Saturday, June 30, 2018

UN Report Shows the Drug Crisis is Global



A new UN report shows the drug crisis is global. And it might be worse than everyone thought.
Drugs have flooded the global markets to record-breaking levels, according to a new United Nations report, and the results are creating a worldwide crisis touching every corner of the globe.

The UN Office on Drugs and Crime released its annual World Drug Report on Tuesday, detailing the issues associated with both illegal and legal drugs. Specifically, it focused on the opioid crisis, prescription drug abuse expansion, and the record high production of cocaine and opium.

Approximately 10,500 tons of opium were produced in 2017, according to UNODC. That's a 65% increase from 2016, and a new world record.

Cocaine production, while not nearly in the headlines as much as opioids in recent years, also saw a massive increase in 2016, according to the report. 1,410 tons were produced, the highest level recorded by he UNODC.

The report also details the abuse of legal prescription drugs. Fentanyl, one of the most potent opioids in existence, and its cousins were reported to be the primary prescription drug being abused in North America.

"The adverse health consequences caused by drug use remain significant, drug-related deaths are on the rise and there are ongoing, concentrated opioid epidemics," said the report. (KOMO4 News, June 27, 2018)

--

When considering the drug crisis in the United States: "Mexican transnational criminal organizations (TCOs) remain the greatest criminal drug threat to the United States. These Mexican poly-drug organizations traffic heroin, methamphetamine, cocaine, and marijuana throughout the United States using established transportation routes and distribution networks. They control drug trafficking across the Southwest border and are seeking to expand their share of U.S. illicit drug markets, particularly for heroin. U.S. national-level gangs and neighborhood gangs continue to form relationships with Mexican TCOs to increase gang profits through drug distribution and transportation, for the enforcement of drug payments, and for protection of drug transportation corridors from use by rival gangs. Many gangs rely on Mexican TCOs as their primary drug supplier, and Mexican TCOs depend on street-level gangs that have a pre-existing customer base for drug distribution." (“Drug Trafficking Across the Southwest Border and Oversight of U.S. Counterdrug Assistance to Mexico” - Obama White House Archive)

 
 
 

From Seattle to Portland - Growing Opposition to ICE (Protests & Doxing)


The Seattle Chapter of the Democratic Socialists of America and Microsoft employees are demonstrating, hanging banners from overpasses, and handing out flyers outside of Microsoft HQ calling on the company to drop it's $19.4 million contract with ICE.

 

At least nine protesters were arrested as authorities broke up part of the protest camp surrounding Southwest Portland's Immigration and Customs Enforcement headquarters early Thursday morning.

And on Tuesday night, ten protesters were arrested outside the Northwest Detention Center in Tacoma, after blocking the road and assaulting an officer. In an ongoing protest against Immigration and Customs Enforcement, Tacoma Police said forty people started blocking the road and standing in front of an officer’s patrol car refusing to move.

According to the Daily Caller (June 20, 2018) Antifa, a violent, so-called anti-fascist group, tweeted out a list of over 1,500 Immigration and Customs Enforcement agents’ identities. These identities were reposted by WikiLeaks, and by political activists in the Pacific Northwest.



The names and photos of ICE agents / employees from the Portland area were added to flyers posted around the city, asking that businesses not provide service to these individuals. 

Regardless of your opposition to, or support for, the current immigration and customs enforcement policies, and the function of ICE agents in our communities, these flyers demonstrate the importance of data privacy and personal security. Information the you post on-line (i.e. LinkedIn, Facebook) can be used to target you.

Doxing, the practice of researching and broadcasting private or identifiable information (especially personally identifiable information) about an individual, which may include names, addresses, telephone numbers, family information, financial information, vehicle descriptions, and more, is a concern for anyone with a government job, or a controversial public presence.

Encrypted Messaging is Essential - But It Isn't Magic


An article in Wired (June 14, 2018) points out that Encrypted Messaging is Essential - But It Isn't Magic. 

"ENCRYPTED COMMUNICATION USED to be too complicated for mainstream use, but approachable apps like WhatsApp and Signal have become a no-brainer for digital privacy. With all of their security-minded features, like disappearing messages and identity-confirming safety numbers, secure chat apps can rightfully give you peace of mind. You should absolutely use them. As the adage goes, though, there's no such thing as perfect security. And feeling invincible could get you in trouble.

