Friday, November 26, 2010

Wikileaks: Part of Why I'm Itchy About Database Function Creep And The "One Big Database" Approach To Government Records

This story is about the wikileaks and how low level access to "secure" databases can lead to information being disseminated without controls. While I am ambivalent about some of the information wikileaks has released (specifically the names of informers in Afghanistan and such), I am actually more concerned about what these kinds of incidents mean for our collective privacy.

The anti-war guy, and anti-secrecy guy in me applauds transparency, the privacy freak in me is worried about protecting the medical databases that I am charged with protecting as part of my occupation. Technology, privacy, security, and records management are all inextricably interlinked.

"Manning claimed to have leaked 260,00 cables. But he was charged on July 5 with downloading more than 150,000, and with allegedly leaking at least 50 of them to an unauthorized third party.

The cables were widely accessible within the U.S. military under an information-sharing initiative called Net-Centric Diplomacy.

Established in the government’s post-September 11 drive to break down information barriers between agencies, Net-Centric Diplomacy makes a subset of State Department documents available on the Secret Internet Protocol Router Network, or SIPRNet, the Pentagon’s global, Secret-level wide area network. SIPRnet is accessible to cleared American military service members and civilian agencies around the world."

Wired Mag - WikiLeaks Diplomatic Cable Dump Reportedly Imminent

----

Once again - your privacy is at stake. Suppose someone dumped a secure police database and your name was in there as having provided eyewitness information related to a gang hit. That would probably not be good.

Suppose University registration information was released - home addresses of students (which has happened) and some guy was stalking a young woman (which has happened).

"One big database" as a goal has unintended consequences.

How Do Airport Scanners Work? Excerpts And Links To Easy To Read Explanations



The above question asked on google has been worth about a quarter of all the hits on my blog according to SiteMeter.

So here is some information on how the two kinds of airport scanners work:

"Backscatter X-ray is an advanced imaging technology. Traditional X-ray machines detect hard and soft materials by the variation in transmission through the target. In contrast, backscatter X-ray detects the radiation that reflects from the target. It has potential applications where less-destructive examination is required, and can be used if only one side of the target is available for examination.

The technology is one of two types of whole body imaging technologies being used to perform full-body scans of airline passengers to detect hidden weapons, tools, liquids, narcotics, currency, and other contraband. A competing technology is millimeter wave scanner. These airport security machines are also referred to as "body scanner", "whole body imager (WBI)", and "security scanner""

http://en.wikipedia.org/wiki/Backscatter_X-ray

----

"The TSA has slowly been implementing the use of X-ray scanners in airports (so far, 38 airports have 206 of the machines) in order to see through passengers' clothes and check them for explosive devices. Officials have asserted that the machines are okay to use on the basis of the everyday use of X-rays in medical offices. However, a group of four UCSF professors pinpointed several important differences between the medical X-ray machines and those used in airports. They described the issues in a letter to Dr. John P. Holdren, the assistant to the president for science and technology."

"A normal X-ray image is a familiar sight—depending on the exposure, an X-rayed person typically appears only as a skeleton. This is because the X-rays used in those machines penetrate the skin and can only scatter off of the larger atoms in bones.

Unlike a medical X-ray, the TSA X-ray machines are a sci-fi fan's dream: they are lower-energy beams that can only penetrate clothing and the topmost layers of skin. This provides TSA agents with a view that would expose any explosives concealed by clothing. But according to the UCSF professors, the low-energy rays do a "Compton scatter" off tissue layers just under the skin, rather than the bone, possibly exposing some vital areas and leaving the tissues at risk of mutation."

"Because the X-rays only make it just under the skin's surface, the total volume of tissue responsible for absorbing the radiation is fairly small. The professors point out that many body parts that are particularly susceptible to cancer are just under the surface, such as breast tissue and testicles. They are also concerned with those over 65, as well as children, being exposed to the X-rays."

ars technica - FDA sidesteps safety concerns over TSA body scanners

----

"A millimeter wave scanner is a whole body imaging device used for airport security screening. It is one of two common technologies of full body scanner used for body imaging; the competing technology is backscatter X-ray."

"Clothing and many other materials are translucent in some EHF (millimeter wave) radio frequency bands. This frequency range is just below the (related) sub-millimeter terahertz radiation (or "T-ray") range.

The millimeter wave is transmitted from two antennas simultaneously as they rotate around the body. The wave energy reflected back from the body or other objects on the body is used to construct a three-dimensional image, which is displayed on a remote monitor for analysis."

"Millimeter wave radiation and radio frequency radiation is not genotoxic (unlike X-rays and ultraviolet radiation), but chronic exposure to lower frequencies of microwaves in some animal studies have been correlated with accelerated development of existing tumors.

A study conducted by Boian S. Alexandrov and colleagues at the Center for Nonlinear Studies at Los Alamos National Laboratory on Terahertz radiation (which is a 1000 times higher in frequency than mm waves) in New Mexico performed mathematical models how terahertz fields interact with double-stranded DNA, showing that, even though involved forces seem to be tiny, nonlinear resonances (although much less likely to form than less-powerful common resonances) could allow terahertz waves to "unzip double-stranded DNA, creating bubbles in the double strand that could significantly interfere with processes such as gene expression and DNA replication". Experimental verification of this simulation was not done and as the effect is frequency dependant the studies do not cover the mm wave region of the spectra were the whole body scanners operate."

http://en.wikipedia.org/wiki/Millimeter_wave_scanner

----

This next article is a really good one:

"Another group of scientists at the University of California, San Francisco, sent a letter to the President's science and technology adviser arguing that the X-ray scanner poses a greater risk than medical X-rays and the radiation absorbed during a flight. In those two cases, the radiation is distributed evenly throughout the body, the doctors say. The radiation from the scanners, however, is embedded in the skin, resulting in a higher concentration of radiation in a given area.

Questions remain including how the X-ray scanners will affect frequent flyers (including businessmen and flight attendants who could go through security anywhere from 200 to 400 times a year), children, pregnant women and travelers with weakened immune systems. There is also a question of what could happen should a machine get stuck or fail, potentially blasting one point on a person's body with excess X-ray radiation.

The good news about scanners: Millimeter wave scanners, which are also in use at airports around the country, use very far infrared waves, waves at the opposite end of the electromagnetic spectrum from the dangerous ionizing radiation of X-ray waves. X-rays are shorter waves that can penetrate the skin and alter DNA. Millimeter waves, by contrast, are longer waves that penetrate clothes but stop at the skin. The millimeter scan is akin to a heat lamp and is considered to be far safer than X-ray scanners."

Physics Central - Airport Body Scanners: To Fear or Not to Fear?

----

And finally:

PCWorld - X-Ray Body Scanner Hubbub: The Naked Truth

----

Enjoy

Thursday, November 25, 2010

One More Person Standing Up For Stacy Bonds After Her Horrific Strip Search

"David M. Tanovich is a professor of law at the University of Windsor and academic director of the Law Enforcement Accountability Project (LEAP)."

"In R.v. Golden, the leading constitutional case on strip-searches, the Supreme Court of Canada recognized that "[w]omen and minorities in particular may have a real fear of strip searches and may experience such a search as equivalent to a sexual assault." Indeed, as Bonds puts it, "I was mentally and verbally raped."

The trial judge concluded that the only reasonable explanation for the officers' conduct was "vengeance and malice." He didn't link it to any prior event but presumably it was for Bonds' questioning the authority of the police earlier on the street. As Bonds is a black woman, there is also the lurking question of whether race and/ or gender were a factor not only in their decision to stop her on the street, but also to subsequently humiliate her. Given what we know about racism in policing and given that one of the officers was earlier temporarily demoted for assaulting and repeatedly Tasering a young woman in a cell less than a week before this incident, this is a very real likelihood."

Sourced from:

The Ottawa Citizen - What were the prosecutors thinking?

University of Windsor, Faculty of Law - What were the prosecutors thinking?

----

Bravo to the Ottawa Citizen for publishing the above piece.

Please read the full editorial linked to above.
The two posts have slightly different biographical notes, but are otherwise verbatim.

I post this story on my blog because privacy is about security. Knowledge is power. Privacy is about secuirty of self from intrusion and abuse at the hands of those who would use information to further their own ends without your permission.

Privacy and freedom from unwarranted state intrusion and interference are important. The police video shows what happens when constraints on those in power are not applied.

The guy I know from Chile, that I have spoken about in other posts, talked about serving in the Chilean military after the coup. He talked about how any woman on the street after curfew was fair game to be gang raped by the military patrols. How the rapes were not reported by the women because they would suffer an even worse fate if they reported the crime against them. They would be arrested for violating curfew and then be wholly in the hands of that murderous regime.

How members of his unit would be at church on Sunday with their mothers after committing barbarous acts the week prior.

He deserted the army and fled Chile.

