Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘4rth Amendment’ Category

So here’s my thing….

with 3 comments

dark_of_night_OURO

VQX HWMVCUSE JQJFASSNTG QV! X HQ JD ISIAVVE!

Face it.. We are all PWND six ways to Sunday

Every frigging day we hear more and more about how the NSA has been emptying our lives of privacy and subverting the laws of this land and others with their machinations. It’s true, and I have been saying as much since the day Mr. Klein came out of his telco closet and talked about how the NARUS system had been plugged into the MAE West back in the day. We are all well and truly fucked if we want any kind of privacy today kids and we all need to just sit back and think about that.

*ponder ponder ponder*

Ok, I have thought about it and I have tried to think of any way to protect myself from the encroachment of the NSA and all the big and little sisters out there. I am absolutely flummoxed to come up with any cogent means to really and truly protect my communications. Short of having access to the NSA supercloud and some cryptographers I don’t think that we will not truly have any privacy anymore. If you place it on the net, or in the air. We have reached in my opinion the very real possibility of the N-Dystopia I have talked about before in the Great Cyber Game post.

As the pundits like Schneier and others groan on and on about how the NSA is doing all of this to us all I have increasingly felt  the 5 stages of grief. I had the disbelief (ok not completely as you all know but the scope was incredible at each revelation) Then the anger came and washed over me, waves and waves of it as I saw the breadth and scope of the abuse. Soon though that anger went away and I was then feeling the bargaining phase begin. I started to bargain in my head with ideas that I could in fact create my own privacy with crypto and other OPSEC means. I thought I could just deny the government the data. I soon though began to understand that no matter what I did with the tools out there that it was likely they had already been back door’d. This came to be more than the case once the stories came out around how the NSA had been pressuring all kinds of tech companies to weaken standards or even build full back doors into their products under the guise of “National Security”

Over time the revelations have all lead to the inescapable truth that there is nothing really anyone can do to stop the nation state from mining our communications on a technological level. Once that had fully set in my mind the depression kicked in. Of late I have been more quiet online and more depressed about our current state as well as our future state with regard to surveillance and the cyberwarz. I came to the conclusion that no matter the railing and screaming I might do it would mean nothing to the rapidly approaching cyberpocalypse of our own creation arriving. ….In short, we can’t stop it and thus the last of the five stages for me has set in. I accept that there is nothing I can do, nay, nothing “we” can do to stop this short of a bloody coup on the government at large.

I now luxuriate in my apathy and were I to really care any more I would lose my fucking mind.

OPSEC! OPSEC! OPSEC!

Speaking of losing one’s mind.. Lately people all have been yelling that OPSEC is the only way! One (the gruqq) has been touting this and all kinds of counterintelligence as the panacea for the masses on these issues. Well, why? Why should we all have to be spies to just have a little privacy in our lives huh? I mean it’s one thing to be a shithead and just share every fucking stupid idea you have on FriendFace and Tweeter but really, if you can’t shut yourself up that is your problem right? No, I speak of the every day email to your mom telling her about your health status or maybe your decision to come out etc. Why should the government have the eminent domain digitally to look at all that shit now or later?

If you take measures to protect these transactions and those measures are already compromised by the government why then should you even attempt to protect them with overburdened measures such as OPSEC huh? I mean, really if you are that worried about that shit then go talk to someone personally huh? I know, quite the defeatist attitude I have there huh? The reality is that even though I claim not to be caring about it (re: apathy above) I actually do but I realize that we no longer have privacy even if we try to create it for ourselves with technical means. If the gov wants to see your shit they will make a way to do so without your knowing about it. I fully expect someday that they will just claim eminent domain over the internet completely.

Fuck OPSEC.. I want my government to do the right thing and not try to hide all their skirting of the law by making it classified and sending me an NSL that threatens to put me in jail for breaking the law.

Fuck this shit.

CYBERWARZ

Then we have the CYBERWARZ!! Oh yeah, the gubment, the military, and the private sector all have the CYBERWARZ fever. I cannot tell you how sick of that bullshit I am really. I am tired of all the hype and misdirection. Let me clear this up for you all right here and right now. THERE IS NO CYBERWAR! There is only snake oil and espionage. UNTIL such time as there is a full out kinetic war going on where systems have been destroyed or compromised just before tanks roll in or nukes hit us there is no cyberwar to speak of. There is only TALK OF cyber war.. Well more like masturbatory fantasies by the likes of Beitlich et al in reality. So back the fuck off of this shit mmkay? We do not live in the world of William Gibson and NO you are not Johnny Mnemonic ok!

Sick. And. Tired.

I really feel like that Shatner skit where he tells the Trekkies to get a life…

Awaiting the DERPOCALYPSE

All that is left for us all now is the DERPOCALYPSE. This is the end state of INFOSEC to me. We are all going to be co-opted into the cyberwarz and the privacy wars and none of us have a snowball’s chance in hell of doing anything productive with our lives. Some of us are breaking things because we love it. Others are trying to protect “ALL THE THINGS” from the breakers and the people who take their ideas and technologies and begin breaking all those things. It’s a vicious cycle of derp that really has no end. It’s an ouroboros of fail.

RAGE! RAGE! AGAINST THE DYING OF THE PRIVACY! is a nice sentiment but in reality we have no way to completely stop the juggernaut of the NSA and the government kids. We are all just pawns in a larger geopolitical game and we have to accept this. If we choose not to, and many have, then I suggest you gird your loins for the inevitable kick in the balls that you will receive from the government eventually. The same applies for all those companies out there aiding the government in their quest for the panopticon or the cyberwarz. Money talks and there is so much of it in this industry now that there is little to stop it’s abuse as well.

We are well and truly fucked.

So, if you too are feeling burned out by all of this take heart gentle reader. All you need do is just not care anymore. Come, join me in the pool of acceptance. Would you care for a lotus blossom perhaps? It’s all good once you have accepted the truth that there is nothing you can do and that if you do things that might secure you then you are now more of a target. So, do nothing…

Derp.

K.

BORN ON THE FOURTH OF JULY

with one comment

Born-On-The-Fourth-Of-July_snow

jw hnne pjofkeq lhr Juoacbf

REVELATIONS

On this fourth of July as I sit here early in the morning I am left to think on all that is going on and the future from this moment on regarding the NSA revelations by EJ Snowden. Since coming out to Glenn Greenwald and the Guardian “We The People” have been getting the veil ripped away for us on some of the actions of our government for our “safety” from terror. Said actions have been in my opinion the end running of the constitution, the laws of the United States, and the bamboozling of the governed by the governors through the manipulation of fear and secrecy on the populace. The rubric of capturing all data to target only the wicked terrorists is a falsehood. No matter the protestations of the Clapper’s of the secret squirrel world that their machinations have defeated (X) amount of plots against us can assuage my fears that the system could and already has (by Snowden) be abused. Thus the assurance of “Trust us” by the government is hollow at the very least if not disingenuous.

