Your Government Doesn’t Love You – Page 108

Focusing On Softer Targets

In regards to the Office of Personnel Management (OPM) breach I noted that the federal government’s networks are only as secure as the weakest link. While it’s likely federal agencies such as the Department of Defense (DoD) and National Security Agency (NSA) have much more secure networks than the OPM or Internal Revenue Service (IRS) the fact that all these federal agencies share data amongst each other means an attack only needs to breach the weakest network. Apparently that’s what China has been doing:

WASHINGTON — After years of cyberattacks on the networks of high-profile government targets like the Pentagon, Chinese hackers appear to have turned their attention to far more obscure federal agencies.

Law enforcement and cybersecurity analysts in March detected intrusions on the computer networks of the Government Printing Office and the Government Accountability Office, senior American officials said this week.

It’s a smart move. Just as much valuable information can be gleamed from lesser known agencies as more famous agencies. The fact is federal agencies have so much data on both individuals and government operations that they’re all prime targets. Herein again lies the fallacy of the “nothing to hide” crowd. They believe the only eyes that will be looking at the data the federal government has collected on them is the federal government. Truth be told other eyes such as foreign governments and malicious hackers will also be looking at their data.

The reason it’s important to keep as much data away from the federal government as possible is not just because of what the federal government will do with it but also because of the likelihood it will lose control of that data in the future.

When The Only Thing You Have Is Legislation Every Problem Looks Like It Can Be Solved By Passing A Law

Politicians are trying to infringe on both the rights of self-defense and free speech in their latest attempt at the impossible. With the 3D printing revolution taking place many politicians see the writing on the wall and realize their power to regulate manufacturing is waning. Hoping to head this technology off at the pass they’re trying to find a justification that people will fall for to pass regulations against 3D printing. Their betting everything on the populace finding the prospect of 3D printed firearms scary enough that they’ll support laws restricting what individuals can print on their 3D printers. But the rhetoric is especially amusing:

The notion of a 3-D printable gun has become the perfect flashpoint in a new conflict between digital arms control and free speech. Should Americans be allowed to say and share whatever they want online, even if that “speech” is a blueprint for a gun? The State Department has now answered that question with a resounding “no.”

That isn’t even the correct question. What everybody should be asking is if it’s even possible to enforce a law restricting what individuals can do with their 3D printers. The answer is no. Computer technology is far too pervasive to control anymore. Information can be shared amongst individuals around the world almost instantly. Anonymity tools allow individuals to share information without being identifiable. And even if people in the United States comply with a law against sharing 3D printer designs for firearms the rest of the world isn’t bound by such nonsense.

Censorship is dead and the Internet killed it. Any restriction against the sharing of ideas is unenforceable and therefore shouldn’t even be a consideration for politicians.

Federal Government Demonstrates How Not To Do HTTPS

I admit that setting up Hypertext Transfer Protocol Secure (HTTPS) isn’t as easy as it should be. But there’s no reason why something a massive as the federal government, especially when you consider the fact that it can steal as much money as it wants, can’t properly setup HTTPS. But it can’t.

I use HTTPS Everywhere to force as many sites as humanly possible over HTTPS instead of HTTP. Usually this works very well but sometimes a site isn’t properly setup and my user experience goes south. The Senate website is one of the sites that provides a suboptimal user experience. Take a look at these two exceptions I received when trying to access information on the Senate’s website:

The thing to note is that the web server is setup to give each senator their own subdomain. This requires the certificate to contain each individual subdomain. As you can see by the errors I received the certificate doesn’t contain the subdomain for the Committee of the Judiciary or Rand Paul. There are two things to take away from this.

First, the Senate’s web server is setup in a very fragile way. Instead of creating a separate subdomain for each senator it would have been much smarter to create a separate subdirectory for each senator. The only difference that would make for the user is they would have to type https://www.senate.gov/paul instead of https://www.paul.senate.gov. Since no subdomains would be needed the certificate wouldn’t have to contain the name of every senator and Senate committee.

Second, whoever is in charge of maintaining the certificate for the Senate’s web server is incompetent. Since each senator has a separate subdomain the certificate should be renewed after every election with the subdomains of the new senators added and the subdomains of the old senators removed. Likewise, the certificate should be renewed every time a new Senate committee is created or an old one is retired. That would allow users to securely connect to each Senator’s website.

