Saturday, April 7, 2018

Social Book Post Manager (Facebook)


With the recent reports of massive invasions of privacy by Facebook, many people are deleting or at least seriously considering deleting their Facebook accounts. - Of course, when we signed up for Facebook and agreed to their Terms of Service (that nobody reads) we authorized Facebook to use our personal information. - The fact is that our personal information is being used for purposes other than what we intended, regardless of what we may have agreed to in the Terms of Service.

Not everyone wants to just dump Facebook. Facebook can be a useful and even fun way of sharing with a widely-dispersed circle of friends, and businesses can use Facebook to advertise and promote their products and events. The problem is that over the years large amounts of personal information build up in our Facebook accounts, and Facebook doesn’t make it easy to delete large numbers of previous posts.

However, don’t worry - There’s an app for that: Social Book Post Manager.

If you’re serious about cleaning up your Facebook life, the Chrome extension Social Book Post Manager is a great tool to have at your disposal.

Though you’ll have to give Social Book Post Manager permission to "read and change your data" on Facebook - which might not thrill those looking to lessen third-party access to their Facebook information - it’s the only way you’ll be able to let the extension work its magic.

Social Book Post Manager does exactly as its name implies: It roots through your activity feed to find content matching particular keywords you provide, and it then allows you to delete or privatize these posts.

Though Social Book Post Manager takes a little time to work if you’ve been super-active on Facebook each year - or if you’re filtering to specifically remove or hide content about, say, that ex you still hate - it’s a lot faster than trying to clean up your activity feed manually, even if you have to run the extension multiple times to make sure you got everything.

Because Social Book Post Manager is a Chrome extension you will need to access your Facebook account using the Google Chrome browser in order for Social Book Post Manager to do its thing. After running the extension and cleaning up your Facebook account you can always remove the app from your Facebook account.

Department Of Homeland Security Compiling Database Of Journalists


An April 3 contract listing on a government-run federal business opportunities website seeks "media monitoring services" for the DHS. Already, at least seven companies have applied for the DHS contract. It is unclear how much the contract pays.

While "media monitoring services" may sound innocuous, details in a "Request for Information" (RFI) on the government website outline DHS's plan to build what some are calling a "panopticon."

"Services shall enable NPPD/OUS to monitor traditional news sources as well as social media, identify any and all media coverage related to the Department of Homeland Security or a particular event," the RFI reads. "Services shall provide media comparison tools, design and rebranding tools, communication tools and the ability to identify top media influencers."

The contract seeks applicants to complete five tasks: monitoring online activity and social media; creating a media intelligence and benchmarking dashboard platform; setting up an individualized email alert system; creating a password-protected mobile app for DHS personnel; and developing functionalities for engagement with the media. The RFI elaborates on each task.

The statement of work for the media monitoring services contract includes the requirement that its applicants are able to track more than 290,000 global news sources from media including online, print, broadcast, radio, trade and industry publications, local sources, national/international outlets, traditional news sources and social media. DHS also aims to be able to track such coverage in more than 100 languages and to have a function which can translate them immediately.

The database would also include "present contact details and any other information that could be relevant, including publications this influencer writes for and an overview of the previous coverage published by the influencer," for each "influencer" tracked by the system.

Many of the services that the department is seeking were once available to them, including real-time tracking. Dataminr, a Twitter-owned news discovery tool that combs through billions of tweets in real time, "senses critical events as they happen and alerts professionals in news, finance, public sector, corporate security and communications faster than traditional sources," according to Dataminr. It's able to do all of this with the help of artificial intelligence and Twitter's Firehose, which is the only way to access 100 percent of tweets on the platform in real-time.

Dataminr nixed their contract with DHS in December 2016, cutting off dozens of fusion centers from real-time analytics from their platform after Twitter said its platform wasn't meant for surveillance. Dataminr also dropped their contract with the CIA, as it is technically an intelligence agency, but not the FBI, as it is technically a law enforcement agency.  (Forbes, April 6, 2018)



Protect Yourself From Credit Card Fraud Add A Security Freeze to Your Accounts


An April 2, 2018 article in Consumer Reports: "How to Protect Yourself From Credit and Debit Card Fraud" offers suggestions on how you can mitigate the effect of data breach where your credit or debit card information is stolen.

The article states "A security freeze placed on your credit file will block most lenders from seeing your credit history. That makes a freeze the single most effective way to protect against fraud."

I wrote about using a credit (security) freeze for privacy and security in February 2018. With the increasing number of data breaches, if you have not added a freeze to each of your credit file, you may want to consider doing so.

CreditCards.com says "I think for anyone who is extremely concerned about the prospect of identity theft, there is no better tool than a credit freeze".

