I find it amazing that there is so little outrage at what is happening in the USA.
The country that paints itself as an example of freedom and democracy and aspires to spreading those values around the world is the same country that:
* kidnaps and tortures people,
* sets up a military prison with no civillian oversight, outside any legal jurisdiction, where it keeps people indefinitely,
* kills people in various countries using missiles launched from drones,
* interrogates its citizens as they come back from abroad, threatening them with detention or not letting them into the country,
* tightly controls the media and what information gets released from war zones,
* has a lawless "zone" extending 100 miles from its border, where laws are unclear, and people can be searched without warrant,
* seizes computers, accesses and copies data, threatens people so that they give up their passwords,
* uses scare tactics on security researchers (see story above) and whistleblowers (see all the wikileaks stories)
I come from a former-communist country that was under the Soviet influence. We fortunately no longer are. I think what I listed above is very visible to people like me, but somehow it goes under the radar of most Americans. I see it as classical secret police tactics, utilized in all totalitarian regimes, while Americans seem to see it as a necessary nuisance to "combat terrorism".
I find it even more amazing that instead of fighting back, people just discuss workarounds. Ship your data via FedEx, keep it online, wipe your drives, carry a laptop with an empty drive… This works today, but the way things are developing, it might not work tomorrow!
Wake up, people. In comparison to things I listed above the whole ridiculous story about the "naked scanners" is just a joke.
I grew up in the Canal Zone during the Soviet scare. (I'm a former colonist.) One thing we would point to as a reason why the U.S. was better than the Soviet regime was our concept of due process and the constitutionally backed freedoms. I never thought I would see the day when Americans accepted the things you describe.
Growing up I often wondered how it came to pass that Germans accepted Hitler and his abuses. My girlfriend's dad fought for Hitler (she's German). His comment about that time was, "We just didn't think and then found ourselves in a war." Hearing his comment and seeing what has happened to the U.S. has made me understand these things much better.
People don't think. It's easy to scare people. It can happen anywhere. A society is only as strong and vibrant as it's citizens are and things can change dramatically from generation to generation.
I was interrogated when coming back from Germany in August. It pissed me off to no end. I didn't file a complaint. I took it. I have a comfortable life and it didn't seem worthwhile to make a complaint that goes nowhere. It's likely that I will live elsewhere soon.
> I didn't file a complaint. I took it. I have a comfortable
> life and it didn't seem worthwhile to make a complaint that
> goes nowhere.
My question: Isn't this part of the problem? "Now, we must all fear evil men. But there is another kind of evil which we must fear most, and that is the indifference of good men." (Boondock Saints -- yeah, not a super source for learning good ethics, but I agree with the sentiment)
I think the indifference comes from the inconvenience; you said, "I have a comfortable life and it didn't seem worthwhile," but I have heard the same from other peers. We have to be inconvenienced, to suffer, in order to reject the system. "Those who expect to reap the blessings of freedom, must, like men, undergo the fatigue of supporting it." (Thomas Paine) As you said, "A society is only as strong and vibrant as it's citizens."
What would build courage in the hearts of our citizens such that they would feel comfortable enough to act? Success stories? Seeing the person in front of you buck the system? I am reminded of the recent HN article of the guy who merely handed out a flyer about the potential and untested dangers of the backscanners, which was just enough to encourage the group behind him to take a stand. Once the problem was made personal and there was obvious and present group support, others joined.
You knew when you wrote this that someone would take the bait. :)
Governments have gotten wise. They push the boundary slightly. A thousand little inconveniences kind of keeps up on the populace. It's the frog in the pot of water that slowly comes to a boil.
I have become part of the problem. I have to balance things and see if action on my part is warranted. Right now, I've decided it isn't. The U.S. has the highest percentage of it's population in prison (bar North Korea). Prison sentences are harsh in the U.S. There's a lack of sobriety when it comes to crime and punishment. I've decided it's not worthwhile to me to risk getting on the terrorist watch list or being harassed and provoked.
