A Geek With Guns

Discount security adviser to the proles.

Archive for the ‘Your Government Doesn’t Love You’ tag

The Problem With Statutory Laws

without comments

Statutory law, like democracy, is often erroneously held up as a feature of truly great societies. The problem with statutory law is that it’s based on the belief that the decrees of legislators and the rulings of judges are justice. But justice is about righting a wrong as much as possible and statutory law often fails miserably at this. Consider the recent rape case in Oklahoma:

The case involved allegations that a 17-year-old boy assaulted a girl, 16, after volunteering to give her a ride home. The two had been drinking in a Tulsa park with a group of friends when it became clear that the girl was badly intoxicated. Witnesses recalled that she had to be carried into the defendant’s car. Another boy, who briefly rode in the car, recalled her coming in and out of consciousness.

The boy later brought the girl to her grandmother’s house. Still unconscious, the girl was taken to a hospital, where a test put her blood alcohol content above .34. She awoke as staff were conducting a sexual assault examination.

Tests would later confirm that the young man’s DNA was found on the back of her leg and around her mouth. The boy claimed to investigators that the girl had consented to performing oral sex. The girl said she didn’t have any memories after leaving the park. Tulsa County prosecutors charged the young man with forcible oral sodomy.

[…]

But the trial judge dismissed the case. And the appeals court ruling, on 24 March, affirmed that prosecutors could not apply the law to a victim who was incapacitated by alcohol.

“Forcible sodomy cannot occur where a victim is so intoxicated as to be completely unconscious at the time of the sexual act of oral copulation,” the decision read. Its reasoning, the court said, was that the statute listed several circumstances that constitute force, and yet was silent on incapacitation due to the victim drinking alcohol. “We will not, in order to justify prosecution of a person for an offense, enlarge a statute beyond the fair meaning of its language.”

According to the judge’s interpretation of the law a woman who is so intoxicated that she has been render unconscious cannot be forcibly sodomized. And Oklahoma’s law very well might be written in that way, which is the problem.

This case should be focusing on the wrong that was performed and the best way to correct that wrong as far as possible. In any sane justice system that would be the focus. The question of whether a person can consent if they’re not in a sound state of mind, for example, would probably be explored if the focus was on the wrong. Most people would likely agree that a person who is so drunk that they’ve passed out cannot consent to a legal control, let alone sex.

But under statutory law the focus isn’t the wrong but on what was written by legislators and ruled by other judges.

Written by Christopher Burg

April 30th, 2016 at 10:30 am

Berning The Middle East Down

without comments

One thing that marks this presidential election is the complete absence of a mainstream anti-war candidate. In 2008 and 2012 Ron Paul was the predominant anti-war candidate for the Republicans and Obama pretended to be anti-war in his 2008 campaign. But this year not a single major candidate is even pretending to be anti-war. When I point this out somebody inevitably brings up Bernie Sanders but even he isn’t hiding his murderous desires:

QUESTION: Senator Sanders, you said that you think that the U.S. airstrikes are authorized under current law, but does that mean that the U.S. military can lawfully strike ISIS-affiliated groups in any country around the world?

SANDERS: No, it does not mean that. I hope, by the way, that we will have an authorization passed by the Congress, and I am prepared to support that authorization if it is tight enough so I am satisfied that we do not get into a never-ending perpetual war in the Middle East. That I will do everything I can to avoid.

(APPLAUSE)

But the President, no President, has the ability willy-nilly to be dropping bombs or using drones any place he wants.

HAYES: The current authorization which you cite in what Miguel just quoted which is the authorization to use military force after 9/11. That has led to the kill list. This President — literally, there is a kill list. There is a list of people that the U.S. government wants to kill, and it goes about doing it. Would you keep the kill list as President of the United States?

SANDERS: Look. Terrorism is a very serious issue. There are people out there who want to kill Americans, who want to attack this country, and I think we have a lot of right to defend ourselves. I think as Miguel said, though, it has to be done in a constitutional, legal way.

HAYES: Do you think what’s being done now is constitutional and legal?

SANDERS: In general I do, yes.

So he’s hoping, as president, he’ll receive authorization to continue doing what Bush and Obama have already been doing. But even more concerning is his support of the kill list.