Time Magazine's Money Section says "If you’re looking to lock down your credit in order to keep thieves out, there’s a better way than buying credit monitoring: Simply place a freeze on your credit files. This instructs the bureaus to prevent new creditors from viewing your credit report and score. Because lenders usually won’t open new lines of credit without viewing your score first, this can prevent fraudsters from opening new accounts in your name. Credit monitoring is like shutting the door after the horse has left the barn, whereas a credit freeze is a preventative measure."


Heritage Guide to The Constitution


To help lawmakers and the public understand the Constitution and its meaning, in 2005 The Heritage Foundation published The Heritage Guide to the Constitution, a clause-by-clause analysis of our Founding Document. In the Guide, each line if the Constitution is carefully analyzed by a leading scholar, with an explanation of both its original meaning and how we may have strayed from that meaning. This comprehensive resource is now available online in its entirety - for free.

Backpage Seized By The Feds


The United States government has seized Backpage.com, the controversial classifieds website. A notice informing visitors of the seizure was posted on the site, and a Justice Department spokesperson confirmed the notice.

According to the notice, the website and its affiliates were seized "as part of an enforcement action" by the FBI, as well as other federal and local agencies. The notice provides little other information, saying the Department of Justice will provide more soon.

A spokesperson for the Justice Department confirmed that the website has been seized and that additional information would be made available Friday evening. However, a judge decided that the federal case should remain sealed on Friday night. No other additional information was provided.

A two-year Senate investigation into online sex trafficking found that found that Backpage.com knowingly aided criminal sex trafficking of women and young girls, simply scrubbing terms from ads such as "Lolita," "teenage," "rape," "amber alert," and publishing them on its site. After the investigation was published in January 2017, Backpage.com shut down its adult ads section.

The company has been targeted with several lawsuits over the years, but has been largely protected by Section 230 of the 1996 Communications Decency Act, a legal protection that gives a broad layer of immunity to online companies from being held liable for user-generated content. Companies are supposed to act in good faith to protect users, but critics argue the law can be used as a shield. The law, however, does not, protect sites from federal liability against criminal law, like child-pornography laws.

The Backpage seizure comes two weeks after Craigslist eliminated their personal ads following Congress' passage of the Fight Online Sex Trafficking Act (FOSTA), which repealed a previous law that provided "legal protection to websites that unlawfully promote and facilitate prostitution and websites that facilitate traffickers in advertising the sale of unlawful sex acts with sex trafficking victims."


Friday, April 6, 2018

Police Surveillance of Dangerous Muslims ENDING in New York City


According to the Washington Times (April 5, 2018) - The New York City Police Department is ending a surveillance program that targeted possible radicalized Muslims and mosques. And those who were watched are getting cash settlements from taxpayers.

The Muslim groups said roughly 20 mosques, two Muslim student organizations in New Jersey, 14 restaurants, two grade schools and 11 retail stores faced surveillance. Visitors and customers were photographed and undercover officers and informants infiltrated some of the organizations during a decade-long period.

The organizations sued, saying they were being singled out purely because of their religion. A federal district court ruled against them in 2014 but the 3rd U.S. Circuit Court of Appeals stepped in a year later and said their lawsuit could proceed, comparing the surveillance to targeting of the Japanese during World War II.

The city will pay $47,500 to businesses and mosques who suffered financially from the surveillance, as well as $25,000 to the individual plaintiffs. The city will also pay $950,000 in fees to the lawyers for the Muslim plaintiffs.

Under the agreement, the plaintiffs’ lawyers will also be able to review and make recommendations on policy and training guidelines surrounding religious and First Amendment activities.
--

This is not just an issue in New York City. Targeted surveillance of individuals (both physical surveillance and social media surveillance) by police and military units, as part of their anti-terrorism programs has been a concern for many years.

The problem isn't that law enforcement, with probable cause - or even a reasonable articulable suspicion - conducted surveillance to detect and prevent a terrorist attack. Rather, we see out of control surveillance of individuals based on their practice of protected 1st Amendment activities.

Using AMRDEC SAFE


SAFE is designed to provide the U. S. Army Aviation and Missile Research Development and Engineering Center (AMRDEC) and its customers an alternative way to send files other than email.

Although designed for use by AMRDEC, anyone can use SAFE to send files to a .mil or .gov email address, however, only users with valid DoD Common Access Card (CAC) can send files to other addresses such as .com or.edu.

There are only a few differences between sending SAFE packages as a CAC user and sending them as a guest:
  • Guests are required to verify their email address after uploading each package;
  • Guests cannot send packages to recipients that do not have a .mil or .gov email address;
  • CAC users can add recipients in bulk using a semicolon-delimited list.

