Tag: Your Government Doesn’t Love You

Registering A Drone Puts Your Home Address Publicly To The Internet

When a handful of drone owners made some poor choices the Federal Aviation Administration (FAA) saw the opportunity to drum up some cash. It mandated that all drones must be registered with the FAA. Registering as a drone pilot costs $5.00 and failing to register can cost up to $250,000 and/or up to three years in a cage. Either way the FAA wins and you lose. Why do you lose? Because a hidden costs of registering your drone is making your home address publicly available on the Internet:

The FAA is delighted that signups for its new drone registry have hit 300,000. But the agency’s buoyant mood is destined for a nosedive. The FAA isn’t warning drone owners their names and addresses are easily searchable and downloadable (47MB) in the agency’s online registry.

To add a bit more insult than usual to public registries, the FAA’s drone pilot registry even includes minors:

While drone owners must be 13 years old to register, the privacy threat posed by this registry is particularly concerning for minors — for obvious reasons.

The poor manner in which this registry program has been handled just adds credence to the entire thing being a quick cash grab. Even a little bit of thought would have caused the developers to realize how bad of an idea making people’s name and addresses publicly available is. It’s especially damning when it’s so easy to make a more anonymized database.

When Karma Bites You In The Ass

The National Security Agency (NSA), which is supposedly tasked with security domestic networks in addition to exploiting foreign networks, has caused a lot of damage to overall computer security. It appears one of its efforts, inserting a backdoor into the Dual Elliptic Curve Deterministic Random Bit Generation algorithm, may have bit the State in the ass:

The government may have used compromised software for up to three years, exposing national security secrets to foreign spies, according to lawmakers and security experts.

Observers increasingly believe the software defect derived from an encryption “back door” created by the National Security Agency (NSA). Foreign hackers likely repurposed it for their own snooping needs.

[…]

The software vulnerability was spotted in December, when Juniper Networks, which makes a variety of IT products widely used in government, said it had found unauthorized code in its ScreenOS product.

[…]

The case is especially frustrating to security experts because it may have been avoidable. The hackers, they say, likely benefited from a flaw in the encryption algorithm that was inserted by the NSA.

For years, the NSA was seen as the standard-bearer on security technology, with many companies relying on the agency’s algorithms to lock down data.

But some suspected the NSA algorithms, including the one Juniper used, contained built-in vulnerabilities that could be used for surveillance purposes. Documents leaked by former NSA contractor Edward Snowden in 2013 appeared to confirm those suspicions.

Karma can be a real bitch.

This story does bring up a point many people often ignore: the State relies on a great deal of commercial hardware. Its infrastructure isn’t built of custom hardware and software free of the defects agencies such as the NSA introduce into commercial products. Much of its infrastructure is built on the exact same hardware and software the rest of us use. That means, contrary to what many libertarians claim as a pathetic justification not to learn proper computer security practices, the State is just as vulnerable to many of the issues as the rest of us and is therefore not as powerful as it seems.

Getting Off The No-Fly List

With the rekindled excitement for prohibition people on the government’s terrorist watch lists from purchasing firearms it’s a good time to review how terrible of an idea the lists themselves are. The lists and the criteria for appearing on them are secret so there is no due process involved. We know approximately 40 percent of the names on the lists aren’t affiliated with any known terrorist organization. To make matters even worse there’s no way to know whether you’re on the lists until you try to fly and end up being detained and interrogated for hours. And once you’re on the lists getting off of them is no simple matter:

Kadura, an American citizen, was placed on the federal government’s no-fly list in 2012. Since then, in addition to being prevented from boarding flights, he has been detained, interrogated, and harassed at border crossings and pressured by authorities to become a government informant.

yaseen Yaseen Kadura Photo: Courtesy of Yaseen KaduraThe 25-year-old American medical student, who was raised in Indiana, has spent the last three years trying to coax information out of the government and clear his name. Last year, he sued in federal court over his watchlisting, joining four other Muslim Americans represented by lawyers from the Michigan chapter of the Council on American-Islamic Relations. That case was still ongoing, when, this past September, Kadura suddenly received a brief, terse letter from the government indicating that he was no longer on the list and could board a plane without impediment.

Since 2012 Kadura hasn’t been able to fly. He finally found his ability to fly restored but there is no indication of why. There was no known process for him to file an appeal. He initiated a lawsuit, which hadn’t concluded when his ability to fly was restored so no information of how one might restore their privileges was drawn out during the hearing. Like getting on the list, getting off of the list is a black box.

