Tag: Superdickery

Living in a Surveillance State

People often argue about whether Brave New World or Nineteen Eighty-Four more accurately predicted our current predicament. I tend to believe that both books predicted different aspects of the present. Governments have certainly invested heavily in dumbing down and distracting the population in order to make them more docile and therefore easier to rule. But they have also invested heavily in ensuring that they can watch everything you do wherever you go:

The next time you drive past one of those road signs with a digital readout showing how fast you’re going, don’t simply assume it’s there to remind you not to speed. It may actually be capturing your license plate data.

According to recently released US federal contracting data, the Drug Enforcement Administration will be expanding the footprint of its nationwide surveillance network with the purchase of “multiple” trailer-mounted speed displays “to be retrofitted as mobile LPR [License Plate Reader] platforms.” The DEA is buying them from RU2 Systems Inc., a private Mesa, Arizona company. How much it’s spending on the signs has been redacted.

This is why I laugh at people who leave their cellphone at home when they “don’t want to be tracked.” If you drive your vehicle somewhere, there’s an ever increasing chance that the license plate will be recorded by a government scanner. If you take public transit, there’s an almost guaranteed chance that your face will be caught on a surveillance cameras inside of the vehicle (and an ever increasing chance that facial recognition software will automatically identify you). If you walk, you’ll likely be recorded on any number of private and public surveillance cameras (which, again, are more and more being tied to facial recognition software to automatically identify you).

Everything has pros and cons. One of the cons of technology becoming more powerful and cheaper is that surveillance technology has become more powerful and cheaper. Tracking an individual, especially in metropolitan areas, is trivial. Fortunately, surveillance is a cat and mouse game. One of the pros of technology becoming more powerful and cheaper is that countersurveillance technology is becoming more powerful and cheaper.

Your Password, Please

Since I live in the United States, I spend most of my time lambasting its government’s infringements on privacy. But the United States doesn’t have a monopoly on violating individuals’ privacy. Every government has an interesting in violating rights. The hot privacy violation at the moment is demanding access to cell phones. Cell phones are becoming more integrated into our daily lives every day, which makes them a treasure trove of personal information. Here in the United States the government has made several efforts to force cell phone manufacturers to include a backdoor it can access. New Zealand has taken a different approach. If you don’t hand over your password to law enforcers, you will be fined:

New Zealand privacy activists have raised concerns over a new law that imposes a fine of up to NZ$5,000 (more than $3,200) for travelers—citizens and foreigners alike—who decline to unlock their digital devices when entering the country. (Presumably your phone would be seized anyway if it came to that.)

The Southern Pacific nation is believed to be the first in the world to impose such a law.

As a general rule, especially when crossing borders, it’s best to travel with clean devices and access whatever information you need remotely when you arrive at your destination. For example, instead of storing contract information on your cell phone when traveling, you might consider have your contract information on a remotely accessible server. When you get to your destination, you can log into the server and grab the phone numbers you need when you need them. When you’re ready to leave the country, you can factory reset your phone so your call log is erased.

Such a plan isn’t bulletproof. A factory reset phone is suspicious in of itself. Unfortunately there are no silver bullets. Every defensive measure has a list of pros and cons. You have to decide which set of pros and cons best fit your situation.

Making Security Illegal

A recent court ruling has potentially made secure devices and effective security services illegal:

The Canadian executive of a 10-year-old company that marketed its purportedly secure BlackBerry services to thousands of criminals (who paid at least $4,000 per year, per device) has pleaded guilty to a racketeering conspiracy charge, federal prosecutors in San Diego said Tuesday.

[…]

As the Department of Justice said in a Tuesday statement:

To keep the communications out of the reach of law enforcement, Ramos and others maintained Phantom Secure servers in Panama and Hong Kong, used virtual proxy servers to disguise the physical location of its servers, and remotely deleted or “wiped” devices seized by law enforcement. Ramos and his co-conspirators required a personal reference from an existing client to obtain a Phantom Secure device. And Ramos used digital currencies, including Bitcoin, to facilitate financial transactions for Phantom Secure to protect users’ anonymity and launder proceeds from Phantom Secure. Ramos admitted that at least 450 kilograms of cocaine were distributed using Phantom Secure devices.

