Your Government Doesn’t Love You – Page 111

TSA: Protecting You from Terrorists Five Percent of the Time

The Transportation Security Agency (TSA) was established shortly after the 9/11 attacks to provide better airplane security. At least that’s the official story. So far the TSA has proven to be incredibly incompetent at its job. Wannabe terrorists have managed to get explosives on board airplanes by hiding them in underwear and shoes. Fortunately the bombs failed to go off but not because of anything the TSA did. However even I never expected a failure rate this absurdly high:

A recent internal investigation by the Department of Homeland Security has found security failures at dozens of the nations’ busiest airports—breaches that allowed undercover investigators to smuggle weapons, fake explosives and other contraband through numerous checkpoints.

In one case, an alarm sounded, but even during a pat down, the screening officer failed to detect a fake plastic explosive taped to an undercover agent’s back. In all, so-called “Red Teams” of Homeland Security agents posing as passengers were able get weapons past Transportation Security Administration agents in 67 out of 70 tests — a 95 percent failure rate, according to agency officials.

A 95 percent failure rage? From a glass is half full perspective I guess the TSA will protect us from an average of five percent of terrorist attacks though!

Only a government agency could demonstrate this level of incompetence and still exist. Failing to fulfill your mandate 95 percent of the time requires shielding from liability that only the state can offer. Imagine hiring a private security guard who only stopped five percent of shoplifters. You’d toss his ass out in a second and maybe hire an investigator to see whether that guard was colluding with the shoplifters since that level of failure almost necessitates him being in on the scam.

The big question is what will come of this. My prediction is a whole lot of nothing. A few senators will use the investigation’s findings to do a big of grandstanding, the higher echelons of the TSA will get shuffled around a bit, and nothing noteworthy will change. I’m sure there will be several congressional grillings of high level TSA officials where we’ll hear excuses about lack of funding, inability to force people to go through body scanners (I’m sure the TSA would love to eliminate opt-outs), and agents not having full enforcement powers (TSA agents can’t arrest you and this really pisses many of them off). The congress critters doing the grillings will likely yell loudly, make some snide remarks, and little else. Air travelers will likely find themselves subjected to more draconian police state nonsense in the name of safety.

On the upside if you want to carry a firearm on board to protect yourself there’s a 95 percent chance you won’t get caught. Every storm cloud has its silver lining, I guess.

Dumbest Thing You’ll Read All Day

Salon has a long running track record of trying to disagree with libertarians on everything. Sometimes this causes it problem. For example, due to the publication’s idiotic claims that Rand Paul is a libertarian (he’s not by any definition I use) it has to disagree with everything he does. Rand has been claiming he opposes the National Security Agency’s (NSA) surveillance program and that means Salon has had to find a reason to back peddle on its previous opposition of the same so it doesn’t find itself on the same side as Rand. Ladies and gentlemen, I present you the dumbest thing you’ll read all day:

Perhaps to those like Sen. Rand Paul who’ve never had to fight assumptions based on one’s ethnicity or the color of one’s skin, the thought of cell phone data being pooled and analyzed is disconcerting. However, as someone who regularly puts up with extra scrutiny, whether it’s at an airport or a shopping mall, I welcome the leveling of the playing field that bulk data collection brings. I urge our government not to follow the Russian method of profiling, but, instead, to use bulk data collection to arrive at objective analyses.

That’s right, opposing surveillance is now white privilege. I’m not sure how that is since persecuted minorities have the most to lose from the NSA’s surveillance. The data it collects isn’t used to clear anybody, it’s only used when it can lead to somebody’s prosecution. With everything being illegal in this country anything you say at any point is likely incriminating to the right prosecutor. If you’re part of a targeted minority, such as Muslims, the last thing you want to do is have the NSA collect your phone calls because something you said could very well be used to fabricate charges to justify putting you in a cage.

