A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Technology’ Category

Pebble Goes Bankrupt

without comments

Pebble was an interesting company. While the company didn’t invent the smartwatch concept, I have a Fossil smartwatch running Palm OS that came out way before the Pebble, it did popularize the market. But making a product concept popular doesn’t mean you’re going to be successful. Pebble has filed for bankruptcy and effective immediately will no longer sell products, honor warranties, or provide any support beyond the material already posted on the Pebble website.

But what really got me was how the announcement was handled. If you read the announcement you may be lead to believe that Fitbit has purchased Pebble. The post talks about this being Pebble’s “next step” and the e-mail announcement sent out yesterday even said that Pebble was joining Fitbit:

It’s no surprise that a lot of Pebble users were quite upset with Fitbit since, based on the information released by Pebble, it appeared that Fitbit had made the decision to not honor warranties, release regular software updates for current watches, and discontinue the newly announced watches. But Fitbit didn’t buy Pebble, it only bought some of its assets:

Fitbit Inc., the fitness band maker, has acquired software assets from struggling smartwatch startup Pebble Technology Corp., a move that will help it better compete with Apple Inc..

The purchase excludes Pebble’s hardware, Fitbit said in a statement Wednesday. The deal is mainly about hiring the startup’s software engineers and testers, and getting intellectual property such as the Pebble watch’s operating system, watch apps, and cloud services, people familiar with the matter said earlier.

While Fitbit didn’t disclose terms of the acquisition, the price is less than $40 million, and Pebble’s debt and other obligations exceed that, two of the people said. Fitbit is not taking on the debt, one of the people said. The rest of Pebble’s assets, including product inventory and server equipment, will be sold off separately, some of the people said.

I bring this up partially because I was a fan of Pebble’s initial offering and did enjoy the fact that the company offered a unique product (a smartwatch with an always on display that only needed to be charged every five to seven days) but mostly because I found the way Pebble handled this announcement rather dishonest. If your company is filing bankruptcy you should just straight up admit it instead of trying to make it sound like you’ve been bought out by the first company to come by and snap up some of your assets. Since you’re already liquidating the company there’s nothing to be gained by pussyfooting around the subject.

Written by Christopher Burg

December 8th, 2016 at 10:00 am

The Real Life Ramification of Software Glitches

with one comment

When people think of software glitches they generally think of annoyances such as their application crashing and losing any changes since their last save, their smart thermostat causing the furnace not to kick on, or the graphics in their game displaying abnormally. But as software has become more and more integrated into our lives the real life implications of software glitches have become more severe:

OAKLAND, Calif.—Most pieces of software don’t have the power to get someone arrested—but Tyler Technologies’ Odyssey Case Manager does. This is the case management software that runs on the computers of hundreds and perhaps even thousands of court clerks and judges in county courthouses across the US. (Federal courts use an entirely different system.)

Typically, when a judge makes a ruling—for example, issuing or rescinding a warrant—those words said by a judge in court are entered into Odyssey. That information is then relied upon by law enforcement officers to coordinate arrests and releases and to issue court summons. (Most other courts, even if they don’t use Odyssey, use a similar software system from another vendor.)

But, just across the bay from San Francisco, one of Alameda County’s deputy public defenders, Jeff Chorney, says that since the county switched from a decades-old computer system to Odyssey in August, dozens of defendants have been wrongly arrested or jailed. Others have even been forced to register as sex offenders unnecessarily. “I understand that with every piece of technology, bugs have to be worked out,” he said, practically exasperated. “But we’re not talking about whether people are getting their paychecks on time. We’re talking about people being locked in cages, that’s what jail is. It’s taking a person and locking them in a cage.”

First, let me commend Jeff Chorney for stating that jails are cages. Too many people like to prevent that isn’t the case. Second, he has a point. Case management software, as we’ve seen in this case, can have severe ramifications if bugs are left in the code.

