Are you using encryption software for all your data and communications yet? If not, are you aware that the government may inspect and/or seize any digital device (phones, media players, laptops) without a search warrant or cause when you travel internationally, and search any digital device during routine traffic stops?
The Association of Corporate Travel Executives, which represents 2,500
business executives in the United States and abroad, said it has
tracked complaints from several members, including Udy, whose laptops
have been seized and their contents copied before usually being
returned days later, said Susan Gurley, executive director of ACTE.
I was assured that my laptop would be given back to me in 10 or 15 days," said Udy, who continues to fly into and out of the United States. She said the federal agent copied her log-on and password, and asked her to show him a recent document and how she gains access to Microsoft Word. She was asked to pull up her e-mail but could not because of lack of Internet access. With ACTE's help, she pressed for relief. More than a year later, Udy has received neither her laptop nor an explanation.
Think that virtual worlds like Second Life are a refuge? Think again:
U.S. intelligence officials are cautioning that popular Internet services that enable computer users to adopt cartoon-like personas in three-dimensional online spaces also are creating security vulnerabilities by opening novel ways for terrorists and criminals to move money, organize and conduct corporate espionage.
...
"Virtual environments provide many opportunities to exchange messages in the clear without drawing unnecessary attention," the IARPA paper said. "Additionally, there are many private channels that can be employed to exchange secret messages."
...
Officials from Linden Lab have initiated meetings with people in the intelligence community about virtual worlds. They try to stress that systems to monitor avatar activity and identify risky behavior are built into the technology, according to Ken Dreifach, Linden's deputy general counsel.
The government's message is clear: no thought or conversation in the digital realm is allowed to be private. Unless you believe that a private existance "lets the terrorists win," you'd better be using encryption software. (See the Links section to get started.)
TrueCrypt is an essential drive encryption application for Windows, Mac OS X, Linux users who want to encrypt real or virtual drive partitions. It's free, easy to use, and it even runs on Windows Vista 32/64 bit. The 5.0 release allows you to encrypt the boot drive partition in Windows, so if your server or laptop falls into the wrong hands, no data whatsoever can be gleamed from it.
An interesting feature of TrueCrypt is the “plausible deniability” option, which allows you to encrypt any number of hidden partitions in the empty space of an outer partition, so even if you are forced to reveal the outer partition, you can plausible deny the existence of inner partitions. Get it now!
How many of the 79 million personal records compromised in 2007 could have been avoided simply by installing this program?
After 9/11, the U.S. government didn't have much
trouble blasting away any expectation of privacy when conducting financial
transactions or traveling across the country. It's a little
harder to justify destroying fundamental freedoms when it comes to spying on
people's email and instant messaging conversations. What is the state to
do? If recent actions by the NSA and CIA are any indication, it is to
invent ridiculous threats about the danger that "hackers" pose to us
all.
First, Michael McConnell, Director
of National Intelligence of the United States claimed that "the U.S.
government should have unfettered and warrantless access to U.S. citizens'
Google search histories, private e-mails and file transfers" in the
January 21st edition of the New Yorker.
One of his claims is that cyber
crime costs $100 billion per year. This number was made
up by Valerie McNevin, who happened to have once served as an advisor to the
U.S. Treasury department. Wired reports that "within two hops, CNN
was reporting the $105 billion as an official Treasury Department estimate of
global cyber crime profits." Before long, the number was used by
Information Week, Slashdot, Reuters, reputable security firms such as
McAfee - and the Director of the NSA.
The second preposterous claim is
that "a massive cyber-attack on a single U.S. bank would be worse for the
economy than the deadly terrorist attacks of September 11." It takes
a computer security specialist to appreciate the sheer ignorance of that
claim. The head of the NSA is surely familiar with highly secure
computing environments. Just like the government, banks employ data
centers that are both physically and cryptographically isolated - you have to
physically break into the bank's data center before you can even think about
causing havoc in a large scale. The website you use to access your bank
account is far removed from the servers that actually hold your account information.
It's easy to steal bank account information, and maybe even take away your
online account access for a day. But that is hardly a "911"
type of event. Without physical access to the data centers, hackers
cannot erase traces of their work, so the transactions can be easily reversed.
It's hard to withdraw $100 billion of cash from a bank in a day.
Regardless, McConnel believes that a
recent federal ruling which decided that "any telephone transmission or
e-mail that incidentally flowed into U.S. computer systems was potentially
subject to judicial oversight" has reduced the "capacity of the NSA
to monitor foreign-based communications ... by seventy per cent." No
worries, because the Protect America Act passed this summer, and allows
"Gmail's servers and AT&T's switches [to be] de facto
arms of the surveillance industrial complex without any court
oversight."
This latest attack on American's
privacy is just the latest act for McConnell - he was one of the main backers of
the Clipper Chip, a plan to force an NSA backdoor into encryption
product. More recently, the NSA has attempted to sneak in a backdoor into
encryption by creating
flawed security standards.
In case you still have any delusions
that this attack on American's privacy has anything to do with terrorism, the
testimony of Qest CEO Joseph Nacchio makes clear that the NSA was out to spy on
Americans at least
seven months before September 11, 2001.
Michael Tanji, an ex-spook who
spent 20 years in the intelligence community observes that
monitoring all traffic is basically an admission that the government has no
effective means of detecting or stopping legitimate threats, cyber or otherwise:
It's bad enough that the Director of
National Intelligence is trotting out a bogus
threat so the
government can snoop on all Internet traffic. What's worse is that
this kind of mass surveillance is a pretty lame way to catch the honest-to-God
bad guys.
Of more interest to observers of
intelligence activities is the issue of quality vs. quantity and the slow creep
towards doom that these efforts foretell. The fact that we are essentially
attempting to gill-net bad guys is a fairly strong indicator that the
intelligence community has yet to come up with an effective strategy against
information-age threats.
The NSA is not alone in scaremongering
Americans. The CIA claims that hackers "turned
out the lights in multiple [foreign] cities after breaking into electrical
utilities and demanding extortion payments before disrupting the power." Of course, no details on where or when the
outages occurred were provided, so it's hard to evaluate this claim. I wonder whether some power utilities
around the globe are really dumb enough to connect critical components to the
public Internet, or whether the "hackers" simply broke into the facilities and
flipped a switch.
The Dept of Homeland Security wants a
piece of the horror-fest action too: it "produced
a video showing commands quietly triggered by simulated hackers having such a
violent reaction that an enormous generator shudders as it flies apart and
belches black-and-white smoke." "Simulated"
hackers?
Some people might look at the relentless attack by governments on privacy and personal liberty and ascribe it to some kind of
enormous, sinister plot. Yet reality is
much more ordinary and mundane. Countless
nameless bureaucrats are just doing what they always do -- fighting for power
and influence using the only currency they have - the public's money and liberty.