t A Viable Security Model

Yesterday I noted that even an imbecile with a sightless AR-pattern pistol is an effective response to an active shooter situation. Less somebody mistake that statement as a blanket approval of armed individuals taking it upon themselves to stand guard uninvited over military recruitment centers let me discuss why such a security model isn’t viable. The Army has been telling its recruiters to treat random armed watchmen as potential threats and its right to do so:

WASHINGTON — The Army has warned its recruiters to treat the gun-toting civilians gathering at centers across the country in the wake of the Chattanooga, Tenn., shooting as a security threat.

Soldiers should avoid anyone standing outside the recruiting centers attempting to offer protection and report them to local law enforcement and the command if they feel threatened, according to a U.S. Army Recruiting Command policy letter issued Monday.

Effective security relies on effective threat modeling. When the threat model is an active shooter the most effective response is an armed individual able to provide resistance. Before an active shooting begins the threat model is different because the potential attacker still isn’t known. Under that model you must assume everybody who isn’t trusted is a potential attacker (trusted individuals could be potential attackers as well, which is why you need redundancies). How do the recruiters know that the person who took it upon themselves to stand watch isn’t actually planning to shoot the place up? They don’t.

This is why nobody, whether they be tasked with securing a top secret military facility or a bar, puts any random schmuck who volunteers on guard duty. Verification is required before somebody can be trusted to provide security services. Bars need to know that their bouncers are going to verify patrons’ ages instead of take payouts to let high school students in. Businesses need to know the person at the front desk isn’t a member of a gang of thieves planning to rob the place. Military recruiters need to know that the person at the front isn’t a copycat wanting to take out some military personnel.

The most effective defense against a potential shooter is arming the individuals you trust to be on your property. As I stated in yesterday’s article, responding to an active shooter doesn’t require training beyond being able to send rounds towards the shooter. Response time is the critical factor so the more armed individuals on site the faster the situation will likely be resolved. But the armed individuals must be trusted to be a viable part of your security model otherwise you can’t know if they’re going to be a defender or aggressor until the attack is underway.

Situational Awareness Is Equally Important Offline And Online

Defending yourself online isn’t dissimilar to defending yourself offline. The tools do change. Instead of relying on tools such as physical fitness, weapons, and martial arts online defense relies on encryption, anonymity, and credential management. Even though online and offline self-defense utilize different tools both rely first and foremost on situational awareness. For example, in regards to offline defense it’s wise to avoid going down dark alleys that have reputations for being places of violence at night by yourself. Situation awareness should lead you to recognize that putting yourself in that situation greatly increases your risk of being the target of a violent crime. Likewise, when you’re online it’s wise not to submit personally identifiable information to websites that offer services that are either illegal or could be used to blackmail users.

37 million people failed the online situational awareness test and are now facing the very real prospect of being blackmailed:

Hackers claim to have personal details of more than 37 million cheating spouses on dating website Ashley Madison and have threatened to release nude photos and sexual fantasies of the site’s clients unless it is shut down, blog KrebsOnSecurity reported.

Ashley Madison’s Canadian parent, Avid Life Media, confirmed the breach on its systems and said it had since secured its site and was working with law enforcement agencies to try to trace those behind the attack.

Let’s consider the situation. The Ashley Madison website specifically specializes in helping married individuals have an affair. Since knowledge of affairs are often used as blackmail signing up for this website has pretty notable risks. The first risk is that the owners of the site will use the existence of your account to blackmail you. Another risk is exactly what happened, malicious hackers breaching the network and acquiring your personal information.

The latter risk is one faced whenever you sign up for any website. But the risks involved in your personal information from, say, Reddit being leaked is likely far less than those involved in a website that specifically advertises services to help married individuals commit adultery. That’s an important part of the situation to consider.

Another part of the situation that’s important to note is the site didn’t put any measures in place to protect your privacy in the event a breach occurred. Had the website been a hidden service that used Bitcoin as payment the ability to anonymize yourself, or at least offer plausible deniability by claiming somebody else created and maintained the account to sully your reputation, would exist. That’s exactly why Silk Road, which offered illegal services, opted for the hidden service using Bitcoin route. This website wasn’t a hidden service and, as far as I know, used credit cards, which are strongly tied to your real-life identity, for payments.