The threat of bugs causing significant real life consequences isn’t a new one. A lot of software manages a lot of equipment that can lead to people dying if there is a malfunction. In response to that many industries have gone to great lengths to select tools and come up with procedures to minimize the chances of major bugs making it into released code. The National Aeronautics and Space Administration (NASA), for example, has an extensive history of writing code where malfunctions can cost millions of dollars or even kill people and its programmers have developed tools and standards to minimize their risks. Most industrial equipment manufacturers also spend a significant amount of time developing tools and standards to minimize code errors because their software mistakes can lead to millions of dollars being lost of people dying.

Software developers working on products that can have severe real life consequences need to focus on developing reliable code. Case management software isn’t Facebook. When a bug exists in Facebook the consequences are annoying to users but nobody is harmed. When a bug exists in case management software innocent people can end up in cages of on a sex offender registry, which can ruin their entire lives.

Likewise, people purchasing and use critical software needs to thoroughly test it before putting it in production. Do you think there are many companies that buy multi-million dollar pieces of equipment and don’t test them thoroughly before putting it on the assembly line? That would be foolish and any company that did that would end up facing millions of dollars of downtime or even bankruptcy if the machine didn’t perform as needed. The governments that are using the Odyssey Case Management software should have thoroughly tested the product before using it in any court. But since the governments themselves don’t face any risks from bad case management software they likely did, at best, basic testing before rushing the product into production.

Written by Christopher Burg

December 6th, 2016 at 10:30 am

Concealing a Cellular Interceptor in a Printer

without comments

As a rule technology improves. Processors become faster, storage space becomes more plentiful, and components become smaller. We’ve seen computers go from slow machines with very little storage that were as big as a room to tiny little powerhouses with gigabytes of storage that fit in your pocket. Cellular technology is no different. Cellular inceptors, for example, can now be concealed in a printer:

Stealth Cell Tower is an antagonistic GSM base station in the form of an innocuous office printer. It brings the covert design practice of disguising cellular infrastructure as other things – like trees and lamp-posts – indoors, while mimicking technology used by police and intelligence agencies to surveil mobile phone users.

[…]

Stealth Cell Tower is a Hewlett Packard Laserjet 1320 printer modified to contain and power components required implement a GSM 900 Base Station.

These components comprise:

  • BladeRF x40
  • Raspberry Pi 3
  • 2x short GSM omnidirectional antennae with magnetic base
  • 2x SMA cable
  • Cigarette-lighter-to-USB-charger circuit (converting 12-24v to 5v)
  • 1x USB Micro cable (cut and soldered to output of USB charger)
  • 1x USB A cable (cut and soldered to printer mainboard)

The HP Laserjet 1320 was chosen not only for its surprisingly unmentionable appearance but also because it had (after much trial and error) the minimal unused interior volumes required to host the components. No cables, other than the one standard power-cord, are externally visible. More so, care has been taken to ensure the printer functions normally when connected via USB cable to the standard socket in the rear.

It’s an impressive project that illustrates a significant problem. Cellular interceptors work because the protocols used by the Global System for Mobile Communications (GSM) standard are insecure. At one time this probably wasn’t taken seriously because it was believed that very few actors had the resources necessary to build equipment that could exploit the weaknesses in GSM. Today a hobbyist can buy such equipment for a very low price and conceal it in a printer, which means inserting an interceptor into an office environment is trivial.

Fortunate, Long-Term Evolution (LTE) is a more secure protocol. Unfortunate, most cell phones don’t use LTE for phones calls and text messages. Until everything is switched over to LTE the threat posed by current cellular interceptors should not be taken lightly.

Written by Christopher Burg

November 22nd, 2016 at 10:00 am

You’re the Product, Not the Customer

with one comment

If you’re using an online service for free then you’re the product. I can’t drive this fact home enough. Social media sites such as Facebook and Twitter make their money by selling the information you post. And, unfortunately, they’ll sell to anybody, even violent gangs:

The FBI is using a Twitter tool called Dataminr to track criminals and terrorist groups, according to documents spotted by The Verge. In a contract document, the agency says Dataminr’s Advanced Alerting Tool allows it “to search the complete Twitter firehose, in near real-time, using customizable filters.” However, the practice seems to violate Twitter’s developer agreement, which prohibits the use of its data feed for surveillance or spying purposes.

