Category Archives: Privacy & Surveillance

Visualizing Clinton Emails As A Means of Investigating the Future

The the MIT Media Lab Macro Connections group created a data visualization tool for the Clinton/Podesta/DNC emails that Wikileaks made available.  It is well worth a look. Thanks to Saul for bringing this research to my attention.

Cesar A. Hidalgo, the professor on the project, wrote about what he learned from it.  A few quotes stood out for me:

These emails are relevant because Clinton was a person in charge of doing a security job, and anyone working on a security job, is not supposed to communicate using an unsecured or unauthorized channel. This should be obvious, since each extra channel of communication increases the vulnerability of the system by increasing the probability that messages are intercepted. So the reason why Clinton’s emails are a big deal is because a person in charge of security should not be using an unsecure channel, and those who argue from that perspective have a valid point. The fact that the emails were hacked and exposed validates that point.

Which gets to the point we (the Pirate Party) made when the Podesta emails first came out, since, in a sense, we are all in charge of our own security:

As a Pirate, I found professor Hidalgo’s statement that his motivation for this effort “comes from my support for a society where people have direct access to relevant sources of information through well-designed data visualization tools” aligns well with my own philosophy. We cannot know what our government and our representatives are doing in our name without access to the information they have, presented in a way that people can intelligently make their own assessments of it.

In thinking about how we increase people’s power over our government, I found this statement interesting as well:

So what I got from reading some of Clinton’s email is another piece of evidence confirming my intuition that political systems scale poorly. The most influential actors on them are spending a substantial fraction of their mental capacity thinking about how to communicate, and do not have the bandwidth needed to deal with many incoming messages (the unresponded emails). This is not surprising considering the large number of people they interact with (although this dataset is rather small, I send 8k emails a year and receive 30k. In this dataset Clinton is sending only 2k emails a year).

Our modern political world is one where a few need to interact with many, so they have no time for deep relationships — they physically cannot. So what we are left is with a world of first impressions and public opinion, where the choice of words matter enormously, and becomes central to the job. Yet, the chronic lack of time that comes from having a system where few people govern many, and that leads people to strategize every word is not Clinton’s fault. It is just a bug that affects all modern political systems, which are Ancient Greek democracies that were not designed to deal with hundreds of millions of people.

In my mind the solution to this issue is to setup systems so that people are able to make more decisions about government. Not faulty marketplace democracy with its one dollar one vote, but true democracy of one person one vote. Proportional representation instead of winner take all elections. Sadly, I find many adherents of the two old political parties don’t get this. We have a long road to travel until we get there, but we will.

Two good short stories about privacy & the corporate nanny state

Two short stories that bring together the pitfalls of big data and the internet of things.

  • One Star, about what to do when your self-driving taxi decides to drive you to the police because you fit a profile instead of your destination;
  • Dada Data and the Internet of Paternalistic Things, takes the fact that Target knows when you are pregnant and runs with it in a most paternalistic conclusion.

First they came for an iPhone 5c

Posting here and at masspirates.org.

The FBI got a judge to order Apple to create a custom iOS version so they can decrypt the work iPhone 5c of Syed Farook, one of the San Bernardino shooters. They want Apple to push out a custom version that will disable the delays between wrong pin entries and the ten wrong pin tries and the phone gets wiped security feature. Apple is fighting it.

This Tuesday the Pirate Party is joining with Fight for the Future to protest the judge’s order. We will meet at 5:30pm at the Apple Store, 815 Boylston Street in Boston. Join us and stand up for your privacy and right to keep your data encrypted and secure.

Considering that ISIS didn’t know about the attack, it is doubtful there is much on the phone that will help them get other leads. The FBI can already request the metadata (who was called, when, how long, from where) for Farook’s communications using the phone or any other service the shooters used. The mobile phone providers are always willing to provide that information, often for a fee. Whatever other info they need, the NSA has likely gathered it with their mass surveillance program. FBI could use the NSA’s data to identify what other information they need and then get a subpoena to get the data legally, though unconstitutionally.

SnowdenFBIXKeyscore

It isn’t as if the Federal government hasn’t used parallel construction in the past.

