Tag: Your Government Doesn’t Love You

When is Discussing Cryptography a Jailable Offense

A 17 year-old is facing 15 years in a cage because he discussed cryptography. Specifically he discussed how members of the Islamic State could utilize cryptography to further their goals:

A 17-year-old Virginia teen faces up to 15 years in prison for blog and Twitter posts about encryption and Bitcoin that were geared at assisting ISIL, which the US has designated as a terror organization.

The teen, Ali Shukri Amin, who contributed to the Coin Brief news site, pleaded guilty (PDF) Thursday to a federal charge of providing material support to the Islamic State in Iraq and the Levant.

Dana Boente, the US Attorney for the Eastern District of Virginia, said the youth’s guilty plea “demonstrates that those who use social media as a tool to provide support and resources to ISIL will be identified and prosecuted with no less vigilance than those who travel to take up arms with ISIL.”

According to the defendant’s signed “Admission of Facts” filed Thursday, Amin started the @amreekiwitness Twitter handle last June and acquired some 4,000 followers and tweeted about 7,000 times. (The Twitter handle has been suspended.) Last July, the teen tweeted a link on how jihadists could use Bitcoin “to fund their efforts.”

According to Amin’s court admission (PDF):

The article explained what Bitcoins were, how the Bitcoin system worked and suggested using Dark Wallet, a new Bitcoin wallet, which keeps the user of Bitcoins anonymous. The article included statements on how to set up an anonymous donations system to send money, using Bitcoin, to the mujahedeen.

Some may point out that this is obviously bad because it supports the “enemies of America.” But it brings up a very important question. Where is the line drawn between aiding an enemy and simply discussing cryptography? I write a lot of posts about how encryption can be used to defend against the state. That information could very well be read by members of the Islamic State and used to secure their communications against American surveillance. Have I aided the enemy? Has every cryptographer who has written about defending against government surveillance aided the enemy?

Lines get blurry when governments perform widespread surveillance like that being done by the National Security Agency (NSA). Regular people who simply want to protect their privacy, which is supposedly protected by the Constitution in this country, and military enemies of the government suddenly find themselves using the same tools and following the same privacy guides. What works, at least in regards to secure communications and anonymization, for people wanting privacy and military enemies is the same. Therefore a guide aimed at telling people how to encrypt their e-mail so it can’t be read by the NSA also tells an agent of the Islamic State how to do the same.

Where is the line drawn? Is it the language used? If you specifically mention members of the Islamic State as the intended audience are you then guilty? If that’s the case wouldn’t the obvious solution be writing generic guides that explain the same things? Wouldn’t that mean the information written by Ali Shukri Amin would have been perfectly fine if he simply didn’t tailor it for members of the Islamic State?

As the state’s use of widespread surveillance is utilized to enforce more laws the desire of regular people to secure their communications will increase (because, after all, we’re all breaking the law even if we don’t intent to or know we are doing it). They will use the same tools and guides as members of the Islamic State could use. Will every cryptographer face the same fate as Ali Shukri Amin?

Making It Doubleplus Illegal

Everything can be solved by a prohibition. At least that’s what the statists believe. Back in the day the movie Die Hard had everybody convinced that a Glock handgun was made of plastic and porcelain and could therefore get past metal detectors. Although this was entirely fabricated the politicians latched onto it and pass the Undetectable Firearms Act, which requires the inclusion of at least 3.7 ounces of steel in any firearm so it can be detected by metal detectors. With the advent of 3D printed firearms many politicians again have their panties in a bunch. Several of them have taken action and introduced a bill that would require metal be included in any firearm design:

Plastic guns can be even more dangerous than traditional firearms because they’re harder to detect, says Rep. Steve Israel (D-N.Y.).

The Undetectable Firearms Modernization Act, backed by Israel and several other Democrats, would prohibit the manufacture of entirely plastic guns. The legislation would require a major component of every gun to contain enough traces of metal to be detected.