This isn’t the first time that a company buying access to various social media feeds has been caught selling that information to law enforcers. Earlier this year Geofeedia was caught doing the same thing. Stories like this show that there’s no real divider between private and government surveillance. You should be guarding yourself against private surveillance as readily as you guard against government surveillance because the former becomes the latter with either a court order or a bit of money exchanging hands.

Will Dataminr have its access revoked like Geofeedia did? Let’s hope so. But simply cutting off Dataminr won’t fix the problem since I guarantee there are a bunch of other companies providing the same service. The only way to fix this problem is to stop using social media sites for activities you want to keep hidden from law enforcers. Don’t plan your protests on Facebook, don’t try to coordinate protest activity using Twitter, and don’t post pictures of your protest planning sessions on Instagram. Doing any of those things is a surefire way for law enforcers to catch wind of what you’re planning before you can execute your plan.

Public-Private Surveillance Partnership

with one comment

People often split surveillance into public and private. Public surveillance is perform directly by the State and is headed by agencies such as the National Security Agency (NSA), Federal Bureau of Investigations (FBI), and Central Intelligence Agency (CIA). Private surveillance is performed by corporations such as Harris Corporation, Facebook, and AT&T. Some libertarians and neoconservatives like to express a great deal of concern over the former because it’s being performed by the State but are mostly accepting of the latter because they believe private entities should be free to do as they please. However, the divide between public and private surveillance isn’t so clean cut. Private surveillance can become public surveillance with a simple court order. Even worse though is that private surveillance often voluntarily becomes public surveillance for a price:

Investigators long suspected Charles Merritt in the family’s disappearance, interviewing him days after they went missing. Merritt was McStay’s business partner and the last person known to see him alive. Merritt had also borrowed $30,000 from McStay to cover a gambling debt, a mutual business partner told police. None of it was enough to make an arrest.

Even after the gravesite was discovered and McStay’s DNA was found inside Merritt’s vehicle, police were far from pinning the quadruple homicide on him.

Until they turned to Project Hemisphere.

Hemisphere is a secretive program run by AT&T that searches trillions of call records and analyzes cellular data to determine where a target is located, with whom he speaks, and potentially why.

[…]

n 2013, Hemisphere was revealed by The New York Times and described only within a Powerpoint presentation made by the Drug Enforcement Administration. The Times described it as a “partnership” between AT&T and the U.S. government; the Justice Department said it was an essential, and prudently deployed, counter-narcotics tool.

Before you decide to switch from AT&T to Verizon it’s important to note that every major cellular provider likely has a similar program but they haven’t been caught yet. We know, for example, that Sprint has a web portal to make law enforcement access to customer data quick and easy and Verizon has a dedicated team for providing customer information to law enforcers. Those are likely just the tips of the icebergs though because providing surveillance services to the State is lucrative and most large companies are likely unwilling to leave that kind of money on the table.

At one time I made a distinction between public in private surveillance insofar as to note that private surveillance doesn’t lead to men with guns kicking down my door at oh dark thirty. It was an admittedly naive attitude because it didn’t figure how private surveillance becomes public surveillance into the equation. Now I make no distinction because realistically there isn’t a distinction and other libertarians should stop making the distinction as well (neoconservatives should also stop making the distinction but most of them are beyond my ability to help).

You’re Not the Customer, You’re the Product

with 3 comments

There ain’t no such thing as a free lunch (TANSTAAFL). Whenever somebody appears to be giving you something for free it likely means you’re the product, not the customer. Social media is a prime example of this. A lot of people claim that social media sites such as Facebook and Instagram are Central Intelligence Agency (CIA) products meant to surveil the populace. I personally don’t believe any government agency is clever enough to come up with a successful product like Facebook. But I also know they don’t care because they understand that Facebook exists to mine and sell information so they can forego the expenses of starting a service and just buy the data.

Geofeedia was recently caught selling social media data to law enforcement departments. The company managed to get its hands on this data by simply becoming a paying customer for sites such as Facebook and Twitter. Once the company was a paying customer it could grab user data, which is the real product, and package it up to sell to law enforcement departments.