In all likelihood this setup is the result of the server originally being created without any consideration given to security. When security became a concern the system was probably patched in the all too common “good enough for government work” manner instead of being redesigned properly to reflect the new requirements. And since there is almost no accountability for government employees nobody tasked with maintaining the server probably saw fit to periodically verify that the certificate is valid for every available subdomain.

I would argue that this is yet another example of the government’s poor security practice that should have everybody worried about the data it collects.

The “Black” Market Has Your Back

When people hear the term “black” market their thoughts usually jump to human trafficking, violent drug gangs, and other violent endeavors. In reality those aren’t even examples of markets because markets are based on the voluntary exchange of goods and services between individuals. The real “black” market is nothing more than the exchange of goods and services the state has declared illegal. Oftentimes this involves drugs like cannabis and cocaine but other times it involves goods or services that are extremely expensive in “legitimate” markets due to regulations. Healthcare is one of those markets where regulations have made almost everything prohibitively expensive. Fortunately there’s the “black” market ready to provide healthcare goods for far less:

Several months ago, Jackie found that her maintenance inhaler was running low. We had just obtained health insurance through Kentucky’s health care exchange and, while it wasn’t the most expensive plan, it certainly wasn’t cheap. Our monthly bill was high, but we thought the coverage was worth it.

I should mention that Jackie specifically picked a plan with low prescription co-pays.

Imagine our surprise when the total for her inhaler, with insurance applied, turned out to be around $300.

Money was very tight at that time; we just couldn’t afford the inhaler without falling behind on other necessities like utilities and groceries.

It was Jackie’s idea to check on the dark net.

[…]

It hadn’t occurred to me to look for an inhaler on the dark net until Jackie suggested it. She doesn’t really know much about the markets beyond things I’ve told her, but she asked me one night if you could buy inhalers on them. I got online, opened the Tor browser that is the gateway to the darknet, and pretty soon I found exactly the same maintenance inhaler—same brand, completely identical—that we needed to replace. The price was $30 with shipping.

The exact same inhaler for one tenth the price was made possible by the “black” market. And thanks to the greatly reduced price Jackie didn’t have to suffer from foregoing other necessities due to lack of finances. This isn’t an isolated case either. Similar illegal trade exists for other medical necessities such as diabetes test strips.

“Black” markets are necessary in any society that suffers from a government that places regulations on free trade. Regulations always raise the costs of goods and services because they push out small providers place a barrier to entry for new providers. Fortunately there are many people out there willing to ignore the law and provide goods and services to those who want them. Instead of seeing them as dirty criminals we should acknowledge that they’re no different than individuals who provide goods and services in the “legitimate” market. If it wasn’t for them many people would have to make do without basic necessities.

Authors Guild Demands The Impossible To Fight Piracy

Statism encourage the use of the truncheon to solve every problem. Is your neighbor is being noisy at night? Don’t go over and talk to them, sic men with guns on them! Is your new competitor stealing away some of your business? Don’t revamp your business model to more effectively compete, demand the state implement new regulations that stifle your competitor!

The problem with this mode of thinking is that it discourages creativity so when a problem that can’t be solved by the truncheon appears the only solution is to demand the impossible. That’s what the Authors Guild is doing in the name of fighting piracy:

The Authors Guild, one of the nation’s top writer’s groups, wants the US Congress to overhaul copyright law and require ISPs to monitor and filter the Internet of pirated materials, including e-books.

[…]

Rasenberger believes that ISPs have the technology and resources to remove pirated works without being notified that pirated content is on their networks. She continued:

Individual copyright owners do not have the resources to send notices for every instance of infringement online, much less to keep sending the for copies reposted after being taken down. Individuals do not have access to automated systems that track infringing copies and send notices, nor do they have the bargaining power to make the deals with ISPs that larger corporations can.