[…]

At the time of his arrest, the Department of Justice said that the Ramos case was the “first time the U.S. government has targeted a company and its leaders for assisting a criminal organization by providing them with technology to ‘go dark,’ or evade law enforcement’s detection of their crimes.”

From what I could ascertain, the reason Vincent Ramos was arrested, charged, and declared guilty was because he offered a device and service that allowed his customers to actually remain anonymous. This is what most Virtual Private Network (VPN) providers, I2P, Tor, and other anonymity services offer so will one of them be the next Department of Justice target?

I’m going to take this opportunity to go on a related tangent. Ramos was charged because his devices and service were being used by other people to facilitate illegal activities such as selling cocaine. Ramos himself wasn’t, as far as I can tell, performing those illegal activities. Since the illegal actions in this case weren’t performed by Ramos, why was he charged with anything? Because the illegal activities being performed with his devices and service were related to the drug war and the drug war has served as the United States government’s excuse to go after anybody it doesn’t like.

Anything that can be tacitly tied to the drug war can be punished. If an officer doesn’t like you, they can claim that the cash you have on hand is evidence that you are participating in drug crimes and use civil forfeiture to seize your stuff. If your roommate is dealing drugs without your knowledge, prosecutors can claim that you actually do have knowledge and charge you with a plethora of crimes. If you offer a product that anonymizes users, prosecutors can charge you for aiding drug dealers. All of the supposed civil rights you enjoy suddenly go out the window when the word drugs is involved.

All Data Is for Sale

What happens when a website that sells your personal information asks you to input your phone number to enable two-factor authentication? Your phone number is sold to advertisers:

Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.” I managed to place an ad in front of Alan Mislove by targeting his shadow profile. This means that the junk email address that you hand over for discounts or for shady online shopping is likely associated with your account and being used to target you with ads.

There really is no reason for a website to require a phone number to enable two-factor authentication. Short Message Service (SMS) is not a secure protocol so utilizing it for two-factor authentication, which many websites sadly do, is not a good idea. Moreover, as this study has demonstrated, handing over your phone number just gives the service provider another piece of information about you to sell.

Instead of SMS-based two-factor authentication websites should at a minimum offer two-factor authentication that utilizes apps that use Time-based One-time Password Algorithm (TOTP) or HMAC-based One-time Password Algorithm (HOTP) like Authy and Google Authenticator. Better yet websites should offer two-factor authentication that utilizes hardware tokens like YubiKeys.

Want to Avoid Being Swatted? Sign Up for Our Anti-Swatting Service Today!

You know police procedures are inadequate when convincing SWAT teams to storm random addresses happens so often that there’s a term for it. The Seattle Police Department (SPD) was recently caught up in a rather embarrassing swatting incident. Instead of taking responsibility for its inadequate procedures it has decided to put the burden on the citizenry:

On its official “swatting” resource site, the Seattle Police Department acknowledges how swatting works, along with the fact that citizens have requested a way to submit their own concerns or worries about being a potential victim. (Full disclosure: after having my own personally identifiable data distributed in a malicious manner, I asked SPD for this very thing… in 2015.)

“To our knowledge, no solution to this problem existed, so we engineered one,” SPD’s site reads. The site claims that swatting victims are “typically associated with the tech industry, video game industry, and/or the online broadcasting community.”

SPD’s process asks citizens to create a profile on a third-party data-management service called Rave Facility (run by the company Smart911). Though this service is advertised for public locations and businesses, it supports private residences as well, and SPD offers steps to input data and add a “swatting concerns” tab to your profile.

Want to avoid being swatted? Sign up for our anti-swatting service today! If you don’t sign up, then the department cannot be held responsible for murdering you when some random jackass on the Internet calls in a fake hostage situation.

What gets me is not just that swatting happens so often that there’s a term for it but that it happens so often that the SPD website has a page dedicated to it. If swatting happens so often that your department has to dedicate a page to it, then your procedures for responding to random hostage situation calls need some serious overhauling.

