Welcome to the Panopticon

When was this debated? Never. Pentagon testing mass surveillance balloons across the US.

The US military is conducting wide-area surveillance tests across six midwest states using experimental high-altitude balloons, documents filed with the Federal Communications Commission (FCC) reveal.

Because spying on US Citizens is of course OK. Who would object?

Up to 25 unmanned solar-powered balloons are being launched from rural South Dakota and drifting 250 miles through an area spanning portions of Minnesota, Iowa, Wisconsin and Missouri, before concluding in central Illinois.

Travelling in the stratosphere at altitudes of up to 65,000ft, the balloons are intended to “provide a persistent surveillance system to locate and deter narcotic trafficking and homeland security threats”, according to a filing made on behalf of the Sierra Nevada Corporation, an aerospace and defence company.

Privacy is such a 19th Century concept.

So Is It a Tax, Or Protection?

Want good service from Detroit police? Pay an extra $4000 to $6000 up front, and $150 per month. Some Detroit businesses question fairness in Green Light crime fight

Don’t pay? Get to the back of the line.

A customer was destroying a Marathon gas station, so the manager called 911. When time passed he called again to find out why cops didn’t respond.

“The dispatcher said, ‘It’s because you don’t have the Green Light,’ ” Kaid said. “The customer was in here destroying the store, throwing everything off the shelves. He was here for almost an hour before he left. When the police finally came, they told us the Green Light locations get priority.”

It took about an hour for the cops to arrive at the Marathon station. That is a long time.

The Police Chief says they aren’t ignoring businesses who haven’t paid their protection signed up for ‘Green Light.’ And cops would never lie, would they?

Cops would like to force all businesses – or at least those open after 10 PM to sign up. It gives cops unfettered access to the surveillance footage. Welcome to the Panoptican.

Electronic Frontier Foundation’s Report Card on Companies Who Protect Your Privacy

Some do a good job. Others, not so much. AT&T, Verizon, Other Telco Providers Lag Behind Tech Industry in Protecting Users from Government Overreach, EFF Annual Survey Shows | Electronic Frontier Foundation

Online retail giant Amazon has been rated number one in customer service, yet it hasn’t made the public commitments to stand behind its users’ digital privacy that the rest of the industry has.

AT&T, Comcast, T-Mobile, and Verizon scored the lowest, each earning just one star. While they have adopted a number of industry best practices, like publishing transparency reports and requiring a warrant for content, they still need to commit to informing users before disclosing their data to the government and creating a public policy of requesting judicial review of all NSLs.

The full list can be found here.

Adylkuzz: Worse than WannaCry?

What a surprise. (NOT!) There is another exploit that uses the unpatched computers attacked by the WannaCry ransomware worm. Adylkuzz hack, called larger than WannaCry, slows computers across the globe – CBS News

Monero is a crypto-currency, similar to Bitcoin. Adylkuzz takes over vulnerable computers to mine for Monero.

If you don’t understand that previous paragraph, you should make DAMN sure that you keep all of your computers up-to-date, and surf the web as little as possible, and DON’T open emails for folks you don’t know.

It’s a beautiful exploit really. These guys are probably making more than the folks behind WannaCry did, and most people won’t even realize that their computers are infected.

And all of this the result of NSA hording vulnerabilities so they could spy on us. (Well, and the insistence of folks who don’t know better that they can’t be bothered keeping up with security.)

Some Simple Steps Toward Online Privacy and Security

I value my privacy. That is one of the reasons I live where I do. (In the country) I don’t have nosy neighbors to deal with every day. My neighbors and I talk when there is a reason to do so.

I also value my online privacy. I don’t want to be a “product” for Google, or Facebook or whoever. So I do things to safeguard my privacy. Google tracks every search you make, back to you as an individual. Facebook tracks you even if you are not logged on to Facebook. (Every site that has a Facebook “Like” button is tracking you.) And they sell that information about you to other companies.

