Superdickery – Page 49 – A Geek With Guns

Terrorist Plots Aren’t The Only Things The FBI Makes Up

The Federal Bureau of Investigations (FBI) has a long history of creating terrorists. This practice is so prevalent that there’s a book about it. But terrorist plots aren’t the only thing the FBI makes up. The agency also likes to make up sex-trafficking rings:

In the press, it was a “wide-reaching sex-trafficking operation” run by Somali Muslim gangs who forced “girls as young as 12” to sell sex in Minnesota and Tennessee. In reality, the operation—which led to charges against 30 individuals, sex-trafficking convictions for three, and an eight year legal battle—was a fiction crafted by two troubled teenagers, a member of the FBI’s human-trafficking task force, and an array of overzealous officials. An opinion released this week by the 6th Circuit Court of Appeals shows that federal prosecuters had no evidence whatsoever to support their “child sex trafficking conspiracy” case outside the seriously flawed testimony of two teenagers, one of whom had “been diagnosed as insane and was off her medication.”

“We conclude from our careful review of the trial transcript and record that, if the prosecution proved any sex trafficking at all (and we have serious doubts that it did), then at best it proved two separate, unrelated, and dissimilar sex-trafficking conspiracies, involving different defendants, albeit with the same alleged victim, namely Jane Doe 2,” states the 6th Circuit opinion, written by judges Alice M. Batchelder, Sean F. Cox, and Helene N. White.

At some point you would think the general public would begin asking why the FBI even exists. An agency has been caught time and again fabricating crimes. So one is forced to question whether any of the crimes it has solved were actually real.

We return again to the fact that the supposed system of checks and balances is more accurately described as a circlejerk. If the legislative and judicial branches were a check and balance against the executive branch there would have been investigations into the FBI itself by now. Judges would be throwing out cases on the grounds that the FBI isn’t a credible agency. Senators would be urging their fellows to vote to dissolve the agency. The heads of the FBI would be facing charges and begging oversight committees for mercy. But none of that is happening. Instead the FBI continues to operate as a law enforcement agency and its transgressions are continuously ignored.

Brining Fascism Back To Europe

You would think Europe would have learned its lesson about fascism during World War II. Of all the nations of Europe, you would expect France to have especially learned its lesson since it suffered under the boot of Nazi Germany for quite some time. Yet, in a rather ironic twist, France is leading the way to the fascism revival on that continent:

French parliamentary deputies, defying government wishes, have voted in favour of penalising smartphone makers which fail to cooperate in terrorism inquiries, entering a controversy that has pitted the FBI against Apple in the United States.

The move came in the form of an amendment to a penal reform bill that was receiving its first reading in parliament.

Part of me appreciates France’s honesty in its pursuit of absolute power over its people. While I completely disagree with such a philosophy I do prefer an opponent who is honest about their intentions. On the other hand, an honest government is often the most terrifying kind. When the State no longer sees a need to even pay lip service to the rights of individuals it quickly begins perpetrating heinous act after heinous act.

It’ll be interesting if this bill manages to pass into law. I’m sure the French government foresees it as an effective means of compelling smartphone manufacturers to kowtow to law enforcers. But it will likely convince smartphone manufacturers to take their business elsewhere. I can’t imagine many CEOs willing to risk being kidnapped because their company’s devices used effective cryptography. Especially when there are so many other countries around the world willing to take in money making companies.

With Special Badges Comes Special Privileges

Becoming a police officer is a pretty sweet gig. You don’t need to be intelligent. In fact, being intelligent can prohibit you from becoming a police officer. It’s not an especially dangerous. And you get to enjoy special privileges:

This week, a Tarrant County judge sentenced cop watcher Kenny Lovett to 90 days in jail after a jury determined he interfered with a high-risk traffic stop in Arlington in 2015.

“It’s a safety issue first and foremost,” said Melinda Westmoreland, the assistant district attorney who prosecuted Lovett’s case.