Section 215 of the PATRIOT Act Expire, Nothing Changes

At midnight Section 215 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act expired. For those of you unfamiliar Section 215 was the part that authorized the National Security Agency (NSA) to collect information pertaining to phone calls, surveil people just because they switched out cell phone periodically, and spy on anybody who is labeled a “lone wolf” (which is vague enough to basically mean anybody). Many are cheering this momentous accomplishment. I’d let them celebrate in blissful ignorance but I’m kind of a prick. While Section 215 did expire that changes absolutely nothing:

Anti-surveillance groups have been split over the possible sunset of the Patriot Act powers. The American Civil Liberties Union had favored letting the Patriot Act expire, while groups like Access saw a compromise bill like the USA Freedom Act as the best chance for lasting reform. It’s unclear how the NSA and other groups will respond to the sunset of Section 215, but some have speculated that the result will be an increased reliance on national security letters and investigation-specific surveillance powers, continuing the same basic surveillance under different legal powers. Significant collection also occurs under non-legislative powers like Executive Order 12333, which remains unaffected.

There are always redundancies for state power. Later this week the Senate is still scheduled to codify the NSA’s phone surveillance program that wasn’t that clearly defined in the PATRIOT Act so this “expiration” will likely last all of a few days.

I do have some good news though. Those of us in CryptoPartyMN will be hosting a full blown CryptoParty at B-Sides MPS on June 13^th and 14^th. B-Sides MSP is a free event. At the CryptoParty we will be teaching you how to use tools to encrypt and anonymize your communications and data. By utilizing these tools you can defend your privacy against the state’s surveillance and not have to concern yourself with what particular provision will be used to justify spying on you. Unlike political activism, cryptography works and it requires less of your time to boot!

Thwarting Cellular Interceptors

The United States government has been using planes equipped with cell phone interceptors to surveil large areas. Recently planes have been spotted around the Twin Cities circling areas of interest for hours and it appears that they’re equipped with surveillance equipment:

The plane’s flight path, recorded by the website flightradar24.com, would eventually show that it circled downtown Minneapolis, the Mall of America and Southdale Center at low altitude for hours starting at 10:30 p.m., slipping off radar just after 3 a.m.

“I thought, ‘Holy crap,’ ” said Zimmerman.

Bearing the call sign N361DB, the plane is one of three Cessna 182T Skylanes registered to LCB Leasing of Bristow, Va., according to FAA records. The Virginia secretary of state has no record of an LCB Leasing. Virtually no other information could be learned about the company.

Zimmerman’s curiosity might have ended there if it weren’t for something he heard from his aviation network recently: A plane registered to NG Research — also located in Bristow — that circled Baltimore for hours after recent violent protests there was in fact an FBI plane that’s part of a widespread but little known surveillance program, according to a report by the Washington Post.

[…]

Zimmerman, who spotted the plane over Bloomington, said he pored through FAA records to find the call letters for each plane and then searched for images of them. He found photographs that show the planes outfitted with “external pods” that could house imagery equipment. He also found some of the planes modified with noise-muffling capability. That’s not common for a small plane, he said.

[…]

Other devices known as “dirtboxes,” “Stingrays” or “IMSI catchers” can capture cellphone data. Stanley said it’s still unclear what technologies have been used in the surveillance flights.

It’s unknown if these planes are surveillance craft or equipped with cell phone interceptors but the evidence of the former is great and the government’s program to use such craft for cell phone interception indicates the latter is likely. That being the case I feel it’s a good time to discuss a few tools you can use to communicate more securely with your cell phone.

Modern cellular protocols utilize cryptography. What many people don’t realize is that, at least in the case of Global System for Mobile (GSM), the cryptography being used is broken, which is why cell phone interceptors work. Furthermore cryptography is only used between cell phones and towers. This means your cellular provider, and therefore law enforcement agents, can listen to and read your calls and text messages.

What you really want is end-to-end encryption for your calls. Fortunately tools that do that already exist. Three tools I highly recommend are Signal, RedPhone, and TextSecure from Open Whisper Systems. Signal is an iOS application that encrypts both voice calls and text communications. RedPhone is an Android app for encrypting calls and TextSecure is an Android app for encrypting text communications. Signal, RedPhone, and TextSecure are all compatible with one another so iOS users can securely communication with Android users. All three applications are also easy to use. When you install the applications you register your number with Open Whisper System’s servers. Anybody using the applications will be able to see you have the applications installed and can therefore communicate with you securely. Since the encryption is end-to-end your cellular provider cannot listen to or read your calls and text messages. It also means cell phone interceptors, which rely on the weak algorithms used between cell phones and towers, will be unable to surveil your communications.

