Short Note on Terrorism and Encryption

When the Paris attacks occurred, “security” agencies on both sides of the Atlantic jumped into the media spotlight to declare that encryption had helped the terrorist planning remain secret. Their spokespeople in the media (see NYTimes, etc…) were quick to jump in making unfounded claims based on secret sources. As time went on these early stories were retracted, or as the case of the NYTimes, simply pulled without comment.

Then a text was found on a terrorist’s phone in clear text. The tech privacy/security community was quick to jump out with their own claims that the terrorists did not use encryption.

Both sides are wrong and both of their arguments are red herrings, they both do a dis-service to those they claim to represent.

Let’s start with the privacy advocates’ arguments. All that we know is that the terrorists sent at least one message unencrypted, we do not know anything of the (probably many) messages sent previously. To focus on the fact that they did not use encryption (when logic tells us that they probably did) makes it seem that if they had used encryption then it would be alright to call for governmental back doors to its use. Refusing to enter the sty with the 3 letter agencies would have been the better course, for when it is eventually proven that the terrorists did in fact use encryption for some communications, the argument is lost.

The NSA/GCHQ/FBI arguments for back doors is based on a false dilemma. When these agencies make  claims that terrorists used encryption the correct response is not “did not”, but instead “so what!”. So what if they did use encryption? That does not lead to the conclusion that no one else can use secure communications.  Without privacy there can be no freedom, each is contingent upon the other. These terrorists traveled by train, should we make travel by train illegal? These terrorists had passports, they could not have accomplished their deed without these passports, should we outlaw passports? This is preposterous, it is as preposterous as the claims that secure communications should be banned because the terrorists used it.

I have a right to secure communication and privacy. If I choose to encrypt the data on my phone, my tablet, my computer; then that is my choice [edit: same as whether I choose to lock my house and car]. The government does not have a right to a back door to that data [nor keys to my house]. The privacy advocates argue that any governmental back door could be exploited by bad actors and should therefore not be mandated. I would take a different tack, and argue that the government has no right or authority to demand a back door, even if it could be proven that others could not exploit it. It is my nature endowed right to privacy to have my data secured and my communications private, period.

I recommend Wickr for secure communications. Wickr is encrypted messaging and is available for Windows, Linux, OSX, Android, and iOS. It is easy to use and free for personal use. You can message me at user “foggytown”

Advertisements

Still Replacing Google Services

I’ve been using the internet long enough to remember the wreck it was before Google came along.  Before Google came along, search engines only indexed meta data–and shady sites would lie in their meta data (description tag) causing the accidental opening of porn sites and other things that one would rather not see. Google’s indexing of entire sites was revolutionary and made the web a better place.

Then along came Gmail with its then whopping 1 GB of storage. Before this, webmail services offered a few MBs and it was necessary to delete mail as it came in to keep from exceeding your quota.  Adequate storage was an amazing idea and made the web a better place.

Over time Google released more services, many revolutionary, many amazing, many making the web a better place. I found myself using many of them…Android, Play Store, Search, Docs, Drive, Voice, Reader, Chrome, Music, News, Maps, Calendar, Sites, Books, Picasa, Youtube,…

Then, at about the same time, three events occurred that caused me to re-think my relationship with Google and its services. First there was Google Now, a fairly amazing predictive assistant for Android. Then Google Plus, an attempt by Google to compete with Facebook. And thirdly, Larry Page replaced Eric Schmidt as CEO of Google. Let’s take each of these in order before continuing.

When Google Now was released I quickly enabled it on my phone.  And like many Google services, it was amazing. Within a few days it was offering up suggestions and it quickly became apparent that Google had amassed a huge amount of data about me. They knew when and where I worked, they knew where I went, where I wanted to go (maps searches), who I talked to, intimate details of my life (calendar), and much much more. Appalled, I turned off Google Now and began re-thinking my relationship to Google.

Google saw Facebook eating the internet and cobbled together Google Plus to compete. Not deterred by no one using it, Google forced integration into its other services to push up the user base.  Picasa web was diminished as photo features were pushed to Plus, Youtube comments need a Plus account to use, you can not review an app on the Play Store without having a Plus account, and many more. As it spread, Plus also became more and more intrusive. And since no one uses Plus, there was no added value to this increasingly intrusive activity.

Eric Schmidt was always creepy, but when he turned the reigns of Google over to co-founder Larry Page, the don’t do evil thing seems to have fallen by the wayside. He seems mostly to blame for the ever increasing encroachment of Plus into everything while coming off as Machiavellian to a dangerous degree. From ending popular services to creating a dystopian future, Google has become a much worse public citizen since his return.