The Stacy Bonds story tells me that it can happen here. We had martial law here in Canada during the FLQ crisis. The only party (the NDP) that voted against martial law (the NDP proposed amendments to police powers instead) was punished at the polls in the subsequent election. Remember - the entire country was under martial law - not just the parts of Ontario and Quebec that were affected by the situation.

Once again I will restate my support for police and their work. I want police to come rescue my ass when something goes wrong. I want people who can bust heads come help me out. What I don't want is police who think they are above the law, and who abuse their authority.

As I said in my post "Toronto Police Using Facial Recognition Software To Find G20 "Most Wanted""

"I want to underline my fervent support for police and their work, however, I just know far too many enforcement officers that take preserving the public order a little too far (think mass arrests of people at the G20 subsequently released with no charges)."

The following video is highly disturbing. Imagine yourself in the same situation. Imagine you just asked a police officer why they stopped you.

I post this video because I find it so disturbing. I had to force myself to watch it all the way through. I wanted to stop watching it, but continued as a personal attempt to bear witness to Stacy Bonds' ordeal. To, after the fact, stand with her. The police officers actions constitute torture. At a distance I cannot do anything but try to shed the light of truth and transparency on the indignities and assault perpetrated on Stacy Bonds.

Does This UN Resolution Mean That It Is Now OK To Execute Gays?

"The United Nations has removed a plea for lesbians, gays and bisexuals not to be executed in a narrow vote.

For the last 10 years sexual orientation has been included in a list of discriminatory grounds for executions – gay rights activists say the vote to remove that listing is “dangerous and disturbing.”

The UN resolution urges countries to protect the right to life of all people, calling on them to investigate killings based on discriminatory grounds. Sexual orientation was previously listed as one of these forms of discrimination, alongside ethnicity, religious belief and linguistic minorities.

Others protected by the resolution were human rights defenders (like journalists, lawyers and demonstrators), street children and members of indigenous communities.

But now sexual orientation has been taken out of the list."

PinkPaper - Countries vote to accept execution of gays

(Hat tip to Andrew Sullivan for this story)

----

I have expressed concerns before about the use of invasive technology on populations. Once again, I remind people of the concern we should all share when the state becomes unfettered in its ability to monitor its citizenry. I have discussed what can happen to privacy with creative data mining.

Re-read my post "Project 'Gaydar': At MIT, an experiment identifies which students are gay, raising new questions about online privacy"

I quote my own commentary below:

"This is an example of the power of data mining - and new applications for the kinds of algorithms used for searching, data mining, and market research. These two researchers have used the same kind of techniques that facebook uses when its automated systems decide what ads you should see when you are logged in.

The information about whether a person is gay or not could have potentially devastating consequences for the individual. Think about what would happen if the government of Iran or another fundamentalist (like Saudi Arabia) or stridently anti-gay regime (think Uganda [Fear grows among Uganda’s gay community over death penalty draft law]) decided to keep track of its students living abroad..."

Ok, What's Next In Airport Searches?

"What's Next?

With increasing privacy violations at the airport, the hot topic on many people's minds is -- where will the TSA stop?

There's been growing speculation about terrorists trying to smuggle explosives by inserting them in their rectum. A Saudi suicide bomber already smuggled a bomb in his anal cavity. A terrorist, in theory could smuggle a bomb onto a plane in their anal cavity and then remove it and detonate it.

Current generation scanners are likely not capable of detecting low-density explosives inside the anal cavity.

If such an attack is attempted, the TSA may have to opt for even greater "enhancements" to its already intimate screening protocol.

And in reality there's probably plenty of vulnerabilities that haven't been thought of. What is clear is that the public likely faces a choice between continuing to give up their freedoms or drawing a hard line now and resisting the current protocols."

DailyTech - TSA Defends Its Right to Pat Downs, Nude Scans in Light of Protests

"For sexual crime victims, TSA pat-downs can be 're-traumatizing'"

"The TSA's latest efforts to increase airport security include 'enhanced' pat-downs that have been criticized as invasive. Rape counselors advise that victims know their rights to protect themselves."

"As the outcry grows against the new security screenings at US airports, one population may face a special burden at TSA checkpoints: victims of rape or sexual assault who are now confronted with a procedure that they feel explicitly strips them of control over their bodies.

The experience “can be extremely re-traumatizing to someone who has already experienced an invasion of their privacy and their body,” says Amy Menna, a counselor and professor at the University of South Florida who has a decade’s experience researching and treating rape survivors.

Nationwide, an estimated 1 in 6 women and 1 in 33 men have been the victim of an attempted or completed rape, according to a consensus of figures compiled by the Department of Justice, FBI, and Centers for Disease control. About a quarter of a million people each year report a sexual assault.

Dr. Menna recommends that people know their rights so that they can avoid the sense of powerlessness when going through a security check"

Christian Science Monitor - For sexual crime victims, TSA pat-downs can be 're-traumatizing'

----

1 in 6, and 1 in 33 people have been the victim of an attempted or completed rape.

And the U.S. government is allowing aggressive groping searches.

Sensitive governance...

Wednesday, November 24, 2010

Some interesting 2009 Internet Statistics

Learn them now, impress your friends with your tech and intertubes savvy coffee conversation.

"Email

* 90 trillion – The number of emails sent on the Internet in 2009.
* 247 billion – Average number of email messages per day.
* 1.4 billion – The number of email users worldwide.
* 100 million – New email users since the year before.
* 81% – The percentage of emails that were spam.
* 92% – Peak spam levels late in the year.
* 24% – Increase in spam since last year.
* 200 billion – The number of spam emails per day (assuming 81% are spam)"

Royal Pingdom - Internet 2009 in numbers

MotorTrend Trashes Limbaugh: "Just remember: driving and Oxycontin don’t mix"

"You said, “Folks, of all the cars, no offense, General Motors, please, but of all the cars in the world, the Chevrolet Volt is the Car of the Year? Motor Trend magazine, that’s the end of them. How in the world do they have any credibility? Not one has been sold. The Volt is the Car of the Year.”

So, Mr. Limbaugh; you didn’t enjoy your drive of our 2011 Car of the Year, the Chevrolet Volt? Assuming you’ve been anywhere near the biggest automotive technological breakthrough since … I don’t know, maybe the self-starter, could you even find your way to the front seat? Or are you happy attacking a car that you’ve never even seen in person?"

"Back to us for a moment, our credibility, Mr. Limbaugh, comes from actually driving and testing the car, and understanding its advanced technology. It comes from driving and testing virtually every new car sold, and from doing this once a year with all the all-new or significantly improved models all at the same time. We test, make judgments and write about things we understand."

MotorTrend - Rush to Judgment

----

MotorTrend makes some really good points in its post which I urge you to take a full read of. The post speaks for itself. It's a fun read.

Wired: "Retinal Implant Restores Vision in Blind Mice"

"A new type of prosthetic eye may someday allow blind people to seamlessly see the broad sweep of an ocean or the dimples in a baby’s face. The approach, presented Nov. 13 at the Society for Neuroscience’s annual meeting, may benefit the estimated 25 million people worldwide who have lost sight due to retinal diseases.

“This is a spectacular example of what we all hoped to be able to do,” said Jonathan Victor, a computational-systems neuroscientist who was not involved in the new work. “It’s a solution to an abstract problem” that could be useful in many kinds of systems.

Sheila Nirenberg and Chethan Pandarinath, both of Weill Medical College of Cornell University in New York City, tested their new retinal prosthetic in blind mice and found that it allowed the mice to see a baby’s face.

Current prosthetics are limited to reproducing simple features, such as bright spots or edges, but miss much of a scene. Many scientists are intent on boosting the retinal prosthetics’ power, so that the message from the artificial eye to the brain is stronger. But Nirenberg’s work suggests that a second, underappreciated area is also important: the pattern of cell activity in the retina, something she called “a big problem lurking in the background."

Wired - Retinal Implant Restores Vision in Blind Mice

It's not really privacy, but it is technology, and visualisation related. The technology and research involved in understanding how people see will eventually find its way into facial recognition heuristics and related technologies, so this has implications for all those closed circuit TV cameras mounted around all those cities.

It also puts us one step closer to implanted chips that can talk to peoples brains and sensory receptor cells.

Help blind people = good. Help dictatorships spy on their people = bad. Two potential sides to one technology.

----

Picture credit: clipart.com

Tuesday, November 23, 2010

"TSA Chief Apologizes to Airline Passenger Soaked in Urine After Pat-Down" (bladder cancer survivor, urostomy bag)

An airline passenger outfitted with a urine bag for medical reasons had to sit through his flight soaked in urine after a TSA agent dislodged his bag during an aggressive security pat-down. Nearly a month later, he finally received an apology from TSA chief John Pistole.

Tom Sawyer, who wears a urostomy bag as a result of a bout with bladder cancer, explained his medical condition to a TSA agent at Detroit Metropolitan Airport on Nov. 7 after agents noticed something under his shirt during an X-ray scan of his body. When agents told him he’d have to undergo a pat-down, Sawyer asked for it to be conducted in a private room, to which the agent complied.

