Saturday, June 23, 2018

White House Confirms Its Chief of Staff Was Hacked


A personal email account of White House Chief of Staff John Kelly was hacked, according to an email obtained by Buzzfeed via a Freedom of Information Act (FOIA) request. "As we discussed ... my folks are nervous about the emails you send and ask that you no longer include them on any postings," Kelly wrote. "Then there is hacking which one of my own personal accounts has suffered recently. I do almost everything now by phone or face-to-face comms."

Tech support staff discovered the suspected breach after Kelly turned his phone in to White House tech support this summer complaining that it wasn’t working or updating software properly. Kelly told the staffers the phone hadn’t been working properly for months, according to the officials.

It's not clear if Kelly used the email account to conduct government business or if there was anything sensitive on it. Shortly after Trump's inauguration, the NSA reportedly told Trump administration officials to stop using personal cellphones and email accounts, as they could be vulnerable to spying by Russia, China and other US adversaries. (Engadget, June 11, 2018)



Sovereign Citizens


Sovereign citizen is a term used to refer to a political movement which grew out of a belief in government abuses of power. Members often refuse to hold social security cards or driver's licenses and avoid using zip codes. Sovereign citizens believe that U.S. citizens are either "Fourteenth Amendment citizens" (who are subject to the federal and state laws and taxes) or "sovereign citizens", who are subject only to common law or "constitutional law" (or both), but are not bound to obey statutory law. No court has ever upheld these claims. Sovereign citizens may also be referred to as "freemen" or "common law citizens".

A sovereign citizen is defined by the Anti-Defamation League as follows:

"The "sovereign citizen" movement is a loosely organized collection of groups and individuals who have adopted a right-wing anarchist ideology originating in the theories of a group called the Posse Comitatus in the 1970s. Its adherents believe that virtually all existing government in the United States is illegitimate and they seek to "restore" an idealized, minimalist government that never actually existed. To this end, sovereign citizens wage war against the government and other forms of authority using "paper terrorism" harassment and intimidation tactics, and occasionally resorting to violence."

Who is a "Sovereign Citizen"? Podcast (59 minutes) June 6, 2018

Your Legal Rights considers Sovereign Citizenship and its avowed adherents. Is there such a movement in the US? Host Jeffrey Hayden welcomes David Nazarro and Kathleen Sherman.

Without Prejudice: What Sovereign Citizens Believe (June 2016)

When surveyed, United States law enforcement consistently ranks sovereign citizens as the top domestic extremist threat, even greater than that presented by homegrown jihadists. Despite the
considerable size of the movement, estimated to include hundreds of thousands of adherents, few Americans know what sovereigns believe and how those beliefs inform their actions.

The Lawless Ones: The Resurgence of the Sovereign Citizen Movement (2012)

The sovereign citizen movement is an extreme anti-government movement whose members believe the government has no authority over them. It began a resurgence of activity, including criminal activity, in 2009 that has shown no signs of stopping. In 2012, the sovereign citizen movement is currently one of the most problematic domestic extremist movements in the United States.

Why the Surveillance State is Dangerous


Senator Rand Paul shared a link to an article from the Foundation for Economic Education (June 17, 2018) Why the Surveillance State is Dangerous.

Who ever thought that Americans would be, like mere Europeans, searched at “checkpoints,” that many searches would be rechristened “inspections,” or that border agents would have the right to search smartphones or other devices without a warrant at the rate of 30,000 times a year (including searches of citizens’ devices)? The NSA has been spying on millions of Americans. Until about 2010, according to Wall Street Journal data, the FBI had more DNA records than the Chinese government (which started later in the competition), although the collection is proceeding so fast in China that America doesn’t “win” the race anymore; per capita, the two countries are now about equal.

The problem of the Surveillance State is not so much what it knows as what it can do with what it knows. The Surveillance State is dangerous not so much because it violates some standard of privacy, but because surveillance fuels control.

What the state, with its vast coercive powers, can do with information gathering suggests that a serious problem only exists when the state does it, or when it can seize information from private parties’ databases.

The problem here is that there may very well be some government employee sitting in a basement office somewhere keeping secret, hidden, and illegal, files about you... and you would never know it.

To emphasize my point, “law-abiding people” must fear state surveillance because it makes it more likely that they will become non-law-abiding without any change in their behavior. They will be caught for violating laws that they even did not know existed. Moreover—and this is my main argument—the “law abiding” will be ensnared by new laws adopted because state rulers know that enforcement costs are not as prohibitive as they used to be. The level of surveillance will multiply the number of new laws imposed on the formerly law-abiding.

Friday, June 22, 2018

73 Rules of Spycraft


American diplomat and lawyer Allen Dulles (1893-1969), the 5th Director of Central Intelligence and once head of the CIA listed 73 Rules of Spycraft.

“The greatest weapon a man or woman can bring to this type of work in which we are engaged is his or her hard common sense. The following notes aim at being a little common sense and applied form. Simple common sense crystallized by a certain amount of experience into a number of rules and suggestions.