As the world becomes more hostile towards unencrypted communications we must make greater use of cryptographic tools. It’s the only defense we have against the surveillance state. Fortunately secure communication tools are becoming easier to use. Communicating securely with friends using iOS and Android devices is as simple as installing an app (granted, these apps won’t protect your communications if the devices themselves are compromised but that’s outside of the threat model of planes with cell phone interceptors).

Without Government Who Would Expose Us to Malware

When the state confiscates a domain name do they have to renew it until the investigation concludes? Apparently not. The Federal Bureau of Investigations (FBI) seized a series of domains related to Megaupload when it decided to go after Kim Dotcom. What were once legitimate sites service the wants of users are now service up malware and porn. This didn’t happen as a result of somebody compromising the account used to register the domain names, it was only made possible because the FBI allowed the domains to expire:

Earlier this week, something suspicious started happening with Web addresses related to sites seized by the FBI from Megaupload and a number of online gambling sites. Instead of directing browsers to a page with an FBI banner, they started dropping Web surfers onto a malicious feed of Web advertisements—some of them laden with malware.

The hijacking of the Megaupload domains wasn’t the result of some sophisticated hack. Based on evidence collected by Ars, it appears someone at the FBI’s Cyber Division failed to renew the domain registration for CIRFU.NET, the domain which in turn hosted Web and name servers used to redirect traffic headed to seized domains. As soon as they expired, they were snatched up in a GoDaddy auction by a self-described “black hat SEO marketer,” a British ex-pat who calls himself “Earl Grey.”

As of Thursday afternoon, all of the server names associated with the domain no longer resolve to Internet addresses. GoDaddy has apparently suspended the domain registration, and Earl Grey has been ranting about it ever since on Twitter. The CIRFU.NET domain currently remains in limbo.

This raises a couple of concerns. First, if the FBI liable for allowing domains related to an investigation to expire? Since the FBI is seldom held accountable for its failures I doubt the answer to this question is yes. Related to this question is whether or not the FBI is liable for exposing visitors to Megaupload to malware. Even though the site wasn’t providing file hosting it was under investigation and therefore people believed they could safely visit the domain for laughs (who doesn’t enjoy laughing at the FBI). It was only due to the FBI’s incompetence that malware was being served by that domain. Finally, if the FBI isn’t held liable for this kind of failure does that mean it can effectively censor sites by seizing domains and letting them expire? Why go through the rigors of a trial when you can just make up an investigation, seize a domain, and sit on it until it expires and can be bought up by some spammer? Perhaps domain registrars would step in to prevent such shenanigans but I’m not entirely sure since they let expired domains get purchased by spammers all the time.

Had the FBI never targeted Kim Dotcom it’s almost certain that the Megaupload domains wouldn’t have expired because they were part of his business model. When you’re deriving income from something you tend to protect it. So we can just write this off as another example of the government exposing Internet users to dangers they wouldn’t have otherwise faced.

Remember When Obama Opposed Surveillance

Rewind to 2008. George W. Bush was finishing up his eighth year as president and many people were furious about all of the civil liberties he wiped his ass with since 2001. In comes Barack Obama who promises to curtail the surveillance powers enacted under Bush. Now we’re approaching Obama’s eighth year as president and he has not only failed to curtail the state’s surveillance powers but he’s actively campaigning to preserve it:

President Barack Obama called on the Senate Tuesday to extend key Patriot Act provisions before they expire five days from now, including the government’s ability to search Americans’ phone records.

“This needs to get done,” he told reporters in the Oval Office. “It’s necessary to keep the American people safe and secure.”

Is there any question why I don’t believe politicians?

Widespread surveillance has become a sticky issue. Part of the reason for this, in my opinion, is the fact both major political parties are performing constant maneuvers to oppose whatever the other party supports. In 2008 the Republican Party fully supported the surveillance state created under Bush precisely because it was created under a Republican president. The Democrats opposed the surveillance state because the Republicans supported it. When Obama came to power the Republicans started changing course on the surveillance state. Since the Republicans were changing course the Democrats had to as well less they be on the same side of an issue as their opponent. Now we’re in a position where the Republican Party is moving away from fully supporting the surveillance state and the Democratic Party is moving towards fully supporting it. What this issue has really shown us is that neither party has any principles and bases their stances almost entirely on what the other party espouses.