It is said there are to be more revelatory things to come from “Snowman” but I think we should all be upset enough already to be storming the gates of congress seeking redress as it is. Let’s all face it, a system has been created to tap us all. No matter what is said about how it is run by laws that have been created to subvert our most basic of laws to start, the system itself presents a threat. We are now seeing congress going into action as well trying to shed some light on things that have been in fact lied about in their hearings  but I fear that a combination of secrecy, our own collective apathy, and an ineptitude on the part of our representatives has already won out and this security industrial complex has rooted itself too deeply to be excised or even pruned. Know you all though, that it’s out there and that our most sovereign of ideals that our country was founded on has been tattered. Tattered by our own elected officials to “protect us” like children who cannot handle a boo boo.

MOTIVATIONS

Much has been made on the motivations of EJ Snowden and I will just throw my psychological hat in this ring right here and now. Given what I have seen of this man I think he has a narcissistic streak a mile wide and an active imagination that he is Jason Bourne or 007. That said though, I think his core belief here is that he was doing the right thing. I cannot fault him there because what he has shown us all is that the government is spying on us all no matter what they say. Collecting all data, saving it, and then choosing to sift through it is in fact a power that no one should have collectively on us all in one database. Think of this program as the one ring and you as Frodo.. But you have are wearing the one ring all the time and Sauron see’s your every move. Unless you go completely Luddite the government is going to have your number figuratively and literally and that is damn scary no matter the alleged protocols that they have in place.

So, now we come to the time where the attacks on Snowden, the media manipulations that go on for ratings, and the government spin makes him to be the story more so than the actual programs that he has brought to light. It is important here to not care about our boy Snowden any more than an amusing character in a larger passion play. Please consider “Snowman” the Falstaff to the Harry of the government. He is but a cipher to a larger story. Let EJ hang around in Shermeteyevo and pay him no more mind. Pay attention to the real problem here, and that is the programs that he has shown us all are out there and capturing all our data. Don’t get lost in the media derp.

PROTESTATIONS

Look to the Congress people! Look at history as well. If Nixon had had this technology we would have all been not only listened to but we would have become dissidents under the watchful eye of the likes of J. Edgar in some prison for having the temerity of not believing as he did. Power corrupts and absolute power corrupts absolutely as the saying goes. These programs in tandem with the laws being created around them to allow for the bypassing of other laws is absolute corruption. I do not care to hear the prevarications or the finagling that the government is tap dancing to to allow these things. It’s just wrong no matter the intent and it all stems from an administration that thought that torture was legal and sought to legalize it with the Yoo Memo’s. What was it that Nixon said? “If the President does it it is not illegal” I’m sorry no, it is illegal and immoral and a beast that has been created that cannot be controlled. I look at all of this and I keep going back to Caesar. Caesar was a great general and was installed during a time of great need to have a man like him running things. He won the war and then decided that he should be ruler in perpetuity, an emperor. I think we have crossed that same Rubicon today with these programs and I fear that it will not end and they will be abused.

All hail Caesar.. SPQR

K.

Written by Krypt3ia

2013/07/04 at 11:05

Creating Your Own Privacy & ROI

leave a comment »

img courtesy of XKCD http://xkcd.com/

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Preamble

With all the alleged revelations over the drift net surveillance happening to us all by the government I and others have been pondering the processes needed to protect one’s communications online and over the phone. Wired and other venues have put out reasonably ok articles on this but generally I think they have lacked on the ROI factor for the varying degree’s of surveillance that has been carried out for some time now, not just the NSA with PRISM. The immensity of it all I think can put one off on the idea of being able to keep their privacy especially given the pains that one must take to keep it on the nation state scale. However, there is much that could be done to have a modicum of privacy but one just has to understand the idea of OPSEC and have some technical base to work from in order to use the technologies such as TOR or CRYPTO in the first place. It is another thing altogether to keep that mindset every day and to understand the import of their use and the cause and effect that comes from failing to use them.

PRISM and NATION STATE SURVEILLANCE

As Ali (@packetknife) alluded to on the “Loopcast” recently with me, the idea that someone can completely deny the nation state program of surveillance is a tough one to swallow today. We all are connected to the net in some way whether it be your smartphone or some other connected device that we carry with us 24/7. In the case of the smart phone the utter and total pwn that goes on there is spectacular to think about. There is no need for tinfoil hat conspiracies about barcode tattoo’s on one’s neck here, all you really need is an iPhone and connectivity to know quite a bit about a person. This is why the metadata issue is a big one and people are seemingly unable to comprehend it. Let me clarify this for you all by also saying that not only are the calls to and from being easily monitored and mined (stored later for perusal when needed) by the NSA it seems, but also the GPS data as well. Remember the hubbub over the Apple collection of GPS data on the phones a couple years back? Remember the outrage on some parts over this? Well, now look at that in relations to how much of that data is accessible by the government too in this program. More to the point and this has not really been talked about, but are they correlating that data as well in the phone surveillance being carried out? My assumption is yes but like I said that seems to have been dwarfed and drowned out by the PRISM revelations.

Ok so now we are being data mined and correlated on the phone calls we make (metadata). Of who we are calling, how long we are talking, and when as well as  the GPS (location) as well?  All of that data is very informational about the habits of a person alone but start to analyze it from a personal and psychological perspective and you can build quite the dossier on someone without even having to listen to their conversations. Which I hasten to add that there are rumors of the caching of conversations generally not just under warrant from FISA. At this level, the nation state level of surveillance, one cannot hope to really be secure in their communications using technologies as they are because of the access the government has built for themselves post 9/11 with the Patriot Act as it’s fulcrum. Access mind you that we are giving them by proxy of the devices we buy and the services that provide the connection because without them we have no way to communicate other than in person or pen to paper with the post offices help right?

All of this though does not mean that the government is spying on you now. What it means though is that the legalities have been created or bent to the will of the government to have the illusion that the wholesale collection of all kinds of data for later use of anyone using these systems is legal. It also means that no matter the protestation of the government and the law enforcement bodies that they take all due care not to collect/use/surveill you vis a vis your data that there is a chance that someone within the system “could” and “might” do so outside of the rules and that is the problem here … Well other than the Constitutional, moral, and ethical issues that is. Just because it is against the rules does not mean someone won’t do it if they have the access. You know.. Like EJ Snowden having access to highly classified data that perhaps he shouldn’t have? Or furthermore the availability of Mr. Snowden being able to insert a USB drive into systems and siphon off said data to give to the press or anyone who’d listen right?

