Your Government Doesn’t Love You – Page 83

The Phones Have Ears

Smartphone are marvelous devices but they also collect a great deal of personal information about us. Data stored locally can be encrypted but data that is uploaded to third party servers is at the mercy of the security practices of the service provider. If your mobile phone, for example, uploads precise location information to Google’s servers then Google has that information and can be compelled to provide it to law enforcers:

So investigators tried a new trick: they called Google. In an affidavit filed on February 8th, nearly a year after the initial robbery, the FBI requested location data pulled from Graham’s Samsung Galaxy G5. Investigators had already gone to Graham’s wireless carrier, AT&T, but Google’s data was more precise, potentially placing Graham inside the bank at the time the robbery was taking place. “Based on my training and experience and in consultation with other agents,” an investigator wrote, “I believe it is likely that Google can provide me with GPS data, cell site information and Wi-fi access points for Graham’s phone.”

That data is collected as the result of a little-known feature in Google Maps that builds a comprehensive history of where a user has been — information that’s proved valuable to police and advertisers alike. A Verge investigation found affidavits from two different cases from the last four months in which police have obtained court orders for Google’s location data. (Both are embedded below.) Additional orders may have been filed under seal or through less transparent channels.

This problem isn’t unique to location data on Android devices. Both Android and iOS have the ability to backup data to “the cloud” (Google and Apple’s servers respectively). While the data is encrypted in transport it is not stored in an encrypted format, at least no an encrypted format that prevents Google or Apple from accessing the data, on the servers. As Apple mentioned in the Farook case, had the Federal Bureau of Investigations (FBI) not fucked up by resetting Farook’s iCloud password, it would have been feasible to get the phone to backup to iCloud and then Apple could have provided the FBI with the backed up data. Since the backed up data contains information such as plain text transcripts of text messages the feature effectively bypasses the security offered by iMessage. Android behaves the same way when it backs up data to Google’s servers. Because of this users should be wary of using online backup solutions if they want to keep their data private.

As smartphones continue to proliferate and law enforcers realize how much data the average smartphone actually contains we’re going to see more instances of warrants being used to collect user information stored on third party servers.

You Have No Right To Privacy In Minnesota If You Live In A Multiple Unit Dwelling

Are you a Minnesotan who lives in an apartment or condominium? If so, a local court of appeals has ruled that you have no expectation of privacy:

Stuart Luhm of Minnetonka had challenged his conviction on drug and weapons offenses because police did not have a warrant to enter his building in the August 2014 raid that was based on a tip from an informant.

The front door of the building is normally locked, but police used a key in a locked box to which police have access, and Brio the drug-sniffing dog confirmed that drugs were probably in the condo unit Luhm shared with a girlfriend.

That was the point when police got a search warrant and found large quantities of marijuana, 93 oxycodone tablets, 7 firearms, and two bullet-resistant vests.

Two members of the Court of Appeals ruled today that there is no expectation of privacy in the common areas of a condominium building. It also said the fact the building owners make access available to police negated the need for a warrant to enter the building.

What makes this case interesting is that the drug dog alerted in the common area and that gave the law enforcers the justification they needed to pull a warrant. Drug dogs are of questionable effectiveness, so the idea that a warrant can be issued because one alerted is a bit absurd in my book. But this ruling effectively opens the doors for law enforcers to enter multiple unit dwellings with drug dogs but without warrants, allow the dog to sniff around, and pull a warrant for any dwelling that the dog raises an alert on. That sounds like a wonderful revenue raising scam if I’ve ever seen one.

It also raises questions about medical cannabis users. What happens when a dog raises an alert on an apartment because it caught the sent of cannabis? The law enforcer can obtain a warrant, kick in the door, shoot the family pet, and basically force the medical cannabis user to divulge their medical history to somebody who isn’t a medical professional to avoid being kidnapped for the crime of not having purchased a single family house.

