Tag: security

Posted on
by

I’d seen it right along, and plenty of other people have commented on it before me, but I don’t think it really sunk in until just this past week, with all the hand-wringing over Syrian refugees:

Republicans are a bunch of cowards.

I’ve never seen so much fear as has been on display the past week from the Republicans (and, I must admit, way too many Democrats as well). And over what? A bunch of people—largely educated and middle class—who have been forced to flee their homes.

Seriously, the Republicans are straight up afraid of widows and orphans. What’s up with that?

I mean, I totally understand why the Syrians are afraid. They have soldiers and militias fighting house-to-house in their neighborhoods, blasting them with artillery, even using chemical weapons. Not to mention, they have U.S., French, and Russian air forces dropping bombs on those same militias, in the same neighborhoods.

But the Republicans? What are they afraid of? They’re afraid that some “terrorist” will “slip in” amongst the masses of refugees and commit “acts of terror” in the United States.

Well, these hypothetical refugee-terrorists (of which we’ve seen exactly zero so far) will have to get at the back of a pretty long line, behind the non-hypothetical white-supremacist, right-wing, and anti-government militias (not to mention depressed loner high-school boys) who have been committing mass murders in the U.S. in numbers well in excess of those committed by foreign terrorists.

Perhaps worst of all, most of the Republican rhetoric isn’t even aimed at affecting government policy; it’s aimed at preemptively setting up other people to take the blame. “We said you had to give ‘100% assurance’ that they wouldn’t be terrorists before you could let them in, so if even one of them commits a terrorist act it’s all on you!” (They know perfectly well that ‘100% assurance’ is impossible, which is why they demand it. It makes me want to point out that in the U.S. we convict people of capital crimes and execute them, and all we require is assurance “beyond a reasonable doubt.” I expect pointing that out makes me a rose-colored glasses wearing liberal who’s endangering our country.)

Fortunately, some people are man enough not to quake in their boots at the idea of some ordinary families fleeing terror and ending up here, and man enough not to be terrorized at the idea that they might have to take the blame if an evildoer does slip in. I’m thinking of President Obama here, rather too few Democrats in Congress, most of my liberal friends, and (oddly, because I don’t think of myself as especially brave) me.

Posted on
by

I got email today from one of my senators, with the text of a truly appalling letter to president Obama from the senator and eleven of his colleagues.

The letter (here’s his press release on it) calls on the president to ensure that “no refugee related to the Syrian crisis is admitted to the United States unless the U.S. government can guarantee, with 100 percent assurance, that they are not members, supporters, or sympathizers of the so-called Islamic State of Iraq and Syria (ISIS).”

It’s obviously intended to be an unattainable threshold, but that’s really beside the point—the whole thing is completely wrong-headed.

I was moved to respond, and sent him this message via the contact form on his website:

I wanted to say that I was appalled by the letter to president Obama that you shared with me.

Since 9/11, the number of refugees who have committed terrorist attacks in the US is exactly zero—which suggests to me that keeping refugees out of the US is a complete waste of time and effort.

Targeting refugees—the most helpless and vulnerable among us—is not only pointless, it is also heartless and cruel. It is a failure to live up to our obligations under international law. It is also, in my opinion, terribly unamerican.

There are far better, far more effective ways to protect US citizens than by heaping yet more misery on those who have already faced the violent extremism of ISIS—those Syrians who have been forced by it to flee their own country.

I urge you to write to the president and let him know that you repudiate your entire letter, and to suggest that existing US policies on refugees, established in accordance with international law, should remain in place.

Another eleven senators signed the letter. If yours was one of them, you might want to contact your senator and say something. Feel free to borrow from my text, if it speaks to you.

Posted on
by

I’ve been putting my photos on Flickr for years now—my first photos were uploaded in 2004. I didn’t upload all my photos, just the ones I particularly wanted to share. (In those days, you had to pay for a Pro account to share more than 200 photos. By uploading only occasionally, I stayed under that limit almost until it was lifted.)

More recently, I configured my phone to upload all the photos I take with it to Flickr, but to make uploads private until I go and publish them. I don’t do that for privacy or security. (I figure once a photo is uploaded, it’s effectively public anyway.) I do it this way so that my photostream is a list of photos that I’ve chosen to share, rather than just all my photos.

I think I once had a “Flickr badge” with some of my photos on the sidebar of my blog, but it seems to have gone away at some point. I forget whether there was some technical reason, or if it just got lost when I changed themes or something. In any case, I once again have a widget on the sidebar, showing my most recent shares to Flickr.

