You’re Doing it Wrong – Page 29

Rand Paul Supports Having A Powerful Federal Government

It’s no secret that I’m not a fan of Rand Paul. Unlike his father, Rand is an inconsistent man that sways whatever way the political winds are blowing. His supporters, or the Rand Rapid Response Team as I like to call them, are always quick to claim he is just playing politics to win the presidency so he can beat Americans in the head with liberty. They never seem to have an answer as to why Rand, upon winning office (which he’ll never do), don’t continue to play politics to get a second term but I digress. From an anarchist point of view Rand is a tyrant through and through. But even from a small government point of view Rand is a tyrant. For example, his latest tirade was against so-called sanctuary cities. Sanctuary cities, for those who don’t follow the neocon news cycle, are supposed cities that refuse to enforce immigration laws. Neocons, Rand Paul included, really hate them:

Among those jumping on the anti-sanctuary-city bandwagon was presidential candidate and Sen. Rand Paul (R-Ky.).

Paul proudly introduced the PACT Act (“Protecting American Citizens Together,” ugh), because, as he states in his office’s emailed press release, “Our nation now has whole cities and states who stand up and willingly defy federal immigration laws in order to protect illegal immigrants who have broken our nation’s laws. This must end and it must end now. My bill makes it clear, the American people will not stand for cities harboring violent criminals.”

The bill would cut off a range of federal law enforcement grants to localities from any city daring to go its own way on enforcing federal immigration law. This, from a politician who generally sells himself as a strong federalist welcoming local experimentation, especially when, as with marijuana law, respect for local decisions might halt government interference with people’s lives for no good reason. Medical marijuana states are themselves “defying” federal laws, yet that doesn’t bother Paul on principle.

Kudos on the name. The PACT Act not only rhymes but it’s a backronym! Obviously my anarchist perspective doesn’t give any value to the imaginary lines that separate one tyrannical regime from another but even if I channel my long-dead small government memory Rand’s actions are inconsistent with liberty.

Anybody who believes in decentralizing power, which is what small government advocates claim to believe, should approve of an individual state or city deciding who they want to let live there. What business is it of the federal government who an individual state or city chooses to allow in?

Neocons have a hard-on for hating “illegal” immigrants. Rand Paul is a candidate for the Republican Party and therefore has to appeal to neocons. Time and again he has showing a willingness to do whatever is necessary to please is neocon base, which will always hate him because of who his father is, and even go so far as to introduce legislation to push the neocon agenda forward. If Rand merely pandered to the neocons then the Rand Rapid Response Team may have some grounds on which to claim their messiah was just playing politics. But the guy is introducing anti-liberty legislation in addition to pandering.

Obviously I’m not going to tell you what to do, especially when it comes to politics since I don’t play that game anymore. But I will severely judge anybody who claims to be an advocate of liberty and a supporter of Rand Paul. The two things are not equivalent.

Stopping Active Shooters Is About Armed Resistance, Not Special Training

The Trace, an anti-self-defense rag masquerading as a news source, posted what may be one of the dumbest arguments against arming, well, anybody but soldiers at recruitment centers specifically:

Most armed service members are not trained to neutralize active shooters, and putting more loaded guns in their hands creates its own risks.

[…]

Most service members — 99 percent of airmen, 88 percent of sailors, and about two-thirds of soldiers and Marines — are not in direct combat roles, but instead are technical workers whose specialties support those “tip of the spear” troops. These include navigators, supply clerks, water purification specialists, and camera crews. Roughly the same breakdown applies to the backgrounds of recruiters and reservists. Practically speaking, this means that your average military member’s firearms experience may only go as far as some boot camp familiarization with a service rifle on a “static range,” plinking at paper targets to qualify for a marksmanship ribbon.

I’ll be sure to tell my friend who was a helicopter mechanic in the Marines that his firearms training amounted to little more than plinking at paper on a range. Less I digress further into the firearm training military personnel receive let me make my point. Stopping an active shooter, in most cases, doesn’t require any special training. All that’s required are bullets moving towards the shooter. As it turns out most active shooters commit suicide upon meeting armed resistance:

But as much as we would like to confront the active shooter with multiple officers, the reality is that we are almost always in a reactive posture, and time is working in favor of the shooter. More often than not, we must wait for the incident to unfold before we are able to interject ourselves into the fray. Depending on the venue, whether it occurs in a big city or an isolated rural community, that response with well-trained responders may be a while in arriving.