Since drug dogs are of questionable in their effectiveness, this ruling also opens the door for legal harassment of non-drug users. If a law enforcer wants to harass somebody living in an apartment all they have to do is bring a drug dog into the common area, claim the dog raised an alert on the apartment, pull a warrant, and legally enter and harass the person for however long they so choose (and maybe find evidence of another crime while they’re tossing the joint).

Of course, privacy has been dead for a long time in this country. This ruling doesn’t change much. But it’s worth noting because it’s a great example of how the courts and law enforcers often work together (as opposed to act as checks and balances against one another) to expand the State’s ability to expropriate wealth from the populace.

The Bill Of Rights Won’t Save You

You really need to use full disk encryption on all of your electronic devices. Modern versions of OS X and Linux make it easy. Windows is a bit hit or miss as BitLocker tries its damnedest to share your key with Microsoft’s servers. iOS has included full disk encryption by default — so long as you set a password — since version 8 and Android also includes support for full disk encryption. Use these tools because the Bill of Rights won’t protect your data from government snoops:

The government can prosecute and imprison people for crimes based on evidence obtained from their computers—even evidence retained for years that was outside the scope of an original probable-cause search warrant, a US federal appeals court has said in a 100-page opinion paired with a blistering dissent.

The 2nd US Circuit Court of Appeals ruled that there was no constitutional violation because the authorities acted in good faith when they initially obtained a search warrant, held on to the files for years, and built a case unrelated to the original search.

The case posed a vexing question—how long may the authorities keep somebody’s computer files that were obtained during a search but were not germane to that search? The convicted accountant said that only the computer files pertaining to his client—who was being investigated as part of an Army overbilling scandal—should have been retained by the government during a 2003 search. All of his personal files, which eventually led to his own tax-evasion conviction, should have been purged, he argued.

From my layman’s understanding of the Fourth Amendment, it’s supposed to protect against government shenanigans such as snooping through your data that was obtained under a valid warrant but was unrelated to the case the warrant was issued for to build another case against you. Although the quote is most likely false, Mr. Bush supposedly said, “It’s just a goddamned piece of paper!” in regards to the Constitution. While the quote is probably false the statement is not.

The Constitution cannot protect you. It is literally a piece of paper with words written on it. If you want some semblance of protection against the State you have to implement it yourself. Encrypting your devices’ storage would guard against this kind of nonsense assuming you weren’t foolish enough to decrypt the data for the State at any point. This is where features such as VeraCrypt’s (a fork of TrueCrypt that is being actively developed) hidden partition feature are nice because you can have a sanitized encrypted partition that you can decrypt and a hidden partition with your sensitive data. Since the hidden partition isn’t detectable the State’s agents cannot know whether or not it exists and therefore cannot compel you to decrypt it.

Utilize the tools available to you to protect yourself. Anybody who has been paying attention to recent American history knows that the supposed legal protections we all enjoy are little more than fiction at this point.

Road Pirates

Yesterday was Memorial Day. Being a holiday at the end of the month the road pirates were out in force. You see, despite citation quotas being illegal, a lot of police departments have unofficial quotas that officers are encouraged to fulfill so at the end of the month enforcement tends to increase. Holidays provide a convenient excuse whether it’s enhanced drunk driving enforcement, texting while driving enforcement, or seatbelt enforcement. This Memorial Day was seatbelt enforcement.

Mandatory seatbelt laws are enforcement of the nanny state, which means they enjoy widespread support. The general population is gullible and tends to roll over and accept new laws that protect them from themselves. Seatbelt laws are one such case.

When an individual decides to not wear a seatbelt the put themselves at additional risk. The key word there is “themselves.” If I refused to wear a seatbelt that wouldn’t affect you in any way. Even if we were in the same vehicle, if we were in an accident I might go flying through the windshield to my certain death but you would remain in your seat. Yet a good number of people seem to believe it’s appropriate for the State to send men with guns and no accountability after anybody who decides not to wear a seatbelt. Somehow the act of a police officer zooming down the highway with their seizure inducing lights flashing so they can pull somebody over and cause a massive traffic clusterfuck as people desperately try to merge over a lane to avoid getting a ticket themselves is a perfectly reasonable way of dealing with an action that only puts the person performing the action at risk.

