You’re Doing it Wrong – Page 39

David Cameron Joins the Legion of Naive People Who Think They Can Stop the Progress of Technology

David Cameron, the fascist prime minister of the United Kingdom, has decided that us serfs have no need for secure communications. He has expressed a desire to make the use of end-to-end encrypted communications illegal:

The prime minister has pledged anti-terror laws to give the security services the ability to read encrypted communications in extreme circumstances. But experts say such access would mean changing the way internet-based messaging services such as Apple’s iMessage or Facebook’s WhatsApp work.

This is just another battle in the crypto wars that have been waged between the state and the people. Needless to say the state hasn’t been faring so well. Nobody should be surprised by this though. History is littered with examples of power hungry despots trying to control commonly available technology and failing miserably. For example, the Inquisition was very interested in controlling access to printing presses in order to prevent the spread of anti-Church literature. It didn’t end well for them.

Today states are interested in restricting our access to secure communications. We’re told that these restrictions are necessary for the state to keep us safe but history has shown that such restrictions are put into place to bolster the state’s power. History has also shown us that any restrictions unpopular with the people fail in time.

Secure communication tools are now so pervasive that they cannot help but hold popular support. Nobody wants to transmit their authentication credentials in a way that anybody can intercept them (and if the state can intercept them then anybody can). People suffering from embarrassing medical conditions don’t want the world to know about it when they’re searching for related material online. And few people want others to know what kind of porn they watch.

We have need for secure communications and the tools to enable it are widely available. That means Cameron’s desires cannot be realized. Even if he passes a law making end-to-end encryption illegal people will use it coupled with anonymity tools to protect themselves from prosecution. You can’t put the djinn back in the bottle once it’s out no matter how many laws you pass. The fact that Cameron doesn’t realize this shows how delusional of his power he truly is.

The Government is Quite a Trickster

The United States government is pretty famous for its ability to trick the populace into believing lies. But bullshit unemployment numbers aren’t its best trick. That honor would go to its ability to convince people that the United States is no longer at war:

The holiday headlines blared without a hint of distrust: “End of War” and “Mission Ends” and “U.S. formally ends the war in Afghanistan”, as the US government and Nato celebrated the alleged end of the longest war in American history. Great news! Except, that is, when you read past the first paragraph: “the fighting is as intense as it has ever been since the U.S.-led invasion in 2001,” according to the Wall Street Journal. And about 10,000 troops will remain there for the foreseeable future (more than we had a year after the Afghan war started). Oh, and they’ll continue to engage in combat regularly. But other than that, yeah, the war is definitely over.

This is the new reality of war: As long as the White House doesn’t admit the United States is at war, we’re all supposed to pretend as if that’s true. This ruse is not just the work of the president. Members of Congress, who return to work this week, are just as guilty as Barack Obama in letting the public think we’re Definitely Not at War, from Afghanistan and Somalia to the new war with Isis in Iraq and Syria and beyond.

What’s sad is that I know people who buy into this fairytale. I’ve heard from several friends that Obama ended Bush’s wars. When I point out that we’re still bombing people in the Middle East they either cover their ears, stick their heads in the sand, of call me a neocon. More and more I realize that people don’t care about the truth but only choose to believe what they want. And you know what? I don’t blame them. Because the truth is fucking horrible.

Welcome Back CISPA

While some politicians are exploiting the shooting in Paris to justify the National Security Agency’s (NSA) illegal actions others are exploiting the Sony hack to build on the already sizable police state. Remember the Cyber Intelligence Sharing and Protection Act (CISPA)? It’s back:

A senior Democrat on the House Intelligence Committee on Friday will reintroduce a controversial bill that would help the public and private sectors share information about cybersecurity threats.

“The reason I’m putting bill in now is I want to keep the momentum going on what’s happening out there in the world,” Rep. Dutch Ruppersberger (D-Md.), told The Hill in an interview, referring to the recent Sony hack, which the FBI blamed on North Korea.

The question is not whether or not the bill can be passed; It’s when will a tragedy scary enough make the people beg Congress to pass it. What the politicians aren’t saying is that CISPA wouldn’t have prevented the Sony hack. First of all Sony is a Japanese company. Second of all words on a piece of paper don’t stop malicious people form being malicious. But none of that matters when the goal isn’t to stop crime but to increase control over the populace.

The NSA is Probably Celebrating the Shooting in Paris

Most of the world mourned the deaths of those shot in Paris. But some have been celebrating those deaths. Neocons have been enjoying their raging anti-Muslim erections and the National Security Agency (NSA) has probably been celebrating because the scrutiny of their illegal surveillance program is being silenced:

The push to reform the National Security Agency isn’t getting any easier.

After a reform bill was narrowly blocked on the Senate floor late last year, civil libertarians hoped that an upcoming deadline to reauthorize some of the spy agency’s controversial powers would give them another opportunity to force changes.