Israel plans to unveil the legislation Tuesday during a press conference at LaGuardia Airport in New York City, where he will draw a connection between his bill and recent high-profile airport security lapses.

“If detectable weapons can make it through security checkpoints, how can we expect to catch wrongdoers carrying undetectable plastic firearms?” Israel told The Hill. “What could be worse than a gun that can be used on an airplane, but cannot be detected on the security line because it’s plastic?”

“It’s time to modernize our airport security so the American people can count on it,” he added.

So entirely plastic guns will now be doubleplus illegal! That will obviously solve the problem!

The number of laws on the books is now so extensive that even the politicians don’t know them all. Manufacturing entirely plastic guns has been illegal for a long time. In addition to the fact this bill is entirely redundant we also have the fact that 3D printed firearms still fire regular cartridges, which are made of metal. A plastic firearm with no ammunition is a worthless weapon. There is also the problem of who is administering airport security:

The Transportation Security Administration (TSA) failed a recent sting operation in which undercover agents sneaked fake explosives and weapons through airport security in 67 out of 70 tests, or about 95 percent of the time.

According to Israel (the politician, not the country) TSA’s 95 percent failure rating is one reason to pass this bill to make what is already illegal illegaler. I’m not sure how that makes sense since TSA hasn’t been missing plastic guns but actual metal guns. Something tells me Israel isn’t the sharpest tool in the congressional toolbox (but he is a tool).

It would be improper of me to not point out the most obvious flaw in Israel’s clever plan. Anybody who is willing to sneak a weapon onto a plane to kill people is not going to comply with a law that requires them to include metal in their 3D printed firearm. This law is therefore pointless on two levels.

Anything the Private Sector can Screw Up the Government can Screw Up Better

There have been numerous major data breaches in recent times that have compromised a lot of credit card numbers. The reaction from those breeches ranged from anger to outright demands that the government get involved to ensure another one never happens. As if trying teach that last crowd a valuable lesson fate has shown us once again that anything the private sector can screw up the government can screw up better (which is impressive because the private sector and really fuck some shit up):

A giant hack of millions of government personnel files is being treated as the work of foreign spies who could use the information to fake their way into more-secure computers and plunder U.S. secrets.

Millions of personnel files, including Social Security numbers, were acquired by an unknown attacker. This makes the compromise of credit card numbers look like amateur hour by comparison! But it gets better!

Federal employees were told in a video Friday to change all their passwords, put fraud alerts on their credit reports and watch for attempts by foreign intelligence services to exploit them. That message came from Dan Payne, a senior counterintelligence official for the Director of National Intelligence.

Emphasis mine. How in the hell is a regular low-level federal employee supposed to watch for attempts by foreign intelligence agencies trying to exploit them? Does the United States government honestly think other intelligence agencies are so inept as to have a guy with a strong foreign accent call up federal employees and say, “Hello, I’m a Nigerian prince…”? The average person has no idea how to defend themselves against a specialized spook (if they did spooks wouldn’t be very effective at their job).

Both the breach and the response are ridiculous. However this points to something more concerning. If the government can’t keep its personnel files safe or detect a major breach for months (the story notes the breach occurred in December but wasn’t discovered until this month) then why should we have any confidence in its ability to keep our personal information secure? Everything from tax records to our phone calls (thanks National Security Agency) are being held by the federal government and could be up for grabs by any competent attacker. Imagine the wealth of information that could be acquired if an attacker managed to breach one of the NSA’s databases. This is another reason why allowing the government to store personal information is so dangerous.

Look at Me

Look at me, my name is in the news!

Binney was joined by a panel that included Todd Pierce, a retired U.S. Army judge advocate general corps officer, cryptographer Christopher Burg and moderator Tony Styles to discuss the controversies surrounding the Patriot Act and NSA surveillance.

This is my fifteen minutes of “fame”, bear with me. It’s actually a good overview of the panel discussion I had the privilege of being on. If you haven’t and don’t want to watch the video this article gives the thumbnail summary. By the way, I’m not actually a cryptographer and am not sure how that title was attached to my name. Oh well.