  1. There are many virtues to be striven after in the job. The greatest of them all is security. All else must be subordinated to that.
  2. Security consists not only in avoiding big risks. It consists in carrying out daily tasks with painstaking remembrance of the tiny things that security demands. The little things are in many ways more important than the big ones. It is they which oftenest give the game away. It is consistent care in them, which form the habit and characteristic of security mindedness.
  3. In any case, the man or woman who does not indulge in the daily security routine, boring and useless though it may sometimes appear, will be found lacking in the proper instinctive reaction when dealing with the bigger stuff.
  4. No matter how brilliantly given an individual, no matter how great his goodwill, if he is lacking in security, he will eventually prove more of a liability than asset.
  5. Even though you feel the curious outsider has probably a good idea that you are not what you purport to be, never admit it. Keep on playing the other part. It’s amazing how often people will be led to think they were mistaken. Or at least that you are out ‘in the other stuff’ only in a very mild way. And anyhow, a person is quite free to think what he likes. The important thing is that neither by admission or implication do you let him know.
  6. Security, of course, does not mean stagnation or being afraid to go after things. It means going after things, but reducing all the risks to a minimum by hard work.
  7. Do not overwork your cover to the detriment of your jobs; we must never get so engrossed in the latter as to forget the former.
  8. Never leave things lying about unattended or lay them down where you are liable to forget them. Learn to write lightly; the “blank” page underneath has often been read. Be wary of your piece of blotting paper. If you have to destroy a document, do so thoroughly. Carry as little written matter as possible, and for the shortest possible time. Never carry names or addresses en clair. If you cannot carry them for the time being in your head, put them in a species of personal code, which only you understand. Small papers and envelopes or cards and photographs, ought to be clipped on to the latter, otherwise they are liable to get lost. But when you have conducted an interview or made arrangements for a meeting, write it all down and put it safely away for reference. Your memory can play tricks.
  9. The greatest vice in the game is that of carelessness. Mistakes made generally cannot be rectified.
  10. The next greatest vice is that of vanity. Its offshoots are multiple and malignant. Besides, the man with a swelled head never learns. And there is always a great deal to be learned.
  11. Booze is naturally dangerous. So also is an undisciplined attraction for the other sex. The first loosens the tongue. The second does likewise. It also distorts vision and promotes indolence. They both provide grand weapons to an enemy.
  12. It has been proved time and again, in particular, that sex and business do not mix.
  13. In this job, there are no hours. That is to say, one never leaves it down. It is lived. One never drops one’s guard. All locations are good for laying a false trail (social occasions, for instance, a casual hint here, a phrase there). All locations are good for picking something up, or collecting…for making a useful acquaintance.
  14. In a more normal sense of the term “no hours,” it is certainly not a business where people put their own private arrangements before their work.
  15. That is not to say that one does not take recreation and holidays. Without them it is not possible to do a decent job. If there is a real goodwill and enthusiasm for the work, the two (except in abnormal circumstances) will always be combined without the work having to suffer.
  16. The greatest material curse to the profession, despite all its advantages, is undoubtedly the telephone. It is a constant source of temptation to slackness. And even if you do not use it carelessly yourself, the other fellow, very often will, so in any case, warn him. Always act on the principle that every conversation is listened to, that a call may always give the enemy a line. Naturally, always unplug during confidential conversations. Even better is it to have no phone in your room, or else have it in a box or cupboard.
  17. Sometimes, for quite exceptional reasons, it may be permissible to use open post as a channel of communications. Without these quite exceptional reasons, allowing of no alternative, it is to be completely avoided.
  18. When the post is used, it will be advisable to get through post boxes; that is to say, people who will receive mail for you and pass it on. This ought to be their only function. They should not be part of the show. They will have to be chosen for the personal friendship which they have with you or with one of your agents. The explanation you give them will depend on circumstances; the letters, of course, must be apparently innocent incontinence. A phrase, signature or embodied code will give the message. The letter ought to be concocted in such fashion as to fit in with the recipient’s social background. The writer ought therefore to be given details of the post boxes assigned to them. An insipid letter is in itself suspicious. If however, a signature or phrase is sufficient to convey the message, then a card with greetings will do.
  19. Make a day’s journey, rather than take a risk, either by phone or post. If you do not have a prearranged message to give by phone, never dial your number before having thought about your conversation. Do not improvise even the dummy part of it. But do not be too elaborate. The great rule here, as in all else connected with the job, is to be natural.
  20. If you have phoned a line or a prospective line of yours from a public box and have to look up the number, do not leave the book lying open on that page.
  21. When you choose a safe house to use for meetings or as a depot, let it be safe. If you can, avoid one that is overlooked by other houses. If it is, the main entrance should be that used for other houses as well. Make sure there are no suspicious servants. Especially, of course, be sure of the occupants. Again, these should be chosen for reasons of personal friendship with some member of the organization and should be discreet. The story told to them will once again depend on circumstances. They should have no other place in the show, or if this is unavoidable, then calls at the house should be made as far as possible after dark.
  22. Always be yourself. Always be natural inside the setting you have cast for yourself. This is especially important when meeting people for the first time or when traveling on a job or when in restaurants or public places in the course of one. In trains or restaurants people have ample time to study those nearest them. The calm quiet person attracts little attention. Never strain after an effect. You would not do so in ordinary life. Look upon your job as perfectly normal and natural.
  23. When involved in business, look at other people as little as possible, and don’t dawdle. You will then have a good chance of passing unnoticed. Looks draw looks.
  24. Do not dress in a fashion calculated to strike the eye or to single you out easily.
  25. Do not stand around. And as well as being punctual yourself, see that those with whom you are dealing are punctual. Especially if the meeting is in a public place; a man waiting around will draw attention. But even if it is not in a public place, try to arrive and make others arrive on the dot. An arrival before the time causes as much inconvenience as one after time.
  26. If you have a rendezvous, first make sure you are not followed. Tell the other person to do likewise. But do not act in any exaggerated fashion. Do not take a taxi to a house address connected with your work. If it cannot be avoided, make sure you are not under observation when you get into it. Or give another address, such as that of a café or restaurant nearby.
  27. Try to avoid journeys to places where you will be noticeable. If you have to make such journeys, repeat them as little as possible, and take all means to make yourself fit in quietly with the background.
  28. Make as many of your difficult appointments as you can after dark. Turn the blackout to good use. If you cannot make it after dark, make it very early morning when people are only half awake and not on the lookout for strange goings-on.
  29. Avoid restaurants, cafes and bars for meetings and conversations. Above all never make an initial contact in one of them. Let it be outside. Use abundance of detail and description of persons to be met, and have one or two good distinguishing marks. Have a password that can be given to the wrong person without unduly exciting infestation.
  30. If interviews cannot be conducted in a safe house, then take a walk together in the country. Cemeteries, museums and churches are useful places to bear in mind.
  31. Use your own judgment as to whether or not you ought to talk to chance travel or table companions. It may be useful. It may be the opposite. It may be of no consequence whatsoever. Think, however, before you enter upon a real conversation, whether this particular enlargement of the number of those who will recognize and spot you in the future is liable or not to be a disadvantage. Always carry reading matter. Not only will it save you from being bored, it is protective armor if you want to avoid a conversation or to break off an embarrassing one.
  32. Always be polite to people, but not exaggeratedly so. With the following class of persons who come to know you — hotel and restaurant staffs, taxi drivers, train personnel etc., be pleasant.
  33. Someday, they may prove useful to you. Be generous in your tips to them, but again, not exaggeratedly so. Give just a little more than the other fellow does – unless the cover under which you are working does not permit this. Give only normal tips. however, to waiters and taxi drivers, etc., when you are on the job. Don’t give them any stimulus, even of gratification, to make you stick in their minds. Be as brief and casual as possible.
  34. Easiness and confidence do not come readily to all of us. They must be assiduously cultivated. Not only because they help us personally, but they also help to produce similar reactions in those we are handling.
  35. Never deal out the intense, the dramatic stuff, to a person before you have quietly obtained his confidence in your levelheadedness.
  36. If you’re angling for a man, lead him around to where you want him; put the obvious idea in his head, and make the suggestion of possibilities come to him. Express, if necessary – but with great tact — a wistful disbelief in the possibilities at which you are aiming. “How fine it would be if only someone could… but of course, etc. etc.” And always leave a line of retreat open to yourself.
  37. Never take a person for granted. Very seldom judge a person to be above suspicion. Remember that we live by deceiving others. Others live by deceiving us. Unless others take persons for granted or believe in them, we would never get our results. The others have people as clever as we; if they can be taken in, so can we. Therefore, be suspicious.
  38. Above all, don’t deceive yourself. Don’t decide that the other person is fit or is all right, because you yourself would like it to be that way. You are dealing in people’s lives.