ISPs, on the other hand, do have the ability to monitor piracy. Technology that can identify and filter pirated material is now commonplace. It only makes sense, then, that ISPs should bear the burden of limiting piracy on their sites, especially when they are profiting from the piracy and have the technology to conduct automates searches and takedowns. Placing the burden of identifying pirated content on the individual author, who has no ability to have any real impact on piracy, as the current regime does, makes no sense at all. It is technology that has enabled the pirate marketplace to flourish, and it is technology alone that has the capacity to keep it in check.

Those who don’t understand the technical issues involved in piracy may believe this is a viable solution. But the stronger emphasis on security, thanks to Edward Snowden, also ensures Internet service providers (ISP) are going to be less and less able to monitor their customers’ activities. An ISP can only monitor what it can see. If piracy is happening over unencrypted connections an ISP can see it. Encrypted connections are an entirely different matter. Unless pirates are using ineffective encryption it’s not possible for an ISP to monitor their activities. It is possible for an ISP to use heuristics to estimate what customers are doing but that is a far cry from being able to say without question what a customer is doing. And an ISP doesn’t want to acquire a reputation for cutting off service and turning over customers to law enforcers without iron clad evidence of wrongdoing.

Solving digital copyright infringement, what piracy actually is, requires adjusting business models. Identifying and combating pirates is no longer feasible so copyright holders must give customers reason to choose paying them over obtaining pirated copies of works. I think the music industry is finally seeing a solution with streaming services such as Spotify and Apple Music. Such services make it extremely easy for users to acquire and listen to music. In fact they make it easy enough that the cost of the subscription is less than the hassle of finding a pirate source of music, downloading it, and loading it onto devices and computers. While that doesn’t stop all piracy is stops a lot of it and that’s the best a copyright holder can hope for when their product can be copied infinite times with ease.

Music piracy has proven that no amount of laws will solve the problem. The Digital Millennium Copyright Act (DMCA), the very act that is being cited by the Authors Guild, was passed, in part, as a response to music piracy. Music piracy is still a thing even though the DMCA has been on the books for years because passing a law and enforcing a law are two entirely different things.

Gun Control And Cryptography Control: Same Idea With The Same Outcome

Crypto War II is heating up. David Cameron has vowed to make effective cryptography illegal in the Britain, the Federal Bureau of Investigations (FBI) has been uging Congress to pass a ban on effective cryptography, and Australia has been ahead of the curve by not just prohibiting the use of strong cryptography but also learning about it. I’ve spent a good deal of time fighting against attempts to restrict or prohibit gun ownership. From my experience there I can say that attempts to restrict or prohibit effective cryptography is the exact same thing with the same outcome.

First, let’s consider what restricting or prohibiting gun ownership does. Gun restriction laws prohibit non-state individuals from having legal access to certain types of firearms and what they can do with their firearms. The National Firearms Act (NFA), for example, places heavy restrictions on purchasing machine guns, suppressors, and several other categories of firearms. Adding to the NFA’s restrictions on machine guns the Hughes Amendment to the Firearm Owners Protection Act outright prohibited non-state entities from legally owning machine guns manufactured after 1986. In addition to these restrictions the Gun Control Act of 1968 also created a list of individuals prohibited from owning any type of firearm. The list includes anybody who has been labeled a felon, which means simply failing to abide by the entire tax code could make it illegal for you to own a firearm. Most states have laws restricting individuals from lawfully carrying a firearm without state permission. In other words most states restrict individuals’ options for self-defense. Those laws, like all laws, only apply to individuals acting within the law. Criminals, by definition, do not have to abide by these restrictions and prohibitions so the ultimate outcome is that non-state individuals can be outgunned by violent criminals (both the state and non-state variety).

