Shut Up Slave – Page 45 – A Geek With Guns

Having Your Surveillance Cake And Eating It Too

At one point it wasn’t uncommon for employers to issue company devices to employees. Things have changed however and now it is common for employers to expect employees to use their personal devices for work. It seems like a win-win since employees don’t have to carry two cell phones or use whatever shitty devices their company issues and employers safe money on having to buy devices. However, it leads to an interesting situation. What happens when the employer wants to surveil an employee’s personal device? That’s the battle currently being waged by Minnesota’s state colleges and their employees:

Two faculty unions are up in arms over a new rule that would allow Minnesota’s state colleges and universities to inspect employee-owned cellphones and mobile devices if they’re used for work.

The unions say the rule, which is set to take effect on Friday, would violate the privacy of thousands of faculty members, many of whom use their own cellphones and computers to do their jobs.

“[It’s] a free pass to go on a fishing expedition,” said Kevin Lindstrom, president of the Minnesota State College Faculty.

But college officials say they have an obligation under state law to protect any “government data” that may be on such devices, and that as public employees, faculty members could be disciplined if they refuse to comply.

If the universities have such a legal obligation then they damn well should be issuing devices. Data is at the mercy of the security measures implemented on whatever devices it is copied to. When businesses allow employees to use personal devices for work any data that ends up on those devices is secured primarily by whatever measure the employee has put into place. While you can require certain security measures such as mandating a lock screen password on the employee’s phone, employees are still generally free to install any application, visit any website, and add any personal accounts to the device. All of those things can compromise proprietary company data.

By issuing centrally managed devices, the universities could restrict what applications are installed, what webpages devices are willing to visit, and what accounts can be added.

There is also the issue of property rights. What right does an employer have to surveil employee devices? If so, how far does that power extend? Does an employer has the right to surveil an employee’s home if they work form home or ever take work home? Does an employer have the right to surveil an employee’s vehicle if they use that vehicle to drive to work or travel for work? When employers purchase and issue devices these questions go away because the issued devices are the employer’s property to do with as they please.

If an employer wants to surveil employee devices then they should issue devices. If an employer is unwilling to issue devices then they should accept the fact they can’t surveil employee devices. If an employer is under a legal obligation to protect data then it needs to issue devices.

How The State Makes Us Less Secure Part MLVII

The State, by claiming to provide for the common defense and declaring a monopoly on justice, has a conflict of interest. Providing for the common defense would require it to disclose any vulnerabilities it discovers but it’s reliant on those vulnerabilities to obtain evidence to prosecute individuals accused of a crime.

Adding a new chapter to this ongoing saga is the Federal Bureau of Investigation’s (FBI) decision to fight a court order to reveal a vulnerability it used to uncover the identify of Tor users:

Last month, the FBI was ordered to reveal the full malware code used to hack visitors of a dark web child pornography site. The judge behind that decision, Robert J. Bryan, said it was a “fair question” to ask how exactly the FBI caught the defendant.

But the agency is pushing back. On Monday, lawyers for the Department of Justice filed a sealed motion asking the judge to reconsider, and also provided a public declaration from an FBI agent involved in the investigation.

In short, the FBI agent says that revealing the exploit used to bypass the protections offered by the Tor Browser is not necessary for the defense and their case. The defense, in previous filings, has said they want to determine whether the network investigative technique (NIT)—the FBI’s term for a hacking tool—carried out additional functions beyond those authorised in the warrant.

People around the world rely on tor to protect themselves from tyrannical regimes. Journalists living in countries such as Iran, China, and Thailand are only able to continue reporting on human rights violations because Tor protects their identities. Sellers and consumers of verboten drugs, neither of whom are causing involuntary harm to anybody, successfully used Tor hidden services to make their trade safer. Victims of domestic abuse rely on Tor to get access to help without being discovered by their abusers. By refusing to publish the vulnerability it used, the FBI is putting all of these individuals in danger.

On another point, I must also emphasize that that the FBI is claiming the defense doesn’t need to know this information, which speaks volumes to the egotistical nature of the agency. Who is the FBI to decide what the defense needs to know and doesn’t need to know? Being the prosecuting party should already disqualify the FBI’s opinion on the matter due to its obvious conflict of interest.

