Expanding the Scope of the TSA

Government agencies only expand, they never contract. Although the Transportation Security Administration (TSA) has failed 95 percent of red team exercises the agency hasn’t been abolished. Instead Congress wants to reward the agency by expanding its scope to guard the trains that practically nobody uses:

Several U.S. senators want the TSA to focus more attention and resources on rail, highway, and marine transportation, which would mean greater security oversight at such places as Amtrak stations and Megabus coach stops. A bipartisan bill introduced Thursday by Senator John Thune (R-S.D.) would require the TSA to use a risk-based security model for these transport modes and to budget money based on those risks. It would require a wider use of the agency’s terrorist watch list by train operators and more detailed passenger manifests along with tighter screening of marine employees. The legislation also would increase the TSA’s canine use by as many as 70 dog-handler teams for surface transportation.

Why bother? No terrorist attack has been performed on an Amtrak train. Compared to airliners Amtrak trains are practically ghost towns. They’re low value targets to an attacker looking to rack up as high of a body count as possible. Obviously this isn’t about security so what is it about? My guess is that it’s about police state bullshit.

Remember all those movie scenes where the Nazi or Soviet officer asks passengers boarding a train for their papers? It used to be the thing were we told to fear for obvious reasons. But those scenes are pornography for statists. They show everything statists desire: control, order, and obedience. And they swooped in the second they had an excuse to implement the exact same system for air travelers. When you line up in the security theater line at an airport you hand your papers to a TSA agent who looks them over and decides whether or not your can move forward. If you’re a Jew or a kulak on the terrorist watch lists your trip ends there and you’ll be escorted away but a thug in a uniform. Now that every is used to kowtowing to government agents demanding to see our papers Congress is ready to expand the TSA’s scope. It won’t surprise me if the nation’s highways are someday littered with surprise TSA checkpoints.

Never ending expansion such as this is why I have a zero tolerance policy towards government. If you give government an inch it will slowly take a mile. The only sane solution is to not have a government at all.

Somebody is Getting Added to the No-Fly List

It’s not secret to anybody who has had the displeasure of flying out of the Minneapolis/St. Paul International Airport (MSP) that something is wrong with the security lines. While there are several numbered gates they are no longer in use. Now there are only three. There’s the two main gates and then there’s the lesser known gate tucked away elsewhere in the airpot. This has lead to ridiculously long security lines and flights are being missed just so a putz with a badge can play their part in security theater.

If the Transportation Security Administration (TSA) is a failure of an organization in general then the TSA at MSP is the idiot uncle of the family that everybody hates because he get drunk at the family get togethers and starts getting frisky with everybody’s wives and daughters.

Somebody has finally had enough and is filing a lawsuit:

A Minneapolis man is blaming the long lines at security for missing a recent flight, and now he’s suing the federal agency and the Twin Cities airport’s operator for $506.85.

In the lawsuit filed in federal court last week, Hooman Nikizad said his wait of more than 90 minutes on March 19 before he passed through security screening by the federal Transportation Security Administration (TSA) made him miss his afternoon flight to Los Angeles.

“I had to buy a ticket with another airline to be able to make my destination and meet my obligations,” Nikizad said in his claim, which noted the TSA had limited staff on duty at the time and “only one body scanner for the regular security line [in operation].”

I’m sure Mr. Nikizad will be added to the no-fly list. Regardless his lawsuit, as far as I’m concerned, is entirely justified. Expecting people to arrive hours before a flight for no reason whatsoever (see the TSA’s 95 percent failure rate) is unacceptable. If somebody arrives at the airport 90 minutes before their flight and is forced to buy another ticket because TSA couldn’t get its shit together then the agency should be forced to reimburse them for damages.

“Libertarian” Vice Presidential Candidate

Supposedly the Libertarian Party tries to get libertarians elected into offices. The party has a funny way of going about that goal though. For example, the party hasn’t nominated an actual libertarian presidential candidate for at least as long as I’ve been old enough to vote. This year’s ticket is no different.