But United States law enforcers aren’t the only buyers of social media data. Government agencies across the blog pay top dollar for surveillance data. The British Transport Police were also buying social media data:

The BTP, meanwhile, has purchased software called RepKnight. According to the company’s website, RepKnight can help identify, investigate or prevent political unrest, criminal activity, and activists. It can also be used to investigate DDoS attacks.

As well as searching Facebook, Reddit, Twitter and other social networks, RepKnight can be used for “sentiment analysis,” which presents users with “an instant summary of the mood across your search results, letting you quickly spot if something’s going wrong,” RepKnight’s site reads. Customers can use the service through a normal web browser, as well as on tablets and mobile phones.

In all, the BTP has spent £41,400 ($50,500) on purchasing the software and annual licenses for its use since July 2014, according to figures published by the Department for Transport.

A lot of people mistakenly believe their personal information isn’t worth anything. These are the people that usually say “Nobody cares what I do, I’m boring.” or “If they spy on me they’ll be bored.” or something else along those lines. But BTP forked out $50,000 just to surveil the seemingly mundane lives of everyday people. In other words, even the most boring person’s data is valuable.

What’s interesting is RepKnight seems to have some interesting capabilities. Geofeedia seems to be tailored towards surveillance but RepKnight seems to be tailored towards crushing political dissidence by allowing customers to go so far as launch a distributed denial of service (DDoS) attack.

As more of our lives move online the public-private surveillance partnership will continue to grow. Don’t be surprised if you’re pulled over in the near future and the law enforcer drags you out of your vehicle and beats the shit out of you because the surveillance software on his car’s laptop pulled up a negative commend you made about the police (the software, of course, will be loaded to enhance officer safety).

Written by Christopher Burg

October 18th, 2016 at 10:30 am

How to Use a IMSI Catcher

without comments

International Mobile Subscriber Identity (IMSI) catchers have remained one of the State’s more closely guarded secrets. In order for local law enforcers to gain access to one of the devices the Federal Bureau of Investigations requires them to sign a nondisclosure agreement. The FBI is even willing to drop cases rather than reveal how the surveillance devices work. But as Benjamin Franklin said, “Three may keep a secret, if two of them are dead.” With multiple agencies having access to information about IMSI catchers it was inevitable that information such as the user manuals would leak:

HARRIS CORP.’S STINGRAY surveillance device has been one of the most closely guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet.

I haven’t read through the manuals yet but the highlights posted by The Intercept shows the software tools provided with the catchers to be robust and so simple even a cop can use them.

One might be compelled to ask why the State is so dead set on keeping this technology secret. Especially when anybody with the money can acquire one through the black market. The answer to that question is that the State is like any other criminal organization in that it tries to keep its operations as secret as possible. Sure, it maintains a public face just as Al Capone maintained soup kitchens. But the nitty gritty stuff is always hidden behind a veil of fancy words like “classified”. This is because the State knows what it’s doing is morally repugnant and wouldn’t be enjoyed by the people who think the State serves them. Fortunately the State’s secrets always leak out eventually.

Written by Christopher Burg

September 13th, 2016 at 10:30 am

Technology Empowers Individuals

with one comment

In all regions of the planet having sex is legal. But in many regions being paid to have sex is illegal. Some of those areas to have a caveat where you can legally be paid for sex but you have to be filmed doing it. Either way, governmental restrictions on sex work have made the trade more dangerous. Many sex workers have been relegated to operating under the authority of abusive pimps. However, technology is changing that:

Soon after Kate ran into trouble at the nightclub—like many other fresh-faced high school girls in Hong Kong today—she discovered online forums to run her own business as a sex worker. On HK Big Man and HK Mensa, where ads are proliferating everyday, so-called “compensated daters” offer their services without the help of a middleman.

Bowie Lam Po-yee, who runs an organization called Teen’s Key that provides outreach for these girls, says that it’s common for one girl to find an ad she likes, and then copy it—with just minor adjustments. Then, girls leave their contact information and negotiate where they’ll meet and how much they’ll charge. It’s easier to evade the cops that way: they’re less likely to be caught for solicitation if they’ve checked a client out to see if he’s legitimate. Police can be obvious as to their identity when it comes to brokering a deal over a chat app.