But Sawyer says the agent showed little sensitivity or patience in conducting the pat-down and, as a result, dislodged the cap on the urostomy bag, releasing urine onto his clothes and body. The agent offered no apology or even acknowledgment of what he’d done, and Sawyer was reduced to tears as he dealt with the humiliation of having to face other passengers in his condition. With no time to change clothes before his flight, Sawyer was forced to endure the journey to Florida in urine-soaked clothes."

Wired Mag - TSA Chief Apologizes to Airline Passenger Soaked in Urine After Pat-Down

----

Picture Credit: AtHomeMedical - Hollister Hollister Ostomy Products FlexTend Urostomy Pouch with Flat Barrier

BBC: "Chip implant developed to help the paralysed exercise"

"A tiny, implantable chip that delivers electrical impulses to aid in exercising paralysed limbs has been unveiled by scientists.

Similar attempts to promote muscle stimulation have been developed before, but have been too bulky to implant."

BBC - Chip implant developed to help the paralysed exercise

TPM: "Pew Study Finds Republican Bias In Landline-Only Polls"


"For years, people have contended that a right-leaning bias exists in public opinion polls that fail to consider cell phone users. This argument has some new backing-- a Pew Research Center report released Monday suggests that polls based on landline-only samples do, in fact, suffer from a Republican bias.

The report, which confirms findings from a mid-October study, suggests that support for Republican candidates is significantly higher when a survey's sample is composed only of landline telephone respondents, rather than both landline and cell phone users ("dual frame samples"). Pew calculates a bias among likely voters in 2010 that is about twice as large as the statistical skew evident in 2008 landline-only election surveys."

TPM - Pew Study Finds Republican Bias In Landline-Only Polls

----

"The number of Americans who rely solely or mostly on a cell phone has been growing for several years, posing an increasing likelihood that public opinion polls conducted only by landline telephone will be biased. A new analysis of Pew Research Center pre-election surveys conducted this year finds that support for Republican candidates was significantly higher in samples based only on landlines than in dual frame samples that combined landline and cell phone interviews. The difference in the margin among likely voters this year is about twice as large as in 2008

Across three Pew Research polls conducted in fall 2010 -- conducted among 5,216 likely voters, including 1,712 interviewed on cell phones -- the GOP held a lead that was on average 5.1 percentage points larger in the landline sample than in the combined landline and cell phone sample.

In six polls conducted in the fall of 2008, Barack Obama's lead over John McCain was on average 2.4 percentage points smaller in the landline samples than in the combined samples"

The Growing Gap between Landline and Dual Frame Election Polls
Republican Vote Share Bigger in Landline-Only Surveys


----

Picture Credit: textually.org

Friday, November 19, 2010

Stuxnet Nuclear Reactor Targeted Computer Virus "Game Changer" For Real World Effects Of Cyber War/Hostility/Threat


"Stuxnet, the first known weaponized software designed to destroy a specific industrial process, could soon be modified to target an array of industrial systems in the US and abroad, cyber experts told US senators Wednesday.

The Stuxnet malware, discovered this summer, was apparently designed to strike one target – Iran's nuclear-fuel centrifuge facilities, researchers now say. But Stuxnet's "digital warhead," they caution, could be copied and altered by others to wreak havoc on a much grander scale.

Variants of Stuxnet could target a host of critical infrastructure, from the power grid and water supplies to transportation systems, four cybersecurity experts told the Senate Committee on Homeland Security and Governmental Affairs."

Christian Science Monitor - Son of Stuxnet? Variants of the cyberweapon likely, senators told
The Stuxnet cyberworm could soon be modified to attack vital industrial facilities in the US and abroad, cybersecurity experts warned Wednesday at a Senate hearing.



----

"WASHINGTON — The Stuxnet worm that infiltrated Iran's nuclear facilities poses a threat to critical industries worldwide such as water, power and chemical plants, cybersecurity experts warned on Wednesday.

Sean McGurk, the acting director of the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC), described Stuxnet in testimony before a US Senate committee as a "game-changer."

Stuxnet, which was detected in July, has "significantly changed the landscape of targeted cyberattacks," McGurk told the Senate Committee on Homeland Security and Governmental Affairs.

"For us, to use a very overused term, it's a game-changer," he said.

Stuxnet targets computer control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other critical infrastructure.

Most Stuxnet infections have been discovered in Iran, giving rise to speculation it was intended to sabotage nuclear facilities there, especially the Russian-built atomic power plant in the southern city of Bushehr.

Computer security firm Symantec said last week that Stuxnet may have been specifically designed to disrupt the motors that power gas centrifuges used to enrich uranium.

Dean Turner, director of Symantec's Global Intelligence Network, told the Senate panel that while 60 percent of the Stuxnet infections detected were in Iran it should be seen as "a wake-up call to critical infrastructure systems around the world."

"This is the first publicly known threat to target industrial control systems and grants hackers vital control of critical infrastructures such as power plants, dams and chemical facilities," Turner said."

AFP - Stuxnet a threat to critical industries worldwide: experts

----

""We have not seen this coordinated effort of information technology vulnerabilities and industrial control exploitation completely wrapped up in one unique package," McGurk said.

Stuxnet illustrates the need for governments and businesses to adopt new approaches to cyberthreats, added Michael Assante, president and CEO of the National Board of Information Security Examiners. "Stuxnet is, at the very least, an important wake-up call for digitally enhanced and reliant countries, and at its worst, a blueprint for future attackers," he said.

As of last week, there were still about 44,000 computers infected with Stuxnet worldwide, with about 60 percent of them in Iran, said Dean Turner, director of Symantec's Global Intelligence Network. About 1,600 of the current infections are in the U.S., he said."

PCWorld - Experts: Stuxnet Changed the Cybersecurity Landscape

----

"Stuxnet, the seemingly unstoppable Windows operating system worm, slithered into the spotlight on Capit0l Hill.

Testifying at a hearing held this morning by the Senate Committee on Homeland and Security Affairs, Dean Turner, director of Symantec's Global Intelligence Network for Symantec Security Response, called Stuxnet "one of the most complex threats we have analyzed to date."

Stuxnet underscores the fact that "direct-attacks to control critical infrastructure are possible and not necessarily spy novel fictions," Turner testified. "The real-world implications of Stuxnet are beyond any threat we have seen in the past.""

"The worm is programmed to infiltrate Industrial Control Systems, computer-driven machinery widely used in manufacturing, pharmaceutical factories, water-treatment facilities, power stations and chemical plants. Stuxnet has the potential to overwrite commands and thus sabotage the infected systems."

USA Today - Unstoppable Stuxnet worm not the work of lone hacker

----

Picture Credit: Ars Technica - Clues suggest Stuxnet Virus was built for subtle nuclear sabotage

Thursday, November 18, 2010

Do Airport "Nudie Scanners" Even Work?

"Italian security officials stopped using the scanners in September. "We didn't get good results from body scanners during testing,” said Vito Riggio, the president of Italy’s aviation authority, describing the scans as slow and ineffective.

British scientists found that the scanners picked up shrapnel and heavy wax and metal, but missed plastic, chemicals and liquids, reported UK newspaper The Independent in January.

“Some of these technological responses to terrorism really start to seem like placebos,” says Susan Herman, President of the American Civil Liberties Union (ACLU) and law professor at Brooklyn Law School. “To the extent that people understand what the benefits are, and the invasion of privacies are, they can make more informed decisions about giving up their privacy for machines that make them feel better, but don’t do the job of preventing any terrorist device from getting on an airplane.”"

Christian Science Monitor - Are TSA pat-downs and full-body scans unconstitutional? The TSA says the pat-downs and full body scans are necessary to keep airliners safe. But critics ask if such intimate searches violate the Fourth Amendment.

----
"And experts in the US said airport "pat-downs" – a method used in hundreds of airports worldwide – were ineffective and would not have stopped the suspect boarding the plane.

Umar Farouk Abdulmutallab, 23, allegedly concealed in his underpants a package containing nearly 3oz of the chemical powder PETN (pentaerythritol tetranitrate). He also carried a syringe containing a liquid accelerant to detonate the explosive.

Since the attack was foiled, body-scanners, using "millimetre-wave" technology and revealing a naked image of a passenger, have been touted as a solution to the problem of detecting explosive devices that are not picked up by traditional metal detectors – such as those containing liquids, chemicals or plastic explosive.

But Ben Wallace, the Conservative MP, who was formerly involved in a project by a leading British defence research firm to develop the scanners for airport use, said trials had shown that such low-density materials went undetected.

Tests by scientists in the team at Qinetiq, which Mr Wallace advised before he became an MP in 2005, showed the millimetre-wave scanners picked up shrapnel and heavy wax and metal, but plastic, chemicals and liquids were missed.