Gary “Ban the Burqa” Johnson was nominated to be the Libertarian Party’s presidential candidate this year. Although the Libertarian Party doesn’t allow presidential candidates to outright pick their running mates, the party voters are usually willing to roll over and approve whoever their presidential candidate wants. Johnson wanted Bill Weld and the Libertarian Party, apparently deciding it didn’t want any libertarians on its presidential ticket, was happy to comply.

After the shooting in Orlando Weld decided to show his anti-libertarian colors:

Bill Weld, the former governor of Massachusetts now running as the Libertarian Party’s candidate for vice president, called today for a 1,000-agent task force to combat Islamic State adherents in the United States, and for a tip line where Muslims could inform on radicalism.

“Let’s face it: The United States is under attack right now by ISIS and ISIS copycats,” Weld said. “They have a deep pool to pull from. There are over 3 million Muslims in the United States — maybe Mr. Trump will want to deport them all, but the better approach is to work with the community.”

Weld, who served as U.S. attorney and then assistant attorney general in the DOJ’s criminal justice division, suggested that the DOJ could take a cue from a program that worked in Massachusetts. The “Drop-a-Dime Project,” a nonprofit tip line created by community leaders, was used by law enforcement to pursue tips about crime in Boston’s black neighborhoods and to achieve breakthroughs in drug investigations.

“We’d get all kinds of tips,” Weld said. “The residents of Dorchester and Mattapan were only too happy to help. There may be some people out there leaning toward ISIS, people who would want to shelter the people going around killing other people. But for every pair of ears that would be sympathetic, there will be pairs that will not be sympathetic.”

I thought the Libertarian Party was all about shrinking government, not growing it. I guess this is what happens when the party doesn’t nominates a libertarian for its vice presidential candidate.

I know the Libertarian Party, especially now that it’s pulling people from the Republican Party, has a lot of statists within its ranks so this idea may sound appealing to them. Let’s consider the effectiveness of such a program. I’ll start by once again quoting Bruce Schneier, “If you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.” This is something libertarians tend to inherently understand. If you setup a program where average Joes are expected to rat out their neighbors you will get a lot of noise and very little, if any, signal.

How do you tell if somebody expressing sympathies for the Islamic State (IS) is merely angry at the way the United States and European countries have treated the Middle East or is planning to commit acts of murder in the organization’s name? Most people can’t tell and that’s the problem with this kind of tip line. It would be flooded with “tips” from people who think somebody speaking out against the United States dropping bombs on wedding parts is sympathizing with IS. Many of the “tips” would likely come from people who just don’t like their Muslim neighbors and see the tip line as a way to get the State to harass them. Well’s proposal would create a 1,000-agent (you do have to appreciate how all of these proposals involve an arbitrary number of agents that is almost always cleanly divisible by 10) task force that does nothing productive (in other words, it’ll be just like every other government agency).

I’m glad I don’t play politics anymore. If I did I’d be depressed this election cycle because there are exactly zero acceptable candidates running for office.

How Not to Design Security

As is common after a violent tragedy, a great deal of electrons are being annoyed by people who are calling for prohibitions. Some want to prohibit firearms, ammunition, and body armor while others want to prohibit members of an entire religion from crossing the imaginary line that separates the United States from the rest of the world. All of this finger pointing is being done under the guise of security but the truth is that any security system that depends on an attacker acting in a certain way is doomed to fail.

Prohibitions don’t eliminate or even curtail the threat they’re aimed at. In fact the opposite is true. The iron law of prohibition, a term coined in regards to prohibitions on drugs, states that the potency of drugs increases as law enforcement efforts against drugs increases. It applies to every form of prohibition though. Prohibitions against firearms just encourages the development of more easily manufactured and concealable firearms just as the prohibition against religious beliefs encourages those beliefs to be practices in secrecy.

When you rely on a prohibition for security you’re really relying on your potential attackers to act in a specific way. In the case of firearm prohibitions you’re relying on your potential attackers to abide by the prohibition and not use firearms. In the case of prohibiting members of a specific religion from entering a country you’re relying on potential attacks to truthfully reveal what religion they are a member of.