Thou Shalt Not Discuss Manufacturing Firearms

The United States government has been trying fruitlessly to stifle the spread of any information it deems inappropriate for centuries (at least since the passage of the Alien and Sedition Acts). Back in the 1990s the government was trying to restrict the sharing of information about of strong cryptography, claiming such algorithms were munitions (I’m not making this up). Now the government is doubling down on its stupidity and trying to prevent the sharing of information related to manufacturing 3D printed firearms:

As readers of Reason know well, Cody Wilson is living proof the government has already been acting on the belief they have this power to prevent certain technical details about gun making from spreading to the Internet without their approval—in Wilson’s case, CAD files to for a 3D printed plastic handgun. And they’ve already been sued for it by Wilson.

Wilson this morning tells me that in making this regulatory move public, it’s almost like the people he’s suing are begging for an injunction to stop them. The proposed regulation is even signed by one of the same people Wilson is suing, C. Edward Peartree, director of the Office of Defense Trade Controls Policy. (One might argue that this is a person being sued in some sense backtracking to cover his own legal ass by stating that the seemingly objectionable actions he’s being sued over are settled lawful regulations, though I don’t know if a court would agree with that argument one way or the other.)

The State Department, Wilson says, could have gone to the next hearing on his case on July 6 “and say we are changing the rule, we will address [Wilson’s complaints about the 1st, 2nd, and 5th amendment issues with their censorious practice], moot the case.” Instead they are “completely explicit” with these new announced regs, “doubling down” on their supposed power to require government license for certain kinds of speech related to weapons usable for self-defense.

Wilson says his suit had to try to demonstrate that the government had such a policy for prior approval of speech. Now the government is “saying our policy is literally that there is such a requirement and always has been.” Wilson seems to think it might make it easier to get an injunction against the government’s threats to him to take down from his servers information related to the home-making of plastic guns via 3D printers. We’ll see.

Attempts to restrict the proliferation of information don’t worry me. The state can write as many laws as it wants but in the end people will always ignore restrictions on sharing information. Thanks to strong cryptographic tools, which the state tried but failed to control in the 1990s, it’s trivial for people to post and read information anonymously. And the task will only become more futile as the state tightens its grip. Arrests, charges, prosecutions, and imprisonments will encourage more and more people to utilize tools such as Tor to protect their anonymity. As more people use these tools the task of the state to identify and attack sharers of information will become more infeasible.

This battle has been waging since at least the invention of the printing press and will continue to wage until humanity rids itself of the yoke of statism. But it is a battle that the state can never win because it is only a handful of individuals going against the collected creativity of the masses.

If You Defend Eric Casebolt You Are an Idiot

I haven’t discussed the event in McKinney, Texas because, sadly, stories of police abuse are so frequent that it’s hard to say anything new about them. But idiots rising to defend badged abusers have managed to piss me off enough to write a post. For those of you who aren’t familiar with the situation this video will explain everything:

Thank the gods for people who record the police.

The officer who threw the girl to the ground and kept her pinned is Eric Casebolt. He recently resigned from the force in the hopes of dodging any consequences for actions. That hardly seems necessary though when so many neocons are willing to rise to his defense. Believe it or not there are a lot of people justifying what Casebolt did.

What could possibly justify an officer rushing into a crowd of non-threatening teenagers, run around like a rabid dog, and toss an obviously unarmed girl to the ground? That depends on which idiot is defending him. One of the most common justifications given is the number of teenagers present.

Apparently there is some number, one that none of these abuse apologists will provide, of people present where an officer can transition from a calm and collected professional into a psychotic abuser. It doesn’t matter that the teenagers in the video are obviously non-threatening. It doesn’t matter that the attire of most of the teenagers, especially the girl thrown to the ground, makes it almost entirely impossible for them to conceal a weapon. The simple fact that there are so many of them gives the officer justification to abuse that girl according to these boot lickers.