Civil Forfeiture Is Back

In December of last year the Department of Justice (DoJ) announced that would be suspending payments under the Equitable Sharing Program. There was much rejoice. But anybody familiar with statism knows that rules can change at the whim of a bureaucrat to no victories are permanent. The DoJ has just announced that it will resume payments again:

The Justice Department had suspended payments under this program in December, due to budget cuts included in last year’s spending bill.

“In the months since we made the difficult decision to defer equitable sharing payments because of the $1.2 billion rescinded from the Asset Forfeiture Fund, the financial solvency of the fund has improved to the point where it is no longer necessary to continue deferring equitable sharing payments,” spokesman Peter J. Carr said in an email Monday.

While he didn’t specify exactly where the new funding came from, Carr noted that the program is partly funded by the cash and other property seized under the program.

Civil forfeiture is one of the most brazen efforts by the State to redistribute wealth from the people to itself. Usually the State wraps its theft in justifications of providing services and due process. But civil forfeiture isn’t used to build roads or fund schools and spits in the face of due process by presuming guilt instead of innocence.

Due to the massive amount of pushback it wasn’t surprising to hear the DoJ announce it was suspending the program. The State likes people to believe its theft isn’t theft and public opinion was going against that fiction with civil forfeiture. It’s also not surprising to see the decision reversed, especially now that the media attention has died down, since civil forfeiture is one of the DoJ’s favorite tools to enhance the power of its law enforcers. And as we all know, a heavily armed law enforcer is a happy law enforcer and a happy law enforcer is much more willing to steal for their employer.

For Statists The Only Response Is Attacking Individual Freedom

When a problem, perceived or real, arises there is only one response for statists: attacking individual freedom. As I noted last week, the knowledge that the Paris attackers used burner phones instead of encrypted communications would likely inspire useless legislation aimed at prohibiting burner phones. Jackie Speier seems hellbent on proving me right because she has introduced legislation to do exactly that:

Congresswoman Jackie Speier, a Democrat representing California’s 14th district, has introduced a the “Closing the Pre-Paid Mobile Device Security Gap Act of 2016,” or HR 4886, which will require people who purchase a prepaid device to provide proper identification.

“This bill would close one of the most significant gaps in our ability to track and prevent acts of terror, drug trafficking, and modern-day slavery,” Speier said in a blog post. “The ‘burner phone’ loophole is an egregious gap in our legal framework that allows actors like the 9/11 hijackers and the Times Square bomber to evade law enforcement while they plot to take innocent lives. The Paris attackers also used ‘burner phones.’ As we’ve seen so vividly over the past few days, we cannot afford to take these kinds of risks. It’s time to close this ‘burner phone’ loophole for good.”

Regardless of Speier’s claims, burner phones are not a significant gap in the State’s ability to prevent acts of terror, drug trafficking, or modern-day slavery. Setting aside the fact that most acts of terror, negative aspects of drug trafficking, and modern-day slavery are created by the State, we’re still left having to accept the fact that pervasive communication technology has rendered any ability to control communications practically impossible.

Burner phones are just one method of communicating in a way that’s difficult to surveil. The same effect can be achieved with cloned subscriber identity module (SIM) cards. Furthermore, registrations are easy to bypass. The firearm community is well aware of the term straw purchase. It’s a term that describes having somebody who isn’t prohibited from purchasing firearms to purchase one for somebody who is prohibited. By having somebody else purchase a phone for you you can avoid having that phone tied to your person. Getting somebody to purchase a cell phone for you would be even easier than a firearm since few people see a cell phone as a destructive device. There is also the fact that burner phones from overseas can be smuggled into the country and sold for cash.

Legislation aimed at prohibiting something only accomplish one thing: creating a black market. Not a single piece of legislation aimed at prohibiting something has been successful. This bill will be no different.

Checkpoints All The Way Down

The investigation into the Brussels attack hasn’t concluded yet but politicians are already calling for actions to be taken to prevent such an attack from happening here:

Security experts, politicians and travelers alike say the Brussels bombings exposed a weak spot in airport security, between the terminal entrance and the screening checkpoint.

“If you think about the way things were done in Brussels — and have been done in other places — literally people only have to only walk in, and they can attack at will,” said Daniel Wagner, CEO of security consulting firm Country Risk Solutions.