But attackers have a goal and like any other human being they will utilize means to achieve their ends. If their ends can be best achieved with a firearm they will acquire or manufacture one. If their ends require body armor they will acquire or manufacture body armor. If their ends require gaining entry into a country they will either lie to get through customs legitimately or bypass customs entirely. You attackers will not act in the manner you desire. If they did, they wouldn’t be attacking you.

What prohibitions offer is a false sense of security. People often assume that prohibited items no longer have to be addressed in their security models. This leaves large gaping holes for attackers to exploit. Worse yet, prohibitions usually make addressing the prohibited items more difficult due to the iron law of prohibition.

Prohibitions not only provide no actual security they also come at a high cost. One of those costs is the harassment of innocent people. Firearm prohibitions, for example, give law enforcers an excuse to harass anybody who owns or is interested in acquiring a firearm. Prohibitions against members of a religion give law enforcers an excuse to harass anybody who is or could potentially be a member of that religion.

Another cost is a decrease in overall security. Firearm prohibitions make it more difficult for non-government agents to defend themselves. A people who suffer under a firearm prohibition find themselves returned to the state of nature where the strong are able to prey on the weak with impunity. When religious prohibitions are in place an adversarial relationship is created between members of that religion and the entity putting the prohibition in place. An adversarial relationship means you lose access to community enforcement. Members of a prohibited religion are less likely to come forth with information on a potentially dangerous member of their community. That can be a massive loss of critical information that your security system can utilize.

If you want to improve security you need to banish the idea of prohibitions from your mind. They will actually work against you and make your security model less effective.

Airport Security Isn’t The Only Security The TSA Sucks At

The Transportation Security Administration (TSA) sucks at providing airport security. But the agency isn’t a one trick pony. Demonstrating its commitment to excellence — at sucking — the TSA is working hard to make its computer security just as good as its airport security:

The report centers on the the way TSA (mis)handles security around the data management system which connects airport screening equipment to centralized servers. It’s called the Security Technology Integrated Program (STIP), and TSA has been screwing it up security-wise since at least 2012.

In essence, TSA employees haven’t been implementing STIP properly — that is, when they’ve been implementing it at all.

STIP manages data from devices we see while going through security lines at airports, namely explosive detection systems, x-ray and imaging machines, and credential authentication.

[…]

In addition to unpatched software and a lack of physical security that allowed non-TSA airport employees access to IT systems, the auditors found overheated server rooms and computers using unsupported systems — and much more.

The observed “lack of an established disaster recovery capability” noted by the OIG is particularly scary. If a data center was taken out by natural disaster, passenger screening and baggage info would be rendered inaccessible.

Not only that, but there was no security incident report process in place, and there was “little employee oversight in maintaining IT systems.” And, auditors were not pleased at all that non-TSA IT contractors maintained full admin control over STIP servers at airports.

At what point do we write the TSA off as a failed experiment? I know, it’s a government agency, it’ll never go away. But the fact that the TSA continues to fail at everything and is allowed to continue existing really demonstrates why the market is superior to the State. Were the TSA forced to compete in a market environment it would have been bankrupted and its assets would have been sold to entrepreneurs who might be able to put them to use.

It’s time to ask the million dollar question. What will happen now? One of the reason government agencies fail to improve their practices is because there’s no motivation to do so. A government agency can’t go bankrupt and very rarely do failures lead to disciplinary action. In the very few cases where disciplinary action does happen it’s usually something trivial such as asking the current head of the agency to retire will full benefits.

Meanwhile air travelers will still be required to submit to the TSA, which not only means going through security theater but now potentially means having their personal information, such as images from the slave scanners, leaked to unauthorized parties.

Anatomy Of A Scam

Kickstarter is used to get some really cool projects off of the ground but it’s also packed with half-baked ideas and outright scams. What I present here is a case of the latter. Meet the first encryption software engineered to defeat hacking programs, granting impenetrable data protection, and cloud storage (their words, not mine).

