Tag: Technology

NYPD Suspends Use of Body Cameras

What were sold as a tool for law enforcer accountability turned into a tool for evidence gathering. Body cameras have failed to reign in bad police behavior but they still provided us little people with some amusement as law enforcers tried to explain how really egregious looking footage was actually a misunderstanding. It appears as though the New York Police Department (NYPD) has tired of explaining the embarrassing footage because it has completely suspended their use:

The NYPD’s plan to outfit every officer with body cameras has run into trouble. The department has pulled about 2,990 Vievu LE-5 cameras across the city after one officer’s camera caught fire near a Staten Island precinct. There’s a “possible product defect” with the LE-5, the NYPD said in a statement, and it was removing existing models out of an “abundance of caution.” Most of the force’s 15,500 cameras (including LE-4 models) aren’t affected.

As one of my friends said, I wonder how long the officer had to hold a lighter to their body camera before it stayed lit.

A Seemingly Good Idea with a Steep Price

When you use a free e-mail provider, you are the product, which means that the provider most likely snoops through the contents of your e-mail to deliver targeted ads. Because of this I encourage people to move away from free providers. Paid e-mail providers are less inclined to snoop through your e-mails but the best option is to host your own e-mail server. Unfortunately, hosting e-mail is a pain in the ass so very few people are interested in doing it. A new product, Helm, is promising the best of both worlds: self-hosted e-mail without the complexity of administering an e-mail server. From a technical standpoint, it looks like a solid product:

The service takes a best-of-both-worlds approach that bridges the gap between on-premises servers and cloud-based offerings. The server looks stylish and is small enough to be tucked into a drawer or sit unnoticed on a desk. It connects to a network over Ethernet or Wi-Fi and runs all the software required to serve email and calendar entries to authorized devices. An expansion slot allows an additional five terabytes of storage.

The server also provides a robust number of offerings designed to make the service extremely hard to hack, including:

  • A system-on-a-chip from NXP that stores keys for full-disk encryption and other crypto functions to ensure keys are never loaded into memory, where they might be leaked. The disk encryption is designed to prevent the contents from being read without the key, even if someone gets physical possession of the device.
  • Support for secure boot and keys that are hardwired during manufacture so the device can only run or install authorized firmware and firmware updates. The devices are manufactured in the US or Mexico to ease concerns about supply-chain weaknesses.
  • Firmware that only communicates over an encrypted VPN tunnel. This measure prevents employees of the user’s ISP, or anyone monitoring the home or office connection, from knowing who the user is communicating with. The firmware also automatically generates TLS certificates from the free Let’s Encrypt service.
  • Before being backed up in the cloud, messages are encrypted using a key that’s stored on the personal server and is available only to the end user. That means if the cloud server is ever hacked or the provider is legally compelled to turn over the backed up data, it can’t be decrypted without the key.
  • Two-factor authentication that’s based on what Helm calls “proximity based security.” The tokens that generate one-time passwords can only be installed on a smartphone that has come into close physical proximity with the Helm device during pairing by someone who knows the device password. Pairing new phones, adding email accounts, or making other changes not only requires a device password but also an OTP from an already-paired phone.

Technical specifications and implementation often don’t match so I’ll be interested to see how well this product works in the wild. However, I’m guessing that this product isn’t going to fly off of the shelves because the price is steep:

The startup is betting that people will be willing to pay $500 to purchase the box and use it for one year to host some of their most precious assets in their own home. The service will cost $100 per year after that. Included in the fee is the registration and automatic renewal of a unique domain selected by the customer and a corresponding TLS certificate from Let’s Encrypt.

$500 is a lot of money for a consumer-grade embedded computer and a $100 per year subscription fee isn’t chump change no matter how you shake it. You can buy a ProtonMail subscription for significantly less and enjoy what most consumer would consider pretty reasonable security. But if you want a self-hosted e-mail option without the hassle that usually accompanies setting up and maintaining your own e-mail server (and have a few Benjamins to spare), this may be a product to look into.

Serving Your Overlords Forever

It used to be if an actor died, they stopped acting but today’s digital editing technology allows even the dead to continue their career:

From Carrie Fisher in Rogue One: A Star Wars Story to Paul Walker in the Fast & Furious movies, dead and magically “de-aged” actors are appearing more frequently on movie screens. Sometimes they even appear on stage: next year, an Amy Winehouse hologram will be going on tour to raise money for a charity established in the late singer’s memory. Some actors and movie studios are buckling down and preparing for an inevitable future when using scanning technology to preserve 3-D digital replicas of performers is routine. Just because your star is inconveniently dead doesn’t mean your generation-spanning blockbuster franchise can’t continue to rake in the dough. Get the tech right and you can cash in on superstars and iconic characters forever.

