Living in Condition Yellow

"Condition Yellow" is a term coined by one of the all-time great personal defense teachers, the late Lt. Col. Jeff Cooper. Colonel Cooper described condition white as a state in which one was unaware of his or her surrounding and was unprepared to react to sudden danger. Condition yellow is a state of relaxed alertness. In condition yellow, you are aware of who and what is around you. You are paying attention to the sights and sounds that surround you, but this is not a state of paranoia or any other irrational fear. You simply maintain a level of alertness that will prevent you from being totally surprised by the actions of another person.  Condition Orange is a heightened awareness focused on gathering input when there is reason to believe that some particular danger is present. And, condition red is when a specific danger has been identified.

Accept that you may be a target, so make yourself a hard target. Conduct an assessment of your vulnerabilities. How might you be attacked on the job, at home, outside doing activities, while driving in vehicle or parked, and anything else that comes to mind. Then take immediate steps to mitigate any vulnerabilities that you identify whenever possible. Look at your daily routines and reassess them.

Pay attention and stay aware of your surroundings at all times. Expect to be attacked. Formulate a plan for wherever you go, and whenever you encounter suspicious people or circumstances. You may be attacked but you should never be surprised.

Pull your head out of your smartphone. Don’t look at it for more than a few seconds when you are out and about in a public area where anyone is around you. If it helps, just think of some attacker coming up from behind and blowing your brains out every time you are looking down to do some texting or check an email in public.

Improve your performance with firearms - particularly handguns. Learning to fight effectively with a handgun is more than just upgrading your qualification scores. If you are being targeted with deadly force, commit to the fight, stay mentally calm and stay deliberate in your shooting. Every round has a purpose.  Don’t let fear of consequences - legal or otherwise - rule your decisions. Hesitation is a killer.

Start carrying a gun that you can shoot well. A gun that’s too small is far harder to shoot quickly and accurately then a bigger gun. Use a proper holster and mag pouches. Wear appropriate clothing to conceal it effectively. Carry at least two extra magazines as well as the one in the gun.

Protect your home and your family. Train your spouse and children how to think and what to do. Have a plan for incidents in and out of the home or at school etc. Teach them self-defense skills and the use of firearms if they are old enough to learn. Harden their minds to the use of force and teach them how to fight. Feeling helpless is debilitating at any age.

The Warrior Mindset - Lt Col Jeff Cooper USMC (YouTube Video)
 

 

 

Book Mentioned in Colonel Cooper's Speech.

 

 



Heather from Credit Card Services

What’s the deal with "Heather from Credit Card Services"?

"Hi, this is Heather from Credit Card Services calling about your credit card account. There is no problem with your credit card. It appears that you are now eligible for a significantly lower interest rate on your account. However, this offer is about to expire, so please press 1 now to be transferred to a live representative who can assist you in securing your lower interest rate."

Heather and her cohorts - Anne, Tiffany, Rachel, Michael, Sarah and others - from "Credit Card Services" have been annoying people for years with their illegal robo-calls. The scammers behind the sales pitches claim to have special relationships with credit card issuers. They guarantee that the reduced rates they offer will save you thousands of dollars in interest and finance charges, and will allow you to pay off your credit card debt three to five times faster. 

But, is it true? Can "Credit Card Services" actually lower your interest rate?

NO! It’s a scam! If you press "1," you’re connected to a scammer who will ask for your credit card number and other personal information. Their promises aren’t true. There are no guarantees for permanently lowered interest rates.

Some things to be aware of...

1) If it's a robo-call it probably a scam.  According to the Federal Trade Commission if the robo-call is a sales message and you haven't given your written permission to get calls from the company on the other end, the call is illegal. In addition to the phone calls being illegal, their pitch most likely is a scam.

2) Are you listed with the National Do Not Call Registry? If so and you receive a marketing call, it is absolutely a scam. Legitimate businesses screen their call lists against the National Do Not Call Registry. Legitimate businesses won't call you, but scammers still will.

What should I do if I get these calls?

Don’t give out your credit card information. Once a scammer has your data, they can charge your credit card for their own purchases or sell the information to other scammers.

Don’t share other personal financial or sensitive information like your bank account or Social Security numbers. Scam artists often ask for this information during an unsolicited sales pitch, and then use it to commit other frauds against you.

Hang up. Don’t press any buttons on your phone. Don’t press 1 to speak to someone - or to be taken off the call list. You’ll just get more annoying calls.

Mastering The Lock

 

If you are looking for an inexpensive lock picking set to learn the art of lock picking or improve your current skills, you might like the Mastering the Lock Professional Lock Picking Set. The kit sells for $29.00 +$10.00 Shipping by DHL.

 

Bosnian Bill reviews this kit here: https://www.youtube.com/watch?v=esWmGQ8yvtA

Tax Identity Theft

Protecting Yourself Against Tax Identity Theft.

It’s tax season and tax identity thieves are eager to claim your tax refund as their own. Find out how to stop them during Tax Identity Theft Awareness Week, January 29 - February 2, 2018.

The FTC and its partners are hosting free webinars and Twitter chats to talk about tax identity theft, how to reduce your risk, and what to do if it happens to you. Visit http://ftc.gov/taxidentitytheft to learn how to participate.

Data Privacy Day - January 28th

 

January 28th is Data Privacy Day. Millions of people are unaware of and uninformed about how their personal information is being used, collected or shared in our digital society. Data Privacy Day aims to inspire dialogue and empower individuals and companies to take action.

 

Here are some things that you can do to protect yourself, your family, and your files:

 

Use Two-Factor Authentication

 

Add A Credit Freeze to Your Accounts

 

Update Your Passwords and Use A Password Manager

 

Use An End-to-End Encrypted Messaging App Like: Signal or WhatsApp

 

Choose An Encrypted E-mail Service Such As: ProtonMail or Tutanota

 

Encrypt Your Files with VeraCrypt. Consider Full-Disk Encryption.