If a material is low density, such as powder, liquid or thin plastic – as well as the passenger's clothing – the millimetre waves pass through and the object is not shown on screen. High- density material such as metal knives, guns and dense plastic such as C4 explosive reflect the millimetre waves and leave an image of the object. "

The Independent - Are planned airport scanners just a scam?
----

As Bruce Schneier and AMERICAblog point out:

Schneier on Security - A blog covering security and security technology: German TV on the Failure of Full-Body Scanners

The video is worth watching, even if you don't speak German. The scanner caught a subject's cell phone and Swiss Army knife -- and the microphone he was wearing -- but missed all the components to make a bomb that he hid on his body. Admittedly, he only faced the scanner from the front and not from the side. But he also didn't hide anything in a body cavity other than his mouth -- I didn't think about that one -- he didn't use low density or thinly sliced PETN, and he didn't hide anything in his carry-on luggage.

Full-body scanners: they're not just a dumb idea, they don't actually work.

----

AMERICAblog
"Everyone who flies wants to be safe but again, when will someone provide solid proof that the body scanners are anything other than a huge waste of valuable money. Numerous experts have pointed out the problems yet that doesn't matter for those buying these expensive machines. Even if you don't understand German, it's easy enough to follow how this physicist beat the system."

----

The video discussed above can be found further down this page. Some of the commenters on Schneier on Security have reasonable points about the technology and the flaws in the video "expose":

"This was a passive scanner working by identifying anything which obstructed the body's natural radiant heat. Notice the way in which ties were quite clearly visible... but the Home Affairs Committee rep's pacemaker didn't show up, because it is subcutaneous.

Bruce - I agree the video can be informative even if you don't speak German, but it can also create quite a misleading impression if you don't understand the details of what's going on. (For instance, if you equate this machine with the millimeter-wave X-ray ones in the media)."

----
"Hmm. These are indeed different to the millimeter wave scanners that are frequently shown in the news. This is ThruVision - which is a passive terahertz imaging system rather than an active EHF system.

I've seen this demoed before, and it's a great system in certain applications. It can actually be used from a distance and on moving subjects, unlike millimeter wave scanners. I was under the impression they were targetting this at knive and gun crime in railway stations and the like.

It's pretty clear that this guy was set-up. He doesn't speak German, he gets railroaded into allowing the guy to wear a jacket, doesn't get to use a metal detector, he isn't allowed to pat him down. He also doesn't appear to be the most charismatic or quick-thinking character and ends up getting pwned. I'd seriously be questioning the reasoning of the people who sent him out there."

----

And the video:



----

Picture Credit: AFP/Getty - MailOnline - Full-body airport scanners face further delays over fears they breach child porn laws

Wednesday, November 17, 2010

Cyber Warfare Reaches From The Net Into The Real World "Stuxnet cyber attack is as good as using explosives" On Iranian Nuclear Facilities

"Researchers from California and Germany dove into the Stuxnet code and found it sought out specialized components used in Iran nuclear centrifuges – and could cause them to explode."

"Stuxnet, the world's first known “cyber missile,” was designed to sabotage special power supplies used almost exclusively in nuclear fuel-refining centrifuge systems, researchers studying its code have revealed. The discovery is another puzzle piece experts say points to Iran's nuclear centrifuge plants as the likely target."

"It now appears that a smoking gun within Stuxnet's software code targets power supplies almost certainly used inside any Iranian nuclear fuel refining plant, researchers say. Working separately, researchers at California computer security firm Symantec arrived at the same conclusion as researchers in Germany late last week: Nuclear-fuel centrifuges were the target.

The researchers followed a complex trail. After cleverly gaining access to computer systems using an array of devious "exploits," Stuxnet searches for and infects only a specific Siemens-made programmable logic controller (PLC) performing specific functions, the researchers found. Then – and this is the part just unearthed – it hunts for identification numbers unique to a special kind of "frequency converter drive" made by just two firms in the world: one headquartered in Finland, the other in Tehran.

Frequency converter drives are a kind of power supply that can change the frequency of its output to control the speed of a motor. The drive responds to a PLC's computer commands and is used for industrial control in factory settings worldwide. Stuxnet hunts for specific drives set at specific speeds – the very high speeds a centrifuge must achieve to physically separate and concentrate uranium isotopes for use as nuclear fuel. Such fuel can then be used in a reactor or, if refined to far higher concentrations, a nuclear weapon.

Symantec researchers were aided by a Dutch industrial control systems expert who revealed the connection with Tehran and Finland firms. It turns out that the special drives Stuxnet targets are built to operate "at very high speeds ... speeds used only in a limited number of applications," Symantec stated in a report update Nov. 12. Such drives are "regulated for export in the US by the Nuclear Regulatory Commission," because one of their main uses is for uranium enrichment, it noted."

"Once Stuxnet has locked its sights on the target, it alternately brings the centrifuge process to either a grinding slowdown or an explosive surge – by sabotaging the centrifuge refining process. It tells the commandeered PLC to force the frequency converter drive to do something it's not ever supposed to do: Switch back and forth from high speed to low speed at intervals punctuated by long period of normal operation. It also occasionally pushes the centrifuge to far exceed its maximum speed."

"Stuxnet "sabotages the system by slowing down or speeding up the motor to different rates at different times," including sending it up to 1410 Hz, well beyond its intended maximum speed. Such wide swings would probably destroy the centrifuge – or at least wreck its ability to produce refined uranium fuel, others researchers say.

"One reasonable goal for the attack could be to destroy the centrifuge rotor by vibration, which causes the centrifuge to explode" as well as simply degrading the output subtly over time, Ralph Langner, the German researcher who first revealed Stuxnet's function as a weapon in mid-September, wrote on his blog last week.

All of the circumstantial evidence points in the same direction: Natanz. "

Christian Science Monitor - How Stuxnet cyber weapon targeted Iran nuclear plant

(again, Dear Readers, click through onto the story that I have heavily excerpted and give CSM some ad views, please. The whole article is really interesting, too)

----

If you haven't read my previous post linking to a Wired story on the change in tactical warfare thought that occurred because of the burning of Atlanta, you should read the story: Nov. 15, 1864: Sherman’s March to the Sea Changes Tactical Warfare

As the Wired article says:

"Sherman was vilified for his barbarism, but the Union commander was a realist, not a romantic. He understood — as few of his contemporaries seemed to — that technology and industrialization were radically changing the nature of warfare.

It was no longer a question of independent armies meeting on remote battlefields to settle the issue. Civilians, who helped produce the means for waging modern war, would no longer be considered innocent noncombatants. Hitting the enemy where he ate and breaking him psychologically were just as important to victory as vanquishing his armies in the field.

Sherman grasped this and, though he wasn’t the first military proponent of total war, he was the first modern commander to deliberately strike at the enemy’s infrastructure. The scorched-earth tactics were effective. The fragile Southern economy collapsed, and a once-stout rebel army was irretrievably broken.

Meanwhile, the marshals of Europe watched Sherman’s progress with fascination. And they learned. "


The whole world is learning from Stuxnet.

Stuxnet is more significant in military terms as the development of the Blitzkrieg, or even probably more significant as the development of mobile armoured artillery (tanks), or military aircraft - it is a paradigm shift. Totally and completely. I won't say it is as significant as the development of the nuclear bomb - but i was going to. Atomic weapons naturally win the significance battle because all life on the planet could be wiped out.

Stuxnet is significant because it allows warfare to be waged secretly. Without major powers having to admit they are taking action.

It also gives large organisations of any kind (think private corporations [think blackwater/Xe]) the ability to wage war.

And it certainly gives groups of individuals the model to create their own cyber weapons. We have nuclear plants too...

And India, China, and Pakistan all have large numbers of awesome programmers - some of whom might be feeling less than charitable toward the United States and its allies (like Canada - of the recent extended Afghanistan mission).

You do the math. Someone else most certainly already is.

Perhaps it's time to stock up on survivalist gear. Freeze dried peas in large cans anyone? Good thing I know some Mormons - they are suppose to always have a year's worth of food and gear in case some cleansing happens:

"“Should the Lord decide at this time to cleanse the Church—and the need for that cleansing seems to be increasing—a famine in this land of one year’s duration could wipe out a large percentage of slothful members, including some ward and stake officers. Yet we cannot say we have not been warned.”"

"I believe that every prophet over the last 60 years has talked about having the Church members get a bare minimum of at least a one year’s supply of basic food items. Though it is not addressed directly in every conference, it is published in a tremendous amount of Church literature, pamphlets, Church handbook of instructions, monthly messages for home teachers and visiting teachers, instruction manuals, etc."


Here's a link to a "Latter Day Saints" compliant list of survival crap (meant in a positive manner) we'll all need (.pdf)

Here's some great stuff courtesy of Wired Mag.

----

Picture Credit: Hasan Sarbakhshian / AP Photo - Exploring Iran's Secret Nuclear Plant (link and photo ripped off via Google images and the Daily Beast...)

Today In Technology History (2 days late): Nov. 15, 1864: Sherman’s Infrastructure Destruction Changes Tactical Warfare

"1864: Union troops under Maj. Gen. William Tecumseh Sherman burn the heart of Atlanta to the ground and begin their March to the Sea. By the time they’re done, the tactics of warfare will be changed forever.