But the attacks in Paris last week, where gunmen killed 12 at a satirical newspaper and 4 at a kosher market, is making that job harder, and strengthening the resolve of the NSA’s backers.

“I hope the effect of that is that people realize … the pendulum has swung way too far after [leaker Edward Snowden],” Senate Foreign Relations Chairman Bob Corker (R-Tenn.) told reporters on Thursday.

“Hopefully people realize that the NSA plays a very, very important role in keeping Americans safe, and my guess there will be less of a desire to hamstring them unnecessarily,” he added.

You almost have to admire these NSA apologists. Even though the current surveillance apparatus failed to detect the Paris shooters’ plans beforehand its apologists are claiming it’s necessary to thwart the next one. And people are going to lap up this bullshit because they trust people in authority.

There should be a new rule in politics. If an agency’s illegal actions failed to stop a tragedy then nobody should be able to use that tragedy to justify the agency’s illegal actions. But then there wouldn’t be any justification for the state and I would be enjoying a world where a handful of people aren’t dictating what the rest of us can and cannot do.

North Korea Facing New Sanctions Because of Something It Didn’t Do

In the infinite wisdom of our government the country of North Korea, which probably already has the status as most sanctioned country on hear, must be punished for something it wasn’t involved in. Last week Mr. Obama signed more sanctions against North Korea because of the latest Sony hack:

The US has imposed new sanctions on North Korea in response to a cyber-attack against Sony Pictures Entertainment.

President Barack Obama signed an executive order on Friday allowing sanctions on three North Korean organisations and 10 individuals.

The White House said the move was a response to North Korea’s “provocative, destabilising, and repressive actions”.

US sanctions are already in place over North Korea’s nuclear programme.

But Friday’s actions are believed to be the first time the US has moved to punish any country for cyber-attacks on a US company.

Of course the only entity in the world that is seriously claiming that North Korea was involved is the Federal Bureau of Investigations (FBI). Nobody else is buying that claim.

Soon Central Banking Failures Will Be Our Fault

The state is the undisputed champion of passing the buck. Whenever it fucks up it finds a way to blame the people. Did the politicians screw up the economy? That’s our fault for voting them in! Is your local police department out of control? You voted for the sheriff! There isn’t enough money circulating throughout the economy? What do you expect when people ~~save~~ hoard money? Accumulated debt is causing chaos in the banking system? Obviously people aren’t saving enough money!

Now the Bank of England is setting itself up to blame the people for arbitrarily set interest rates not bringing prosperity:

According to Sky News, the world’s eighth oldest bank will now assess the frequency of job searches and monitor prices online to understand potential unemployment rates and monitor inflation. It will also gauge language used on social networks to better understand the state of some financial markets. It’s another example of the shift towards “big data,” where companies collect and analyse huge sets of digital data rather than use traditional database techniques to detect patterns as they happen. The Bank of England says it used these techniques to help impose new controls on the housing market earlier in the year, and hopes this “big shift from the past” will help it better judge Britain’s financial status in the future.

Inflation will now be our fault because we sent the wrong signals over our social media feeds! Isn’t the state brilliant? There’s nothing it can’t blame on somebody else.

Sony isn’t Happy Until the Entire Internet Hates It

Sony has been on the Internet’s shit list at least since it included a rootkit on one of its audio CDs back in 2005. While nothing it has done since then has been as egregious in my opinion the company also hasn’t done anything to improve its image. Removing the feature on the PlayStation 3 that let you install Linux certainly didn’t go over well with people who paid for it.

Based on Sony’s reputation it shouldn’t surprise anybody that it was targeted for one hell of a nasty hack. But it still hasn’t learned its lesson. Since the hack Sony has been a really poor sport. It tried using Distributed Denial of Service (DDoS) attacks in a futile attempt to stop the data stolen in the hack from spreading. Now Sony is threatening to sue Twitter if it doesn’t ban accounts sharing stolen data:

Sony’s battle on people disseminating its hacked and leaked emails has extended from news outlets to random Twitter users to, now, Twitter itself. Sony’s lawyer has threatened Twitter with legal action if the social networking company doesn’t ban accounts that are sharing the leaks, according to emails obtained by Motherboard.

The letter—sent from David Boies, the lawyer Sony has hired to help guide it through the aftermath of the hack, to Vijaya Gadde, Twitter’s general counsel—says that if “stolen information continues to be disseminated by Twitter in any manner,” Sony will “hold Twitter responsible for any damage or loss arising from such use or dissemination by Twitter.”

The only thing shenanigans like this will get Sony is more wrath from the Internet. At this point the only sane thing for Sony to do is admit defeat and work on tightening its security so this doesn’t happen for a third time. Once data has leaked onto the Internet there is no way to stop it from propagating. It’s not even possible to slow the rate of propagation in any meaningful way. The Internet exists to disseminate information. Any attempt to prevent it from doing that will not end well for you.