PRIVATE SECTOR or THE LITTLE SISTERS

Another issue that seems to be taking a back seat here is the notion of the Little Sisters to Big Brother. This idea springs from something I alluded to above in that the corporations that offer you the services (Gmail/ATT/Facebook etc) all collect data on you every minute of every day. They use this data for advertising, data mining, selling that data to other companies to form synergies on how to sell you on things etc. It is this practice of collecting all this data on us and our complicity in it that has given rise to the drift net approach that the government has taken with the surveillance programs like PRISM. The government is simply leveraging the capacities that are already there in the first place! You want to blame someone for this mess? Look in the mirror as you have allowed your data to be collected in the first place. YOU have placed your minute details out there on the internet to start with in email or posts to Twitter and Facebook for example. YOU are the culprit because you fail to understand OPSEC (Operational Security) and just scattered it on the net for anyone to see.

Of course other bits are more arcane. Cookies, tracking data within browsers and the like also give away much data on who you are, what you like, and allow the marketers to tailor ads for you when you go to sites that pay for the services. The aggregate of all of this data makes a digital portrait of you that unless you take pains to disallow the collection, will be sold and used by the corporations to package YOU as the commodity. I mean, how do you think Facebook works? It’s a social contract to connect to others and allow Facebook to make money off of your habits. Zucky is not in this to win a Nobel Peace Prize here ya know.

So when you think about all this surveillance going on please remember that you are complicit in it every time you surf the web, make a facebook post, a tweet, or send an email unencrypted (Google analytics kids) because they are all sifting that data to “get to know you better” *cough* It’s just a friends with benefits thing as the government see’s it being able to just hit them with an NSL and plant a server in the infrastructure to cull the data they want. As long as it doesn’t effect the bottom line (money) for them I suspect their worries about privacy are, well, pretty low on average. I mean after all you have already signed away your rights have you not? The little sisters are insidious and subtle and I am afraid they have already become metasticized within the society body.

The Only Privacy You Can Have Is That Which You Make Yourselves

“The only privacy that you have today  is that which you make for yourself” is something I said a while back on a blog post or podcast and I still stand by it. It seems all the more relevant in the post Snowden world today. By creating privacy I mean leveraging technologies like encryption to keep your communications private and OPSEC to consider how you transmit information over the internet and telco. There are inherent problems though with all of these things as you can always make a mistake and end up leaking information either technically (an instance would be logging online with your own IP address to something) or process wise like putting your current location on Facebook and saying you’re on vacation for two weeks. It is all a matter of degree though and even if you are practicing OPSEC there are things outside of your control when the nation state is looking to spy on you. There are just no two ways about it, you can only fight the nation state so much with technology as they have more resources to defeat your measures eventually by end run or by brute force.

On the level of defeating the little sisters, well the same applies but with limitations. You can in fact surf the net on TOR with NOSCRIPT, cookies disallowed and on an inherently anonymized OS on a USB stick right? The little sisters can only do so much and they only interact when they see a profit in it. They after all are not looking to be voyeurs just for the fun of it. They want to sell you something or sell you as metadata right? However, if you start to anonymize yourself as much as you can and you are diligent about it you can stop the Little Sisters which in turn may minimize what the Big Brother can use too. The caveat is that you have to take pains to do this and you have to know what you are doing. There are no magic easy button offerings on the shelf that will hide you from them all and if you care then you will take the time to learn how to perform these measures.

ROI On Privacy

Finally, I would like to take stock of the fight here that you need to take on and what the ROI is for each adversary involved. In reality unless you go off the grid, change your identity and never touch another piece of technology ever again there is a high likelihood that your information will be tracked. One may in fact create a separate identity to pay bills with and use that one to surf online as well as other things but that is an extreme just like the idea of becoming a Luddite. There must be a middle road where you can feel that you are protecting a certain portion of your lives from the unblinking eye of the companies and governments that own or access the technologies that we use every day. You have to though, understand all of this and accept that in the end you may fail at keeping your privacy yours and yours alone. Come to grips with this and be smart and you can have a modicum of success if you are diligent.

A for instance of this ROI would be on the phones. If you TRULY want to be private then you have to lose your smartphone that you have billed to you and buy a burn phone. Cash is king and there is no information taken if you do it right. The unfortunate thing is that you then have to call only others who have the same burn phones out there without any metdata that ties it back to their real identities. You just try getting mom and dad to buy burn phones to talk to them on… It’s not that easy. So really, some of the ROI is minimized by the nuisance factor. The same can be said for the lay individual who is not going to go buy encryption products nor are they capable of installing a Linux system and running something like GPG. This is not going to work for everyone as well as not everyone is going to care about their privacy as the recent Pew poll showed where 56% of polled ok with surveillance program by NSA.

In the end it all comes back to the idea that you create your own privacy by your own actions. Do not trust that the government is going to protect your privacy and certainly don’t believe that the corporations will either. I mean, just look at how many spectacular fails there were on passwords that weren’t hashed or encrypted in any way by companies hacked by LulzSec. As well you should not trust the government, no matter how well intended, that they will be ABLE to protect your privacy as we have seen with recent events like Brad Manning’s theft of (S) data as well as now Snowden (TS/SCI) The actions of one person can be the downfall of every carefully crafted system.

So what is the ROI here? Well….

NATION STATE:

Crypto and anonymized traffic online will minimize your footprint but eventually they will break you if they want to. You have to be exceptional to fight the nation state level of surveillance. As for the driftnet out there well, unless you go luddite they have a lot of data to sift and commingle. They have a pretty good picture of who you are and much of that comes from the little sisters. Your ROI here is minimal because they have the power and the thing you MUST remember is that CRYPTO IS YOUR FRIEND!! Encrypt sessions for chat and emails and you will leave them with the task of either having to break that crypto or hack your endpoint to see the plain text. Make them work for it. Otherwise you may as well just BCC the NSA.GOV on each and every email today it seems.

LITTLE SISTERS:

The little sisters though are another thing. You can in fact obscure a lot of what you do online and through telco but you have to be diligent. It means time and sometimes money (burn phones or laptops in some cases) to obfuscate as much as you can. The ROI here is that IF you take these pains you are then able to deny them easy access to your habits and patterns. If you start using crypto in sessions and in communications like emails then you will be also geometrically heightening your privacy status. But you have to do it.. AND that seems to be the hard part for many whether it is laziness or apathy I am not sure.