I’m not even sure where to start with this one so I guess I’ll start with the most obvious red flag, impenetrable anti-hacking software. Before starting this Kickstarter I assume the team worked on a unicorn ranch because they apparently have a knack for delivering the impossible. And if designing impenetrable software is possible it certainly isn’t going to be done by this team. Pulling off such a feat would require a great deal of technical knowledge and this team doesn’t appear to have that as I will demonstrate. Let’s begin with their statement regarding the Advanced Encryption Standard (AES):

AES Hacking Solutions are readily available for sale on dark web.

In the late 1990’s, AES, while under ‘well-intentioned’ government oversight, somehow, a ‘back-door’ found its way into this ‘approved’ data security solution, — as has been widely reported. The unintended consequences of this back-door allows for complete access to your data, without your permission, to data monitoring, data-mining and active eavesdropping. Effectively, voiding your right to privacy and confidently. So common is this practice it has a name: Active Snooping.

There are known attacks against AES but none of them are practical. But the elite team of entrepreneurs (I’ll get to that in a bit) supposedly know of a backdoor. In fact this backdoor has supposedly been widely reported! Yet I’ve never heard of it, which I find odd because I follow the publications of quite a few computer security experts. I guess everybody from Bruce Schneier to Dan Kaminsky just missed that piece of news as well as this piece:

SSL is a Myth. Cybercriminals know about these flaws and back-door. They are stealing, compromising, and profiting from your data everyday.

SSL is a myth? Huh. As somebody who has spent many hours configuring it I would beg to differ. SSL, more accurately TLS, is a very real thing. It’s also secure so long as it’s configured correctly. Speaking of myths, or more accurately fiction:

You don’t have to be 007 to Use the DataGateKeeper Encryption Software…

I’m glad they mentioned 007 because this page reads like the “hacking” Q did in Skyfall. That is to say it’s nonsensical and entirely fictitious. Q gets a pass though because he’s a fictional character in a fictional universe where anything is possible. Even something as infeasible as a Walther PPK feeding reliably can happen in the James Bond’s universe.

Earlier I questioned DataGateKeeper’s team’s technical knowledge. This isn’t because they posted an incorrect minor detail about a complex mathematical factoid. It’s because they can’t even get basic units of measure correct:

so-many-kilobits

So. Many. Kilobits! Even if you’re only marginally aware of AES you’ve probably seen a mention of a 128-bit and a 256-bit mode. A kilobit is 1,000 bits so according to this chart DataGateKeeper has 512,000-bit encryption whereas services such as Dropbox and OneDrive lack even 128,000-bit AES encryption. Well that’s a no brainer since 128,000-bit AES doesn’t exist. Even if it did no consumer computer would have the processing power to use it. This chart should have added a row for unicorns. None of the competing services offer unicorns and I wouldn’t put it past the DataGateKeeper team to claim they offer unicorns.

Regardless of feasibility, DataGateKeeper is offering all of the kilobits:

  • 512kb Civilian – 50 Years of protection. Available on Kickstarter.
  • 768kb First Responders, Police, Retired & Active Duty Military – 73 years of protection. Donation of your choice.
  • 1024kb – Enterprise & SMB

That’s a lot of kilobits! But wait… now I’m confused. Earlier on the page it said:

MyDataAngel.com provides Impenetrable Civilian Data Protection plans beginning at 512-bit encryption.

So which is it? 512-bits or 512-kilobits? There’s literally a multiple of 1,000 difference. I’m sure that will be clarified at a future data. What we do know is that whatever algorithm they’re using is 6,000,000 times stronger than current data security:

We created a cipher that is 6,000,000 times stronger than current data security, as proven by algorithmic mathematics.

See? They proved it with algorithmic mathematics! That’s, like, the best kind of mathematics!

So how does this miraculous algorithm work? Who knows. The Kickstarter page, not surprisingly, doesn’t include any technical details. Okay, it does include a gif image with a calculator and some math-like stuff. It doesn’t actually explain anything but it’s there.