Google and Facebook – not to mention the CIA/NSA/FBI/EIEIO – want you to believe that privacy is impossible. That security is impossible. Because if you think it is impossible, or even just really hard, you won’t even bother to try to secure your technology. But it isn’t that hard to have decent privacy and security. And it isn’t just the .gov or the big corporations that want your information. Hackers are looking too.

So here is a list of things you can do. Some are easy to do; some are a bit harder. Some are free, while some cost a little. While the list isn’t in order of importance, or effect, the first 3 items on this list should take you less than 10 minutes – total. And you only have to do them once (or until you get a new computer or switch to a new browser.) The rest of the items are a bit more complex, but they are not impossible. Do one thing a day for a week. Or do one thing a week if they seem overly complicated. Even if you only do one thing a month, you will have much better security in a fairly short time. Do something.

  • Use a Search Engine That Doesn’t Track Every Query.

    There are a couple of alternatives to Google. And not Yahoo or Bing. (They aspire to be Google.) DuckDuckGo is the easiest (though you have to install an extension in Chrome to set it as your default search engine because Google REALLY doesn’t want you to have any options). Disconnect is another option. There are probably more choices to cut off the tracking of everything you do. I started using DuckDuckGo when Google stopped answering the queries I typed in and started answering what they THOUGHT I wanted to know. Also Google has a tendency to shortchange any site connected to firearms or the 2nd Amendment. (Which is a subject near and dear to my heart.) There are probably other subjects that Google is downplaying. (That said, I do use Google, Yahoo and Bing on occasion.)

  • Disable 3rd Party Cookies in Your Browser.

    This isn’t a fool-proof method, but the folks who write tracking software still complain about Apple’s Safari browser – it is the ONLY browser that ships with 3rd party cookies disabled by default. How to turn them off depends on which browser you use. But look under “settings” or “options” for something about content or privacy. The browsers have good help – mostly.

  • Install Privacy Protection Extensions in Your Browser.

    Privacy Badger from the EFF blocks all kinds of things that are stealing your info – and potentially loading Malware on your system. It is available for Gecko-based browsers (Firefox, Pale Moon, etc.) and Chromium-based browsers (Chrome, Opera, Vivaldi, etc.). I am not sure about Microsoft’s browsers or Safari.

    uBlock Origin (not uBlock, uBlockPlus, or any of the others) is a fairly efficient ad-blocker that will shut down tracking-based ads. And the potential spyware, etc. that can come along with ads. Available for Gecko and Chromium browsers as well as Microsoft’s Edge. (Some of these may be available for your mobile devices as well.)

  • Continue reading

Welcome to the Police State

Where the press does the bidding of the government (at the Dems in power), and your phone company spies for the .gov as well. AT&T reportedly spies on its customers for government cash

The Daily Beast is reporting that the telco has essentially turned itself into a spy-for-hire in the pay of the government. According to the piece, the company’s Project Hemisphere is providing warrantless surveillance, thanks to some legal gray areas, that score it millions of dollars from taxpayers.

And no one seems to care.

The Broken Whistle-blower System in the US Government 

You could also entitle this, “Why Snowden Was Right to Leave the US.” Ex-US Official Reveals Risks Faced By Internal Govt. Critics – SPIEGEL ONLINE

Though Snowden figures prominently, this is really the story of Thomas Drake, and John Crane. They were two other whistle-blowers in the intelligence community, and they were destroyed because they thought the .gov should have to obey the law. (Though Snowden is more quotable than either of them.)

There are no incentives for people to stand up against an agency on the wrong side of the law today, and that’s got to change.

The article details 2 whistle-blowers in the US government – specifically in the intelligence community. And while they were both right – the .gov was wasting BILLIONS of taxpayer money spying on US citizens – the cover-up ended their careers and eliminated their pensions.

“When I was at NSA, everybody knew that for anything more serious than workplace harassment, going through the official process was a career-ender at best. It’s a part of the culture,” Snowden told SPIEGEL and the Guardian when asked about the Crane case. “If your boss in the mail room lies on his time sheets, the inspector general might look into it. But if you’re Thomas Drake, and you find out the president of the United States ordered the warrantless wiretapping of everyone in the country, what’s the inspector general going to do? They’re going to flush it — and you with it.”

