Tag: Security Theater

Schools Reflect Prisons More and More Everyday

American schools and prisons become more of a mirror image every day. Prisons now contain classrooms, art centers, computer labs, libraries, and other things we would expect to find in a school. Schools are now surrounded by chain link fencing, guards and metal detectors are posted at entrances, and students are prohibited from having mechanisms that could conceal anything that they’re carrying:

A New York high school is the latest in the nation to ban backpacks following several bomb threats, and has even taken extra steps, including sealing up students’ lockers.

For the last two weeks of the school year, students at Wantagh High School — located about 34 miles east of New York City — are being forced to carry their books and belongings in plastic bags, sign in and out to use the bathroom and submit to searches when entering the building. But the sealing up of lockers took school security to a new level.

When I was in high school there were whispers of backpack bans but they were similar to the whispers about instating school uniforms: they are brought up every now and then only to be shot down by people who aren’t completely stupid. But now, from my understanding, backpack bans aren’t unheard of but the sealing up of lockers is new to me. Depending on the school an average student may have anywhere from four to eight classes. Trying to lug around everything you need for those classes all day is annoying to say the least. But schools are often spend a great deal of time making students’ lives miserable while paying lip service to making a safe learning environment.

At this rate they might as well just house students in prisons.

Find My iPhone Vigilantism, a Demonstration of State Failure in Providing Security

The New York Times ran a story covering a recent phenomenon where victims of iPhone theft use the Find My iPhone feature to find the thief and reclaim their phone:

Using the Find My iPhone app on her computer, she found that someone had taken the phones to a home in this Los Angeles exurb, 30 miles east of her West Hollywood apartment.

So Ms. Maguire, a slight, 26-year-old yoga instructor, did what a growing number of phone theft victims have done: She went to confront the thieves — and, to her surprise, got the phones back.

Ah, the lovely Hollywood outcome where all is well at the end. But the news isn’t Hollywood so you know that a happy ending at the beginning of the story must be followed by a story of horror:

In San Diego, a construction worker who said his iPhone had been stolen at a reggae concert chased the pilferer and wound up in a fistfight on the beach that a police officer had to break up. A New Jersey man ended up in custody himself after he used GPS technology to track his lost iPhone and attacked the wrong man, mistaking him for the thief.

The rest of the article mostly consists of dire warning, primarily form police officers, against people seeking out thieves and attempting to recover their property. By the end of the story you’re supposed to see these so-called vigilantes as well-meaning albeit foolish people. What isn’t discussed are the motivations of these people willing to put themselves at risk to recover their stolen property.

I see this phenomenon (which likely consists of no more than ten or so people but the media needed a story so it inflated how common this practice is) as an example of the state’s failure to provide adequate security. As you likely know the state maintains a virtual monopoly on security services via its monopoly on law enforcement. While there are a few areas that the state allows private security providers to operate in (namely building security) the personal electronics recovery market isn’t one of them. If somebody steals your mobile phone you’re expected to rely on the police to recover it. This wouldn’t be an issue if the police would actually invest resources into recovering a stolen phone. But in most cases they will fill out a meaningless report and inform you that it’s almost impossible to recover a stolen personal electronic device. Even providing the police with access to your Find My iPhone service will seldom encourage them to get off of their asses and retrieve your phone. In fact you can get more done by contacting Apple and providing it with your stolen phone’s serial number. At least then the phone will be kept by Apple should it ever be brought in for repairs and the person who brought it in will be reported to the police. But that’s a pretty big if.

Since the solution provided by the state is unwilling to retrieve your phone and private solutions are verboten you’re left with only one option: if you want to retrieve your stolen phone you have to do it yourself. Don’t blame the vigilantes, blame the state that monopolized the security market and failed to provide an adequate service.

When Different Government Departments Have Mutually Exclusive Missions

Trying to unwrap every mission the federal government has tasked itself with is practically impossible. The beast as grown so large that no single individual can fully grasp it. There are many dangers inherit in such a massive system. One of those dangers is different departments holding mutually exclusive mission. Take the Department of Homeland Security (DHS) for instance. One of its missions [Warning: link is operated by a dangerous gang of violent criminals] is to defend the nation’s communication infrastructure. This would imply discovering and notifying the public about potential security exploits. Now consider the National Security Agency (NSA). Its mission is to exploit vulnerable system of both domestic and foreign entities in order to spy on them. This mission is mutually exclusive to DHS’s:

WASHINGTON — Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.

But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons.

It is impossible for the government to both protect the nation’s communication infrastructure and not inform the public about major security flaws. When you discover a security flaw you cannot know for certain that you’re the only one who knows about it. Any number of people could have discovered it beforehand. That being the case you cannot assume that the flaw isn’t being actively exploited by nefarious individuals or organizations. Therefore the only way to protect the general public is to disclose information regarding the exploit so it can be fixed.