If you are a civilian and need to communicate securely with a military Service Member (.mil address) or government employee (.gov address) then AMRDEC SAFE is one option for you to consider. If you a military Service Member or DOD Employee (and have a DOD CAC) then AMRDEC SAFE is an excellent way to communicate securely with the civilian and contractor community for official purposes.


Best Buy Payment Card Data Breach



Best Buy has come forward to warn customers that their payment card information may have been compromised as a result of a breach suffered by online services provider [24]7.ai.

Best Buy contracted [24]7.ai for online chat/support services. The retailer says it will contact impacted customers and provide free credit monitoring if needed.

Best Buy has not specified exactly how many of its customers are impacted, but noted that "the dates for this illegal intrusion were between Sept. 27 and Oct. 12, 2017. [24]7.ai has indicated that customer payment information may have been compromised during that time and, if that were the case, then a number of Best Buy customers would have had their payment information compromised, as well."

It appears that the malware involved in this attack is capable of harvesting payment card information entered on websites that use the [24]7.ai chat software. Consumers may be impacted even if they have not directly used the chat functionality...

Russian Regulator Moves to Block Telegram Messaging App


Russian state regulators (Roskomnadzor) have moved to block the popular Telegram messaging app 48 hours after it missed a deadline to provide the government with tools to decrypt users’ personal messages.

On Friday, Roskomnadzor announced that it had asked a Moscow court to block Telegram in Russia.

The company has maintained that it does not have the tools with which to allow messages to be decrypted. Telegram’s legal defense said Friday that the Federal Security Service’s (FSB) demands to hand over decryption keys to private messages were "unconstitutional" and "technically and legally unachievable."

President Vladimir Putin’s Internet Ombudsman Dmitry Marinichev was cited as saying Friday that attempting to block Telegram was "silly" because people would find ways to circumvent the ban, but he added that it would force users to "encounter difficulties."

Web-Proxies


When you connect to a web-site on the Internet your IP Address is visible to that web-site. Knowing your IP Address also lets someone know your general location and your Internet Service Provider (ISP). Many web-sites log connecting IP Addresses and may also filter content based on your IP Address / geographic location.

If you want to see your unique IP Address when you connect to the Internet, visit a site like IP Chicken https://www.ipchicken.com/ or What’s My IP http://www.whatsmyip.org/ which will display your IP Address.


If you don’t want the web-sites that you visit to see and log your IP Address, you will need to connect to those web-sites in a way that masks your IP Address. One way to do this is to connect through a Proxy.

So why would you want to hide your IP Address? One of the most common reasons is to access area restricted content - maybe you want to watch streaming video not available in your country. Another reason is to keep a web-site from identifying you - maybe you want to leave a comment through an on-line form without having the comment connected back to you.

One of the easiest ways to use a proxy is to use a web-proxy. Connect to the proxy web-site, enter the URL that you would like to visit and the proxy passes your request on to the web-site. Because you are connecting through a proxy, the web-sites that you connect to see the IP Address instead of your IP Address.

To see how this work, connect to an IP Address checking site, such as IP Chicken directly from your computer. Write down your IP Address. Next connect to one of the following web-proxies and then connect through the proxy to IP Chicken again. Write down the IP Address when you connect through the proxy, they will be different.

Here are a few proxy web-sites that you can try:

http://securefor.com
http://newipnow.com
https://www.proxysite.com
https://hide.me/en/proxy
http://anonymouse.org/anonwww.html
http://dontfilter.us
https://kproxy.com
https://hidester.com/proxy/
https://www.vpnbook.com/webproxy
https://whoer.net/webproxy
https://nordvpn.com/web-proxy/

Connecting to a proxy over HTTPS is always better than HTTP. Some proxies keep no logs, other proxies probably do. A proxy adds to your privacy, and if it does not log also adds to your anonymity. Proxies are useful tools, and something I believe anyone concerned about data privacy and security should be aware of.

Use of some proxies, creating proxy chains (linking multiple proxies together), and using advanced functions can get a little bit complex, but using a web-proxy is simple. Just visit the proxy web-site and type in the URL of a web-site that you want to visit.



American History Orientation


HIST 101 - American History Orientation (3 hours)

A Comprehensive Look at American History

This course is an overview of American history. It emphasizes America's Christian heritage, limited and constitutional government, free market system, and individual freedom and civic responsibility. This self-paced curriculum teaches students how to apply lessons from the past to the challenges of the present.

 HIST 101 features contributions from some of America's top national leaders such as Newt Gingrich, Sarah Palin, Jerry Falwell, Jr., and Michele Bachmann, among others.


Thursday, April 5, 2018

Riseup's Etherpad


Use Riseup's Etherpad for short-term collaborative documents. Etherpad is a software libre web application that allows for real-time group collaboration of text documents. Riseup does not store IP addresses, they require https, and pads are automatically destroyed after 30 days of inactivity.