On that day, Lovett and several other cop watchers pulled over to film Arlington police making a traffic stop.
Not long after they began filming, two officers approached them, concerned about the holsters some the cop watchers were also carrying. The exchange was caught on video.

“I need you to go back [to your vehicle] and put your weapons up if you’re armed,” the officer says in the recording. “Feel free to record after that.”

Two of cop watchers did what the officers told them to do. Lovett, who was carrying a black powder pistol, refused. He was then led away in handcuffs and charged with interfering with public duties and disorderly conduct.

When you interact with a police officer it’s OK for them to demand you to disarm but it’s not OK for you to demand they disarm. Considering the number of officers being killed is going down while the number of people being killed by cops is going up I think it would be fair to demand officers disarm when interacting with members of the public.

Power is easily abused by those who have it. By operating on a higher level than the general public law enforcement officers are in a position to abuse power. If we want to reduce power abuse by law enforcers they need to operate on the same level as the rest of us. That means they should fall under the same scrutiny when using force, being surveilled, and interacting with other individuals as every other person in society. If an officer can be armed while interacting with the general public then people keeping officers accountable by filming police interactions should be allowed to be armed as well.

We Interrupt Your Daily Grind To Bring You The Bloody Obvious

Gun control advocates have a laser like focus on guns, which causes them to lose sight of the actual issue of violence. This is most obvious when they declare victory because another weapon has started to be used common:

NEW YORK (FOX5NY) – New York mayor Bill de Blasio is trying to put a positive spin on a recent rash of stabbings and slashings across the city. He credits the NYPD taking guns off of the street.

“I’m not a criminologist but I can safely say that guns are being taken off the street in an unprecedented way. Some people, unfortunately, are turning to a different weapon,” de Blasio says.

[…]

The mayor claims that since there are so many fewer guns on the street, officers can now focus on criminals using knives and razors.

To be entirely honest I would much rather be shot than attacked with a knife. Assuming you survive, being shot tends to be more easily remedied than being slashed and stabbed.

Several things are worth noting with this story though. First, there is no evidence that New York’s gun control laws are the cause for the uptick in stabbings. Bill de Blasio is just declaring it so but offers no evidence to support his claim. Second, he doesn’t mention if shootings have gone down in addition to stabbings increasing. This is important to determine because it could be that shootings have remained the same and stabbings have simply increased. Third, even if we assume shooting are down the actual problem of violent crime obviously remains. Whether people are shot or stabbed doesn’t make a difference. Either way people are still being injured or killed. Four, and this is one that is usually overlooked, are the efforts of law enforcers to stop out violent crime creating more violent crime? It’s pretty hard to claim violence crime is down in law enforcers are injuring and killing people are a higher rate to enforce weapon prohibitions.

Here is something we do know though. Acquiring a carry permit in New York City is very difficult, which means the people operating within the letter of the law are at a severe disadvantage. If somebody attacks them with either a gun or a knife they are handicapped as far as self-defense goes.

Amazon Disabled Device Encryption In Fire OS 5

While Apple and, to a lesser extent, Google are working to improve the security on their devices Amazon has decided on a different strategy:

While Apple continues to resist a court order requiring it to help the FBI access a terrorist’s phone, another major tech company just took a strange and unexpected step away from encryption.

Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices.

The change, which took effect in Fire OS 5, affects millions of users.

Traditionally firmware updates deliver (or at least attempt to) security enhancements. I’m not sure why Amazon chose to move away from that tradition but it should cause users of Fire OS devices concern. By delivering a firmware update that removes a major security feature Amazon has violated the trust of its users.

Unless Amazon fixes this I would recommend avoiding Fire OS based devices. Fortunately other phone and table manufacturers exist and are willing to provide you devices that offer good security features.