It’s pretty far down on the sidebar. In case it’s too far to scroll down, here my most recent Flickr photos, as of this morning:

Preying Mantis

Prairie path in fall

Wooly bear

Jackie weaving squares

Prairie sunset

 

Posted on
by

In an interesting post (with the tediously link-baity headline “Facebook just made a move that will infuriate law enforcement”), Business Insider reports that Facebook will now let you add your PGP public key to your profile, and that Facebook can be configured to use that key when they send you email.

This has the potential to make Facebook much more secure: The email to reset your password will be encrypted with your public key, potentially defeating the standard attack on a social media account (hijacking an email address and then getting the site to send that address a password reset message). As long as your private key stays under your control, the attacker can’t get at the password reset URL, even if they can get at your email.

As a bonus, any email alerts from Facebook remain somewhat private. (Not that I’d share anything I wanted kept private with Facebook, or expect that anything anyone else shared with Facebook would remain private—but keeping the contents of my email private seems worth doing just for its own sake.)

Of course, as Facebook warns you, if you lose your private key and access to Facebook at the same time, you may well be completely screwed.

I think it’s a risk worth taking, and have already added my PGP key to my Facebook profile.

Posted on
by

During the 1970s, there was a big push to hold corporations accountable for crimes they committed. Resistance to the idea came from people who thought that any crime would be committed by specific individuals, and that those individuals, not the corporation, should be held accountable.

Activists pushing for direct criminal sanctions against corporations pointed out that the obvious tactical response by the corporations to a policy of only holding individuals accountable would be to hire a “vice president in charge of going to jail.” That person could be put in charge of whatever activities might end up being found to be illegal—and be compensated appropriately for the extra risk he was taking. (How much would they have to pay you to take a 3% chance that you might have to spend 2 to 5 years in a minimum-security prison? One hundred thousand dollars a year? A million? Ten million? Many people have their price, and it tends to be surprisingly low, at least for risks perceived as being fairly low.)

I was reminded of this in the wake of Marissa Mayer’s statements that Yahoo and other corporations were unable to reveal that they were caving in to US government pressure to turn over customer data, because they’d go to jail if they did.

What those corporations needed was a VP in charge of going to jail: Someone hired specifically to speak out if the company receives a National Security Letter—and appropriately compensated for the risk that they might have to go to jail.

Sadly, it’s tough to get the incentives right. The corporations that the 1970s activists were concerned about were engaged in things like illegal waste disposal. Their “VP in charge of going to jail” had two goals—dump the waste as cheaply as possible, while making the activity look like it might be legal. As long as it was close enough to being legal to avoid going to jail, all that extra compensation was free money—but if looking like they might be following the law wasn’t a lot cheaper than actually following the law, the board was going to figure that there was no point in employing the expensive VP.

In the case of being the VP in charge of going to jail for revealing that the company had received a National Security Letter, the extra compensation would be received in advance, when the VP wasn’t even doing anything illegal. It would be awfully tempting to pocket all that money—and then when the National Security Letter came, to say, “You know, upon reflection, I think in this case my conscience requires me to follow the law and keep quiet.”

I’ve tried to come up with some mechanism to get the incentives right. Maybe paying the extra money into a trust that pays out promptly if the VP goes to jail, but otherwise only after many years, when there’s reason to believe that there was no National Security Letter—and of course, if it turns out there was a National Security Letter and the VP didn’t speak up, the money goes to charity instead. But that has too many problems with being unenforceable due to being contrary to public policy.

It’s too bad. A VP in charge of going to jail seemed like a perfect solution.

Posted on
by

I’ve always admired the way reporters come together when a reporter is messed with. It reminds me of the way the police engage in a big show of force when a policeman is killed.

Once when running a quick errand, I found that I’d put myself on the other side of an hour-long police funeral procession. It did not endear the police to me, but it did make a powerful statement that the police are not just willing to make people suffer when a policeman is killed, they want to make everyone suffer. They think it gets the incentives right. They think if everyone suffers just a little bit when a policeman is killed, everyone will have just a little bit more interest in keeping that from happening.

I think that sort of tactic is ill-advised—almost all people are much more strongly motivated by decency and compassion than they are by intimidation. But I understand that the police are motivated more by grief than by thinking a show of force will make a difference. Their legitimate feelings make it hard to argue with their tactic, even when its results will be mixed.

Reporters are better at being circumspect and targeted with their reaction, but when anybody within the power structure messes with a reporter, a vast swath of the journalistic community sits up and takes notice. They write stuff about what happened. They point out governmental overreach. They remind one another that they’re all on the line if this goes unchallenged—and they remind ordinary people that the same powers being used against reporters are available to be used against ordinary people.