Be aware of the situation before you involve yourself in it. Failing to do so could put you in a bad situation that you could have otherwise avoided.

You Can’t Rely On Others For Your Defense

I shift around a lot of electrons talking about self-defense. When it comes to self-defense the thing that should always be kept in mind is that you can only rely on yourself. Sure, somebody may come to your aid but you can’t rely on the assumption that somebody will because very often nobody will:

What happened to Kevin Joseph Sutherland was horrific beyond imagining. On July 4, in front of about 10 witnesses on the Washington, D.C., Metro, an assailant punched him, stomped on him, kicked him in the head, and stabbed him at least 30 times. No one attempted to stop Sutherland’s killer.

What happened to me in November was vastly different, and I do not intend to equate the two events. Like Sutherland, I was attacked on a Saturday afternoon on the D.C. Metro. And as in Sutherland’s case, despite my screams and pleas, almost none of my fellow passengers on the crowded train car did anything to help.

This is why I keep myself in relatively good shape, carry a firearm, and train in martial arts (in that order of precedence) and urge you to do so as well. It’s harder to kill somebody in even decent shape than somebody who isn’t at all in shape and physical fitness improves your ability to run away, which should always been your first instinct when you feel like a situation is about to go bad. A firearm gives you the best odds against an aggressor and takes physical disparity out of the equation. Martial arts give you an option for dealing with an aggressor even in situations where you’re unarmed.

Both stories mentioned in the link article involved a person being attacked while multiple witnesses did nothing. One could blame the witnesses for not involving themselves, and a writer for the Federalist did exactly that, but it’s also unreasonable to expect somebody to risk their life to aid a complete stranger. That doesn’t make somebody a “beta male,” as the Federalist writer claims, it simply means they’re individuals who performed a risk-benefit calculations and concluded involving themselves was riskier than the potential benefit. That’s a very logical conclusion. Involving yourself in a physical confrontation is always risky. You don’t know if the situation is a gang of violent individuals beating a random innocent person to death or a inter-gang war playing itself out. It’s also impossible to know if the attackers are carrying armaments in addition to whatever is currently in their hands or if they have more friends nearby. Generally speaking the safe option for a person witnessing a physical confrontation is to do everything in their power to not involve themselves. That doesn’t necessarily mean it’s the moral choice but it is a logical choice.

But that logical choice also means you have to be prepared to fend for yourself.

Gun Control And Cryptography Control: Same Idea With The Same Outcome

Crypto War II is heating up. David Cameron has vowed to make effective cryptography illegal in the Britain, the Federal Bureau of Investigations (FBI) has been uging Congress to pass a ban on effective cryptography, and Australia has been ahead of the curve by not just prohibiting the use of strong cryptography but also learning about it. I’ve spent a good deal of time fighting against attempts to restrict or prohibit gun ownership. From my experience there I can say that attempts to restrict or prohibit effective cryptography is the exact same thing with the same outcome.

First, let’s consider what restricting or prohibiting gun ownership does. Gun restriction laws prohibit non-state individuals from having legal access to certain types of firearms and what they can do with their firearms. The National Firearms Act (NFA), for example, places heavy restrictions on purchasing machine guns, suppressors, and several other categories of firearms. Adding to the NFA’s restrictions on machine guns the Hughes Amendment to the Firearm Owners Protection Act outright prohibited non-state entities from legally owning machine guns manufactured after 1986. In addition to these restrictions the Gun Control Act of 1968 also created a list of individuals prohibited from owning any type of firearm. The list includes anybody who has been labeled a felon, which means simply failing to abide by the entire tax code could make it illegal for you to own a firearm. Most states have laws restricting individuals from lawfully carrying a firearm without state permission. In other words most states restrict individuals’ options for self-defense. Those laws, like all laws, only apply to individuals acting within the law. Criminals, by definition, do not have to abide by these restrictions and prohibitions so the ultimate outcome is that non-state individuals can be outgunned by violent criminals (both the state and non-state variety).

