1984 was a Warning not a Blueprint – Page 28

North Korea Facing New Sanctions Because of Something It Didn’t Do

In the infinite wisdom of our government the country of North Korea, which probably already has the status as most sanctioned country on hear, must be punished for something it wasn’t involved in. Last week Mr. Obama signed more sanctions against North Korea because of the latest Sony hack:

The US has imposed new sanctions on North Korea in response to a cyber-attack against Sony Pictures Entertainment.

President Barack Obama signed an executive order on Friday allowing sanctions on three North Korean organisations and 10 individuals.

The White House said the move was a response to North Korea’s “provocative, destabilising, and repressive actions”.

US sanctions are already in place over North Korea’s nuclear programme.

But Friday’s actions are believed to be the first time the US has moved to punish any country for cyber-attacks on a US company.

Of course the only entity in the world that is seriously claiming that North Korea was involved is the Federal Bureau of Investigations (FBI). Nobody else is buying that claim.

Encryption Works Except When It Doesn’t

People are still debating whether Edward Snowden is a traitor deserving a cage next to Chelsey Manning or a hero deserving praise (hint, unless you believe the latter you’re wrong). But a benefit nobody can deny is the overall improvement to computer security his actions have lead to. In addition to more people using cryptographic tools we are also getting a better idea of what tools work and what tools don’t work:

The NSA also has “major” problems with Truecrypt, a program for encrypting files on computers. Truecrypt’s developers stopped their work on the program last May, prompting speculation about pressures from government agencies. A protocol called Off-the-Record (OTR) for encrypting instant messaging in an end-to-end encryption process also seems to cause the NSA major problems. Both are programs whose source code can be viewed, modified, shared and used by anyone. Experts agree it is far more difficult for intelligence agencies to manipulate open source software programs than many of the closed systems developed by companies like Apple and Microsoft. Since anyone can view free and open source software, it becomes difficult to insert secret back doors without it being noticed. Transcripts of intercepted chats using OTR encryption handed over to the intelligence agency by a partner in Prism — an NSA program that accesses data from at least nine American internet companies such as Google, Facebook and Apple — show that the NSA’s efforts appear to have been thwarted in these cases: “No decrypt available for this OTR message.” This shows that OTR at least sometimes makes communications impossible to read for the NSA.

Things become “catastrophic” for the NSA at level five – when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a “near-total loss/lack of insight to target communications, presence,” the NSA document states.

[…]

Also, the “Z” in ZRTP stands for one of its developers, Phil Zimmermann, the same man who created Pretty Good Privacy, which is still the most common encryption program for emails and documents in use today. PGP is more than 20 years old, but apparently it remains too robust for the NSA spies to crack. “No decrypt available for this PGP encrypted message,” a further document viewed by SPIEGEL states of emails the NSA obtained from Yahoo.

So TrueCrypt, OTR, PGP, and ZRTP are all solid protocols to utilize if you want to make the National Security Agency’s (NSA) job of spying on you more difficult. It’s actually fascinating to see that PGP has held up so long. The fact that TrueCrypt is giving the NSA trouble makes the statement of its insecurity issued by the developers more questionable. And people can finally stop claiming that Tor isn’t secure due to the fact it started off as a government project. But all is not well in the world of security. There are some things the NSA has little trouble bypassing:

Even more vulnerable than VPN systems are the supposedly secure connections ordinary Internet users must rely on all the time for Web applications like financial services, e-commerce or accessing webmail accounts. A lay user can recognize these allegedly secure connections by looking at the address bar in his or her Web browser: With these connections, the first letters of the address there are not just http — for Hypertext Transfer Protocol — but https. The “s” stands for “secure”. The problem is that there isn’t really anything secure about them.