Privacy is what you make of it… He says as he hits enter on a public blog post!

K.

[Jmhhw Kutdegc ohl Vmgi Uizvsr pspmspw avuzyiw ypicl Qephcv Tmwfcj’a yere. Kutdegc plqfkw sd Vqklsn vcukipd.]
Polvc Ayzfiui: Elr npwr, xfslm’k Qephcv Tmwfcj…[tgsoq on i xspbsl ezmpc Auzlmr fom i tpely mbsvi. Uoftsgi rilvk xlc titviv rc mpga mr vua fs tydyzk] Li bcyaf’x wcsg bg lets u xswx.
Zwmpgt: [Ayzea saew] W’g agvvw, pob A hsl’h qwjo jmf npw kstslveirr.
Rckc Kspriv: Oi hm. [Gbwow e aoll] Fexgchid Wiailqlc Eeshkq.
Fmqvix: Sl. Cmi’lm lli eisa A liyf vzwexfwho gr xfs ibziv cbx wx qc nvivw.
Hmay Awjhsl: Bi, bzex’q hbm XFM. Us’lm fsx avuzlivcr zwj hsksmbag wsfpmappybwm.
Tmwfcj: Wz, M wcs. Swm nyqh idwvxffie yszcfhuwrxq. Gyb mt jpwyvvpc bwwbsxspg.
Xquo Kmfxwf: Rs, rvub’k xlc QCI. Oi tpcnmux ssf awnivlayvl’w gmagcfmgyhcwfw, ac hlg ls fpsus lli mhbmj jijzu’a ushcg. Qm’ji xfs awgh ksmm, Usvxw.
Pcazst: Esy, Q uer’r hytd css kbil e vczcmx xlyh ca…Vmgi.
Rckc Kspriv: Uleluy ggyv kwhl, uepj im il xlgg hcefip… [ucdww Fggbwh e jmzxmv tmcqy wx tensl] Uj. Fvgqy.

SHMOOCON 2013 ROUNDUP

with one comment

shmoo

xboymqiqzz

Takeaways:

Well another Shmoocon has come and gone. While much fun was to be had I could not help but notice that there was a definite theme going on in talks this year both on and off the stages. That theme was just how much we are all being screwed by the legal system today as well as how much damage could be done to anyone at any time because the laws are either being abused or are ill suited to apply to the crimes that people are being charged with. In many cases the talk this year centered around fundamental rights granted by the Constitution that are steadily being eroded or tossed out the window because the word cyber has been placed in front of the charges.

With stories like the DHS’ right to search any of your hardware within 100 miles of the border to seizures of domains without having to produce a reason why we should be talking about it. Frankly we should be doing more than just talking about it we should be assailing the government with questions and attempting to protect our rights. Unfortunately what we have seen is that even trying to protect our rights cannot be done easily without a great amount of money and time while lawyers bill you many hundreds of dollars an hour. Without money we have pretty much no hope of changing the laws even with the likes of EFF trying to do so.

This conference just seemed to show that we are realizing these things more overtly because of late the law has been making some rather harsh decisions against the innocent as well as the guilty. For me though, when I see misdemeanors turn into felonies because they are compounded together in order to have a bigger win in the press and to further a career I see the scales of justice as being broken. The realization, which we all have but we put away to lead our daily lives and keep our heads down is that the law only really serves those who have money. The more money you have, the more malleable you can force the law to be.

The Law Won’t Protect You:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

It seems that since 9/11 the 1st and 4rth Amendment have become trite in some ways to the government. From the moment that GW Bush said you better watch what you say to today’s full blown surveillance state we have seen these fundamental rules be put aside by the government. Sometimes this is overtly but mostly it is done in muted ways that people are not paying attention to. The instance of the DHS’ right to search any hardware you have within a 100 mile radius of the border is part and parcel to this idea that they can do whatever they wish in the name of anti terrorism. A review of the privacy record for DHS generated a report that once really read shows they had no issue with this and thought that it was not a privacy issue whatsoever.

Evidently, the 4rth Amendments statement on reasonable search and seizure is moot if some $10.00 an hour security guard feels that I am an imminent threat with that laptop. I guess though that’s just par for the course in a world where warrant-less wiretapping is the vogue and approved by the government even though they were mandated by law to get things like FISA warrants to do so. It’s interesting to note just how quickly the government was able to re-jigger the laws around that in their benefit to allow for this as well as say rationalizing torture too. It’s all a matter of who’s got the juice and the legal teams to wordsmith language to allow what they desire to become the rule of law. It seems today that the laws to protect you are just platitudes and if you believe in them you are deluding yourself to some extent.

The Law’s Allow Over-Reach and Companies Like Microsoft Are Abusing That:

Another talk by @theprez98 was about how Microsoft in particular but also the government were seizing domains inside as well as trying to outside the country. The cases where Microsoft has been taking liberty with the law surrounds the C&C’s for malware like Zeus. These takedowns make the news and Microsoft get’s a boost for being the whitehat here but in fact they are using their great wealth to manipulate the law in their favor to carry out these extra jurisdictional actions. What it amounts to is a private company seeking approval from a judge to carry out actions that the police really should be but are not.

In the case of the Zeus takedown they seized assets and domains of not only the botmasters but also innocent victims in the process. The same has happened with the government taking down domains under seal. This means that the collateral damage (aka other peoples sites that had nothing to do with this to start) end up losing their data, have no real means of seeking redress (sealed means secret) and in the end lose money and time because they happened to just be in the way. Of course lest we also forget that if their site happened to have some content that may be considered illegal in some way, then they too could be charged in another case because suddenly their data is considered “plain view” This means that since the government could see it even without a specified warrant they could then act upon it.

Microsoft has been prosecuting these cases with more frequency as they keep citing earlier cases that they won approval from the judge to prosecute and thus case law is made. This precedent makes it all the more possible for any other company to make the same case and as such more searches and seizures could happen by companies and not the law enforcement community. I guess my question then becomes how long until the government privatizes the “net police” ideal and places it in the hands of the likes of a Xe? Will we have letter of digital marque as well one wonders as it becomes more expedient for private companies to police things on the internet.

The Government Is Ill Equipped To Handle Technology and Create Law:

A second talk that focused on the law and how poorly it is equipped to deal with modern technological issues was presented by the EFF at Shmoocon. This talk focused on two cases, the first being the case of Aaron Swartz. Aaron took his own life recently and many believe that it was prompted by the judicial over-reach against him in the JSTOR case. While Aaron did a couple things that could warrant misdemeanors the prosecutors in the case concatenated them change these into felonies. In the end the releases by the prosecutors were claiming that Aaron could go to prison for 35 years after downloading too many documents from JSTOR.