I’ve discussed the kill list several times but I’ll summarize the problem with it for the benefit of newer readers. The names that appear on the kill list aren’t people who have been found guilty through due process. In fact we only know a little bit about the secret criteria used to justify adding names to the list and that information only came from an unauthorized leak. Sanders believes murdering foreigners without due process is both constitutional and legal.

To put this as diplomatically as I can, fuck Sanders. Anybody who claims he’s an anti-war candidate is either a liar or ignorant.

Written by Christopher Burg

April 28th, 2016 at 10:00 am

It’s Good To Be The King’s Men

with one comment

A court ordered the Federal Bureau of Investigations (FBI) to reveal the exploit it used to reveal the identities of systems that accessed a Tor hidden service that was serving child pornography. The FBI has responded by saying, “Nah, brah!”

In yet another case, the one involving Jay Michaud — his lawyers have now told the court that the DOJ has made it clear that despite the court ruling earlier this year that the FBI must reveal the details of the NIT/hacking tool, it will not do so (first revealed by Brad Heath).

This refusal is nothing new. The FBI has refused to turn over information about Stingray interceptors as well:

The filing goes on to point out how the FBI has similarly been refusing to reveal details of its Stingray mobile phone surveillance tools (something we’ve discussed here quite a bit), leading to convictions being overturned. As Michaud’s lawyers point out, the situation here is basically the same. If the FBI refuses to obey a court order, then the case should be dropped.

While the article does note that the Stringray case was dropped I think it’s important to note the stark difference between the way the king’s men are treated compared to regular individuals. If a court orders somebody like you or me to do something and we refuse we’re held in a cage until we decide to comply. When the FBI refused to obey a court order they go unpunished. For the sake of consistency I believe the judge should order the agents involved in the case and the heads of the FBI to be locked in a cage until they comply with the court order.

Written by Christopher Burg

April 27th, 2016 at 10:30 am

Banning The Boogeyman

with one comment

Does the boogeyman exist? Most people would say he doesn’t. But some might point out that there’s no way to prove with absolute certainty that he doesn’t exist. Technically that would be a true statement. However, few people would change the way they live their lives based on the infinitesimal possibility that the boogeyman may exist.

The arguments in favor of these bathroom restriction bills sounds an awful lot like arguments in favor of creating laws to ban the boogeyman. Most of the arguments in favor of these bills are based on the hypothetical threat that a cisgender male will pretend to be a transwoman to gain entry into the women’s restroom for the purpose of committing sexual assault.

I call the threat hypothetical because there hasn’t been a notable number of such crimes being perpetrated. In fact I’ve only found one instance of such a crime and it occurred in Canada and only after this debate started making headlines (which is important to note because it’s quite possible the perpetrator wouldn’t have attempted to use such an excuse had the politicians not been waging this war). That’s two less incidents than the number of Republicans arrested for misconduct in bathrooms.

The arguments in favor of these bathroom bills are no more valid than arguments in favor of passing legislation to ban the boogeyman. Both are built on a foundation of unfounded fear mongering.

What gets me is the hypocrisy of some of the proponents of these bills. Some of the people supporting these bathroom bills on the grounds of a hypothetical threat were also the ones arguing against restricting people from carrying firearms on the grounds that the anti-gunners’ hypothetical threats were never been realized. If hypothetical threats aren’t a valid foundation to build laws off of for one thing then they shouldn’t be valid for anything.

Written by Christopher Burg

April 21st, 2016 at 10:30 am

FBI Found Nothing Significant On Farook’s iPhone

without comments

After all that fuss over Farook’s iPhone the Federal Bureau of Investigations (FBI) finally managed to unlock it without conscripting Apple. So did the agency find information that will allow them to arrest the next terrorists before they can attack? Did the phone contain the secret to destroying the Islamic State? No and no. It turns out, as most people expected, there wasn’t anything significant on the phone:

A law enforcement source tells CBS News that so far nothing of real significance has been found on the San Bernardino terrorist’s iPhone, which was unlocked by the FBI last month without the help of Apple.

