On The Intercept, Micah Lee follows up on his great primer on NSA-proof passwords with a soup-to-nuts tutorial on encrypting your laptop.
There are good reasons to encrypt your laptop no matter who you are. People lose their laptops and have them stolen all the time. Unless your laptop is encrypted, all the data on the hard-drive can be trivially recovered by identity thieves, who have easy-to-use tools to scan for compromising material including your passwords and logins for your bank and other services.
As I mentioned on twitter, #PAXEast cost me a lot mroe than I planned and it’s still the height of convention season. Still looking for a dayjob but the work of #INeedDiverseGames is still my main gig, but can’t really pay myself right now.
The funding from Fund Better Tech is dwindling, I still don’t have a day job and there’s loads going on. If you can spare a bit, I will greatly appreciate it. The #INeedDiverseGames patreon isn’t enough to pay for the stuff going on in the next few months, and more importantly the goal of the Patreon is to help others, not fund my own convention travel.
So this is an ask I’m reticent to do but …there’s not a lot else I can do at the moment. Any amount will help and be greatly, greatly appreciated. The breakdown is as follows:
Nebula’s: $150 registration and meals (it’s local to me)
Wiscon: hotel, pitching in for gas, bus ticket home, meals (est $800 for ½ room, & rest) Programming Co-Chair and GOH liaison.
CONVergence: hotel & meals (est $600?) I’m an Invited guest there
Podcast Movement: meals (it’s local to me)
So if you can signal boost that would be wonderful.
Thank you <3
As networked computers disappear into our bodies, working their way into hearing aids, pacemakers, and prostheses, information security has never been more urgent – or personal. A networked body needs its computers to work well, and fail even better.
Graceful failure is the design goal of all critical systems. Nothing will ever work perfectly, so when things go wrong, you want to be sure that the damage is contained, and that the public has a chance to learn from past mistakes.
That’s why EFF has just filed comments with the FDA in an open docket on cyber-security guidelines for medical systems, letting the agency know about the obstacles that a species of copyright law – yes, copyright law! – has put in the way of medical safety.
The problem is Section 1201 of the Digital Millennium Copyright Act, which prohibits tampering with “effective means of access control” that restricted copyrighted works. The law was a creature of the entertainment industry, which saw an opportunity to create new business models that transferred value from their customers to their shareholders. CDs didn’t have digital locks, so was easy to convert the music you bought on CD to play on your digital home stereo, phone, and car. DVDs have digital locks, so all you can legally do with the movies you buy on DVD is watch them. If you want to get at that latent value in your discs – the value of watching a movie on a phone, or backing it up in case you scratch your disc, for example – you have to buy the movie again.
To keep these business models intact, large content holders sued and threatened security researchers who disclosed flaws in systems with digital locks, arguing that sharing research that required circumvention violated the DMCA. As a result, systems with digital locks became a no-go zone for security research, meaning that their flaws fester for longer before being brought to light and fixed.
And then it got weird.
Increasingly, every machine and device has a computer inside it, from cars to thermostats to fancy new lightbulbs. Manufacturers realized that merely by shellacking the minimum plausible digital lock around these devices, they could use the DMCA to enforce the same high-profit restrictions that had been the purview of the entertainment industry until then.
First it was phones that would only run software from the manufacturer’s app store. Then it was cars that could only be diagnosed and repaired by authorized service centers that only used the manufacturer’s official, high-priced replacement parts. Then it was everywhere: thermostats and lightbulbs, yes, and tractors and voting machines, too.
And, of course, medical devices.
Manufacturers who use digital locks to restrict the configurations of their devices get a lot of commercial benefit. They can force doctor’s offices to pay recurring license fees for the diagnostic software that works with these gadgets. They can restrict access to service and even consumables – why allow just anyone’s insulin to be installed on your pacemaker when the inkjet printer people have demonstrated a way to charge vintage Champagne prices for something that costs pennies a gallon?
