Open Letter to Congress on Encryption Backdoors

[Note:  This item comes from friend David Rosenthal.  DLH]

Open Letter to Congress on Encryption Backdoors
By Jonathan Zdziarski
Apr 20 2016

Open Letter to Congress on Encryption Backdoors

To the Honorable Congress of the United States of America,

I am a proud American who has had the pleasure of working with the law enforcement community for the past eight years. As an independent researcher, I have assisted on numerous local, state, and federal cases and trained many of our federal and military agencies in digital forensics (including breaking numerous encryption implementations). Early on, there was a time when my skill set was exclusively unique, and I provided assistance at no charge to many agencies flying agents out to my small town for help, or meeting with detectives while on vacation. I have developed an enormous respect for the people keeping our country safe, and continue to help anyone who asks in any way that I can.

With that said, I have seen a dramatic shift in the core competency of law enforcement over the past several years. While there are many incredibly bright detectives and agents working to protect us, I have also seen an uncomfortable number who have regressed to a state of “push button forensics”, often referred to in law enforcement circles as “push and drool forensics”; that is, rather than using the skills they were trained with to investigate and solve cases, many have developed an unhealthy dependence on forensics tools, which have the ability to produce the “smoking gun” for them, literally with the touch of a button. As a result, I have seen many open-and-shut cases that have had only the most abbreviated of investigations, where much of the evidence was largely ignored for the sake of these “smoking guns” – including much of the evidence on the mobile device, which often times conflicted with the core evidence used.

On the surface, and as Hollywood would have you believe, a “smoking gun” sounds like a good thing, however the standard of evidence has suffered greatly because of the notion that a single piece of evidence is sufficient to close a case. Evidence in a digital world is often without context, and I have watched numerous cases press on with an alleged “smoking gun” that was out of context, unsubstantiated, and ultimately based on false assumptions about how data and metadata evolves on devices. As one example, consider incriminating images found on an iPhone, in the camera roll. There are, unbeknownst to many investigators, a number of ways these images could wind up on the camera roll without having been taken with the device’s camera (for example, it could be AirDropped to the device, without the recipient being completely aware of all the content being pushed to the device, along with other methods). Cases investigated by less-than-seasoned law enforcement personnel are often pushed through quickly, based on minimal evidence such as this, and without fully investigating all of the data on the device. Often, the evidence on a personal device presents only enough of an illusion that the examiner paints their own story without adequately completing their investigation. As a result, you end up with a very abbreviated forensic examination and a number of criminal charges that are borderline fabricated, based on neglect by the examiner. Certainly, not all investigators conduct their job like this, however the forensics tools that have been made available make it all too easy for an investigator’s skill set to slowly devolve to this point. I have seen an alarming increase in the number of investigations that have succumbed to this “easy way out” over the past few years.

Also consider that a number of these so-called forensics tools are quite frankly poorly written, and not written by forensics experts, but by software engineers with no background in criminal justice. Many tools often create ambiguous information that is misinterpreted by investigators, or sometimes even misrepresent data because the developers made numerous assumptions about the evidence that a trained forensics expert would not make. This taints the entire investigation. As one example, I refer you to US v. Brig. Gen. Jeffrey Sinclair, which I assisted with: This case was about to press forward to convict a man based on evidence that I later found to be misrepresented by three different forensics tools, and once I brought my findings to the attention of the prosecutor, the much more serious charges were found to be based on inaccurate evidence (note: I was working for the prosecutor’s office at the time). Nevertheless, the FBI and the military were both ready to put a man behind bars for decades based solely on the information these “push button forensics” tools provided.


U.S. Labels Switzerland an Internet Piracy Haven

U.S. Labels Switzerland an Internet Piracy Haven
Apr 28 2016

The Office of the United States Trade Representative has published its annual Special 301 Report calling out other nations for failing to live up to U.S. IP enforcement standards. This year European ally Switzerland has been placed on the Watch List for protecting file-sharers and playing host to many pirate sites.

Every year the Office of the United States Trade Representative (USTR) publishes its Special 301 Report highlighting countries that aren’t doing enough to protect U.S. intellectual property rights.

In 2016 the report sticks to a tried and tested format, with countries such as China, Russia, India and Ukraine all making the Priority List once again. However, just as the USTR wasn’t afraid to place Canada on the Watch List several years ago, this year it has added another ally.

Situated in the heart of Europe (although not part of the Union), Switzerland has long-standing ties with the United States and has acted as the protecting power between the U.S. and former foes Iran and Cuba. Nevertheless, when it comes to protecting copyright the USTR didn’t hesitate to add Switzerland to the Watch List in 2016.

“Generally speaking, Switzerland broadly provides high-levels of IPR protection and enforcement in its territory. Switzerland makes important contributions to promoting such protection and enforcement internationally, including in bilateral and multilateral contexts, which are welcomed by the United States,” the USTR writes in its assessment.

“However, the decision to place Switzerland on the Watch List this year is premised on U.S. concerns regarding specific difficulties in Switzerland’s system of online copyright protection and enforcement.”