This is one of the reasons why any mission statement given by a government agency is meaningless. While one government agency may be tasked with a certain mission another agency is likely tasked with the exact opposite mission.

Language Discrimination

Bad news everyone. Studying Arabic is now grounds to be detained at the airport:

PHILADELPHIA (AP) — A former college student who was detained for several hours at an airport after he was found carrying Arabic language flashcards had his bid to sue federal agents rejected by a federal appeals court.

Nicholas George sought to sue three Transportation Security Administration agents and two FBI agents over the August 2009 stop at Philadelphia International Airport, saying they violated his free speech rights and conducted an improper search and arrest based on the flashcards and a book critical of American policy in the Middle East.

A district judge rejected the agents’ assertion of immunity, but the 3rd U.S. Circuit Court of Appeals overturned that ruling in a decision issued Tuesday.

George was returning from his home in a Philadelphia suburb to Pomona College in California, where he was studying Arabic, when TSA agents saw the words “bomb” and “terrorist” among his flashcards and called police. George was detained for nearly five hours, two of them in handcuffs in a city police station at the airport.

Obviously Mr. George was a terrorist. After all, who else would be carrying Arabic flash cards with words like “bomb” and “terrorist” printed on them? Well, besides somebody studying to become a military translator. Or somebody who has an invested interest in reading Arabic manuals on guerrilla warfare purely for curiosity’s sake. The Transportation Security Administration (TSA) went bonkers when it first started but it’s rather sickening to think that we still have that horrible agency around even though it hasn’t prevented a single terrorist wannabe from boarding an airplane.

The NSA is Tracking Cellular Phone Locations Around the World

I’m sure this isn’t going to surprise anybody. On top of reading our e-mails and text messages, listening to our phone calls, and attempting to decrypt our encryption communications the National Security Agency (NSA) has been busy tracking our location using our voluntary tracking device (often mistakenly referred to as a cellular phone):

The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.

The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.

At this point I feel that it’s safe to assume that the NSA has utilized every technology we use in our daily lives to inflict an Orwellian world upon us. It’s obvious that the people in charge of the agency have no conscious whatsoever. Anybody with a conscious would have objected to at least a few of the activities the NSA has been involved in. In fact things are so bad at the NSA that it gave its employees talking points so they could justify their actions to their family members during Thanksgiving.

That’s the Kind of Thing an Idiot Would Have On His Luggage

Security is an interest of mine. Most of my time spent studying security is focused on computer security but physical security is something that also interests me. What needs more physical security than nuclear missiles? Apparently a lot of things because the security on the United States’ nuclear arsenal was downright pathetic:

Today I found out that during the height of the Cold War, the US military put such an emphasis on a rapid response to an attack on American soil, that to minimize any foreseeable delay in launching a nuclear missile, for nearly two decades they intentionally set the launch codes at every silo in the US to 8 zeroes.

[…]

However, though the devices were supposed to be fitted on every nuclear missile after JFK issued his memorandum, the military continually dragged its heels on the matter. In fact, it was noted that a full 20 years after JFK had order PALs be fitted to every nuclear device, half of the missiles in Europe were still protected by simple mechanical locks. Most that did have the new system in place weren’t even activated until 1977.

Those in the U.S. that had been fitted with the devices, such as ones in the Minuteman Silos, were installed under the close scrutiny of Robert McNamara, JFK’s Secretary of Defence. However, The Strategic Air Command greatly resented McNamara’s presence and almost as soon as he left, the code to launch the missile’s, all 50 of them, was set to 00000000.

I usually admire that reality often imitates comedy but not when it comes to nuclear weapons:

The fact that the United States was more concerned about being able to easily kick off the apocalypse than preventing it speaks volumes.

You Know the War on Terror is Lost When the Founder of Blackwater Starts Criticizing It

How can you tell when the War on Terror has been lost? When the founder of Blackwater Xe ACADEMI begins criticizing it:

Erik Prince is not the kind of man one expects to make the case for slashing U.S. intelligence and military budgets. After 9-11, his company, Blackwater, expanded exponentially, winning contracts to protect diplomats and politicians in Iraq and to train and work with CIA paramilitary teams hunting terrorists.

In an interview Monday, Prince said the national security state he once served has grown too large.

“America is way too quick to trade freedom for the illusion of security,” he told The Daily Beast. “Whether it’s allowing the NSA to go way too far in what it intercepts of our personal data, to our government monitoring of everything domestically and spending way more than we should. I don’t know if I want to live in a country where lone wolf and random terror attacks are impossible ‘cause that country would look more like North Korea than America.”

Even the people who made themselves wealthy off of the War on Terror can’t continue to promote it. Of course the state will continue to wage its war because that’s all it knows how to do. After all, the War on Terror was never about fighting terrorists, it was about expropriating wealth from foreign nations.