But a profit motive that might conflict with users’ best interests isn’t the worst problem. The great danger is safety. Medical implants are increasingly equipped with wireless interfaces, because:
a) they’re cheap; and
b) it’s hard to attach a USB cable to a device that’s been implanted in your chest cavity.
That means that bugs in medical implants can be exploited over their wireless interfaces, too. For example: lethal shocks from implanted pacemakers and defibrillators. It was not for nothing that former VP Dick Cheney had the wireless interface on his pacemaker deactivated (future software updates for Mr Cheney’s heart-monitor will thus involve general anaesthesia, a scalpel, and a rib-spreader).
However you feel about copyright law, everyone should agree that copyright shouldn’t get in the way of testing the software in your hearing aid, pacemaker, insulin pump, or prosthetic limb to look for safety risks (or privacy risks, for that matter). Implantees need to know the truth about the reliability of the technology they trust their lives to.
That’s why today, EFF asked the FDA to require manufacturers to promise never to use the DMCA to attack security research, as a condition of certifying their devices. This would go a long way to protecting patients from manufacturers who might otherwise use copyright law to suppress the truth about their devices’ shortcomings. What’s more, it’s an approach that other groups have signed up for, as part of the normal process of standardization.
We think Congress should modify the DMCA to make it clear that it doesn’t apply to devices that have no nexus with copyright infringement, but patients can’t wait for this long-overdue reform. In the meantime, agencies like the FDA have a role to play in keeping patients safe from devices that work well, but fail badly.
This “Mosquito Killer Billboard,“ created by a Brazilian ad agency, works by luring mosquitoes with fluorescent lights and a mixture of lactic acid and carbon dioxide — mimicking the scent of our breath and sweat that enables mosquitoes to find us. Mosquitoes lured into the contraption get trapped by the billboard’s vacuum-like mechanism and stay trapped in the display until they dehydrate and die.
Follow the-future-now on Tumblr and Instagram
Rocket Lee writes, “In Bloc by Bloc: The Insurrection Game, players struggle together to overthrow a repressive government and liberate a randomized city that changes with each game. To win, players must build barricades, loot shopping centers, occupy strategic locations, clash with riot cops and defend liberated zones before time runs out and the military arrives. Each player is also dealt an individual faction agenda and those with Vanguardist or Nihilist agendas are secretly playing to win the game alone.”
Bloc by Bloc is the first project of the subversive game design and publishing collective Out of Order Games. The game is based on the rich history of recent anti-capitalist uprisings and popular rebellions in locations ranging from Oaxaca, Mexico to Athens, Greece to Out of Order’s hometown of Oakland, California. Initial development began over five years ago and the project is shaped by the designers’ varied experiences in street protests, social movements, and anarchist projects around the world during the last decade.
The game’s Kickstarter went live last week and runs through May 17. Out of Order has also released a free print and play download of Bloc by Bloc (link below) and the entire project is available under a Creative Commons license. The game is being manufactured in the U.S.
If you are interested in checking out Bloc by Bloc in person and meeting the game’s creators, swing by their table at next Saturday’s Bay Area Anarchist Bookfair in Oakland.
Bloc by Bloc: The Insurrection Game [Rocket Lee/Kickstarter]
On November 18th, 2011, a peaceful protest was held in UC Davis. A branch of “Occupy Wallstreet”, Occupy UC Davis was intended to protest police violence on UC campuses. The police responded by hearing their concerns, agreeing and then pepper-sprayed the protesters. That’s right, they attacked students that were protesting the fact that they attack people. source
If you’re thinking “Oh man, someone got some compensation for this, right!?” Yup. Someone did. The cop.
The stress of being the poor victim netted him a $38,000 in worker’s comp.
That’s more than a lot of people make in a full year. source
UC Davis “Investigated” this. And the guy who conducted the investigation was a Police Chief William J. Bratton - Chairman of the private business that provides UC Davis’s security. SOMEHOW there wasn’t enough evidence to charge the officers involved in this incident. source
It just came out that UC Davis has paid $175,000+ to a private “Image Management firm”, who is putting all of that sweet, sweet dollar into manipulating Google’s search engines, as well as other networks, to make it a lot LOT harder to find reminders that this happened. Read that what-proper:
They’re spending almost $200,000 of school funds to escape being remembered for this awful incident.