Although the USTR doesn’t go into much detail, the key problem that the United States has with Switzerland surrounds the so-called ‘Logistep Decision‘. Anti-piracy outfit Logistep built a reputation in the latter half of the last decade for providing tracking services for copyright trolls operating in Europe and the UK. However, things didn’t go entirely to plan.

In 2010 following several years of legal action, the Swiss Federal Supreme Court ordered Logistep to stop harvesting the IP addresses of file-sharers. The Court ruled that IP addresses amount to private data, a decision that effectively outlawed the tracking of file-sharers in privacy-conscious Switzerland.

This apparent lack of protection for rightsholders is unacceptable, the USTR says.

“Six years have elapsed since the issuance of a decision by the Swiss Federal Supreme Court, which has been implemented to essentially deprive copyright holders in Switzerland of the means to enforce their rights against online infringers; enforcement is a critical element of providing meaningful IPR protection,” the report reads.

According to the USTR, since 2010 Switzerland has also become an increasingly popular host country for many pirate sites, a position highlighted in the 2015 Notorious Markets review.


Food System Shock: Climate Change’s Greatest Threat to Civilization

Food System Shock: Climate Change’s Greatest Threat to Civilization
By Jeff Masters
Apr 29 2016

The greatest threat of climate change to civilization over the next 40 years is likely to be climate change-amplified extreme droughts and floods hitting multiple major global grain-producing “breadbaskets” simultaneously. A “Food System Shock” report issued in 2015 by insurance giant Lloyd’s of London outlined a plausible extreme shock to global food production that could cause rioting, terrorist attacks, civil war, mass starvation and severe losses to the global economy. Their scenario, which Lloyd’s gave uncomfortably high odds of occurring–significantly higher than 0.5% per year, which works out to at least an 18% chance of occurrence in the next 40 years–goes like this:

A strong El Niño event develops in the equatorial Pacific Ocean. Severe drought typical of El Niño hits India, eastern and southeastern Australia and Southeast Asia, causing the following crop losses (note that wheat, rice and corn make up over 50% of all agricultural production world-wide):

India (world’s #1 rice and #7 wheat exporter): wheat -11%, rice -18%
Vietnam (world’s #2 rice exporter): rice -20%
Australia (world’s #3 wheat exporter): wheat -50%
Bangladesh, Indonesia, Thailand, Philippines: rice -6% to -10%

Historic flooding hits Mississippi and Missouri rivers, reducing production of corn in the U.S. by 27%, soybeans by 19% and wheat by 7%. Nepal, Bangladesh, northeastern India and Pakistan see large crop losses due to torrential rainfall, flooding and landslides, with Pakistan losing 10% of their wheat crop.

On top of the adverse weather, global crops are attacked by two major diseases: Asian soybean rust and Ug99 wheat stem rust, which cause additional 5 – 15% crop losses in Argentina, Brazil, Turkey, Kazakhstan, Ukraine, Pakistan and India. The extreme weather/plant disease double whammy causes global corn production to drop by 10 percent, soybeans by 11% and rice by 7%. Wheat, corn and soybean prices spike to quadruple the levels seen around 2000. Rice prices quintuple as India buys from smaller exporters following restrictions imposed by Thailand. Food riots break out in urban areas across the Middle East, North Africa and Latin America. The euro weakens and the main European stock markets lose 10% of their value; the U.S. stock markets lose 5% of their value. The scenario mentions the possibility of civil war in Nigeria, famine threading to kill one million people in Bangladesh and Mali becoming a failed state. Terrorist attacks in the U.S., in combination with concerns over heightened military tensions between Russia and NATO, plus conflict between India and Pakistan, cause major stock market losses.

A historical analogue: the extreme weather of 2010

The extreme weather of the year 2010–which I speculated was Earth’s most extreme weather year since the famed “Year Without a Summer” in 1816– showed us that multiple extreme weather events in major grain-producing areas can indeed cause dangerous shocks to the global food system. This was unexpected at the beginning of 2010, when in its January World Agricultural Supply and Demand Estimates report, the U.S. Department of Agriculture predicted higher global wheat production and lower prices for 2010 – 2011. But extreme weather began an dramatic assault on the world’s grain-producing nations in the spring of 2010, when record rainfall in Canada, the world’s second-largest wheat exporter after the United States, cut Canada’s wheat harvest by 14%. As spring turned to summer, the jet stream got “stuck” in an unusual loop that kept cool air and rain-bearing low pressure systems to the north and east of Russia, bringing Pakistan their costliest floods in history and a 12% decline in their wheat production. The “stuck” jet stream pattern allowed a titanic heat wave and extraordinary drought to envelop Russia and Ukraine; Moscow’s all-time heat record was equaled or exceeded five times in a two-week period. Over a thousand Russians seeking to escape the heat drowned in swimming accidents, and thousands more died from the heat and from inhaling smoke and toxic fumes from massive wild fires. In all, 55,736 people died in the heat wave–the second deadliest in recorded human history, behind the European heat wave of 2003 (77,000+ deaths). Wildfires in Russia in 2010 scorched more than 1 million hectares, 25% of crop production was lost, and economic losses reached $15 billion–1% of Russian GDP. The drought slashed the wheat harvest by 33% and damaged soils to such an extent that 10% of Russian wheat fields could not be planted in 2011. Russia–the world’s fourth-largest wheat exporter accounting for roughly 14% of the global wheat trade–responded by imposing an export ban on wheat, barley, and rye, as fears of domestic price spikes or shortages increased. Neighboring Ukraine, the world’s 6th largest exporter of wheat, saw a 18% decline in their wheat harvest due to extreme drought, heat, and wildfires, and cut wheat exports by 54%.