Now let’s consider what restricting or prohibiting effective cryptography does. Restrictions against effective cryptography create a legal requirement that all cryptographic systems be weakened in such a way that they can be easily bypassed by the state. In reality cryptographic systems cannot be weakened in such to allow only one entity to bypass them without also allowing other entities to bypass them. We learned this lesson during the Clipper chip fiasco. When you purposely introduce weaknesses into cryptographic systems those weaknesses can be targeted by anybody, including run of the mill criminals and foreign states. In the case of key escrow, the system being proposed where all encrypted data can be decrypted by a key held by the state, the focus would likely be in either creating or stealing a copy of the state’s key. Once that happened, and it would only be a matter of time until it did happen, the encrypted data would be available to anybody with a copy of the key to read. Imagine the day, and it would happen, where that master key was widely distributed across the Internet. Suddenly everything that was lawfully encrypted would be easily decrypted by anybody. Your personal information, including credit card and Social Security numbers, would be accessible to every identify thief in the world. Any communications you had that could imply you were participating in an unlawful activity, even if you weren’t, would suddenly be accessible not only to law enforcement agents but also individuals interested in blackmailing you. All future communications with online stores would be vulnerable, which means your credit card and shipping information could be snapped up by anybody surveiling the network you’re using. Any information you entered into state and federal online tax systems would be viewable to anybody with a copy of the master key. Effectively everything you communicated would be transmitted in plaintext and viewable to anybody.

Cryptography, like a firearm, is a means of self-defense. Where firearms are used to defend your physical self cryptography is used to defend your data. If your phone or laptop is stolen encryption can defend all of the information stored on it from the thief. When you make a purchase online encryption defends your credit card number and shipping address from identify thieves. Your Social Security number is also defended against identify thieves by encryption when you fill out your taxes online. There are a lot of bad individuals who want to steal personal information about you and the only thing you have to defend against them is effective cryptography. Any restriction against effective cryptography necessarily inhibits the ability of individuals to defend themselves.

The fight against restricting cryptography is the same fight against restricting firearm ownership. Both fights are against attempts by the state to restrict the ability of individuals to protect themselves from harm.

The Deplorable State Of The Government’s Network Security

“I’ve got nothing to hide,” is a phrase commonly spoken by supporters of government surveillance and those too apathetic to protect themselves against it. It’s a phrase only spoken by the ignorant. With each working professional committing an average of three felonies a day there are no grounds for anybody to claim they have nothing to hide from the government. But even those who don’t believe they have anything to hide from the government likely feel as though they have something to hide from the general public. With the breach of the Office of Personnel Management’s (OPM) network we were shown another important fact: the government’s network security is in such a poor state that any data it collects could be leaked to the general public.

Now we’re learning that the OPM wasn’t the only government agency with deplorable network security. It’s a chronic problem within the government:

Under a 2002 law, federal agencies are supposed to meet a minimum set of information security standards and have annual audits of their cybersecurity practices. OPM’s reviews showed years of problems.

But the issue is far more widespread than with just one agency. According to the Government Accountability Office, 19 of 24 major agencies have declared cybersecurity a “significant deficiency” or a “material weakness.” Problems range from a need for better oversight of information technology contractors to improving how agencies respond to breaches of personal information, according to GAO.

“Until federal agencies take actions to address these challenges—including implementing the hundreds of recommendations GAO and agency inspectors general have made—federal systems and information will be at an increased risk of compromise from cyber-based attacks and other threats,” the watchdog agency said in a report earlier this month.

A large majority of major agencies have declare their network security to be unfit. In addition to general network security there are also concerns about overseeing contractors; which is pretty legitimate after Edward Snowden, an at the time contractor, walked off with a lot of National Security Agency (NSA) secrets; and abilities to respond to breaches.

Many mass surveillance apologists have pointed out that the OPM isn’t exactly the NSA because they assume the latter has far better security. As I mentioned above, Edward Snowden proved otherwise. And even if some agencies do have effect network security the problem of inter-agency sharing is a real concern. Assume the Internal Revenue Service (IRS) actually has adequate network security but it shares information with the OPM. In the end the data held by the IRS is still acquired by malicious hackers because they were able to compromise an agency that also held the data. Security is only as strong as the weakest link.

The next time somebody claims they have nothing to hide from the government ask them to post all of their personal information to Pastebin. If they’re not willing to do that then they should be concerned about government surveillance considering the state of its networks.

In Regards To Hoppe’s Argument Against Open Borders

The imaginary lines on our maps are the subject of frequent debate. It’s not surprising to see statists argument about immigration policy since they believe those imaginary lines are very real and very important. What’s surprising to me is that various branches of anarchism argue about them as well.