It was stressed that the FBI continues to analyze the information on the cellphone seized in the investigation, senior investigative producer Pat Milton reports.

All that hullabaloo over nothing. This is a reoccurring trend with the State. It makes a big stink about something to justify a demand for additional powers. Eventually it’s revealed that reason it needed the additional power was nothing more than fear mongering. Why anybody takes the State seriously is beyond me.

Written by Christopher Burg

April 15th, 2016 at 10:30 am

How The Government Protects Your Data

without comments

Although I oppose both public and private surveillance I especially loathe public surveillance. Any form of surveillance results in data about you being stored and oftentimes that data ends up leaking to unauthorized parties. When the data is leaked from a private entity’s database I at least have some recourse. If, for example, Google leaks my personal information to unauthorized parties I can choose not to use the service again. The State is another beast entirely.

When the State leaks your personal information your only recourse is to vote harder, which is the same as saying your only recourse is to shut up and take it. This complete lack of consequences for failing to implement proper security is why the State continues to ignore security:

FRANKFORT, Ky. (AP) — Federal investigators found significant cybersecurity weaknesses in the health insurance websites of California, Kentucky and Vermont that could enable hackers to get their hands on sensitive personal information about hundreds of thousands of people, The Associated Press has learned. And some of those flaws have yet to be fixed.

[…]

The GAO report examined the three states’ systems from October 2013 to March 2015 and released an abbreviated, public version of its findings last month without identifying the states. On Thursday, the GAO revealed the states’ names in response to a Freedom of Information request from the AP.

According to the GAO, one state did not encrypt passwords, potentially making it easy for hackers to gain access to individual accounts. One state did not properly use a filter to block hostile attempts to visit the website. And one state did not use the proper encryption on its servers, making it easier for hackers to get in. The report did not say which state had what problem.

Today encrypting passwords is something even beginning web developers understand is necessary (even if they often fail to property encrypt passwords). Most content management systems do this by default and most web development frameworks do this if you use their builtin user management features. The fact a state paid developers to implement their health insurance exchange and didn’t require encrypted passwords is ridiculous.

Filtering hostile attempts to visit websites is a very subjective statement. What constitutes a hostile attempt to visit a website? Some websites try to block all Tor users under the assumption that Tor has no legitimate uses, a viewpoint I strongly disagree with. Other websites utilize blacklists that contain IP addresses of supposedly hostile devices. These blacklists can be very hit or miss and often block legitimate devices. Without knowing what the Government Accountability Office (GOA) considered effective filtering I’ll refrain from commenting.

I’m also not entirely sure what GOA means by using property encryption on servers. Usually I’d assume it meant a lack of HTTP connections secured by TLS. But that doesn’t necessarily impact a malicious hackers ability to get into a web server. But it’s not uncommon for government websites to either not implement TLS or implement it improperly, which puts user data at risk.

But what happens next? If we were talking about websites operated by private entities I’d believe the next step would be fixing the security holes. Since the websites are operated by government entities though it’s anybody’s guess what will happen next. There will certainly be hearings where politicians will try to point the finger at somebody for these security failures but finger pointing doesn’t fix the problem and governments have a long history of never actually fixing problems.

Written by Christopher Burg

April 13th, 2016 at 10:00 am

FBI Claims Its Method Of Accessing Farook’s Phone Doesn’t Work On Newer iPhones

with one comment

So far the Federal Bureau of Investigations (FBI) hasn’t given any specific details on how it was able to access the data on Farook’s phone. But agency’s director did divulge a bit of information regarding the scope of the method:

The FBI’s new method for unlocking iPhones won’t work on most models, FBI Director Comey said in a speech last night at Kenyon University. “It’s a bit of a technological corner case, because the world has moved on to sixes,” Comey said, describing the bug in response to a question. “This doesn’t work on sixes, doesn’t work on a 5s. So we have a tool that works on a narrow slice of phones.” He continued, “I can never be completely confident, but I’m pretty confident about that.” The exchange can be found at 52:30 in the video above.