Now let’s consider what restricting or prohibiting effective cryptography does. Restrictions against effective cryptography create a legal requirement that all cryptographic systems be weakened in such a way that they can be easily bypassed by the state. In reality cryptographic systems cannot be weakened in such to allow only one entity to bypass them without also allowing other entities to bypass them. We learned this lesson during the Clipper chip fiasco. When you purposely introduce weaknesses into cryptographic systems those weaknesses can be targeted by anybody, including run of the mill criminals and foreign states. In the case of key escrow, the system being proposed where all encrypted data can be decrypted by a key held by the state, the focus would likely be in either creating or stealing a copy of the state’s key. Once that happened, and it would only be a matter of time until it did happen, the encrypted data would be available to anybody with a copy of the key to read. Imagine the day, and it would happen, where that master key was widely distributed across the Internet. Suddenly everything that was lawfully encrypted would be easily decrypted by anybody. Your personal information, including credit card and Social Security numbers, would be accessible to every identify thief in the world. Any communications you had that could imply you were participating in an unlawful activity, even if you weren’t, would suddenly be accessible not only to law enforcement agents but also individuals interested in blackmailing you. All future communications with online stores would be vulnerable, which means your credit card and shipping information could be snapped up by anybody surveiling the network you’re using. Any information you entered into state and federal online tax systems would be viewable to anybody with a copy of the master key. Effectively everything you communicated would be transmitted in plaintext and viewable to anybody.

Cryptography, like a firearm, is a means of self-defense. Where firearms are used to defend your physical self cryptography is used to defend your data. If your phone or laptop is stolen encryption can defend all of the information stored on it from the thief. When you make a purchase online encryption defends your credit card number and shipping address from identify thieves. Your Social Security number is also defended against identify thieves by encryption when you fill out your taxes online. There are a lot of bad individuals who want to steal personal information about you and the only thing you have to defend against them is effective cryptography. Any restriction against effective cryptography necessarily inhibits the ability of individuals to defend themselves.

The fight against restricting cryptography is the same fight against restricting firearm ownership. Both fights are against attempts by the state to restrict the ability of individuals to protect themselves from harm.

Handling a Self-Defense Situation

Christopher Cantwell, who officially endorse me as a social justice warrior, got himself into a rather unpleasant self-defense situation. I’ve heard him discuss it on Free Talk Live and read numerous opinions about how he handled the situation. As this story is an intersection of anarchism (Cantwell, even though many of his writings would indicate otherwise, does consider himself an anarchist as I’ve learned) and gun rights I thought I’d offer my opinion (and don’t say you didn’t ask for it, you’re on my site so obviously you want to know what I think).

From what I’ve read and heard the situation began when Cantwell came across a physical altercation and pulled out his camera to record it. The people involved in the altercation decided they didn’t want to be recorded and the situation quickly escalated to the point where Cantwell felt threatened enough to draw his gun.

Cantwell and I may both be anarchists but we likely disagree on more things than we agree on. I mention this because it’s something I share with many gun rights advocates (the disagreeing with Cantwell part, not the being an anarchist part) and the general attitude of many of them seems to be that Cantwell acted stupidly. Because of the video and what he said about the situation I’m left to believe that the primary reason they find what he did to be stupid is because they just generally don’t like the guy and are unwilling to compliment him. The reason I believe this is because he actually handled the situation well.

The first criticism being aimed at him by his detractors is that he involved himself in the situation. Anybody who has taken a self-defense class will tell you that involving yourself in altercations between unknown individuals is not a wise idea. Of course standing aside could result in somebody being murdered. Therefore the question becomes whether the legal liability is so great that your conscious will allow you to walk away as somebody is potentially being murdered. I think Cantwell took a good middle path by recording the altercation. By doing so really can’t be said to have escalated the situation since his “involvement” was nothing more than being a witness. He didn’t approach the group and command them to knock it off or take sides. Instead he did the same thing any security camera would do, bear witness and make a record of what happened.