Healthcare.gov: Defenders of Internet Freedom Need Not Apply

Healthcare.gov has turned out to be quite a fiasco. During the first days of operation I tried to access the site and always received a 403 (unauthorized access) error. I assumed this error was being kicked out because of the site’s general instability. As it turns out, my Internet Protocol (IP) address has been added to Healthcare.gov’s list of banned IP addresses. The reason for this was made apparent on the tor-talk mailing list:

I’ve been running a Tor Relay (not an exit node) from my home for quite a while now, and up to this point have not encountered any issues accessing any sites. However, today I attempted to access https://www.healthcare.gov, and received a HTTP 403 response and a pretty standard 403 message. To test my hypothesis, I also tried accessing the site via the Tor network — and received the same message. In the meanwhile, a friend who does not operate a Tor relay was able to access the site. Could anyone else with a public relay confirm this issue — and if confirmed, would someone from the Tor Project be kind enough to contact the appropriate parties and explain why blocking Tor relays is a silly thing? I’d do it myself… but alas, I cannot reach the site to see who the appropriate parties would be 🙂
Thank you.

In February I setup a Tor relay on a Raspberry Pi, which has been running continuously ever since. The operators of Healthcare.gov have decided to ban any IP address operating a Tor relay, whether it is an exit or non-exit relay, from accessing the site.

It’s not uncommon for websites to block IP addresses operating Tor exit relay. Malicious individuals wanting to attack a site anonymously can and have used the Tor network. But I’m unaware of any website that has blocked IP addresses operating non-exit relays. There’s no reason for doing so since anonymized Tor traffic never exits from a non-exit relay. The only function non-exit relays have is to forward traffic from one node in the Tor network to another node.

The Affordable Care Act (ACA), and by extension Healthcare.gov, are as much political messages as they are laws. By blocking every IP address that is operating a Tor relay the message is effectively this: defenders of Internet freedom need not apply for health insurance. In all likelihood this decision, like most of the decisions revolving around Healthcare.gov, is the result of incompetence, not outright malice. But I also believe this problem is unlikely to be addressed since the current government (from Congress to the presidency to the appointed bureaucrats) has demonstrated an opposition to Internet anonymity.

9/11 Continues to Cost Us

12 years ago two planes crashed into two towers and killed a lot of people. Another plane crashed into the Pentagon, which was far less damaging since the wing that was struck was under construction and therefore unoccupied. But the carnage didn’t stop there. In an ironic twist the very agency that was supposedly created to protect Americans from another terrorist attack, the Transportation Security Administration (TSA), has made flying so miserable that people now opt to drive shorter distances. Since driving is exponentially more dangerous than flying the country now suffers an additional 500 automobile-related deaths per year:

The inconvenience of extra passenger screening and added costs at airports after 9/11 cause many short-haul passengers to drive to their destination instead, and, since airline travel is far safer than car travel, this has led to an increase of 500 U.S. traffic fatalities per year. Using DHS-mandated value of statistical life at $6.5 million, this equates to a loss of $3.2 billion per year, or $32 billion over the period 2002 to 2011 (Blalock et al. 2007).

To put that number in perspective it has been 12 years since the 9/11 attacks. During that span of time approximately 6,000 people have died in automobile-related accidents that may be alive today if it wasn’t for the draconian policies put into place by the TSA. The 9/11 attacks killed a total of 2,753 people. Since the 9/11 attacks the policies put into place by the federal government have managed to kill over twice as many people as the attacks themselves. That’s not even counting the number of deaths that have occurred because of the wars started using the 9/11 attacks as a justification.

The terrorists won. A handful of people using box cutters and knives were able to bring the mighty United States to its knees.

NSA Planning to Lay Off 90 Percent of Its System Administrators

In a mad panic to ensure another whistle blower doesn’t follow in the footsteps of Edward Snowden the National Security Agency (NSA) is planning to eliminate 90 percent of its system administrators:

(Reuters) – The National Security Agency, hit by disclosures of classified data by former contractor Edward Snowden, said Thursday it intends to eliminate about 90 percent of its system administrators to reduce the number of people with access to secret information.

Keith Alexander, the director of the NSA, the U.S. spy agency charged with monitoring foreign electronic communications, told a cybersecurity conference in New York City that automating much of the work would improve security.

“What we’re in the process of doing – not fast enough – is reducing our system administrators by about 90 percent,” he said.

Although Keith Alexander is selling this move as a security enhancement it’s really nothing more than shuffling around potential weaknesses in the NSA’s networks. In order to replace so many system administrators their jobs will have to be automated, which will require developers to create new administrative tools. Instead of worrying about a system administrator leaking information to the public the NSA will now have to worry about a back door being created in its new automation tools. As the Underhanded C Contest has demonstrated numerous times, hiding malicious code is surprisingly easy. Replacing human administrators with automated systems will also give attackers a new source of potential exploits.