The job of a pimp has been to market out sex workers and they often use their position abusively. Ubiquitous communication technology allows sex workers to market themselves. Forums, smartphones, and chat applications allow sex workers to cut out the middle man, which allows them to keep all of the profits as well as not be reliant on an abusive individuals.

This isn’t just true for sex workers. Online communication technology has also made the drug trade safer. Technology often acts as a balance to the State. When the State makes a market more dangerous by declaring it illegal technology helps make it safe again.

Written by Christopher Burg

August 19th, 2016 at 10:30 am

You Ought to Trust the Government with the Master Key

with one comment

The Federal Bureau of Investigations (FBI) director, James Comey, has been waging a war against effective cryptography. Although he can’t beat math he’s hellbent on trying. To that end, he and his ilk have proposed schemes that would allow the government to break consumer cryptography. One of those schemes is call key escrow, which requires anything encrypted by a consumer device be decipherable with a master key held by the government. It’s a terrible scheme because any actor that obtains the government’s master key will also be able to decrypt anything encrypted on a consumer device. The government promises that such a key wouldn’t be compromised but history shows that there are leaks in every organziation:

A FBI electronics technician pleaded guilty on Monday to having illegally acted as an agent of China, admitting that he on several occasions passed sensitive information to a Chinese official.

Kun Shan Chun, also known as Joey Chun, was employed by the Federal Bureau of Investigation since 1997. He pleaded guilty in federal court in Manhattan to one count of having illegally acted as an agent of a foreign government.

Chun, who was arrested in March on a set of charges made public only on Monday, admitted in court that from 2011 to 2016 he acted at the direction of a Chinese official, to whom he passed the sensitive information.

If the FBI can’t even keep moles out of its organization how are we supposed to trust it to guard a master key that would likely be worth billions of dollars? Hell, the government couldn’t even keep information about the most destructive weapons on Earth from leaking to its opponents. Considering its history, especially where stories like this involving government agents being paid informants to other governments, there is no way to reasonably believe that a master key to all consumer encryption wouldn’t get leaked to unauthorized parties.

Written by Christopher Burg

August 3rd, 2016 at 10:00 am

Americans aren’t Ready for Most Things

with 3 comments

One of the worst characteristics of American society, which is probably common in most societies, is the popular attitude of resisting change. Many Americans resist automation because they’re afraid that it will take people’s jobs. Many Americans resist genetically modified crops because they think nature actually gives a shit about them and therefore produces pure, healthy foodstuffs. Many Americans resist wireless communications because their ignorance of how radiation works has convinced them that anything wireless causes cancer.

With such a history of resisting advancement I’m not at all surprised to read that most Americans are resistant to human enhancement:

Around 66 and 63 percent of the respondents even said that they don’t want to go through brain and blood enhancements (respectively) themselves. They were more receptive to the idea of genetically modifying infants, though, with 48 percent saying they’re cool with making sure newly born humans won’t ever be afflicted with cancer and other fatal illnesses. Most participants (73 percent) are also worried about biotech enhancers’ potential to exacerbate inequality. Not to mention, there are those who believe using brain implants and blood transfusions to enhance one’s capabilities isn’t morally acceptable.

The concern about exacerbating inequality really made me guffaw. Few pursuits could reduce inequality as much as biotech. Imagine a world where paralysis could be fixed with a quick spinal implant. Suddenly people who were unable to walk can become more equal with those of us who can. Imagine a world where a brain implant could help people with developmental disabilities function as an average adult. Suddenly people suffering from severe autism can function at the same level as those of us not suffering from their disability. Imagine a world where a brain implant can bypass the effects of epilepsy or narcolepsy. Suddenly people who cannot drive due to seizures or falling asleep uncontrollably can drive.

Human enhancement can do more to create equality amongst people than anything else. Physical and mental disparities can be reduced or even eliminated. Anybody who can’t see that is a fool. Likewise, any moral system that declares self-improvement immoral is absurd in my opinion. Fortunately, the future doesn’t give two shits about opinion polls and the technology will advance one way or another.

Written by Christopher Burg

July 28th, 2016 at 11:00 am