After driving the Confederates out of Atlanta, Sherman entered the city in early September and remained until Nov. 15. Sparing only the churches, courthouse and the city’s private residences, Sherman’s troops cut the telegraph wires and burned everything else of consequence: warehouses, train depots, factories."

"Sherman was vilified for his barbarism, but the Union commander was a realist, not a romantic. He understood — as few of his contemporaries seemed to — that technology and industrialization were radically changing the nature of warfare.

It was no longer a question of independent armies meeting on remote battlefields to settle the issue. Civilians, who helped produce the means for waging modern war, would no longer be considered innocent noncombatants. Hitting the enemy where he ate and breaking him psychologically were just as important to victory as vanquishing his armies in the field.

Sherman grasped this and, though he wasn’t the first military proponent of total war, he was the first modern commander to deliberately strike at the enemy’s infrastructure. The scorched-earth tactics were effective. The fragile Southern economy collapsed, and a once-stout rebel army was irretrievably broken..."

Wired Mag - Nov. 15, 1864: Sherman’s March to the Sea Changes Tactical Warfare

----

Total warfare. Destruction of infrastructure. Infrastructure and technology as an integral part of the military equation.

That's why this article is being posted on a technology, freedom, and privacy blog.

----

Picture credit: Wired Mag - Nov. 15, 1864: Sherman’s March to the Sea Changes Tactical Warfare

Transportation Security Administration (TSA) and Senator Defend Airport "Naked Scanners"

"The US official leading the introduction of controversial full-body x-ray scanners and body "pat-downs" in US airports defended the practice Tuesday, insisting they were "the best technology" to protect against terrorist attacks.

Independent Senator Joe Lieberman, chairman of the Senate Committee on Homeland Security that held a hearing on the issue, was also quick to support the "difficult" and "sensitive" effort, maintaining "it is necessary" to ensure aviation safety.

"This is unfortunately the world in which we live," Lieberman told the hearing on air cargo security, held in the wake of an attempted cargo plane bombing that originated from an Al-Qaeda-affiliated group in Yemen.

John Pistole, administrator of the Transportation Security Administration (TSA), told lawmakers that he thought "everybody who gets on a flight wants to be sure the people around them have been properly screened.""

AFP - US transport official, top senator defend 'naked' scanners

----

"Several senators asked Pistole to address public criticism of the body-imaging machines and more intrusive pat-downs the agency is using. Pistole said the tougher screening is necessary, and that the FDA has found the imaging machines to be safe. Going through the whole-body scanning machine is similar to getting about three minutes of the radiation that passengers receive at 30,000 feet on a typical flight, he said.

Pistole said his agency was working to address pilot and flight attendant concerns about the screening."

The Canadian Press - US authorities say passengers will have body imaging, pat-downs despite religious objections

----

"Airline passengers who object to any type of physical screening are not going to fly anywhere, the head of the Transportation Security Administration told a congressional committee Tuesday."

Washington Post - If you won't submit to screening, you won't fly, TSA says

----

If you won't allow your body scanned image to be viewed and possibly recorded (and we know absolutely nothing about the databases these images, our passport information, and other information are potentially ending up in. Is this part of the beginning of biometric tracking based on body image? How long until we have to be biometrically scanned and recorded to get a passport? Drivers licenses with thumbprints and retinal scans, biometric images - voice prints any one?

Did you know that there is a semi-clandestine group of countries, led by the U.S. that monitor phone and data traffic that gets passed to and from satellites?

"ECHELON is a name used in global media and in popular culture to describe a signals intelligence (SIGINT) collection and analysis network operated on behalf of the five signatory states to the UK–USA Security Agreement (Australia, Canada, New Zealand, the United Kingdom, and the United States, known as AUSCANNZUKUS).[1][2] It has also been described as the only software system which controls the download and dissemination of the intercept of commercial satellite trunk communications.[3]

ECHELON was reportedly created to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War in the early 1960s, but since the end of the Cold War it is believed to search also for hints of terrorist plots, drug dealers' plans, and political and diplomatic intelligence."

http://en.wikipedia.org/wiki/Echelon_%28signals_intelligence%29

Tuesday, November 16, 2010

"Toronto Police Want To Keep Most G20 Security Cameras"

"Toronto's Police Chief Bill Blair wants to keep some of the equipment bought expressly for the G20 Summit, particularly security cameras and so-called long range acoustic devices."

"The police acquired 77 new cameras for use downtown for the June 26-27 G20 Summit in the downtown core. The cameras had to come down after the summit.

At the January Police Services Board meeting, Blair will formally ask to keep the cameras. Because they were purchased for the G20, they will only cost half the usual price. The federal government will pay the rest, CTV Toronto reported."

CTV - Toronto police want to keep most G20 security cameras

----

"Toronto Police plan to make a formal request to buy 52 cameras, according to a report in the Globe and Mail. Blair said he intends to put some of them in the growing club district. The force currently has 24 CCTV cameras, but not all are currently in use.

The equipment will be bought back from the federal government at half the price.

Aside from the cameras, police are also hoping to purchase the three of four L-RADs (long-range acoustic devices) used during the summit. The controversial devices, also referred to as sound cannons, can emit ear-piercing blips and broadcast messages.

The report also states police want to buy back 400 sets of tactical safety gear, which include helmets, gas masks and shields"

CityNews - Toronto Police Want To Buy Surveillance Cameras Used During G20

(Click on the CityNews link above, please. I have yanked more of their article than is reasonable use... give them the page click/view so that they can at least make money off their story/advertising)

----

I think that the creation of courses of study and research like the following are an indicator of the disturbing level of monitoring and surveillance in our society:

"Surveillance Studies Centre at Queen's University

Surveillance of many kinds is growing rapidly throughout the world and the Surveillance Studies Centre (SSC) at Queen’s University is committed to high quality research to follow such developments. Current active research explores camera surveillance, ID systems, biometrics, social media, border and airport controls – indeed on many aspects of contemporary monitoring, tracking, management and control. While much research happens on the Queen’s University campus, the SSC is also part of a broad network of surveillance research that is both multi-disciplinary and international."


Surveillance Studies Centre at Queen's University

----

New Transparency Project (at Surveillance Studies Centre at Queen's University)

With the goal of providing up-to-date research background or findings to a broad audience as well as to the Integrated Research Sub-Projects (IRSPs) the New Transparency Project publishes occasional working papers. Unlike our reports, published articles and books, they are works-in-progress and should be treated as such.


----

There are a number of seminars and projects occuring through the above structures at Queen's. If I were closer and/or richer I would attend one or more...

----

Picture Credit: Leibold Consulting

Monday, November 15, 2010

WiredMag: "Etiquette: Making Amends in the Digital Age"

"SIN: You waste people’s time by tweeting about your lunch.
PENANCE: You must eat a meal composed of ingredients so bizarre that someone might actually want to hear about them. Think calf brains, sheep hearts, fried grasshopper, and Rocky Mountain oysters."

"SIN: You open an email attachment called MeganFoxBoobs.exe, thereby infecting your employer’s network with the software equivalent of syphilis.
PENANCE: Buy the IT department a case of beer—preferably an overpriced microbrew. Then drive to your great-aunt’s retirement home and install Norton Antivirus on everyone’s PC."

Wired Mag - Etiquette: Making Amends in the Digital Age

----

Ok, maybe it's just because I'm an IT guy, but this article is hilarious...

Radiological Scientists Strongly Question Whether Airport "Nudie Scanners" Are Safe?


"Earlier this year, four scientists from the University of California, San Francisco, wrote a letter to Presidential Science Adviser John Holdren raising concerns about the cancer risks of exposing hundreds of millions of travelers every year to airport X-ray scans."

"Dr. David Brenner is equally unpersuaded by the government's response. Brenner is head of the Center for Radiological Research at Columbia University."

"And Brenner says there's reason to think the radiation dose delivered per scan is about 10 times higher than the government says. It comes from a paper by Arizona State University physics professor Peter Rez that is scheduled to appear in a journal called Radiation Protection and Dosimetry.

Rez says he was skeptical that the X-ray dose the government claims for the machines – about 1/10,000th of a chest X-ray — could produce a usable image at all. He calculated backward to figure out how big an X-ray dose would be needed to get the kind of images the machines produce."

NPR - Protests Mount Over Safety And Privacy Of Airport Scanners

----

"...the Electronic Privacy Information Center (EPIC), a non-profit privacy advocacy group, is taking legal action against the TSA.

Marc Rotenberg, executive director of EPIC, says the TSA should be required to conduct a public rule-making to evaluate the privacy, security and health risks caused by the body scanners."

