A Geek With Guns

Discount security adviser to the proles.

Archive for the ‘Corruption Corner’ Category

Fear Is The Last Refuge Of A Scoundrel

without comments

Stingray is a product name for an IMSI-catcher popular amongst law enforcers. Despite the devices being trivial enough that anybody can build one for $1,500, law enforcers have been desperate to keep the devices a secret. The Federal Bureau of Investigations (FBI), for example, would rather throw out cases than disclose its Stingray usage.

Here in Minnesota law enforcers are also busy keeping tight wraps on Stingray usage:

A Fox 9 Investigation has revealed that tracking warrants for a surveillance device called StingRay have routinely been kept sealed, despite a law requiring them to become public with 90 days.

The StingRay device is used by the Bureau of Criminal Apprehension about 60 times a year, said BCA Superintendent Drew Evans. Hennepin County Sheriff also had a StingRay, but a spokesperson said they discontinued it after using it only four times.

Why the secrecy? If you were expecting a detailed legal defense you’re going to be left wanting. The only defense law enforcers can muster is fear. Whenever a law enforcement department is pressed about the secrecy of Stingray devices they respond with the scariest case they can think of that involved the device

“This technology has been absolutely critical in locating some of Minnesota’s most violent criminals, more quickly than we ever were before,” Evans said.

Photo State of surveillance: StingRay warrants sealed despite changes in Minnesota law
Law enforcement used the technology last month when a disgruntled client allegedly gunned down a clerk at a St. Paul law firm and then went on the run. Police had the suspect’s cell phone and tracked him down.

[…]

“Just this week we were able to locate a level 3 sexual offender that was non-compliant, a suspect in a series of serial rapes, and a homicide suspect, this week alone,” he explained.

This usually satisfies journalists and the general public but shouldn’t. Whenever a law enforcer brings up a scary case where they used a Stingray device the immediate response should be, “So what?”

So what if the devices were used in secrecy to find a suspected murderer or a level three sex offender? Will these devices suddenly cease working if they’re subjected to the same oversight as any other law enforcement technology? Will they power off forever the minute a warrant is unsealed? No.

Law enforcers have no legal justification for keeping these devices secret, which is why they’re resorting to fear tactics. The question everybody should be asking is why they’re so desperate to keep these devices in the shadows. I theorize that there is a known weakness in the technology that would make them potentially inadmissible in court. What other reason could there be to go so far as to throw out individual cases rather than unseal warrants and release technical details about the devices? It’s not like the devices are a novel technology that nobody knows how to make or defend against.

The War Against Privacy

with one comment

If you read the erroneously named Bill of Rights (which is really a list of privileges, most of which have been revoked) you might be left with the mistaken impression that you have a right to privacy against the State. From the National Security Administration’s (NSA) dragnet surveillance to local police departments using cell phone interceptors, the State has been very busy proving this wrong. Not to be outdone by the law enforcement branches, the courts have been working hard to erode your privacy as well. The most recent instance of this is a proposed procedural change:

The Federal Rules of Criminal Procedure set the ground rules for federal criminal prosecutions. The rules cover everything from correcting clerical errors in a judgment to which holidays a court will be closed on—all the day-to-day procedural details that come with running a judicial system.

The key word here is “procedural.” By law, the rules and proposals are supposed to be procedural and must not change substantive rights.

[…]

But the amendment to Rule 41 isn’t procedural at all. It creates new avenues for government hacking that were never approved by Congress.

The proposal would grant a judge the ability to issue a warrant to remotely access, search, seize, or copy data when “the district where the media or information is located has been concealed through technological means” or when the media are on protected computers that have been “damaged without authorization and are located in five or more districts.” It would grant this authority to any judge in any district where activities related to the crime may have occurred.

In layman’s terms the change will grant judges the ability to authorize law enforcers to hack into any computer using Tor, I2P, a virtual private network (VPN), or any other method of protecting one’s privacy (the wording is quite vague and a good lawyer could probably stretch it to include individuals using a public Wi-Fi access point in a restaurant). The point being made with this rule proposal is clear, the State doesn’t believe you have any right to protect your privacy.