After reading this Kickstarter page you’re left with the feeling that it was written by marketing people who have no knowledge about cryptography. Even the most basic of information is either wrong or nonsensical. It’s almost as if there are no cryptographers involved with this project. In fact, that may be exactly what the problem is:

Our management team is uniquely qualified to implement our plan of operations, with a combined 75+ years of entrepreneurial experience, at all levels of corporate gestation, from rank start-up through to publicly traded entities. Our experience spans multiple sectors, from entertainment and manufacturing to healthcare and technology. The management team resume includes names such as: PepsiCo, Colgate-Palmolive, Paramount Studios and Merv Griffin Productions. Our President and co-founder, Debra Towsley, oversaw the marketing plan for Universal Studio’s $1.5 billion theme park expansion, Islands of Adventure®, as VP of Marketing. Our Chief Strategy Officer, Frank Ruppen, graduated from Harvard Business School, and cut his teeth as the brand manager for Proctor & Gamble, before accepting positions at McKinsey & Co., Sterling Brands, and Consumer Dynamics; he relocated to work in cities like: Sydney, Caracas and Tokyo. Raymond Talarico, our CEO, has been involved in multiple roll-ups and consolidations. He is credited as having developed companies from a one-sentence mission statement in MEDirect Latino to publicly traded entities with market caps exceeding $160M. The youngest member of our team, Joshua Noel (21), is the Creative Director who is a literal ‘Jack of All Trades’ when it comes to content creation. Yes, they do exist. His talent is on display here in the videos, as well as the vlogs, the overall design of our branding, and iconization.

They have people experienced in entrepreneurship but not a single mention of a cryptographer anywhere on the page is made. That pretty much tells us everything we need to know and explains why this page reads like a marketing person was tasked with writing a sales pitch on a cryptographic service but wasn’t given access to anybody knowledgeable in cryptography to verify any of the claims.

This is what a scam looks like. The product being offered is not only impossible but the entire writeup makes no sense within the framework of the market they’re aiming at. Scam might not even be the correct word for this. I would hope a scam artist would put some effort into making their scam at least appear somewhat believable. The people involved in this page didn’t even accomplish that much! DataGateKeeper’s team are scam artists who couldn’t even create a convincing scam. They’re basically failures who failed at failing.

At this point, when social media backlash destroys any chance of this Kickstarter getting funded, I’m expecting them to claim that this was all an elaborate troll. It really is their only option.

Everybody Is Sick Of The TSA

This week I had to fly to another state for work. Unfortunately, that meant having to submit myself to the jack booted thugs at the Transportation Security Administration (TSA). The Minneapolis-Saint Paul International Airport (MSP) has been in the news as of late for having even more miserable security lines than other airports. This is due to the airport closing all but three of the security lines (the airport use to have more open gates but for reasons unknown — that totally have nothing at all to do with the TSA wanting flyers to buy its PreCheck scam — it closed all but three of them).

My flight was very early in the morning so I actually got through security in about half an hour. I didn’t even have to opt out of the slave scanner since they only ran me through the metal detector. In fact I didn’t even have to pull out my liquids, laptop, or remove my shoes. The goons working the airport were actually being reasonable for once.

Returning to the Twin Cities wasn’t as nice. The TSA goons there wanted me to go through the slave scanner so I had to waste time opting out and getting sexually assaulted. They also pulled my carryon off of the scanner, dug through it, and swabbed everything in it (I didn’t win an unlucky drawing, they were doing this to almost every piece of luggage). All in all I probably spent forty five minutes going through security.

The TSA is the epitome is government idiocy. It’s cumbersome, doesn’t fulfill its purpose, and inconsistent. I think the inconsistency is the most annoying part. When I go through security I’m not sure whether I’ll have to take off my shoes, belt, and wristwatch or be barked at for doing so. Will I have to remove the liquids from my bag? Will I have to pull my laptop out of its bag? I have no idea because the TSA agents seem to make up the rules on the spot. This means the lines end up being even longer because people have no idea what the fuck they’re supposed to do. If they take their shoes off before getting to the scanners they may get barked at and have to waste time putting them back on. The same goes for removing liquids and laptops from bags. There’s no way to speed up the line by planning ahead because you have no idea what you’ll be required to do before you get to the scanners.