I know the water is slowly boiling, I know what is coming but I'm too comfortable to be willing to risk what I have. The most I do is to implore people not to visit the U.S. Don't come here for vacation. Also, I'm trying to leave the country. I want out.
As to what it will take to act....I don't know. The government does a great job now of preemptively arresting protest organizers and charging them with terrorism. After some months they always drop the charges. The police state is here, in my opinion. But the average person doesn't sense this. Too few people see it. It's not a great answer but it is the truth, I don't know what it would take for me to act.
What amazes me is that the great swath of Obama supporters who decried the Bush administration's civil rights abuses are strangely quiet about the continuation of those abuses today. (Caveat: I'm not American, but if I was, I would have held my nose and voted for Obama in 2008.)
I voted for Obama. I'm a liberal and he has lost the support of the liberals. We are not silent about the continuation, and in some circumstances extension, of the abuses. In quite a few races this past election cycle in the U.S. the Republican candidate won as a result of people like me voting for the Green party.
Obama has been a profound disappointment to me in the area of civil rights. That a former constitutional law professor does not stand against these abuses is almost beyond belief to me. He has been a disappointment in other areas but for him to not defend freedom and justice makes me despair for the future of the country.
It would have been one thing to blindly trust him, I don't really do that with anybody, except possibly very close family; I am talking about trusting him like you would trust a not that close friend.
But look at the greater problem: Obama or not, people don't actually do anything. Sure, there will be some forum discussions, but that's pretty much it. The EFF and ACLU seem to be the only organized movements that actually try to do anything. In the political landscape these issues just do not appear.
You're right. Most people assume their democratic duty amounts to showing up and voting once every two or four years - though almost half of eligible Americans don't even do that much - and that voting for the best candidate is enough to effect change.
Community organizer Saul Alinsky famously had a meeting with US President Franklin Delano Roosevelt, who had just been elected in the deepest trough of the Great Depression. Alinsky spoke about the President's role in creating a more fair and prosperous society.
At the end of the meeting, FDR told Alinsky: "Okay, you've convinced me. Now go out and put pressure on me!"
I seem to recall that there was also a small but significant minority of conservatives, who were freaked out about civil rights abuses under Clinton but then became strangely silent under Bush. Government powers are always less scary when the face on them is someone you feel is a member of your tribe.
In this example you also have to look at events during each administration. The fear after 9/11 cause many to reconsider what was reasonable encroachment on civil liberties. Everyone has an opinion on this. Mine is that it was seriously misguided and has resulted in egregious abuses.
I don't think that's accurate. If you look at large, mainstream liberal community blogs like Daily Kos, there's frequent and harsh criticism of Obama on those issues.
Anywhere else in the industrialized world, Obama would be a moderate conservative. Only in the political Bizarro World we call America can Obama even remotely be considered a liberal, let alone any kind of leftist.
I don't challenge them because I know that they no longer value the US Constitution. I know they will rip me from my wife and kids (who rely on me to provide for them). They are all who matter to me.
Unfortunately, the situation's going to require martyrs[1] to be subjected to these abuses and get them traction in the public eye. The San Diego incident is a good example.
As a veteran, what's going on enrages me to no end. People are under the perception that the federal government are supposed to be our rulers. They cannot violate the Constitution, the 4th amendment. They cannot dictate what is a right and what is a privilege. They were not granted that power.
And the civil rights abuses are getting worse under Obama, but few are pointing fingers at him.
[1] Not in the suicide bomber, or any other violent sense, so don't kick down my door.
I think most* of the violations that you mention are done to foreigners (not just visitors, but also those who are working here on visas like me). And this population is not a part of the electorate. Hence the government doesn't really care much about them. And for most of us, it often makes sense to just stay under the radar and try our best not to get on any "government lists", else we might face much bigger trouble down the road every time we fly, or need a visa renewal etc.
* The TSA is the major exception here, in that they seem to be non-discriminatory in their abuse
many people are blinded to what is going on...as long as they are more or less secure themselves, they don't care about what happens to all those other people...after all if the gov't is doing it to them, they must have done something bad.