In Aaron’s case as in Weeve’s the interpretation of the 1984 CFAA (Computer Fraud and Abuse Act) allows for quite a bit of abuse and no substantive changes have been made to that law since it’s inception. As such the law is out of date and ill equipped to apply to much of anything that can happen today. Of course in the case with Weeve this is plainly shown because the data was publicly available and no escalation of privilege was carried out to get it. The access of the ATT data was as easy as tying in a URL yet ATT has made this a federal case and Weeve the target of some pretty hefty jail time as well as fines.

It was plainly seen in the presentation by EFF that the current laws are outdated and that the law makers are not very clueful on how things work today in a digital world. In a way one can infer that they like it this way because it leaves much more for interpretation and misuse but I don’t want to be too dark here. I guess I will just stick to the theory that they are all old and really do consider the internet to be a series of tubes. Either way unless we force change on this and get them to change the laws to reflect reality we all are subject to wrongful if not over prosecution because the current ones are too open to abuse by prosecutors seeking to make a name for themselves.

We Need To Know Who You Are So No Pseudonyms Allowed:

Evidently it’s also too hard for the government to know who’s who so there are pushes on to have a “Real ID” on the internet as well as AFK. Another talk at Shmoocon was about the idea of identity and how companies like Facebook as well as the government are seeking to apply rules on “Persistent ID” Since the lawmakers find technology so hard to understand and privacy is an antiquated idea they just seem to think that foisting a persistent ID on us will make it all better. Since you have persistence, you won’t do anything like troll anyone online will you? Sure, that’s going to work swimmingly don’t you think?

I am constantly surprised by these people and entities that seem to think that privacy is dead or that it is not needed. The reason people take up pseudonyms is because they wish to speak their mind not only to commit crime. In fact they are likely to really be afraid that the act of speaking their mind may in fact be a crime. You can see this going on in various countries today with authoritarian or theocratic governments. I myself have been taken to court over things I have said as well as have been warned not to rock the boat for fear of more litigation or other negative repercussions. I guess then that the 1st Amendment is just a piffle right?

Out of all of the talks this one scared me the most. This movement to mandate identity online is more venal than any talk of the government trying to erode the 2nd Amendment to me. Why you ask? Because this is something that the governments as well as corporations can get past people’s cognitive dissonance as opposed to taking their guns away. Just how much privacy have we already lost today with the likes of Facebook and others online? How much of your PII data circles the globe in databases showing connections to who you are, where you are, and what you buy? Think about it in the context of linked databases and you can start to see where I’m going here. We have already given up a lot so what’s the big deal in getting a drivers license on the net huh?

I guess the most astounding thing though to me is that the government as well as Facebook think that this will in fact end pseudonym use. If they try then those really seeking to be anonymous will just use someone else’s ID right? The person intent on doing so will just fabricate or steal another ID and thus the waters will be muddied once more. It is galling though that in today’s world we have entities like Instagram that want you to take a photo of your government issued ID to verify who you are and send it to them online.

HOLY WTF!

The Military Leaders Are Old and Do Not Understand The Technology:

Finally, I learned that the leaders of our government and the military on average tend to not understand “internet” I know shocking huh? A talk given at Shmoocon on cyberwar “Hacking As An Act of War” was enlightening to some in the room but for me it was status quo. The fact of the matter is that the people running the wars are old. Those actually prosecuting it are young though. As Mark Hardy said in his presentation “Once the older generation is out of control, the younger generation will be better able to make the changes needed to fight the next war online”  and I’m paraphrasing there but the sentiment is true.

The same goes for the policy makers where this is concerned as well. The paradigms have changed but those in charge have not nor have they tried to keep up with what’s going on. How many times have we all seen pieces in the news where some senator somewhere says something that clearly shows they have no clue what they are talking about? Now imagine that you are someone who’s an expert on that subject. All you can do is hang your head and walk away. I personally have tried with Senator Droopy Dawg to no avail to get across to him that his arguments are only crying wolf instead of being substantive and clued in. Of course nothing came of my trying, not even a response. …Even when I was nice about it.

Now consider the prosecution of war with a digital aspect. Mr. Hardy gave us some great information on the Tallinn manual as well as insight into NATO’s ideas on how to classify and prosecute the laws around digital or 5th domain warfare. At times they seemed to just be out of touch with reality but at least they are trying. The issue though is that this is all Terra Nova and the people trying to assess it are still locked into ideas that pre-date the internet. It’s akin to taking George Washington and placing him in the middle of a firefight in Viet Nam. I should think that George is not going to last long as a warfighter in such a scenario because he lacks the comprehension of the weapons of war for that era.

In other words we are screwed.

Final Thoughts:

Overall Shmoocon was a good time. Much more for the LobbyCon that was constantly going on than most of the presentations though. It was enlightening in many ways to talk to others about what was going on not only technically but moreover their concerns about the same issues as I have laid out here. We live in perilous times where the law and internet are concerned. Our ideals of privacy are at risk as well as our rights according to the Constitution. We are increasingly living our lives within the medium of the digital and yet we fail to see the machinations going on to spy on us with more regularity and impunity.

We are abdicating our privacy as well by allowing companies to keep have our data because we don’t read a EULA and encrypt our transmissions. In so many ways we will be the ones to blame when our data us used against us because we did not carry out the due diligence to protect it. We should not trust in Twitter to protect those conversations we have in DM because their EULA says that nothing you do there is private. … Even a direct message outside the Tweet stream. We need to either say no to these services or force them to change their EULAs to allow for some privacy. Failing that we need to protect ourselves with crypto. The question then becomes, as was intimated to me on a couple occasions this weekend, “Just how long until crypto becomes regulated as a munition again altogether?”

It’s a brave new world kids, best start paying attention.

K.

 

Written by Krypt3ia

2013/02/18 at 16:20

Building A Better Anonymous: Separating The Philosophical From The Practical

with one comment

So, here’s my thing…

Ok, so here’s my thing.. This notion of building a “better” anonymous is right up front, doomed to failure. As notions go it is a very altruistic one that I think Brian and Josh have thought about quite a bit, but, like many who get wrapped up in the grey areas of philosophy and semantics, they too got lost in the woods and could not see the forest for the trees in the end. Evidently Source Boston had them keynote the show with their talk on making a better, more accountable, and false flag “mostly” free Anonymous that stems from their series of “Building a Better Anonymous“, a series that I actually helped with a bit in the background (shhh don’t tell anyone.. oops) 

The case that they make is an interesting one but from my point of view fails to deal with the concept of human nature that will inevitably be the downfall of any such association, group, collective, or whatever else you would like to call it. Human nature, (i.e. the problem between the chair and the keyboard) will always win out because, you guessed it, we are “human” and we have foibles, wants, desires, and of course and ego. These things all make us do things that are counter to the best laid plans of mice and men (aka a charter of standards and behaviors) and will, in the end, cause some to draw outside the lines of acceptable practice.