This should come as no surprise to anybody though. The State has long held that your right to privacy stops where its nosiness begins. You’re not allowed to legally possess funds the State isn’t aware of (financial reporting laws exist to enforce this), manufacture and sell firearms the State isn’t aware of, or be a human being the State isn’t aware of (registering newborn children for Social Security and requiring anybody entering or leaving the country to provide notice and receive approval from the State).

Government Oversight

without comments

Every time the government initiates another secret program some boot licking apologist excuses it as necessary to fight the enemies of America. After all, our wise benefactors put safety measure in place so these secret programs aren’t abused!

Except those safety measures don’t stop anything:

The secretive U.S. Foreign Intelligence Surveillance Court did not deny a single government request in 2015 for electronic surveillance orders granted for foreign intelligence purposes, continuing a longstanding trend, a Justice Department document showed.

The court received 1,457 requests last year on behalf of the National Security Agency and the Federal Bureau of Investigation for authority to intercept communications, including email and phone calls, according to a Justice Department memo sent to leaders of relevant congressional committees on Friday and seen by Reuters. The court did not reject any of the applications in whole or in part, the memo showed.

1,457 requests and not a single denial? Either the National Security Agency (NSA) and Federal Bureau of Investigations (FBI) are exceedingly cautious in with their requests or the court serves as a rubber stamp, not a check against abuse. Considering the history of both agencies I think it’s pretty safe to say the court is just a rubber stamp.

This is when some boot licker will tell me, “You don’t know that for sure, Chris!” And they’re right, which is the problem with secret programs. Everything takes place behind an iron curtain so the public has no way to verify if the program is being abused. What we do know is the lack of transparency creates an environment for abuse so even if a secret program isn’t currently being abused it will attract people who wish to abuse it.

It’s Good To Be The King’s Men

with one comment

A court ordered the Federal Bureau of Investigations (FBI) to reveal the exploit it used to reveal the identities of systems that accessed a Tor hidden service that was serving child pornography. The FBI has responded by saying, “Nah, brah!”

In yet another case, the one involving Jay Michaud — his lawyers have now told the court that the DOJ has made it clear that despite the court ruling earlier this year that the FBI must reveal the details of the NIT/hacking tool, it will not do so (first revealed by Brad Heath).

This refusal is nothing new. The FBI has refused to turn over information about Stingray interceptors as well:

The filing goes on to point out how the FBI has similarly been refusing to reveal details of its Stingray mobile phone surveillance tools (something we’ve discussed here quite a bit), leading to convictions being overturned. As Michaud’s lawyers point out, the situation here is basically the same. If the FBI refuses to obey a court order, then the case should be dropped.

While the article does note that the Stringray case was dropped I think it’s important to note the stark difference between the way the king’s men are treated compared to regular individuals. If a court orders somebody like you or me to do something and we refuse we’re held in a cage until we decide to comply. When the FBI refused to obey a court order they go unpunished. For the sake of consistency I believe the judge should order the agents involved in the case and the heads of the FBI to be locked in a cage until they comply with the court order.

Written by Christopher Burg

April 27th, 2016 at 10:30 am

The FBI Heroically Saves Us Yet Again From A Criminal It Created

with one comment

Just one week after heroically saving us from a terrorist it created, the Federal Bureau of Investigations (FBI) has saved us from yet another criminal it created:

US authorities depict Franey as an unstable anti-government militant who deserved a closer look to see how far he might go. One of his neighbors told FBI agents that Franey said he hated the US military for not allowing him “to leave the Army” after he enlisted, and that he railed at the system for “taking away his kids.” As US Attorney Hayes put it, the Justice Department was obligated to “pursue all available leads to ensure the public was protected from any possible harm.”

But while it seems Franey talked often and enthusiastically about plotting a terrorist attack, there’s little indication he ever had any intention of following through with his threats until the FBI’s undercover agent came along. After befriending Franey, the agent took him on an eight-month ride — sometimes literally, including a road trip along the West Coast — while recording their conversations, doling out cash, furnishing him with guns, and then busting him for illegal possession of the weapons.

I once heard that the FBI used to arrest criminals it didn’t create. Does it still do that once in a while? Is that still a thing?