  39. When you have made a contact, till you are absolutely sure of your man — and perhaps even then — be a small but eager intermediary. Have a “They” in the background for whom you act and to whom you are responsible. If “They” are harsh, if “They” decide to break it off, it is never any fault of yours, and indeed you can pretend to have a personal grievance about it. “They” are always great gluttons for results and very stingy with cash until “They” get them. When the results come along, “They” always send messages of congratulation and encouragement.
  40. Try to find agents who do not work for money alone, but for conviction. Remember, however, that not by conviction alone, does the man live. If they need financial help, give it to them. And avoid the “woolly” type of idealist, the fellow who lives in the clouds.
  41. Become a real friend of your agents. Remember that he has a human side so bind him to you by taking an interest in his personal affairs and in his family. But never let the friendship be stronger than your sense of duty to the work. That must always be impervious to any sentimental considerations. Otherwise, your vision will be distorted, your judgment affected, and you may be reluctant, even, to place your men in a position of danger. You may also, by indulgence toward him, let him endanger others.
  42. Gain the confidence of your agents, but be wary of giving them more of yours than is necessary. He may fall by the way side; he may quarrel with you; it may be advisable for a number of reasons to drop him. In that case, obviously, the less information he possesses, the better. Equally obviously, if an agent runs the risk of falling into the hands of the enemy, it is unfair both to him and the show to put him in possession of more knowledge than he needs.
  43. If your agent can be laid off work periodically, this is a very good thing. And during his rest periods, let him show himself in another field and in other capacities.
  44. Teach them at least the elements of technique. Do not merely leave it to his own good judgment, and then hope for the best. Insist, for a long time at least, on his not showing too much initiative, but make him carry out strictly the instructions which you give him. His initiative will he tested when unexpected circumstances arise. Tell him off soundly when he errs; praise him when he does well.
  45. Do not be afraid to be harsh, or even harsh with others, if it is your duty to be so. You are expected to be likewise with yourself. When necessity arises neither your own feelings not those of others matter. Only the job — the lives and safety of those entrusted to you — is what counts.
  46. Remember that you have no right to expect of others what you are not prepared to do yourself. But on the other hand, do not rashly expose yourself in any unnecessary displays of personal courage that may endanger the whole shooting match. It often takes more moral courage to ask another fellow to do a dangerous task than to do it yourself. But if this is the proper course to follow, then you must follow it.
  47. If you have an agent who is really very important to you, who is almost essential to your organization, try not to let them know this. Infer, without belittling him, that there are other lines and other groups of a bigger nature inside the shadow, and that — while he and his particular group are doing fine work — they are but part of a mosaic.
  48. Never let your agent get the bit between his teeth and run away with you. If you cannot manage it easily yourself, there are always the terrible “They.”
  49. But if your agent knows the ground on which he is working better than you, always be ready to listen to his advice and to consult him. The man on the spot is the man who can judge.
  50. In the same way, if you get directives from HQ, which to you seem ill-advised, do not be afraid to oppose these directives. You are there for pointing things out. This is particularly so if there is grave danger to security without a real corresponding advantage for which the risk may be taken. For that, fight anybody with everything you’ve got.
  51. If you have several groups, keep them separate unless the moment comes for concerted action. Keep your lines separate; and within the bounds of reason and security, try to multiply them. Each separation and each multiplication minimizes the danger of total loss. Multiplication of lines also gives the possibility of resting each line, which is often a very desirable thing.
  52. Never set a thing really going, whether it be big or small, before you see it in its details. Do not count on luck. Or only on bad luck.
  53. When using couriers, who are in themselves trustworthy — (here again, the important element of personal friendship ought to be made to play its part) — but whom it is better to keep in the dark as to the real nature of what they are carrying, commercial smuggling will often provide an excellent cover. Apart from being a valid reason for secrecy, it gives people a kick and also provides one with a reason for offering payment. Furthermore, it involves a courier in something in which it is in his own personal advantage to conceal.
  54. To build this cover, should there be no bulk of material to pass, but only a document or a letter, it will be well always to enclose this properly sealed in a field dummy parcel with an unsealed outer wrapping.
  55. The ingredients for any new setup are: serious consideration of the field and of the elements at your disposal; the finding of one key man or more; safe surroundings for encounter; safe houses to meet in; post boxes; couriers; the finding of natural covers and pretext for journeys, etc.; the division of labor; separation into cells; the principal danger in constructing personal friendships between the elements (this is enormously important); avoidance of repetition.
  56. The thing to aim at, unless it is a question of a special job, is not quick results, which may blow up the show, but the initiation of a series of results, which will keep on growing and which, because the show has the proper protective mechanism to keep it under cover, will lead to discovery.
  57. Serious groundwork is much more important than rapid action. The organization does not merely consist of the people actively working but the potential agents whom you have placed where they may be needed, and upon whom you may call, if need arises.
  58. As with an organization, so with a particular individual. His first job in a new field is to forget about everything excepting his groundwork; that is, the effecting of his cover. Once people label him, the job is half done. People take things so much for granted and only with difficulty change their sizing-up of a man once they have made it. They have to be jolted out of it. It is up to you to see that they are not. If they do suspect, do not take it that all is lost and accept the position. Go back to your cover and build it up again. You will at first puzzle them and finally persuade them.
  59. The cover you choose will depend upon the type of work that you have to do. So also will the social life in which you indulge. It may be necessary to lead a full social existence; it may be advisable to stay in the background. You must school yourself not to do any wishful thinking in the sense of persuading yourself that what you want to do is what you ought to do.
  60. Your cover and social behavior, naturally, ought to be chosen to fit in with your background and character. Neither should be too much of a strain. Use them well. Imprint them, gradually but steadfastly on people’s minds. When your name crops up in conversation they must have something to say about you, something concrete outside of your real work.
  61. The place you live in is often a thorny problem. Hotels are seldom satisfactory. A flat of your own where you have everything under control is desirable; if you can share it with a discreet friend who is not in the business, so much the better. You can relax into a normal life when you get home, and he will also give you an opportunity of cover. Obviously the greatest care is to be taken in the choice of servants. But it is preferable to have a reliable servant than to have none at all. People cannot get in to search or fix telephones, etc. in your absence. And if you want to not be at home for awkward callers (either personal or telephonic), servants make that possible.
  62. If a man is married, the presence of his wife may be an advantage or disadvantage. That will depend on the nature of the job — as well as on the nature of the husband and wife.
  63. Should a husband tell his wife what he is doing? It is taken for granted that people in this line are possessed of discretion and judgment. If a man thinks his wife is to be trusted, then he may certainly tell her what he is doing — without necessarily telling her the confidential details of particular jobs. It would be fair to neither husband nor wife to keep her in the dark unless there were serious reasons demanding this. A wife would naturally have to be coached in behavior in the same way as an agent.
  64. Away from the job, among your other contacts, never know too much. Often you will have to bite down on your vanity, which would like to show what you know. This is especially hard when you hear a wrong assertion being made or a misstatement of events.
  65. Not knowing too much does not mean not knowing anything. Unless there is a special reason for it, it is not good either to appear a nitwit or a person lacking in discretion. This does not invite the placing of confidence in you.
  66. Show your intelligence, but be quiet on anything along the line you are working. Make others do the speaking. A good thing sometimes is to be personally interested as “a good patriot and anxious to pass along anything useful to official channels in the hope that it may eventually get to the right quarter.”
  67. When you think a man is possessed of useful knowledge or may in other ways be of value to you, remember that praise is acceptable to the vast majority of men. When honest praise is difficult, a spot of flattery will do equally well.
  68. Within the limits of your principles, be all things to all men. But don’t betray your principles. The strongest force in your show is you. Your sense of right, your sense of respect for yourself and others. And it is your job to bend circumstances to your will, not to let circumstances bend or twist you.
  69. In your work, always be in harmony with your own conscience. Put yourself periodically in the dock for cross examination. You can never do more than your best; only your best is good enough. And remember that only the job counts — not you personally, excepting satisfaction of a job well done.
  70. It is one of the finest jobs going. no matter how small the part you play may appear to be. Countless people would give anything to be in it. Remember that and appreciate the privilege. No matter what others may do, play your part well.
  71. Never get into a rut. Or rest on your oars. There are always new lines around the corner, always changes and variations to be introduced. Unchanging habits of work lead to carelessness and detection.
  72. If anything, overestimate the opposition. Certainly never underestimate it. But do not let that lead to nervousness or lack of confidence. Don’t get rattled, and know that with hard work, calmness, and by never irrevocably compromising yourself, you can always, always best them.
  73. Lastly, and above all — REMEMBER SECURITY.
PS. The above points are not intended for any cursory, even interested, glance. They will bear — each of them — serious attention, and at least occasional re-perusal. It is probable, furthermore, that dotted here and there among them will be found claims that have particular present application for each person who reads them. These, naturally, are meant to be acted upon straightaway.”
  