Because Punishing The Victim Makes Sense

Hypothetically let’s say a student stole a cell phone from their teacher. The teacher, being an average person and almost entirely ignorant on security, didn’t set a lock code. Because there was no lock code the student was able to log in. After logging in the student found embarrassing pictures of the teacher and sent them to friends.

In this situation would you punish the teacher or the student? Although not setting a lock code on your phone isn’t a wise decision there is no victim involved when somebody is ignorant. There is, however, a victim when a theft occurs. That being the case, I would argue the student should be punished but the teacher should not. Of course, that’s not how things work in our society:

A South Carolina high-school teacher may be charged with contributing to the delinquency of a minor after a student stole her cellphone and distributed partially nude photos from it around the school. Administrators say she should have password-protected the phone.

[…]

One might think that the student would at least face disciplinary action from the school, if not criminal charges of some sort. But thus far, the school has not moved to hold the 16-year-old student accountable at all. Arthur, however, is another story. After teaching in Union County for 13 years, she resigned when district officials gave her the choice to do so immediately or start the firing process.

Interim superintendent David Eubanks told The State that Arthur might also be charged with contributing to the delinquency of a minor. “I think we have a right to privacy, but when we take inappropriate information or pictures, we had best make sure it remains private,” he said.

I would argue that this is the inevitable result of combining zero tolerance policies, a total lack of critical thinking when “it’s for the children”, and having a legal system instead of a justice system.

The only victim here was the teacher because her phone was stolen. But since children saw her nude photos the fact that she was the victim of theft and didn’t send the photos is ignored. To make matters worse, the thief is left unpunished because, well, reasons.

So here we are, continuing to wallow in a society that punishes victims and lets criminals go unscathed.

Brazilian Government Unable To Break WhatsApp’s Encryption, Retaliates By Kidnapping A Facebook Employee

This may be a preview of things to come here. The Brazilian government is a bit peeved that it is unable to bypass WhatsApp’s encryption. Furthermore, it has been unable to convince Facebook, the owner of WhatsApp, to include a backdoor in the software. In what appears to be an act of retaliation the government has decided to harass Facebook by kidnapping one of its employees:

The arrest was made at the request of officials from the state of Sergipe, in Brazil’s north-east. In a statement, the federal police said Facebook/WhatsApp had repeatedly failed to comply with court orders relating to an organized crime and drug-trafficking investigation.

[…]

WhatsApp said in a statement that it was disappointed at the arrest and is unable to provide information it does not have, due to the architecture of its service. “We cooperated to the full extent of our ability in this case and while we respect the important job of law enforcement, we strongly disagree with its decision,” the unit said.

I wish companies would stop including all the nonsense about understanding the important job of law enforcement. Enforcing laws isn’t important. Providing justice to victims is important but that’s not what law enforcers primarily do.

What makes this kidnapping even weirder is that WhatsApp is apparently a separate operational entity from Facebook so the Brazilian government didn’t even kidnap a person who is in any way responsible for the app:

Facebook issued a distinct statement, noting that WhatsApp is operationally separate from the mothership, making the arrest of a Facebook exec “extreme and disproportionate.”

This is what it looks like when a government throws a temper tantrum. Hopefully the Brazilian government will release the poor schmuck it kidnapped. Although it wouldn’t surprise me (OK, it would surprise me a little bit) if it decided to threaten to kill him if Facebook didn’t give in to its demands. Either way, if I were Facebook I’d strongly consider moving all operations out of Brazil. Operating in that country has obviously become a liability.

When The State Isn’t Wrecking The Technology Industry It’s Begging It For Help

Do you know what’s especially funny about the fight between Apple and the Federal Bureau of Investigations (FBI)? While one part of the State is trying to destroy computer security another part is begging for help:

Carter will visit a Pentagon outpost in the heart of Silicon Valley, speak at a cybersecurity conference in San Francisco and go to Microsoft and Amazon headquarters in Seattle to highlight the risks of cyberattacks and the need for greater digital cooperation with the Pentagon.