Proponents of barring people on the terrorist watch lists from purchasing firearms like to say, “If you can’t fly, you shouldn’t be able to own a gun.” It’s idiocy that ignored the fact that nobody on the terrorist watch lists should be prohibited from flying since there is no due process involved in appearing on the lists nor is there a known way of getting remove.

Everything Is Becoming A Snitch

The Internet of Things promises many wonderful benefits but the lack of security focus guarantees there will be severe detriments. A column in the New York Times inadvertently explains how dire some of these detriments could be:

WASHINGTON — For more than two years the F.B.I. and intelligence agencies have warned that encrypted communications are creating a “going dark” crisis that will keep them from tracking terrorists and kidnappers.

Now, a study in which current and former intelligence officials participated concludes that the warning is wildly overblown, and that a raft of new technologies — like television sets with microphones and web-connected cars — are creating ample opportunities for the government to track suspects, many of them worrying.

“ ‘Going dark’ does not aptly describe the long-term landscape for government surveillance,” concludes the study, to be published Monday by the Berkman Center for Internet and Society at Harvard.

The study argues that the phrase ignores the flood of new technologies “being packed with sensors and wireless connectivity” that are expected to become the subject of court orders and subpoenas, and are already the target of the National Security Agency as it places “implants” into networks around the world to monitor communications abroad.

The products, ranging from “toasters to bedsheets, light bulbs, cameras, toothbrushes, door locks, cars, watches and other wearables,” will give the government increasing opportunities to track suspects and in many cases reconstruct communications and meetings.

Encryption is only part of the electronic security puzzle. Even if your devices are properly implementing encryption to secure the data they store, transmit, or receive they may not be properly enforcing credentials. Authorized users are expected to be able to gain access to plaintext data so bypassing the security offered by encryption can be done by gaining access to an authorized user account.

Let’s consider the Amazon Echo. The Echo relies heavily on voice commands, which means it has a built-in microphone that’s always listening. Even if the data it transmits to and receives from Amazon is properly encrypted an unauthorized user who gains access to the device as an authorized user could use the microphone to record conversations. In this case cryptography hasn’t failed, the device is merely providing expected access.

Internet of Things devices, due to the lack of security focus, often fail to enforce authorization. Some devices require no authorized at all, have vulnerabilities that allow an unauthorized user to gain access to an authorized user’s account, include built-in backdoor administrative accounts with hardcoded passwords, etc. That gives the State potential access to a great deal of sensors in a targeted person’s household.

I’m not against the idea behind the Internet of Things per se. But I’m wary of such devices at the moment because the manufacturers are, in my opinion, being sloppy with security. In time I’m sure the hard lessons will be learned just as they were learned by operating system developers in the past. When that finally happens and I can be reasonably assured the security of my smart television isn’t nonexistent I may becoming more willing to buy such products.

There The Market Goes Again, Solving Problems Without Threats Of Force

Humans aren’t very good drivers. We’re unable to watch everything that’s going on around us at all times, we’re easily distracted, and many of us seem utterly incapable of putting the cell phone down even when we’re driving. Not surprisingly, especially when you consider the number of vehicles on the road, a lot of collisions happen every day. The State benefits from this because it has create numerous laws that allow it to rake in cash when people crash into one another but do fuck all for safety. Fortunately the market is here to help and it doesn’t even need a gang of armed agents to shoot our pets:

In what may not come as a surprise, vehicles with automatic braking systems are involved in rear-end crashes (that is, accidents in which a vehicle hits a car directly in front of them) at lower rates than vehicles not equipped with the systems, says the Insurance Institute for Highway Safety, or IIHS.

The research focused on Forward Collision Warning (FCW) and Automatic Emergency Braking (AEB), as well as the suite of systems made by Volvo called City Safety, which includes advanced versions of those two technologies. The research examined vehicles from a number of different automakers including Acura, Honda, Mercedes-Benz, Subaru and Volvo, which were equipped with FCW and AEB, as well as vehicles that included just FCW or no crash prevention tech at all.

According to the IIHS research, equipping vehicles with both warning and autobraking systems reduced the rate of rear-end crashes by 39 percent and rear end crashes with injuries by 42 percent. That’s an overall reduction in crashes by 12 percent and a reduction in injury crashes by 15 percent.

Machines can be far better drivers than humans. With the right sensors they can watch everything that’s going on around them, they don’t get distracted, and they can multitask so sending information over a cellular connection doesn’t hinder their ability to drive. Adding automation to automobiles has been improving safety since, at least, power brakes became a thing. As the amount of tasks an automobile can do itself increases we will likely continue to see a correlating increase in safety.