These three events, along with the Snowden leaks, have led me to reconsider my relationship with Google. There is no guarantee that Google is a decent steward of my data, even the fact that the accumulated data exists at all, makes it a target for NSA snooping or other nefarious access. The question I had to ask was, “do I trust an ad agency to know the most intimate details of my life?” Despite all the services that it offers, Google remains an advertising agency and amassing a portfolio on each of its users is its main objective. There is an old saw that states that “when a company is giving away its services, the product is you.” This could not be truer of Google, they do not offer these amazing services out of an altruistic leaning. The product is you.

With the decision made to start decreasing my reliance on Google’s many services, the question became how to begin? Particularly when the company has become synonymous with the internet? The rest of this post illustrates my personal pulling back (or is that pushing out?) from Google’s many services, finding alternatives and shuffling data to make things work in a cohesive fashion. My journey will not translate to your path, I only offer it here as one possibility, as they say: “Your mileage may vary.”

Before breaking down the challenges of switching various services, one other point must be brought to light. Integration. Google is huge and its reach is both long and wide, the integration of its various services is perhaps the largest hurdle to leaving it behind. Add a contact to Gmail and it automatically changes on your Android device and on Voice. And since no single service can replace Google (there would be no point in switching if it did) some of this convenience will surely be lost.

With the preamble out of the way, lets jump into switching services, we’ll start with the big one: Search. Google has become synonymous with search to the point that we actually use it as a verb. They are also very good at it, this makes it difficult to find a decent alternative. Two privacy focused alternatives are available; DuckDuckGo and IXQuick. Each of these services had major road blocks preventing me from switching to them as replacements to Google search. DuckDuckGo while offering quality results without tracking cookies does not allow one to filter for recent documents, a feature that I am dependent on for finding things. IXQuick pulls and integrates results from other services giving good results, it allows filtering for recent documents, but its ads are not easily distinguishable from the results. Either of these services may meet your needs, but I decided to go with Bing for the majority of my search needs. Occasionally I still fallback to Google to find that hard to find item, but overall Bing offers a compelling alternative. While Microsoft may be as bad as Google in many respects, using a single service does not allow them to gain as much of my data as Google has acquired.

Google’s Gmail webmail is another best of breed service.  After googling searching the web for good alternatives I tested three services, any of which could be a good replacement. GMX, Zoho, and Microsoft’s Outlook (formerly Hotmail or Live). Both Zoho and Outlook offer contacts and calendar integration and both sync with Android. If these services and integration are important to you you may want to consider one of them.  I decided to go with Zoho Mail (although I do not use their contacts and calendar–see below.)  After setting up a Zoho account, I logged into both Gmail and Zoho through the Thunderbird email client using IMAP, I was then able to drag my Gmail archive into Zoho where it was uploaded allowing me to have continuity. I then forwarded my Gmail to Zoho giving me plenty of time to get my email changed with friends, associates, and services. I use my own domain with Zoho which is free and easy to set up.

Some of the Google services that I was using I found to be superfluous and unnecessary.  So while seeking alternatives, I found that I didn’t really need one, I simply dropped the service. These unneeded services included Google Music, Youtube, and Google Now. I have a large local collection of music and really did not need Google’s Music service. If you stream music you might consider a service like Pandora or Spotify; for buying digital music I use Amazon mp3 store. Since my online video needs are limited, I found Vimeo to be a solid replacement for Youtube. Google Now was simply dumped as not necessary to my needs.

Maps is a hard to do service that Google has done a great job with, finding a replacement was difficult. Two online services which come close to matching Google are Bing Maps and Nokia’s Here Maps. I went with Here Maps and find it perfectly adequate for my needs. It gives good directions, it is fast and fluid, and it is easy to use. Unfortunately, there are no Here Maps for Android. I decided on a paid map app that gives good results, is available 100% offline and has turn-by-turn navigation; OsmAnd+Maps and Navigation, it costs $8 and uses Open Street Maps as a data source.

Google shut-down its RSS Reader making a switch easy.  With the demise of Google Reader many services sprang up to take its place. The Old Reader and Feedly came closest to meeting my needs, they are both very good services. In the end, I decided to go with a self hosted service called Tiny Tiny RSS. Self hosting is not for everyone, but either of the above listed services are good alternatives. TT-RSS was easy to set up on my Raspberry Pi and is fast with a nice interface and keyboard shortcuts.