 

Scan Your Computer with Malwarebytes and CCleaner

 

Install HTTPS:// Everywhere

 

Install Privacy Badger and Enable Do Not Track

 

Opt-Out of Prescreened Credit and Insurance Offers

 

Add Your Phone Numbers to the National Do Not Call Registry

 

Protect Your On-line Purchases with Privacy.Com

 

Review A Copy of Your Credit Report

 

Share Data Privacy & Security Information with Your Friends & Family

 

 

 

 

Safeguard Your Social Security Number

The FTC Warns About the SSN Scam

Your Social Security number is an important key for an identity thief. Scammers want it, and they think of all sorts of ways to trick you into giving it away.

Here at the Federal Trade Commission, we’re getting reports about calls from scammers claiming to be from the Social Security Administration. They say there’s been a computer problem, and they need to confirm your Social Security number.

Other people have told us that they have come across spoof websites that look like the place where you would apply for a new Social Security card – but these websites are actually a setup to steal your personal information.

If you get a phone call or are directed to a website other than ssa.gov that is claiming to be associated with the Social Security Administration, don’t respond. It’s most likely a scam.

Here’s some tips to deal with these government imposters:

• Don’t give the caller your information. Never give out or confirm sensitive information – like your bank account, credit card, or Social Security number – unless you know who you’re dealing with. If someone has contacted you, you can’t be sure who they are.
• Don’t trust a name or number. Con artists use official-sounding names to make you trust them. To make their call seem legitimate, scammers use internet technology to spoof their area code – so although it may seem they are calling from Washington, DC, they could be calling from anywhere in the world.
• Check with the Social Security Administration. The SSA has a warning about these scams and suggests you contact them directly at 1-800-772-1213 to verify the reason for the contact and the person’s identity prior to providing any information to the caller.
• If you come across one of these scams, please report it to the Social Security Administration’s Fraud Hotline at 1-800-269-0271 and then tell the FTC about it. https://www.ftccomplaintassistant.gov/

 

The Social Security number has become a national identification number in the United States, and as a result of this it has also become the key to identity theft. Many people assume that they are required to give their SSN whenever and by whoever asked. That is simply not true.  Federal law does not prohibit a merchant or other business from requesting your SSN. However, there is no state or federal law that requires you to provide your SSN to any entity not authorized by law to require it.

 

Agencies that may require your SSN:

• Government tax and welfare agencies, including the IRS, other federal agencies (for health benefits and other entitlements), state/local tax or revenue agencies.
• State professional/occupational/recreational licensing agencies.
• Other governmental agencies -- under federal law, they must tell you why your SSN is needed, whether giving your SSN is mandatory or voluntary, and how your SSN is to be used.
• Employer – You employer can require it for wage/tax purposes, but NOT from a job applicant.
• Banks and securities brokerages -- under the USA Patriot Act, 31 U.S.C. § 5318, financial institutions are required to establish minimum standards for properly identifying their customers opening new accounts (include checking, savings, loans, safe deposit boxes, and/or investments). Under federal regulations adopted in May 2003, banks, savings associations, credit unions, securities broker-dealers, futures commissions merchants, and mutual funds were required to have Customer Identification Programs (“CIPs”) in place by October 1, 2003. Information required to identify customers under a CIP includes name, date of birth, address, and a social security or federal tax identification number.
• State motor vehicle departments – the may collect your SSN but some state laws prohibit the recording of your SSN on your driver’s license or state identification card.

According to the Social Security Administration: Organizations should avoid using Social Security numbers (SSNs) as identifiers for any type of transaction.

 

In an effort to curtail identity theft, the Social Security Administration (SSA) is initiating a public information program to encourage the use of alternate identifiers in place of the Social Security Number (SSN.) Many organizations including businesses, government agencies, medical facilities and educational institutions continue to use the SSN as the primary identifier for their record keeping systems. [The Social Security Administration is] seeking your support, as well as the support of the general public, in helping to ensure the integrity of individual SSNs.

Identity theft is one of the fastest growing crimes in American society. The routine and often indiscriminate use of SSNs as identifiers creates opportunities for individuals to inappropriately obtain personal information. Repetitive use and disclosure of SSNs in organizational record keeping systems, multiplies the susceptibility of persons to potential identity theft. Through misuse of SSNs, individuals are subject to the danger of identity theft and its repercussions. Access to an individual’s SSN can enable an identity thief to obtain information that can result in significant financial difficulties for the victim. While this can be disruptive for the individual, it can also lead to civil liability for the organization and its individual employees if someone is harmed by information that has been made available to others.

An organization’s collection and use of SSNs can increase the risk of identity theft and fraud. Each time an individual divulges his or her SSN, the potential for a thief to illegitimately gain access to bank accounts, credit cards, driving records, tax and employment histories and other private information increases. Because many organizations still use SSNs as the primary identifier, exposure to identity theft and fraud remains.

• Never list an SSN when posting a paper record on a public bulletin board
• Never send SSNs via an electronic format
• Never have a computer log-in system where a person has to use their SSN
• Never use SSNs on ID cards
• Never send SSNs on postcards
• Never store SSNs on unprotected computer systems
• Never carry a Social Security Number card on your person 

Guard Your Last Four. Although most widely used and shared, the last four digits of your SSN are in fact the most important to protect. These are truly random and unique; the first five numbers represent when and where your Social Security card was issued (prior to 2011). So don’t use the last four of your SSN as a PIN, or as a way to confirm your identity over the telephone. Ask companies to use an alternative identifier.

The ACLU recommends that you "Use caution when giving out your SSN to a government agency. They are required by the Privacy Act of 1974 to tell you why your SSN is necessary, whether giving your SSN is mandatory or voluntary, and how your SSN will be used. [Always get a written copy of the Privacy Act requirements when a government agency asks for your personal information.] And stop giving your SSN to private organizations. Suggest they use an alternative identifying number. If they refuse, think about taking your business elsewhere."

The Electronic Privacy Information Center (EPIC) has stated "The widespread use of the SSN as an identifier and authenticator has lead to an increase in identity theft. According to the Privacy Rights Clearinghouse, identity theft now affects between 500,000 and 700,000 people annually... Identity theft litigation also shows that the SSN is central to committing fraud. In fact, the SSN plays such a central role in identification that there are numerous cases where impostors were able to obtain credit with their own name but a victim's SSN, and as a result, only the victim's credit was affected."