[…]

One example is virtual private networks (VPN), which are often used by companies and institutions operating from multiple offices and locations. A VPN theoretically creates a secure tunnel between two points on the Internet. All data is channeled through that tunnel, protected by cryptography. When it comes to the level of privacy offered here, virtual is the right word, too. This is because the NSA operates a large-scale VPN exploitation project to crack large numbers of connections, allowing it to intercept the data exchanged inside the VPN — including, for example, the Greek government’s use of VPNs. The team responsible for the exploitation of those Greek VPN communications consisted of 12 people, according to an NSA document SPIEGEL has seen.

How the NSA is able to bypass VPN and HTTPS is still in question. I’m guessing the NSA’s ability to break HTTPS depends on how it’s implemented. Many sites, including ones such as Paypal, fail to implement HTTPS in a secure manner. This may be an attempt to maintain backward compatibility with older systems or it may be incompetence. Either way they certainly make the NSA’s job easier. VPN, likewise, may be implementation dependent. Most VPN software is fairly complex, which makes configuring it in a secure manner difficult. Like HTTPS, it’s easy to put up a VPN server that’s not secure.

The ultimate result of this information is that the tools we rely on will become more secure as people address the weaknesses being exploited by the NSA. Tools that cannot be improved will be replaced. Regardless of your personal feelins about Edward Snowden’s actions you must admit that they are making the Internet more secure.

Soon Central Banking Failures Will Be Our Fault

The state is the undisputed champion of passing the buck. Whenever it fucks up it finds a way to blame the people. Did the politicians screw up the economy? That’s our fault for voting them in! Is your local police department out of control? You voted for the sheriff! There isn’t enough money circulating throughout the economy? What do you expect when people ~~save~~ hoard money? Accumulated debt is causing chaos in the banking system? Obviously people aren’t saving enough money!

Now the Bank of England is setting itself up to blame the people for arbitrarily set interest rates not bringing prosperity:

According to Sky News, the world’s eighth oldest bank will now assess the frequency of job searches and monitor prices online to understand potential unemployment rates and monitor inflation. It will also gauge language used on social networks to better understand the state of some financial markets. It’s another example of the shift towards “big data,” where companies collect and analyse huge sets of digital data rather than use traditional database techniques to detect patterns as they happen. The Bank of England says it used these techniques to help impose new controls on the housing market earlier in the year, and hopes this “big shift from the past” will help it better judge Britain’s financial status in the future.

Inflation will now be our fault because we sent the wrong signals over our social media feeds! Isn’t the state brilliant? There’s nothing it can’t blame on somebody else.

Never Let a Crisis Go to Waste

Sony, in what I predict to be a brilliant marketing move, has cancelled what was certainly going to be a shitty movie. This has gotten the expected, and likely desired, result of unleashing a great deal of impotent Internet rage. Not one to let a crisis go to waste the politicians in Washington DC are swooping in like vultures. First United States officials claimed that the hack was almost certainly performed by North Korea. Now senators are using that claim to justify the necessity of a “cyber security” (a meaningless term) bill:

Senator John McCain (R-AZ) also said that the choice set a “troubling precedent” in cyberwarfare. “The administration’s failure to deter our adversaries has emboldened, and will continue to embolden, those seeking to harm the United States through cyberspace,” he said in a statement. He reiterated promises to focus on the issue if elected chair of the Armed Services Committee, including plans to create a subcommittee for cybersecurity issues. “Congress as a whole must also address these issues and finally pass long-overdue comprehensive cybersecurity legislation,” he said. McCain has been pushing cybersecurity bills for years, including the Secure IT Act, a competitor to the controversial CISPA bill.

In a statement on Tuesday, Senator Dianne Feinstein (D-CA), a major proponent of cybersecurity and author of multiple bills, said that “this is only the latest example of the need for serious legislation to improve the sharing of information between the private sector and the government to help companies strengthen cybersecurity. We must pass an information sharing bill as quickly as possible next year.”

There are three points I would like to bring up.

First, there is no evidence that North Korea was involved in the Sony hack. All we have are statements made by United States officials. Remember that United States officials also told us that there were weapons of mass destruction in Iraq.