Spiegel likes the current US President, but the undertones are clear; Obama is suffering from the same disease that Nixon had. (If the President does it, then it isn’t illegal.) And they stated – up front – that Obama is just plain wrong when he says Snowden could have “worked within the system.” They system would have chewed him up and spit him out – after 35 years in prison.

Don’t expect to see the US media cover this. It might tip the election in a way they don’t like.

Snowden gets the last word.

Even today, he says, there isn’t a single whistleblower from the intelligence community whose disclosures didn’t lead to retaliation.

“Alexa, tell the Feds where the bodies are buried.”

More FBI Spying. The FBI Can Neither Confirm Nor Deny Wiretapping The Amazon Echo. Are you surprised? Then you haven’t been paying attention.

In many ways the Echo is a law enforcement dream. Imagine if you could go back in time and tell police that one day people would willingly put microphones in their own homes that, with a little hacking, could be heard from anywhere in the world 24/7.

And it isn’t clear that warrants are being obtained. Fourth Amendment? What is that?

Welcome to the Panoptican.

(The history of FBI hacking – which goes back farther than you may think – can be found at this link.)

Everybody Hates Feinstein and Burr’s Anti-encryption Bill

It will destroy a whole lot of things. Like any hope of security. Tech coalitions pen open letter to Burr and Feinstein over bill banning encryption | TechCrunch

The Venn Diagram tells the story.

It goes on to point out “unintended consequences” such as compromised security being compromised for bad actors as well as good, and also that any national attempt to hamper the operation of a global industry is foolish and bound to fail and, in failing, damage the reputation and economy of the U.S. (I’m paraphrasing).

RSA Cryptographers’ Panel – Privacy vs Mass Surveillance

Whitfield Diffie and Martin Hellman (The 2 people responsible for public key encryption), Moxie Marlinspike (Founder of Open Whisper Systems – the providers of some easy-to-use rock-solid secure communications), and Ronald Rivest and Avi Shamir (two university professors) discuss the current state and the future of cryptography.

They cover Apple vs the FBI. The future of cryptography in the face of quantum computing, and a few other things. They don’t all agree on all things. With a fair bit of NSA bashing along the way. And yes it is fairly techie at times. 47 minutes or so.

(Whitfield Diffie looks like Gandalf – or that’s the comment that Leo Laporte made on the latest episode of Security Now.)

Your Thermostat is Spying On You. (And your light bulbs, fridge, etc.)

As if smart phones weren’t enough… US intelligence chief: we might use the internet of things to spy on you | Technology | The Guardian

“In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” [James Clapper, the US director of national intelligence,] said.

Because your security is not important to corporations. And maybe not even to you.

In Orwell’s 1984 the televisions spied on the population. Now it is going to be everything in the house.

For a video describing this, and a few other security issues, see this week’s Threat Wire.

So is this a way to strip women of 2nd Amendment rights?

Probably. Screen pregnant women, new moms for depression, task force recommends – CNN.com

Have you felt down a lot in the last couple of weeks? How often have you felt tired or felt as if you couldn’t concentrate?

I feel tired every day before I go to bed. And I find it impossible to concentrate on anything until I’ve had a cup of coffee in the morning. Does this mean I’m depressed? I don’t think so. (Couldn’t that also describe narcolepsy?)

And when did General Practice doctors, Ob-Gyns, and Pediatricians get certified in psychology?

We generally think of doctors as being smarter than the average bear, and I know many who are, but I also know a couple of people from college who became MDs I wouldn’t trust as far as I could throw them outside of their narrow specialty.

When Simply Erasing Your Data Isn’t Enough…

There is always Boot and Nuke or Blanco. But to truly get rid of the unwanted data try hammers, acid, and thermite.

(The effect of acid on the glass disks is pretty interesting.)

