Friday, August 23, 2013

Security and the Price of Liberty II

I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.
Ladar Levison, Lavabit LLC
under Section 702, the government may not "intentionally target any U.S. citizen, any other U.S. person, or anyone located within the United States. ... [I]n those cases where NSA seeks to acquire communications about the target that are not to or from the target [NSA procedures document] ... the NSA believes it not only can (1) intercept the communications of the target, but also (2) intercept communications about a target, even if the target isn't a party to the communication."

In my previous commentary on this issue, I listed some tools and options for self-protection against online snooping.  Since I wrote that column, events have moved rapidly and bizarrely.  The limit of the extent to which the gov't is probing our private lives has been pushed out considerably.  I've done more research on the elements of security available to ordinary users.

In August, two American companies that provided encrypted email services, closed their email services.  One, Lavabit, made clear in its announcement that it was closing to avoid having to turn over its data files to the US gov't.
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
Ladar Levison
Owner and Operator, Lavabit LLC

The other service, Silent Circle, announced that it was taking the action proactively, because its management was convinced that the US gov't intended to go after its data files in the same way it went after Lavabit.

Ladies and gentlemen, this is the country we are creating for ourselves.  A country in which we cannot protect our online communications from the gov't.  Period.
If you mean by 'secure' a system to which the U.S. government cannot get access, it is beginning to look as if that might not be possible.
Fred H Cate, director of Indiana University's Center for Applied Cybersecurity Research

Let's clarify.  We're not referring to a search for terrorists.  We are not referring to a carefully controlled, documented and properly warranted search, directed at specific individuals about whom the gov't has reasonable concerns, based on court-verified information.  We're referring to blanket "vacuuming" of information about every American citizen who conducts business on the internet.  Email, search, social networks, Flickr, the whole Gitchagummi.  According to the Wall Street Journal, "The system has the capacity to reach roughly 75% of all U.S. Internet traffic in the hunt for foreign intelligence, including a wide array of communications by foreigners and Americans. In some cases, it retains the written content of emails sent between citizens within the U.S. and also filters domestic phone calls made with Internet technology, ..."

The same article reports that the Blarney intercept program (one of several current programs lumped up as NSA spying) was named as a joking reference to the Shamrock project, an NSA communications intercept that operated for almost 30 years following WWII.  The Shamrock project, which operated with no outside oversight, and accessed American communications without warrants, routinely shared out gathered information to other US gov't agencies.  Its operations were one of the secret spy operations that led to the Church Committee investigations of secret intelligence operations in the mid-70s.

Now, I can easily say, "Well, I am not doing anything online of significance to national security. It's not me they're after. Why should I care?"

Monday, August 05, 2013


I am a data nut.  If I see a statistic, I immediately want to know its origin.  And if I don't see a statistic, but instead see some unverified claim, I immediately want to see the statistics.

43.7% of statistics are made up on the spot. -- Steven Wright

Over the years, I've accumulated a collection of tools and data sources, as well as sources of ideas.  This article just lists the most prominent of these.  I use them, abuse them and often beat heads with the output of my efforts.  Of course, I read many political and/or social justice blogs.  I don't use them as sources of factual information, usually.  From them, I backtrack to the original (e.g., if I read an article based on a dataset from the Census Bureau, I go to the Census Bureau and look at the original data.).  My golden rule is, "trust, but verify." Heh-heh.

I don't list it here, but I do use Excel quite a bit.  By loading something like, say, a UCR into Excel, I can turn it into a table and filter the data quickly; or likewise, by creating a pivot table.  Then, charting the results of the filtering is a snap.

  • Research Tools and Data Sources

  • Blogs and Publications