This means bad actions from bad actors within the fold.. Or, as in the case of the flawed idea of “Anonymous” as an action, will allow for bad actors to take up the nome de plume of “Anonymous” and do things counter to their ideals but still leave the stench and onus on them as the Judas goat. Boiling it down to a simplistic statement for me kinda encapsulates the whole issue of “Anonymous” which means “unknown” by and of its premise, cannot at any time ever, be considered a movement/group/collective etc that will never be used as the scapegoat for bad actors. Nor will it ever mean that bad actors will never get into the fold and destroy things (like a reputation) from within.

And here’s the statement: “One cannot be Anonymous and expect to change the system for the better. If you have a problem with the system (see above poster) then you must be a known quantity”

Josh and Brian speak of charters and standards of action, but there can never truly be accountability as long as those who claim to be advocating those standards hide behind anonymity. When you are anonymous, you lack accountability and thus, the ego and other human natures allow you to do whatever you like. Speaking of human nature, let me direct you to some movie references that they make and where the human nature portion has been stripped from the argument.

The hitman/cleaner in “Léon: The Professional” had a rule; “No women. No kids.”    (Leon follows this so good on them)

In Fight Club: “The 1st rule of Fight Club is, do not talk about Fight Club”.   (Fight club spreads because people cannot shut up)

In The Transporter, “Rule #3: Never open the package.”  (You guessed it.. HE OPENED THE PACKAGE!)

So, out of three examples there, one was ok. But you are seeing my drift there are you not? Human nature will be the downfall of all the grand plans and schemes we have. It’s our nature to do things in our own self interest more than follow guides or charters. If that were not the case, we would not have crime and prisons right? This is an all too convoluted space to be working in and assume that by laying down some “law” (charter) that everyone will follow it AND that the inevitable others who do not, will not affect the whole by their actions. Add to this the notion of something like Anonymous, who’s actions claim to be anything from lulz to moral actions, and you have a great swath of FAIL that will happen.

It’s all well and good to quote Hobbes, but perhaps you might want to read Plato instead?

In the end, I think it better that the use of “Philosophical Realism” be applied to this problem rather than the altruistic beliefs that have been espoused by Josh and Brian. I would also hasten to add that the cognitive dissonance, to use the turn of phrase used, of trying to contain or direct “Chaos” is just not plausible from any realistic standpoint and thus moot in my opinion. If you like a movie/book reference, lets go to one of my favorites “Jurassic Park”

Dr. Ian Malcolm: If there is one thing the history of evolution has taught us it’s that life will not be contained. Life breaks free, expands to new territories, and crashes through barriers, painfully, maybe even dangerously, but, ah, well, there it is.

What Ian is saying is very appropriate to this argument being made by the authors of “Building A Better Anonymous” In my case though, I would change life to “human nature” but, you get the point don’t you? Life is chaos and human nature is also a form of that as well. We are unpredictable animals and our actions, like those with Anonymous, are really quite unpredictable and not very controllable. Just look at what has happened since Anonymous came out, we had Lulzsec, Antisec, and now a host of others taking the model that Anonymous put out there unfinished, and have been wreaking havoc.. In the name of what really? Because they can?

No, this is a failure to launch in my opinion and Anonymous’ cat is out of the bag. The genie is out of the bottle and you cannot put it back in with a charter as the cork.

Sorry guys.

K.

Written by Krypt3ia

2012/04/18 at 15:47

Enemy of the State

with 2 comments

Fort Meade has acres of mainframe computers underground. You're talking on the phone and you use the word, "bomb," "president," "Allah," any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.

From The New Yorker; The Secret Sharer

The government argues that Drake recklessly endangered the lives of American servicemen. “This is not an issue of benign documents,” William M. Welch II, the senior litigation counsel who is prosecuting the case, argued at a hearing in March, 2010. The N.S.A., he went on, collects “intelligence for the soldier in the field. So when individuals go out and they harm that ability, our intelligence goes dark and our soldier in the field gets harmed.”

Top officials at the Justice Department describe such leak prosecutions as almost obligatory. Lanny Breuer, the Assistant Attorney General who supervises the department’s criminal division, told me, “You don’t get to break the law and disclose classified information just because you want to.” He added, “Politics should play no role in it whatsoever.”

Politics should play no role whatsoever? Really? This man is delusional to think that the statement, albeit correct, is actually factual. Of course politics play a part in such prosecutions, and case in point, this article cites examples of people getting slaps on the hand for breaking the espionage act and others where TS/S documents are concerned. The reasons that these others were not prosecuted to the full extent of the law was exactly because of politics and their entanglements. No Mr. Breuer, politics do play a role all too often.

That said, I encourage you all to read the full article and judge for yourselves just what happened with the case against Mr. Drake. It is my understanding from other sources as well as the New Yorker piece, that Drake was seeking to show waste on a grand scale while others were motivated by the idea that the sweeping changes to US law and oversight within the espionage area had taken a deep turn for the un-constitutional. This is an assessment that I agree with and have seen even more such dark turns lately where the digital realm is concerned. Frankly, at times I am a bit scared of the access and perhaps excess that the changes in the law have allowed for the NSA as well as anyone with enough juice within the newly minted security infrastructure post 9/11.

Constitutional Law vs. Technological Ease of Access vs. Political Agendas:

When the Constitution was created none of the technologies at play today were even a dream for the makers. Today though, the ideas of privacy, unreasonable search and seizure, and the fundamental freedoms we claim to cherish so much have been blurred. The blame for this rests partly on the technology, but mostly on the people who should be monitoring their system of laws. After 9/11 the people became all too trusting of the government to take care of them and all too willing to accept the over-reaches that they knew of while they were kept in the dark about others.

Case in point would be the FISA and warrantless wiretap situation that the Bush administration put into play after the terrorist attacks. It was the belief of the administration and the law enforcement community (certain factions) that too much time was lost to entering FISA warrants and getting approvals. So, instead they began to draft opinions that said the process was too ponderous, all the while they were putting together a secret process to just bypass the FISA altogether with or without the legal status to do so. This then begat the further access programs that essentially placed a tap on ALL communications going in and out of the backbone of the internet with the NARUS systems in the MAE’s around the country.