For added security, you can access Riseup's Etherpad  via the Riseup VPN or through the TOR network.

Riseup's Etherpad is available to anyone, you don't need a Riseup account to us the pad.

WARNING: Etherpad is accessible by anyone who has the address (URL) to the pad, if you use an obvious name when you create a pad, it could be guessed.

* Riseup is a collective providing secure online communication tools for people and groups working on liberatory social change.


License Plate Surveillance Company Attacks Nonprofits For Filing FOIA



Vigilant Solutions said law enforcement is facing an "onslaught" of transparency requests from people who ... want government to be accountable to taxpayers.

Vigilant Solutions a private company that sells surveillance technology to law enforcement is telling police departments that they are being targeted and attacked by transparency groups that request public records.

The Electronic Frontier Foundation (EFF) and MuckRock sent each law enforcement agency that works with Vigilant just one request for public records. "No agency is experiencing an onslaught," said Dave Maass, a senior investigative researcher at EFF. He noted that each request was very narrow, and that none were for confidential documents or those that would require redactions.

As law enforcement agencies increasingly outsource their activities to contractors, it’s becoming more difficult for the public to uncover details of how government uses surveillance technology. And although private corporations like Vigilant Solutions are not subject to public records laws, their contracts and interactions with government agencies are. (Motherboard, April 4, 2018)

I previously discussed ALPRS here on February 4, 2018 in a post titled "ALPRS - You Are Being Tracked"

Center for the Constitution Courses


Continue your study of the U.S. Constitution and the rights guaranteed to the American people with James Madison's Montpelier, Center for the Constitution - On-line Courses.
  • American Institutions I: The Federal Judiciary - From Idea to Institution
  • American Institutions II: Congress, the Constitution, and Contemporary Politics
  • American Institutions III: The Presidency and the Constitution
  • Creation of the Constitution
  • Constitutional Foundations
  • Constitutional Amendment: the Bill of Rights

In order to stand up for our rights we must know what those rights are.

IGD Chat


It's Going Down is a digital community center for anarchist, anti-fascist, autonomous anti-capitalist and anti-colonial movements. One of the services they offer is IGD.chat - a minimal, encrypted, ephemeral, anonymous, chat application.

Channels are created and joined by going to [https://igd.chat/your-madeup-channel]. Where "your-made-up-channel" is a word that you invent.

There are no channel lists, so a secret channel name can be used for private discussions.

Please visit this page in an incognito window and close your browser / tab after you are done.

No message history or logs are retained on the IGD.chat server, however this does not prevent someone in a room from making a screenshot of your discussions.


Wednesday, April 4, 2018

This Post is Privileged and Confidential


This Blog Post is Privileged and Confidential...

But you're reading it anyway.
 

*** This e-mail does not create an attorney-client relationship. ***
 
*** Any tax advice in this e-mail is not intended to be used for the purpose of avoiding penalties under the Internal Revenue Code. ***
 
*** This e-mail may contain Law Enforcement Sensitive information. ***
 
*** This e-mail contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). If this e-mail is received in error, delete it and all attachments to it and notify the sender immediately. ***
 
*** This email may contain confidential and/or legally privileged information. If it does, and you are not the intended recipient, then the sender hereby requests that you notify him of his mistake and destroy all copies in your possession. The sender also concedes that he is very, very stupid, and obviously should not be sending electronic-mail without supervision.***


E-mail disclaimers are mostly, legally speaking, pointless. Many disclaimers are, in effect, seeking to impose a contractual obligation unilaterally, and thus are unenforceable. In other words, email footers assert that a reader has consented to a contract based on mere receipt of the message. This is problematic because, as with any legally binding contract, both parties must agree to its terms. Simply opening or reading a message is not the same as approving what is inside. For this reason, typically email confidentiality warnings carry no legal weight.

Many organizations automatically append these sorts of disclaimers to every message sent from their e-mail servers, no matter how brief and trivial the message itself might be. Yet studies have shown that less than 10% of recipients who receive emails with disclaimers even read those disclaimers and warnings. 

When it comes down to it email disclaimers are pretty pointless. They fail to create a valid contract between sender and recipient. They are generally untested and unimpressive in court, too long, overused and no one reads them.

What You Should Do...

If you do choose to use email disclaimers, use them sparingly and place them at the beginning of your emails rather than the end. This way, recipients will actually see the disclaimer and might pay attention to it.

If your e-mail really does contain sensitive information it should be ENCRYPTED.

Do not place sensitive information in the body of an e-mail. If sensitive information must be sent by e-mail, place that information in a properly marked, password protected (encrypted) attachment and include the password in the confidentiality disclaimer, or better still send the password by an alternate means.

Look at the US government's guide to Marking Controlled Unclassified Information for some ideas on properly marking and handling controlled information.