"Good OPSEC will save you from bad crypto, but good crypto won't save you from bad OPSEC" warned security researcher The Grugq.

While end-to-end encryption is a vital privacy protection that can thwart many types of surveillance, you still need to understand the other avenues a government or attacker could take to obtain chat logs. Even when a service works perfectly factors like where messages are stored, who else has received them, and who else has access to devices that contain them play an important role in your security. If you're using encrypted chat apps as one tool in your privacy and security toolbox, more power to you. If you're relying on it as a panacea, you're more at risk than you realize."
--

Yes, always encrypt. Woe betide whomever transmits plaintext. But just because the content of your message is protected by encryption doesn't mean that your communications can't be compromised. Your security plan must include more than just encryption. What happens if the person with whom you are communicating betrays you? What happens if your computer or smartphone is seized or stolen? Is everyone using a strong pass-phrase to protect access to messages? Are your sure?

Everyone's threat model is different, and it is likely that your future threat model will be different than your threat model today - things change over time.  Develop not only a security plan, but develop a security culture that helps to protect you against a variety of possible threats.
--
 

Friday, June 29, 2018

Proton VPN


From the guys who gave you ProtonMail, comes ProtonVPN.  If you have a ProtonMail account, you can have free access to ProtonVPN. 

While the free VPN service is very basic, it does provide you with the ability to safeguard your on-line connections. Advanced features are available with a paid VPN subscription.

--


Privacy, Identity "Impossible to Protect" Say 74% of Security Professionals

As more of daily life moves online, protecting personal identity and privacy becomes paramount. Unfortunately, it also may be impossible, according to 74% of cyber-security professionals polled in a recent Black Hat survey.

As far as the most effective tools to improve security, security professionals picked the following three:
  • Encryption
  • Multi-factor authentication
  • Firewalls
(Globe News Wire, June 26, 2018)
--

To the above technical tools, I would add "security awareness". Being aware of the threats we face on-line (i.e. phishing) and off-line (i.e. data aggregation) can help us best mitigate our risks.

Taking simple steps to protect your privacy can often be the difference between being the victim of a cyber-crime, or being a hard target that the criminal bypasses for someone who takes no security precautions.



 

Data Breach May Have Exposed Personal Information of Every American Adult



Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server.

While the database apparently does not include credit-card numbers or Social Security numbers, it does include phone numbers, email and postal addresses as well as more than 400 personal characteristics, such as whether a person is a smoker, if they own a dog or cat, their religion and a multitude of personal interests. Even though no financial information was included, the breadth of personal data could make it possible to profile individuals or help scammers steal identities.

On its website, Exactis said it maintained 3.5 billion consumer, business and digital records, including "demographic, geographic, firmographic, lifestyle, interests, CPG, automotive, and behavioral data." The company said it has data on 218 million individuals and 110 million U.S. households.

There are about 325 million residents in the U.S., with about 244 million adults and 126 million households, according to the U.S. Census Bureau.

Exactis did not immediately respond when asked to confirm the breach.
If confirmed, the data leak would be one of the largest in history, and far bigger than the Equifax data breach last year that exposed the personal information of about 148 million consumers.

MarketWatch (June 28,2018)
--


 
 

Thursday, June 28, 2018

Judge Orders Tacoma to Pay $297,000 for (FOIA) Records Violations


According to KIRO7 News (June 28, 2018) - A Pierce County judge has ordered the city of Tacoma to pay nearly $300,000 for failing to turn over documents in response to a public records request.

The state chapter of the American Civil Liberties Union sued in 2016 on behalf of two church leaders and a former city council candidate who sought records related to the police department's use of "StingRays," cell site simulators that investigators can use to locate phones.

The plaintiffs said they were concerned about the effect of police surveillance in the community.
Superior Court Judge Helen Whitener said the department unreasonably withheld the documents, sometimes without even citing an exception to the state Public Records Act. She ordered the city to pay about $182,000 in fines, $110,000 in legal fees and $5,000 in other costs.
--

Failure to disclose, or unreasonable delays in disclosing, records as required under FOIA can be very costly for the violating agency. Too often agencies fail to disclose records using a law enforcement exemption, where no true exemption exists.

