Saturday, February 3, 2018

Police Surveillance & Data Collection


According to a report "An International Survey of Privacy Laws and Practice" by the Global Internet Liberty Campaign, "There are widespread violations of laws relating to surveillance of communications, even in the most democratic of countries. The U.S. State Department's annual review of human rights violations finds that over 90 countries engage in illegally monitoring the communications of political opponents, human rights workers, journalists and labor organizers... Police services, even in countries with strong privacy laws, still maintain extensive files on citizens not accused or even suspected of any crime... Companies regularly flaunt the laws, collecting and disseminating personal information. In the United States, even with the long-standing existence of a law on consumer credit information, companies still make extensive use of such information for marketing purposes."

On September 28, 2016 report by the Associated Press reported that: "police officers across the country abuse confidential law enforcement databases to get information on romantic partners, business associates, neighbors, journalists and others for reasons totally unrelated to police work. In the worst cases, officers have stalked, harassed and tampered with criminal cases using details obtained through criminal history and motor vehicle databases."

Earlier that same year (March 17, 2016) ARS Technica had reported that "Denver police officers performed searches on state and federal criminal justice databases that were not work-related and instead were made to help officers' in the romance department and to assist friends, according to an independent department monitor. The report said that punishment, usually a written reprimand instead of being charged criminally, is not enough to deter future abuse of the National Crime Information Center (NCIC) and the Colorado Crime Information Center (CCIC) databases."

Now it should be noted that the number of inappropriate or illegal uses of law enforcement databases is very small compared to the number of queries run every day for legitimate law enforcement purposes. When used appropriately, these law enforcement databases can be powerful tools to investigate crime, but the misuse of these databases for personal, non-law enforcement, purposes may compromise public trust and result in significant harm to community members.

Unlike with some other types of databases, it’s not possible to opt-out of having your personal and private information included in databases that can be accessed by law enforcement. It is often very difficult to even know what information about you may be contained in these databases, or whether there is any record pertaining to you at all. 

How many Americans are going to have a record in law enforcement databases? According to an article by Andrew M. Cuomo, the 56th Governor of New York State: "70 million Americans have a criminal record - that’s 1 in 3 adults."  "The FBI considers anyone who has been arrested on a felony charge to have a criminal record, even if the arrest did not lead to a conviction. The FBI only counts those with a misdemeanor if a state agency asks the bureau to keep it on file. So, by the FBI’s standard, 73.5 million people in the United States had a criminal record as of June 30, 2017.  The Census Bureau lists the adult population in the United States at 249.4 million. That means the FBI considers about 29.5 percent of adults to have a criminal record." (PolitiFact) Law enforcement will have access to these records of arrest and prosecution.

But, you don’t have to have been arrested on a felony charge for the police to gather information about you. According to the Federal Highway Administration eighty-seven percent (87%) of the driving-age (16 and older) population has a driver's license. Law enforcement has access to information about you (name, address, date-of-birth, physical description, photo, and driving history) by accessing Department of Licensing / Department of Motor Vehicles databases. By running the license plates of any vehicle, law enforcement can identify the registered owner of that vehicle, and the address associated with that registration. Because driver’s license databases and motor vehicle registration databases are often linked – information from one database returns information from the other.

Now if this was the totality of the information about you accessible in police databases - criminal history and driving records - one might argue that this is reasonable. We ask our police officers to protect the community, and they should have the tools and information they need to do their jobs. But sometimes police surveillance and data collection can go too far.

In an article from The Stranger we read How the Seattle Police Secretly-and-Illegally Purchased a Tool for Tracking Your Social Media Posts. "Beginning two years ago, but unbeknownst to the public—until now—intelligence officers inside the Seattle Police Department headquarters on Third Avenue acquired the ability to watch your social media posts in real time, using software that can place those posts on a digital map. This tracking software, which the SPD purchased in October 2014 from a CIA-funded company called Geofeedia, is designed to tell officers where you posted from and what you said. It can also show hundreds of other tweets, Instagrams, and other social media posts from anyone else in the vicinity, and then file all of that information into one big database."

The Tacoma News Tribune reported that: "the Tacoma Police Department apparently has bought — and quietly used for six years — controversial surveillance equipment that can sweep up records of every cellphone call, text message and data transfer up to a half a mile away. You don’t have to be a criminal to be caught in this law enforcement snare. You just have to be near one and use a cellphone. Known as Stingray, the device — small enough to be carried in a car — tricks cellphones into thinking it’s a cell tower and draws in their information.


It can often be very difficult to know whether some government agency is illegally collecting information and maintaining files and records about you. Official records will generally be available at the Federal level through Freedom of Information Act (FOIA) / Privacy Act requests, and at the state level through similar open government laws. All 50 states also have public records laws which allow members of the public (including non-residents) to obtain documents and other public records from state and local government bodies. State public records laws are not identical to FOIA nor are state court interpretations of similar language in state statutes necessarily the same as federal court interpretation of FOIA (though many were modeled upon the federal FOIA). But when an agency is acting questionably said agency may act to avoid transparency and will refuse to release these records.   