Google’s web browser, Chrome, was an easy one to replace. I simply reverted to Firefox. Firefox is cross platform on the desktop and also runs on Android. If you quit using Firefox long ago because it was slow, give it another try, it is faster and uses less RAM than ever. Also Mozilla, the makers of Firefox, are one of the best internet citizens.

Contacts/Calendar, if you decided to go with Zoho mail above, then you are all set, these are included and sync with Android using Exchange.  Microsoft’s Outlook service also has contacts and calendar baked in and it, too, seamlessly syncs with Android. Either of these two services are more than adequate replacements for those of Google. Once again, I went with a self-hosted solution called OwnCloud. As stated above, self-hosting is not for everyone, but if you are up for it, OwnCloud is a feature rich web service running on your own server. Since it uses industry standards to sync data, your contacts and calendar are available wherever you need them (although in a vain attempt to protect its own technologies, Microsoft is slow to adopt these standards).

For many, Google’s online documents editor (Docs) and cloud storage (Drive) are indispensable.  I was heavily invested in Docs but since Drive was so late to the game, and lacked a Linux client, I never really used it.  My needs for cloud document editing are quite limited, I use an Android app from Zoho called Writer to edit documents stored on Dropbox which are then synced to my desktop. Zoho also offers online document editing as does Microsoft on its Skydrive storage service. For cloud storage with desktop sync there are numerous alternatives to Drive, besides Dropbox and Skydrive, there is also Box, Copy, and numerous others (Wuala, SpiderOak, etc…); most of these have a mobile application. I would be remiss not to mention that the self-hosted OwnCloud also has online storage with a desktop and mobile client.

The Google Play Books is unique among book services in that it allows you to upload your own books and then makes them available on all your devices. This makes it superior to its main rivals, with Kindel being the main one. Since I only read digital books on my Android tablet, I went with an Android app to replace Google Books.  I chose to go with Moon+ Reader which integrates with the desktop client Calibre and also with Dropbox to load books and synchronize reading position between devices.

Picasa web photo albums used to be a great service, but with the advent of Google Plus it has gone steadily downhill.  Since Yahoo has recently started showing Flickr some update love the decision to move back to Flickr was an easy one. Since Flickr now offers a full terabyte of data storage, the choice was an easy one.

For free web hosting I switched from Google Sites to Zoho Sites, while it has ads, they are fairly inconspicuous.

Google Voice used to be best of breed for online telephony, but it has not been updated in a long time (years?). I ended up porting my number to RingTo and have not regretted the switch. RingTo does number forwarding and has online voicemail as well as an Android app.

I still use Google News regularly and have not found an adequate replacement.

A special note on Android: I am pretty much an Android fanboy. However, I have a love hate relationship with the carriers. To rectify this, I root my devices and install an alternative version of Android based on the Android Open Source Project called Cyanogenmod. Since I have a monetary investment in apps from the Google Play Store, I continue to use this service. However, I keep my usage to a minimum be also relying on two other app stores: F-Droid has only free open source apps while Amazon App Store has paid apps and even gives away a free one every day.

So, with the exception of News and the Android app store, I have completely weened myself of Google’s services. While this does not stop the NSA from accessing all of my data, it at least makes it less convenient than the one stop shop of Google.

What about you, are you re-thinking your relationship with Google? If so, how is it going? When I first started this adventure over 6 months ago it seemed like an insurmountable challenge but turned out to be fairly easy with hardly any inconvenience.

Higher Oath

In an article concerning Edward Snowden’s exile in Russia being extended, Senator John McCain is quoted as saying: “Mr. Snowden violated an oath, and that is a fact…”

Since I am old enough to remember when McCain was still considered a patriot, I would like to remind him of an oath that he, himself, took:

I do solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservation or purpose of evasion; and that I will well and faithfully discharge the duties of the office on which I am about to enter: So help me God. (emphasis added)

I am not sure if NSA contractors take a similar oath, even if not, it is all of our civic duties to uphold the Constitution against enemies, even domestic ones working under the color of authority. It can certainly be argued that Snowden upheld this oath, even as McCain does not.

Figures such as McCain, Feinstein, and even Obama (an alleged constitutional scholar) could learn much from the patriotic actions of Edward Snowden.

Response to Senator Feinstein

Yesterday I received an email response to a message that I had sent California Senator Diane Feinstein, Chairman of the Senate Intelligence Committee.  Since I doubt Senator Feinstein is interested in a back-and-forth email conversation, I thought I would deconstruct her message here.

Dear Mr. Trapp:

I received your communication indicating your concerns about the two National Security Agency programs that have been in the news recently.   I appreciate that you took the time to write on this important issue and welcome the opportunity to respond.