The bottom line is that use of your SSN to identify you across multiple records and systems of records puts you at risk. Whenever a business or government agency asks for your SSN that risk is increased. Always understand what use will be made of your SSN if you provide it. For government agencies, always obtain a written copy of the Privacy Act provisions related to their request for your SSN. For private businesses, always ask that they not include your SSN in their records and that they use an alternate identifier. For businesses that insist on having your SSN, consider filing complaints with the Better Business Bureau and your state consumer protection agency. As a general rule whenever you are asked to provide your SSN (or even your last 4) - Just Say No!

 

 

Russia Orders Messaging Apps To Hide Cooperation With Law Enforcement

According to an article in the Moscow Times: Messaging services in Russia have been banned from disclosing any cooperation with law enforcement agencies, according to a new government decree.

A 2015 law requires internet companies to store Russian citizens’ personal data on local servers accessible to local law enforcement. Over the past year, the popular Telegram messaging app has been embroiled in a legal battle with Russia's Federal Security Services (FSB) over refusing to provide access to the online conversations of users, including suspected terrorists.

The new decree orders messengers to ensure the non-disclosure of any information regarding specific facts and contents" when cooperating with the authorities.

The messengers are also required to provide remote access to their systems no later than three months after receiving a request from the FSB.

Last year, Telegram appealed to the UN  to intervene in its legal battle with the FSB over online privacy rights.  Telegram's founder, Pavel Durov, has previously said that the FSB's demands violate the constitutional rights of Russian citizens to the privacy of correspondence.

--
I respect Telegram for standing up for the privacy rights of Russian citizens (and all users of Telegram), much as Apple did in the United States when faced with demands from the FBI to create a backdoor to defeat the encryption on iPhones.

Telegram, has a feature called "Secret Chats" which increases the security of your communications by providing end-to-end encryption. The Telegram FAQ page says:

"Secret chats are meant for people who want more secrecy than the average fella. All messages in secret chats use end-to-end encryption. This means only you and the recipient can read those messages - nobody else can decipher them, including us here at Telegram (more on this here). On top of this, Messages cannot be forwarded from secret chats. And when you delete messages on your side of the conversation, the app on the other side of the secret chat will be ordered to delete them as well.

You can order your messages, photos, videos and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then disappear from both your and your friend's devices.

All secret chats in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret chat from their device of origin. They are safe for as long as your device is safe in your pocket."

You can download Telegram here: https://telegram.org 

PacSafe

Protect your valuables while you're out exploring with the Pacsafe Travelsafe portable safe, which is available in two sizes - five liters (5L) and twelve literes (12L). The poly-canvas material is embedded with Pacsafe's patented 360-degree eXomesh locking system, a stainless steel wire mesh that helps prevent would-be thieves from breaking into the safe.

It comes with a TSA accepted 3-dial combination lock, and it features a padded EVA foam laminated and soft brushed polyester lining, water resistant exterior, and handles for convenient carrying. The 12L model can fit a 13-inch laptop, while the 5L model can store an iPad (10-inch tablet)

When you're not using it, the Pacsafe Travelsafe portable safe conveniently folds down flat to fit into your luggage.

PacSafe Travel Safe is an excellent way to secure valuables in your vehicle against smash and grab theft.

Opt-Out of People Search Databases (UPDATES)

At the beginning of the month (January 2018) I posted a list of links allowing you to Opt-Out of People Search Databases.

Here are an additional ten data broker opt-out links. All of these are now also included in my original post.

DOB Search - https://www.dobsearch.com (Select "Manage My Listing")
Info Tracer - https://members.infotracer.com/customer/terms?tab=optout
Go Lookup - https://golookup.com/support/optout
LexisNexis (KnowX) - https://optout.lexisnexis.com/oo.jsp
PeopleLooker - https://www.peoplelooker.com/f/optout/search
Public Records Directory - https://publicrecords.directory/contact.php
Research.Com - https://www.research.com/people-search/opt-out
Seek Verify - https://seekverify.com (e-mail: privacy@seekverify.com to opt-out)
US Identify - http://www.usidentify.com/company/privacy.html (See para. IV. Choice & Opt Out)
Truth Finder - https://www.truthfinder.com/opt-out/

What are data brokers? Spokeo, White Pages, Intelius, Been Verified, People Finders? This article by Abine* is a good overview of data brokers and how to opt-out of having our data displayed by many of these companies. The article ends with a recommendation to use the Abine "Delete Me" service to help remove your personal information from the Internet. 

*Abine, Inc. is The Online Privacy Company. Founded in 2009 by MIT engineers and financial experts, Abine’s mission is to provide easy-to-use online privacy tools and services to everybody who wants them.

Zello - Walkie-Talkie App

Zello is an application startup located in Austin, Texas. The application emulates push-to-talk (PTT) walkie-talkies over cellular networks. The apps is available for Android, iOS, Blackberry, Windows Phone, Windows PC, rugged mobile devices and two-way radios. Zello is free while the Zello@Work application is free for up to five users. For more than five users Zello@Work costs $6.00 per user / per month. Perks that Zello@Work offers include private networks, dedicated servers, management interfaces for users and channels, higher security, cloud history and tech support.

 

Zello turns your phone into a walkie talkie and works anywhere in the world as long as you are connected to the internet! Please note however that the Zello app cannot function without cellular data service or an available Internet (WiFi) connection on your cell phone. Users can join channels and instantly send voice messages or photos, and the app even works over older 2G networks.

 

Zello made the news in June 2013 when Turkish protesters used it to circumvent government censors. As a result, Zello was the top most downloaded application in Turkey during the first week of June 2013. In February 2014, it was blocked by CANTV in Venezuela. Zello issued workarounds and patches to overcome the blocks to support approximately 600,000 Venezuelans who have downloaded the application to communicate with each other amidst protests. It "has been one of the most downloaded applications in Ukraine and Venezuela." In April 2017, the Roskomnadzor instructed Russian Internet Service Provides to block mobile access to Zello. Under Russia’s data privacy law passed last year, all companies processing the personal data of Russian citizens are obliged to store it on servers within the country’s borders for a half of the year and provide it to law enforcement if necessary. Zello has more than 400,000 users in Russia. In August 2017 during relief efforts following Hurricane Harvey in Texas, Zello became a popular method for communications between volunteer rescuers and people stranded by the widespread flooding. The app received over 6 million signups in one week as Florida residents prepared for Hurricane Irma.