US Suspects Cellphone Spying Devices in DC

The Associated Press reported on April 3, 2018 that the Department of Homeland Security (DHS) has confirmed that it found what appear to be unauthorized cell-site simulators, also known as Stingrays, in Washington DC.

For the first time, the U.S. government has publicly acknowledged the existence in Washington, DC of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages. The use of what are known as cellphone-site simulators by foreign powers has long been a concern, but American intelligence and law enforcement agencies - which use such eavesdropping equipment themselves - have been silent on the issue until now.

In a March 26, 2018 letter to Oregon Sen. Ron Wyden, the Department of Homeland Security acknowledged that last year it identified suspected unauthorized cell-site simulators in the nation’s capital. The agency said it had not determined the type of devices in use or who might have been operating them. Nor did it say how many it detected or where.

The devices work by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular cellphone. More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware.

I mentioned Stingray devices here in the blog in November 2017.  There are apps, like Snoop Snitch (for Android), that attempt to detect devices like Stingray, but they are not 100% effective.

To defeat devices like Stingray and Hailstorm you need strong encryption, like that provided by Signal or Tox. Use a VPN or TOR to encrypt your cellular internet traffic. This won't keep Stingray and Hailstorm from capturing your metadata, but will protect the content of your conversations and text messages.




CATO University - Home Study Course


Spend time with some of the world's greatest minds and truest friends of freedom in the
CATO University - Home Study Course.
  • Professionally prepared audio programs on the historical, philosophical, economic, legal, and moral foundations of individual liberty and limited government
  • Listen/Download at no cost
  • Programs you can enjoy at your own pace
  • Extensive topic summaries prepared on each major subject
The Cato Home Study Course immerses you in the thoughts and views of John Locke, Thomas Jefferson, Thomas Paine, James Madison, Adam Smith, Voltaire, John Stuart Mill, Henry David Thoreau, Ayn Rand, F.A. Hayek, Milton Friedman, and others. You are stimulated and surrounded by their ground-breaking ideas on liberty, justice, property, constitutionalism, free trade, capitalism, toleration, and peace.

This is a self-paced, home study program, enabling you to spend time with brilliant minds wherever and whenever you have an opportunity to listen and think. Each program is presented by professional actors and broadcasters, and the content is lively, dynamic, and truly thought-provoking.

Active Shooter at YouTube Headquarters



A woman - Nasim Najafi Aghdam, 39 - suspected of shooting three people at YouTube headquarters before killing herself was furious with the company because it had stopped paying her for videos she posted on the platform, her father said late Tuesday (April 3, 2018). YouTube had "stopped everything," and "she was angry," her father Ismail Aghdam said from his San Diego home in a telephone interview with the Bay Area News Group.

Aghdam has been variously described as a vegan bodybuilder, artist and rapper. She was active on various social media outlets, including YouTube, where she had a number of channels in Persian, Turkish and English. On YouTube, she published an eclectic set of videos, including music parodies and workouts, on topics like animal cruelty and vegan cooking.

A 2009 story by The San Diego Union-Tribune quoted a woman with the same name as Ms. Aghdam at an animal rights protest outside Camp Pendleton, the Marine Corps base in Southern California. Two dozen attended the protest organized by People for the Ethical Treatment of Animals against the use of pigs in military trauma training. (BBC World News)




Tuesday, April 3, 2018

150 Million MyFitnessPal Accounts Compromised


Under Armour says 150 million MyFitnessPal accounts compromised in data breach.

Sportswear brand Under Armour announced today that its subsidiary MyFitnessPal was affected in a significant data beach, compromising as many as 150 million accounts. Account information involved in the breach includes user names, email addresses, and hashed passwords, but no financial information like credit card numbers or government or identifiers like social security numbers.


Panera Bread Compromises Millions of Customers' Personal Information


Panera Bread leaked customer data right on its website for months despite warnings.

According to Quartz (April 3, 2018) - Security experts have alleged that US bakery-cafe chain Panera Bread had "millions" of customers’ personal information available and searchable on its site for at least eight months, leaving them vulnerable to identity theft.

A plain-text page on Panera’s website revealed the full names, email addresses, physical addresses, phone numbers, date of birth, dietary preferences, and last four digits of credit cards of customers who signed up for the company’s delivery service, the researchers said.


US DOD Constitution Course


US DOD Constitution Course
Congressional Appropriations Bill H.R. 4818, P.L. 108-447, requires Federal agencies to provide new employees with educational and training materials on the U.S. Constitution as part of the new employee orientation materials; and provide all Federal agency employees educational and training materials on the Constitution on Constitution Day and Citizenship Day, September 17th of each year.