The phone was owned by Farook’s employer, the San Bernardino Health Department, and someone there reset the phone in an attempt to gain access. Had they not, the FBI could have backed up the data to Apple’s iCloud service and gained access to it. It isn’t clear who made the decision to reset the password.

Which is all good for the FBI, because it gives them the excuse they need to force Apple to modify iOS to make it easier to break into, and set a precedent for getting a backdoor in any phone, even newer ones. Once those backdoors are there, anyone can take advantage of them whether the security services of other countries, criminals or abusive ex-boyfriends. That process may already have begun with China.

So please come out this Tuesday and join the Pirate Party, Fight for the Future and others to protest the judge’s order. We will meet at 5:30pm at the Apple Store, 815 Boylston Street in Boston. The more people who stand up for privacy and encryption, the stronger is our message.

More articles to read on this subject:

SSL Migration Progressing (Updated)

Update: I have installed SSL certificates for all of my sites which have images on this site. All of the side bar images are back up.

One of the reasons I migrated from Typepad to another hosting provider, was so I could enable SSL on my site. Making sure your site supports SSL is the one of the basic efforts you can do to support encrypting the web.

I set it up for my main domain a few weeks ago, but since some of the images I use are on sites that didn’t use https, my blog did not appear to be completely secure.

I have adding SSL to two of my (sub-)sites, and will finish the rest tomorrow. I have removed the non-SSL widgets so the site shows a nice green lock and will add them back then they are all set. As an added bonus, I removed a bunch of tracking javascript that Typepad adds to their photo galleries that I don’t need.

One up shot of this effort is that I have a nice set of instructions that work for my setup which will help speed the process in the future.

Video of Cory Doctorow speaking at Suffolk University

Cory Doctorow and others spoke at the Ford Hall Forum at Suffolk University on Oct. 13, 2015. The talk was The Remote-Controlled Society. It was a pleasure to work with Suffolk and the Boston University Computer Science department to make this talk happen.

I recorded some of it and put it up at the Massachusetts Pirate Party YouTube account. Reminder to self: always use a tripod when recording video.

The Ford Hall Forum posted video of the entire discussion.

He also spoke at the Berkman Center that same day.

Boston Security Meetup Talk

I gave a brief talk on the state of government and corporate surveillance at today’s Boston Security Meetup.  My slide deck is available in PDF and Open Document Format.  Thanks to Akshat, Will, Ryan, Alex, Max, Chris, Lucy and everyone else who made this meetup possible. Thanks also to LogMeIn for hosting.

You can sign up for the Massachusetts Cryptoparty email list. The next cryptoparty will be Wednesday, Feb. 24th, 6-9pm, at Parts & Crafts, 577 Somerville Ave, Somerville.

Supreme Court Kills 4th Amendment On-line

Posted this at masspirates.org on 2/27/2013.

Yesterday the Supreme Court killed our 4th Amendment right to privacy on-line. In a 5-4 vote, they ruled that the ACLU and other plaintiffs did not have standing to bring their case challenging the FISA Amendments Act that allowed warrantless wiretapping. Since they concluded that “a fear of surveillance does not give rise to standing” and such warrantless government surveillance is secret, no one can challenge the Constitutionality of such surveillance. This Catch-22 is a recipe for unchecked government power.

We now know that the NSA’s secret domestic intelligence program has a name: Ragtime. According to a new book, Deep State: Inside the Government Secrecy Industry, about three dozen NSA officials have access to Ragtime’s surveillance
data. Additionally, a small number of people in the NSA’s general counsel’s office review the list of citizens surveilled to make sure they have connections to al-Qaeda.  While Ragtime may only be able to process 50 different data sets at one time, the facility
that the NSA is building in Utah will likely increase that number as well as allow the NSA to store larger amounts of our communications for increasingly longer periods of time.

Doubtless some will say that the existing NSA safeguards are enough to protect innocent people from getting caught up in a government dragnet. However, recent surveillance of the Occupy movement, COINTELPRO and Watergate show government officials will use their power to go after even peaceful dissent. The 4th Amendment was a check on that power. A check that five members of the Supreme Court, many of whom claim to want to return the Constitution to the original intent of the Founding Fathers, feel we don’t need on-line.

It is up us to protect our privacy and overturn such unjust and undemocratic laws.  We cannot trust those in power to do it.