Actually, if you need to get rid of data, Boot and Nuke supports DoD level erasure. And it’s free. (Always a big plus in my book!)

When Politicians Talk about Security Back-doors, It Only Proves How Little They Know

So what happens when the government (and it appears to be the NSA in this case) puts “security back-doors” into computer systems. They hackers find them. Secret Code Found in Juniper’s Firewalls Shows Risk of Government Backdoors | WIRED

The security community is particularly alarmed because at least one of the backdoors appears to be the work of a sophisticated nation-state attacker.

“The weakness in the VPN itself that enables passive decryption is only of benefit to a national surveillance agency like the British, the US, the Chinese, or the Israelis,” says Nicholas Weaver, a researcher at the International Computer Science Institute and UC Berkeley. “You need to have wiretaps on the internet for that to be a valuable change to make [in the software].”

We don’t know that it was the NSA, but there are indications that it was, and the hack allows a determined hacker to take control of the firewall.

Juniper has issued updates to fix the problem, but I bet there are a large number of shops that have yet to install them.

Speculation in the security community about who might have installed the unauthorized code centers on the NSA, though it could have been another nation-state actor with similar capabilities, such as the UK, China, Russia, or even Israel.

Prins thinks both backdoors were installed by the same actor, but also notes that the hardcoded master password giving the attackers remote access to the firewalls was too easy to find once they knew it was there. He expects the NSA would not have been so sloppy.

So what does the .gov think of you having privacy?

If it’s the NSA (which looks possible, given one leak about a program called “FEEDTROUGH” that installs persistent backdoors in Juniper devices) then it will mean that the US government deliberately sabotaged tens, if not hundreds, of thousands of networks that were protected by products from a US company that is the second-largest provider of networking equipment in the world, after Cisco.

Not much I’d say.

UPDATE: If you want a 6 minute video on the subject of government spying, see Threat Wire.

FBI Chief Doesn’t Want You to Have Privacy.

Expect the Obama Administration to issue an edict before the end of the year. Something you might have expected to come from Kazakhstan. FBI Chief Asks Tech Companies to Stop Offering End-to-End Encryption

Wednesday, FBI director James Comey went so far as to suggest that companies providing users with end-to-end encryption might need to simply, well, stop doing that.

Welcome to the Police State.

We Don’t Need No Stinkin’ 4th Amendment!

Because they are the government and we should just trust them, and give them more and more power. It’s for NATIONAL SECURITY. And the children. Or something. U.S. government reveals breadth of requests for Internet records – Yahoo News Canada

National security letters have been available as a law enforcement tool since the 1970s, but their frequency and breadth expanded dramatically under the USA Patriot Act, which was passed shortly after the Sept. 11, 2001 attacks. They are almost always accompanied by an open-ended gag order barring companies from disclosing the contents of the demand for customer data.

A federal court ruled earlier this year that the gag on Merrill’s NSL should be lifted.

Merrill’s challenge also disclosed that the FBI may use NSLs to gain IP addresses on everyone a suspect has corresponded with and cell-site location information. The FBI said in the court filings it no longer used NSLs for location information.

Because our government has never done anything wrong. Like having the IRS harass people the administration doesn’t like. Or ignore the civil rights of minority religions. Or anything like that.

“We have met the enemy, and it is math”

combinations-formulaI love that tag line. The Paris Attacks Were Tragic, but Cryptography Isn’t to Blame

The most frightening thing about the Paris attacks is that a bunch of people who didn’t pass high school calculus (and probably had a fair bit of trouble with algebra 2) are now talking about laws to regulate cryptography. A subject about which they know next to nothing. (At least they know what a cellphone is, when they regulate the telecommunications industry.)

Their favored solution is to give the .gov “special access” to any cryptographic system. There are 3 problems with this. At least 3.

First is that the .gov does not have a great record when it comes to cyber security. I haven’t looked lately, but the Obamacare website was full of problems earlier this year. And that doesn’t even come close to the Office of Personnel Management fiasco of a few months back. Was the the largest data breach in history? I’m not sure, but I would guess it is close.