CNN - Protesting airport body scanners, privacy group sues TSA

"Backlash grows over TSA's 'naked strip searches'"

"Unions representing U.S. Airways pilots, American Airlines pilots, and some flight attendants are advising their members to skip the full-body scans, even if it means that their genitals are touched. Air travelers are speaking out online, with a woman saying in a YouTube video her breasts were "twisted," and ExpressJet pilot Michael Roberts emerging as an instant hero after he rejected both the body scanning and "enhanced pat-downs" options and was unceremoniously ejected from the security line from Memphis International Airport."

"Body scanners penetrate clothing to provide a highly detailed image that TSA says is viewed by a remote technician. Technologies vary, with millimeter wave systems capturing fuzzier images with non-ionizing radio waves and backscatter X-ray machines able to show precise anatomical detail.

TSA says it does not store scans, and there is no evidence indicating the agency does at routine airport checkpoints.

But documents that EPIC obtained show the agency's procurement specifications require that the machines be capable of storing the images on USB drives. A 70-page document (PDF), classified as "sensitive security information," says that in a test mode the scanner must "allow exporting of image data in real time" and provide a mechanism for "high-speed transfer of image data" over the network.

Another federal agency, the Marshals Service, has acknowledged (PDF) that tens of thousands of images from a Brijot Gen2 machine were stored from just one courthouse checkpoint."

CNET - Backlash grows over TSA's 'naked strip searches'

----

"THE Transportation Security Administration, America's second-most loathed bureaucracy, has used its stimulus bucks to stock up on fancy ritual-humiliation scanners that electronically disrobe air-travellers. TSA officers are exceedingly unlikely to detect terrorist tools thereby, but they can always wince and titter at their victims' corpulence or unimpressive primary and secondary sexual characteristics. And if you are unwilling to surrender your dignity to a low-level security-state functionary in this way, you always have the option to surrender your dignity to a low-level security-state functionary in an "enhanced pat-down". The enhancement is that the TSA agent now gets right in there and gropes nearer the possibly ne'er-do-well passengers' tender bits."

The Economist - Nude model or groping victim?

----

"This is a letter from Captain Dave Bates, the president of the Allied Pilots Association, which represents 11,000 American Airlines pilots, to his members, in which he calls on pilots to refuse back-scatter screening and demand private pat-downs from TSA officers. Bates's argument is multifaceted and extremely cogent. He worries about increased exposure to radiation, of course (a big worry among commercial pilots) and he is eloquent on the subject of intentional humiliation:
There is absolutely no denying that the enhanced pat-down is a demeaning experience. In my view, it is unacceptable to submit to one in public while wearing the uniform of a professional airline pilot. I recommend that all pilots insist that such screening is performed in an out-of-view area to protect their privacy and dignity.

It is a source of continual astonishment to me that pilots -- many of whom, it should be pointed out, are military veterans who possess security clearances -- are not allowed to carry onboard their airplanes pocket knives and bottles of shampoo, but then they're allowed to fly enormous, fuel-laden, missile-like objects over American cities."

The Atlantic - American Airlines Pilots in Revolt Against the TSA

----

One woman, who is - according to reports - highly attractive, gets singled out from other passengers for the "nudie scanner", then gets handcuffed to a chair and for a full body pat down after refusing to do a full body scan.

It's interesting to listen about what will happen if a person refuses or even questions. Singled out. Humiliated. Handcuffed to a chair. Answers not forthcoming. Shows what happens to those who buck the system.

"When she asked some question about what they planned to do to her, they flipped out. TSA agents yelled at her, handcuffed her to a chair, ripped up her ticket, called in 12 local Miami cops and finally escorted her out of the airport."




----

One of the folks in the above youtube copy of a radio interview makes the point "These people have to justify themselves and their procedures, at least to themselves, in order to remain relevant."

I think that point is well made.

The Economist article points out "The odds of being a victim of terrorism on a flight are approximately 1 in 10,408,947—rather less than the 1 in 500,000 odds of getting killed by lightning."

----

Picture Credit: The Economist - Nude model or groping victim?

Friday, November 12, 2010

Wired Mag: "Sarah Palin E-mail Hacker Sentenced to 1 Year in Custody"

"David Kernell, the former Tennessee student convicted of hacking into Sarah Palin’s personal e-mail account, was sentenced on Friday to one year in custody.

Kernell, 22, was convicted earlier this year of misdemeanour computer intrusion and a felony count of obstruction of justice. The jury found him not guilty of a wire-fraud charge and hung on a fourth charge for identity theft, after four days of deliberating.

The convictions carried a maximum sentence of 20 years in custody and a possible fine of up to $250,000. Federal sentencing guidelines recommend a sentence of between 15 and 21 months in prison. The government was seeking 18 months, but Kernell’s attorney asked the court to forgo a prison sentence and give his client probation instead"


Wired Mag - Sarah Palin E-mail Hacker Sentenced to 1 Year in Custody

----

So why is this a story about privacy?

Two other paragraphs from this story say why:

"Threat Level broke the story in September 2008 that someone using the name “Rubico” had obtained access to Palin’s personal Yahoo e-mail account. Palin was then running for vice president on the Republican ticket. Kernell got into the account by using publicly available information — such as Palin’s birthdate and postal ZIP code — to reset the password to “popcorn” and gain control of her account."


and

"Although Kernell never found information in the account that was damaging to her campaign, the hack did show that Palin used her personal e-mail account to conduct official Alaska state business. Critics had accused the Alaska governor and her staff of using personal e-mail accounts to avoid public oversight."


----

More on the problematic activity of using Yahoo emails to avoid oversight while trying to get your former brother-in-law fired here:

Ars Technica - Palin comes under fire for using Yahoo e-mail for state biz

----

Here's a primer on how to avoid the secret questions trap, courtesy of Lauren Weinstein of "People For Internet Responsibility" [http://www.pfir.org/]

Greetings. I've already discussed the hacking of Sarah Palin's Yahoo e-mail account and why that hack was both dumb and wrong ( http://lauren.vortex.com/archive/000429.html ).

But how was this attack accomplished? Reports suggest that a youngster exploited one of the weakest aspects of account protection at many sites, the so-called "secret question" system.

The secret question (and its corresponding "secret answer") is supposed to be used for you to recover system access when you've lost or forgotten your real password. Questions like: "What is your favorite color?" or "What High School did you attend?" (that's the one that was used in Palin's case, we're told), or "What was your first dog's name?" and so on.

Supposedly the concept behind this approach is to come up with something that you know well and won't forget. The problem of course is that in many cases the answers to these questions are trivial to guess or research, as seems to have been the case with Palin's account hacker.

How to Avoid the Sarah Palin "Secret Question" Account Trap

----

Yeah - don't be stupid when it comes to verification questions. Sarah Palin was stupid (whether she still is stupid I will leave to your own personal observations).

So don't be like Sarah Palin.

Protect your passwords.

Tuesday, November 9, 2010

Don't Run Your Air Conditioner Too Much Or the Police Might Use Your Power Records to Bust Your Ass


"North Vancouver RCMP have backed off on a request that would have forced BC Hydro to turn over the records of more than a thousand North Vancouver homeowners using large amounts of power to police."

"BC Hydro filed a petition in B.C. Supreme Court this month fighting the request after a North Vancouver judge ordered the power company to hand over a list of residential addresses to police of anyone in North Vancouver whose power consumption averaged more than 93 kilowatt hours per day"


Vanvoucer Sunn - Hydro fights RCMP on power records
North Van detachment backs off on court order for heavy consumers



----

"BC Hydro asked for a judicial review of the decision, arguing the order was too broad.

In an affidavit filed in court, the power company expressed concern that the order could end up forcing it to hand over records of law-abiding citizens and subjecting them to a police investigation even though there is little likelihood they are involved in marijuana grow-ops."


Global B.C. - Hydro fights RCMP on power records

----

"But a petition filed in B.C. Supreme Court by Hydro says the judge erred in law because the order does not include a term denoting specific dates or a period of time and “is therefore unduly vague.”

An affidavit attached to the petition says Hydro is concerned that providing the list to the RCMP would subject many of its customers to an investigation even though “there is little or no likelihood that they are involved in growing marijuana.”"

The Province - B.C. Hydro to challenge court order to hand over power consumption records

----

Here is a link to a legal article about a B.C. law that allowed electrical inspectors to enter homes with odd or high electrical usage (halfway down the page):

Arkinstall v. Surrey

[excerpts]

"In Arkinstall v. City of Surrey (2008 BCSC 1419), Mr. Justice Smart of the B.C. Supreme Court held that police officers could not, as a matter of course or policy, accompany the City’s Electrical and Fire Safety Inspections Team (the “EFSI Team”) during residential inspections made under the Safety Standards Act (the “SSA”). "

"Three things can be taken from Arkinstall. First, Mr. Justice Smart upheld the use of the electrical consumption threshold used as a basis for property inspections, together with the overall inspection regime established under the SSA. Second, the decision continues to uphold a lower standard of Charter of Rights review for inspections that occur in situations that typically involve local governments, and specifically referred to the decision of the B.C. Court of Appeal in R. v. Bichel (1986) 4 B.C.L.R. (2d) 132, which the Petitioners argued was “dated”. Third, it is now clear that police entry into private residences during inspections has to be justified on a case by case basis, rather than being based on a general policy. Police involvement in inspections will have to either be pursuant to a warrant, or justified under the common law test."