This is the same reason why most people in Nazi Germany, were fine with being Nazis(talking about the civilians here).
At some point you open your eyes, accept that everything we've been told about democracy and representative republics and freedom is bullshit. Then you either decide to fight a futile fight, or try to enjoy this life that's way too short.
The system is too big to fix. It's run by a small number of wealthy people, and any notion of freedom is an illusion.
It could be worse. Here in the UK, they would have locked him up for refusing to hand over his passwords. The Regulation of Investigatory Powers Act makes it a specific criminal offence and people have been imprisoned for it. Personally, I'm worried that I might get locked up for refusing to decrypt the contents of /dev/urandom. I think we need to wake up to the fact that there are a lot of people in power who would prefer that strong cryptography be the exclusive preserve of government.
You could actually encrypt your data using a standard algorithm, then construct a "pad" such that they combine to make a seemingly benign plaintext. No way to prove that your ciphertext is anything other than the other half of the pad (though I'm not a cryptographer :) ).
TrueCrypt has a plausible deniability feature[1] which would allow you to provide an alternate password to your encrypted drive which opens a safe container (e.g. no secret stuff).
To protect his privacy and that of his clients, Mitnick encrypts all the confidential data on his laptops, transmits it over the Internet for storage on servers in the U.S., and wipes it from the computer before returning from any international trips, just in case officials decide to search or seize his equipment. He also encrypts his hard drive. And now, he says he is going to keep a "clone" of his MacBook at home so he will have an exact duplicate of it if it is ever seized.
They're called "warrants", and they require probable cause.
The US is a weird country. We have insanely powerful and arguably excessive civil liberties in some cases (advocating fringe political viewpoints, owning guns, the exclusionary rule) combined with crazy police state antics whenever the feds can get away with them.
I think the dim view is on using obscurity as your only or main security approach. However leading attackers down blind alleys, in addition to having real security measures in place, doesn't seem to me to be entirely worthless (IANA Security Analyst).
Interestingly, I just had a discussion with my roomate about this. We were sitting in a coffee shop, and he was mad at himself because he forgot the latest copy of a game he is working on at the house...
Why is this a problem at all anymore? Hosting is cheaap. I have a linux VPS at linode that I pay $20/mo for and almost everything that i do is stored there. Honestly, the only things I can think of that aren't stored on that machine (which trades nightly rsyncs with another machine with a different provider and on a different network) are minecraft, my music collection, some photos, and a journal that I just started keeping a couple of weeks ago (gets encrypted with 256bit AES and lives in the home dir on my laptop).
My point is that there is absolutely no reason to keep anything on your local machine anymore, at least not ones that I can think of. Why not keep a server in the basement, and then just run SSH with X11 forwarding? Keep a cheap, disposable machine with you and if something like this happens, sell it and buy a new one.
It's really sad that this is even an issue, but I do think that there are solutions to it.
Not a good idea if you know that you're targeted by the government. ;) In fact this makes it much easier for them to get access to your data.
If they know your name they can get to your credit card transactions. From you're credit card transactions they get to your hoster. And from your hoster they get the data that's stored on your VPS.
You can somehow mitigate this issue by storing your important data on an encrypted filesystem, but this does not really solve this problem as the key has still to be kept in memory.
Sounds like I have a similar set up to you. I have a Macbook, a Nettop (HTPC and other stuff) and a Linode VPS.
My Macbook is backed up to my TimeCapsule over the air once an hour, although it doesn't have anything particularly important on it. My Linode VPS is backed up to my Nettop at home once a day with an rsync (incremental). My Linode VPS's MySQL db's are replicated over a VPN to the Nettop too so I have up to the second copies of my MySQL dbs.
If I lost my laptop or my Linode died then I wouldn't lose anything. If I wanted to reinstall my laptop I wouldn't have to worry about copying anything off it, I just put the disc in and reboot.
There's no excuse for data loss, but the inconvenience of trying to work remotely from an aircraft is very significant (heck, it wasn't even possible a couple of years ago).