It seems that my frustrations aren’t unique. New York City is now talking about replacing the TSA with private security agencies:

Management of the New York City area’s three major airports is fed up with long lines at security check points, and they have given the Transportation Security Administration an ultimatum: Either shorten the lines or we’ll find someone else to do it.

The Port Authority of New York and New Jersey, tasked with running John F. Kennedy, LaGuardia and Newark airports, is threatening to privatize the process of screening passengers before boarding their flight, according to a document sent from the Port Authority to TSA Administrator Peter Neffenger.

“We can no longer tolerate the continuing inadequacy of the TSA passenger services,” the letter obtained by ABC News reads.

Although this would be a move in the right direction I doubt it will have a major impact. Any private security agency would still have to abide by the TSA’s security policies. Privatization is of little value when the State restricts any possible innovation with regulatory burdens. However, if enough airports replaced the TSA it would help shake the agency’s iron grip over airport “security” (quotes used because the agency doesn’t actually provide security). If the iron grip was removed there would be a chance that some actual innovation could take place that would make airport security a less annoying experience.

Performing Denial Of Service Attacks Against Airliners Is Ridiculously Simple

How can you shutdown an airline service? By setting your Wi-Fi hotspot’s Service Set Identifier (SSID) to something quippy:

According to The West Australian, a passenger on QF481 spotted a Wi-Fi hotspot titled “Mobile Detonation Device” and advised a crew member. It wasn’t clear what mobile device it was linked to or where the device was located.

The crew member informed the captain, who then broadcast a message to passengers. Passenger John Vidler told the publication the pilot said the device needed to be located before the flight could depart.

If somebody put a bomb on board would they use Wi-Fi to detonate it? Probably not. That would require being in close proximity to the device whereas a cellular device, which are commonly used as remote detonators, allow the perpetrator to be somewhere else in the world. If a bomber did use a Wi-Fi detonator would they set it to broadcast an SSID that indicated it was a detonator? Most likely not. That would increase the chances of the device being discovered before it could be detonated. Holding the flight until the device was located was an overreaction.

In addition to being an overreaction it also gives individuals interested in interfering with airline service a cheap and effective means of accomplishing their goals. With little more than a Wi-Fi access point you can perform a denial of service attack against an airplane.

Free Apps Aren’t Free But Dumb Phones Won’t Protect Your Privacy

I have a sort of love/hate relationship with John McAfee. The man has a crazy history and isn’t so far up his own ass not to recognize it and poke fun at it. He’s also a very nonjudgemental person, which I appreciate. With the exception of Vermin Supreme, I think McAfee is currently the best person running for president. However, his views on security seem to be stuck in the previous decade at times. This wouldn’t be so bad but he seems to take any opportunity to speak on the subject and his statements are often taken as fact by many. Take the recent video of him posted by Business Insider:

It opens strong. McAfee refutes something that’s been a pet peeve of mine for a while, the mistaken belief that there’s such a thing as free. TANSTAAFL, there ain’t no such thing as a free lunch, is a principle I wish everybody learned in school. If an app or service is free then you’re the product and the app only exists to extract salable information from you.

McAfee also discusses the surveillance threat that smartphones pose, which should receive more airtime. But then he follows up with a ridiculous statement. He says that he uses dumb phones when he wants to communicate privately. I hear a lot of people spout this nonsense and it’s quickly becoming another pet peeve of mine.

Because smartphones have the builtin ability to easily install applications the threat of malware exists. In fact there have been several cases of malware making their way into both Google and Apple’s app stores. That doesn’t make smartphones less secure than dumb phones though.

The biggest weakness in dumb phones as far as privacy is concerned is their complete inability to encrypt communications. Dumb phones rely on standard cellular protocols for making both phone calls and sending text messages. In both cases the only encryption that exists is between the devices and the cell towers. And the encryption there is weak enough that any jackass with a IMSI-catcher render it meaningless. Furthermore, because the data is available in plaintext phone for the phone companies, the data is like collected by the National Security Agency (NSA) and is always available to law enforcers via a court order.