Therefore, the individual officer becomes our best asset. Ideally, we’d like to have a response in which we send in several similarly trained officers, but that may not always be possible. Thus, the responsibility rests with the first car on the scene, and in these types of incidents it’s important to get inside and act quickly. By doing this, we interrupt the killer’s plan and his activity. This rapid interdiction is critical to saving lives.

However, quickly inserting oneself into the active shooter situation does not mean running blindly into a gun battle. Rather, it simply means stopping the shooter as fast as possible, either by lethal means or by the mere fact that he knows law enforcement is present. That knowledge alone, that cops are on scene, has ended the carnage in many instances and caused the gunman to commit suicide.

Therefore, the key to reacting to an active shooter situation is rapid response – get on scene and inside as quickly as possible.

Police “training” for active shooter responses is for the first officer on the scene to move in and start sending bullets at the shooter. That’s because response time is the key factor for how long an active shooter scenario will play out. The sooner somebody is able to provide armed resistance to an active shooter the sooner the situation stops in a vast majority of cases. The “training” that is supposedly absent from boot camp is having a gun and using it to shoot at the active shooter. Anybody who has gone through basic training in any branch of the military can handle that. Hell, I can handle that.

There isn’t a good argument against armed individuals at the scene being the most effective way to resolve active shootings. An active shooting is a scenario where, in the vast majority of cases, accuracy and tactics aren’t the primary deciding factors in how quickly it stops. Even a man at the scene wearing a stylish tactical neon shirt and camouflage Crocs armed with a potentially felonious foregrip equipped sightless AR-pattern pistol would be more effective against an active shooter than waiting for police to respond.

Still more effective than waiting for police to respond.

Situational Awareness Is Equally Important Offline And Online

Defending yourself online isn’t dissimilar to defending yourself offline. The tools do change. Instead of relying on tools such as physical fitness, weapons, and martial arts online defense relies on encryption, anonymity, and credential management. Even though online and offline self-defense utilize different tools both rely first and foremost on situational awareness. For example, in regards to offline defense it’s wise to avoid going down dark alleys that have reputations for being places of violence at night by yourself. Situation awareness should lead you to recognize that putting yourself in that situation greatly increases your risk of being the target of a violent crime. Likewise, when you’re online it’s wise not to submit personally identifiable information to websites that offer services that are either illegal or could be used to blackmail users.

37 million people failed the online situational awareness test and are now facing the very real prospect of being blackmailed:

Hackers claim to have personal details of more than 37 million cheating spouses on dating website Ashley Madison and have threatened to release nude photos and sexual fantasies of the site’s clients unless it is shut down, blog KrebsOnSecurity reported.

Ashley Madison’s Canadian parent, Avid Life Media, confirmed the breach on its systems and said it had since secured its site and was working with law enforcement agencies to try to trace those behind the attack.

Let’s consider the situation. The Ashley Madison website specifically specializes in helping married individuals have an affair. Since knowledge of affairs are often used as blackmail signing up for this website has pretty notable risks. The first risk is that the owners of the site will use the existence of your account to blackmail you. Another risk is exactly what happened, malicious hackers breaching the network and acquiring your personal information.

The latter risk is one faced whenever you sign up for any website. But the risks involved in your personal information from, say, Reddit being leaked is likely far less than those involved in a website that specifically advertises services to help married individuals commit adultery. That’s an important part of the situation to consider.

Another part of the situation that’s important to note is the site didn’t put any measures in place to protect your privacy in the event a breach occurred. Had the website been a hidden service that used Bitcoin as payment the ability to anonymize yourself, or at least offer plausible deniability by claiming somebody else created and maintained the account to sully your reputation, would exist. That’s exactly why Silk Road, which offered illegal services, opted for the hidden service using Bitcoin route. This website wasn’t a hidden service and, as far as I know, used credit cards, which are strongly tied to your real-life identity, for payments.

Be aware of the situation before you involve yourself in it. Failing to do so could put you in a bad situation that you could have otherwise avoided.