Block On-line Access to Your Social Security Record


Do you need on-line access to your Social Security record? Most people don't.

If you are not using Social Security On-line Services, you may want to block on-line access to your information. If you find that you need access in the future you can always unblock your record, but in the mean time you may not want to leave that access open to others.

Cell-Phone Location Data is Protected by the Fourth Amendment.


The U.S. Supreme Court has ruled in favor of digital privacy.  In a 5-4 decision on Friday the justices decided that police need warrants to gather phone location data as evidence for trials. The Supreme Court reversed and remanded the Sixth Circuit court's decision.

The Court sent a strong message by recognizing that because of "seismic shifts in digital technology," cell phone tracking has the capability to lay private lives bare to government inspection. The Court also rejected the government’s tired argument that sensitive data held by third parties is automatically devoid of constitutional protection.

In this case, Carpenter v. United States, the government argued that Mr. Carpenter had no reasonable expectation of privacy in his cell phone records, which it obtained without a warrant - while also arguing the location data was incriminating.

The EFF amicus brief argued cell phone records are far too sensitive to obtain without a warrant based on probable cause:

Like the Internet, cell phones are all but essential to modern life, and for years, EFF has fought in courts, legislatures, and public to update the law to protect individuals’ privacy as they move through the world. Cell phones connect to cell towers and antennas hundreds of times a day, creating a non-stop flow of information on everywhere we travel—as the Court wrote, “Sprint Corporation and its competitors are ever alert, and their memory is nearly infallible.”

We are extremely gratified by the Supreme Court’s ruling today. This is a major victory, and we hope it signals the eventual demise of the Third Party Doctrine—that sensitive data held by third parties is automatically devoid of constitutional protection—for good.

Read the decision here: https://www.supremecourt.gov/opinions/17pdf/16-402_h315.pdf

Woman Guilty of Fraud for Using Stolen Info from OPM Data Breach


According to a DOJ Press Release (June 18, 2018) "A Maryland woman pleaded guilty today to participating in a scheme to use the stolen identification information of victims of the U.S. Office of Personnel Management (OPM) data breach to obtain fraudulent personal and vehicle loans through Langley Federal Credit Union (LFCU).

According to court documents, Karvia Cross, 39, of Bowie, participated in and recruited others to engage in a fraudulent identity-theft scheme targeting LFCU. In 2015 and 2016, LFCU received numerous online membership and consumer loan applications in the names of stolen identities that were victims of the OPM data breach. LFCU approved and issued the requested memberships and loans prior to determining that they had been sought using the stolen personal identifying information of others. LFCU disbursed loan proceeds via checks and transfers into the checking and savings accounts opened through these fraudulent applications. Vehicle loan proceeds were disbursed by checks made payable to individuals posing as vehicle sellers, while personal loan proceeds were disbursed to LFCU accounts opened in connection with the fraudulent loan applications and transferred to accounts of others. Cross and others then accessed and withdrew the fraudulently obtained loan proceeds."
--
While the 2015 OPM data breach likely involved Chinese state sponsored activities, the compromised data is available from sources other tan the Chinese government.  Use of data stolen in large data breaches (like OPM) may not occur for 1-3 years after the initial breach, giving time for credit monitoring to expire, and people to become less vigilant in protecting their personal and financial information.