His visit to the West Coast — his third in less than a year, more than he’s made to Kabul or Baghdad — marks the latest effort by the Obama administration to recruit telecommunications, social media and other technology companies as partners in national security operations despite deep suspicion in Silicon Valley about government surveillance.

Statism in a nutshell. When computer security stands in the way of the State’s power it attempts to crush it mercilessly. But when it needs computer security to solidify and maintain its power it comes crawling back to the very people it tried to execute only a short while ago.

In the end the State wants the best of both worlds. It wants a world where its networks and devices are secure but nobody else’s are. Why should security professionals provide the State any assistance when it constantly tries to bite their hands?

ATF Says Certain Medical Patients Prohibited From Owing Firearms

Should people who require certain medications lose the right to self-defense? According to the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) they should:

What has forged this quirky convergence of advocacy — tokers, meet shooters — is a September letter from the federal Bureau of Alcohol, Tobacco, Firearms and Explosives saying it is illegal for medical-marijuana patients to own firearms.

Everybody who buys a gun must fill out ATF Form 4473, which asks: “Are you an unlawful user of, or addicted to, marijuana or any depressant, stimulant, narcotic drug, or any other controlled substance?”

Answer yes, and you don’t get the gun. Falsely answer no, and you’ve just committed a crime.

The ATF’s letter, sent out Sept. 21, clarifies that the bureau includes medical-marijuana patients in that group of prohibited buyers because their marijuana use is inherently illegal federally.

The absurdity, of course, is that the 4473 form asks if you are an unlawful user. People who have a medical exemption card are lawfully using cannabis and therefore should not be prohibited by law.

More importantly though, the fact that somebody can lose the right to defend themselves because they need cannabis is ridiculous. Cannabis is far safer than most other drugs including alcohol (which you can use and still legally own a firearm), which is responsible for a great deal of poor life choices.

There’s no valid reason to prohibit somebody from owning firearms just because they use certain drugs. So long as people don’t use their firearms while under the influence of drugs there is no real danger. And many drugs have no side effects that make firearm usage dangerous to the users or bystanders.

This is yet another example of a policy put forth by the ATF that demonstrates the agency is interested in restricting firearm ownership.

When Idiots Write About Computer Security

People trying to justify the Federal Bureau of Investigation’s (FBI) demands of Apple are possibly the most amusing thing about the agency’s recent battle with Apple. Siding with the FBI requires either being completely ignorant of security or being so worshipful of the State that you believe any compromise made in the name empowering it is justified.

A friend of mine posted an article that tries to justify the FBI’s demands by claiming Apple is spreading fear, uncertainty, and disinformation (FUD). Ironically, the article is FUD. In fact it’s quite clear that the author has little to no understanding of security:

In its campaign, Apple is mustering all the fear, uncertainty and doubt it can. In an open letter to its customers, it states that “the government would have us write an entirely new operating system for their use. They are asking Apple to remove security features and add a new ability to the operating system to attack iPhone encryption, allowing a passcode to be input electronically. … It would be wrong to intentionally weaken our products with a government-ordered backdoor.” The FUD factor in that statement is “weaken our products.” It is grossly misleading, the plural suggesting that the FBI wants Apple to make this back door a standard part of iPhones. That’s flat-out false. What the government has asked is that Apple modify software to remove a feature that was not present in earlier versions of the software, and then install that new software on the single phone used by the terrorist. Apple can then destroy the software.

Apple’s statement is entirely accurate. The FBI is demanding a signed version of iOS that removes security features and includes a mechanism to brute force the password used to encrypt the contents of the device. Because the firmware would be signed it could be loaded onto other iPhones. We also know the FBI has about a dozen more phones it wants Apple to unlock so this case isn’t about a single phone. This case is about setting a precedence that will make it easier for the State to coerce companies into bypassing the security features of their own products.