----

Here is an article about the legality of police using third parties (such as utility companies) to gather evidence using the extra access that they have to homes - in this article, asking the electric company to put an extra electrical usage monitor on a person's home:

"Although Gomboc revolves around the constitutionality of DRA evidence, one of the most interesting facets of the case is Enmax’s role in procuring the damning evidence.

Out of necessity, homeowners must grant utility companies greater access to their premises than they would afford the general public. This is also true for a range of other services and products – an Internet Service Provider (ISP), for instance, may have access to personal and identifying information that would attract a reasonable expectation of privacy.

In addressing whether a provincially-enacted regulation could be used by police to obtain DRA records from a utility company without a warrant, Martin J.A. noted that such a regulation would allow police to “recruit any agency with limited access to a home to exploit the access to gather information for them.” Using the example of a mail deliverer who could look in through a home’s windows or a cable television provider who could disclose the viewing habits of a subscriber, he concluded that “such unauthorized state surveillance of its citizens … would render the protection of a reasonable expectation of privacy over one’s home illusory.”

The fact that a commercial service provider used its access to help police obtain a crucial piece of evidence adds a layer of complexity to the Gomboc case. The Canadian Civil Liberties Association (CCLA), which had intervener status in the recent Supreme Court hearings, has argued that Charter scrutiny applies when police exploit service relationships during an investigation. In its factum (PDF) for the Court proceedings, the CCLA argues that “an informed observer would conclude that exploiting third party access in such fashion is antithetical to any reasonable conception of privacy in a modern democracy.”


The Court ("THE COURT is the online resource for debate & data about the Supreme Court of Canada") - Gomboc — Power Usage, Police Powers of Search, and the Role of Power Companies September 14th, 2010

----

Laws and rulings are still all over the map.

I will post some articles in the near future about the privacy dangers of the so-called electrical "smart-grid" and some commentary over how data can be used to monitor citizens' activities.

And if you think I am being alarmist about what can happen when police get real interested in your activities, read on...

----

A true story of what can happen to real people who have done nothing wrong when the police decide to go Rambo...

"Deadly Force
Acting on a mistaken drug trafficking suspicion, a SWAT team broke down [the] door [of the home of the Mayor of Berwyn Heights], shot beloved pets and shattered a happy home. Was it an extreme reaction, or business as usual in America's war on drugs?
"

[excerpts below - read the full story by clicking on the link at the bottom of the story]

"Cheye, struggling to understand, pieced together questions officers asked him and comments he overheard. Narcotics investigators for the Prince George's police had apparently left that white box on his front step, then sent SWAT officers from the Sheriff's Office to retrieve it. The box contained marijuana. Officers from the two county law enforcement agencies had apparently been parked watching his house all day. Yet they had apparently done so little investigatory work -- they hadn't even taken 30 seconds to Google Cheye -- that they didn't know they were launching a paramilitary attack on an elected official's home until after they'd broken down the door and shot the dogs. Cheye was particularly disturbed when he discovered that narcotics investigators seemed to have known that criminals had been mailing drugs addressed to innocent people, in hopes of intercepting the packages before the addressees claimed them."

"The guy in there is crazy," Johnson remembered a Prince George's County officer telling him when he arrived. "He says he is the mayor of Berwyn Heights."

"That is the mayor of Berwyn Heights," Johnson replied.

The detective looked very surprised, Johnson later recalled: "He had that 'Oh, crap' look on his face."

Alarmed, Johnson used his cellphone to notify Berwyn Heights Police Chief Patrick Murphy that, as improbable as it sounded, the Sheriff's Office SWAT team had apparently broken down the mayor's door, shot his dogs and confiscated a box containing 32 pounds of marijuana.

Murphy -- home gardening 54 miles away in St. Mary's County -- sat down, stunned. The 35-year veteran of law enforcement searched his memory for any clue he might have overlooked that the nice young mayor who loved his wife, those two goofy Labs and code enforcement could be involved with drugs. He couldn't come up with anything.

The chief told Johnson to go find their department's second-in-command, Det. Sgt. Ken Antolik, who was moonlighting a few blocks away from Calvo's house at the Blue Bird Driving School, to help him find out what in the heck was going on.

Inside the house, Cheye was starting to ask questions, too.

"Do you have a warrant?" he recalled asking more than once, until someone said:

"It's en route."

"I kept saying: 'This is a very terrible thing. This is just horrible.' The context in which I told them I was the mayor, I said, 'I'm the mayor of Berwyn heights, and I have to get to a community meeting tonight.' " Finally, one of the deputies, the men in black, nodded to the recently delivered big white box on the living room table and barked accusingly, "Do you know what is in this box?"

"A box," Cheye recalled thinking. "This is about the box?"

Someone shifted Cheye, his hands still bound behind him, into a chair. He could see blood pooling from beneath Payton's head. An officer picked up one of the boys' dog beds and used it to cover Payton's corpse. Cheye asked if they'd killed Chase, too, and someone said that they'd called animal control to remove two dead dogs.

"You shot my dogs," Cheye recalled saying over and over. "You shot my dogs. You shot my dogs. You shot my dogs."

At home in St. Mary's, Murphy dialed the cellphone of his second-in-command, now standing on the mayor's front lawn. Murphy's officer handed the phone to a Prince George's narcotics investigator, Det. Sgt. David Martini.

This is how Murphy later recalled their conversation:

"Martini tells me that when the SWAT team came to the door, the mayor met them at the door, opened it partially, saw who it was, and then tried to slam the door on them," Murphy recalled. "And that at that point, Martini claimed, they had to force entry, the dogs took aggressive stances, and they were shot."

"I later learned," Murphy said in an interview, "that none of that is true."

Martini said he was not free to comment for this article.

***

It was about 7:45 p.m. when Trinity turned her 1997 Suburu Outback with the kayak rack on top onto Edmonston. The road was so jammed with police vehicles that she couldn't reach her driveway. Assuming that the house had been robbed, Trinity abandoned her car and searched frantically for any sign of an ambulance.

"Is my husband okay?" she asked when Ken Antolik met her near her front gate. "Is my mom okay?

"Yes," he told her. "They are in the house.

Then it struck her. It was too quiet. She didn't hear dogs barking. She knew, even before she asked: "Payton and Chase?"

"I'm sorry," he said.

Trinity collapsed against his chest. A female officer eventually came and led her gently around to the back door. Trinity started in to find her husband and mother, then saw blood. There was so much blood. There was blood pooled near the door. Officers were tracking her dead dogs' blood all over the house. She backed outside.

"I remember sitting on the steps thinking, 'I'm never going to be able to live here again,' " Trinity recalled.

"I found something," Georgia heard a detective yell excitedly. The woman held a white envelope filled with cash. Inside, was $68. Across the front of the envelope were written two words: "yard sale."

The detective seemed crestfallen, Georgia said. Georgia, who had been moved, still bound, into the downstairs bedroom, says she overheard the woman saying something like: "It's my first raid, and we got the mayor's house."

Cheye, struggling to understand, pieced together questions officers asked him and comments he overheard. Narcotics investigators for the Prince George's police had apparently left that white box on his front step, then sent SWAT officers from the Sheriff's Office to retrieve it. The box contained marijuana. Officers from the two county law enforcement agencies had apparently been parked watching his house all day. Yet they had apparently done so little investigatory work -- they hadn't even taken 30 seconds to Google Cheye -- that they didn't know they were launching a paramilitary attack on an elected official's home until after they'd broken down the door and shot the dogs. Cheye was particularly disturbed when he discovered that narcotics investigators seemed to have known that criminals had been mailing drugs addressed to innocent people, in hopes of intercepting the packages before the addressees claimed them.

Yet, here he was, hands bound behind him, trying to convince county police that he and Trinity were not drug lords. "Look around," he tried arguing. "We own almost nothing but books. We live on 70 percent of our salary and bank the rest." Do drug lords tend organic gardens and store the decorations for the community's holiday parties in their garage?

In fact, the officers searching his house were unable to find any evidence of drugs other than the box they'd delivered. They didn't find gun caches or, aside from the yard sale money, stacks of cash. Cheye and Trinity didn't have a bong or hookah, not a single rolling paper, stem or seed. Cheye watched their search efforts grow halfhearted, he said.

Nobody seemed to know how to remove the plastic cuffs still binding his and Georgia's hands behind their backs. The deputies from the SWAT team who had put them on were gone. When Georgia and Cheye complained to detectives that the cuffs were cutting off their circulation, they said the detectives just shrugged. After awhile, the officer moved Cheye into the kitchen. From his new vantage, he could see into the dining room. Chase was lying dead in a pool of blood.