What happened here is the same thing that always happens. The FBI identified somebody, likely of lukewarm intelligence, who it thought was capable of being radicalized into a threat. It then assigned an agent to befriend the individual and slowly radicalize him. After radicalizing him the agent then provided him a means to perpetuate an attack. The operation then closed with the agent arresting the guy for basically being a radicalized individual in possession of a means to commit an attack.

In this case the FBI’s prey was arrested for illegally possessing weapons. Weapons which were given to him by the FBI.

These operations rely on taking a hypothetical scenario and making it a reality. The individuals they target are those the agency deems capable of being radicalized. If left to their own devices the individuals would almost certainly remain harmless. Most of these individuals are socially isolated, aren’t the brightest bulbs in the box, and are seldom go-getters. Since they’re socially isolated they’re usually desperate for friendship, which makes them vulnerable to FBI agents. Their lukewarm intelligence also makes them more susceptible to being influenced. When you combine social isolation with lukewarm intelligence you have a recipe for an individual who can be easily manipulated to do bad things. But even if they’re manipulated into doing something bad they seldom have the motivation or means. So the FBI prods these individuals into performing an attack and provides them a means with which to pull it off. Finally, with all the pieces in place the FBI arrests its creation.

What the FBI is doing is preying on vulnerable individuals, convincing them to do something bad, and then providing the means to do that bad thing. If the FBI didn’t involve itself these people would normally just fade into the annals of history. The FBI isn’t protecting us from anything with these operations. It’s creating a bad situation and then claiming to save everybody from it.

Do As We Say, Not As We Do

with one comment

A lot of people are talking about the Panama Papers. This treasure trove of shell corporations created by utilizing the services of Mossack Fonseca measures in at over 2.5 terabytes in size and it seems to contain dirt on almost every politician. The prime minister of Iceland just resigned due to public outrage stirred by his name appearing in the papers and others are likely to follow.

But the real scandal isn’t that these politicians are utilizing tax havens to protect their wealth. The real scandal is that these politicians continue to hunt those who utilize tax havens while making use of such wealth preserving institutions themselves.

There is nothing immoral about trying to conceal your wealth from thieves. In fact doing so is meritorious. In the case of tax thieves concealing wealth keeps resources out of the hands of the most violent gangs in the world. The less resources the State has the less effective it is as subjugating its victims. We shouldn’t decry anybody for protecting their wealth from the State.

What we should decry are thieves and these politicians are not only thieves but their dishonest thieves. In public these politicians espouse the merits of taxes and viciously criticize tax evaders. In private they are whisking their wealth away to the exact same places using the exact same tactics as private tax evaders. I believe the only fair thing to do in this case is treat these politicians the exact same way they treat private tax evaders. Make examples of them in the media. Hold a show trial. Then lock them in a cage for the rest of their lives. And do this not because they’re tax evaders but because they’ve gleefully inflicted such harm on tax evaders themselves.

Written by Christopher Burg

April 6th, 2016 at 10:30 am

Having Your Surveillance Cake And Eating It Too

without comments

At one point it wasn’t uncommon for employers to issue company devices to employees. Things have changed however and now it is common for employers to expect employees to use their personal devices for work. It seems like a win-win since employees don’t have to carry two cell phones or use whatever shitty devices their company issues and employers safe money on having to buy devices. However, it leads to an interesting situation. What happens when the employer wants to surveil an employee’s personal device? That’s the battle currently being waged by Minnesota’s state colleges and their employees:

Two faculty unions are up in arms over a new rule that would allow Minnesota’s state colleges and universities to inspect employee-owned cellphones and mobile devices if they’re used for work.

The unions say the rule, which is set to take effect on Friday, would violate the privacy of thousands of faculty members, many of whom use their own cellphones and computers to do their jobs.

“[It’s] a free pass to go on a fishing expedition,” said Kevin Lindstrom, president of the Minnesota State College Faculty.

But college officials say they have an obligation under state law to protect any “government data” that may be on such devices, and that as public employees, faculty members could be disciplined if they refuse to comply.