As the surveillance state is convenient for whatever party is in power it will never go away. Whatever party is in power will support it while the other party opposes it (I use the word “opposes” very loosely because they don’t really have any strong feelings other than opposing what the other party supports). This is why it’s important for everybody to utilize the security tools available to them. We’re always going to be spied on by the state so we need to defend ourselves regardless of what way the political winds are blowing. Politics won’t change the surveillance state but cryptography will help you defend against it.

Markets Versus the State

States throughout the world try to restrict markets. These attempts never succeed because the handful of individuals that comprise the state are up against the creativity of very person living under it. This is what so-called “black” markets exist.

Russia decided to place an embargo on foods from the European Union and United States in response to sanctions created against it by those regions. The embargo hasn’t stopped the importation of food from either region. But the embargo makes it risky for importers of these now illicit goods to openly advertise. In the past “black” market actors have relied on limited forms of advertising such as word of mouth. One advertisement agency has come up with a solution that allows “black” market providers to advertise their goods more widely and protects them from state agents:

Last summer, Russia imposed a full embargo on food imports from the European Union (as well as the U.S.) in retaliation for sanctions over Ukraine. This left authentic European food merchants in Moscow in a bit of a bind.

But one Italian grocery store there, Don Giulio Salumeria, kept selling its real Italian food—and came up with a bizarre out-of-home stunt to advertise to consumers without tipping off the police.

With help from agency The 23, the store developed a unique outdoor ad that could recognize police uniforms. Whenever the cops would appear, the ad would cycle out of its rotating display—in essence, physically hiding from the authorities.

Here’s a video showing the sign in action:

Obviously this solution isn’t perfect. Since it relies on recognizing police uniforms it won’t hide the advertisement from off-duty officers walking around in their regular clothes. However it is a demonstration of market innovation and could easily be expanded. In the next iteration they should have the sign store a facial picture of anybody recognized as an officer. Then have it compare faces of anybody passing by with known police officers and hide the advertisement if there’s a match. That way the sign would be able to hide its advertisement from off-duty and on-duty officers.

Innovative ideas such as this one are why the state will always fail when it attempts to restrict markets.

Paying Taxes is Dangerous to Your Personal Information

The Internal Revenue Service (IRS) is one of the, if not the, best examples of government incompetence. Almost all of us are required to interact with the IRS. Our interactions, unfortunately, involve handing over a great deal of personal information. This is a major problem since the agency has a poor security track record. Recently it has admitted to losing control over the personal information of 100,000 tax victims:

The IRS announced today that criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts through IRS’ “Get Transcript” application. This data included Social Security information, date of birth and street address.

These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer. The matter is under review by the Treasury Inspector General for Tax Administration as well as the IRS’ Criminal Investigation unit, and the “Get Transcript” application has been shut down temporarily. The IRS will provide free credit monitoring services for the approximately 100,000 taxpayers whose accounts were accessed. In total, the IRS has identified 200,000 total attempts to access data and will be notifying all of these taxpayers about the incident.

Perhaps I’m hypercritical but it seems to me that we shouldn’t have to submit any of this information to an agency that has demonstrated a complete disregard for keeping it safe. I mean, the IRS’s website doesn’t even have a valid means for users to securely connect to it. If the IRS doesn’t care enough to pull a valid Transport Layer Security (TLS) certificate to protect users then why are we supposed to trust it to store our personal information?

The worst part about this is that the 100,000 people who just had their personal information accessed have no recourse. Since the IRS is the government it is shielded from liability and accountability. That makes matters worse since an organization that is shielded from liability has little motivation to invest resources into fixing its mistakes.

Police Dislike When the Tables are Turned

As policing in the United States continues its downward spiral into thuggery people are finally starting to fight back. More people are recording police encounters to hold officers accountable. Demands are being made in many major cities to curtail police powers. And in a few places people are actively interfering in police attempts at kidnapping. All of this has many of the more psychopathic officers upset:

Whatever the reason, Melbourne police are grateful that for the second time in recent weeks experience and training overcame fear as officers found themselves surrounded and assaulted by hostile anti-police crowds.