 

According to the Zello Support web-site: "Starting in June 2017 all private voice messages in Zello are end to end encrypted when you are using a version of the app released after 06/06/2017. Voice in public channels is not encrypted as they are open to the public and anyone can listen."

 

Zello's encryption protocol is:

• 1024 bit RSA for authentication, digital signatures and secure media session keys exchange.
• 256 bit AES for audio and call alerts.
• TLS for control traffic encryption between Zello client and Zello server

Zello can also be connected by a radio bridge to your computer, allowing you to use your radio to communicate over the Internet. The procedure to do this easy, and demonstrated in several YouTube videos.

 

Baofeng walkie talkie Zello bridge/repeater

 

How to Make Zello Crosslink in 4 Easy Steps!

 

I like Zello, and recommend it a one method of communication. There are some limitations to the Zello App - it requires an Internet connection, and it is possible for governments to block Zello; but overall Zello is an excellent communications tool.  

 

 

FireChat

FireChat is a mobile app that uses wireless mesh networking to enable smartphones to connect via Bluetooth, Wi-Fi, or Apple’s Multipeer Connectivity Framework without an internet connection by connecting peer-to-peer. FireChat was introduced in 2014 with the ability to post messages to public chatrooms that counld be viewed by anyone using FireChat. In 2015, FireChat added private messaging, allowing users to communicate privately with each other, and in July of that year added end-to-end encryption to protect one-to-one private chats.

FireChat builds its own mesh network, connecting directly to other FireChat users up to 200 feet away. FireChat's store and forward function allows users to pass messages anywhere within the mesh network, and the more people using FireChat in an area, the large the mesh becomes. In an area without cellular or WiFi service, several FireChat users could establish a mesh network providing communication over as large of an area as there were FireChat users available to participate in the mesh. Once the mesh includes users with Internet access, FireChat then has the ability has the ability to send and receive message anywhere in the world.

FireChat is available for both iOS and Android. A YouTube Video explaining FireChat can be found here:  https://www.youtube.com/watch?v=GogPPT3ePGQ

Intelligence Oversight

An Introduction to Intelligence Oversight and Sensitive Information: The Department of Defense Rules for Protecting Americans’ Information and Privacy 
-- April 2013 - The Army Lawyer - DA PAM 27-50-479

History abundantly documents the tendency of Government - however benevolent and benign its motives - to view with suspicion those who most fervently dispute its policies. Fourth Amendment protections become the more necessary when the targets of official surveillance may be those suspected of unorthodoxy in their political beliefs. The danger to political dissent is acute where the Government attempts to act under so vague a concept as the power to protect ‘domestic security.’ Given the difficulty of defining the domestic security interest, the danger of abuse in acting to protect that interest becomes apparent. . . . The price of lawful public dissent must not be a dread of subjection to an unchecked surveillance power. Nor must the fear of unauthorized official eavesdropping deter vigorous citizen dissent and discussion of Government action in private conversation. For private dissent, no less than open public discourse, is essential to our free society...(United States v. U.S. District Court, 407 U.S. 297 (1972), also known as the Keith case.)

Intelligence Oversight Related to CONUS
(Inspector General of the Marine Corps, Oversight Division) Oversight related to CONUS antiterrorism / force protection a few preliminary questions posed and answered.

Pentagon Releases New Procedures for Intelligence Collection

Intelligence Oversight applies to Department of Defense (DOD) intelligence activities, and is addressed by each military service. Here we will look briefly at how the US Army addresses intelligence activities:

Army Regulation 381-10 "U.S. Army Intelligence Activities" (May 3, 2007) applies to any Army component performing authorized intelligence functions. This includes "installation, organization, or facility security offices [e.g. operations specialists and anti-terrorism officers] when carrying out intelligence activities".

Intelligence activities are defined as: "Collecting information concerning, and conducting activities to protect against, intelligence activities directed against the United States, international terrorist and international narcotics activities, and other hostile activities directed against the United States by foreign powers, organizations, persons, and their agents."

Army law enforcement, "USACIDC, garrison provost marshals and security officers" as non-intelligence entities are not subject to the provisions of this regulation [AR 381-10], but must comply with DODD 5200.27.

It is DoD policy to protect the privacy and civil liberties of DoD employees, members of the Military Services, and the public to the greatest extent possible, consistent with its operational requirements.

DoD will not maintain information on how an individual exercises rights protected by the First Amendment to the Constitution of the United States, including the freedoms of speech, assembly, press, and religion, except when the record is pertinent to and within the scope of an authorized law enforcement, intelligence collection, or counterintelligence activity.

The collection, use, maintenance, and dissemination of information critical to the success of the DoD efforts to counter terrorist and other criminal threats must comply with all applicable laws, regulations, and policies regarding the safeguarding of personal freedoms, civil liberties.

When collected or received personally identifiable information concerning individuals will be handled in strict compliance with section 552a of Title 5, United States Code (U.S.C.), also known as "The Privacy Act of 1974". 

The DOD has published a Quick Reference Guide for Reporting Questionable Intelligence Activities at: http://dodsioo.defense.gov/Quick-Ref/

Most intelligence personnel correctly associate questionable intelligence activities with improper collection on U.S. persons; however, that is only one aspect of questionable intelligence activities.

A questionable intelligence activity is one that may violate the law, any Executive Order (such as EO 12333, United States Intelligence Activities) or Presidential directive or applicable Department of Defense policy (such as DoD 5240.1-R, Procedures Governing the Activities of DoD Intelligence Components that Affect United States Persons), as well as your parent organization's specific guidance.

Examples of a questionable intelligence activity include, but are not limited to, the following:

• Alleged abuse and mistreatment of detainees and prisoners by or directed by intelligence personnel.
• Tasking intelligence personnel to conduct intelligence activities that are not part of the organization's approved mission, even if they have the technical capability to do so.
• Providing intelligence services and/or products without proper authorization.
• Failure to file proper use statements for imagery collection associated with U.S. persons.
• Collecting information on U.S. persons, even through open source, when it is not part of the unit's mission.