One way that government agencies can avoid transparency, and avoid FOIA is by placing information in Raw Data Files (RDF). These RDF can be used to collect information about people and organizations that could never be retained otherwise. As long as the RDF is kept open (which can be done for months or even years) an agency can refuse to release information under FOIA, by using an "active investigation" exemption.

Even worse is when some out of control government employee starts making his own personal files about you. You would likely never know about this illegal collection or have any notice about where that illegally collected information was shared, but you can be certain that this type of illegal collection and dissemination of information can result in substantial harm to you.

In 2011 the Olympian Newspaper (Olympia, WA) reported that: "A former Joint Base Lewis-McChord [an Army / Air Force base near Tacoma, WA] employee who spied on war protests in Olympia helped compile detailed information on protesters, including their names, photos, addresses and, in some cases, Social Security numbers, according to 133 pages of law enforcement records released by the City of Tacoma. The detailed information collected about the protesters continues to be stored by area law enforcement agencies..." In April 2017, the Huffington Post detailed much of the court case challenging this illegal collection of information, in its report: Antiwar Activists Challenge Army’s Domestic Spying Apparatus in Ninth Circuit. In May 2017 the United States Court of Appeal for the Ninth Circuit dismissed this case, in favor of the government.

What Can You Do?

First, determine your personal threat model. Frontline Defenders has resources you can download to aid in your risk analysis protection planning. The Electronic Frontier Foundation (EFF) also provides information on assessing your risks.

If you find that records are being illegally maintained about you by a Federal government agency, subject to provisions of the Privacy Act, then there are Judicial Remedies and Penalties for Violating the Privacy Act. There may be a similar laws in your state, or jurisdiction, that provide judicial remedies as well, but the difficulty will always be proving that the illegally collected record exists and being able to show actual damages for violation of the Privacy Act.

While it is unlikely that you are being specifically targeted by a government agency, it is certainly possible that you could be targeted by a rouge government employee, because of a personal grudge or grievance, and that person just might be invading your privacy, violating your civil rights, and keeping illegal files about you hidden on government computers!

The data privacy and security information I provide in this blog, Chesbro on Security, is intended to help you enhance your personal privacy, and help protect you against criminal activity - even if that criminal is a government employee. Use those techniques appropriate to your personal situation.

Other privacy and security information can be found at:

You may also choose to submit reports of violations of your rights to the agencies responsible for investigation of government misconduct.

The DOJ Civil Rights Division enforces civil rights laws in a wide variety of contexts. You may use the information on this page to find the appropriate way to submit a complaint or report of a potential civil rights violation. If you are not sure which Section is the appropriate one to receive your complaint, you may contact the Civil Rights Division at toll-free 855-856-1247 or (202) 514-3847. You can file a complaint for Official Misconduct of a government employee with the DOJ Civil Rights Division here: https://www.justice.gov/crt/how-file-complaint#one

The Department of Defense Office of the Inspector General maintains a hotline to provide a confidential, reliable means to report violations of law, rule, or regulation; fraud, waste, and abuse; mismanagement; trafficking in persons; serious security incidents; or other criminal or administrative misconduct that involve DoD personnel and operations, without fear of reprisal. You can contact the DOD OIG here: http://www.dodig.mil/Components/Administrative-Investigations/DoD-Hotline/

If the illegal collection or creation of records was conducted by an individual or agency falling under intelligence oversight regulations (i.e. any DOD component performing authorized intelligence functions. This includes "installation, organization, or facility security offices [e.g. operations specialists and anti-terrorism officers] when carrying out intelligence activities"), you should report this violation to the Department of Defense Senior Intelligence Oversight Official. Remember the Collecting information on U.S. persons, even through open source, when it is not part of the unit's mission is a questionable intelligence activity.



Friday, February 2, 2018

Abine (Blur)


Abine (Blur) https://www.abine.com/index.html is a Boston, MA based, on-line privacy company that let you make masked e-mail addresses, masked telephone numbers, and masked credit card numbers (virtual cards) - along with several other services - to help protect your personal privacy.

Abine's (Blur) free version provides you with: encrypted passwords, masked e-mail, tracker blocking, and auto-fill. The paid version ($39/yearly, $59/2 years, $79/3 years) offers everything in the free version, plus: masked credit cards (virtual cards), masked telephone numbers, and a backup & sync program.

With the number of services that Abine (Blur) offers, what I have found most valuable is the ability to shop on-line without disclosing my actual credit card number, telephone number, or e-mail address to the merchant. My physical address is also protected as long as I am buying virtual / digital goods (i.e. an on-line subscription) or have some place other than my home to have items delivered. When using Abine (Blur) my billing address is listed as being in Boston, MA.