These idiots will be putting security checkpoints before the security checkpoints if we let them:

Wagner suggests U.S. airports establish pre-terminal screening before travelers enter the facility.

“That is a common approach in many countries around the world — you cannot even get in the terminal until your bags and your person have been pre-screened,” he said. “That is, through an X-ray machine both for the bags and for the individual.”

It’ll be checkpoints all the way down. What none of these stooges have stopped to consider is that the checkpoints themselves are attractive targets. Checkpoints are chokepoints. They forces large numbers of people to gather in a single place so they can slowly (very slowly in the case of Minneapolis’ airport) be filtered through by security. If a suicide bomber wants to kill a lot of people they need only step in the checkpoint line.

Adding an additional chokepoint or moving the current one doesn’t fix the problem. Reducing the amount of damage a terrorist can cause in an airport requires dispersing people, which means making major changes to current airport security practices. The long security lines have to go. This can be done by simplifying the screening process, making it consistent (anybody who travels frequently knows that the orders barked by the Transportation Security Administration (TSA) goons can change drastically from day to day), and increasing the number of checkpoints. None of those measures will be taken though because the idiots who make the policies know nothing about security.

How The State Makes Us Less Secure Part MLVI

Statists often claim that the State is necessary for the common defense. If this were the case I would expect it to do what it can to make everybody safer. Instead it does the opposite. In its pursuit of power the State continues to take actions that make everybody under its rule less safe.

The latest chapter in this ongoing saga revolves around the iPhone of Syed Farook. After trying to get a court to force Apple to write a custom firmware for Farook’s iPhone that would allow the Federal Bureau of Investigations (FBI) to brute force the passcode, the agency postponed the hearing because it claimed to have found another method to get the data it wants. That method appears to be an exploit of some sort but the Justice Department has classified the matter so we may never know:

A new method to crack open locked iPhones is so promising that US government officials have classified it, the Guardian has learned.

The Justice Department made headlines on Monday when it postponed a federal court hearing in California. It had been due to confront Apple over an order that would have forced it to write software that would make it easier for investigators to guess the passcode for an iPhone used by San Bernardino gunman Syed Farook.

The government now says it may have figured out a way to get into the phone without Apple’s help. But it wants that discovery to remain secret, in an effort to prevent criminals, security researchers and even Apple itself from reengineering smartphones so that the tactic would no longer work.

By classifying this method the Justice Department is putting, at minimum, every iPhone 5C user running the same firmware as Farook’s phone at risk. But the exploit likely reaches further and may even put every user of every iOS device at risk.

Since Farook’s iPhone is in the State’s possession there is no risk of its firmware being upgraded. That being the case, there’s no reason for the Justice Department not to disclose the vulnerability its exploiting. Even if the exploit is disclosed the agency will still be able to use it to gain access to the data on Farook’s phone (assuming the exploit works as implied). But disclosing it would allow Apple to patch it so it couldn’t be used against the millions of innocent people using iOS devices.

There is a conflict of interest inherent in statism. The State is supposed to provide for the common defense of those within its territory. At the same time it’s charged with investigating crimes and dispensing justice. In order to fulfill the latter goal it must be able to gain access to whatever information it deems pertinent to an investigation. Ensuring that access is available conflicts with providing for a common defense since an effective defense against foreign aggressors, especially as it relates to protecting data, is also an effective defense against the State.

Let’s Talk About Privacy Rights

It was bound to happen sooner or later. The Republican lawmakers’ obsession with bathrooms has made its way to Minnesota. Senators Scott Newman, Dan Hall, Dave Thompson, Michelle Benson, and Paul Gazelka introduced a bill to mandate discrimination against transgender individuals:

Republicans in the Minnesota Senate introduced a bill on Friday that would block businesses and other employers from providing gender-neutral restrooms or from enacting policies that allow transgender employees to use appropriate restrooms. Senate File 3002 amends the 1993 Minnesota Human Rights Act — the nation’s first nondiscrimination law to include gender identity.

The bill starts with a specious definition of “sex.” It states, “A person’s sex is either male or female as biologically defined.” The bill does not mention people who fall outside the male-female binary such as those who are intersex, nor those whose sex designations have been legally changed under Minnesota law.