Privacy at Work: What Are Your Rights?

A person has far fewer privacy rights at work than they do in their personal life, but you are sometimes still entitled to some privacy at your job. Employers can usually search an employee's workspace, including their desk, office or lockers. The workspace technically belongs to the employer, and courts have found that employees do not have an expectation of privacy in these areas. This is also the case for computers. Since the computers and networking equipment typically belong to the employer, the employer is generally entitled to monitor the use of the computer. This includes searching for files saved to the computer itself, as well as monitoring an employee's actions while using the computer (e.g., while surfing the internet).

With regard to activities on computers and networks belonging to your employer:

1) Your employer can monitor pretty much anything you access on the company’s computer system, even your personal email account.
2) Assume any email, text message, or other electronic communication you send on your employer’s system can be used against you.
3) People in IT can look at anything, anytime they want to, for any reason they want to. They are agents of the employer, and it’s the employer’s system.

 

Workplace Searches and Interrogations

Federal and state laws govern employee's privacy rights in the workplace. Generally, employers may conduct workplace searches and interrogations of its employees if there is:

1) a reasonable basis for suspicion of employee wrongdoing, or

2) no reasonable expectation of privacy in the item or thing existed.

While most employee privacy rights claims are determined on a case-by-case basis, courts will typically look at the following factors to determine if an illegal workplace search and/or interrogation occurred:

1) Whether the employee was a public employee or a private employee. Public employees have greater protection under the Fourth Amendment;
2) Whether the search was on company or personal property;
3) Whether the workspace was open to the public or other employees;
4) The context in which the search took place;
5) Whether the employer had a clear policy informing its workers that public or personal property was subject to workplace searches.

An employee of a governmental employer may have a constitutionally protected reasonable expectation of privacy arising out of the Fourth Amendment. The Fourth Amendment doesn’t apply to a private employer’s property, on the other hand, when it comes to the relationship between employer and employee. However, there are still common law bases for a privacy interest... (American Bar Association)

Government employers are subject to federal constitutional constraints because their conduct is considered "state action."  Private employers are not subject to constitutional claims unless their investigations become intertwined with a state investigation.  Therefore, a search of an employee's office by a governmental employer is justifiable only "when there are reasonable grounds for suspecting that the search will turn up evidence ... of work-related misconduct, or that the search is necessary for a non-investigatory, work-related purpose such as to retrieve a needed file."- O’Connor v. Ortega, 480 U.S. 709, 716. (Harvard University)

The Federal Law Enforcement Training Center (FLETC) has a paper that discusses: “Warrantless Workplace Searches of Government Employees” (19 pages). If you work for a government agency, it is worth your time to read this paper.

To determine if your privacy rights were violated, ask yourself the following questions:

1) Does the company routinely conduct similar searches?
2) Were you properly notified of a search, or the potential for a search?
3) Was the search reasonable under the circumstances?
4) Was the person conducting the search authorized to do so?
5) Were you held against your will?
6) Did you cooperate with the search or interrogation?
7) Were you were physically or verbally threatened?
8) Was there a clear written policy in place concerning workplace searches?

Moreover, while employees may not have a reasonable expectation of privacy in their work effects, such as computers, desks, and lockers, employees generally have a reasonable expectation of privacy in their personal items, such as purses, briefcases, and luggage. Therefore, employers generally may not search personal items without a court-ordered warrant, for example.

Maintaining a Reasonable Expectation of Privacy in the Workplace

While you are at work, your employer is paying you to do the tasks that you were hired to do. While "limited personal use" of your employer's facilities and equipment may be permitted - it is always best to keep your work activities separate from your personal activities. If you need to make a phone call, check your personal e-mail, or look-up something on-line, use your personal smartphone, tablet, or laptop. Do not use your employer's computers, networks, or telephones for personal activities.

If you do make limited use of an employer's computer or e-mail system, make sure that your activities are encrypted (i.e. encrypt any e-mail you send). Password protect any personal documents that you create (use the Microsoft Office encryption function). Never store anything on your employer's system - your employer may allow you to type a personal letter or e-mail during your lunch break, but it should not be left on your employer's computer system.) - Generally speaking however, none of this personal activity should be done on your employer's time or equipment.

If you bring personal items to work, keep those items in a personal bag, case, or locker. Anything that you store in an employer's desk, locker, cabinet, etc. is subject to search. A personal container (especially one that is locked) has a  greater expectation of privacy than anything provided by your employer. A locked container, in your personal vehicle has greater privacy than anything you bring inside your employer's facilities.

Generally speaking, if you work for a private employer you have few privacy rights in the workplace. To maintain a right to privacy, you must demonstrate an expectation of privacy, and that expectation must be reasonable. If you work for a public employer (government) you have a greater right to privacy because you retain 4th Amendment rights against unreasonable search and seizure by the government (your employer).

The best way to maintain privacy in the workplace if to keep your private activities separate from work. What you do outside of work hours and off of your employers property is generally your private business and may not be monitored by your employer. Employees of government and public entities have a constitutional right to privacy that protects them from most employer monitoring of, or even inquiring about, their off-the-job conduct. For this reason, public employees are largely protected from monitoring. Even in states that don't provide private workers with a constitutional or statutory right to privacy, it is generally illegal for an employer to intrude unreasonably into the "seclusion" of an employee. Generally speaking, an employer may not inquire or otherwise obtain facts about employees' private lives. (NOLO Legal Encyclopedia)

Privacy.Com

Privacy.Com allows you to create virtual VISA debit cards, that are linked to your bank account. Once you have a Privacy.Com account and have validated your bank account; anytime you want to make an on-line purchase you can create a virtual VISA debit card number to be used for that purchase.