So let’s take a stand. Let’s fight back against their attempts to censor the truth and avoid accountability for their awful, awful actions and violent corruption. I have before you a perfectly shareable image set, complete with sources and screenshots of proof. Let’s all work together and get the word out about this chicanery. #Love it!
The way most of the world knows about Niue, a 100 square mile island in the south Pacific, with a population of about 1,100, is because of its country-code top-level domain (CCTLD), which is the ubiquitous .nu.
Selling the rights to .nu to international domain registrar bought the county’s population unlimited access to a satellite Internet connection that downlinked to a free wifi service that had run since 2003, making Niue the first country in the world to extend free Internet to all its residents. The early rollout of projects like One Laptop Per Child ensured that the people of Niue were able to take advantage of the service. Niue is the country with the highest per-capita Internet penetration in the world.
But last month, Rocket Systems, who administered the .nu deal and the free Internet connection, announced that they would be shutting down the free link and replacing it with a paid one, because the .nu royalties had been cut. Under the new mandate, the 75% of people in Niue who relied on the service will begin paying an eye-popping NZD50/10mb to access the service. This is moderately competitive for satellite data, but by the standards of the developed world, it’s amazingly expensive, especially given the country’s low median per capita income.
I can’t locate an explanation for the royalty decrease, but I imagine it has to do with the proliferation of new generic TLDs, from .day to .dentist to .esq to .sex to .sucks to .yoga. The artificial scarcity of names online created Niue’s free Internet, and the end of that scarcity banished it.
I can’t help but wonder if this couldn’t have been foreseen and forestalled by using the money from the royalty to lay a transoceanic cable (very, very expensive, but then, so is unlimited satellite access), which would have had far lower operating costs once it was amortized. But hindsight is, as always, 20-20.
William Binney is one of the highest-level whistleblowers to ever emerge from the NSA. He was a leading code-breaker against the Soviet Union during the Cold War but resigned soon after September 11, disgusted by Washington’s move towards mass surveillance.
On 5 July he spoke at a conference in London organised by the Centre for Investigative Journalism and revealed the extent of the surveillance programs unleashed by the Bush and Obama administrations.
“At least 80% of fibre-optic cables globally go via the US”, Binney said. “This is no accident and allows the US to view all communication coming in. At least 80% of all audio calls, not just metadata, are recorded and stored in the US. The NSA lies about what it stores.”
The NSA will soon be able to collect 966 exabytes a year, the total of internet traffic annually. Former Google head Eric Schmidt once argued that the entire amount of knowledge from the beginning of humankind until 2003 amount to only five exabytes.
Binney, who featured in a 2012 short film by Oscar-nominated US film-maker Laura Poitras, described a future where surveillance is ubiquitous and government intrusion unlimited.
“The ultimate goal of the NSA is total population control”, Binney said, “but I’m a little optimistic with some recent Supreme Court decisions, such as law enforcement mostly now needing a warrant before searching a smartphone.”
France’s new data retention law requires online service providers to retain databases of their users’ addresses, real names and passwords, and to supply these to police on demand. Leaving aside the risk of retaining all this personal information (identity thieves, stalkers, etc – that which isn’t stored can’t be stolen and leaked), there’s the risk of requiring providers to store unhashed passwords, as Bruce Schneier points out.
Well-designed systems don’t store passwords; rather, they take the password you supply and run it through a cryptographic hashing algorithm that turns it into another string (in theory, this string can’t be turned back into the password). When you re-visit the website and supply your password, it is run through the algorithm again, and then the result is compared to the stored version. That way, no one – not even the provider – knows your password (except you). Again, that which isn’t stored can’t be leaked. Requiring French online services to keep a record of unhashed passwords is a reversal of decades of best practices in security.