Since the technology was there, and it could be placed into a position to audit everything, they just said let’s do it. Thus, all traffic that you or I create over the Internet has the potential of being captured, flagged, and audited by someone at Ft. Meade without a warrant to do so. This also includes the cell phones as well because that traffic too passes through the same backbone system. Like the image of Brill above states;

Fort Meade has acres of mainframe computers underground. You’re talking on the phone and you use the word, “bomb,” “president,” “Allah,” any of a hundred key words, the computer recognizes it, automatically records it, red flags it for analysis; that was twenty years ago.

Brill, a character from Enemy of the State, was going on about this in a film out before the attacks on the US. It would seem that if the technology had not already been in place then, the administration took a cue from the film and made it a reality after the twin towers came down. After all, the enemy could be anyone and the US populace wanted an action hero to take on the bad men and win. The same people though, did not seem to understand that to do so, the administration would take the shortcut of bypassing decades of laws set in place to protect our freedoms from excessive powers that the Bush administration wanted to have to ‘protect’ us.

It was this over-stepping of the laws that others within the story at The New Yorker had begun to tell to the Sun reporter and who now are being pursued by an alleged non political NSA and government for calling them on their breaking of the law. Just as much as Mr. Drake was seeking to show that the waste created by Trailblazer could also tie into the misuse of ThinThread’s code to eavesdrop on anyone.

Both of these concerns are shared by me as well. After all, with the technology in place and without the oversight, how do we know that abuses aren’t happening? The NSA is famously known to tell the Senate oversight committee to go pound sand… So, who is really watching the watchers?

Right Versus Wrong and Speaking Truth To Power; Do We Have A Say Anymore?:

So, if you have access to classified materials and programs and you see that things have gone off the rails how can you expect to report on it to the authorities and not be prosecuted? It used to be that there were protections, but, it seems now post 9/11 that changes to the paradigms of classification and the re-interpretation of the law to suit the state, it has become increasingly impossible to whistle blow and not be prosecuted. What’s more, if you decide to report, the data that you are reporting on may be classified to the extent that it cannot even be used in open court or with your non cleared lawyer because it may be deemed too sensitive.

The net effect is that if there is malfeasance going on it may be impossible to report it and not get yourself into dire legal trouble with the current whistle blowing legislation on the books. This makes it even easier for the state and or entities and parties within its infrastructure to not abide by the law and have little to fear of oversight or speaking truth to power.

Sheeple vs. The Informed and Worried:

Meanwhile, the populace may live their lives unaware of the capacities for the state to listen to them and or present evidence gathered on them in an extra-legal way. At the very least, due to the wider interpretation of the law, it is easier for the state to gather and use evidence in ways that were not possible before because of the latitudes given post the Bush administration.

From a privacy perspective and the expectation thereof, the idea that all traffic is being hoovered up by the state is kind of scary. From a constitutional law perspective, you have the right to privacy in your papers and your domicile. Does this actually apply to digital papers, computers, hard drives, and anything you pass over telco lines to the cloud? Or is it considered public domain like your trash being placed at the end of your driveway?

This is an important precedent and should be considered with every email, IM, and call you make today. Just as well, if you are intent on retaining your privacy, what are the ways to do so now that all of these lines of communication are monitored by the state? One also has to determine just how worried they should be about intrusion into their privacy. After all, today we as a people give up a lot of information on ourselves at sites like Facebook and if we do that, just how much privacy can we expect?

Following that thought process, if we give up our privacy so easily how can we make an argument against the changes to the FISA rules as well as other laws where eavesdropping on our daily digital lives are concerned?

I for one do not want all of my conversations recorded for someone else to audit whether or not I may have said or done something that could be construed as illegal or perhaps pique the interests of the fed. Of course today one could easily be stopped in some states for alleged traffic violations and be asked if they could clone your phone data… Just because.

Whistle Blowing… Not So Much:

I guess in the end that the state of affairs today leans heavily toward the government being able to pretty much do what it wants to. From the warrantless wiretaps to the detention of non combatants, we have quite an inheritance from 9/11 and the Bush years. Unfortunately much of what President Obama had pledged he would roll back from those years have instead been re-approved if not enhanced. Add the whole Wikileaks debacle and now you have an even more reflexive and paranoid government trying to over classify everything and getting really bent when things get out.

So, the idea of whistle blowing I think is pretty much a dead one from here on. If anyone sees wrongdoing going on then they probably will let it go for fear that they will be prosecuted into oblivion.

And then the state wins… There have to be checks and balances.

K.

From John Yoo and Torture to Warrantless Searches of Papers and Effects: Welcome To The Panopticon

with one comment

“They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”

Recently, a story has come up in the news concerning certain police departments (Michigan to be precise) have been taking more or less “forensic” images of people’s cell phones and other PDA devices when they have them stopped for traffic violations. Since the reports went live, the Michigan PD has sent out a rebuttal saying that they are in fact asking the citizen if they can scan their data. I say, whether or not they actively are doing it or not, they have the ability to do so per the courts since the loosening of the laws on search and seizure in places like California and Michigan where electronic media is concerned. The net effect is that our due process rights are being eroded in an ever rapid pace.

From Dailytech.com

I. Police Seize Citizens’ Smartphones

In January 2011, California’s Supreme Court ruled 5-2 that police could conduct warrantless inspections of suspects’ cell phones.  According to the majority decision, when a person is taken into police custody, they lose privacy rights to anything they’re carrying on them.

The ruling describes, “this loss of privacy allows police not only to seize anything of importance they find on the arrestee’s body … but also to open and examine what they find.”

In a dissenting ruling, Justice Kathryn Mickle Werdegar stated, “[The ruling allows police] to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or hand-held computer merely because the device was taken from an arrestee’s person.”

But California was not alone.  Michigan State Police officers have been using a device called Cellebrite UFED Physical Pro for the last couple years.  The device scrapes off everything stored on the phone — GPS geotag data, media (pictures, videos, music, etc.), text messages, emails, call history, and more.

Michigan State Police have been reportedly regularly been scraping the phones of people they pull over.

In neighboring Wisconsin, the state Supreme Court has ruled that while such searches are generally illegal, their evidence can become admissible in court if the police demonstrate an exigency (a press need) for the information.

Essentially this ruling offers support for such searches as it indicates that they can give solid evidence and ostensibly offers no repercussions to law enforcement officials conducting the officially “illegal” procedure.

So far the only state to have a high profile ruling against the practice was Ohio.  The Supreme Court of Ohio ruled that warrant-less smart phone searching violated suspects’ rights.  The requested the U.S. Supreme Court review the issue, but the request was denied.

II. What Does the Constitution Say?

The United States Constitution ostensibly is the most important government document in the U.S.  It guarantees essential rights to the citizens of the U.S.