Why do these particular lawmakers feel qualified to define sex? Hell if I know. They probably believe democracy carries some kind of magical power that grants otherwise unremarkable individuals divine knowledge. Either way, their delusions of grandeur are only one absurdity amongst many in this case. Another absurdity is the justification given in the bill for its existence:

No claim of nontraditional identity or “sexual orientation” may override another person’s right of privacy based on biological sex in such facilities as restrooms, locker rooms, dressing rooms, and other similar places, which shall remain reserved for males or females as they are biologically defined.

Emphasis mine. Let’s discuss what a right to privacy is. A right, as it pertains to legal matters, is something that cannot be prohibited by the government. When somebody says you have a right to free speech they mean the government cannot prohibit you from saying something. When somebody says you have a right to a jury trail they mean the government cannot bar you from having a jury trail when it has accused you of a crime. When somebody says you have a right to privacy they mean the government cannot violate your privacy.

A right to privacy in a restroom, lock room, dressing room, or other similar facility means the government cannot surveil you in those facilities. That’s it. Since this bill has nothing to do with government surveillance in these facilities it also as no business arguing that its preserving a right to privacy.

In fact this bill would be a violation of privacy rights. How can a bill restricting what bathrooms transgender individuals can use be enforced? First, the enforcers have to identify transgender individuals. That would require looking through every individuals’ medical records. Second, the enforcers must surveil bathrooms so it can catch anybody violating the restriction. Since victimless violations of the law such at this one have no injured parties the only way to enforce them is through surveillance. That necessarily requires the government to violate everybody’s privacy.

Giving Children A Taste Of The Police State While They’re Young

It’s true, the United States is a police state. But even Uncle Sam has nothing compared to his dear old mum. While the United States is still fighting terror by having the Federal Bureau of Investigations (FBI) radicalize adults with lukewarm intelligence the United Kingdom (UK) has already moved on from such trivial matters and is now dealing with the threat of radicalized four year-olds:

Staff at a nursery school threatened to refer a four-year-old boy to a de-radicalisation programme after he drew pictures which they thought showed his father making a “cooker bomb”, according to the child’s mother.

The child’s drawing actually depicted his father cutting a cucumber with a knife, his mother says, but staff misheard his explanation and thought it referred to a type of improvised explosive device.

On Friday the boy’s mother showed the Guardian video footage of her son in which he is playing happily on the floor of his home, and is shown a cucumber and asked what it is. “A cuker-bum,” he says, before going back to his toys.

The footage was taken by the mother at the family home in Luton after the nursery discussed referring the child to a de-radicalisation programme out of concerns that pictures drawn by him referred to explosions and an improvised explosive device known as a “cooker bomb”.

How brainwashed by propaganda does a nursery school staff have to be to assume a four year-old is saying “cooker bomb” when they say “cuker-bum”? At that age children are still working out how to pronounce words. Hell, at that age I will still trying to figure out why “very” wasn’t pronounced “berry”. The fact that these mouth breathers are so fucking terrified that they immediately assume a child failing to pronounce a word correctly is related to a terror plot should disqualify them from working with children.

What was especially egregious was the nursery school staff’s statement to the mother:

In between the odd tear and laugh of disbelief, the mother spoke about the experience, which she said had left her shaken and upset, and involved her being told at one point: “Your children might not be taken off you … you can prove yourself innocent.”

Emphasis mine. Prove her innocence? That’s not how things are supposed to work. The fact that the nursery school staff believes a person must prove their innocence instead of the State proving guilt demonstrates just how fucked the UK is.

One of the biggest problems facing The United States and many European countries is the rampant number of quislings. You know the type. The jackass neighbor who calls the police because you have a fire pit going in your backyard and they know you didn’t get a permit. The car mechanic who calls the police because they found a dime bag of weed in your car while they were fixing it. The nosy neighborhood watcher who calls in your car because it was parked on the street for over 24 hours. Because of these worthless busybodies the State is well informed of its laws being broken and can enforce them. Without them the State would have a much harder time enforcing its laws because it wouldn’t know about the violations.

It Was Snowden All Along

In 2013 the Federal Bureau of Investigations (FBI) demanded Ladar Levison hand over the TLS keys to his Lavabit service. He did comply, by providing the key printed out in small text, but also shutdown his service instead of letting the key be used to snoop on his customers. The FBI threw a hissy fit over this and even threatened to kidnap Levison for shutting down his business. But one question that always remained was who the FBI was after. Everybody knew it was Edward Snowden but there was no hard evidence… until now.