Exemption (7)(a), of the FOIA authorizes the withholding of "records or information compiled for law enforcement purposes, but only to the extent that production of such law enforcement records or information . . . could reasonably be expected to interfere with enforcement proceedings" (see Robinson v. Dep't of Justice, No. 00-11182, slip op. at 8 n.5 (11th Cir. Mar. 15, 2001)).

Even in the case of an open investigation, the agency must justify why release of a record could reasonably be expected to interfere with enforcement proceedings. The law enforcement exemption cannot be used as a means of blanket denials for law enforcement records.

(I note that WA State public records laws are not exactly the same as the Federal FOIA, but the concept is generally the same with what must be released and what may be withheld.)

--
 

Surveillance and the City: Know When You're Being Watched


Surveillance and the City: Know When You're Being Watched
Motherboard YouTube Video (June 18, 2018)

--
 
 
 

Staff Security Awareness (Video)


Staff Security Awareness is a short film aimed at all staff, explaining the importance of following security procedures and how everyday security measures can help reduce vulnerabilities in organizations.

This eleven minute video is a useful security education product produced by CPNI in the UK.

--

 

Poll: 59% Fear Violence from Trump Haters, 31% Predict Civil War



The division in the United States that has escalated into the organized harassment of presidential aides has six in 10 worried about the violence from anti-Trump advocates and nearly a third fearing it will end in civil war.

The latest survey from Rasmussen Reports found that 59 percent of all voters “are concerned that those opposed to President Trump’s policies will resort to violence.”

And, added Rasmussen, 31 percent believe “it’s likely that the United States will experience a second civil war sometime in the next five years.”

In its analysis of the new survey, Rasmussen highlighted who is most concerned about violence:
Most voters across the partisan spectrum are concerned about political violence from those opposed to Trump’s policies, although Republicans are the most likely to be Very Concerned. The level of concern is about the same among Republicans, Democrats and unaffiliated voters when it comes to the threat of violence from those critical of the media’s coverage of Trump.

Women and those under 40 are more worried about a possible civil war than men and older voters are.

Forty-four percent (44%) of blacks think a second civil war is likely in the next five years, a view shared by 28% of whites and 36% of other minority voters. Whites are also less concerned about political violence than the others are.  (Washington Examiner, June 27, 2018)
--

As with the Republican National Committee Ad "Unhinged" that we saw yesterday, concerns of political violence and civil war is something that we should make note of. Talk of civil war may be little more than talk, but talk of civil war stems from concerns about government abuses of power.

When the government, in its own words, wants to attack families and friendships, engage in patterns of false allegations and false arrests, and use investigative activity as a tool of harassment and intimidation, there will be those who see little choice but to respond with violence.

This schism and growing division among the American people - or at least within American politics - creates an environment of risk for the average person. When too many communities are no longer safe, and when too many in government cannot be trusted, it is important to remember that YOU are solely responsible for the safety of yourself and your family.



Wednesday, June 27, 2018

Visit My Amazon Store


Welcome to my Amazon Store. Here I link to books and products on Amazon that I like or have found of interest. Most of the books listed here are in my personal library, and I have read them. More importantly however is that by reading these books yourself you may find information and resources to enhance your own data privacy and personal security.

If you purchase a book or product from Amazon by following a link from this page, I get a few cents from the Amazon Affiliate Program. In this way you can help to support my blog.

---
 

-------------------------

FICTION SECTION

-------------------------


Flyers Laced With Fentanyl Placed on Cars Near Harris County Sheriff's Office

 
According to NBCDFW (June 26, 2018) a sergeant in the Harris County [TX] Sheriff's Office tested positive for an opioid after touching a flyer left on a car Monday afternoon, officials say.

Around 1 p.m. Tuesday the sergeant walked out of the sheriff's office in the 600 block of Lockwood Drive and removed a flyer that was placed on the car, according to Harris County Sheriff Ed Gonzalez.

After driving away, she started to feel light-headed and ultimately tested positive for the opioid Fentanyl. A flyer placed on another car nearby also test positive for the opioid.

Gonzalez said 10 to 15 flyers were found on other vehicles on Lockwood Drive. Authorities were working to determine if the building on Lockwood was targeted because it is a law enforcement facility or if there were flyers in other parts of Harris County.