Washington State Man Files $75,000 Claim Against Border Patrol


According to KOMO 4 News (June 20, 2018) - A man has filed a $75,000 claim for damages against the U.S. Customs and Border Protection agency, contending he was illegally detained on a bus trip that went through Spokane's bus station last summer.

The Spokesman-Review reports that 36-year-old Andres Sosa Segura is being represented by attorneys with the American Civil Liberties Union and the Northwest Immigration Rights Project.

The claim was announced on Wednesday.

Lawyers for Sosa contend he was singled out for attention by Border Patrol agents because he was the only Latino-appearing passenger on the Greyhound bus that stopped in Spokane.

The Border Patrol declined to comment.

Sosa alleges he was traveling back to his home in Underwood, Washington, from Montana on the morning of July 25 when he was detained and threatened with deportation.

A copy of the Notification of Incident and Claim for Damages under the Federal Tort Claims Act (FTCA) for Andres Sosa Segura can be seen on the ACLU of Washington web-site.
--

U.S. Customs and Border Protection has jurisdiction in Portland, OR as the city is Inside the Massive U.S. 'Border Zone'.  As with any law enforcement investigation however, activities must be conducted in accordance with applicable law, policy, and regulation.

Investigations that are conducted without probable cause, that continue for extended periods of time, or that involve detentions of individuals based on race, appearance, or obviously false allegations are likely to violate that person's civil rights and civil liberties, thereby opening the government to claims filed under the FTCA.

 
 


Thursday, June 21, 2018

Russian Police Can Confiscate Phones Without a Criminal Prosecution


Пленум Верховного Суда Российской Федерации 14 июня 2018 года рассмотрел вопросы повестки дня и принял Постановление «О некоторых вопросах, связанных с применением конфискации имущества в уголовном судопроизводстве» (Проект постановления обсуждался на заседании Пленума 29 мая 2018 года).

Police can confiscate cell phones from social media users who have posted content they deem extremist, even without a criminal prosecution, according to a ruling from Russia’s top court. Russian authorities have increasingly targeted ordinary Russians for social media activity, including handing out jail sentences for posting images and comments critical of the country’s leadership. A ruling from the Russian Supreme Court allows the confiscation of “any property” belonging to an extremist suspect that prosecutors say was used to commit the crime. “This property may include cellphones, personal computers, other electronic means of communication,” the June 14 resolution reads on the court’s website.

For perspective, Russia considers a wide range of political and religious dissent as “extremist” views. The Jehovah’s Witnesses, a religious denomination with its world headquarters in New York, was classified last year as “extremist organization”, putting the group into the same category as the likes of the Islamic State (ISIS).

According to the U.S. Commission on International Religious Freedom, “extremism” is defined vaguely in Russian law. This gives authorities wide latitude to interfere in certain religious activities and restrict believers' activities outside of churches. While many of these laws have existed for decades, the government “has only recently begun to wield them in sustained campaigns designed to punish or exclude ‘non-traditional’ reli­gions and religious movements.”
--

The Russian Court's ruling is not particularly unique to Russia. In the United States, civil asset forfeiture laws have enabled American police to seize the property of individuals suspected of criminal activity, even if that person is never actually convicted of any crime.


Privacy Generations (Video)


This video clip was screened in the opening of the 32nd International Conference of Data Protection and Privacy Commissioners "Privacy: Generations", held in Jerusalem, Israel 27-29 October 2010.

Although this video is a few years old, it is still useful for data privacy and security awareness training.

A Guide for Activism on Social Media

 

Tactical Tech has published "A Curated Guide for Activism on Social Media". Although the guide is written for "grassroots groups, activists and politically-active individuals", it contains good information for anyone who wants to have greater privacy and security in their on-line presence.

In addition to reading the Tactical Tech guide, I recommend that you also read Micah Lee's 2015 article "Chatting in Secret While We're All Being Watched".  As the Tactical Tech guide points out: "Even if you trust the people you are sharing [information] with, if you are using social media that creates user-accessible records (like when you can see past activity or message history), if someone else gains access to that person's device or account, the unauthorized person may look at messages and images that you thought would stay private."

If you maintain an on-line presence, you must assume that someday you will be targeted. This may be by some Internet troll who doesn't like a comment that you made, by cyber-criminals seeking to steal your identity or scam you out of your hard-earned cash, or even by some out-of-control government employee keeping files about hidden away on a government computer network.


ANTIFA Distributes List of ICE Agents Compiled Using LinkedIn


According to the Daily Caller (June 19, 2018) "Antifa, a violent, so-called anti-fascist group, tweeted out a list of over 1,500 Immigration and Customs Enforcement agents’ identities.

The Twitter account “nebraska antifa” sent out a tweet to its followers on Tuesday that linked to the personal information of ICE officers compiled from information found on LinkedIn.

The Tweet stated: “I’ve downloaded and made available the profiles of (almost) everyone on LinkedIn who works for ICE, 1,595 people in total. While I don’t have a precise idea of what should be done with this data set, I leave it here with the hope that researchers, journalists, and activists will find it useful.” The Antifa Twitter account linked to an archived post, where viewers can access the original database of ICE Agent created by searching LinkedIn accounts."
--
If you have a on-line profile that identifies your official function in government and/or law enforcement, the information that you post there may find its way into anti-government / anti-law enforcement lists and databases.

Of course, this isn't just a concern for government employees. Any information that anyone posts on-line should be assumed to be public, regardless of what privacy settings you may have set.

On-line profiles that identify your government or corporate position increase your risks of spear phishing, doxing, and identity theft.



Wednesday, June 20, 2018

Signs of Sophisticated Cellphone Spying Found Near White House


A federal study found signs that surveillance devices for intercepting cellphone calls and texts were operating near the White House and other sensitive locations in the Washington area. A Department of Homeland Security program discovered evidence of the surveillance devices, called IMSI catchers.

The devices work by simulating cell towers to trick nearby phones into connecting, allowing the IMSI catchers to collect calls, texts and data streams. Unlike some other forms of cellphone interception, IMSI catchers must be near targeted devices to work.

When they are in range, IMSI catchers also can deliver malicious software to targeted devices for the purpose of stealing information stored on them or conducting longer-term monitoring of communications.

Experts in surveillance technology say that IMSI catchers — sometimes known by one popular brand name, StingRay — are a standard part of the tool kit for many foreign intelligence services, including for such geopolitical rivals as Russia and China.

The surveillance devices are hard to counteract, although encrypted calling and messaging apps — such as Signal, WhatsApp or Apple's FaceTime — provide protection against IMSI catchers.

