With so many setbacks in the fight for privacy and encryption it appears we finally have two Congressmen willing to fight to keep smartphone encryption strong. Congressmen Ted Lieu and Blake Farenthold have introduced legislation that will stop states from passing bills that require device manufacturers to install crypto backdoors into their products. The idea of individual states requiring such backdoor access from device manufactures (who sell their products all over the world) is sheer stupidity on its face. But stupidity has never stopped misguided lawyer politicians. What is even more remarkable is that Congress actually has four members that have computer science backgrounds. I thought the total would be closer to zero. I’ve always assumed people with high levels of technical education or training would run screaming from the insanity of Washington. I guess that is my cynical side showing. Anyway, representative Lieu is one of those members. The bill is called the “Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016.” Read the full article at Arstechnica and let your congressional representative know you support this bill.
Here is another reminder why people who are concerned about their privacy are not being paranoid but reasonable in light of what is going on. This story highlights the warrantless surveillance being done by the police in Anaheim, California. They are using something called a DRTBox (DirtBox), developed by a Boeing subsidiary, to listen in on cell phone calls using spoofed cell towers. They can capture cell phone calls and text. These DRTs (Digital Receiver Technology) are flown in planes (maybe drones) over cities where they can pick up tens of thousands of phone signals from miles around. They basically trick your phone into connecting to their fake “tower” by using a strong signal (phones will connect to the strongest tower). DRTs also collect unique hardware numbers (IMEI) so they can track each individual phone. Even better, they can crack encryption keys. Most of the new cellular technology like LTE uses strong encryption. But your phone will still fall back to the older GSM technology if 3G and 4G connections are not available. GSM is easily crackable. By jamming 3G and 4G signals they can force your phone to use GSM and crack the encryption. They can quickly determine who you are, where you are, and what you are saying. It just goes to show that people who use application level encryption like Signal, PGP, and Redphone for example aren’t paranoid crooks but normal people behaving rationally in the age of mass state surveillance.
I don’t normally write about economic issues, but this story in The Telegraph caught my attention. I’ve always wondered how Western countries could go on acquiring more and more debt without consequence decade after decade. Continued stimulus in the form of low interest rates seemed to me to be fueling bubble after bubble in the economy. At some point it seems like people would realize that there is nothing backing up all this debt. Printed money without anything of value backing it seems worthless to me. At some point there has to be a reckoning when investors seriously assess how much all these debt backed assets are worth. My thought was that sooner or later there would be another crash and governments would be unable to throw more money at the problem and push the financial reckoning into the distant future. In short, we would have to face economic reality and it would hurt. William White, the Swiss-based chairman of the OECD’s review committee says is going to happen sooner rather than later and it will be very painful. Here told The Telegraph “”It will become obvious in the next recession that many of these debts will never be serviced or repaid, and this will be uncomfortable for a lot of people who think they own assets that are worth something.” In my opinion, this will be worse than 2008 because there are no more bullets left in the gun so to speak. The Fed and other Central Banks can’t lower interest rates forever and government’s are in too much debt to launch major spending sprees on infrastructure. China could be the catalyst that starts the collapse. Read the article and decide for yourself.
Our government desperately wants tech companies to stop using end to end encryption in their apps and services without providing some kind of back door for law enforcement. They want you to believe that terrorists are using WhatsApp, iPhones and other technology with encryption capabilities to communicate secretly. Technologists have long said that forcing these companies to weaken their encryption won’t stop terrorists. Such weakened encryption will only hurt innocent people while the terrorists move on to other technology. Well, there is a story in TechCrunch that proves the point. It seems ISIS has developed its own encrypted app called “Alrawi” in order to communicate secretly. In order to stop this kind of communication the tech companies would have to further weaken the security and privacy of their operating systems. The calls by government for more back doors will only grow louder and louder. It is a race to the bottom for internet security. Read the story here.
The Washington Post ran a story that seems to sum up in one neat package the direction in which our society is headed in the new age of surveillance. It illustrates the confluence of social media, government tracking, corporate data mining, and computer logic. There is simply too much juicy data laying around not to tie it all together in new and creative ways. The city of Fresno, CA has been evaluating a system that will assign a threat score to any person the police encounter. The system pulls data from a myriad of sources like traffic cams, license plate readers, special police cameras around the city, police body cams, social media postings, public records data, and cell phone metadata. The data is analyzed by a software called (eerily enough) “Beware.” Of course, the software is proprietary so no one can independently verify how it works or how it calculates a person’s score. Each person run through the system gets a score – green, yellow, or red. They don’t need a warrant to do this. People are protesting and the police department is considering its options. A system like this is ripe for abuse and violates the privacy of everyone it targets. But that won’t stop companies from trying to push this software on police departments around the country (there is too much money to be made). So, beware of “Beware.” I’m sure it is coming to a city near you! Read the story for yourself at the Washington Post.
Here is an interesting article from Motherboard regarding FBI hacks of over 1,300 computers using only one specific warrant. The takeaway is the that just because you are on the dark web doesn’t mean you are safe from discovery. The FBI has used various techniques over the years to identify TOR users including infecting their machines with malware and exploiting software vulnerabilities (like flash exploits). They group these hacking techniques into something called “network investigative techniques” or NIT. There are many vulnerabilities in software some of which are not yet generally known. Being anonymous on the Internet is not as easy as it may sound. Here is the link – http://motherboard.vice.com/read/the-fbis-unprecedented-hacking-campaign-targeted-over-a-thousand-computers
Random Thought – you know those ridiculous privacy policies we all have to read before we can install an app or any other piece of software? We all know no one reads that crap unless they’re a lawyer. Well, I understand the legal requirements for a detailed policy written in legalese. But I have an idea – from now on why not make the companies publish a brief blurb (several bullet points) outlining what info they will collect and whether it will be sold to third parties. This can serve as a summary of the more detailed policy. You can use that information to decide if you want to read the rest of the policy. Of course, they can still say you must read and accept the whole policy, but at least you’ll know quickly what personal details they are going to be be getting our of your phone, computer, or tablet and who is going to get their hands on it. Oh, and will Android please let us selectively choose which access permissions we want each app to have??? The requirement that we accept all their “access requirements” or don’t get the app really sucks. My flashlight app does NOT need to know my location or contacts for crying out loud! I know they do this to make money, but if I knew which personal details about me they were going to collect and sell I’d probably be willing to pay a little for the app in exchange for no personal data being collected in the first place. Just a thought…
Hello, I’m Jim and this is my new site. The site is under construction. Please check back soon. This blog will be about free speech and privacy in the digital age (or whatever else I feel liking writing about).