Saturday, August 13, 2011

DOMINTEL field guide allows search of police & commercial databases without warrant

c/o WIRED.com
"The Domestic Investigations and Operations Guide has been amended to allow agents to search police and commercial databases to find information about targets without agents first having to open a formal inquiry."

Friday, August 12, 2011

BEWARE: A hacker can put you out of your misery

BTC- It happened to me.  I was hacked and for good reasons.

This summer I moved into a new building in the wealthy, surveillance laden town of Bellvue, Washington.  It is home to much of what Microsoft is known for today.  The move itself was a compromise with my sometimes privacy-deaf significant other, so he could save hundreds of hours in traffic and gas.

My misery quickly compounded when I realized, only after receiving the keys to my new digs, that every elevator ride and doorway entry was dependent on an activated and encrypted HID brand "key fobb".  The rental administrators, cheerful and accomodating birds of a feather, expressed enthusiasm  over the RFID tote as a posh security amenity. In the days to follow, I became relentlessly irritable, crabbing at every movement based on a requirement that I use the damned RFID device.  All of my new acquaintances heard my exasperation.

Misery proved desperate for company, as I dragged a local activist to the downtown area after attending an ACLU legal education series on government surveillance of non-criminal activity.  I wanted him to see exactly how prolific the CCTV surveillance had become.

"I really don't like it here and I don't want to be here," my guest said after rolling through intersection after intersection containing 2 real time CCTV cameras, a scattershot detector and some ugly speed radar equipment.  If you couldn't make the case for a government audit based on waste detection, you could make the case for sheer urban blight.

The first time I noticed the cameras weren't limited to intersections, I was shopping with my partner at Whole Foods.  As we wheeled the grocery cart to the back of the trunk,  our attentions were suddenly diverted.  A large ruffled crow was sounding off loudly after landing atop a city CCTV camera in the far corner of the parking lot. It was a creepy goad, galvanizing my resolve to not let Big Bro. get me down and to lend an effort to make a difference.

As we returned home, I was quickly reminded that an RFID record was created as I  entered the elevator at 2:30 PM at the 1st floor of the garage and then pushed the up button to my floor at 2:31PM.  If that wasn't enough, there was a dome-camera watching  my partner and I cart our groceries into the foyer while waiting on the elevator.

This was fast becoming my life and it was driving me crazy.

I went to the HID website searching for my key fobb product when I came across their governance contracts and contributions to the UAE's national ID program and a nice fat endorsement of the NSTIC program.  A matter of hours later, I irritably waited for my webmail to load in Internet Explorer and tried not to dissolve into a puddle in the middle of the business center.  A short time later  a man seated himself next to me and  introduced himself as a DHS bomb detection worker.  He proceeded to try to bait me in conversation with neat questions like, "So you think the agency should just be disbanded, huh?" and other greatest hits like, "So you would be okay with letting our guard down and people bombing this country, huh?" and "Who do you work for?"

I didn't actually answer these questions.   I just stared at him in wonder, at how close this all seemed to some sort of lucid collaborative harassment.  Could it be that someone was busy writing a SAR in anticipation of what I *might* do as an activist in the Seattle Metro area? Seattle, WA was the one of the initial pilot locations of the model Fusion Center.  My mention of certain TSA workers' cancer affliction due to airport Rapiscan equipment made for a convenient end to our conversation.

THE ADVOCATES AT BLACK HAT

Some connections with dotRights campaigners and members of the active medical marijuana community assisted me in my quest for soul survival in what seemed like digital snakes nest for a privacy & civil liberty proponent.  Some of them would be making a pilgrimage to the Defcon/Black Hat Conference.   As it turns out Black Hat, the beaming intellect of the hacker conferences, was based in Seattle too.

In the days to follow, privacy advocates aired grievances during the Black Hat conference over Facebook's cardinal sins against privacy: arbitrary data retention, open face delivery to federal and corporate surveillance authorities, biometric captures and intrusions unearthing users most sensitive information, like Social Security Numbers.  Our contribution was an interview with an app developer for Obscuracam, where we re-discovered the Big Web problem of social media profiling by prospective employers. Follow up reports from NPR revealed, social media research firms have been contracted by HR departments to dig up anything you have posted to social networks in the last 7 years.   [Pssst.  Use AccountKiller.com to clean up your mess now!]