Some experts advocate wider deployment of such encrypted communication tools within the U.S. government, along with a move away from traditional cellular calling and texting. (Washington Post, June 1, 2018)
--

This is not a new story. I mentioned it here in the blog on April 22, 2018. What I do wish to highlight from the above story in the Washington Post is that "encrypted calling and messaging apps... provide protection against IMSI catchers" (like Stingray). Whether you are a government official  worried about foreign espionage, or a citizen concerned about warrantless surveillance; encryption can help to protect you against these illegal activities.

Virtual Kidnapping Fraud



The U.S. Army CID Computer Crime Investigative Unit (CCIU) has published a cybercrime prevention flyer warning of Virtual Kidnapping Fraud.

You can download this flyer and other cybercrime prevention flyers from the CCIU web-site.


Court Rules No Privacy for Cellphone with 1-2-3-4 as Passcode


The Associated Press (June 13, 2018) reported that a SC Court has held that: "A man serving 18 years in prison in South Carolina for burglary was rightfully convicted in part because he left his cellphone at the crime scene and a detective guessed his passcode as 1-2-3-4 instead of getting a warrant, the state Supreme Court ruled Wednesday.

Lawyers for Lamar Brown argued detectives in Charleston violated Brown’s right to privacy by searching his phone without a warrant.

After storing the cellphone in an evidence locker for six days in December 2011, the detective guessed right on Brown’s easy passcode, found a contact named “grandma” and was able to work his way back to Brown.

The justices ruled in a 4-1 decision that Brown abandoned his phone at the Charleston home and made no effort to find it. The law allows police to look at abandoned property without a court-issued warrant allowing a search.

But in his dissent, South Carolina Chief Justice Don Beatty said Brown likely didn’t consider his cellphone abandoned and his passcode showed he wanted to protect the contents inside and police should have gotten a warrant for a search like they would the home or car of someone suspected in a crime.

It “is not that the information on a cellphone is immune from search; it is instead that a warrant is generally required before such a search,” Beatty wrote, quoting U.S. Chief Justice John Roberts from an earlier case."
--

Barring exigent circumstances (an emergency situation requiring swift action to prevent imminent danger to life or serious damage to property, or to forestall the imminent escape of a suspect, or destruction of evidence) a warrant is always required when law enforcement seizes property or attempts to access information in which you have a reasonable expectation of privacy.

The court's decision in the above case is a slippery slope. What determines whether a password is sufficient to demonstrate that you truly wanted to protect the information on your smartphone / computer? If the police are able to guess your password, does that now mean you had no reasonable expectation of privacy in the data the password was meant to protect?

If someone hacks your computer network, can it be now argued that you had no reasonable expectation of privacy if you did not change the default admin passwords when you set up the network?

Tuesday, June 19, 2018

False Allegations

 
When an agency makes false allegations about someone, and takes no action to immediately correct that error, it can cost the agency millions of dollars to settle the resulting lawsuit.

No fewer than 60 organizations branded "hate groups" or otherwise attacked by the Southern Poverty Law Center (SPLC) are considering legal action against the organization.

In 2016, the SPLC published its "Field Guide to Anti-Muslim Extremists," listing Muslim reformer Maajid Nawaz, a practicing Muslim, as one such extremist. On Monday, SPLC President Richard Cohen extended his group's "sincerest apologies to Mr. Nawaz, Quilliam, and our readers for the error, and we wish Mr. Nawaz and Quilliam all the best." In settling the suit, the SPLC paid Nawaz's organization $3.375 million.

The SPLC started as a group to oppose racist terrorism, and its first legal action targeted the Ku Klux Klan. In recent decades, the organization has begun marking mainstream organizations as "hate groups" on par with the KKK. In one egregious case the group actually quoted as hateful The Catechism of the Catholic Church.  (PJ Media, June 19, 2018)
--

The SPLC has often been used as a reference by government and law enforcement. And while the work of the SPLC is no doubt well-meaning, by their own admission their designation of hate groups, and the allegations they make against individuals are often matters of opinion.

Fake DoD CAC and Retiree Identification Cards for Sale


Fake DoD Common Access Cards (CAC) and military retiree ID cards are available for sale from a overseas company:  Joysingersids.

Two types of ID cards available: one made of laminated cardboard, one made of PVC.

ID cards made of laminated cardboard have a fake chip printed on them, while PVC cards have a real chip (with the exception of DOD Civilian Retiree ID card, which has no chip at all).

The PVC CAC card is likely to pass cursory examination, and could be used as a foundation to acquire other "official" ID.  DoD ID is commonly accepted, but may not be electronically verifiable outside of DoD databases.

In cases where the ID is not electronically scanned (with the Automated Installation Entry) it might be used to gain unauthorized to DoD installations and facilities.


Two Armed Men Being Called 'Heroes' for Stopping Gunman at Walmart


Tumwater, WA Police are trying to figure out why a man went on a carjacking and shooting rampage that ended in his death outside a Walmart store on Sunday (June 17, 2018).

Two armed civilians are being hailed as heroes for stopping the gunman.
 
KOMO 4 News reported that when a violent criminal began shooting people and attempting to car-jack vehicles outside a Walmart store, two armed citizens drew their own firearms and engaged the criminal, killing him - and almost certainly preventing further loss of life.

Cases where violent crime is stopped by armed citizens often rate no more than a passing mention in the national news, because such events don't meet the anti-gun agenda being pushed by these news organizations. But the fact is that being armed is one of the most effective ways to protect yourself and save the lives of others when confronted by a violent attacker.

According to U.S. Bureau of Justice Statistics data, having a gun and being able to use it in a defensive situation is the most effective means of avoiding injury (more so even than offering no resistance) and thwarting completion of a robbery or assault. In general, resisting violent crime is far more likely to help than to hurt, and this is especially true if your attacker attempts to take you hostage, such as sometimes happens in a carjacking situation.

 

Firefox Multi-Account Containers


Firefox Multi-Account Containers (a Firefox add on) lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.

TechRepublic has an excellent article on how to install and use Firefox Multi-Account Containers.

I like Firefox Multi-Account Containers, and now use this add on for any sites I regularly visit on-line. Firefox Multi-Account Containers provide increased privacy and security benefits since each container has its own dedicated storage area for cookies, local Storage, and caches, and this data is not shared with other Containers. This helps to prevent tracking your activities across multiple web-sites.


Apple iPhone USB Restricted Mode


An article in the Washington Post (June 13, 2018) stated: "Apple is making it harder for police to collect evidence from iPhones of suspected criminals."