If the universities have such a legal obligation then they damn well should be issuing devices. Data is at the mercy of the security measures implemented on whatever devices it is copied to. When businesses allow employees to use personal devices for work any data that ends up on those devices is secured primarily by whatever measure the employee has put into place. While you can require certain security measures such as mandating a lock screen password on the employee’s phone, employees are still generally free to install any application, visit any website, and add any personal accounts to the device. All of those things can compromise proprietary company data.

By issuing centrally managed devices, the universities could restrict what applications are installed, what webpages devices are willing to visit, and what accounts can be added.

There is also the issue of property rights. What right does an employer have to surveil employee devices? If so, how far does that power extend? Does an employer has the right to surveil an employee’s home if they work form home or ever take work home? Does an employer have the right to surveil an employee’s vehicle if they use that vehicle to drive to work or travel for work? When employers purchase and issue devices these questions go away because the issued devices are the employer’s property to do with as they please.

If an employer wants to surveil employee devices then they should issue devices. If an employer is unwilling to issue devices then they should accept the fact they can’t surveil employee devices. If an employer is under a legal obligation to protect data then it needs to issue devices.

FBI Heroically Saves Us From Yet Another Person It Radicalized

with one comment

Without the Federal Bureau of Investigations (FBI) who would protect us from the people radicalized by the FBI? Without the heroics of the agency a lot of people might be dead today — killed by a terrorist radicalized by the FBI:

KHALIL ABU RAYYAN was a lonely young man in Detroit, eager to find a wife. Jannah Bride claimed she was a 19-year-old Sunni Muslim whose husband was killed in an airstrike in Syria. The two struck up a romantic connection through online communications.

Now, Rayyan, a 21-year-old Michigan man, is accused by federal prosecutors of supporting the Islamic State.

Documents released Tuesday show, however, that Rayyan was motivated not by religious radicalism but by the desire to impress Bride, who said she wanted to be a martyr.

Jannah Bride, not a real name, was in fact an FBI informant hired to communicate with Rayyan, who first came to the FBI’s attention when he retweeted a video from the Islamic State of people being thrown from buildings. He wrote later on Twitter: “Thanks, brother, that made my day.”

According to the FBI, the agency discovered a radicalized supporter of the Islamic State that was going to perpetrate a terrorist attack. But the attack never happened because the FBI was able to discover the individual ahead of time and intervene.

Put into normal people lingo, the FBI found somebody with neither the motivation or means to perform a terrorist attack. The agency then provided the motivation and eventually the means. If the FBI hadn’t inserted itself into this individual’s life they still wouldn’t have perpetrated a terrorist attack.

I like to say, if it weren’t for the people radicalized by FBI agents there wouldn’t be any terrorists for the FBI to capture. When I first started saying that it was done with a modicum of sarcasm because I assumed the agency did manage to fight some actual crime once in a while. But so many of these FBI created cases exist that they literally fill a book. It’s getting to the point where seems the agency’s only job is dealing with the “terrorists” it creates.

Law Enforcers Caught Abusing A Databases Again

without comments

I have a natural aversion to government databases. This may seem ironic coming from a man whose name probably appears in dozens of them but that’s beside the point. Databases for sex offenders, felons, known gang members, and gun owners are always sold as being valuable tools for protecting the public. What is often ignored by proponents of such databases is how easily they can be abused by law enforcers. Denver law enforcers are the latest in a long line of law enforcers busted for abusing government databases for personal gain:

Denver Police officers caught using a confidential database for personal reasons should face stiffer penalties, the city’s independent monitor argued in a report released Tuesday.

The report, which reviewed both the Denver Police and the Denver Sheriff Department’s performance for 2015, found several instances of officers abusing both the National Crime Information Center (NCIC) and it’s state counterpart, the Colorado Crime Information Center (CCIC). Independent Monitor Nicholas Mitchell said in the report that he believes the penalties for those caught aren’t stiff enough to deter further abuse.

[…]

One officer, for example, was found to have used the database to assist an acquaintance who was going through a divorce determine the identity of the man he believed his wife was having an affair with. Then it spiraled out of control, possibly enabling violence from the vengeful ex-husband:

Shortly thereafter, the ex-husband began driving by the man’s house and threatening him. The ex-husband also found and contacted the man’s wife to tell her that the man was having an affair. The ex-husband told the wife that he knew their home address, showed her a picture of the man’s car, and asked her questions about the man to find out what gym he worked out at, what shift he worked, and where he spent his leisure time.