The scene at the house was so terrible and odd to Berwyn Heights officer Johnson that he planted himself in the living room. He couldn't see a search warrant posted anywhere. The mayor looked so vulnerable that Johnson wanted to make sure nothing even worse happened to him, such as getting shot. "Not that I didn't trust the police," Johnson would later say. "But I wanted to personally witness what is going to happen to my mayor, so if they try to say this guy went for a gun -- and he didn't -- it's not going to happen on my watch."

When animal control officers finally came for Payton and Chase, Cheye lost it. Payton's big head tumbled limply off the stretcher as they lifted it to take him away. "I roared," Cheye later recalled. "I broke down sobbing." Cheye had named his big boy for the late, great Chicago Bear Walter Payton, whose nickname was "Sweetness." Cheye's Payton ran more like a 350-pound lineman than like Walter Payton. But he was the sweetest, most wonderful dog Cheye had ever known, and strangers were taking him away forever. "My hands were still bound, so I couldn't get my hands to my face as tears just flowed down. I remember turning, and looking away."

Out on the back stoop, it seemed to Trinity that the detectives in their house had shifted into damage control. One pleasant woman, trying to make pleasant conversation, asked Trinity if she and Cheye ever planned to have children.

"All I could think was, Our dogs were our kids, and I can't believe you are asking me that," Trinity recalled. "I let it go and said that we were thinking about adopting."

***

Nearly four hours after the SWAT team broke down the front door, the detectives were ready to leave. Someone had figured out how to cut the cuffs off Cheye and Georgia. They had led Georgia outside to Trinity. Georgia was still so hysterical that she could barely speak.

Cheye says the lead officer at the scene, Prince George's Det. Shawn Scarlata, told him and Trinity that he could haul them all into jail because the box had been addressed to Trinity. But he said he wasn't going to as long as they cooperated. (Scarlata later said he could not comment on the case for this article.)

Johnson stayed to help Cheye lift the splintered door back into its frame and prop it there. There was no way to make the lock work. "I just felt so sorry for them," Johnson recalled. "I didn't know what to say. I told them I'd keep an eye on the house."

Cheye grasped Trinity by the shoulders. "Whatever happens," he said. "I don't want this to affect us." He was a romantic idealist. He had proposed to Trinity at the Jefferson Memorial. But he wasn't naive. This night had been so terrible, Cheye knew that it would change each of them forever in ways they couldn't predict. He felt only a determination not to allow this horror to creep inside their love.

Trinity, sobbing, said nothing could ruin their marriage, but they might have to move. She didn't know if she could live in this house. She didn't think she could stay in Prince George's County. They toured their home room by room. Everything they owned was thrown on the floor, a table or a bed. Their meticulous files had been dumped, the paper scattered. But the blood was the worst.

Exhausted, Cheye telephoned a friend and asked him to come over and help him scrub the blood off the floors. They had to do it for Trinity. It was after 1 a.m. when the two men stopped scrubbing.

Cheye dragged an air mattress into the living room so that he, Trinity and Georgia could huddle together through the night. Nobody slept. Somewhere out there was a drug dealer who might be thinking that they had his box of pot, and they couldn't lock their front door.

About 3:30 a.m., Cheye typed an e-mail on his Treo trying to explain why he wouldn't be coming to the office that morning.

"I'm on the Beltway," Cheye's boss, Rajiv Vinnakota, said, when he called at 7:30 the next morning and said he was on his way. "My only question is, 'Do I bring bagels?' "

Cheye earned his living working for SEED, a District-based educational foundation trying to expand its network of schools to several states. There was no way a drug raid on a mayor's house where police broke down the door and shot the family dogs wouldn't become news. Cheye's boss counseled him to get a lawyer, because innocent people go to jail all the time, and to be proactive about reaching out to the media.

Cheye felt confident that people who knew him and Trinity would know they'd never have anything to do with drugs. But what about everyone else?

As they talked, it dawned on Cheye that police hadn't just killed his dogs, terrorized his family and destroyed his once-happy, pretty home. They might just have ruined his life.

By mid-morning, Cheye had agreed to let a television reporter tour the house and had sent a mass e-mail to everyone he knew and the entire town of Berwyn Heights' mailing list.

"We try to make sense of it," Cheye wrote in the e-mail. "They invaded our home and killed our dogs! That above all else, can't be undone."

The Berwyn Heights annual employee-appreciation luncheon was scheduled for noon. Cheye went, feeling unsteady from lack of sleep and wondering if he were still in shock. He sat next to Murphy, who Cheye felt was acting cool toward him.

"I'm always highly suspicious because of all the things I've seen in 35 years in law enforcements," the chief later said. "Sometimes, I look at the priest in church, and I wonder what his thing is, which isn't all that healthy. But there's always a suspicion there. At the same time, I think I'm a pretty good judge of character."

Cheye, he concluded, couldn't have been the criminal the county detective had described on the phone.

As Cheye implemented his plan to let people know that they were innocent, Trinity labored to make their house minimally habitable. Her father -- Georgia's first husband -- flew in from Wyoming to help. One of the first things they did was throw away the blood-soaked dining room rug.

At bedtime, Trinity and Cheye stared at each other. Trinity had always gone upstairs first, leaving Cheye reading downstairs, Chase at his feet. Payton had always followed Trinity, crept onto Cheye's side on the bed, snoozed until he heard him coming, then jumped down guiltily. Now their hearts sank, not just at all they'd lost, but at how everything either of them said or did, anyplace they looked in the house, was a reminder.

They got into bed, but kept the lights on. Trinity was afraid now to sleep in the dark. After a few minutes, Cheye got up and turned off the fan. They wanted to be able to hear in case someone broke in again.

***

The first news reports on the raid at the Berwyn Heights mayor's house quoted spokesmen for the Prince George's police saying that the mayor and his family remained "persons of interest" in an ongoing drug-smuggling investigation. Police said they became aware of the box addressed to Trinity when a drug-sniffing dog had alerted them to it at a package hub, and authorities notified the county police. A police spokesman told reporters that Prince George's narcotics investigators had sought, and been granted, a "no-knock" warrant before searching Cheye and Trinity's house. Maryland law authorizes police to request a no-knock warrant, one intended to be served by force and unannounced, if they have a "reasonable suspicion" that evidence would be destroyed or officers' lives placed in danger if they knocked on a suspect's door and demanded entry.

Those same news reports quoted law enforcement officials around the region saying it was a known tactic of traffickers to ship a package containing drugs to an innocent stranger's home, planning to retrieve it before the recipient opened the box. In fact, law enforcement officials told reporters, recent incidents in College Park and Dunn Loring had been foiled when surprised innocents alerted police after opening the packages before the dealers could snatch them. Cheye was flabbergasted. Given that, how could the police who had broken down his front door with a battering ram, terrorized his family and killed his dogs not at least have considered the possibility, even the likelihood, that he might be innocent?

On Friday, Aug. 1 -- 71 hours after the raid -- the lead detective, Scarlata, returned to their home. He came alone. Cheye met him at the fence. The detective handed Cheye the warrant he had first asked to see while handcuffed in his living room. Scarlata also gave Cheye a list of what they'd confiscated in the raid. It consisted of a single item: the box police had brought there in the first place.

After the detective left, Cheye studied the document. There was nothing anywhere to indicate that Scarlata had asked the judge who signed it for permission to break his door down for a no-knock search. He hadn't presented the judge with evidence that anyone in the household was armed and dangerous. He'd basically said that police had intercepted a box of drugs addressed to Trinity, delivered the box and watched as it was taken inside."

"Police Chief Murphy was angry that Prince George's police hadn't given him the courtesy of notifying him before their raid, allowing him to help them execute their search warrant peacefully and avert tragedy. "I never imagined, when I set out to protect people from the crooks and the criminals, that I would have to protect them from my fellow police officers," Murphy told the crowd.

Cheye thanked the townspeople he'd served for five years as mayor. "Injustice in this county, in this country, in this world happens every day," he said. "But people who experience it most often don't have the support, don't have the community, don't have the resources that we do."

***

Cheye and Trinity flipped channels waiting for the 5 o'clock news, certain that -- finally -- they would be officially cleared. It was Wednesday, Aug. 7, more than a week after the raid. Then-Prince George's Police Chief Melvin C. High and Sheriff Michael Jackson held a joint news conference to announce the arrests of a FedEx deliveryman and a second man alleged to be involved in a scheme to smuggle marijuana by shipping packages addressed to unsuspecting recipients, including the one to Trinity. Police refused to release their names.

Yet neither High nor Jackson apologized to Cheye, Trinity and Georgia or declared their absolute innocence.

The mayor of Berwyn Heights and his family "most likely, they were innocent victims" of the drug traffickers' scheme, High said. "But we don't want to draw that definite conclusion at the moment." "


Washington Post - Deadly Force

----

While I am not ideologically in tune with the Cato Institute, here is an interesting report:

Cato Institute report, "Overkill: The Rise of Paramilitary Police Raids in America."

----

Picture Credit: MustKnowHow - Noisy window air conditioner