The claim that Apple can destroy the software is also naive. In order to unlock the device the software must be loaded onto the phone. Since the phone is evidence it must be returned to the FBI. That means the FBI will have a signed copy of the custom firmware sitting on the phone and the phone will be unlocked so it would be feasible for the FBI to extract the firmware. Furthermore, the process involved in writing software for a court case will likely involve several third parties receiving access to the firmware:

Once the tool is ready, it must be tested and validated by a third party. In this case, it would be NIST/NIJ (which is where my own tools were validated). NIST has a mobile forensics testing and validation process by which Apple would need to provide a copy of the tool (which would have to work on all of their test devices) for NIST to verify.

[…]

During trial, the court will want to see what kind of scientific peer review the tool has had; if it is not validated by NIST or some other third party, or has no acceptance in the scientific community, the tool and any evidence gathered by it could be rejected.

[…]

If evidence from a device ever leads to a case in a court room, the defense attorney will (and should) request a copy of the tool to have independent third party verification performed, at which point the software will need to be made to work on another set of test devices. Apple will need to work with defense experts to instruct them on how to use the tool to provide predictable and consistent results.

It will likely be impossible for Apple to maintain exclusive control over the firmware.

Once the genie is out of the bottle it can’t be put back in. This is especially true with software since it can be reproduced almost infinitely for costs so small they’re practically free. If Apple produces this firmware it will not be able to make it not exist afterward. Let’s continue with the article in question:

More contradictory to Apple’s claims is that the FBI has specifically stated that it does not intend to cause a weakening of the consumer product, so this case cannot be used as a precedent. Should the government at any time attempt to do that so that back doors to be embedded in products, its own words would be the most compelling argument to counter that.

The FBI claims a lot of things. That doesn’t make those claims true. By merely existing this firmware would make consumer products less secure. Currently the iPhone’s security is quite strong as noted by the fact that the FBI has been unable to break into about a dozen phones in its possession. If Apple releases a firmware that can bypass security features on iPhones it necessarily means the overall security of iPhones, which are consumer products, is weakened. There is no way to logically argue otherwise. When something that couldn’t be broken into can be broken into it is less secure than it was. The fact that I felt the need to write the previous sentence causes me great pain because it speaks so ill of the education of the author.

The FUD continues, with Apple saying, “Law enforcement agents around the country have already said they have hundreds of iPhones they want Apple to unlock if the FBI wins this case.” That might very well be the case. But it has zero relevance. Each of those cases could be resolved only with a court order of its own, regardless of what happens with the San Bernardino iPhone. Even if this case were not in front of the court at the moment, any state, local or federal law enforcement agency could bring a similar case forward.

Actually, it’s entirely relevant. The FBI wants the court precedence so prosecutors in other cases can compel companies to bypass security features on their products. Apple isn’t simply fighting the creation of a purposely broken firmware, it’s fighting a precedence that would allow other courts to coerce companies into performing labor against their will. Obviously the author’s understanding of the legal system, specifically how precedence works, is as lacking as his understanding of security.

Gaining access to locked data is a legitimate law enforcement issue, and whatever your personal beliefs, all law enforcement officers have a responsibility to attempt to collect all information that is legally possible to collect.

While law enforcers may have a responsibility to attempt to collect all information within their power to collect that doesn’t mean they should be able to compel others to assist them at the point of a gun.

In other forums, Apple has been claiming that if the U.S. requires Apple to cooperate in providing access to the phone, all other governments around the world will then expect the same sort of cooperation. It is a bogus claim — more FUD. Do Apple’s lawyers really not know that the law of one country does not apply to another? Apple’s winning its case in the U.S. would do nothing to stop another country from initiating a similar action. Its losing its case should have no influence on whether other countries decide to pursue such matters.

I see the author doesn’t pay attention to world events. Oftentimes when a government sees another government get away with something nasty it decides it can also get away with it. Take Blackberry, for example. India demanded that Blackberry give it access to a backdoor and Blackberry complied. Seeing India getting what it wanted the government of Pakistan demanded the same. Monkey see, monkey do. It should be noted that Blackberry actually left Pakistan but it was obviously for reasons other than the backdoor demands.