Another late development following the conference was the rise and fall of Anonymous' Facebook Op.  The 10 month old campaign railed against Facebook's International crimes against the user privacy in this video release.  Amid their other damning claims was Facebook's involvement in trading activist profile information with authoritarian governments for purposes of targeting in Egypt and abroad.

The conference ended over the August 6th weekend.  And the people rested on Monday and Tuesday and part of Wednesday even...

WHEN SOMEONE DEACTIVATES YOUR RFID TAG....

I tend to hole up in my home, reporting, watchdogging without leaving for days.  I left my home on a Thursday afternoon and boarded the elevator.   I posted my HID key fobb to the door panel.  It glowered red and took me for a ride to the basement. Again- to the right corner was your friendly-fascist dome cam to greet me.

A nice Indo-Asian couple and their young son boarded the elevator and recommended that I just try using my key fobb a different way.  Following their advice to get to the rooftop, I took the stairs for exercise.  As I got to the top, my key fobb didn't work, glowing a nice red -NO- to my entry at the roof.  I figured this was fluke.

It wasn't.  I quickly learned I was trapped in the stairwell and unless I reached the ground floor of the building I would not be able to get out.  This was the certain taste of what it would be like to be suddenly cut off  from access in a heavily RFID dependent building.

I made haste to get down to the bottom of the building.  I went outside to test my key and had to have help from another tenant to regain entry.  My key fobb was not working.   I tried the mercies of  a gentleman coming through the doorway.

I quickly explained my distress over the electronic key malfunction and the close of the leasing office for the day.  I didn't have my phone with me to call for help.

He worked for Microsoft- how could he deny me technical support?  We worked together to get on the phone with the building's after hours service.  We retrieved the emergency number online and moved onto the next hurdle.

As a new neighbor, he successfully assured me he wasn't a serial killer and accompanied me to his new home to retrieve his cell phone.   He didn't yet have land line service.   As I milled around the couches  in partially furnished living space,  I came across interesting books, The True Believer: Thoughts on the Nature of Mass Movements and a yellowed paperback of Atlas Shrugged.  I could count my blessings,  I was in good company.

The leasing manager was then added to our conversation.  She asked me to provide my key fobb number.
LM:"Did you do anything to your key fobb?" 
Me: "No."
LM: "It's not coming up! What did you do to your key fobb?"

BE CAREFUL WHAT YOU WISH FOR...

I agreed to meet the building manager immediately downstairs in the Leasing Office to figure out what went wrong.   I handed her my keys and she punched in the numbers of the key fobb device.

LM: "You're not in here.  I've checked 5 times.  You are completely gone.   I can't find your name.  I can't find anything! It's gone. There's no record of you in this system."
Me: "Whoever did this knows me pretty well."

I sighed, realizing my incessant complaining about the RFID dependent use in the building, may have reached the ears of some pranking, friendly hacker sprites.   It was a neat trick but scary for the leasing office because they discovered a systemic vulnerability which needed professional casing.

I finally explained there are 4 types of hackers: basement hackers, corporate penetration testers,  the feds and vigilante hackers, like Anonymous.   She should probably look into a corporate hacking remedy to shore up the holes in their system.

I was given an pseudonym account with a different key fobb.  Nowadays,  I can get around the building and no one really knows it's me.  If the lights go down, I will know how to exit the building safely.

With the bulk of privacy battles still in front of me, this relief was as much welcome, as it was mildly unnerving.  It might be tough to say I am uninitiated to the pranks and benefits of the hacker community.

This blog will be my only way to thank them for their backhanded brand of help from the digital underground.

But I will look into the sunset from now on and wonder,  who was that anonymous hacker who helped me beat my chip?!