Since he specifically mentioned the iPhone 5S, 6, and 6S it’s possible the Secure Enclave feature present in those phones thwarts the exploit. This does make sense assuming the FBI used a method to brute force the password. On the iPhone 5C the user password is combined with a hardware key to decrypt the phone’s storage. Farook used a four digit numerical password, which means there were only 10,000 possible passwords. With such a small pool of possible passwords it would have been trivial to bruce force the correct one. What stood in the way were two iOS security features. The first is a delay between entering passwords that increases with each incorrect password. The second is a feature that erases the decryption keys — which effectively renders all data stored on the phone useless — after 10 incorrect passwords have been entered.

On the 5C these features are implemented entirely in software. If an attacker can bypass the software and combine passwords with the hardware key they can try as many passwords they want without any artificial delay and prevent the decryption keys from being erased. On the iPhone 5S, 6, and 6S the Secure Enclave coprocessor handles all cryptographic operations, including enforcing a delay between incorrect passwords. Although this is entirely speculation, I’m guessing the FBI found a way to bypass the software security features on Farook’s phone and the method wouldn’t work on any device utilizing Secure Enclave.

Even though Secure Enclave makes four digit numerical passwords safer they’re still dependent on outside security measures to protect against bruce force attacks. I encourage everybody to set a complex password on their phone. On iPhones equipped with Touch ID this is a simple matter to do since you only have to enter your password after rebooting the phone or after not unlocking your phone for 48 hours. Besides those cases you can use your fingerprint to unlock the phone (just make sure you reboot the phone, which you can do at anytime by holding the power and home buttons down for a few seconds, if you interact with law enforcement so they can’t force you to unlock the phone with your fingerprint). With a strong password brute force attacks become unfeasible even if the software or hardware security enhancements are bypassed.

Written by Christopher Burg

April 8th, 2016 at 10:30 am

The FBI Heroically Saves Us Yet Again From A Criminal It Created

with one comment

Just one week after heroically saving us from a terrorist it created, the Federal Bureau of Investigations (FBI) has saved us from yet another criminal it created:

US authorities depict Franey as an unstable anti-government militant who deserved a closer look to see how far he might go. One of his neighbors told FBI agents that Franey said he hated the US military for not allowing him “to leave the Army” after he enlisted, and that he railed at the system for “taking away his kids.” As US Attorney Hayes put it, the Justice Department was obligated to “pursue all available leads to ensure the public was protected from any possible harm.”

But while it seems Franey talked often and enthusiastically about plotting a terrorist attack, there’s little indication he ever had any intention of following through with his threats until the FBI’s undercover agent came along. After befriending Franey, the agent took him on an eight-month ride — sometimes literally, including a road trip along the West Coast — while recording their conversations, doling out cash, furnishing him with guns, and then busting him for illegal possession of the weapons.

I once heard that the FBI used to arrest criminals it didn’t create. Does it still do that once in a while? Is that still a thing?

What happened here is the same thing that always happens. The FBI identified somebody, likely of lukewarm intelligence, who it thought was capable of being radicalized into a threat. It then assigned an agent to befriend the individual and slowly radicalize him. After radicalizing him the agent then provided him a means to perpetuate an attack. The operation then closed with the agent arresting the guy for basically being a radicalized individual in possession of a means to commit an attack.

In this case the FBI’s prey was arrested for illegally possessing weapons. Weapons which were given to him by the FBI.

These operations rely on taking a hypothetical scenario and making it a reality. The individuals they target are those the agency deems capable of being radicalized. If left to their own devices the individuals would almost certainly remain harmless. Most of these individuals are socially isolated, aren’t the brightest bulbs in the box, and are seldom go-getters. Since they’re socially isolated they’re usually desperate for friendship, which makes them vulnerable to FBI agents. Their lukewarm intelligence also makes them more susceptible to being influenced. When you combine social isolation with lukewarm intelligence you have a recipe for an individual who can be easily manipulated to do bad things. But even if they’re manipulated into doing something bad they seldom have the motivation or means. So the FBI prods these individuals into performing an attack and provides them a means with which to pull it off. Finally, with all the pieces in place the FBI arrests its creation.

What the FBI is doing is preying on vulnerable individuals, convincing them to do something bad, and then providing the means to do that bad thing. If the FBI didn’t involve itself these people would normally just fade into the annals of history. The FBI isn’t protecting us from anything with these operations. It’s creating a bad situation and then claiming to save everybody from it.