Yesterday the Muh Borders Facebook page linked to an article by Hans-Hermann Hoppe posted by Lew Rockwell. Hoppe’s article argues against open border policies that are supported by, what he refers to as, left-libertarians. It’s true that I consider myself a dirty leftist but I came from what most people would consider right-libertarianism. Right-libertarianism believes in the Lockean principle of homesteading. That is to say initial property rights are established when one mixes their labor with unowned resources. From there property rights can be transferred through trade. Herein lies my quarrel with Hoppe’s article. In it he argues:

But on what grounds should there be a right to un-restricted, “free” immigration? No one has a right to move to a place already occupied by someone else, unless he has been invited by the present occupant. And if all places are already occupied, all migration is migration by invitation only. A right to “free” immigration exists only for virgin country, for the open frontier.

[…]

The second possible way out is to claim that all so-called public property – the property controlled by local, regional or central government – is akin to open frontier, with free and unrestricted access. Yet this is certainly erroneous. From the fact that government property is illegitimate because it is based on prior expropriations, it does not follow that it is un-owned and free-for-all. It has been funded through local, regional, national or federal tax payments, and it is the payers of these taxes, then, and no one else, who are the legitimate owners of all public property. They cannot exercise their right – that right has been arrogated by the State – but they are the legitimate owners.

On the surface this makes sense. Goods obtained with stolen wealth rightfully belong to those who the wealth was stolen from. But this raises a question, what exactly can be claimed to be owned by the state? Is it everything within the imaginary lines it has drawn on our maps? If that’s the case the principle of homesteading seems to be absent in Hoppe’s argument. Much of the land claimed by the United States government, for example, hasn’t been homesteaded, the state hasn’t mixed any labor with it. It just sits untouched.

If we were to divest the property of the United States to the people whose wealth has been stolen would we also include that untouched land? If so, why? Do states enjoy a special type of property right that allows it to just declare something its own in lieu of homesteading? If not, why is the land not open for homesteading and therefore why are open borders at odds with right-libertarianism?

Hoppe expands his argument further by asking a hypothetical question:

First off: What would immigration policies be like if the State would, as it is supposed to do, act as a trustee of the taxpayer-owners’ public property? What about immigration if the State acted like the manager of the community property jointly owned and funded by the members of a housing association or gated community?

At least in principle the answer is clear. A trustee’s guideline regarding immigration would be the “full cost” principle. That is, the immigrant or his inviting resident should pay the full cost of the immigrant’s use made of all public goods or facilities during his presence. The cost of the community property funded by resident taxpayers should not rise or its quality fall on account of the presence of immigrants. On the contrary, if possible the presence of an immigrant should yield the resident-owners a profit, either in the form of lower taxes or community-fees or a higher quality of community property (and hence all-around higher property values).

Again, this argument seems to make sense on the surface. Immigrants or the residents who invited them are expected to pay the full cost of the immigrants’ use of public goods and facilities. But it again fails to address land that hasn’t been homesteaded by either the state of its tax victims. If an immigrant decides to homestead a piece of land in the Nevada desert that hasn’t already been homesteaded the tax victims face no costs. The only way the trustee model justifies state enforced immigration controls is if it is exempted from the homesteading principle.

When I brought this up to some of my friends one of them had an interesting interpretation of what Hoppe wrote. He thought Hoppe implied that the state was only able to hold the territory it claimed by extorting wealth from the populace and therefore, under Hoppe’s argument, all of the territory should be divested amongst the tax victims. Even using this interpretation I find that the homesteading principle would have to be ignored.

It’s true that the state is only able to hold the territory it claims because it used some of the wealth it stole to create a military that can kill anybody who doesn’t acknowledge its claim. But I don’t believe that satisfies the homesteading principle because the state still didn’t mix any labor with the land.

Imagine if the United States claimed sole ownership over the moon and threatened war against any other nation that landed on it. It’s ability to make such a threat would certainly be made possible by its sizable military. However the stolen wealth was invested in creating the military, not homesteading the moon. Therefore this interpretation would be an argument for divesting military assets amongst the tax victims but not the moon itself. The same applies to the territory within the state’s borders that hasn’t been homesteaded.