I had previously written about Privacy.Com here in the blog. Abine (Blur) is a similar service, but links to your credit card instead of to your bank account. I like and use both services, and recommend them as ways to protect your personal and financial privacy when shopping on-line.


Thursday, February 1, 2018

Keybase


Keybase is a key directory that maps social media identities to encryption keys (including, but not limited to PGP keys) in a publicly auditable manner. Keybase also offers an encrypted chat and cloud storage system, called Keybase Chat and the Keybase filesystem respectively. Files placed in the public portion of the filesystem are served from a public endpoint, as well as locally from a filesystem mounted by the Keybase client. Keybase supports publicly connecting Twitter, GitHub, Facebook, Reddit, and Hacker News identities to encryption keys, along with Bitcoin and Zcash wallet addresses.

Keybase solves the problem of fake accounts by making you ‘prove’ your online identity - twitter, github, etc. Essentially, you are claiming your accounts and hence your identity. Once you do this, people can feel comfortable sending you messages even if they haven’t met you IRL. This is also known as the Web of Trust. You will have to post something on twitter, github gists, etc to tell everyone that you control these accounts.

Keybase also has a file system of its own called KBFS. In simple terms, it’s a secure way of file sharing. There are two types of folders - public and private. Everything in your public folder is signed by you and private folders are end-to-end encrypted which means even Keybase can’t see them!

Keybase is a messaging platform where:
* you can write securely to any twitter, reddit, facebook, github, and hacker news user
* you don't need to know someone's phone number or email address
* all messages are secure, end-to-end encrypted
* multi-device: your messages survive and transfer with encryption to new phones & computers

Keybase is so much more. It is:
* free for everyone, and free of ads
* open source (https://github.com/keybase/client)
* multi-platform, w/apps for macOS, Linux, and Windows (https://keybase.io/download)


Keybase.io Introduction and Basic Features (YouTube Video)




Personal Security Awareness


Yesterday I wrote about "Living in Condition Yellow". The idea of maintaining a relaxed state of awareness to the potential threats around us, and being prepared to confront those threats should it become necessary.

To better understand potential threats, you may want to take threat awareness training. The following courses and videos are available on-line, and for free, to anyone who wants to take them. Taking these courses can help make you more aware of potential threats, and by being more aware of threats, you make yourself safer as you go about your daily activities.

FEMA Courses

IS-106.18 Workplace Violence Awareness Training

IS-906 Workplace Security Awareness

IS-907 Active Shooter: What You Can Do

IS-914 Surveillance Awareness: What You Can Do


DOD Courses

Level I Antiterrorism Awareness Training

Cybersecurity Awareness

Insider Threat Awareness

OPSEC Awareness for Military Members, DoD Employees and Contractors


Videos
 

Crime Prevention Tips  (Vimeo Video)  

Mental Conditioning For Combat by Col Jeff Cooper (YouTube Video)

Mental Color Code - Jeff Cooper (YouTube Video)

High Capacity Magazine PSA (YouTube Video)

Praesidium | Short Film - Gun Free Zones (YouTube Video)

Why Good People Should Be Armed (YouTube Video)


 
 
Resident Courses ($)

Firearms Academy of Seattle - https://firearmsacademy.com - 360-978-6100

Gunsite Academy - https://www.gunsite.com - 928-636-4565

InSights Training Center - http://www.insightstraining.com - 888-958-0884

Suarez International - https://suarezinternational.com - 928-776-4492

Thunder Ranch - https://thunderranchinc.com - 541-417-0243



Wednesday, January 31, 2018

Living in Condition Yellow


"Condition Yellow" is a term coined by one of the all-time great personal defense teachers, the late Lt. Col. Jeff Cooper. Colonel Cooper described condition white as a state in which one was unaware of his or her surrounding and was unprepared to react to sudden danger. Condition yellow is a state of relaxed alertness. In condition yellow, you are aware of who and what is around you. You are paying attention to the sights and sounds that surround you, but this is not a state of paranoia or any other irrational fear. You simply maintain a level of alertness that will prevent you from being totally surprised by the actions of another person.  Condition Orange is a heightened awareness focused on gathering input when there is reason to believe that some particular danger is present. And, condition red is when a specific danger has been identified.



Accept that you may be a target, so make yourself a hard target. Conduct an assessment of your vulnerabilities. How might you be attacked on the job, at home, outside doing activities, while driving in vehicle or parked, and anything else that comes to mind. Then take immediate steps to mitigate any vulnerabilities that you identify whenever possible. Look at your daily routines and reassess them.

Pay attention and stay aware of your surroundings at all times. Expect to be attacked. Formulate a plan for wherever you go, and whenever you encounter suspicious people or circumstances. You may be attacked but you should never be surprised.