The second biggest weakness in dumb phones is the general lack of software updates. Dumb phones still run software, which means they can still have security vulnerabilities and are therefore also vulnerable to malware. How often do dumb phone manufacturers update software? Rarely, which means security vulnerabilities remain unpatched for extensive periods of time and oftentimes indefinitely.

Smart phones can address both of these weaknesses. Encrypted communications are available to most smart phone manufacturers. Apple includes iMessage, which utilizes end-to-end encryption. Signal and WhatsApp, two application that also utilize end-to-end encryption, are available for both iOS and Android (WhatsApp is available for Windows Phone as well). Unless your communications are end-to-end encrypted they are not private. With smartphones you can have private communications, with dumb phones you cannot.

Smart phone manufacturers also address the problem of security vulnerabilities by releasing periodic software updates (although access to timely updates can vary from manufacturer to manufacturer for Android users). When a vulnerability is discovered it usually doesn’t remain unpatched forever.

When you communicate using a smartphone there is the risk of being surveilled. When you communicate with a dumb phone there is a guarantee of being surveilled.

As I said, I like a lot of things about McAfee. But much of the security advice he gives is flawed. Don’t make the mistake of assuming he’s correct on security issues just because he was involved in the antivirus industry ages ago.

The FBI Heroically Saves Us Yet Again From A Criminal It Created

Just one week after heroically saving us from a terrorist it created, the Federal Bureau of Investigations (FBI) has saved us from yet another criminal it created:

US authorities depict Franey as an unstable anti-government militant who deserved a closer look to see how far he might go. One of his neighbors told FBI agents that Franey said he hated the US military for not allowing him “to leave the Army” after he enlisted, and that he railed at the system for “taking away his kids.” As US Attorney Hayes put it, the Justice Department was obligated to “pursue all available leads to ensure the public was protected from any possible harm.”

But while it seems Franey talked often and enthusiastically about plotting a terrorist attack, there’s little indication he ever had any intention of following through with his threats until the FBI’s undercover agent came along. After befriending Franey, the agent took him on an eight-month ride — sometimes literally, including a road trip along the West Coast — while recording their conversations, doling out cash, furnishing him with guns, and then busting him for illegal possession of the weapons.

I once heard that the FBI used to arrest criminals it didn’t create. Does it still do that once in a while? Is that still a thing?

What happened here is the same thing that always happens. The FBI identified somebody, likely of lukewarm intelligence, who it thought was capable of being radicalized into a threat. It then assigned an agent to befriend the individual and slowly radicalize him. After radicalizing him the agent then provided him a means to perpetuate an attack. The operation then closed with the agent arresting the guy for basically being a radicalized individual in possession of a means to commit an attack.

In this case the FBI’s prey was arrested for illegally possessing weapons. Weapons which were given to him by the FBI.

These operations rely on taking a hypothetical scenario and making it a reality. The individuals they target are those the agency deems capable of being radicalized. If left to their own devices the individuals would almost certainly remain harmless. Most of these individuals are socially isolated, aren’t the brightest bulbs in the box, and are seldom go-getters. Since they’re socially isolated they’re usually desperate for friendship, which makes them vulnerable to FBI agents. Their lukewarm intelligence also makes them more susceptible to being influenced. When you combine social isolation with lukewarm intelligence you have a recipe for an individual who can be easily manipulated to do bad things. But even if they’re manipulated into doing something bad they seldom have the motivation or means. So the FBI prods these individuals into performing an attack and provides them a means with which to pull it off. Finally, with all the pieces in place the FBI arrests its creation.

What the FBI is doing is preying on vulnerable individuals, convincing them to do something bad, and then providing the means to do that bad thing. If the FBI didn’t involve itself these people would normally just fade into the annals of history. The FBI isn’t protecting us from anything with these operations. It’s creating a bad situation and then claiming to save everybody from it.