Solving the First Contact Problem


The first contact problem is the problem of making initial contact with a confidential source. Maybe you are a journalist reaching out to a potential source within a government agency, or maybe you are a whistleblower reaching out to an investigative journalist. Perhaps you work for a major corporation and want to provide information about high level criminal activity to the police or to a regulatory agency.

Any identified link between the source and a person in the investigative agency (be that a journalist at a news agency or a government investigator) puts the source at risk. If you call the New York Times and arrange to meet with a reporter, your telephone records show that initial contact. If you send an e-mail from your corporate e-mail account to a government agency asking for a meeting, your IT Department may be able to see that connection or even have a copy of the e-mail. Is your initial contact with a government agency subject to being released in a Freedom of Information Act (FOIA) request? Sure, an investigative file may be confidential, but did that initial e-mail requesting a meeting get added to the file? If you mail a letter to an organization, are you sure that it will only be opened by the addressee? Administrative offices may open some incoming mail, and how many secretaries open and even respond to mail addressed to their bosses? The US Postal Service photographs the outside of all mail. Could copies of those photographs be obtained to make a list of return addressed?

This is the first contact problem. You must ensure that establishing contact with a source does not leave clues that can later be used to identify that source. Ask yourself, what resources does the opposition have to identify your source (e.g., legal, financial)? How likely is it that anyone will make an effort to identify the source of a leak? (Very likely? Not at all?) What are the potential consequences for your sources if they are discovered?

An article, by Micah Lee, in the Intercept from 2014 discusses how Edward Snowden worked to resolve the first contact problem when contacting Laura Poitras.

Based on the capabilities of those attempting to identify your source and the likely consequences for your source if identified, consider which channels are appropriate for your communications. For example, if you are concerned about an organization with few resources to investigate, then your sources have a lot of options for communicating with you; anywhere outside of work. If the potential investigator is from a large government agency, however, chances are that agency has resources for investigating the leaked information, so your source needs to be very cautious.

A major news agency, investigative reporters, a police department, a government agency that might receive reports from outside sources, should all consider having a way for potential confidential sources to contact them securely and anonymously. The New York Times is a good example of an organization that provides a number of ways to communicate with them confidentially.  


 Ask yourself these questions:
  • How can someone outside of your organization send you an encrypted e-mail?
  • Is there a way for a potential source to speak with you on a secure telephone line?
  • Can you exchange encrypted messages with a potential source?
  • Is there a way for a potential source to provide you with a large number of documents or files securely?

There is no one perfect way to communicate with confidential sources (if there was then everyone would use it). What is important however is to have a number of secure communication channels available for potential sources to use. Remember that while a source may possess valuable information, he or she may not possess any technical skill or tradecraft allowing him or her to get that information to you securely. Keep this in mind as you develop your solution to the first contact problem.


Monday, April 2, 2018

London's Murder Rate Higher Than New York’s Amid Surge in Knife Crime



According to an article on RT (April 2, 2018) - London’s murder rate has surpassed New York’s for the first time in modern history as knife crime in the British capital hits crisis levels. It comes amid huge police cuts and falling officer numbers.

A total of 37 murders have been committed in London during the last two months, according to a report in the Sunday Times. In February, 15 murders were recorded by the Metropolitan Police compared to 14 in New York, while initial figures for March count 22 killings in London compared to 21 in the US city.

London and New York City have comparable populations of 8.7 million and 8.6 million respectively. NYC’'s murder rate has decreased by around 87 percent since the 1990s, while the number of London murders, excluding victims of terrorism, has risen by almost 40 percent since 2014.

A report by the BBC from a year ago (April 2017) reported "Gun crime offences in London surged by 42% in the last year, according to official statistics." Knife crime also increased by 24% with 12,074 recorded offences from 2016 to 2017.

Yet London has an almost complete ban on carrying guns and knives.

Bans and restrictions on guns and knives do little if anything to reduce violent crime. Such bans and restrictions disarm those who are inclined to follow the law, but not the violent criminal for whom the law holds little meaning.


Laws that forbid the carrying of arms ... disarm only those who are neither inclined nor determined to commit crimes. Such laws make things worse for the assaulted and better for the assailants; they serve rather to encourage than prevent homicides, for an unarmed man may be attacked with greater confidence than an armed one. (Cesare Beccaria - Essay on Crimes and Punishments)

Drug Detection Dogs Are Barely More Accurate Than a Coin Flip


We can all agree that illegal drug use and abuse is a serious concern. And most would agree that we should take measures to foster a drug-free environment in our communities. So what is the problem with searches that use "drug detection dogs"? Aren’t drug dogs just a tool to help the police target drug users and suppliers? They won’t cause any harm to people who aren't in possession of illegal drugs, so no need for us to worry about them. Right?