When the people involved in the altercation took notice of him they initiated another aggressive situation, this time involving Cantwell. First they commanded him to turn off his camera and then approached him when he refused. At this point leaving the camera on was the wisest decision he could have made because it create a record that shows he didn’t instigate the situation and even made an effort to back away. That’s a key point, as the aggressors approached he attempted to maintain space by backing away.

Where I disagree with that he did is when he informed the aggressors that he had a gun. My quibble with this is that you remove the shock factor drawing your firearm has and potentially convince you aggressors to draw their firearms that you were unaware they had. Having surprise on your side is good in a self-defense situation because it can cause your aggressors to stop for a second as they process the new circumstance. This is a minor quibble though as the situation didn’t change. Warning them that he was armed didn’t convince them to back off nor did they pull weapons on him. In the end it was one of those mid-situation tactics that you really have to decide for yourself based on the situation at hand as it’s unfolding.

In the end he drew his firearm and that convinced his aggressors that they should stop approaching and threatening him. As with most self-defense situations involving the defender drawing a firearm the situation was resolved without any shots fired, which is the best possible outcome when things have reached that point.

I really can’t see where Cantwell committed any major self-defense faux pas. People could argue that he didn’t have to involve himself by recording the altercation but if it ended up in a murder people would probably criticize him for not recording it. By choosing to record the situation rather than break it up he ensured his involvement was minimal and stood little chance of escalating matters. It’s a good middle ground between legal liability and decency.

Self-Defense is Not Victim Blaming

I came across a link on my Facebook feed of a page showing pictures of women being photographed with the objects they carry to defend themselves. My first response was to note how poor the items pictured were for self-defense. But then I came across something:

She believes the objects they’re holding represent a “larger reality of victim blaming”.

[…]

“These loaded objects on key chains where trinkets should be really do portray how women are expected to always be on guard to protect themselves…when the rapists should not be raping,” she said.

Self-defense isn’t victim blaming, it’s simply being prepared for a potential life threatening situation. While I agree that rapists shouldn’t be raping the fact of the matter is the universe is a cruel place and only grants us the ability to control our own actions. That means we must prepare ourselves for situations created by other people. Rape isn’t the only scenario where one may have to defend themselves. Assaults, muggings, burglaries, attempted murders, and an extensive list of other violent crimes are all situations one can find themselves in that were created by somebody else. Having a means of self-defense is no different than keeping a first-aid kit in your vehicle. Life happens and sometimes it requires the application of bandages.

Victim blaming can only exist when there is a victim. Telling somebody to have a means of self-defense, not to walk down a dark alley alone on the bad side of town at night, wear a seat belt, and lock their doors at night are not instances of victim blaming because no victim exists. When victim blaming comes into play is after a crime has been perpetrated. If you tell a rape victim they were at fault for being raped because they didn’t carry a gun then you are victim blaming. The victim wasn’t at fault for the crime. Only the person who initiated the aggression holds any culpability.

Having a means of self-defense is an acknowledgement that bad people exist. It’s also an acknowledgement that you cannot control their actions but can take measures to increase your odds of resisting them. Victim blaming is the belief that a person is somehow responsible for somebody else choosing to attack them.

Half-Assed Effort is Better Than No Effort

Via Every Day, No Days Off I came across a video posted by the notorious James Yeager. In it he discusses the danger of lackluster training with a mixed martial arts (MMA) trainer:

I’m posting this video because it really strikes at one of my pet peeves in the martial arts community: people who assume their way is the only way and all other ways are dangerous. In the video the MMA instructor start off by talking about how having only minor training can be dangerous because a person who would have walked away if they lacked any training will now let their ego go to their head when presented with a potential physical altercation. He then rolled this into the common claim in the martial arts community that non-sparring arts are worthless for self-defense.

I study judo, which is a fully resistive sparring art, and a non-sparring sword art. In the past I’ve also studied karate at a school that did point sparring (a gray area that exists between the fully resistive sparring of judo, Brazilian jiu jitsu, muay thai, etc. and non-sparring arts). While I’m not an expert in fighting I feel as though I’ve learned enough about martial arts to comment on this topic.