This Friday night, Lt. Steve Sadoff saw 22-year-old Phoenix Chansler Low coming out of the Main Street Pub with an open container.

“The officer told him to go back inside or get rid of it,” said Melbourne Police Commander Dan Lynch. “From there it went downhill. The subject was very intoxicated and he began fighting with the officer.”

The scary thing was what happened next. A crowd of people started closing in on Lt. Sadoff and he was attacked from behind, Lynch said. Sadoff used his taser to get Low off him, and it scared the crowd away long enough for him to radio for help and make the arrest.

The person who attacked Sadoff from behind got away.

The “touch on crime” crowd want you to focus on the fact that an officer was attacked and not the fact that the officer initiated the situation by getting in the face of a person who had performed no crime (carrying an open alcohol container outside of a bar does not involve a victim and is therefore not a crime). Had the officer let the patron be nothing would have happened.

“This is the second incident in the past few weeks where officers were making an arrest and the arrestee or people around attempted to interfere with the officer attempting to do his job,” Lynch said. “It is tremendously concerning to us. Every confrontation an officer has is an armed confrontation and the officers are trained to use the minimal amount of force necessary.”

No, this is the second incident in the past few weeks where people prevented officers from kidnapping somebody. People are getting fed up with unaccountable police officers kidnapping and shooting people who haven’t hurt anybody. Decades of little police accountability combine with officers who enjoy power trips has eroded the public’s faith in modern policing. Since they lack faith in the institution they are unwilling to cooperate with it. If officers are really becoming concerned about this trend then they should start taking measures to regain the public’s trust. That starts with refusing to enforce victimless crimes and actually using minimum necessary force to resolve situations (not just talking about it).

Watching Cronies Fail

A major benefit of providing solutions to government meddling is watching as the government’s cronies fail. Cab drivers in Mexico, as cab drivers in much of the world, are unhappy with ride-sharing services such as Uber and Lyft. Their unhappiness is understandable since they’ve been shielded from competitors by their government for decades. When you haven’t had to compete in a market it can be scary facing competition because it makes you realize that you have to actually provide a superior service if you want to thrive.

On Monday cab drivers in Mexico went on strike to protest Uber. The protest was a plea for the Mexican government to ban Uber. The end result was to give Uber a great dead of publicity and convince a lot of people to try Uber since they couldn’t get around using traditional cabs:

Monday’s protest from Mexican Taxi drivers, against ride-sharing mobile apps such as Uber, has proved a boon for the San Francisco-based company. After offering a protest-edition special with two free 10-dollar rides, downloads of the app rose by 800 percent, Uber Communications Director for Mexico Luis de Uriarte said on Tuesday.

Unlike Uber, the signs of regulated taxis were off in Mexico on May 25, as some 5,000 drivers took to the streets of Mexico City. Chanting “Get out Uber!” union leaders demanded the government impose a ban on the smartphone-based service.

With the hashtags #UberNoPara (Uber doesn’t stop) and #MexicoNoPara (Mexico doesn’t stop), Uber launched a campaign offering two MEX$150 (US$9.8) fares for free between 7:00 a.m. and 9:59 p.m. on Monday. The initiative not only have become a commercial success, it brought PR blowback on the taxi drivers.

Uber and Lyft are providing a solution to a market that has been crippled by government regulations for decades. Many localities put an artificial cap on the number of legal taxi cabs that can operate. Other localities, while not putting an artificial cap in place, require potential taxicab drivers to pay a licensing fee, which adds a barrier to entry. The result has been lackluster taxicab services in much of the world. With ride-sharing services such as Uber and Lyft anybody can act as a taxicab. Suddenly cronies that have been protected from competition are facing the competition of anybody with a vehicle and they’re floundering.

Providing solutions to government create problems weakens its grip by showing how unnecessary it is. While government protected taxicab drivers were refusing to provide services ride-sharing swooped in to save the day. Because of this people are unlikely to accept any prohibition against ride-sharing services.