Some of those rights are specified in the Fourth Amendment, part of the original Bill of Rights.  It states:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

The Constitution explicitly states that effects of a person cannot be unreasonably seized without a warrant.

Of course courts must play the vital role of defining what a “reasonable” search is.  But by extending the limits of searches to deem nearly all searches “reasonable”, no matter how tenuous the connection to a suspects detainment, this and several other decisions have created an erosion of the protections in the amendment.

Essentially what court rulings in California, Michigan, and Wisconsin indicate is that the courts believe the Constitution is no longer valid, or that certain Constitutional freedoms can be specially selected for elimination.

The law and our losing the path :

The legal battle over the terms here has come down to the nature of papers and effects where they regard digital media as I understand it. I sat in on the EFF talk at Shmoocon where this very topic was brought up. It seems, that the gray areas of just what is a laptop or a phone as opposed to a “cabinet or desk” is a key factor in how some interpret the legalities of searching someone’s hard drive or phone. In my opinion, they are the same thing. A laptop is a case in which my data is stored, just like a desk or a room, which, you MUST get a warrant to search.

But, that’s just me I guess.

Personally, as the title of this post alludes, I believe that all of this started as soon as John Yoo and the Bush administration began to twist the laws concerning not only torture, but moreover, the use of warrant-less wiretaps. Post 9/11 the US went mad for tapping of phones/data at the trunk level in such instances like the one in the MAE West where they put in the NARUS STA6400. This was the biggie for me because that system hoovers ALL of the traffic, there is no selectivity over it at all. Sure the STA6400 can sift the data, but it needs ALL of the data in order to sift and data-mine. Who’s to say what data becomes important other than those who are running the compartmentalised program that has to report nothing to anyone because it is too secret.

What allowed for all of this to happen and then for the over-reaching to continue was 9/11 itself. Having been in NYC at the towers just before the attacks and working there just after in the hole, I know how many felt after it all went down. We here in the US had only had a handful of terrorist attacks within our borders and those were nothing in comparison to what took place on that day.

We all felt vulnerable and wanted the government to take care of us. We wanted vengeance, and we wanted a take charge guy.

Unfortunately that “guy” was GW Bush and his posse of cowboys who then began to run rough shod over the constitution and other documents like the Geneva conventions. It was from this need to be protected that the American people just went along with the things they knew about, as well as a healthy dose of over classification by the Bush administration that kept us in the dark as to what they really were doing. It was only later, toward the end of the second term that the full scope of abuses were coming out, and yet, the American populace really did nothing. Sure, we elected Obama who made promises to end the nightmare of abuse… But.. He hasn’t has he?

So, here we are in 2011. Ten years post 9/11, and we are finding our rights being eroded by legal positions and decisions that remove the most basic and cherished rights to reasonable searches slipping away.

Who’s to blame?

Us.

We the people have failed to keep in check the actions of the government and in some cases the courts because we have taken our collective hand off the tiller steering this country. Perhaps we really have no hand on that tiller to start simply because we have created a beast that is too big to control or have any sway over. By just looking at the state of affairs today within the political arena, one has to admit that its becoming more and more akin to what it used to be back in the days of Boss Tweed than anything looking like the era of J.F.K.

Simply put, without the people standing up and calling a foul on these types of erosions to liberty, then we have nothing to complain about when the liberties are taken away. On that list is the rights granted to us all by the fourth amendment. The tough thing now though is that where once your personal belongings were either in your house or on your person. Now, those “papers and effects” live digitally not only on your device that you have on you, but also may exist “in the cloud” as well. A cloud that you “use” and is not “owned” by you.

So sure, a cop could ask you if they can look at your phone data. Do they have to say that they are taking an “alleged” forensic image? Perhaps not, but, the thing about the whole Michigan PD thing is that independent reports have shown that they were not asking, they were just taking images when they felt they wanted to, and this is where they run afoul of due process. As far as I am concerned, a file on a phone that is not on the screen as a cop looks at it while it sits in front of him in plain view, is NOT a document that he should just have the right to fish for without a warrant.

Sorry cops… It’s a country of laws, no matter how you try to spin them so you can cut corners.

On the other hand, I know how hard it must be for the police forces of the world to do their jobs now in a digital world. Especially one that so few really understand and likely fear. These magic boxes called phones and computers now hold data that could easily make a case for crimes, but, you just can’t take them and rummage through them just like anything else where due process is concerned. What’s more, I know for a fact that unless you are a forensic investigator, AND you have a decent tool, YOU WILL MISS DATA. Which will lead potentially to acquittal because you did not follow processes such as chain of custody in E-Discovery.

For some though, I am sure it’s just about cutting a corner to make a collar… And that is not how the law is supposed to work.

Our complicity in our own privacy erosion:

Meanwhile, in the last few days another spate of news articles warned about how the iOS and Android systems were collecting data on our movements and details. This particular story is not new if you have been paying attention, it was just the aggregate amount of data that we saw being collected by the iOS particularly that shocked the general populace. For these people I have news for you;

This data and even more have been collected on you all for every service that you sign up for on the Internet. Every phone call you make, every text you send, every picture you upload. All of it is available to someone else who has access to the data.

It’s not private.

YOU have been giving away your personal data every minute of every day that you upload or pass through the telco/Internet systems.

So, even if laws are being subverted on personal searches, your data can and will be taken from the likes of Twitter and other services, perhaps even through NSL letters to those hosts and you will be none the wiser. For every post you put up on Facebook with all of your personal details, not only are you sharing that data with your “friends” but the company and whoever they want to sell it to as well.

The privacy you think you have.. Doesn’t exist.

In the case of the iOS data, no one knew about it from a customer perspective, but I am sure that there was some small print somewhere in the EULA when you bought the phone that allows Apple to collect the data… Not that they have to tell you they are doing it in big letters or clear language. So, that data too is not completely yours any more once you have agreed to their agreement to use/own the phone.

The short and long of it is that we are giving up our right to privacy for shiny toys and a sense of security that we can never really have.

In the end, the data that the iOS collects has yet to be proven to be sent to the Apple mother ship. Apple to date, has made no statement on the collection of the data nor the reasons for doing so. One can assume though, that they have some sort of location based software solution that they want to sell down the road and really, it’s caveat emptor. I am just glad that the security community likes to tinker and found this stuff, bringing it to light.

We are all to blame.

Unless we all take up the battle against the loss of privacy then we have none. Just as well, unless we speak truth to power and stop the erosion of rights to privacy within our body of laws, then we have nothing to complain about. We will have done it to ourselves.

K.