Let me begin with fully resistive sparring arts. The two things I really like about fully resistive sparring arts is that you have empirical evidence of what works and you are constantly testing your skills against a resisting opponent. In judo, for example, I have a good idea of what throws I can execute effectively (almost none of them) and how good I am against an opponent (not very). Since I still suck at judo I know that my chances in an actual fight aren’t stellar. This means even with some training my ego is in check and I’m not likely to stand and fight instead of fleeing (not that I would be more willing to stand and fight even if I were skilled since you never know if an aggressor is more skilled or armed). If you only have some training in a fully resistive sparring art it’s damn near impossible for you not to know your skill level first hand.

Does that mean training in an art that doesn’t have fully resistive sparring is worthless? Not at all. Non-sparring arts still teach you techniques that can be useful in a fight. Take karate for example. With the exception of a few styles, such as kyokushin, karate is a non-sparring or point sparring art. Your skills are determined by instructor criticism instead of performance against a fully resistive opponent. Instructor criticism, assuming you have a knowledgeable instructor, will tell you if your technique is correct. During my time in karate I might now have tested my skills against a fully resisting opponent but I did learn how to properly throw punches and kicks. Those skills aren’t worthless in a fight. Being able to throw an effective punch or kick puts you ahead of a person who can’t. Since a majority of people in the United States aren’t trained in any fighting art even some training, such as effective technique, will increase your odds. Hell, simply learning how to break fall will increase your odds since you’ll be less likely to take severe damage if you get knock over.

Even skills that seem entirely unrelated to fighting can be of great help in self-defense. An art like tai chi, which is usually considered to be entirely ineffective for self-defense, can help you learn how to control your ego, which will probably do more to help you defend yourself than any fighting skill. The sword art I study relies a great deal on posture. This is, in part, because proper posture helps you maintain your balance and being able to maintain your balance will help keep you from getting put on the ground. In addition to proper posture I’ve also become more adapt at maintaining relaxed awareness (a component of zanshin) and we all know awareness is one of the, if not the, most critical skill for self-defense.

At the end of the video the MMA instructor says that the phrase “Some training is better than no training” should be amended to say “Some good training is better than no training.” That I agree with. As I noted above non-sparring or point sparring arts can still teach you proper techniques assuming you have a knowledgeable instructor. If you have an instructor who doesn’t know how to perform an effective punch or kick then they’re not going to be able to teach you how to do them. I think the most important thing that has to be kept in mind is that the art itself isn’t the biggest factor, the instruction in the art is. So long as you have a good instructor you can learn skills that can help you in self-defense even if those skills are as simple as maintaining calm in a potential fight.

Martial arts, like anything else, gives you what you’re willing to take from it. While I do agree that some arts are more effective for self-defense than others I don’t agree that non-sparring arts are dangerous. You can still take away skills that will make you more effective at defending yourself.

Dealing with Riots

The Baltimore Police Department has managed to protect the community by causing a great deal of civil unrest. This is the perfect opportunity to discuss the most effective strategies for surviving riots. Being a gun blog you’re probably expecting me to tell people in Baltimore to buy a gun. Buying a gun for self-defense is a good idea but when we’re dealing with riots there is a more effective strategy:

Riots are not good situations to be caught up in. There are no factions with definable goals that can be satisfied to convince everybody to go home. If you’re caught up in a riot you risk being injured or killed by rioters or police officers who aren’t interested in figuring out who is a rioter and who is merely caught up in the mess. Protecting yourself in a riot is a situation you have to treat as yourself (which includes your family and friends) against everybody else. Any honest self-defense instructor will tell you that your odds of survival go down as the number of opponents goes up.

A lot of people will advise you to hole up in your home, which is certainly better than roaming around on the streets. But you really have to ask yourself if your home and the things in it are worth the risk of sticking around. Stuff, in my opinion, isn’t worth the risks of hanging around during a riot (after all, that’s what I have insurance for). I believe the most effective way of protecting yourself during a riot is to run away.