Pull your head out of your smartphone. Don’t look at it for more than a few seconds when you are out and about in a public area where anyone is around you. If it helps, just think of some attacker coming up from behind and blowing your brains out every time you are looking down to do some texting or check an email in public.

Improve your performance with firearms - particularly handguns. Learning to fight effectively with a handgun is more than just upgrading your qualification scores. If you are being targeted with deadly force, commit to the fight, stay mentally calm and stay deliberate in your shooting. Every round has a purpose.  Don’t let fear of consequences - legal or otherwise - rule your decisions. Hesitation is a killer.

Start carrying a gun that you can shoot well. A gun that’s too small is far harder to shoot quickly and accurately then a bigger gun. Use a proper holster and mag pouches. Wear appropriate clothing to conceal it effectively. Carry at least two extra magazines as well as the one in the gun.

Protect your home and your family. Train your spouse and children how to think and what to do. Have a plan for incidents in and out of the home or at school etc. Teach them self-defense skills and the use of firearms if they are old enough to learn. Harden their minds to the use of force and teach them how to fight. Feeling helpless is debilitating at any age.


 
 
http://www.amazon.com/exec/obidos/ASIN/1888118040/chesbro-20
 
 


Tuesday, January 30, 2018

Heather from Credit Card Services


What’s the deal with "Heather from Credit Card Services"?

"Hi, this is Heather from Credit Card Services calling about your credit card account. There is no problem with your credit card. It appears that you are now eligible for a significantly lower interest rate on your account. However, this offer is about to expire, so please press 1 now to be transferred to a live representative who can assist you in securing your lower interest rate."

Heather and her cohorts - Anne, Tiffany, Rachel, Michael, Sarah and others - from "Credit Card Services" have been annoying people for years with their illegal robo-calls. The scammers behind the sales pitches claim to have special relationships with credit card issuers. They guarantee that the reduced rates they offer will save you thousands of dollars in interest and finance charges, and will allow you to pay off your credit card debt three to five times faster. 

But, is it true? Can "Credit Card Services" actually lower your interest rate?

NO! It’s a scam! If you press "1," you’re connected to a scammer who will ask for your credit card number and other personal information. Their promises aren’t true. There are no guarantees for permanently lowered interest rates.

Some things to be aware of...

1) If it's a robo-call it probably a scam.  According to the Federal Trade Commission if the robo-call is a sales message and you haven't given your written permission to get calls from the company on the other end, the call is illegal. In addition to the phone calls being illegal, their pitch most likely is a scam.

2) Are you listed with the National Do Not Call Registry? If so and you receive a marketing call, it is absolutely a scam. Legitimate businesses screen their call lists against the National Do Not Call Registry. Legitimate businesses won't call you, but scammers still will.

What should I do if I get these calls?

Don’t give out your credit card information. Once a scammer has your data, they can charge your credit card for their own purchases or sell the information to other scammers.

Don’t share other personal financial or sensitive information like your bank account or Social Security numbers. Scam artists often ask for this information during an unsolicited sales pitch, and then use it to commit other frauds against you.

Hang up. Don’t press any buttons on your phone. Don’t press 1 to speak to someone - or to be taken off the call list. You’ll just get more annoying calls.


Monday, January 29, 2018

Mastering The Lock

 
If you are looking for an inexpensive lock picking set to learn the art of lock picking or improve your current skills, you might like the Mastering the Lock Professional Lock Picking Set. The kit sells for $29.00 +$10.00 Shipping by DHL.
 
Bosnian Bill reviews this kit here: https://www.youtube.com/watch?v=esWmGQ8yvtA

Sunday, January 28, 2018

Tax Identity Theft


Protecting Yourself Against Tax Identity Theft.

It’s tax season and tax identity thieves are eager to claim your tax refund as their own. Find out how to stop them during Tax Identity Theft Awareness Week, January 29 - February 2, 2018.

The FTC and its partners are hosting free webinars and Twitter chats to talk about tax identity theft, how to reduce your risk, and what to do if it happens to you. Visit http://ftc.gov/taxidentitytheft to learn how to participate.


Data Privacy Day - January 28th

 
January 28th is Data Privacy Day. Millions of people are unaware of and uninformed about how their personal information is being used, collected or shared in our digital society. Data Privacy Day aims to inspire dialogue and empower individuals and companies to take action.
 
Here are some things that you can do to protect yourself, your family, and your files:
 
 
 
 
Use An End-to-End Encrypted Messaging App Like: Signal or WhatsApp
 
Choose An Encrypted E-mail Service Such As: ProtonMail or Tutanota
 
Encrypt Your Files with VeraCrypt. Consider Full-Disk Encryption.
 
Scan Your Computer with Malwarebytes and CCleaner