There are two types of Privacy.Com virtual cards. The first is a "Merchant Card". This type of card is linked to a single merchant. If you are making several purchases from a single merchant (i.e. Amazon) over a period of time you create a merchant card that can only be used with that merchant. If the merchant gets hacked or somehow your card number gets compromised, it can’t be used at any other merchant. The second type of Privacy.Com virtual card is a "Burner Card". The burner card is valid for one transaction and then is automatically deactivated. Burner cards are useful for single transactions with a merchant, or where you may want to sign up for a service or subscription without having to worry about automatic renewals. One a Privacy.Com burner card has been used once, it can never be used again, so if the number gets compromised you are at no risk of unauthorized charges.

Another advantage of using Privacy.Com is that your debit card purchases are no longer associated with specific merchants in your bank records. Every purchase made through Privacy.Com can be reflected as Privacy.Com on your bank statement - By default, charges will show up on your bank statement as "the merchant + Privacy". You may turn on "Private Payments" in your Account page to change what shows up on your bank statement to just "Privacy.Com" (or to one of the following: H&H Hardware, Smileys Corner Store, or NSA Gift Shop). I recommend using the Private Payments option.

While Privacy.Com must validate your identity as part of establishing your account; they do not require that you use your real name and address when you make a purchase with a merchant. This is particularly useful when purchasing on-line services such as a VPN or a digital download, but can be used for any product you want delivered under a pseudonym or alias.

I think of Privacy.Com as a VPN for my debit card. It is a service that sits between my bank and the merchants that I shop with on-line. Privacy.Com gives me a layer of privacy, and helps me protect my account if my virtual debit card number is compromised in a merchant data breach.

Of course, like a VPN, I am trusting Privacy.Com to protect my information as they process debit card transaction for me. Privacy is part of the business model of Privacy.Com, and so far, I have seen nothing that would cause me not to trust them to protect the privacy of my financial transactions.
 
Every time you spend using Privacy.Com, the merchant or website pays a fee (called interchange) to Visa and the issuing bank. This fee is shared with Privacy.Com. You as the purchaser never have to pay an extra fee to use Privacy.Com. This interchange is something that is included with every debit (and credit) card transaction, regardless of what company processes it.

If you want to add some privacy to your financial transactions, and protect yourself in case of a merchant data breach, consider Privacy.Com (https://privacy.com).

Confessions of a Former Hacker

Consumers are daily targets of email and phone scams, not to mention the frequent cyberattacks on big data. So it's never been more important to safelock your online security as best as you can.

"The scams are changing every day and consumers aren't knowledgeable about the new scams that are going to be used against them," says Kevin Mitnick, top cybersecurity expert and author of "The Art of Invisibility: The World's Most Famous Hacker Teaches You How To Be Safe In The Age Of Big Brother And Big Data."

Formerly on the US government's "Most Wanted" list in the 1990s for hacking into cellphone companies, Mitnick served five years in prison for computer fraud. Since his release in 2000, he's built a career as a "white hat" hacker, working as a security consultant for companies around the world. In this new video series,"Confessions."  Yahoo Finance interviews Mitnick to find out what security measures he takes to safeguard his own personal information online.

1) Use a password manager
2) Connect with a VPN service
3) Install HTTPS Everywhere
4) Use a separate device for your finances
5) Set up bank alerts

Stanley CD8820 Padlock

Stanley Hardware S828-160 CD8820 Shrouded Hardened Steel Padlock. Following my blog post on lock picking and lock bumping, some readers asked what I would recommend for a general use padlock. Perhaps the best general use padlock that you can pick up at your local hardware store or order from Amazon is the Stanley CD8820.

The padlock's strong points are:

• Shrouded shackle
• Made of molybdenum alloy steel
• Removable core
• Anti-pick pins
• Anti-drill plate
• 6 pins
• Price <$50

This lock is designed to defeat both physical force (drilling) and surreptitious bypass (picking).
For a general use padlock, the Stanley CD8820 is a reasonable choice.

Bosnian Bill has a YouTube video about this lock, and discusses some upgrades to the lock.
Lock Picking Lawyer shows how to defeat this lock using a Ramset in his own YouTube video.

If you’re searching for something in the $20 range, the Stanley CD8823 padlock has everything the CD8820 has except a different body. Instead of a hardened steel body it has a laminated steel body with hardened steel end caps and recessed rivets.

MAKO Locks

We use padlocks to secure our lockers, toolboxes, sheds, gates, and any number of other things. In many cases the padlocks we use are something that we picked up at the local hardware or department store. The problem with these locks is that almost all of them can be easily picked or shimmed, giving a criminal quick and surreptitious access to whatever we are trying to protect.

If you are going to use a padlock to secure your property, you might as well use a good one. Some of the best padlocks I have come across for under $20 are the MAKO 427 - Re-keyable Rectangular Padlock and the MAKO 227 - Steel Disc Padlock.

Both of these locks are very well made, and include pick resistant cylinders. The MAKO 427 contains a 6-pin cylinder and the MAKO 227 contains a 5-pin cylinder. While any lock can be picked open (it took me 18 minutes to pick the MAKO 227, and over a half-hour to pick the MAKO 427), these locks are both going to be beyond the capabilities of the average criminal.

Being able to defeat physical attack (i.e. bolt-cutters, saws, and hammers) is also an important feature of any padlock and the MAKO 227 - Steel Disc Padlock provides a good resistance against this type of attack. The thinner shackle of the MAKO 427 is useful in places where the heavier MAKO 227 won’t fit, such as some lockers or toolboxes.

If you are currently using cheaper 4-pin locks (i.e. Master Locks) to secure your property against surreptitious entry, I would recommend upgrading to the higher security of MAKO Locks. You can review the features of MAKO Locks and place an order on-line at https://makolocks.com.

To see some of the world’s most skilled lock pickers open MAKO Locks, check out the following YouTube videos (while the locks get picked, they both agree that MAKO makes a great lock):

Bosnian Bill does a video review of both MAKO Locks

Lockpicking Lawyer does a video review of the MAKO 427 padlock 

TSA Master Keys

TSA Master Keys can unlock any brand "Travel Sentry" (https://www.travelsentry.org/us/) lock, no matter if it's from Master Lock, Brinks, Samsonite, American Tourister, Stanley, or any other manufacturer.