At the start of the article Hoppe claims that left-libertarianism “serve as Viagra to the State.” I would argue that, if anything, his argument against open borders serves as Viagra to the state. His argument requires granting the state a special privilege to claim land without homesteading it. Right-libertarianism’s core argument against the state is that it enjoys a special privilege to legally initiate force. One of the ways it exercises that privilege is by enforcing its claims to land and resources it hasn’t homesteaded. By granting the state a special privilege you put it a step up on the hierarchy than everybody else and that is what allows it to maintain its power.

The Founding Fathers Did Use Encryption

One of the arguments that have been made for prohibiting strong encryption is that the Founding Fathers couldn’t have envisioned a world where law enforcers were unable to read communications. Why the Founding Fathers needed to be clairvoyant to justify something today is beyond me but the Electronic Frontier Foundation (EFF) had a great rebuttal to the argument. If you head over to the Library Of Congress’s website you can read about how James Madison encrypted his messages to prevent law enforcers from reading them:

As a Virginia delegate to the Continental Congress, while secretary of state, and in his personal correspondence with Thomas Jefferson, James Madison feared constantly that unauthorized people would seek to read his private and public correspondence. To deter such intrusions, he resorted to a variety of codes and ciphers.

Most of the early ciphers that Madison used were keyword polyalphabetic code systems involving a complex interaction of a keyword with alphabets and numbers in a preestablished pattern. The codes were designed by James Lovell, a Massachusetts delegate to the Continental Congress and an expert on ciphers. On July 5, 1782, Edmund Randolph wrote to James Madison: “I wish, that on future occasions of speaking of individuals we may use the cypher, which we were taught by Mr. Lovell. Let the keyword be the name of the negro boy, who used to wait on our common friend.” Madison noted at the bottom of Randolph’s letter, “Probably CUPID.” He added, “I have been in some pain from the danger incident to the cypher we now use. The enemy I am told have in some instances published their intercepted cyphers.”

What’s interesting here is that Madison not only encrypted his messages when he was in the Continental Congress but also after he became secretary of state and in his personal correspondences. He wasn’t just hiding his communications from British law enforcers but continued to hide them even after they had been replaced by United States law enforcers. That only makes sense because if you only encrypt important messages the simple fact you used encryption indicates to spies that the message is important and resources should be put into decrypting it.

Arguing that the Founding Fathers couldn’t have predicted pervasive encryption is idiotic because they themselves used it. There’s also no evidence that they provided either British or United States law enforcers with any keys to allow them to rapidly decrypt the communications if needed.

Hennepin County Offers To Make Peaceful Transactions More Risky

Every day people are performing voluntary transactions, many of which are setup over trade websites like Craigslist. There have been a few horror stories arising from these arranged transactions, mostly because one party didn’t demand the transaction occur in a public place, but a vast majority occur without incident. Thanks to the media and police the handful of bad incidents have been trumped up enough to make a lot of people unnecessarily afraid of such transactions. Now that it has helped create the problem Hennepin County is claiming to have the solution:

MINNEAPOLIS (KMSP) – Ever purchased or sold an item on Craigslist and wondered if the person on the other end could kill you? To combat online purchasing crime, Hennepin County unveiled “Swap Spots,” public safe havens where members of the community can go to make a variety of transactions.

[…]

Swap Spots are only available during normal hours of operation and designated by a blue and red logo. A deputy is not required to monitor each exchange, will not facilitate the transaction, and won’t keep a log of transactions, but if you would like a deputy present, the sheriff’s office said they’ll try to accommodate you.

What could make another otherwise peaceful transactions risky? Adding armed men with liability shield and an extensive history of violence into the mix! That’s what Hennepin County is offering with these “Swap Spots.” Instead of meeting in a public place, say a busy park or a restaurant, to perform a transaction people now have the option of performing the transaction under the gaze of police officers who are likely chomping at the bit to arrest somebody for violating some esoteric law, failing to pay a tax, or any number of other possible justifications they can fabricate on the spot.

If I were going through with an online transaction the last place I would do it at is one of these “Swap Spots.” Adding government in any capacity to the free market is always dangerous. I’d far prefer performing a transaction at a restaurant where you’re not only safe but also have access to food and drink (which is always nice when doing business).