Sad that Obama has continued the Bush legacy of trouncing our freedoms at the border. There needs to be a better balance between government power and civil rights at the border that still allows the government to manage what is coming and going.
Funny, I keep a lot of stuff local because I want to make sure I have access to it when I am out somewhere, but my music collection is now http://www.grooveshark.com
The text of the fourth amendment to the constitution:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
The government has decided that the "border" extends 100 miles inland from official land/sea borders. This apparently covers 2/3rds to 4/5ths of the U.S. population.
Coverage on the 100-mile-thick ACLU-dubbed "Constitution-Free Zone":
(Note the entire land area of the Hawaiian islands are covered, as is the entire state of Florida.)
I think it's probably even worse than that, though, because International airports count as "borders" no matter how far inland. So I would not be surprised to see this extended to a 100-mile radius of all international airports as well, which would cover almost everybody.
I remember being pretty surprised by this when I was a kid, and we had to stop at a checkpoint on I-10 in West Texas, where it turns away from the Mexican border (eastbound) to head into central Texas. I recall thinking that it must be some sort of emergency, like they were looking for an escaped criminal or something, because surely those kinds of checkpoints aren't allowed in a free country in routine circumstances?
Note the "probable cause" part. The TSA doesn't have probably cause for most of its harassment, and there is definitely no probable cause to justify molesting children whose parents don't want them irradiated.
If I were him, I'd be tempted to make an image of his drive, and compare that to an image made after the agents tampered with it, to see what changes occurred in the process.
But like he said, he couldn't even trust them physically. I'd be tempted to just toss them in the trash, if I could afford to easily replace them.
Yes, you heard correctly. I remember a talk at a past LegalTech conference where the panelists urged anyone doing a lot of traveling (especially to 'sensitive' parts of the world) to simply travel with a 'spare' laptop, and keep everything important on encrypted USB drives, which can be sent through the mail in tamper-resistant packaging. It solves several problems:
1. Confidential data won't be compromised during a border search, theft, accident, etc..
2. You avoid the issue of being forced to give up your passwords to law enforcement.
3. If the laptop is confiscated, it can take months to get it back, so you wouldn't want that to happen to your main work machine.
Yes, some code has to be unencrypted to use the passphrase to decrypt the rest of the disk. People who are serious about security will boot off a known-good USB drive or CD.
Or just sell them, make back some of his investment, and have the people on the other end wonder why he's trading recipes or saying "OMG did you see that dress Kaitlin was wearing???".
> “I can’t trust any of these devices now,” says Marlinspike, who asked that Threat Level not report his real name. “They could have modified the hardware or installed new keyboard firmware.”
I thought when you get searched they have to keep your possessions within your view at all times.
Let me get this straight. This is a person who has openly admitted to knowing how to hack banking systems among others, then travels to countries like Abu Dhabi and the Dominican Republic to present that information.
We are surprised that he is searched at the border to the US? He was treated politely, not physically harmed and had his hardware returned. Sounds like the government is finally doing their job.
Maybe there are "certain" people out there throwing his name around and the government was obligated to look into this.
I would not support gross negligence by our government and this sounds like normal procedure to me, given the extenuating circumstances.
No, try again. You did not "get it straight" at all.
You seem to have a strong (negative) opinion on the matter, yet you demonstrate a very poor grasp of some basic infosec concepts. You should perhaps consider reserving judgement when that is the case.
Not only did he NOT "admit to knowing how to hack banking systems", but he was not presenting anything related to that in Abu Dhabi. He was speaking, ironically enough, on privacy.
Last year he demonstrated a weakness in how website encryption is handled. He did not hack any banks. Banks, among other things, use HTTPS, so the author used them as an easy example. This also does not breach those sites in any way, it just allows for eavesdropping and attacking end users.
Here is why your short-sighted attitude towards legitimate security research is highly foolish. There are people who find and disclose these vulnerabilities and work with vendors to fix them (indeed, Moxie ensured that his bug was fixed before he even went public with it). There are also people who do NOT work to get them fixed, keep them underground, and use them to exploit people.