Thanks to you for taking time away from scoring cushy no-bid contracts for your husband’s company to reply. At one point you were one of the best people in the Senate, but I understand that Lord Acton pretty much hit the nail on the head.

First, I understand your concerns and want to point out that by law, the government cannot listen to an American’s telephone calls or read their emails without a court warrant issued upon a showing of probable cause.  As is described in the attachment to this letter provided by the Executive Branch, the programs that were recently disclosed have to do with information about phone calls – the kind of information that you might find on a telephone bill – in one case, and the internet communications (such as email) of non-Americans outside the United States in the other case.  Both programs are subject to checks and balances, and oversight by the Executive Branch, the Congress, and the Judiciary.

The said attachment was not on anyone’s letterhead and had no signature, therefore its credibility is suspect, at best.  So the government is getting the information contained in my phone bill without a warrant and without probable cause, isn’t this a violation of that little thing called the 4th Amendment to the US Constitution?  Didn’t you take an oath to uphold the US Constitution against all enemies foreign and domestic? And if this information shouldn’t be considered private, why don’t you send me a copy of your phone bill? Ahh…two sets of laws for the two classes, rulers and ruled. How American is that?

As Chairman of the Senate Intelligence Committee, I can tell you that I believe the oversight we have conducted is strong and effective and I am doing my level best to get more information declassified.  Please know that it is equally frustrating to me, as it is to you, that I cannot provide more detail on the value these programs provide and the strict limitations placed on how this information is used.  I take serious my responsibility to make sure intelligence programs are effective, but I work equally hard to ensure that intelligence activities strictly comply with the Constitution and our laws and protect Americans’ privacy rights.

And how long do you think a democracy can stand against secret laws, secret courts, and secret enforcement actions?  The government’s actions since 9/11 have done far more to damage the fabric of our nation than the terrorists did.

These surveillance programs have proven to be very effective in identifying terrorists, their activities, and those associated with terrorist plots, and in allowing the Intelligence Community and the Federal Bureau of Investigation to prevent numerous terrorist attacks.  More information on this should be forthcoming.

I would rather have my rights restored and have the occasional terrorist attack slip through than to give them up without a fight.  Bin Laden may be dead, and in the short term he may have lost. But long term, our knee jerk response to his actions have done grave–perhaps mortal–damage our nation.

· On June 18, 2003, the Director of the National Security Agency (NSA) testified to the House Intelligence Committee that there have been “over 50 potential terrorist events” that these programs helped prevent.

· While the specific uses of these surveillance programs remain largely classified, I have reviewed the classified testimony and reports from the Executive Branch that describe in detail how this surveillance has stopped attacks.

· Two examples where these surveillance programs were used to prevent terrorist attacks were: (1) the attempted bombing of the New York City subway system in September 2009 by Najibullah Zazi and his co-conspirators; and (2) the attempted attack on a Danish newspaper that published cartoons of the Prophet Mohammed in October 2009 by U.S. citizen David Headley and his associates.

· Regarding the planned bombing of the New York City subway system, the NSA has determined that in early September of 2009, while monitoring the activities of Al Qaeda terrorists in Pakistan, NSA noted contact from an individual in the U.S. that the FBI subsequently identified as Colorado-based Najibullah Zazi.  The U.S. Intelligence Community, including the FBI and NSA, worked in concert to determine his relationship with Al Qaeda, as well as identify any foreign or domestic terrorist links.  The FBI tracked Zazi as he traveled to New York to meet with co-conspirators, where they were planning to conduct a terrorist attack using hydrogen peroxide bombs placed in backpacks. Zazi and his co-conspirators were subsequently arrested. Zazi eventually pleaded guilty to conspiring to bomb the NYC subway system.

· Regarding terrorist David Headley, he was also involved in the planning and reconnaissance of the 2008 terrorist attacks in Mumbai, India that killed 166 people, including six Americans.  According to NSA, in October 2009, Headley, a Chicago businessman and dual U.S. and Pakistani citizen, was arrested by the FBI as he tried to depart from Chicago O’Hare airport on a trip to Europe.  Headley was charged with material support to terrorism based on his involvement in the planning and reconnaissance of the hotel attack in Mumbai 2008.  At the time of his arrest, Headley and his colleagues were plotting to attack the Danish newspaper that published the unflattering cartoons of the Prophet Mohammed, at the behest of Al Qaeda.