Unlike living actors, dead actors won’t refuse roles or fighting the director, which is great for propagandists. Imagine a future where a hologram of Hunter S. Thompson does a D.A.R.E. touring circuit or a hologram of Emma Goldman gives a lecture about the importance of government.

The End of TLS 1.0 and 1.1

Every major browser developer has announced that they will drop support for Transport Layer Security (TLS) 1.0 and 1.1 by 2020:

Apple, Google, Microsoft, and Mozilla have announced a unified plan to deprecate the use of TLS 1.0 and 1.1 early in 2020.

TLS (Transport Layer Security) is used to secure connections on the Web. TLS is essential to the Web, providing the ability to form connections that are confidential, authenticated, and tamper-proof. This has made it a big focus of security research, and over the years, a number of bugs that had significant security implications have been found in the protocol. Revisions have been published to address these flaws.

Waiting until 2020 gives website administrators plenty of time to upgrade their sites, which is why I’ll be rolling my eyes when the cutoff date arrives and a bunch of administrators whine about the major browsers “breaking” their websites.

Every time browser developers announced years ahead of time that support will be dropped for some archaic standard, there always seems to be a slew of websites, include many major websites, that continue relying on the dropped standard after the cutoff date.

Hey Siri, I’m Getting Pulled Over

Do you carry an iPhone? If so, is it updated to iOS 12? If you answered yes to both, there’s a very useful tool you can download:

There’s a big new feature for iPhone experts this year: It’s an app called Shortcuts, and with a little bit of logic and know-how, you can stitch together several apps and create a script that can be activated by pressing a button or using Siri.

[…]

But Robert Petersen of Arizona has developed a more serious shortcut: It’s called Police, and it monitors police interactions so you have a record of what happened.

Once the shortcut is installed and configured, you just have to say, for example, “Hey Siri, I’m getting pulled over.” Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on “do not disturb” mode.

You can download the shotcut here.

I’ve downloaded it and tested it. Sure enough it works as advertised. Grab it and install it on your phone so it’s ready if you get pulled over.

The Fake Facebook Profiles of Law Enforcement

Do you remember that really hot chick who tried to friend you on Facebook? The one who claimed to be single and horny? There’s a good chance that “she” was a cop:

Police officers around the country, in departments large and small, working for federal, state and local agencies, use undercover Facebook accounts to watch protesters, track gang members, lure child predators and snare thieves, according to court records, police trainers and officers themselves. Some maintain several of these accounts at a time. The tactic violates Facebook’s terms of use, and the company says it disables fake accounts whenever it discovers them. But that is about all it can do: Fake accounts are not against the law, and the information gleaned by the police can be used as evidence in criminal and civil cases.

Investigators know this, which is why the accounts continue to flourish.

This should come as a surprise to approximately nobody. Law enforcers have been busy turning this country into a surveillance state. Meanwhile, Facebook has been busy collecting every shred of personal information about as many people as it can. They’re a match made in Heaven, or more aptly Hell.

The best defense against this, other than not using Facebook, is to only add people whose identity you have personally verified. That doesn’t necessarily mean that a person you know in real life isn’t an undercover cop, but verifying identities will at least cut down on the low level efforts to surveil you.

The World’s Largest Text Editor

One of my Macs was screaming that it was running out of disk space so I pulled up a report of the largest files on the system. Since the system contains several virtual machines, those files were at the top as expected. However, as I scrolled through the list of files something jumped out at me. At some point I had installed the Atom text editor on the system. I don’t remember why I did that but it was probably because I wanted to test it for something. Regardless according to the report the Atom text editor was over 800MB in size. Just for fun I decided to download a copy of the latest version of Atom on another system. The downloaded file decompressed to 822.7MB.

I get that disk space is more or less plentiful and cheap but 822.7MB for a text editor is a bit excessive. I’m actually kind of impressed that a development team managed to bloat a text editor to such an enormous size (but not the good kind of impressed).

A Lot of Websites Don’t Fix Security Issues

Last year Google announced that it would be removing the Symantec root certificate from Chrome’s list of trusted certificates (this is because Symantec signed a lot of invalid certificates). This notification was meant to give web administrators time to acquire new certificates to replace their Symantec signed ones. The time of removal is fast approaching and many web administrators still haven’t updated their certificates:

Chrome 70 is expected to be released on or around October 16, when the browser will start blocking sites that run older Symantec certificates issued before June 2016, including legacy branded Thawte, VeriSign, Equifax, GeoTrust and RapidSSL certificates.