The second problem is that if you build in soft encryption, you invite hackers to hack.

The last problem is that you will only inconvenience people who use commercial systems. Written under American rules. But there is nothing to say that an enterprising underworld-type couldn’t write their own encryption. Who do you think invented the internet? Lawyers? You can’t outlaw math. Though I’m sure some would like to.

That final item is interesting to me because in some ways it mimics the problems with gun control. Control of the law-abiding is easy. Control of the criminal is not so easy. So what is your goal again?

The FBI wants to be more like the Stazi – Is more like them everyday

They want to be able to read all of your email and all of your text messages. The FBI wants cracked encryption but Congress won't go along – Yahoo Finance.

Government’s wish to spy on you goes back at least as far as the Clinton administration.

Back in the early 1990s, the Clinton administration favored putting a special chip inside computers, the infamous Clipper Chip, to let law enforcers crack any code. A decade or so later, it was encrypted email programs that law enforcers feared. And now it’s popular messaging apps like Facebook’s (FB) WhatsApp, Kik and Wickr, not to mention the built-in messaging app on hundreds of millions of Apple (AAPL) iPhones.

But you see, just like the old East German Secret Police, the FBI (and the CIA/NSA/EIEIO) don’t think you should have the right to privacy. They want to know everything. Just like the Stazi did. I wonder when they will erect their own Checkpoint Charlie.

Tim Cook, CEO of Apple, was among those pushing back hard against the FBI.

“Some in Washington are hoping to undermine the ability of ordinary citizens to encrypt their data,” Cook said in a speech to the privacy group EPIC’s Champions of Freedom awards dinner. “Weakening encryption, or taking it away, harms good people that are using it for the right reasons. And ultimately, I believe it has a chilling effect on our First Amendment rights and undermines our country’s founding principles.”

But the government has abandoned the “founding principles.” Separation of powers? Fourth Amendment? Personal Liberty and Personal Responsibility? Free markets? We don’t need these things; at least not according to the folks in Washington.

Government Spying on Citizens – It wasn’t right then, it isn’t right now.

The 20th Century saw a lot of government spying on Americans. For the crime of holding opinions not shared by the government. The only difference is that now they have the resources to spy on everyone. FBI monitored and critiqued African American writers for decades | Books | The Guardian.

Newly declassified documents from the FBI reveal how the US federal agency under J Edgar Hoover monitored the activities of dozens of prominent African American writers for decades, devoting thousands of pages to detailing their activities and critiquing their work.

In the early days of the 20th Century, they spied on “dangerous revolutionaries;” a list that included black literary artists like Langston Hughes, Claude McKay, and others.

FBI spying is nothing new. Hold a view that the Powers that Be don’t like, and you would likely have been the subject of a witch-hunt. But the fact that “We’ve always done it that way,” doesn’t make it right. And now they can keep everything you ever say or type, and decide later if they think you are a “dangerous [fill in the blank] and detain you, limit your ability to fly (without due process) or whatever.

Between this crap and the death of the 4th Amendment, this is hardly a free country anymore. More like the old East Germany, every day.

Daniel Ellsberg of the Pentagon Papers: Snowden would not get a fair trial

It is impossible for anyone inside the NSA (or CIA or whatever) to be a whistleblower. The levels of secrecy are written in law. In effect, there is no way to control the beast. Daniel Ellsberg: Snowden would not get a fair trial – and Kerry is wrong.

John Kerry’s challenge to Snowden to return and face trial is either disingenuous or simply ignorant that current prosecutions under the Espionage Act allow no distinction whatever between a patriotic whistleblower and a spy. Either way, nothing excuses Kerry’s slanderous and despicable characterizations of a young man who, in my opinion, has done more than anyone in or out of government in this century to demonstrate his patriotism, moral courage and loyalty to the oath of office the three of us swore: to support and defend the Constitution of the United States

Go read the whole thing.