Court documents related to the Lavabit case have been released. The documents are naturally heavily redacted but the censors missed a page:

In court papers related to the Lavabit controversy, the target of the investigation was redacted, but it was widely assumed to be Edward Snowden. He was known to have used the service, and the charges against the target were espionage and theft of government property, the same charges Snowden faced.

Now, what was widely assumed has been confirmed. In documents posted to the federal PACER database this month, the government accidentally left his e-mail, “Ed_snowden@lavabit.com,” unredacted for all to see. The error was noted by the website Cryptome earlier this week, and Wired covered it yesterday.

This revelation didn’t tell us anything we didn’t know before but it’s nice to have hard evidence in hand. Now we know with certainty that the FBI completely destroyed a business as retaliation for having Snowden as a customer. I say this was retaliatory because the court documents [PDF] clearly show that Levison was willing to cooperate with the FBI by surveilling the single target of the order. However, the FBI decided it would accept nothing less than the surrender of Lavabit’s TLS key.

Had the FBI been reasonable it would have had its tap. Instead its agents decided to be unreasonable fuckheads, which forced Levison to shutdown his business entirely instead of putting thousands of innocent users at risk. This case is also a lesson in never cooperating with terrorists. Levison offered to cooperate and still had his business destroyed. When the FBI comes to your door you should refuse to cooperate in any way. Cooperating will not save you. The only difference between cooperating and refusing to cooperate is that in the case of the latter your business will be shutdown before innocent users are put at risk.

Law Enforcers Caught Abusing A Databases Again

I have a natural aversion to government databases. This may seem ironic coming from a man whose name probably appears in dozens of them but that’s beside the point. Databases for sex offenders, felons, known gang members, and gun owners are always sold as being valuable tools for protecting the public. What is often ignored by proponents of such databases is how easily they can be abused by law enforcers. Denver law enforcers are the latest in a long line of law enforcers busted for abusing government databases for personal gain:

Denver Police officers caught using a confidential database for personal reasons should face stiffer penalties, the city’s independent monitor argued in a report released Tuesday.

The report, which reviewed both the Denver Police and the Denver Sheriff Department’s performance for 2015, found several instances of officers abusing both the National Crime Information Center (NCIC) and it’s state counterpart, the Colorado Crime Information Center (CCIC). Independent Monitor Nicholas Mitchell said in the report that he believes the penalties for those caught aren’t stiff enough to deter further abuse.

[…]

One officer, for example, was found to have used the database to assist an acquaintance who was going through a divorce determine the identity of the man he believed his wife was having an affair with. Then it spiraled out of control, possibly enabling violence from the vengeful ex-husband:

Shortly thereafter, the ex-husband began driving by the man’s house and threatening him. The ex-husband also found and contacted the man’s wife to tell her that the man was having an affair. The ex-husband told the wife that he knew their home address, showed her a picture of the man’s car, and asked her questions about the man to find out what gym he worked out at, what shift he worked, and where he spent his leisure time.

[…]

In another instance, a Denver Police officer who was at a hospital investigating a reported sexual assault made “small talk” with a female employee at the hospital who wasn’t involved in the investigation. The report continues:

At the end of her shift, the female employee returned home and found a voicemail message from the officer on her personal phone. She had not given the officer her phone number, and was upset that he had obtained it (she assumed) by improperly using law enforcement computer systems.

Note the lack of punishments received by officers caught abusing these databases. The first mentioned infraction resulted in a written reprimand and the second resulted in a fine of two days pay in addition to a written reprimand.

There are two major problems here. First, the existence of these databases. Second, the almost complete absence of oversight. These databases hold a tremendous amount of personal information on individuals. That information isn’t anonymized in any way so any officer can bring up the home address, phone number, and other personal information of those entered into the database. No oversight is apparently needed as multiple officers have been able to access the database for unauthorized uses. And no apparent interest in establishing oversight seems to exist since those finally caught abusing the database received no real punishment.

Databases containing personal information are dangerous to begin with. But when you add a complete lack of accountability for those accessing the databases, especially when they’re almost entirely shielded from personal liability, you have a recipe for disaster. Never let yourself be lulled into believing establishing a government database is necessary or in any way a good thing.