Employers Having A Difficult Time Finding Employees Who Can Pass A Drug Test

The war on drugs has permeated our entire society. Police have been militarized and given almost limitless power, entire industries have developed around detecting illicit drugs, and employers have become snoops that test employees for illicit drug use. The last one really baffles me.

Outside of being coerced at the point of the State’s gun, why would an employer waste their time and the time of their employees testing them for drug use? If an employee is performing their job satisfactorily an employer shouldn’t care what that employee puts into their body. If an employee isn’t performing their job satisfactorily then the employer will likely terminate them regardless of the reason. But employers have allowed themselves to become snoops for the State and is do doing have handicapped themselves:

SAVANNAH, Ga. — A few years back, the heavy-equipment manufacturer JCB held a job fair in the glass foyer of its sprawling headquarters near here, but when a throng of prospective employees learned the next step would be drug testing, an alarming thing happened: About half of them left.

That story still circulates within the business community of this historic port city. But the problem has gotten worse.

All over the country, employers say they see a disturbing downside of tighter labor markets as they try to rebuild from the worst recession since the Depression: They are struggling to find workers who can pass a pre-employment drug test.

That hurdle partly stems from the growing ubiquity of drug testing, at corporations with big human resources departments, in industries like trucking where testing is mandated by federal law for safety reasons, and increasingly at smaller companies.

I’ve heard a lot of people who work in human resource departments at software development firms joke about how their companies would lose all of their employees if they actually started doing drug testing. It’s good evidence that users of illicit drugs aren’t incapable of performing reliably. This is especially true when many drugs that are declared illegal aren’t actually that harmful. Cannabis, for example, is an example of a drug that’s still illegal in many states but doesn’t actually cause a great deal of harm. In fact it can improve an individual’s performance at work by helping them coax with anxiety or stress.

The lesson from this story is that you should not volunteer to enforce the State’s policies. Even though the State has declared a massive list of chemicals illegal that doesn’t mean you, as an employer, should volunteer to test your employees. You gain no advantage from it (when’s the last time you heard of the State giving a sizable reward to an employer for drug testing their employees) and actually put yourself at a severe disadvantage by limiting your pool of potential employees.

The FBI Cares More About Maintaining Browser Exploits Than Fighting Child Pornography

Creating and distributing child pornography are two things that most people seem to agree should be ruthlessly pursued by law enforcers. Law enforcers, on the other hand, don’t agree. The Federal Bureau of Investigations (FBI) would rather toss out a child pornography case than reveal one stupid browser exploit:

A judge has thrown out evidence obtained by the FBI via hacking, after the agency refused to provide the full code it used in the hack.

The decision is a symptom of the FBI using investigative techniques that are usually reserved for intelligence agencies, such as the NSA. When those same techniques are used in criminal cases, they have to stack up against the rights of defendants and are subject to court processes.

The evidence that was thrown out includes child pornography allegedly found on devices belonging to Jay Michaud, a Vancouver public schools worker.

Why did the FBI even bring the case Michaud if it wasn’t willing to reveal the exploit that the defense was guaranteed to demand technical information about?

This isn’t the first case the FBI has allowed to be thrown out due to the agency’s desperate desire to keep an exploit secret. In allowing these cases to be thrown out the FBI has told the country that it isn’t serious about pursuing these crimes and that it would rather all of us remain at the mercy of malicious hackers than reveal the exploits it, and almost certain they, rely on.

I guess the only crimes the FBI actually cares to fight are the ones it creates.