These locks were not really intended to provide you with security while traveling, rather they are intended to give the government (the TSA) a way to bypass your security. The shackles on Travel Sentry locks are so thin that they can be easily cut. The locks are very easily picked, and if you have a high-resolution picture of the master keys (as shown here - https://imgur.com/a/JQD7l - click on each picture for high resolution) you can easily make your own set of master keys.

TSA recommends that you use Travel Security locks, so that they are able to easily open your luggage for inspection. The problem of course is that when you give the government a way to bypass your security (ostensibly for a valid purpose) you also provide criminals a way to bypass your security, as well.

The hacking of the TSA Master Keys is a powerful example of the problem with creating government backdoors to bypass security, physically or digitally. Most security experts and computer scientists believe backdoors for law enforcement inevitably make systems less secure, and easier for criminals to break into.

Recently the FBI has been trying to convince technology companies to design some sort of special way for its agents to access encrypted communications on digital devices. But companies including Apple and Google have resisted this pressure, insisting that developing backdoors will only weaken security that they have worked hard to improve for the sake of average customers around the world.

The fact that TSA Master Keys are available to anyone goes to prove the stupidity of key escrow (the arrangement in which keys needed to decrypt communications are held in escrow to be accessed by a third party if necessary).

Residential Burglary

Burglary is defined as unlawful or forcible entry or attempted entry of a residence. This crime usually, but not always, involves theft. The illegal entry may be by force, such as breaking a window or slashing a screen, or may be without force by entering through an unlocked door or an open window. As long as the person entering has no legal right to be present in the structure a burglary has occurred. Furthermore, the structure need not be the house itself for a burglary to take place; illegal entry of a garage, shed, or any other structure on the premises also constitutes household burglary. (Bureau of Justice Statistics)



Approximately sixty-six (66) percent of burglaries are residential. In residential burglaries most criminals (34%) gain access to your home through the front door, a first-floor window (23%), or through the back door (22%). Garages serve as the entry point for nine percent (9%) of burglars, unlocked entrances and storages six percent (6%), and basement windows four percent (4%). Only two percent (2%) of burglars climb to the second floor to make entry.

According to research published by Mastering the Lock, thirty-two percent (32%) of burglars would first attempt to make entry through an unlocked door, twenty-six percent (26%) would try to gain a forced entry (by breaking the door, locks, window, etc.), and twenty-four percent (24%) would try jimmying or prying.  Only six percent (6%) of burglars would attempt picking the locks to gain an entry in homes.

What these statistics show us is that that while about a third of burglars will first attempt to find an unlocked door, only about six percent (6%) actually gain access this way. In most cases burglars are breaking, jimmying, and prying their way through front and back doors, and ground-floor windows. However, they won’t spend a long time trying to force their way into your home. According to A Guide to Home and Vehicle Security - The City of Portland, Oregon: “Many burglars will spend no longer than 60 seconds trying to break into a home.”

While we often think of burglars as breaking into homes at night, the fact is that most burglaries happen during the day between 10AM and 3PM. It is during these time that most homes are unoccupied with people away at work, school, or out doing other errands during the day.

• Most burglaries are committed by males under the age of 25.
   
• About fifty percent (50%) of burglars live within two-miles of homes they burglarize.
   
• They tend to be looking for small, expensive, items that can be easily converted into cash.
   
• Burglars use tools such as hammers, crowbars, or large screw-drives to break into your home.
   
• Once they have gained access to your home, burglars act quickly spending only between 8 - 12 minutes inside.
   
• While most burglars are amateur criminals, they are usually involved in other criminal offenses, such as assault, robbery, and drug-dealing.

  

KGW News (Portland) published a story: “We asked 86 burglars how they broke into homes.” (Oct. 31, 2016). Some of the things they found were: 

 

• Burglars would kick in the door rather than break glass. "Loud bangs are better than loud glass breaking, plus you run the risk of getting cut, said one inmate."
• Burglars had mixed opinions about home security signs. Some burglars said it didn’t faze them. Others said they knew how to disable alarms or avoid setting them off. Most intruders said they would leave immediately if a security alarm went off.
• Generally, burglars agreed security cameras were a deterrent. But some said it also likely signaled there were valuables inside the home.
• If a homeowner had a big, loud dog most burglars would stay away.  Smaller dogs don’t seem to bother them. "Dogs are a deal breaker for me," said one inmate. "Big breeds, home protectors are the best to keep people out."
• Most burglars feared someone might be home if they heard a radio or TV. They wouldn’t break in.

 

Your doors should all have good high-security dead-bolt locks installed. And as we have seen, it is also important that  your doors be reinforced to prevent them from being easily kicked in. The Victoria, TX Police Department has an excellent video "Home Security Tips: How a 50 cent investment can dramatically strengthen your doors" that shows a simple method of improving the strength of your doors. I also recommend that you include reinforcement on your doors with a product like Door Armor MAX which will defeat many forced entry attacks. You may also want to consider Window Security Film to keep glass from being smashed out by burglars (especially glass that is in your exterior doors).
  

You can of course leave your TV on while you are away giving the impression that someone is home, but you can also use a FakeTV FTV-11-US Extra Bright Burglar Deterrent. You may also want to use timers to turn lights, a radio, or other devices on and off throughout the day. 

 

Since most burglars will leave immediately if a security alarm goes off, it is probably worth investing in one. There are companies that provided professionally installed and monitored alarm systems, and if you can afford them, this is a good option. But something like the Fortress Security Store S02-A Wireless Home and Business Security Alarm System may be an option if you choose not to have a centrally monitored system.

Burglars generally consider security cameras a deterrent. Installing a good quality security camera can let you keep an eye on your home, even when you are away.  If you choose not to install a real security camera system, a couple of fake security cameras mounted outside of your home may serve as a deterrent to some criminals.

Taking just a few steps to add security to your home can make a big difference in keeping you safe from burglary. Each step should be calculated to DETER a burglar from attempting to access your home (make it look occupied and/or guarded by a big dog), DETECT a burglar who attempts to gain access to your home (use alarms, cameras, and security lighting), and DENY a burglar access by using strong security (door armor, window security film, and high security locks). 