Apple announced Wednesday that it would block access to a port that law enforcement uses to break into iPhones during criminal investigations, a move that could reignite debate over whether tech companies are doing enough to help authorities probing serious crimes.

Apple said the change, which would disable the Lightning port on the bottom of iPhones an hour after users lock their phones, is part of software updates to be rolled out in the fall. Designed to better protect the private information of iPhone users, it will have little obvious effect on most people using the devices but will make it far more difficult for investigators to use extraction tools that attach through the port to collect the contents of seized iPhones.

Privacy advocates have noted that personal data backed up to cloud services, such as Apple's iCloud, has become a popular target for investigators as devices themselves have become better protected. Malicious hackers also have exploited such cloud-based backups to collect user information and photographs.

“It's good that Apple continues to improve the security of the devices it gets against unauthorized access and hacking,” said Peter Eckersley, chief computer scientist for the Electronic Frontier Foundation, a civil liberties group based in San Francisco. “But it remains the case that iCloud backups are a huge loophole in Apple's device security, and most of what people do on their iPhones and iPads is available to law enforcement.”
--

I had previously commented here that Apple Is Testing a Feature That Could Kill Police iPhone Unlockers (like Cellebrite)   (June 6, 2018). It is important to understand however that Apple security features are not specifically intended to prevent law enforcement from conducting lawful searches of devices authorized by a proper warrant. While security features may in fact limit the ability of law enforcement to conduct random searches of iPhones, more importantly the feature prevents criminals and rouge governments from accessing iPhone users' private data.

When looking at a cellphone forensic device like GrayKey, we see that the device two strategies to access data on the phone: “Before First Unlock” or BFU, and “After First Unlock” or AFU. BFU is a “slow brute force,” meaning it takes 10 minutes per try. This gives access to “limited data.” That’s likely because the BFU strategy happens when the phone was off when seized. If that’s the case, when turned on, the iPhone has most of its data, including contacts, messages and other personal data still encrypted.

AFU, on the other hand is a “fast brute force” mode that presumably kicks in when the phone is locked but was turned on and unlocked at some point by the owner. In this case, it allows for 300,000 tries and allows “parallel extraction of pre-unlock data.” If AFU works, the slide adds, “95% of the user’s data is available instantly.”

Apple’s new USB Restricted Mode may severely limit that type of attack, because the lighting port used to attack the phone will become largely useless once an hour passes without a phone unlock. The feature has not yet made its way into general iOS releases, but iOS 12 is expected to launch around June 26.

* In any case where there is the potential for your iPhone to be seized (i.e. crossing a border), turn the phone off. You may be asked to turn the phone on, or even to unlock the phone, but at least in this case you have a choice whether to comply with the request.

* Ensure that the passcode you use to protect access to your phone is at least 10 characters long. Short 4 digit passcodes can be broken within hours, and a 6-digit passcode can be broken within two or three days, but longer passcodes significantly delay attempts to break into your phone.

Monday, June 18, 2018

Google Inactive Account Manager


Google Inactive Account Manager is a way for users to share parts of their account data or notify someone if they’ve been inactive for a certain period of time.

Contacts will only receive notification once your account has been inactive for the specified amount of time -- they will not receive any notification during setup. If you chose to only notify your contacts of your inactive account, they'll receive an email with a subject line and content that you wrote during setup. Google will add a footer to that email, explaining that you've instructed them to send an email on your behalf after you've stopped using your account. This footer might say something like this:

 
Google's Inactive Account Manager is intended to grant access to and/or delete your Google accounts after your death, or if something else prevents you from accessing your accounts for at least three months (you can change the amount of time before your Google account is considered inactive).
    
 


The Recce Pistol



Gabe Suarez wrote "To people who are paying attention, the recent events in the United States and around the world have once again emphasized that YOUR personal safety is YOUR personal responsibility. Unless you don't mind showing up in the newspaper as a bunch of bloodstains on a floor, it behooves you to be prepared, and obtain the best tools, and the best skills available."

To this end he recommended a "Recce Pistol" as a means of enhancing one's personal protection. A recce pistol is a AR/AK (5.56x45 / 7.62x39) style pistol, often with the addition of a stabilizing brace to improve handling and accuracy. 


Mr. Suarez makes the point that in [many states] pistols are covered under our concealed weapon permits, while rifles are not, allowing you to carry a recce pistol with you in your vehicle, where a rifle would be problematic. In fact, having a loaded rifle or shotgun in your vehicle may be illegal, even with a concealed handgun permit.

The shortness of the Recce Pistol allows it to be concealed in a smaller bag, making it more covert than a rifle would be, thereby allowing you to have it in a bag you might reasonably carry with you throughout the day.

A pistol using a rifle cartridge and a magnified optic will increase your effective range, and make difficult shots easier. Thus, the Recce Pistol concept was born.


EasyCrypt

 
EasyCrypt, a company formed in August 2016, and operating out of Switzerland, provides e-mail encryption regardless of the e-mail provider that you use (i.e. Gmail. Mail.ru, Yandex, etc.).  Although still in the beta version, EasyCrypt protects your e-mail communication between EasyCrypt users with PGP encryption.
 
Very simply it works like this... (1) you create an EasyCrypt account and associate it with your current e-mail. (2) you then access your regular e-mail account through EasyCrypt at https://webmail.easycrypt.co/login/ (3) you then send and receive e-mail as you normally would, but if the recipient of your e-mail is an EasyCrypt user, or has a PGP Public Key that you have imported into your EasyCrypt account, that e-mail is automatically encrypted. Much more detail about how it works is on the EasyCrypt web-site.
 