Rand Paul Wants To Bring Back Religious Profiling

Here’s a reminder, for those who need it, that Rand Paul is not a libertarian nor an advocate of liberty. After the shooting in Chattanooga the presidential wannabe took some time out of his busy schedule to urge for the reimplementation of a program that almost exclusively profiles Muslims entering the country:

Yet, Paul commented to Breitbart:

I’m going to have our subcommittee and maybe committee in Homeland Security look into whether or not we could reinstitute this NSEERS [National Security Entry Exit Registration System] program.

So what did this program do? It not only singled out Muslims entering the country for extra interrogation at the airport (which is stupid because if they pose a threat then why grant them a visa at all?), it required Muslim foreign boys and men over 16 years already in the country to personally appear before Uncle Sam’s functionaries and register. Explains the Migration Policy Institute:

Registration includes a meeting with an immigration official where the interviewees are fingerprinted (both digitally and with ink), photographed, and asked a series of questions under oath. In addition to the initial registration, foreign visitors must also appear at a U.S. immigration office within 10 days of the one-year anniversary date of initial registration. All of these foreign visitors are required to complete a departure check only at a designated departure port (of which there are approximately 100 nationwide) on the same day that they intend to leave the country. Willful refusal to register is a criminal violation; overstaying a visa is a civil violation.

Expecting terrorists to voluntarily stroll to an immigration office to be fingerprinted and IDed is absurd, of course. So the entirely predictable upshot of the program was that although it managed to obtain not a single terrorism-related conviction, it did ruin plenty of lives of peaceful Muslims caught in its dragnet. Consider the case of Abdulameer Yousef Habeeb, a refugee from Iraq. As per the ACLU:

he was lawfully admitted to the United States after suffering imprisonment and torture by Saddam Hussein’s regime. Habeeb was on a train from Seattle to Washington, D.C., to start a new life when Border Patrol agents singled him out for questioning without any individualized suspicion. As a refugee, Habeeb was not required to register with NSEERS, but when he showed the border agents his refugee documentation, the agents insisted—incorrectly—that he was in violation of NSEERS’ registration requirements. Detained for a week, Habeeb lost his job. Habeeb was terrified of being returned to Iraq, yet the government stubbornly continued deportation proceedings for six weeks. Ultimately, after the ACLU filed suit, Habeeb won an apology from the government stating: “[T]he United States of America acknowledges that, by not registering under NSEERS, you did nothing wrong [and] regrets the mistake.”

Paul maintains that immigration is not a right; it’s a privilege. But the Constitution guarantees immigrants in the country the same due process and other basic rights as citizens because it understands that a Leviathan that is authorized to abuse the rights of one set of people is not likely to respect those of others for very long.

I checked the link that explains what NSEERS is and it clearly noted that, “Except for North Korea, nearly all of the countries designated in Special Registration are predominantly Arab and Muslim.” In other words this program places special restrictions on people from specific countries that grants Border Patrol agents the right to harass them without cause. Even somebody who advocates for controlled immigration should acknowledge that placing additional restrictions on specific people is not an acceptable way of handling immigration. It’s necessarily collectivist in nature, which should be the first clue that it’s a bad program, since it focuses on where a person is from and not the person themselves.

Unlike his father, who was a true advocate for liberty, Rand Paul isn’t even pretending to be an advocate for liberty anymore. He just wants to be president and will say anything that he thinks will gain him the nomination. If he gets elected there is absolutely no reason to believe he won’t continue this trend of kowtowing to neocons as he will likely want a second term.

TSA: We’re Not Happy Until You’re Not Happy

When the Department of Homeland Security (DHS) recently performed an internal investigation of the Transportation Security Administration’s (TSA) security procedures it discovered a 95 percent failure rate. Were the TSA a private security provider you would probably have seen some serious housecleaning to rid itself of individuals who obviously don’t know what they’re doing. But the TSA is a government agency, which means you and I are punished for its failures. In response to the 95 percent failure rate the TSA is demanding more tax victim money and planning to make air travelers wait even longer to get through security:

The Transportation Security Administration has a new strategy for improving its woeful performance in catching airport security threats — and it will likely mean longer lines and more government bucks.

A month after the TSA was embarrassed by its almost-total failure in a covert security audit, Homeland Security Secretary Jeh Johnson has ordered the agency to pursue an improvement plan that will require more hand-wanding of passengers, more use of bomb-sniffing dogs and more random testing of luggage and travelers for traces of explosives. It will also consider reducing travelers’ chances of being sent through the expedited PreCheck lines at airports.