What’s beautiful about these safety systems is that they don’t require the threat of violence to create. I’m sure the State will take credit for these automated breaking systems by making them mandatory but the State didn’t invent them, the market did. Automobile manufacturers have voluntarily developed these systems to make their vehicles safer and therefore, they hope, more appealing to customers.

Meanwhile the State will continue passing laws to needlessly change the roadways and highways, make more things a finable offense, and other such nonsense under the false claims of increasing safety while really increasing its revenue.

Police Body Cameras Won’t Save Us

Setting aside the severe privacy implications of pervasive police body cameras the biggest issue is that the police remain in sole control of the devices and data. Even in cities that require police to wear body cameras I still urge people to record any and all police interactions they’re either a party to or come across. When individuals record the police the footage isn’t in the polices’ control so there are barriers that make it more difficult for them to use it to prosecute somebody. Footage recorded by individuals is also more resilient to the body camera memory hole:

Chicago Police Department officers stashed microphones in their squad car glove boxes. They pulled out batteries. Microphone antennas got busted or went missing. And sometimes, dashcam systems didn’t have any microphones at all, DNAinfo Chicago has learned.

Police officials last month blamed the absence of audio in 80 percent of dashcam videos on officer error and “intentional destruction.”

When the only footage of a police encounter comes from a police controlled device it’s a simple matter for the officer to disable it. The best way to counter such a threat is to record police interactions yourself.

Most people carry smartphones, which usually come equipped with a decent camera. You can use the builtin video recording app but there are better options in my opinion. A friend of mine who spends a lot of time recording the police uses and recommends Bambuser. The American Civil Liberties Union has region specific apps for recording the police. Both options are good because they upload the video to a remote server so a cop cannot destroy the footage by confiscating or destroying your recording device.

Police body cameras sound like a great idea on paper but as with most things in life if you want something done right you should do it yourself.

The Public-Private Surveillance Partnership

Between government and corporate surveillance I would, nominally, agree that government surveillance is more dangerous. This is because corporations aren’t in the practice of sending armed goons to your home to kick in your door, shoot your dog, and kidnap you based on what their surveillance has uncovered. But the distinction is only nominal because the data collected from corporate surveillance often finds its way into the government’s hands:

Throughout the United States—outside private houses, apartment complexes, shopping centers, and businesses with large employee parking lots—a private corporation, Vigilant Solutions, is taking photos of cars and trucks with its vast network of unobtrusive cameras. It retains location data on each of those pictures, and sells it.

It’s happening right now in nearly every major American city.

The company has taken roughly 2.2 billion license-plate photos to date. Each month, it captures and permanently stores about 80 million additional geotagged images. They may well have photographed your license plate. As a result, your whereabouts at given moments in the past are permanently stored. Vigilant Solutions profits by selling access to this data (and tries to safeguard it against hackers). Your diminished privacy is their product. And the police are their customers.

The company counts 3,000 law-enforcement agencies among its clients. Thirty thousand police officers have access to its database. Do your local cops participate?

One of the biggest risks of corporate surveillance is the collected data, either through sale or warrant, ends up in the hands of the State. While I have no real concerns about Facebook using my social graph to justify sending armed goons to kidnap me I do have concerns about judge granting a warrant to a law enforcement agency to obtain that data as a justification for kidnapping me.

Judges Don’t Have To Understand Something To Rule On It

In most professions the opinions of those who lack an understanding of a pertinent topic are rightfully ignored. Why would anybody waste time asking somebody who knows nothing about software development about the best method to implement a software feature? But the legal field is not most professions. In the legal field you can lack an understanding of a pertinent topic and still be taken seriously as proven time and again when a judge attempts to rule on a case involving technology:

In short, Judge Byran, despite hearing the views of those who took part in the investigation, and having read the briefs submitted by the defense and prosecution several times, could not fully grasp what the NIT was doing.

“If a smart federal judge still has trouble understanding after hours of expert testimony what is actually going on,” then the average judge signing warrant applications has little hope of truly understanding what the FBI is proposing, Nate Wessler, staff attorney at the American Civil Liberties Union (ACLU), told Motherboard in a phone interview. (The ACLU has agreed to a protective order for the Michaud case, allowing it access to the sealed filings.)

“It appears in this case, and that’s consistent with other cases we’ve seen elsewhere in the country involving use of malware, the government explanations and warrant applications are quite sparse, and do not fully explain to judges how these technologies works,” Wessler added.

As the hearing continued, Judge Byran said “I suppose there is somebody sitting in a cubicle somewhere with a keyboard doing this stuff. I don’t know that. It may be they seed the clouds, and the clouds rain information. I don’t know.”