"(Fentanyl is) very deadly," he said. "It's one of the major concerns in law enforcement these days because of the high number of overdoses that we've seen in other parts of the country."
--
 
Fentanyl Protection




Republican National Committee Ad "Unhinged"


The Republican National Committee (RNC) released a brutal campaign ad on Tuesday attacking the political Left ahead of the 2018 midterms, highlighting their extreme rhetoric and actions.

The ad comes after Rep. Maxine Waters (D-CA) called for the harassment of members of the Trump administration on Saturday. Various members of the Trump administration have already been targeted in recent days including White House Press Secretary Sarah Sanders, DHS Secretary Kirstjen Nielsen, and Senate Majority Leader Mitch McConnell.

The ad highlights multiple well-publicized instances of those on the political Left advocating for extreme action in response to the Trump administration, including Madonna saying she has thought about blowing up the White House, Snoop Dogg shooting the president in a music video, Bill Maher saying he hopes the economy crashes so it hurts Trump, House Minority Leader Nancy Pelosi saying she doesn't know why there aren't uprisings "all over the country," and Waters' extreme speech where she called for the harassment of Trump cabinet members.
--

Threats of political violence from the left, along with patterns of false arrests and detentions, attacks on homes and friendships, and attempting to impede American citizens from peacefully assembling and demonstrating anywhere, at any time by the right shows the massive schism in this country.

This is why I consider data privacy and personal security so important.


Changes to WA Driver's Licenses & ID July 1, 2018


According to KOMO 4 News (June 26, 2018) major changes are coming to Washington state driver's licenses and ID cards starting on July 1. On that date and thereafter, all standard driver's licenses will be marked with "Federal Limits Apply" to indicate it isn't valid for federal identification purposes, under the Real ID law. However, a federal waiver will allow you to continue using your standard license for boarding airplanes and accessing secure federal facilities until Oct. 1, 2020.

Starting on Sept. 4, 2018, all driver's license and ID cards issued will receive new driver license numbers. Under the new numbering system, all licenses will have WDL as the first three letters, and will be followed by nine randomly chosen alphabetical characters and numbers.

Those who already have a driver's license or ID card will get the new number when they renew or replace it after Sept. 4. The new driver license format will help protect customers' personal information because the randomly generated number will not relate to an individual's name or birthdate like the current ones.

After Oct. 1, 2020, it will become important for Washington state travelers to ensure they have acceptable identification, which could include a Washington state enhanced driver license or enhanced ID card, a U.S. or foreign passport, a U.S. passport card, or one of several other types of federally approved forms of identification, including a military ID.

That means all Washington residents will have to make a choice about their identity documents by Oct. 1, 2020. After that date, standard driver licenses and ID cards will no longer be an acceptable form of identification for boarding domestic flights and entering some secure federal facilities, like military bases and nuclear power plants.
--
According to the Electronic Privacy Information Center "the REAL ID Act of 2005 creates a de facto national identification card. Ostensibly voluntary, it would become mandatory as those without the card would face suspicion and increased scrutiny. It is a law imposing federal technological standards and verification procedures on state driver's licenses."

Much like the Social Security Number (SSN) which was never intended to by a national identification number, but has now become one; the need to have and carry a REAL ID Act approved identification card is becoming a necessity for many people.



The FTC is Investigating DNA Firms Like 23andMe and Ancestry Over Privacy


Popular DNA testing companies like 23andMe and Ancestry.com are being investigated by the Federal Trade Commission over their policies for handling personal info and genetic data, and how they share that info with third parties.

Privacy issues in the use of such DNA testing kits came to the forefront last month with the arrest of the notorious Golden State Killer, when it was revealed that police had used data from GEDMatch, a genealogy research site where users upload genealogical and genetic information, to help identify the suspect.

[Earlier this month], Israel-based DNA testing service MyHeritage announced a security researcher had uncovered tens of millions of account details for some 92 million customers, including email addresses and hashed passwords. (Fast Company, June 2018)
--

Submitting your DNA to these types of companies creates a privacy risk not only for you, but for others who are related to you. As with any large database containing personal information, these DNA databases are targets of criminals. It is not so much a matter of "if" your data will be stolen, it is only a matter of "when".
--