Second, the reason people like McCain and Feinstein want to pass a “cyber security” bill is because it would further enable private corporations, the same private corporations that currently possess a great deal of your personal information, to share data with the federal government without facing the possibility of legal liability. What members of Congress are referring to as “cyber security” bills are more accurately called surveillance bills.

Third, legislation won’t improve computer security. No matter how many “cyber security” bills are passed the fact of the matter is that bills are merely words on pieces of paper and words on pieces of paper have no ability to effect the world by themselves. What you need are experts in computer security doing their job and that is done by enticing them with rewards (often referred to as paying them) for utilizing their skills. Legislation doesn’t do that, markets do. The only thing legislation does is state who the state will send armed thugs after if their desires are not properly met.

The Privacy Dangers of Body Camera Equipped Police

I’ve been how ineffective body cameras on police will be but after seeing some of the things posted by my friend Kurtis Hannah I am now convinced that they will also bring a new wave of surveillance and privacy violations.

We already live in a world where much of our activity is recorded by cameras. Department stores, gas stations, hospitals, and pretty much everywhere else employ security cameras. While I don’t like all being recorded at these places I also acknowledge that they won’t send men with guns after me unless I’ve done something legitimately bad in most cases (because that’s usually the only time the footage is reviewed). Police footage, especially in this day and age where the National Security Agency (NSA) already has a massive surveillance apparatus, could be employed differently. It’s not unimaginable that police departments would employ people to review all footage from body cameras to find potential criminal offenses that the officer missed. Such a large amount of footage could also enable police to track individuals by using facial recognition software against body camera footage. That wouldn’t be unprecedented since many departments already do something similar with automatic license plate scanners.

This puts us in a really bad spot. On the one hand we cannot trust the police to go about their activities unsupervised. Having their actions recorded at all times while they’re on duty and streaming that footage live for anybody to access at any point is the only way any semblance of accountability can exist. But doing that will also violate the privacy of anybody within camera shot of an officer.

What’s the solution? In my opinion the only viable solution is to toss out the entire institution of modern policing and replace it with something better. That something better will have to be decentralized by nature and not in any way associated with the state, which seems impossible to implement today due to the controlling nature of today’s state. But until that happens there will be no accountability and the only “solutions” offered to us will be ones that better enable the police to keep us under their boots.

Al Fraken Suddenly Cares About Privacy

When the government is caught spying on people it’s quick to justify its actions as being necessary for national security. But when private companies, at least ones not tied to the state’s own surveillance apparatus, spy on people the state claims it’s a tragedy. I’m not a fan of spying regardless of who’s doing it but I also can’t stand hypocrisy. Al Franken, one of Minnesota’s two psychotic senators, has a bug up his ass over Uber. I can only imagine that the company hasn’t been willing to become a full member of the state’s surveillance apparatus because Franken has been coming down on it hard:

For the last month the senator has pressed the company to be more transparent and accountable in how it handles the data associated with its burgeoning number of passengers around the world.

“My biggest concern is that they seem to have no policy,” said Franken, who chairs a subcommittee on Privacy, Technology, and the Law. “They have all this very sensitive data and they seem to have absolutely no real privacy policy.”

This is rich coming from a man who defended the National Security Agency’s (NSA) widespread surveillance of Americans. If anybody has been collecting very sensitive data without any privacy police it’s the NSA. And while I don’t trust Uber with the data it collects I at least know it’s not collecting things like my phones calls, e-mails, and other communications. Perhaps Franken should first invest time in writing up a privacy police for the NSA and then deal with the smaller fish like Uber. At least then he wouldn’t sounds like such a hypocrite.