It’s really good to see. It’s not perfectly effective, but it is effective.

It’s the right response.

Posted on
by

I’ve been very disappointed by many friends’ cavalier attitude toward both our government’s invasions of our privacy and its use of the most extreme forces of legal process against those who would tell us the truth about what the government has been doing.

One specific disappointment has been the various versions of “I don’t care if the government listens to my calls. I’ve got nothing to hide.” (Usually with some lame joke about how tedious it would be to listen to their conversations.) It’s as if they know nothing about what led to the American revolution. Didn’t these people go to high school? Don’t they know that each of the privacy-related rights spelled out in the constitution was there for good and specific reasons—because of actual abuses suffered by ordinary people?

The most disturbing of the recent revelations is not how much data that they’re sweeping up (pretty much everything) nor the incredibly lax standards they seem to have about exposing the data (my data and their own!) to a surprisingly large number of people. It’s that they’re sweeping up everything and then keeping it for years.

There are several problems here, but I want to focus on two of them.

It’s not okay just because it’s still secret

At one level, I understand people who trust the government enough to think that it’s okay (or at least less bad) to have the government sweeping up all their private information—as opposed to, let’s say, Google or Facebook or Microsoft (or Monsanto or ADM) doing it. I can accept the ideal of government as a force for good. We’re still reasonably close to having a functional democracy—a few tweaks to campaign finance law and we might very well get back a government that was responsive to the desires of its citizens.

But even if you trust the government not to use your information inappropriately, I think recent events prove that you can’t trust them to keep it secret. We’ve just seen a large leak of exactly the information that the government has been trying it’s very hardest to keep secret. But we only know about it because a brave leaker went public and because a free press published what they’d learned. How many leaks were not to the public, but instead to a foreign government or a criminal organization? We don’t know, because those leaks go unreported. We can’t know. Even the government doesn’t know, and if it did know it wouldn’t tell us.

If the government can’t keep the details of its own most secret programs from becoming public, why would you imagine that it could keep your details secret? For all you know, your information has already been leaked to criminal organizations, to foreign governments, to domestic corporations, to lobbying organizations and other influence peddlers—to anybody who could get an advantage by knowing secrets.

Maybe massive amounts of your information collected by the NSA have already leaked. The next time there’s an unauthorized charge on your credit card, maybe it’s because the NSA leaked your credit card number.

And of course that would just be true information about you. Maybe there’s a bunch of false information about you in the giant NSA databases. The next time you get turned down for a credit card or insurance or a job, maybe it’s because false information about you leaked to people who used it to make a decision about it.

And here is where we get back to why the idea that “I’ve got nothing to hide” is such a terrible idea.

It’s not okay just because you have nothing to hide

One friend made a short list of every “crime” he could remember having committed—a couple of youthful indiscretions, a couple of protests, a couple of harmless acts that were circumstantially appropriate but perhaps violations of some code or another. He was willing to own up to those—”If you want to prosecute me, go ahead!”

But, of course, that’s not how it works. The federal government doesn’t care about such things—or, at least, it doesn’t care until you become a “person of interest” in some other matter.

I don’t know whether my friend has committed any other federal crimes or not. But I do know that he has crossed international borders several times in the last few years. Did he fill out the requisite paperwork correctly each time? Did he carry anything across the border that he shouldn’t have, such as an agricultural product? Did he declare in the section on agricultural contacts that one of his running paths was also frequented by feral pigs? Is he sure that none of his financial dealings falls under the ambit of any federal laws?

In the real world, the federal government goes out and checks these sorts of things if they suspect you of something. Worse, they go and check these things if they suspect one of your friends of something (because it gives them leverage to get you to incriminate your friend). But now they’re going to have another whole bunch of things to check—all your phone calls and emails for the past 5 years.

And don’t forget that it’s trivially easy to convict you of conspiracy. All it takes is a single “overt act,” such as lending a friend bus fare or taking in his mail when he’d on vacation. (Well, technically it also takes an agreement and criminal intent, but apparently it’s okay if the only person in the conspiracy with those is the FBI informant.)

Don’t imagine that you’ve “done nothing wrong” just because you’re not aware of it. Unless you’re a federal prosecutor or defense attorney, you have no idea the vast array of actions that turn out to be federal crimes. One of our biggest protections has been that it’s a lot of effort to investigate and look for those crimes. If all your phone calls and emails are recorded it’s going to be a lot less effort.