Anyone accessing your EasyCrypt messages directly (i.e. logging into Gmail directly, and not through EasyCrypt) will only see a PGP encrypted message:
 
-----BEGIN PGP MESSAGE-----
Version: OpenPGP.js v2.3.3
Comment: This is an encrypted email. To view in EasyCrypt, go to 
https://webmail.easycrypt.co/
wcFMA/5bAOvSNNvbAQ/5ATGuukrn3I5JXhATLZtY29kh0tQCdRzhFh/+OVRh
Ru6LKfabB4+dQpcibKrWohDQKrav1jzf8HucUuB0Ta9OpfH5UeA74nFr9/lR
c0nhOmS3mAxi4+p6nMTCAgkWVSDAJDXLPjeJgCHOk94t+ds5FWMzbFVdogcc
d4+T3Qy4vuR8KH0eVk78+yr5fEhBbxqLSE2rW1y6LrWjXGjVmlW2TQQHGyfn
QDlMshnV9EEgnmIOYG5lxKpH82JPCQ9AVML6AvdlZbYfmbdUdqpH9G/q7VM3
eThBTcB8BRK5wOL82sBMlux2GydkbPJvQc27TStDKaj5Mepp4qnTjySBlZ5v
2NiJgpDWapVQFSPjIdCroTyrie35ssrx1G4cAq9vhFMCr8tGyYOAhIg/+Vhj
4SC2YJKGHJkVMqS6whOnuFcO03z2rV2ORrLxA8nlJugQu2m6AbGWze2fHg==
=Lq4F
-----END PGP MESSAGE-----
 
You can still send and receive e-mail through EasyCrypt to people who don't use EasyCrypt or who don't have a PGP key, but these e-mails won't be encrypted.
 
Setting up my EasyCrypt account was quick and easy. The only difference now is that I access my e-mail through the EasyCrypt webmail site, instead of going directly to my Gmail, Mail.ru, etc. site. It's then just a matter of getting others to set up and EasyCrypt account and access their mail through EasyCrypt in order to automatically encrypt your messages to each other.
 
I also like that EasyCrypt has a .onion address so that you can access your e-mail through TOR.
 
As EasyCrypt continues to develop its service, I think it will become more and more useful as a way of safeguarding our on-line privacy. As it currently stands, EasyCrypt is a well... "easy" way of adding PGP encryption to your current e-mail account.

 
 
 
 
I first mentioned EasyCrypt back in January 2018, and while I did not recommend it at that time - I had just started using it - after six months of using EasyCrypt to protect my e-mail; it is a product and service that I can now recommend to you as an effective way to safeguard your e-mail messages.

Police Use of Facial Recognition With License Databases Spur Privacy Concerns


According to an article in the Wall Street Journal (June 17, 2018): "Police in the small Maryland city of Hagerstown used a cutting edge, facial recognition program last week to track down a robbery suspect, marking one of the first such instances of the tactic to be made public."

When police in Hagerstown used a cutting edge, facial recognition program to track down a robbery suspect last week, it was one of the first such cases to come to light. In the process of identifying a possible suspect, investigators fed an Instagram photo into the state’s vast facial recognition system, which quickly spit out the driver’s license photo of an individual who was then arrested.

This digital-age crime-solving technique is at the center of a debate between privacy advocates and law-enforcement officials: Should police be able to search troves of driver’s license photos, many who have never been convicted of a crime, with facial recognition software?

An increasing number of police departments across the country are running images through driver’s license databases in their investigations, but the Hagerstown case is one of the few resulting in an arrest that has become public, experts in the field say.

Thirty-one states now allow police to access driver’s license photos in facial-recognition searches in addition to mug shots, according to the Center on Privacy and Technology at the Georgetown University Law Center.  Roughly one in every two American adults - 117 million people - are in the facial-recognition networks used by law enforcement, according to a 2016 report by the center.

Civil liberties advocates say that giving police unfettered access to photos of people who have committed no crimes infringes on their privacy."
--

Facial recognition is nothing new.

An article in The Atlantic (October 19, 2016) stated: "Police departments in nearly half of U.S. states can use facial-recognition software to compare surveillance images with databases of ID photos or mugshots. Some departments only use facial-recognition to confirm the identity of a suspect who’s been detained; others continuously analyze footage from surveillance cameras to determine exactly who is walking by at any particular moment."

The Guardian (March 27, 2017) wrote: "Approximately half of adult Americans’ photographs are stored in facial recognition databases that can be accessed by the FBI, without their knowledge or consent, in the hunt for suspected criminals. About 80% of photos in the FBI’s network are non-criminal entries, including pictures from driver’s licenses and passports. The algorithms used to identify matches are inaccurate about 15% of the time, and are more likely to misidentify black people than white people."

The question that we must ask ourselves is whether we should be subjects in a perpetual police line-up because we have submitted a photo for a driver's license or a passport. Some may argue that facial recognition is being used a crime fighting tool or investigative technique that leads to the apprehension of criminals; and it does in fact lead to the identification and apprehension of criminals. The other side of this argument is that we have a right to privacy and should not have our personal information (i.e. photos) used by the government for purposes other than that which we have consented to when providing that information. Our greatest concern is not the use of data, rather it is the abuse of data by government officials.



Sunday, June 17, 2018

Download a Copy of Everything Google Knows About You


Google has a tool called Takeout that creates an archive of your data from Google products. While logged into your Google account go to the Google Takeout Web-Site and select which Google products you want to include in your archive.

Choose a delivery option. If you’ve selected the email delivery option (easiest), you’ll receive an email that notifies you when the archive has been prepared.

The archive may be up to 2GB in size, so it can take a while to download it. If Google has more than 2GB of data about you, the archive will be broken up into separate files.

Google Takeout Web-Site: https://takeout.google.com/settings/takeout

Security Guides


At the beginning of the year (January 2018) I listed 10 security guides with which to begin the year:

Today I would like to add these additional guides and resources to that list:

Why Security Matters

Online Privacy for Journalists

Operational Security for Lawyers

Speaking Securely with Sources

How Journalists and Activists Can Identify and Counter Physical Surveillance

Security Planner, by the Citizen Lab

Digital Security - Rory Peck

A 70-Day Web Security Action Plan for Artists and Activists Under Siege

Zen and the Art of Making Tech Work for You 

So What the Hell Is Doxxing?

Information Security for Journalists

The Motherboard Guide to Avoiding State Surveillance

IFJ Digital Security Guide for Journalists

A Field Guide to Physical Surveillance

Surveillance Detection for Journalists in the Field

Defending Accounts Against Common Attacks

Protecting Your Personal Privacy - A Self-Help Guide for Judges and Their Families

TOR Anonymity: Things Not To Do While Using TOR

Digital Security for Activists (RiseUp)

Civil Liberties Defense Center - Digital Security Program

How to Run a Rogue Government Twitter Account with an Anonymous Email Address and a Burner Phone - (Micah Lee, The Intercept, February 20, 2017)


You will find that there is some degree of overlap between security guides. Good advice and security best practices are common across many domains and among many different types of people. At the same time however, I always seem to find some new piece of information, or some new way of enhancing my digital privacy and personal security in every guide I read.

I encourage you to read each of these guides, download available information and create your own personal security library. Even if something is not directly applicable to you today, it may be in the future, or perhaps it will be something that you can share to help someone else.