Emphasis mine. The judge openly admits that he doesn’t know how the Federal Bureau of Investigation’s (FBI) malware works and further emphasizes this fact but saying something entirely nonsensical. In almost any other profession the judge’s rambling would have been dismissed but in the legal profession his ruling, even though he has no idea what he’s ruling on, is respected.

This is yet another item in a long list of problems with the United States legal system. The fate of accused parties is being put into the hands of individuals who are entirely unqualified to make the decisions they’re tasked with making. As soon as Judge Byran said he didn’t know what was going on he should have been replaced by somebody qualified. In any other profession he would have been. But a judge’s power is more important than their knowledge in the courtroom. How anybody can look at such a system and claim it dispenses justice is beyond me.

No Hero Goes Unpunished In The United States

The United States has a very proud history of punishing its heroes. William Binney had armed goons storms his home and kidnap him because he revealed rather concerning National Security Agency’s (NSA) programs. When Chelsey Manning revealed war crimes being committed by the United States military she ended up in a military prison. Edward Snowden is still in exile for revealing the NSA’s illegal surveillance operations. Now the United States government is going after the man who revealed the corruption in the Foreign Intelligence Surveillance Court:

A former Justice Department lawyer is facing legal ethics charges for exposing the President George W. Bush-era surveillance tactics—a leak that earned The New York Times a Pulitzer and opened the debate about warrantless surveillance that continues today.

The lawyer, Thomas Tamm, now a Maryland state public defender, is accused of breaching Washington ethics rules for going to The New York Times instead of his superiors about his concerns about what was described as “the program.”

Tamm was a member of the Justice Department’s Office of Intelligence Policy and Review and, among other things, was charged with requesting electronic surveillance warrants from the secret Foreign Intelligence Surveillance Court.

The District of Columbia Court of Appeals Board of Professional Responsibility said Tamm became aware in 2004 that certain applications to the FISA Court for national security surveillance authority “were given special treatment.

Isn’t it ironic how the State keeps urging whistleblowers to come forth if their information is related to a private organization but prosecute any whistleblower who comes forth with information about government corruption? If a whistleblower can lead the government to some wealth to steal it is grateful but when its dirty laundry is aired it becomes angry and violent.

Assumption Of Guilt

We truly live in wondrous times. At one time people held inconvenient beliefs about people being innocent until proven guilty by a jury of 12 impartial individuals. Today is a simpler time where most cases never go to trail. Instead the State merely coerces accused individuals into admitting guilt:

The presumption of innocence helps to combat prejudice and prejudging in the U.S. criminal justice system. But because plea bargains have supplanted trials in our criminal justice system, that presumption does not apply to most cases in the United States.

[…]

Unfortunately, the system that is described by our school teachers and that Americans see on television and in the movies is now defunct. Jury trials are now rare events in the United States. In fact, about 95 percent of the cases moving through the system will not go to trial. The overwhelming majority of cases will be resolved by plea bargains.

In a plea bargain, the prosecutor typically offers the defendant a reduced prison sentence if he agrees to waive his right to a jury trial and admit guilt in a brief hearing before a judge. Prosecutors use their power to pressure people who have been accused of a crime, and are presumed innocent, to waive their right to a trial and admit guilt.

We know this is true because prosecutors admit that this is what they are doing. The Supreme Court has approved these prosecutorial tactics in the landmark 1978 case, Bordenkircher v. Hayes. By a close 5-4 vote, the court said there was no constitutional problem with pressuring the accused to waive his trial and admit guilt. According to the court, there is no illegal coercion “so long as the accused is free to accept or reject the prosecution’s offer.”

The article touches on the folly of this system but I want to make another important point.

A person accused of a crime isn’t involved in a fair game. From the very beginning of a case, where the accused is arrested, the deck is stacked against them. Cops can lie to them but they can’t lie to the cops. So the accused is at an immediate information disadvantage because the cops and lie about evidence, witness testimony, and other things that can make a charge look hopeless to fight. Prosecutors have the right to threaten an accused with decades of prison time whereas the accused has no right to threaten the prosecutor with, say, a retaliatory lawsuit if it’s later found out that they’re innocent. In addition to that it’s also not uncommon for an accused party to front their legal defense fees even if they are found innocent.

The deal presented to the accused party isn’t fair by any sane definition. No matter what avenue they choose they’re at a major disadvantage. Admitting guilt and taking the lesser sentence seems like a good choice when the alternative is a longer sentence and tremendous legal defense fees. Especially when, as far as the accused knows, the evidence against them is thoroughly damning.

A legal system that favors one side over the other cannot be considered an engine for justice. It is merely a formality that allows the advantaged side to declare its actions just when it crushes the disadvantaged side.