Religious Freedom*

with one comment

Mississippi recently passed House Bill 1523 [PDF] into law. The bill was described by its proponents as legislation to protect religious freedom by prohibiting the government from discriminating against actions performed due to strong religious convictions. What the proponents of the bill forgot to mention was the giant asterisk that noted the restrictions. House Bill 1523 only protects your religious freedom as long as you believe the right things:

SECTION 2. The sincerely held religious beliefs or moral convictions protected by this act are the belief or conviction that:

(a) Marriage is or should be recognized as the union of one man and one woman;

(b) Sexual relations are properly reserved to such a marriage; and

(c) Male (man) or female (woman) refer to an individual’s immutable biological sex as objectively determined by anatomy and genetics at time of birth.

If your religious beliefs our outside of those three criteria this bill does not protect them. For example, members of the Church of the Phenomenological Agorist hold a strong moral conviction that participation in the black market is not only righteous but a holy duty. Even though black market participation is a strongly held moral conviction the government will still ruthlessly pursue discriminatory action against them.

Do your religious beliefs acknowledge polygamy? If so those beliefs actually directly go against this bill since it only protects beliefs that acknowledge marriage as a union of one man and one woman. Don’t like it? Tough shit. You should have chosen a governmentally protected religion.

So long as you believe one of the three approved beliefs the government of Mississippi will not prosecute you for refusing to perform a wedding or bake a cake nor will it prosecute you for enforcing bathroom assignments. It will not restrain itself from prosecuting you for, for example, refusing service to police officers, something the Church of the Phenomenological Agorist strongly encourages, or people who discriminate against polygamous families.

This bill isn’t about religious freedom, it’s about religious discrimination. It creates two tiers for religions: those that subscribe to the beliefs specifically noted in the bill and those that do not. Members of religions in the first tier receive special treatment from the Mississippi government. Members of all other religions have to suffer the full brunt of the government’s boot stomping down on their faces.

Written by Christopher Burg

April 7th, 2016 at 11:00 am

A New Hero Arises

with 2 comments

Setting aside my general hatred of intellectual property, I want to discuss an especially heinous abuse of intellectual property laws. A lot of research done in the United States is funded by tax dollars. We’re told this is necessary because the research wouldn’t be done if it was left to the market and that we shouldn’t complain because the research benefits all of us. But the research fueled by tax funding seldom benefits all of us because the findings are locked away being the iron curtain of publisher paywalls. We may have been forced to fund it but we don’t get to read it unless we’re willing to pay even more to get a copy of the research papers.

Aaron Swartz fought against this and was ruthlessly pursued by the State for his actions. Now that he has left us a new hero has risen to the call. Alexandra Elbakyan is the creator and operator of Sci-Hub, a website created to distribute research papers currently secured behind paywalls:

But suddenly in 2016, the tale has new life. The Washington Post decries it as academic research’s Napster moment, and it all stems from a 27-year-old bioengineer turned Web programmer from Kazakhstan (who’s living in Russia). Just as Swartz did, this hacker is freeing tens of millions of research articles from paywalls, metaphorically hoisting a middle finger to the academic publishing industry, which, by the way, has again reacted with labels like “hacker” and “criminal.”

Meet Alexandra Elbakyan, the developer of Sci-Hub, a Pirate Bay-like site for the science nerd. It’s a portal that offers free and searchable access “to most publishers, especially well-known ones.” Search for it, download, and you’re done. It’s that easy.

“The more known the publisher is, the more likely Sci-Hub will work,” she told Ars via e-mail. A message to her site’s users says it all: “SCI-HUB…to remove all barriers in the way of science.”

I fear many libertarians will be quick to dismiss Alexandra because she espouses anti-capitalist ideals. But it’s important to focus her actions, which are very libertarian indeed. She is basically playing the role of Robin Hood by liberating stolen wealth from the State and returning it to the people. The money has already been spent so it cannot be retrieved but what it bought, research, is still there and should be returned to the people as compensation for the original theft. That is all freely releasing tax funded research is and for her part Alexandra should be treated as the hero she is.