Not exactly. There are a number of reasons we should be concerned about drug-sniffing dogs being used in searches, but one key problem is that they have not been very effective at targeting only drug possessors. Several studies have indicated that drug dogs are prone to false alerts, which then lead to unjustified searches. Records of drug-sniffing dogs in one Washington school district indicated that dogs were incorrect 85 percent of the times they alerted to a substance. A Chicago study of drug dogs used for roadside automobile searches shows a 56 percent error rate - increasing to 73 percent for Hispanic drivers. Even the most generous estimates suggest that drug dogs are reliable, at most, 70 percent of the time (and this figure takes into account the 26% of searches where no substances are actually found but the targeted person admits to prior drug contact).

The Chicago Tribune sifted through three years worth of cases in which law enforcement used dogs to sniff out drugs in cars in suburban Chicago. According to the analysis, officers found drugs or paraphernalia in only 44 percent of cases in which the dogs had alerted them. When the driver was Latino, the dogs were right just 27 percent of the time. The paper explains.

The Tribune spoke to a few dog experts and they almost universally blamed the handlers: Dog handlers can accidentally cue alerts from their dogs by leading them too slowly or too many times around a vehicle, said Lawrence Myers, an Auburn University professor who studies detector dogs.

The U.S. Court of Appeals for the Seventh Circuit issued a troubling ruling about drug dogs in July 2015. U.S. v. Bentley is just the latest in a series of rulings in which the federal courts refuse to consider the possibility that police departments may be manipulating the dogs to authorize unlawful searches. The problem here is that invasive searches based on no more than a government official’s hunch is precisely what the Fourth Amendment is supposed to guard against. Unfortunately, the way the U.S. Supreme Court has ruled on this issue not only doesn’t account for the problem, but also has given police agencies a strong incentive to ensure that drug dogs aren’t trained to act independently of their handler’s suspicions. A dog prone to false alerts means more searches, which means more opportunities to find and seize cash and other lucre under asset forfeiture policies. In fact, a drug dog’s alert in and of itself is often cited as evidence of drug activity, even if no drugs are found, thus enabling police to seize cash, cars and other property from motorists. Some dog trainers have said that drug dogs can be trained to alert only when there are measurable quantities of a drug - to ignore so-called "trace" or "remnant" alerts that aren’t cause for arrest. But these trainers also say that police agencies don’t want dogs trained to ignore remnant odors, because any alert is an authorization for a more thorough search.

Why do False-Positives Happen?

False positives may - as police claim - be caused by odor from previous contact with drugs, or drugs that have been stashed in an unsearched area.

But the dogs can also be affected by the context; they can become tired, hungry, or confused by multiple odors, noises and distractions.

And it is very likely that intentional and unintentional cues by dog handlers, who are trained to profile people based on behavior, appearance and comportment, are to some degree interfering with the dogs’ identifications.

Dogs are naturally responsive to even the subtlest of human cues. Scent-detection dogs were found to be more likely to falsely alert to locations when their handler believed drugs to be present, with handler beliefs influencing dog alerts even more than food decoys.

Such cues may also be exacerbating the discriminatory impacts of general drug-detection dogs.


I love dogs, and I believe that they have a strong place in police and security work. On patrol, apprehending violent criminals, and in search and rescue work dogs are first rate. But when it comes to conducting searches based on a detection rate that is little better than a coin flip, we need to ask if we are doing the right thing.


References

Illinois State Police Drug Dog Unit Analysis Shows Error Rate Between 28 and 74 Percent

Drug-Sniffing Dogs in Schools Make Every Student a Suspect

Drug-Sniffing Dogs Are Wrong More Often Than Right

Hillsdale College Courses on the Constitution



Hillsdale College offers free, not-for-credit online courses taught by its faculty. These online versions are based upon those in the College’s undergraduate Core Curriculum, which all Hillsdale students must complete prior to graduation.

In addition to lectures, these online courses feature readings, study guides, quizzes, and discussion groups. There is also an opportunity to receive certificates of completion for each course.
--

Too often when considering data privacy and personal security we are faced with a conflict between the rights of the American people and the needs of the government. Our rights are enumerated in the U.S. Constitution, but today it seems that nobody knows what those rights and freedoms are.

Civics was a class that used to be required before you could graduate from high school. In civics class you were taught about the U.S. Constitution and about your rights and responsibilities as a citizen of the United States. Unfortunately civics class is no longer required to graduate from many high schools, and is seldom required as part of a college education. 

We live in a country, a great Constitutional Republic, with a constitution that guarantees our rights and freedoms - a contract between the citizens and the government - but if you don't know what your rights are, how can you stand up for them?