A lot of abuse defenders have been making a point of the teenagers failing to cooperate with the officers. Failing to cooperate in this case must mean failing to kowtow immediately because none of the teenagers appear to be engaging the officers. Standing idly by as a psychotic nutball runs around screaming threats of violence is not failing to cooperate; it’s actually an exceptionally polite way to deal with the situation. Those teenagers had every right to tackle that officer to the ground as soon as he began assaulting that girl.

“Totality of the situation” is a phrase being favored by these boot lickers. What particular aspects of this situation when combined justify this situation? Who knows. I honestly suspect “totality of the situation” is code for “too many black youths being present” because I can’t see any justification for the violent displayed by the officer in that video.

Simply put, everybody who has been defending Casebolt is an idiot. They are the reason for this country has become a tyrannical police state. Coldbolt should be arrested and tried for assault just as anybody else not wearing a badge would have been in that situation. He should compensate the girl he assaulted an amount agreed upon by a jury because she is the victim and deserves redress. Unless the law applies to everybody equally and wrongs are expected to be righted as much as possible a society cannot consider itself free.

It Wasn’t Enough to Just Silence Ross Ulbricht

The railroading of Ross Ulbricht, whose only crime was to host a website that made buying and selling illicit drugs safer, was sentenced to life in prison so he would serve as an example to anybody else thinking of doing the same. But silencing Ulbricht wasn’t enough. Now the state is moving to silence people who believed the charges and sentence were absurd:

The United States Department of Justice is using federal grand jury subpoenas to identify anonymous commenters engaged in typical internet bluster and hyperbole in connection with the Silk Road prosecution. DOJ is targeting Reason.com, a leading libertarian website whose clever writing is eclipsed only by the blowhard stupidity of its commenting peanut gallery.

Why is the government using its vast power to identify these obnoxious asshats, and not the other tens of thousands who plague the internet?

Because these twerps mouthed off about a judge.

Freedom of speech only exists so long as you don’t say something that the state disagrees with. Mind you, some of the commenters said some shitty things. Some may even consider them threats if not for the fact they were posted online, which is the capital of impotent rage. In fact we know the state doesn’t usually care about threatening language as can be seen by it’s completely lack of action against the Gamer Gate community. But when such speech is directed at a holy robed one the rules change and names must be obtained!

This is why, more than ever, tools for preserving anonymity are necessary. If you’re going to comment about one of the state’s misdeeds it would be wise to do so through Tor. Failing to do so could result in you facing charges for posting offensive comments.

Clearing Your Browser History? That’s a Felony!

“Obey the letter of the law,” is a phrase shouted by the touch on crime crowd. They believe all laws, not matter how asinine, should be obeyed exactly as written and if you fail to do so you deserve everything that comes to you. It’s an attitude that requires a complete lack of critical thinking ability, especially today when so many laws are so ridiculous that it’s impossible to actually comply with them. Furthermore the volumes of legalese that rule our lives are so large that it’s impossible to know every law. For example, did you know that it’s a felony to clear your browser history under certain circumstances? I bet you didn’t. But it is:

Khairullozhon Matanov is a 24-year-old former cab driver from Quincy, Massachusetts. The night of the Boston Marathon bombings, he ate dinner with Tamerlan and Dhzokhar Tsarnaev at a kebob restaurant in Somerville. Four days later Matanov saw photographs of his friends listed as suspects in the bombings on the CNN and FBI websites. Later that day he went to the local police. He told them that he knew the Tsarnaev brothers and that they’d had dinner together that week, but he lied about whose idea it was to have dinner, lied about when exactly he had looked at the Tsarnaevs’ photos on the Internet, lied about whether Tamerlan lived with his wife and daughter, and lied about when he and Tamerlan had last prayed together. Matanov likely lied to distance himself from the brothers or to cover up his own jihadist sympathies—or maybe he was just confused.