Free Speech Is Inconvenient

Evelyn Beatrice Hall once said, “I disapprove of what you say, but I will defend to the death your right to say it.” That attitude used to be widely held but the freedom of speech is quickly becoming another casualty to statism. A lot of people are happy to support suppressing the speech of people they disagree with. Fortunately, the freedom of speech hasn’t been slain yet. There are a few holdouts who understand the value of the freedom of speech even if it can be inconvenient:

Rowling gave a brief but exquisite address in which she lauded free speech in the broadest terms, saying, “The tides of populism and nationalism currently sweeping many developed countries have been accompanied by demands that unwelcome and inconvenient voices be removed from public discourse … Intolerance of alternative viewpoints is spreading to places that make me, a moderate and a liberal, most uncomfortable.” Speaking out about an online petition that sought to ban Donald Trump from visiting the UK, she said, “I find almost everything that Mr Trump says objectionable. I consider him offensive and bigoted. But he has my full support to come to my country and be offensive and bigoted there. His freedom to speak protects my freedom to call him a bigot. His freedom guarantees mine.”

The problem with suppressing free speech is the same problem inherent in any political solution: it sounds great while your people are in power but turns out not being so great when your opposition is in power.

Political power in democratic systems tends to change hands frequently. When things turn south the people tend to blame whatever party is in power and punish that party by handing one of its competitors the reigns. Since political power never actually solves the problems facing the people — and in fact is often the cause — entire nations of people end up trapped in a vicious cycle of flip flopping rules.

Consider the situation Rowling discussed. A lot of people in the United Kingdom support black listing Donald Trump from entering. On the one hand I can see their power. Trump is a fascist. But black listing him would set a precedence and that precedence could be used in a very different way at a future time. If the current party in power black listed Trump a future party could use that act as a justification to black list somebody else (for you Bernie Sanders supporters out there, a conservative party could come into power and black list him).

Handing the State more power always carries longterm consequences. If you hand it the power to censor bigots today it could very well use that power to censor political dissidents who are fighting bigotry in the future. The freedom of speech, like all freedoms, should be absolute.

FBI Director Concerned That Videos Of Police Beating People May Dissuade Police From Beating People

James Comey, the current director of the Federal Bureau of Investigations (FBI), has a lot of concerns on his plate. One of his biggest concerns is the propagation of effective cryptography, which is making it harder for his agents to snoop through any random schmuck’s data. Another concern of his is the propagation of high quality cameras:

WASHINGTON — The director of the F.B.I. reignited the factious debate over a so-called “Ferguson effect” on Wednesday, saying that he believed less aggressive policing was driving an alarming spike in murders in many cities.

James Comey, the director, said that while he could offer no statistical proof, he believed after speaking with a number of police officials that a “viral video effect” — with officers wary of confronting suspects for fear of ending up on a video — “could well be at the heart” of a spike in violent crime in some cities.

“There’s a perception that police are less likely to do the marginal additional policing that suppresses crime — the getting out of your car at 2 in the morning and saying to a group of guys, ‘Hey, what are you doing here?’” he told reporters.

“Marginal additional policing” is a fancy way of saying harassment. Consider the example he gave. Why should a police officer pull over a car at two in the morning just to ask what the occupants are doing? If the officer didn’t catch them actually doing something illegal he shouldn’t have pulled them over. Period.

But the viral videos that Comey is referring to are videos of police using force. I’m an advocate of recording all police interactions. If you are a party to a police interaction you should record it, even if it’s something as minor as getting pulled over for speeding. You should also record any police interactions you come across. Police are almost never held accountable for wrongdoing in this country but the few times they are usually only happen because there was a video of the misconduct.

If the threat of being recorded on video dissuades police officers from harassing innocent people I would consider that an added bonus. Apparently Comey feels differently.

Airport Security Isn’t The Only Security The TSA Sucks At

The Transportation Security Administration (TSA) sucks at providing airport security. But the agency isn’t a one trick pony. Demonstrating its commitment to excellence — at sucking — the TSA is working hard to make its computer security just as good as its airport security:

The report centers on the the way TSA (mis)handles security around the data management system which connects airport screening equipment to centralized servers. It’s called the Security Technology Integrated Program (STIP), and TSA has been screwing it up security-wise since at least 2012.