In a democracy there is very little that we “just have to take the government’s word for.” The only “terrorists” I see getting arrested are those setup by the FBI. If the FBI has to provide the bombs for these potential acts, they can hardly be considered serious. Since you are concerned with American citizens being killed by terrorists in foreign lands, I would like to bring up the matter of American citizens being targeted by drone strikes without a trial. Both Anwar al-Awlaki and his son were illegally executed by the president, does this concern you, too?  In my mind, what defines a terrorist depends on which side you are on.

Not only has Congress been briefed on these programs, but laws passed and enacted since 9/11 specifically authorize them.  The surveillance programs are authorized by the Foreign Intelligence Surveillance Act (FISA), which itself was enacted by Congress in 1978 to establish the legal structure to carry out these programs, but also to prevent government abuses, such as surveillance of Americans without approval from the federal courts. The Act authorizes the government to gather communications and other information for foreign intelligence purposes.  It also establishes privacy protections, oversight mechanisms (including court review), and other restrictions to protect privacy rights of Americans.

Secret courts, secret enforcement, secret rules, secret legal interpretations; none of this is compatible with a free nation. If we don’t know about it, how can we have a national discussion concerning its compatibility with our ideals?

The laws that have established and reauthorized these programs since 9/11 have passed by mostly overwhelming margins.  For example, the phone call business record program was reauthorized most recently on May 26, 2011 by a vote of 72-23 in the Senate and 250-153 in the House.  The internet communications program was reauthorized most recently on December 30, 2012 by a vote of 73-22 in the Senate and 301-118 in the House.

Sure, and Saddam Hussein continually won re-election with a near 100% vote. What’s your point here?

Attached to this letter is a brief summary of the two intelligence surveillance programs that were recently disclosed in media articles.  While I very much regret the disclosure of classified information in a way that will damage our ability to identify and stop terrorist activity, I believe it is important to ensure that the public record now available on these programs is accurate and provided with the proper context.

Once again, no letterhead, no signature, no accountability.

Again, thank you for contacting me with your concerns and comments.  I appreciate knowing your views and hope you continue to inform me of issues that matter to you.  If you have any additional questions or concerns, please do not hesitate to contact my office in Washington, D.C. at (202) 224-3841.

Sincerely yours,
Dianne Feinstein
United States Senator

I don’t know why, but I found your missive less than assuring.

Sincerely,

–john

Hitler Reacts to NSA Spying

A clip that I compiled parodying the NSA scandal. Google flagged it as copyright violation so it may get removed. I filed a dispute claiming fair use…

An Open Letter to the New York Times

Dear NYT;

So you went and published the shocking news that Bush & Co are monitoring international banking transactions to look for ties to terrorism. While I would have thought that most would not find this to be “news”, it now appears that this surprises many.

Bush: “The disclosure of this program is disgraceful”

Cheney: “I think this is a disgrace.”

Sen. Bunning: “we think has committed treasonous acts.” (R-KY)

Cheney: “The New York Times has now made it more difficult for us to prevent attacks in the future.”

Now some are even calling for prison for top NYT officials. While both the LA Times and the Wall St Journal both ran the story, I don’t see Congress passing resolutions condemning them. Bush & Co seem mostly focused on the NYT.

And of course all of this follows last years NYT uncovering of Bush & Co’s illegal wire tap program.

I know you are busy, but I hope you have time to read this. It seems that we are approaching a new dark age. The oligarchy has thrown back its vale, no longer content to rule in secret. Money talks; in fact it roars. The present regime seems bent on increasing the disparity between the haves and the have-nots. History shows us that no democracy can withstand this disparity. With the Oligarchy now public, we cannot go back. The snowball tumbling down the hill has caught a lot of weight and inertia, to stop it now would require social upheaval and would result in a mess. No, the time has passed for reform.

The only thing to do now is to keep one’s head down and prepare to pick up the pieces after this regime has passed. Ah, but you dear NYT do not have this luxury. You are too front and center for that. Allow me here to urge you to not back down on your coverage. I know your inclination will be to draw less fire, but you must resist that inclination. In the coming times, many media outlets will be forcibly closed. You can not escape your fate, only momentarily prolong it. And you must bear in mind that history will not remember who the 10th media outlet shut down was. But it will remember the first. It may even be a holiday at some point (if there is a recovery, of course).

So, I simply suggest that you retain your role as moderate—which looks more and more liberal as time goes on. Take your medicine when it comes. And know that it is the standard dose given to a free press in a darkening land.

Is this my country?

Everything that was bad about the Soviets…concentration camps, unjust wars, walls seperating families, secret governmental spy programs, lack of public oversight, long lines, etc……….

Have been transferred to the US by the current regime.  Who woulda thunk I would see my country devolve like this.