Running away is actually the most effective means of self-defense in most scenarios. Any physical altercation, no matter how great the advantage you think you hold is, can result in serious injury or death. It’s best to avoid a fight if at all possible. In the case of riots this may involved leaving town, getting a hotel, and waiting for things to cool down. True, your house may be a burned out shell when you return but you’ll almost certainly be alive, which is the primary goal of self-defense.

That’s not to say you shouldn’t buy a gun. A gun is a tool you can resort to if avoidance isn’t an option. For example, if you have a small child with you you may not be able to run from an aggressor. In the case of a riot you may encounter an aggressor or several as you’re leaving town. Having a gun is a good idea but it should be treated as your last resort. Avoidance should be your first tactic.

Stop Using Master Lock Combination Locks

In the world of padlocks there is the omnipresent Master Lock combination lock. It’s cheap, doesn’t require a key, and takes a bit of time to brute force. At least it used to take a bit of time to brute force. One rule in the security industry is once a flaw has been discovered in a product it’s only a matter of time until that flaw becomes more severe. A rather intelligent bloke came up with a way to open any Master Lock by trying only eight combinations and wrote a nice calculator for the site:

Master Lock combination padlocks have been known to be vulnerable to an attack that reduces their 64,000 possible combinations down to 100. I’ve devised a new attack for cracking any Master combo lock that simplifies the process and reduces the amount of work down to only 8 combinations.

Use this calculator in conjunction with the instructions below to find the 8 possible combinations for your Master combo lock.

People have been warning others away from Master Lock combination locks for years now but this shows that you really really need to replace them with something better.

Rubber-Hose Cryptanalysis is Effective

I’m a big privacy advocate, which means I urge people to encrypt their hard drives (amongst many other things). This protects your data from a thief who has stolen your device, snoopy significant others, and law enforcement agents trying to dig up a reason to throw you in a cage for the remainder of your life. But encryption isn’t perfect. Rubber-hose cryptanalysis is effect. What that means is that officers, thanks to their magical liability shields, can bypass your encryption by threatening or actually using violence against your person:

After a few hours of this, which involved an attempt to lure one of Cascioli’s suppliers to his building, the officers focused on Cascioli’s Palm Pilot, which they (correctly) believed contained the information they wanted. But Cascioli wouldn’t provide the password. He claims that police then tried to extract the password through intimidation.

Cascioli says [Officer Thomas] Liciardello asked him a question: “Have you ever seen Training Day?”

When Cascioli said yes, Cascioli says Liciardello looked him in the eyes and said: “This is Training Day for f—ing real,” and then instructed officers Norman and Jeffrey Walker to take him to the balcony.

According to Cascioli and the indictment, Liciardello told them to “do whatever they had to do to get the password.”

Out on the balcony, Cascioli says officers Norman and Walker lifted him up by each arm and leaned him over the balcony railing.

In his testimony at trial this month, Cascioli provided more details, under oath, about what happened that night. The Palm Pilot, he said, contained records on his $400,000 stash, which he had split for safekeeping between the home of his brother and the home of a friend. When the cops allegedly took him out to the balcony, Cascioli said he truly feared for his life.

“They started to lift me a little,” he said. “My feet were off the ground.”

He said he was afraid. “I thought they were going to drop me” over the railing. Cascioli said he then gave up his password.

As a side note it’s worth bringing up that no Palm Pilot ever supported storage encryption so the most Cascioli’s device could have had was a password that could be easily bypassed by plugging the device into a computer and syncing all of the data (which copies the data from the Palm Pilot to the computer). But that really has nothing to do with the case at hand.

What is important here is threat modeling. Police rarely suffer consequences for using excessive force or even committing murder. That makes them more likely to use rubber-hose cryptanalysis. Fortunately encrypted drives are usually easy to erase because only the decryption keys need to be wiped out. If you really want to keep your information secret it would be wise to begin formatting your computer and mobile device upon confirming police are trying to gain entry into your dwelling. Otherwise you’re at the mercy of the court, which will tend to side with the police, to throw out any condemning evidence (and there will always be condemning evidence since everything is illegal these days).