Never Let a Crisis Go to Waste

Sony, in what I predict to be a brilliant marketing move, has cancelled what was certainly going to be a shitty movie. This has gotten the expected, and likely desired, result of unleashing a great deal of impotent Internet rage. Not one to let a crisis go to waste the politicians in Washington DC are swooping in like vultures. First United States officials claimed that the hack was almost certainly performed by North Korea. Now senators are using that claim to justify the necessity of a “cyber security” (a meaningless term) bill:

Senator John McCain (R-AZ) also said that the choice set a “troubling precedent” in cyberwarfare. “The administration’s failure to deter our adversaries has emboldened, and will continue to embolden, those seeking to harm the United States through cyberspace,” he said in a statement. He reiterated promises to focus on the issue if elected chair of the Armed Services Committee, including plans to create a subcommittee for cybersecurity issues. “Congress as a whole must also address these issues and finally pass long-overdue comprehensive cybersecurity legislation,” he said. McCain has been pushing cybersecurity bills for years, including the Secure IT Act, a competitor to the controversial CISPA bill.

In a statement on Tuesday, Senator Dianne Feinstein (D-CA), a major proponent of cybersecurity and author of multiple bills, said that “this is only the latest example of the need for serious legislation to improve the sharing of information between the private sector and the government to help companies strengthen cybersecurity. We must pass an information sharing bill as quickly as possible next year.”

There are three points I would like to bring up.

First, there is no evidence that North Korea was involved in the Sony hack. All we have are statements made by United States officials. Remember that United States officials also told us that there were weapons of mass destruction in Iraq.

Second, the reason people like McCain and Feinstein want to pass a “cyber security” bill is because it would further enable private corporations, the same private corporations that currently possess a great deal of your personal information, to share data with the federal government without facing the possibility of legal liability. What members of Congress are referring to as “cyber security” bills are more accurately called surveillance bills.

Third, legislation won’t improve computer security. No matter how many “cyber security” bills are passed the fact of the matter is that bills are merely words on pieces of paper and words on pieces of paper have no ability to effect the world by themselves. What you need are experts in computer security doing their job and that is done by enticing them with rewards (often referred to as paying them) for utilizing their skills. Legislation doesn’t do that, markets do. The only thing legislation does is state who the state will send armed thugs after if their desires are not properly met.

Al Fraken Suddenly Cares About Privacy

When the government is caught spying on people it’s quick to justify its actions as being necessary for national security. But when private companies, at least ones not tied to the state’s own surveillance apparatus, spy on people the state claims it’s a tragedy. I’m not a fan of spying regardless of who’s doing it but I also can’t stand hypocrisy. Al Franken, one of Minnesota’s two psychotic senators, has a bug up his ass over Uber. I can only imagine that the company hasn’t been willing to become a full member of the state’s surveillance apparatus because Franken has been coming down on it hard:

For the last month the senator has pressed the company to be more transparent and accountable in how it handles the data associated with its burgeoning number of passengers around the world.

“My biggest concern is that they seem to have no policy,” said Franken, who chairs a subcommittee on Privacy, Technology, and the Law. “They have all this very sensitive data and they seem to have absolutely no real privacy policy.”

This is rich coming from a man who defended the National Security Agency’s (NSA) widespread surveillance of Americans. If anybody has been collecting very sensitive data without any privacy police it’s the NSA. And while I don’t trust Uber with the data it collects I at least know it’s not collecting things like my phones calls, e-mails, and other communications. Perhaps Franken should first invest time in writing up a privacy police for the NSA and then deal with the smaller fish like Uber. At least then he wouldn’t sounds like such a hypocrite.

Nothing Says Secure Communications Like a Backdoor

Since Snowden released the National Security Agency’s (NSA) dirty laundry security conscious people have been scrambling to find more secure means of communication. Most of the companies called out in the leaked documents have been desperately trying to regain the confidence of their customers. Google and Apple have enabled full device encryption on their mobile operating systems by default, many websites have either added HTTPS communications or have gone to exclusive HTTPS communications, and many apps have been released claiming to enable communications free from the prying eyes of Big Brother. Verizon decided to jump on the bandwagon but failed miserably:

Verizon Voice Cypher, the product introduced on Thursday with the encryption company Cellcrypt, offers business and government customers end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can also connect to an organization’s secure phone system.

Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they’re able to prove that there’s a legitimate law enforcement reason for doing so.

Security is an all or nothing thing. If you implement a method for law enforcement to access communications you also allow everybody else to access communications. Backdoors are purposely built weaknesses in the security capabilities of a software package. While developers will often claim that only authorized entities can gain access using a backdoor in reality anybody with the knowledge of how the backdoor works can use it.

Matters are made worse by the fact that law enforcement access is the problem everybody is trying to fix. The NSA was surveilling the American people in secret. A lot of people have also been questioning the amount of surveillance being performed by local law enforcement agencies. Since there is a complete absence of oversight and transparency nobody knows how pervasive the problem is, which means we must assume the worst case and act as if local departments are spying on everything they can. Tools like the one just released by Verizon don’t improve the situation at all.