Let us not forget the TSA motto: we’re not happy until you’re not happy. This “improvement plan” should tell you everything you need to know about government agencies. If you look at the list of “improvements” you’ll see the word “more” in front of everything. The TSA’s response to its 95 percent failure rate is literally trying more of the same thing only harder.

When The Only Thing You Have Is Legislation Every Problem Looks Like It Can Be Solved By Passing A Law

Politicians are trying to infringe on both the rights of self-defense and free speech in their latest attempt at the impossible. With the 3D printing revolution taking place many politicians see the writing on the wall and realize their power to regulate manufacturing is waning. Hoping to head this technology off at the pass they’re trying to find a justification that people will fall for to pass regulations against 3D printing. Their betting everything on the populace finding the prospect of 3D printed firearms scary enough that they’ll support laws restricting what individuals can print on their 3D printers. But the rhetoric is especially amusing:

The notion of a 3-D printable gun has become the perfect flashpoint in a new conflict between digital arms control and free speech. Should Americans be allowed to say and share whatever they want online, even if that “speech” is a blueprint for a gun? The State Department has now answered that question with a resounding “no.”

That isn’t even the correct question. What everybody should be asking is if it’s even possible to enforce a law restricting what individuals can do with their 3D printers. The answer is no. Computer technology is far too pervasive to control anymore. Information can be shared amongst individuals around the world almost instantly. Anonymity tools allow individuals to share information without being identifiable. And even if people in the United States comply with a law against sharing 3D printer designs for firearms the rest of the world isn’t bound by such nonsense.

Censorship is dead and the Internet killed it. Any restriction against the sharing of ideas is unenforceable and therefore shouldn’t even be a consideration for politicians.

For $549 You Can’t Own A Gun Detection System That Can’t Detect Guns

I’m not sure what to think about this one. GunDetect is being marketed as a camera that can detect when somebody is carrying a gun. Based on what has been published so far I’m not sure if this is meant to be a legitimate product or a really clever troll.

The first problem regarding GunDetect is technical. Namely what the device isn’t capable of doing:

There’s a question as to how effective this will be as a first line of defense, though. The makers say that their system is accurate “90% of the time” in instances where a gun is clearly visible. That sounds good, but that leaves a lot of room for misses. What happens if nogoodniks are smart enough to conceal their weapons? Also, night vision support isn’t in these existing models — for now, you can forget about spotting thieves in the middle of the night. The technology could easily be useful as an extra layer of gun safety or security, but it won’t replace a good home security system or vigilant parenting.

There’s only 90% chance that the device will successfully detect and gun and then only if the gun is being carried openly and there’s enough light. In other words this device is pretty much worthless at determining whether the person who broke into your home at oh dark thirty is armed or not. But the problems with this product don’t stop there. If you want access to this remarkably limited device you’ll have to spend some major dough. Since it’s 2015 this product has a Kickstarter page. On it you’ll notice two models being offered:

GunDetect comes in two versions, both of which are based on the latest computer-vision algorithms and optical sensing hardware. The difference is the location for the massive amount of number-crunching required to reliably detect a gun in an image.

GunDetect Premium is our main product and does all its vision processing locally using a powerful computing system that does not need to send any video data to the Internet – giving you the peace of mind knowing your private video never leaves the premises.

GunDetect Cloud has less local processing and uses our Internet servers to help crunch encrypted video data – potentially taking longer to detect a gun than GunDetect Premium.

Getting a GunDetect Premium requires throwing $549.00 at the Kickstarter. GunDetect Cloud starts at $349.00 but that only includes a one-year subscription to the service. What a bunch of stingy bastards! The Premium line seems like the only sane way to go since it doesn’t require working Internet service to function, doesn’t upload a constant video feed of your home to a third-party server, and doesn’t involve a yearly $100.00 (I shit you not, the reward tier for an additional year is $100.00) subscription. But for that price you could invest in an actual gun that would at least give you a means of defending yourself against an armed invader.