[…]

In another instance, a Denver Police officer who was at a hospital investigating a reported sexual assault made “small talk” with a female employee at the hospital who wasn’t involved in the investigation. The report continues:

At the end of her shift, the female employee returned home and found a voicemail message from the officer on her personal phone. She had not given the officer her phone number, and was upset that he had obtained it (she assumed) by improperly using law enforcement computer systems.

Note the lack of punishments received by officers caught abusing these databases. The first mentioned infraction resulted in a written reprimand and the second resulted in a fine of two days pay in addition to a written reprimand.

There are two major problems here. First, the existence of these databases. Second, the almost complete absence of oversight. These databases hold a tremendous amount of personal information on individuals. That information isn’t anonymized in any way so any officer can bring up the home address, phone number, and other personal information of those entered into the database. No oversight is apparently needed as multiple officers have been able to access the database for unauthorized uses. And no apparent interest in establishing oversight seems to exist since those finally caught abusing the database received no real punishment.

Databases containing personal information are dangerous to begin with. But when you add a complete lack of accountability for those accessing the databases, especially when they’re almost entirely shielded from personal liability, you have a recipe for disaster. Never let yourself be lulled into believing establishing a government database is necessary or in any way a good thing.

Written by Christopher Burg

March 18th, 2016 at 10:30 am

Threat Posed By Personally Owned Drones Overblown, Water Is Wet

with one comment

Last year the Federal Aviation Administration (FAA) announced it would be requiring all drone owners to register so their personal information, including home address, could be published for all to see. This requirement was justified under the claim that personally owned drones posed a major threat to other forms of aviation traffic. A lot of people, including myself, called bullshit on that and now research exists backing up our accusation:

That research, shown in a study just published by George Mason University’s Mercatus Center, was based on damage to aircraft from another sort of small, uncrewed aircraft—flying birds.

Much of the fear around drones hitting aircraft has been driven by FAA reports from pilots who have claimed near-misses with small drones. But an investigation last year by the Academy of Model Aeronautics (AMA) found that of the 764 near-miss incidents with drones recorded by the FAA, only 27 of them—3.5 percent—actually were near misses. The rest were just sightings, and those were often sightings that took place when drone operators were following the rules. The FAA also overcounted, including reports where the pilot said explicitly that there was no near miss and some where the flying object wasn’t identified, leading the AMA to accuse the FAA of exaggerating the threat in order to get support for its anti-drone agenda.

So for starters all the “near misses” we’ve read about in the media weren’t near misses. A vast majority of them were mere sightings. But the FAA’s bullshit doesn’t stop there:

There hasn’t yet been an incident in which a drone has struck an aircraft. But bird strikes (and bat strikes) do happen, and there’s a rich data set to work from to understand how often they do. Researchers Eli Dourado and Samuel Hammond reasoned that the chances of a bird strike remain much higher than that of an aircraft hitting a drone because “contrary to sensational media headlines, the skies are crowded not by drones but by fowl.”

The researchers studied 25 years of FAA “wildlife strike” data, reports voluntarily filed by pilots after colliding with birds. The data included over 160,000 reported incidents of collisions with birds, of which only 14,314 caused damage—and 80 percent of that number came from collisions with large or medium-sized birds such as geese and ducks.

Emphasis mine. No drones have struck a plane yet, which means the threat of drones to already existing aviation traffic is still entirely unrealized. Hell, this combined with the fact most reported near misses weren’t near misses, we should actually take a moment to recognize how much of a nonissue personally owned drones have been so far. Drone operators by and large have been very well behaved.

The data on wildlife strikes is also valuable since it indicates that when a drone finally does strike a plane there probably won’t be much damage to the plane. Most personally owned drones are more fragile than the large or medium sized birds that managed to cause damage when colliding with a plane.

What we have here is another example of a government money grab disguised as a crisis. With the FAA’s new rules in place the agency can extract $5 from every registered drone operator and up to $250,000 from operating a drone without being registered. Furthermore, the FAA can up the fees and fines as it sees fit.

Written by Christopher Burg

March 16th, 2016 at 10:00 am