Then Matanov went home and cleared his Internet browser history.

Matanov continued to live in Quincy for over a year after the bombings. During this time the FBI tracked him with a drone-like surveillance plane that made loops around Quincy, disturbing residents. The feds finally arrested and indicted him in May 2014. They never alleged that Matanov was involved in the bombings or that he knew about them beforehand, but they charged him with four counts of obstruction of justice. There were three counts for making false statements based on the aforementioned lies and—remarkably—one count for destroying “any record, document or tangible object” with intent to obstruct a federal investigation. This last charge was for deleting videos on his computer that may have demonstrated his own terrorist sympathies and for clearing his browser history.

Matanov faced the possibility of decades in prison—twenty years for the records-destruction charge alone.

Federal prosecutors charged Matanov for destroying records under the Sarbanes-Oxley Act, a law enacted by Congress in the wake of the Enron scandal. The law was, in part, intended to prohibit corporations under federal investigation from shredding incriminating documents. But since Sarbanes-Oxley was passed in 2002 federal prosecutors have applied the law to a wider range of activities. A police officer in Colorado who falsified a report to cover up a brutality case was convicted under the act, as was a woman in Illinois who destroyed her boyfriend’s child pornography.

Prosecutors are able to apply the law broadly because they do not have to show that the person deleting evidence knew there was an investigation underway. In other words, a person could theoretically be charged under Sarbanes-Oxley for deleting her dealer’s number from her phone even if she were unaware that the feds were getting a search warrant to find her marijuana. The application of the law to digital data has been particularly far-reaching because this type of information is so easy to delete. Deleting digital data can inadvertently occur in normal computer use, and often does.

Matanov is the victim of a practice that is far too common in the United States. Wanting to nail him to the wall the state applied every law it could to increase the number of charges. It’s the legal version of throwing everything at the wall and seeing what sticks. With the massive library of laws available to a prosecutor it’s impossible for any individual to avoid being charged with something. In this case one of the charges was applied simply because he cleared his browser history.

What’s most worrisome about this case is that no sane person would consider clearing their browser history a felony unless, perhaps, they knew they were being investigated. But even that final case is irrelevant here because Sarbanes-Oxley doesn’t leave any exception for an individual being entirely unaware that they’re being investigated.

When laws are so numerous that nobody can know them all and so ridiculous that no sane person can comprehend them then the trial system ceases to be fair as it advantages the prosecution to an insurmountable degree.

Full Video of the Panel Discussion with William Binney, Todd Pierce, and Myself

I said I’d post video of the panel discussion once it was available. Robin Hensel was good enough to upload the video to YouTube very quickly. There are two videos. Here’s part one:

Here’s part two:

Now if you’ll excuse me I have an e-mail server to beat with a wrench. Do you want some valuable life advice? Ubuntu Server is not a good base to build an e-mail server on. The repository still has Dovecot 2.2.9 even though the latest version is 2.2.18. I also had a hell of a time getting it to actually disable SSLv3 (I disabled it in the config file, restarted the service, and found that I could still connect via SSLv3 with openssl s_client -connect).

USA FREEDOM Act Signed Into Law

The Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring (USA FREEDOM) Act (that backronym still impresses me) has been signed into laws:

The Senate has approved the USA Freedom Act, which will alter the way U.S. agencies conduct surveillance and gather data. A final vote on the bill came late Tuesday afternoon, after amendments to the bill failed.

[…]

Following an expedited enrollment process, President Obama signed the bill into law late Tuesday.

Supposedly the National Security Agency’s (NSA) spying powers expired on Sunday, even though they didn’t, but the USA FREEDOM Act explicitly authorizes the program so we’re right back to where we started (the NSA’s spying programs being legalized redundantly).

Once again, political activism isn’t going to protect you from state surveillance. If you want to defend your privacy you’ll have to take matters into your own hands and learn how to use tools to encrypt and anonymize your communications and data. Because the passage of this bill shows that any political victory is, at best, temporary.