I don’t think technology able to detect whether is somebody armed is necessarily a bad thing. It could serve as an additional layer of defense for a home or office. However such a device can only be considered effective if it can detect both open and concealed weapons as well as function independently of an external server and not be dependent on environmental factors such as light availability. A weapon detection system that can’t detect conceal weapons is pretty worthless. If somebody is carrying a weapon I can see that already, I don’t need an expensive camera to confirm what my eyes are showing me. Any system that depends on an external server is rendered worthless if the Internet goes out, which can happy for any number of reasons including a burglar cutting your Internet line or the power going out. And what good is a weapon detection system that is unable to detect whether the person who kicked in my door in the middle of the night is armed? That’s the situation where I would most want to know whether somebody is armed or not.

Nothing about this product impresses me. It has technical weaknesses that make it ineffective at detecting weapons, the subscription service for the Cloud model is expensive, the price of the standalone Premium model is very expensive, and the Cloud model creates some serious privacy concerns. Judging by the number of backers so far I’m not the only one who sees this product as a nonstarter. If this is meant to be a legitimate product it would behoove the developers to return to the drawing board and sort these problems out before begging the Internet for money. If this is meant to be a clever troll I must tip my hat to them.

Federal Government Demonstrates How Not To Do HTTPS

I admit that setting up Hypertext Transfer Protocol Secure (HTTPS) isn’t as easy as it should be. But there’s no reason why something a massive as the federal government, especially when you consider the fact that it can steal as much money as it wants, can’t properly setup HTTPS. But it can’t.

I use HTTPS Everywhere to force as many sites as humanly possible over HTTPS instead of HTTP. Usually this works very well but sometimes a site isn’t properly setup and my user experience goes south. The Senate website is one of the sites that provides a suboptimal user experience. Take a look at these two exceptions I received when trying to access information on the Senate’s website:

The thing to note is that the web server is setup to give each senator their own subdomain. This requires the certificate to contain each individual subdomain. As you can see by the errors I received the certificate doesn’t contain the subdomain for the Committee of the Judiciary or Rand Paul. There are two things to take away from this.

First, the Senate’s web server is setup in a very fragile way. Instead of creating a separate subdomain for each senator it would have been much smarter to create a separate subdirectory for each senator. The only difference that would make for the user is they would have to type https://www.senate.gov/paul instead of https://www.paul.senate.gov. Since no subdomains would be needed the certificate wouldn’t have to contain the name of every senator and Senate committee.

Second, whoever is in charge of maintaining the certificate for the Senate’s web server is incompetent. Since each senator has a separate subdomain the certificate should be renewed after every election with the subdomains of the new senators added and the subdomains of the old senators removed. Likewise, the certificate should be renewed every time a new Senate committee is created or an old one is retired. That would allow users to securely connect to each Senator’s website.

In all likelihood this setup is the result of the server originally being created without any consideration given to security. When security became a concern the system was probably patched in the all too common “good enough for government work” manner instead of being redesigned properly to reflect the new requirements. And since there is almost no accountability for government employees nobody tasked with maintaining the server probably saw fit to periodically verify that the certificate is valid for every available subdomain.

I would argue that this is yet another example of the government’s poor security practice that should have everybody worried about the data it collects.

Authors Guild Demands The Impossible To Fight Piracy

Statism encourage the use of the truncheon to solve every problem. Is your neighbor is being noisy at night? Don’t go over and talk to them, sic men with guns on them! Is your new competitor stealing away some of your business? Don’t revamp your business model to more effectively compete, demand the state implement new regulations that stifle your competitor!

The problem with this mode of thinking is that it discourages creativity so when a problem that can’t be solved by the truncheon appears the only solution is to demand the impossible. That’s what the Authors Guild is doing in the name of fighting piracy:

The Authors Guild, one of the nation’s top writer’s groups, wants the US Congress to overhaul copyright law and require ISPs to monitor and filter the Internet of pirated materials, including e-books.

[…]

Rasenberger believes that ISPs have the technology and resources to remove pirated works without being notified that pirated content is on their networks. She continued:

Individual copyright owners do not have the resources to send notices for every instance of infringement online, much less to keep sending the for copies reposted after being taken down. Individuals do not have access to automated systems that track infringing copies and send notices, nor do they have the bargaining power to make the deals with ISPs that larger corporations can.