As I say, I don’t dismiss out of hand the idea that the government is overall a force for good. I think our government (at all levels) has been pretty effective these last 150 years or so in reducing all sorts of bad things—there’s less poverty, there’s less casual violence, there’s less abuse of vulnerable people. But I don’t think giving the government audio recordings of all our phone calls, the texts of all our emails, or lists of every web page we visit will be much help in those things. And I think it will do real harm in those (fairly rare, but not rare enough) instances when people acting under color of law decide that somebody must be guilty of something, and make use of these new tools to prove it.

Posted on
by

I had the great good fortune to learn early on that anything posted to the internet is there forever. That knowledge has guided my internet activities for twenty-five years now, and keeping it perpetually in mind has stood me good stead so far. My basic rule is simple: I don’t post anything to the internet unless I’m intending to publish it to the world at large.

So, I’m happy to post the articles and stories I write, and happy to post links to them. That information is deliberately made public. I also post about things I do (and share links to things other people write), but only with the knowledge that each such post is part of my permanent public persona.

The exceptions (commercial, banking, credit card, insurance, and medical sites) are carefully considered, minimized as best I can, and monitored so that I have some hope of detecting and limiting the harm from failures. I expect the information that I share with them will remain private—but I use the word “expect” in much the same way an eighth-grade teacher might use it when telling her students “I expect each one of you will be well-behaved during our field trip.”

Because of this perspective, I pay very little attention to the “privacy” settings of social media sites. Whatever I post is intended to be public, so it makes no sense to constrain it. I do try to keep a grip on things that I don’t intend to be public. For example, I only attach location information to my posts on a case-by-case basis.

As I say, this has stood me in good stead up to this point. But, as Bruce Schneier points out, we’re already well past the inflection point between a past when such efforts mattered and a present and future where they do not. I carry my phone with me most of the time, so my location is already known to a third party—which means that, as a practical matter, it can be known to anybody who cares enough to get the information. Cameras are nearly ubiquitous—even before drones make it possible for them to be actually ubiquitous (and social media sites have already gathered ample data to support any facial recognition effort).

Anybody who’s working on the public policy aspects of these issues who’s not familiar with David Brin’s Transparent Society work is making a mistake. Privacy has no future. It hasn’t for a long time. Transparency is our best hope for keeping this fact from making the unequal power relationships in society much worse.

[Update 22 May 2011: I found the post from 2003 where I tell the story of just how I learned this lesson, back in 1990.]

Posted on
by

Security expert Bruce Schneier wrote last week about some changes he was making to his blog to remove some anti-security features. Reading over his list of changes, I was pleased to see that I’d mostly avoided adding anti-security features to my blog in the first place.

  • No offsite tracking. Although I’ve experimented with them a couple of times, I don’t have “like” or “share” buttons on my blog posts, so your visits here are not automatically transparent to Facebook, Twitter, Google, or other social media sites. It means you’ll have to copy the link yourself if you want to share my posts. I’d be delighted if you did, so I hope that’s not too onerous.
  • No offsite searching. Similarly, the site’s search facility runs right on the site itself, just doing an SQL query of the database that holds the content of my site. Doing a search here doesn’t expose your query to anyone else. (I once looked to see if I was logging queries and couldn’t find them; as far as I know, doing a search here doesn’t even expose your query to me.)
  • No offsite feed. I also run the RSS feed for the site right on the site, and always have. I thought for a while that I ought to use feedburner, but I never got around to it, and now it’s clear that laziness led me to the right choice.

Any attempt to keep internet activity private is probably hopeless, but that’s no reason not to try.

Posted on
by

I got email this morning from a schoolteacher who shares links to my story structure article with her young students, telling me that the links out from my sidebar under the heading “Recently popular” were going to porn sites.

Although somewhat dubious, I went and checked immediately, and discovered that it was true. Ugh.

Those links were generated by a widget that (when it hasn’t been hacked) uses site traffic statistics to identify the most visited posts and pages on my site over the past week or so and link to them. It was still doing the first part—that is, the items under the heading were names of my recent high-traffic pages—but the links no longer went to my pages. Instead, they were going to porn sites.

I immediately removed the widget from my sidebar and disabled the plugin that provided it. I looked at other links on the site and didn’t see any similar problems elsewhere, so I’m hoping that was the extent of the hacking.

I also sent email to the guy behind the plugin, telling him about the problem and asking if there was any diagnostic information I can provide.

The stats package that I use also tracks outbound clicks, so I can see that a total of 4 clicks today went to one or another of those sites. I looked at stats for the past several days and didn’t see any other outbound clicks to illegitimate sites, so I’m hoping that (with the help of that teacher) I managed to nip this thing in the bud.

Apologies to anyone who got directed to one of those pages!

I’m still investigating, and will add an update if I learn anything further.