Ignorance of the Law is Not an Excuse, Unless You’re a Cop

How many times have you heard petty authoritarians and cops (but I repeat myself) say “Ignorance of the law is not an excuse”? What they really mean is that ignorance of the law is not an excuse unless you’re a cop. Cops periodically enforce nonexistent laws. A popular phrase relating to this issue is that “You can be the rap but you can’t beat the ride.” Even if a cop is enforcing a fictitious law you as an individual have little recourse. But what happens when a cop enforcing a nonexistent law finds evidence that you’re breaking an existing law? According to the Nazgûl, err, the Supreme Court it means you’re going to be a UNICOR slave for a few years:

At issue in Heien v. North Carolina was a 2009 traffic stop for a single busted brake light that led to the discovery of illegal drugs inside the vehicle. According to state law at the time, however, motor vehicles were required only to have “a stop lamp,” meaning that the officer did not have a lawful reason for the initial traffic stop because it was not a crime to drive around with a single busted brake light. Did that stop therefore violate the 4th Amendment’s guarantee against unreasonable search and seizure? Writing today for the majority, Chief Justice John Roberts held that it did not. “Because the officer’s mistake about the brake-light law was reasonable,” Roberts declared, “the stop in this case was lawful under the Fourth Amendment.”

Roberts’ opinion was joined by Justices Antonin Scalia, Anthony Kennedy, Clarence Thomas, Ruth Bader Ginsburg, Stephen Breyer, Samuel Alito, and Elena Kagan. Writing alone in dissent, Justice Sonia Sotomayor criticized her colleagues for giving the police far too much leeway.

Since the Constitution gives the Supreme Court a monopoly on interpreting the Constitution this decision means that charges stemming from cops enforcing nonexistent laws is constitutional. The Fourth Amendment, once again, proves to be ineffective at protecting our supposed right to be secure from unreasonable search and seizure. But that’s just par for the statist course.

Nothing Says Secure Communications Like a Backdoor

Since Snowden released the National Security Agency’s (NSA) dirty laundry security conscious people have been scrambling to find more secure means of communication. Most of the companies called out in the leaked documents have been desperately trying to regain the confidence of their customers. Google and Apple have enabled full device encryption on their mobile operating systems by default, many websites have either added HTTPS communications or have gone to exclusive HTTPS communications, and many apps have been released claiming to enable communications free from the prying eyes of Big Brother. Verizon decided to jump on the bandwagon but failed miserably:

Verizon Voice Cypher, the product introduced on Thursday with the encryption company Cellcrypt, offers business and government customers end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can also connect to an organization’s secure phone system.

Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they’re able to prove that there’s a legitimate law enforcement reason for doing so.

Security is an all or nothing thing. If you implement a method for law enforcement to access communications you also allow everybody else to access communications. Backdoors are purposely built weaknesses in the security capabilities of a software package. While developers will often claim that only authorized entities can gain access using a backdoor in reality anybody with the knowledge of how the backdoor works can use it.

Matters are made worse by the fact that law enforcement access is the problem everybody is trying to fix. The NSA was surveilling the American people in secret. A lot of people have also been questioning the amount of surveillance being performed by local law enforcement agencies. Since there is a complete absence of oversight and transparency nobody knows how pervasive the problem is, which means we must assume the worst case and act as if local departments are spying on everything they can. Tools like the one just released by Verizon don’t improve the situation at all.

At Least It’ll Be a Legal Surveillance State Now

A lot of people arguing against the National Security Agency’s (NSA) mass surveillance apparatus are doing so by pointing out its illegal nature. The Fourth Amendment and a bunch of other words of pieces of paper have been cited. It looks like our overlords in Washington DC have finally tired of hearing these arguments. They’re now using their monopoly on issuing decrees to make state spying totally legal in every regard:

Last night, the Senate passed an amended version of the intelligence reauthorization bill with a new Sec. 309—one the House never has considered. Sec. 309 authorizes “the acquisition, retention, and dissemination” of nonpublic communications, including those to and from U.S. persons. The section contemplates that those private communications of Americans, obtained without a court order, may be transferred to domestic law enforcement for criminal investigations.

To be clear, Sec. 309 provides the first statutory authority for the acquisition, retention, and dissemination of U.S. persons’ private communications obtained without legal process such as a court order or a subpoena. The administration currently may conduct such surveillance under a claim of executive authority, such as E.O. 12333. However, Congress never has approved of using executive authority in that way to capture and use Americans’ private telephone records, electronic communications, or cloud data.