So, you vilify and harass the guys getting the bugs fixed and they drop out of the game. Who does that leave as the only group in possession of that information? Yeah, now your networks and your infrastructure is getting owned, and there is no one left to tell you how or why.
If you think the "bad guys" DON'T already have this knowledge, and are not using it to their advantage, you are very mistaken.
To say your reply to my opinion was blatantly aggressive (numerous caps) would be an understatement.
Actually, I was quite positive from my point of view. I believe the security officials were acting in their capacity to do so. They treated him with respect, returned his hw and left him with nothing but free publicity.
The fact that PayPal chose to take action as well, shows I am not the only one to hold the opinion that there was probable cause.
The conference, which was for computer security professionals, just happened to be hosted in Abi Dhabi, it could just as well have been Las Vegas, or Berlin. You make it sound as if he were going to brief to a foreign secret intelligence agency. http://www.blackhat.com/html/bh-ad-10/registration/bh-ad-10-...
i suspect that many people on HN have the skills to break into quite a few computer systems, and travel to places that are hotbeds of computer crime such as New York, SF, and of course internationally.
does that mean we should all be detained and have our computers ad phones taken away and searched whenever we go within 100 miles of a border?
"The Fourth Amendment to the Constitution contains a border-related exception to unreasonable search and seizure laws, permitting searches at border checkpoints that wouldn't be permitted elsewhere. But federal statute 8 CFR 287.1 (a)(1-3) defines the border zone for enforcement purposes as encompassing an area within 100 miles of the actual border, with the possibility of extending it further under certain circumstances. This means that the US Border Patrol could conceivably set up random checkpoints asking travelers for a passport in places like Columbus, Ohio; Houston; or anywhere in the state of Florida. And, in fact, it appears that it has been doing exactly this."
I wonder if the government is targeting this hacker for his involvement in Whisper Systems, http://www.whispersys.com/. Their main products are easy to use encryption software for calls and texts on android smartphones. From what I can recall the gov really does not want ubiquitous encryption for voice communication in the US. It totally breaks down the whole wiretapping paradigm.
Things like this, along with laptop theft, are excellent reasons to encrypt your home folder. This is pretty easy with built-in software on both Windows 7 & Mac OS X (and I’m sure common Linux distros).
One caveat is that encrypted home folders tend to take maybe 1.2× the space of an unencrypted home folder, so delete some videos & music if you’re on an SSD or otherwise constrained HDD.
I was a bit surprised by the fact that he didn't want his name revealed in the article. It's not like some people don't know who he is.
[edit] decided to respect Moxie's request in the article and remove a small bit of identifiable info
The country that paints itself as an example of freedom and democracy and aspires to spreading those values around the world is the same country that:
* kidnaps and tortures people,
* sets up a military prison with no civillian oversight, outside any legal jurisdiction, where it keeps people indefinitely,
* kills people in various countries using missiles launched from drones,
* interrogates its citizens as they come back from abroad, threatening them with detention or not letting them into the country,
* tightly controls the media and what information gets released from war zones,
* has a lawless "zone" extending 100 miles from its border, where laws are unclear, and people can be searched without warrant,
* seizes computers, accesses and copies data, threatens people so that they give up their passwords,
* uses scare tactics on security researchers (see story above) and whistleblowers (see all the wikileaks stories)
I come from a former-communist country that was under the Soviet influence. We fortunately no longer are. I think what I listed above is very visible to people like me, but somehow it goes under the radar of most Americans. I see it as classical secret police tactics, utilized in all totalitarian regimes, while Americans seem to see it as a necessary nuisance to "combat terrorism".
I find it even more amazing that instead of fighting back, people just discuss workarounds. Ship your data via FedEx, keep it online, wipe your drives, carry a laptop with an empty drive… This works today, but the way things are developing, it might not work tomorrow!
Wake up, people. In comparison to things I listed above the whole ridiculous story about the "naked scanners" is just a joke.