Cops Are Now Opening iPhones With Dead People's Fingerprints


No privacy for the dead... it's entirely legal for police to use your fingerprints to unlock your phone after you're dead, even if there might be some ethical quandaries to consider. Once a person is deceased, they no longer have a privacy interest in their dead body. That means they no longer have standing in court to assert privacy rights.

Relatives or other interested parties have little chance of stopping cops using fingerprints to access smartphones too. "Once you share information with someone, you lose control over how that information is protected and used. You cannot assert your privacy rights when your friend's phone is searched and the police see the messages that you sent to your friend. Same goes for sharing information with the deceased - after you released information to the deceased, you have lost control of privacy... (Forbes, March 22, 2018)
--

Whether you are dead or alive, I recommend that you use a long passcode to secure your smartphone (do NOT rely on the fingerprint reader). The fingerprint reader can be bypassed by anyone who can force you to press your finger on the sensor thereby unlocking your phone and revealing your data.

Sunday, April 1, 2018

Proclaim Liberty Throughout All the Land


National Center for Constitutional Studies
Proclaim Liberty Throughout All the Land


Welcome to our study course, Proclaim Liberty Throughout all the Land. In this course you will learn the basic principles that are embodied in our founding documents, The Declaration of Independence and the United States Constitution. You will also become conversant with each part of the Constitution and understand, perhaps for the first time, how nearly every problem we face in America today could be solved by understanding and applying the wisdom of America’s Founding Fathers.

This course is for anyone 14 and up who would like to learn about the United States Constitution as established by America’s Founders. Proclaim Liberty is broken up into 23 easy to understand lessons with the average lesson length of approximately 30 minutes. All of the videos for this course are free for you to view online.


The discussion guide and workbook for this course is an excellent reference for anyone working through these lessons.

Secure File Erasers


When you delete a file from your computer - move it to the ‘Recycle Bin’ in Windows - that file is not gone. The Recycle Bin is really just another folder on your desktop that holds files that you no longer want. When you empty the Recycle Bin the files it contained are no longer available to you, but they are still stored on your computer until such time as the location where they are stored is overwritten by other data.  There are even programs available that let you "un-delete" and recover files after you have emptied the Recycle Bin. The Recycle Bin and the ability to un-delete files is a useful feature to make sure that you don’t accidentally destroy information on your computer.

But what happens when you want to delete a file and be sure that it is completely destroyed? Just moving it to the Recycle Bin and then emptying the bin won’t work, that file is still recoverable with un-delete software. When you want to completely destroy a file on your computer, you need a file shredder.   

File shredders remove files from your computer, but in addition to removing the files they also overwrite the files’ location with random data so that they can’t be recovered - not even by using special data recovery software.

There are several file shredder programs available, but two that I like are Freeraser and Securely File Shredder. Both of these programs are free, and function similarly to the Windows Recycle Bin, but with the addition of a secure overwrite of the file location to help ensure that it can’t be recovered.

Freeraser adds its own version of the recycle bin to your desktop. To permanently delete (shred) a file, just drag it onto the Freeraser icon and click "continue". The file is then destroyed.

Securely File Eraser also has a drag-and-drop function, but also include options to delete files and folders by browsing to locate them. Securely File Eraser also includes a button that allows you to permanently delete the contents of the Windows Recycle Bin.

Download a copy of Freeraser or Securely File Shredder; or find another secure file shredder that works for you. Regardless of which file shredder you choose, it is important to have some method of permanently deleting sensitive information from your computer.


FBI Used Classified Hacking Tools in Ordinary Criminal Investigations


The FBI’s Remote Operations Unit (ROU), tasked with hacking into computers and phones, is one of the Bureau’s most elusive departments. But a recent report from the Office of the Inspector General (OIG) for the Department of Justice has now publicly acknowledged the unit’s existence seemingly for the first time. The report also revealed that the ROU has used classified hacking tools - techniques typically reserved for intelligence purposes - in ordinary criminal investigations, possibly denying defendants the chance to scrutinize evidence, as well as destabilizing prosecutors’ cases against suspects.

"When hacking tools are classified, reliance on them in regular criminal investigations is likely to severely undermine a defendant’s constitutional rights by complicating discovery into and confrontation of their details," said Brett Kaufman, a staff attorney at the ACLU. "If hacking tools are used at all, the government should seek a warrant to employ them, and it must fully disclose to a judge sufficient information, in clear language, about how the tools work and what they will do," he added. (Motherboard, March 29, 2018)

This hacking of American citizens by the FBI is not new. According to NBC News in 2013, the Remote Operations Unit and Remote Assistance Team, which uses private contractors to do the actual hacking of suspects, can send a virus, worm or other malware to a suspect's computer, giving law enforcement control of a wide range of activities, from turning a computer's webcam on and off to searching for documents on the machine, says Christopher Soghoian, principal technologist for the ACLU's Speech, Privacy and Technology Project.