There you have it, all those arguments about NSA spying being illegal can finally be put to rest!

This is why I don’t hold out any hope for political solutions. So long as you rely on your rulers to define what is and isn’t legal you are forever at their mercy. And they are very interested in keeping you under their boots. But technical solutions exist that can render widespread spying, if not entirely impotent, prohibitively expensive. Many have pointed out to me that if you are targeted by the government you’re fucked no matter what. That is true. If the government wants you dead it’s well within its power to kill you. The task is not to save yourself if you are being targeted though. What cryptography tools do is keep you from being a target and raising the costs involved in pursuing you if you become a target.

It costs very little for agencies such as the NSA to slurp up and comb through unencrypted data. Encrypted data is another story. Even if the NSA has the ability to break the encryption it has no way of knowing what encrypted data is useful and what encrypted data is useless without breaking it first. And breaking encryption isn’t a zero cost game. Most people arguing that the NSA can break encryption use supercomputers as their plot device. Supercomputers aren’t cheap to operate. They take a lot of electricity. There are also the costs involved of hiring cryptanalysts capable of providing the knowledge necessary to break encryption. People with such a knowledge base aren’t cheap and you need them on hand at all times because encryption is constantly improving. The bottom line is that the more encrypted data there is the more resources the state has to invest into breaking it. Anonymity tools add another layer of difficulty because even if you decrypt anonymous data you can’t tie it to anybody.

Widespread use of cryptography makes widespread surveillance expensive because the only way to find anything is to crack everything. Political solutions are irrelevant because even if the rules of today make widespread surveillance illegal the rulers of tomorrow can reverse that decision.

And Suddenly People Care About Torture Again

Shortly after it was known that prisoners in Guantanamo Bay were being tortured there was an uproar by the neoliberals. They claimed to be very upset by the fact that people were being tortures. As it turns out they were only unhappy that their man wasn’t in charge when the torture was occurring and shortly after Bush was replaced by Obama they faded into the background (sadly joining most of the anti-war movement).

Yesterday a report on the torture performed by the Central Intelligence Agency (CIA) was released and suddenly people care about torture again:

The summary of the report, compiled by Democrats on the Senate Intelligence Committee, said that the CIA misled Americans about what it was doing.

The information the CIA collected this way failed to secure information that foiled any threats, the report said.

In a statement, the CIA insisted that the interrogations did help save lives.

“The intelligence gained from the programme was critical to our understanding of al-Qaeda and continues to inform our counterterrorism efforts to this day,” Director John Brennan said in a statement.

However, the CIA said it acknowledged that there were mistakes in the programme, especially early on when it was unprepared for the scale of the operation to detain and interrogate prisoners.

Welcome back everybody! Glad to have you with us again! Of course the reactions to this report have been very predictable. The neoliberals, who are again feigning outrage, keep reiterating that this happened under Bush’s watch. I guess the important take away from this report is that the old war criminal was in charge instead of the current war criminal (he’s probably too busy ordering the bombings of Middle Eastern children to bother overseeing torture operations).

The neocons have been equally predictable. Their main takeaway from the torture report is that it was totally cool because it was happening to Middle Easterners. They have also been busy trying to claim that the torture saved the lives of American soldiers even though no evidence exists supporting such a claim (and anybody who has studied interrogation techniques knows torture produces unreliable information because tortured people will tell you whatever they think you want to hear in the hopes you’ll stop inflicting pain).

I don’t care which war criminal was in charge at the time and I don’t care if acts of torture saved lives. Torture is unacceptable. Period. Not only does it produce unreliable information but it’s inhumane as Hell. The only thing torture is useful for is detecting people who should be removed from society. That is to say if somebody is willing to torture another human being they shouldn’t be in society.

Anyways this state crime, like all of its previous crimes, will likely be swept under the rug next week. Then it can go on to torture some other people and everybody can pretend to care for another week after a report is published by whatever party doesn’t hold the position of war-criminal-in-chief.