But He’ll Defend Our Gun Rights

Donald Trump paid lip service to the National Rifle Association (NRA) and gun rights, which was enough to convince many gun owners that he would protect gun rights. This shouldn’t come as a surprise to anybody with more than two brain cells to rub together but he lied:

WASHINGTON (Reuters) – U.S. President Donald Trump said on Monday his administration is just a few weeks away from finalizing a regulation that would ban so-called bump stocks, devices that allow semi-automatic weapons to fire like machine guns.

“We’re knocking out bump stocks,” Trump said at a White House news conference. “We’re in the final two or three weeks, and I’ll be able to write out bump stocks.”

Now to sit back and wait for his apologists to claim that this is really just part of his 517 dimensional chess game to defend gun rights from those evil liberals.

Incentivizing Law Enforcement

There are many ways to encourage and discourage desired behavior. The two most common methods are rewards and punishments. You reward behavior you want and punish behavior you don’t want. These two methods are used in every walk of life, even law enforcement. Many municipalities have been encouraging their law enforcers to pursue fines. Unfortunately, an individual can only do so much so when law enforcers are encouraged to pursue fines, they necessarily must put less time into other activities such as solving crimes:

Alongside the Black Lives Matter movement in the past several years, civil rights advocates have begun pointing out that the way municipalities collect fees and fines often disproportionately affects low-income communities of color, especially when those communities aren’t well represented in local governments. In 2015, as a follow-up to investigations of police bias in Ferguson, Mo., the Civil Rights Division of the Justice Department released the Ferguson report, which painstakingly documents how the police department in that city relied overwhelmingly on fees and fines collected from people in ways that “both reflect and exacerbate existing racial bias.”

But here’s another result of fee and fine enforcement that has never before been measured: Police departments that collect more in fees and fines are less effective at solving crimes.

In addition to fines and permits fees, fines are a major source of revenue for cities. Moreover, city governments make nothing when burglaries, rapes, and murders are solved. When these facts are considered, it’s not surprise that municipalities encourage their law enforcers to pursue fines instead of solving actual crimes.

One of the most common criticisms of privatizing police is that doing so would result in the police pursuing the interests of those who hired them. What most critics of police privatization don’t recognize is that socialized police also pursue the interests of those who hire them, which is why today’s law enforcers spend most of their time enforcing laws that profit city governments. If police were privatized, you could actually hire them to solve burglaries, rapes, and murders. So long as police remain socialized, the chances of that happening are effectively zero.

We’re Not Telling You the Rules

The politicians in California have passed the first law regulating the security of Internet connected devices. However, manufacturers of said devices are going to have a difficult time complying with the law since the rules are never defined:

This bill, beginning on January 1, 2020, would require a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.

The California bill doesn’t define exactly what a ‘reasonable security feature’ would be but it mandates that connected devices come with unique passwords that users can change, which isn’t the case for many IoT products. If someone can log into the device outside a LAN, then it must have either preprogrammed passwords that are unique to each device (no more default login credentials) or a way to generate new authentication credentials before accessing it for the first time.

You must implement ‘a reasonable security feature or features’ but we’re not going to tell you what those features are. Oh, and if you fail to comply with our undefined rules, you will be subject to punishment. Anyways, good luck!

That sounds perfectly reasonable, doesn’t it?

Jacking Up the Rent

If the primary difference between capitalist and socialist nations is that in capitalist nations property is held in private, then the United States is solidly a socialist nation. While the fiction of private property exists, the reality is that all property is owned by the State. That is why you have to pay rent on your property. And like any good landlord, the State can up the rent when it so chooses:

Hennepin County officials said Tuesday they need to raise $43 million more in property taxes next year, in part to pay for personnel and the surging costs of protecting children from abuse and neglect.

County Administrator David Hough proposed a 5.5 percent increase in the property tax levy during his budget presentation to the County Board. The proposal is a response to what Hough said were “significant ongoing challenges” faced by the county. He pointed to the massive new spending in recent years aimed at child protection services, which has drawn millions from budget reserves.

Of course it’s for the children. That makes it easy to criticize anybody who opposes the rent hike by claiming that they hate children.

Less surprising than claiming that the increase is for the children is the fact that the politicians are also claiming that this increase won’t impact people too much:

Property taxes pay for a third of the $2.4 billion county budget. If the levy is approved, the owner of a $281,000 house — the median value for the county — would pay $75 more in county property taxes, Lawless said.