In essence, TSA employees haven’t been implementing STIP properly — that is, when they’ve been implementing it at all.

STIP manages data from devices we see while going through security lines at airports, namely explosive detection systems, x-ray and imaging machines, and credential authentication.

[…]

In addition to unpatched software and a lack of physical security that allowed non-TSA airport employees access to IT systems, the auditors found overheated server rooms and computers using unsupported systems — and much more.

The observed “lack of an established disaster recovery capability” noted by the OIG is particularly scary. If a data center was taken out by natural disaster, passenger screening and baggage info would be rendered inaccessible.

Not only that, but there was no security incident report process in place, and there was “little employee oversight in maintaining IT systems.” And, auditors were not pleased at all that non-TSA IT contractors maintained full admin control over STIP servers at airports.

At what point do we write the TSA off as a failed experiment? I know, it’s a government agency, it’ll never go away. But the fact that the TSA continues to fail at everything and is allowed to continue existing really demonstrates why the market is superior to the State. Were the TSA forced to compete in a market environment it would have been bankrupted and its assets would have been sold to entrepreneurs who might be able to put them to use.

It’s time to ask the million dollar question. What will happen now? One of the reason government agencies fail to improve their practices is because there’s no motivation to do so. A government agency can’t go bankrupt and very rarely do failures lead to disciplinary action. In the very few cases where disciplinary action does happen it’s usually something trivial such as asking the current head of the agency to retire will full benefits.

Meanwhile air travelers will still be required to submit to the TSA, which not only means going through security theater but now potentially means having their personal information, such as images from the slave scanners, leaked to unauthorized parties.

Being Able To Lookup Your Neighbor’s Income Online Is A Terrible Idea

Statists come up with the dumbest ideas. One of latest stupid statist ideas is the idea that Norway’s practice of posting everybody’s tax returns online is a good idea:

But maybe the demand that Trump post his returns doesn’t go far enough. Maybe everyone’s tax returns should be a matter of public record. It sounds nuts, but in Norway, Sweden, and Finland, it’s the law, and it works. Norway’s been putting out records since 1814; in Sweden, they’ve been public since 1903.

Public tax returns help reduce gender and racial pay disparities, make labor markets more efficient, encourage workers to bargain for higher pay, prevent tax evasion, and create a rich font of data for economists and other researchers. The US ought to give the idea a try.

Why should anybody have any right to privacy at all? We might as well just put our medical records, voting records, and any other type of records online for everybody to see! And fuck those people who want to have control over their personal information. They’re obviously hiding something.

If you read the article you will discover that the author is a jealous individual trying to disguise that jealousy as pragmatism. He starts off by arguing that making tax return information publicly available would improve the job market. This claim is backed up by a great deal of statist nonsense such as imply that markets require perfect information (they don’t) and claiming that it’s impossible for employees to find out what their fellows at other companies are making if tax return records or private (apparently it never occurred to the author that you can just ask). But he eventually get’s to his real point:

Another thing about pay transparency: It makes it harder to evade your taxes. Adding scrutiny from not only the tax collection agency but your neighbors and competitors makes it tougher to fudge your reported income.

Making tax returns publicly available makes it easier for the State to steal wealth to fund its law enforcers, war machine, economic protectionism, and other atrocities. This is ultimately what every statist’s opposition to privacy boils down to. As believers in the One True State, they want to make it as difficult as possible for anybody who opposes their political god. Are private tax returns making it harder for their political god to steal? Make the records public! Is end-to-end cryptography making it harder for their political god to keep the citizenry in line? Restrict effective cryptography! Are anonymizing services allowing people to peacefully cell illicit goods? Ban anonymizing services!

This is why privacy is so important. The State and its worshippers want to know as much about you as possible. That way they can better know what you have so they can steal it and identify dissidents so they can crush them. Know that when somebody advocates that privacy must be curtailed they’re necessarily arguing that the State must be further empowered. Also know that the empowerment of the State always comes at the expense of individual freedom.