Thursday, August 11, 2011

" Understanding issuance models"


c/o Secure ID News
"Moving toward off-site issuance is one solution, but a program has been put in place to explore other options.
The Driver License/Identity Verification Systems (DIVS) program was formed to organize, implement and coordinate a system to verify information provided by applicants for driver licenses and identification cards. 
Mississippi is the lead state for planning and implementing the initial stage of the program. Florida, Indiana, Kentucky and Nevada also participate in the joint effort between the states, DHS and AAMVA.
DIVS encompasses several electronic verification systems that can be used by state driver licensing agencies to verify documentation provided by driver license applicants as a form of identification, says Maj. Jason Jennings, director of the Driver Services Bureau of the Mississippi Department of Public Safety.
The scope of DIVS includes verification of:
  • U.S.-issued birth certificates;
  • U.S.-issued Passports;
  • U.S.-issued immigration papers; and
  • Social Security information.
DIVS also has oversight of a yet-to-be-developed system states can use to make sure that a driver license applicant does not hold multiple licenses across the country. "
 :::MORE HERE:::

Sunday, August 7, 2011

REDUX: Evolved terms of "democratized surveillance" state aired at DEFCON

"Notwithstanding Americans' resistance to a Real ID infrastructure, as consumers of social networks we have consented to a de facto Real ID that markets and information technology, rather than government and regulation, have created,"- Alessandro Acquisti



BTC--"Friendly fascism" and "democratized surveillance" are terms being used to address issues of Big Web’s collusion with the government surveillance state by way of hackers, software applications and social networks at this years DEFCON convention.

Here's how it works: Developed applications are voluntarily adopted by users who create highly personal profiles.  Some profiles are then funnelled through a federal data surveillance apperture by big technology companies and private contractors to advance a fine grasp of social control of everyone who poses any resistance to the State.  A familiar scenario was illustrated in Aldous Huxley’s Brave New World.   

SEE:An Open Letter to Defcon Hackers: Don’t Sell Out to the NSA

If the American government has indeed lost their undertsanding and fellowship with basic Constitutional freedoms, one can only conclude this Summer's escalated levels of surveillance is an effort to control the only people in the world with any real power to reign in a rogue government on an imperial rampage.

The resistance of American people may be invisible to the rest of the world due to a media circus which is allowed to tamper with the American justice system.  Something is drastically wrong when Court TV evolved. Nancy Grace based her entire broadcast career on a legal reality show known as "The Casey Anthony trial".  Many believe this trend was initiated with OJ Simpson's acquittal in the beating death of his wife.

One morning, I observed Headline News Anchor, Carlos Diaz say," It's good that Big Brother is watching out for Octomom." I would never gather that Carlos Diaz's audience could raise Octomom's children better than she could, mainly because they are uninvested strangers. America's televised media believes itself to be government and has been since corrupted.  American media's conflict of interest in government role-play leads to it being ineffectual in exposing government corruption. Women and children are still the losers when televised media becomes the social justice handlers.

The media blowback has manifested in new media empire empowerment of Wikileaks and robin hood hacker vigilantes Anonymous who now pilfer the data mines of crooked police bureaus in a retaliatory fashion.

One out of 4 hackers still work for the federal government. If companies hand over users information through coersion or through commerce,  there is only a small patch of legal real estate left to leverage the tipping point for user privacy and basic civil liberty.

Now that the "genie is out of the bottle" it is anyone's guess whether the User will reclaim authority over the management of their digital identity or allow the liquidation blow-out sale of their information to continue.

Here is second life for news that matters:


Why ‘Privacy By Design’ Is The New Corporate Hotness  +  Design 4 Privacy Awards coverage.

Hints Facebook Is Becoming a Full-On Identification Service

Security, Hacker Conferences Have Technology Industry Buzzing

California Adopts First Standards for Cyber Security of Smart Meters

US seeks to counter extremism on Facebook, Twitter

Line Noise: Electronic Device Search and Seizure

Big Brother Wants a Longer Memory

American Spies Have Their Very Own Phone Hacking Scandal

FBI Director’s Term Extension Ensures Neo-COINTELPRO Operations Will Prevail

Bill Would Force Intel Chief to Renounce ‘Secret Patriot Act’