ISPs, on the other hand, do have the ability to monitor piracy. Technology that can identify and filter pirated material is now commonplace. It only makes sense, then, that ISPs should bear the burden of limiting piracy on their sites, especially when they are profiting from the piracy and have the technology to conduct automates searches and takedowns. Placing the burden of identifying pirated content on the individual author, who has no ability to have any real impact on piracy, as the current regime does, makes no sense at all. It is technology that has enabled the pirate marketplace to flourish, and it is technology alone that has the capacity to keep it in check.

Those who don’t understand the technical issues involved in piracy may believe this is a viable solution. But the stronger emphasis on security, thanks to Edward Snowden, also ensures Internet service providers (ISP) are going to be less and less able to monitor their customers’ activities. An ISP can only monitor what it can see. If piracy is happening over unencrypted connections an ISP can see it. Encrypted connections are an entirely different matter. Unless pirates are using ineffective encryption it’s not possible for an ISP to monitor their activities. It is possible for an ISP to use heuristics to estimate what customers are doing but that is a far cry from being able to say without question what a customer is doing. And an ISP doesn’t want to acquire a reputation for cutting off service and turning over customers to law enforcers without iron clad evidence of wrongdoing.

Solving digital copyright infringement, what piracy actually is, requires adjusting business models. Identifying and combating pirates is no longer feasible so copyright holders must give customers reason to choose paying them over obtaining pirated copies of works. I think the music industry is finally seeing a solution with streaming services such as Spotify and Apple Music. Such services make it extremely easy for users to acquire and listen to music. In fact they make it easy enough that the cost of the subscription is less than the hassle of finding a pirate source of music, downloading it, and loading it onto devices and computers. While that doesn’t stop all piracy is stops a lot of it and that’s the best a copyright holder can hope for when their product can be copied infinite times with ease.

Music piracy has proven that no amount of laws will solve the problem. The Digital Millennium Copyright Act (DMCA), the very act that is being cited by the Authors Guild, was passed, in part, as a response to music piracy. Music piracy is still a thing even though the DMCA has been on the books for years because passing a law and enforcing a law are two entirely different things.

The Deplorable State Of The Government’s Network Security

“I’ve got nothing to hide,” is a phrase commonly spoken by supporters of government surveillance and those too apathetic to protect themselves against it. It’s a phrase only spoken by the ignorant. With each working professional committing an average of three felonies a day there are no grounds for anybody to claim they have nothing to hide from the government. But even those who don’t believe they have anything to hide from the government likely feel as though they have something to hide from the general public. With the breach of the Office of Personnel Management’s (OPM) network we were shown another important fact: the government’s network security is in such a poor state that any data it collects could be leaked to the general public.

Now we’re learning that the OPM wasn’t the only government agency with deplorable network security. It’s a chronic problem within the government:

Under a 2002 law, federal agencies are supposed to meet a minimum set of information security standards and have annual audits of their cybersecurity practices. OPM’s reviews showed years of problems.

But the issue is far more widespread than with just one agency. According to the Government Accountability Office, 19 of 24 major agencies have declared cybersecurity a “significant deficiency” or a “material weakness.” Problems range from a need for better oversight of information technology contractors to improving how agencies respond to breaches of personal information, according to GAO.

“Until federal agencies take actions to address these challenges—including implementing the hundreds of recommendations GAO and agency inspectors general have made—federal systems and information will be at an increased risk of compromise from cyber-based attacks and other threats,” the watchdog agency said in a report earlier this month.

A large majority of major agencies have declare their network security to be unfit. In addition to general network security there are also concerns about overseeing contractors; which is pretty legitimate after Edward Snowden, an at the time contractor, walked off with a lot of National Security Agency (NSA) secrets; and abilities to respond to breaches.

Many mass surveillance apologists have pointed out that the OPM isn’t exactly the NSA because they assume the latter has far better security. As I mentioned above, Edward Snowden proved otherwise. And even if some agencies do have effect network security the problem of inter-agency sharing is a real concern. Assume the Internal Revenue Service (IRS) actually has adequate network security but it shares information with the OPM. In the end the data held by the IRS is still acquired by malicious hackers because they were able to compromise an agency that also held the data. Security is only as strong as the weakest link.

The next time somebody claims they have nothing to hide from the government ask them to post all of their personal information to Pastebin. If they’re not willing to do that then they should be concerned about government surveillance considering the state of its networks.