If you can afford a home, you can afford an additional $75 a year, right? Maybe. It really depends on the family. Moreover, the politicians are only stating what this increase will add. What they’re ignoring is all of the previous increases. $75 might not be much on a $281,000 property but over the decades the increase has probably been notable. Add that to the fact that property value is assessed by the State and you realize that, in addition to the previous increases, the properties themselves are probably assessed much higher now than they were a decade or two ago. Couple these points with the fact that wages have stagnated and the cost of goods has increased due to inflation and suddenly this seemingly minor rent increase adds up to being far less minor. But none of that matters to the State. If you can’t pay your rent, you’ll be evicted.

The Bias within the System

Radley Balko wrote an excellent article outlining just the tip of the iceberg that is the overwhelming evidence that the legal system in the United States is racial biased.

The entire article is worth reading but I wanted to take a moment to highlight the third paragraph because it addresses a common myth about the system:

Of particular concern to some on the right is the term “systemic racism,” often wrongly interpreted as an accusation that everyone in the system is racist. In fact, systemic racism means almost the opposite. It means that we have systems and institutions that produce racially disparate outcomes, regardless of the intentions of the people who work within them. When you consider that much of the criminal-justice system was built, honed and firmly established during the Jim Crow era — an era almost everyone, conservatives concluded, will concede rife with racism — this is pretty intuitive. The modern criminal-justice system helped preserve racial order — it kept black people in their place. For much of the early 20th century, in some parts of the country, that was its primary function. That it might retain some of those proclivities today shouldn’t be all that surprising.

One thing on which the “left” and “right” (in this context “left” is being used to refer to those who believe the system is racially biased while “right” is being used to refer to those who disagree with those on the “left”) commonly agree is that the definition of a racially biased system is based on those within it. The “left” tend to argue that the legal system in the United States is racist because the majority of those within it are racists. The “right” often adopt this definition because it’s easy to argue against. Since both groups subscribe to this definition of systemic racism, the argument over whether the legal system is racially biased tends to involve people on the “right” pointing to people within the system who aren’t racist while people on the “left” refute their argument by claiming that those people are actually racist (if no evidence exists supporting their accusation, they argue that the person is a closet racist).

Systemic racism isn’t defined by who composes the system but by what rules govern the system.

The legal system in the United States would continue to show a racial bias even if the entire system was composed by individuals who didn’t contain a single racist bone in their body (assuming, of course, that they also followed the rules). This is because the rules governing the system ensure a racially biased outcome. How is that accomplished without the laws overtly being based on race? By criminalizing activities that are more often enjoyed by individuals who belong to a target race (I say this with the understanding that race itself is arbitrarily defined).

Let’s consider a hypothetical scenario. Let’s say we have a racist politician who wants to write a law that will primarily put more black men in prison. How can he go about accomplishing this without mentioning race in his law? First he would identify an activity that is more often enjoyed by black men than white men. If we’re discussing fashion, it is more common for black men to wear pants that hang below their waist than it is for white men so that would make a good candidate. So our hypothetical politician could write a law criminalizing the act of wearing pants that hang below the waist. What do you think the arrest statistics are going to look like after one year? They will almost certainly show that far more black men were arrested than white men. As an added bonus, the arrest statistics will likely contain a few white men, which will give the politician evidence to argue that the law isn’t racist. Even if the majority of people who are tasked with enforcing the law (again, assuming they follow the rules) aren’t racist, the statistics will show a racial bias because the law targets an activity more commonly enjoyed by black men.

A system like this will more reliably deliver the desired outcome of its creators than a system that is composed of individuals who share the same desires as its creators. Why? Because the people who compose a system tend to change rather quickly whereas the rules that govern a system tend to change far less frequently. Moreover, even if the system is infiltrated by individuals who disagree with its creators’ desires, there isn’t anything they can do to change the system without breaking the rules (and thus being exposed and dismissed).

It’s unfortunate that the definition of systemic racism is far more complex than the commonly used definition. People tend to shy away from complexity. Although shying away from complexity is a sane default, it’s the wrong response when the seemingly simpler definition is wrong.