National Consumer Telecom & Utilities Exchange Disclosure Reports

The National Consumer Telecom & Utilities Exchange (NCTUE) is a credit reporting agency whose membership is comprised of companies that provide services (telecommunications, pay TV, and utilities) and report and share data relative to their customers’ account to aid in risk management. NCTUE maintains data such as payment and account history reported by its members.

The NCTUE data report is a record of all telecommunication, pay TV and utility accounts reported by exchange members, including information about a consumer’s account history, unpaid closed accounts and customer service applications. This information is used by other telecommunication, pay TV and utility service providers, who are members of the exchange, to assist them in the decision to extend services.

The NCTUE Disclosure Report is the disclosure to a consumer of the information contained in his or her data report.

As a consumer, you can contact NCTUE to determine if they maintain information about you.
To request a copy of your NCTUE Disclosure Report, call them at 1-866-349-5185 (you will be asked for your SSN and the numeric portion of your address), or you can mail your request to:

NCTUE Disclosure Report
P.O. Box 105161
Atlanta, GA 30348

As with other credit reporting agencies, you can place a 'security freeze' or 'fraud alert' on your account to limit disclosure of your information.

NCTUE provides information to companies that provide consumers with pre-approved offers of credit. If you would like to Opt-Out and exclude NCTUE information about you from being used in lists provided to companies that make pre-approved offers of credit (as provided in the Fair Credit Reporting Act), you may call them toll tree at 1-888-327-4376.

Understanding Digital Footprints

 

Understanding Digital Footprints: Steps to Protect Personal Information

 

This document provides material designed to assist law enforcement personnel in protecting themselves and their families from becoming cyber targets: protecting personal information, cyber dos and don'ts, and links to further cyber training and resources. (2.26 MB)

The National White Collar Crime Center (NW3C) also offers a short on-line course: Understanding Digital Footprints (CS 110) - This course introduces learners to the concept of digital footprints and best practices in protecting personal identifying information. Topics include understanding consequences of oversharing personal information, limiting an individual’s digital footprint, protecting privacy on social media sites and steps to take after becoming a target of doxing.

 

 



Washington State DOL Stops Giving Personal Info to Feds

 

 

OLYMPIA, Wash.  - The Washington state Department of Licensing says it will no longer release personal information to federal immigration authorities without a court order unless required by law. The agency announced the change Monday following a report in The Seattle Times last week that showed the department was handing over personal information to federal authorities 20 to 30 times a month. Washington is one of the few states that allow people without proof of legal U.S. residency to get driver's licenses. Officials also said the agency would end its practice of collecting "information that isn't mandated and could be misused," such as information on license applications about where a person was born.

 

When DOL gave information to ICE, it redacts a field on the driver's license application showing a Social Security number, but left visible fields showing where someone was born and the ID used (passports or other documents) -- information that could be used as evidence of a foreign-born person who possibly could be in the country illegally.

 

 



Risks Incorporated

In August 2016, I completed the Travel Security course presented by Risks Incorporated. For those of you who travel internationally, some type of security training and planning is essential, and I highly recommend training with Risks Incorporated.

I have previously written about foreign travel here in the blog, and for most people having a basic understanding of travel security will be enough to ensure a safe and successful trip. However, in some cases more in-depth training is needed.

DOD personnel traveling overseas are required to receive a travel briefing and comply with the provisions of the DoD Electronic Foreign Clearance Guide. Unfortunately, the travel briefings provided to DOD personnel are often little more than cut and paste from the State Department's web-site and excerpts from the Foreign Clearance Guide itself. My experience with the foreign travel and security briefings I have received from DOD Anti-Terrorism Officers is that such briefings are little better than useless, containing no analysis or area specific research.

Risks Incorporated training however helps you understand the risks that exist in certain parts of the world, and most importantly teaches you how to best avoid, or if necessary confront, these risks. In addition to their training courses, Risks Incorporated offers a series of Free Counter Terrorism, Travel Security & Tactical Training Booklets, that you can download.

Risks Incorporated is a progressive, European - owned and managed bodyguard school and specialist protection company that has proven itself many times on sensitive international operations. They supply corporate investigations, specialist security services, maritime security, executive protection, tactical firearms training, kidnap and ransom, bodyguard services and training worldwide.

The Consular Travel Advisory System

The U.S. Department of State has long issued messaging for the purpose of helping U.S. citizen travelers abroad make the right decisions to keep themselves safe and secure. Some of these were for short-term issues, and others explained longer-term, systemic issues affecting the security environment in a particular country or even across an entire region. Many in the private sector use these products to help formulate security plans for their personnel or facilities positioned abroad, or to govern their policies for international travel. That system has now changed, and many of the products travelers have come to know (such as Travel Warnings and Emergency Messages) are being reformatted, rethought, and simplified.

The State Department's Bureau of Consular Affairs (CA) on January 10, 2018 launched improvements to public safety and security messaging that will make it easier for U.S. citizens to access clear, timely, and reliable information about every country in the world.  CA has replaced its former countrywide products, Travel Warnings and Travel Alerts, with a single "Travel Advisory" for each country.  Each Travel Advisory for every country around the world will be paired with a level of advice based on one of four tiers.

The four levels of advice are:

Level 1 - Exercise Normal Precautions:  This is the lowest advisory level for safety and security risk.  There is some risk in any international travel.  Conditions in other countries may differ from those in the United States and may change at any time.

Level 2 - Exercise Increased Caution:  Be aware of heightened risks to safety and security.  The Department of State provides additional advice for travelers in these areas in the Travel Advisory.  Conditions in any country may change at any time.

Level 3 - Reconsider Travel: Avoid travel due to serious risks to safety and security.  The Department of State provides additional advice for travelers in these areas in the Travel Advisory.  Conditions in any country may change at any time.

Level 4 - Do Not Travel:  This is the highest advisory level due to greater likelihood of life-threatening risks.  During an emergency, the U.S. Government may have very limited ability to provide assistance.  The Department of State advises that U.S. citizens not travel to the country or leave as soon as it is safe to do so.  The Department of State provides additional advice for travelers in these areas in the Travel Advisory.

Conditions in any country may change at any time.

The complete report can be viewed at OSAC.