Yet despite more than a year to prepare, many popular sites are not ready.

Security researcher Scott Helme found 1,139 sites in the top one million sites ranked by Alexa, including Citrus, SSRN, the Federal Bank of India, Pantone, the Tel-Aviv city government, Squatty Potty and Penn State Federal to name just a few.

The headline of this article is, “With Chrome 70, hundreds of popular websites are about to break.” A more accurate headline would have been, “Administrators of hundreds of websites failed to fix major security issue.” Chrome isn’t the culprit in this story. Google is doing the right thing by removing the root certificate of an authority that failed to take proper precautions when issuing certificates. The administrators of these sites on the other hand have failed to do their job of providing a secure connection for their users.

Live Streaming Summary Executions

The Company Formerly Known as Taser (Axon) has announced a new line of body cameras that allow law enforcers to live stream their antics:

Police officers wearing new cameras by Axon, the U.S.’s largest body camera supplier, will soon be able to send live video from their cameras back to base and elsewhere, potentially enhancing officers’ situational awareness and expanding police surveillance.

[…]

Axon plans to test the device, the Axon Body 3, with a group of agencies early next year and ship to U.S. customers in the summer. (The initial price of $699 doesn’t include other costs, like a subscription to Axon’s Evidence.com data management system.) A built-in antenna transmits HD video over dedicated 4G LTE cellular networks, while another feature triggers the camera to start recording and alerts command staff once an officer has fired their weapon, a possible corrective to the problem of officers forgetting to switch them on.

Now the whole department can tune in for the summary execution of the unarmed black man!

Less you mistakenly believe that this live streaming capability might give oversight committees the ability to oversee law enforcers by randomly activating the live streaming capability, never fear, the live streaming capability can only be activated when the officer wearing the camera enables it:

Giving supervisors the ability to live-stream from officers’ chests has raised privacy concerns among police too. Axon’s system does not allow supervisors to remotely begin live-streaming from an officer’s camera unless it is in recording mode–that is, once an officer presses a large button in the center of the camera or is activated automatically by the sound of a gunshot, for instance. The video streams will also be limited to those with permission through the Evidence.com software.

That’s a relief! I was almost worried that there was a chance that an overseer might randomly activate an officer’s body camera can catch them doing something unlawful!

Of course the live video is streamed to Evidence.com, which is a service geared towards preventing the use of collected evidence from being used to defend an accused party or from bring charges against a law enforcer who has been caught doing something illegal.

Axon has covered all of its bases. There’s no possibility that these new features will be used to hold law enforcers accountable, which will make them popular with law enforcement departments.

Living in a Surveillance State

People often argue about whether Brave New World or Nineteen Eighty-Four more accurately predicted our current predicament. I tend to believe that both books predicted different aspects of the present. Governments have certainly invested heavily in dumbing down and distracting the population in order to make them more docile and therefore easier to rule. But they have also invested heavily in ensuring that they can watch everything you do wherever you go:

The next time you drive past one of those road signs with a digital readout showing how fast you’re going, don’t simply assume it’s there to remind you not to speed. It may actually be capturing your license plate data.

According to recently released US federal contracting data, the Drug Enforcement Administration will be expanding the footprint of its nationwide surveillance network with the purchase of “multiple” trailer-mounted speed displays “to be retrofitted as mobile LPR [License Plate Reader] platforms.” The DEA is buying them from RU2 Systems Inc., a private Mesa, Arizona company. How much it’s spending on the signs has been redacted.

This is why I laugh at people who leave their cellphone at home when they “don’t want to be tracked.” If you drive your vehicle somewhere, there’s an ever increasing chance that the license plate will be recorded by a government scanner. If you take public transit, there’s an almost guaranteed chance that your face will be caught on a surveillance cameras inside of the vehicle (and an ever increasing chance that facial recognition software will automatically identify you). If you walk, you’ll likely be recorded on any number of private and public surveillance cameras (which, again, are more and more being tied to facial recognition software to automatically identify you).

Everything has pros and cons. One of the cons of technology becoming more powerful and cheaper is that surveillance technology has become more powerful and cheaper. Tracking an individual, especially in metropolitan areas, is trivial. Fortunately, surveillance is a cat and mouse game. One of the pros of technology becoming more powerful and cheaper is that countersurveillance technology is becoming more powerful and cheaper.