Apple knows that if it rolls over it will encourage other governments to demand the same as the FBI. If, however, it digs its heels in it knows that it will discourage other governments from demanding the same. This is the same principle as not negotiating with terrorists. If you give in once it will encourage others to pull the same shit against you.

But of all of Apple’s arguments, the one that is most ludicrous, or perhaps the most damning of its much-touted security prowess, is revealed in this response to the government’s request for a key that could unlock one phone:

“Of course, Apple would do our best to protect that key, but in a world where all of our data is under constant threat, it would be relentlessly attacked by hackers and cybercriminals. As recent attacks on the IRS systems and countless other data breaches have shown, no one is immune to cyberattacks.”

First, Apple is already relentlessly attacked by hackers and criminals. I would like to hope that Apple has better security practices than the IRS. But when you unpack this statement, you are left with the impression that we should not trust any of Apple’s software or products. You have to assume that, should Apple write the software that the FBI wants, it would be among the most protected software in the company. If Apple is concerned about this software being compromised, what does that say about all of its other software?

This is another claim that can only be made by somebody who doesn’t understand security. This firmware wouldn’t be entirely in Apple’s hands. As noted above, the FBI would possess a phone with the firmware installed on it. And anybody who has paid attention to the various congressional hearings on the numerous federal network breaches knows the federal government’s network is incapable of protecting anything of value.

This firmware isn’t like a private key, which can serve its purpose even if you keep it within your exclusive control. It’s a piece of software that must be loaded onto a device that is evidence in a crime, which necessarily means it must leave your exclusive control. So Apple’s security isn’t the only cause for concern here.

Even assuming that a bad guy gets hold of just the software that law enforcement wants created, it would have to be signed by Apple’s security certificate to load on any phone.

Which the copy on the phone and any copies sent out for independent testing would be.

If the criminal gets a copy of the software and it has already been signed with the certificate, Apple could revoke the certificate.

If the author read the Electronic Frontier Foundation’s (EFF) excellent technical overview of this case he would know that the public key is built into the hardware of the iPhone. This is actually a smart security practice because it prevents malware from replacing the public key. If the public key was replaced it would allow malware to load its own code. The downside to this is that Apple can’t revoke the public key to prevent software signed with the corresponding private key from loading.

But if a bad guy gets hold of Apple’s digital certificate, then the whole Apple software base is at risk, and this feature that the FBI wants bypassed is irrelevant. After all, Apple has stated that it is not immune from attack, and it has implied it is a reasonable concern that its most protected software can be compromised.

I’m going to take this opportunity to write about a specific feature of public key cryptography that is relevant here. Public key cryptography relies on two keys: a private key and a public key. The private key, as the name implies, can be kept private. Anything signed with the private key can be verified by the public key. Because of this you only need to hand out the public key.

I have a Pretty Good Privacy (PGP) key that I use to encrypt and sign e-mails. Anybody with my public key can validate my signature but they cannot sign an e-mail as me. If, however, they had my private key they could sign e-mails as me. Because of this I keep my private key very secure. Apple likely keeps its software signing key in a vault on storage media that is only ever connected to a secure computer that has no network connectivity. Under such circumstances an attacker with access to Apple’s network would still be unable to access the company’s software signing key. For reasons I stated earlier, that’s not a model Apple can follow with the firmware the FBI is demanding. Apple’s security concerns in this case are entirely unrelated to the security practices of its private key.

In addition to his technical incompetence, the author decided to display his argumentative incompetence by closing his article with a pretty pathetic ad hominid:

But Apple, seeming to take a page from Donald Trump’s presidential campaign, is using the situation to promote its brand with free advertising.

If all else fails in your argument just compare your opponent to Trump.