White House wants to make it easier for law enforcement to use ‘smart guns’

White House wants to make it easier for law enforcement to use ‘smart guns’
By Juliet Eilperin and Michael S. Rosenwald
Apr 29 2016

The White House issued a set of recommendations Friday aimed at curbing the illegal use of firearms by making it easier for federal, state and local agencies to purchase “smart guns” that would function only in the hands of specified users.

The measures include a proposed rule that would allow the Social Security Administration to report beneficiaries with mental health problems to the FBI’s National Instant Criminal Background Check System.

While seemingly modest, the proposals came under fire from some police groups and gun rights organizations even before they were publicly unveiled. But anti-gun-violence activists and administration officials described the measures as prudent steps aimed at preventing firearms from getting into the wrong hands.

Speaking to reporters Friday, White House press secretary Josh Earnest said that the auto industry routinely innovates to make its vehicles safer and that gun manufacturers should consider following that lead.

“I think what is true is that I couldn’t think of another industry off the top my head that isn’t interested in looking at new technology to make their product safer,” he said. “It’s surprising to me that so many gun manufacturers shirk that responsibility.”

Under the measures, the government would define requirements that gunmakers need to meet for police departments to consider purchasing.

White House senior adviser Valerie Jarrett said that local governments could apply for grants for guns equipped with the new technology.

Although a German company tried to introduce a smart gun into the United States two years ago, most of the technology is at the prototype stage. The guns are designed to function only when used by those authorized to fire them. Manufacturers are pursuing a variety of authorization methods, such as fingerprints and wireless chips connected to rings or watches.

Proponents argue that the technology would reduce suicides and cases in which stolen guns are used in crimes or in which guns taken from police officers are used against them. They also envision fewer school shootings by students using their parents’ guns. These advocates hope the president’s actions spur development of this technology by enticing manufacturers to enter the market and expanding private funding for smart-gun start-ups. Gun rights advocates have not supported the technology, worried that once it exists the government will mandate its use.

Gun-control advocates have been working for months to get police agencies around the country to commit to adopting smart guns — to prove they work and to create a sizable demand for them.

Rabbi Joel Mosbacher, who co-chairs the Metro Industrial Areas Foundation’s Do Not Stand Idly By campaign, called the new actions “real” and “well thought through.”

“And we think they will send a clear signal to gun manufacturers that the largest gun purchaser in the nation — the federal government — is in the market for smarter, safer guns,” he said.

But some law enforcement groups, including the Fraternal Order of Police, have argued that it’s irresponsible to give these firearms to law enforcement agencies when they have not been fully tested.


Six maps that will make you rethink the world

Six maps that will make you rethink the world
By Ana Swanson
Apr 29 2016

We don’t often question the typical world map that hangs on the walls of classrooms — a patchwork of yellow, pink and green that separates the world into more than 200 nations. But Parag Khanna, a global strategist, says that this map is, essentially, obsolete.

Khanna is the author of the new book “Connectography: Mapping the Future of Global Civilization,” in which he argues that the arc of global history is undeniably bending toward integration. Instead of the boundaries that separate sovereign nations, the lines that we should put on our maps are the high-speed railways, broadband cables and shipping routes that connect us, he says. And instead of focusing on nation-states, we should focus on the dozens of mega-cities that house most of the world’s people and economic growth.

I spoke with Khanna about several of the incredible maps from his book, which he uses to illustrate some proposals for our future world that might, at first glance, seem pretty far out — like dividing the United States into seven economic mega-regions or politically integrating North America. But with the world rapidly changing and urbanizing, these proposals might be the best way to confront a radically different future.

This interview has been edited for length and clarity.

One of the most impressive maps in your book is the map of the world’s mega-cities. You say that by 2030, more than 70 percent of people will live in cities, and that these cities matter a lot more than the countries that they’re in. What does this map tell us?

This is the most accurate map that’s ever been made of where people are and the economic value of what they do. Our team took the entire world’s population and plotted it by density, and they superimposed the largest urban archipelagos, the mega-cities, with those ovals to show the value of those cities vis-à-vis the national economy. [Note: You can click on the maps to enlarge them.]

The map tells us that the world economy is much more structured according to the gravity of these 40 or 50 megacities than the world’s 200 sovereign nations. In almost all countries, cities have all the economic mass and most of the population, and people are moving to cities by the hundreds of millions.

The example of Johannesburg and Pretoria, the capital cluster of South Africa, is revealing. It represents something like 35 to 40 percent of the country’s gross domestic product, and South Africa is a very large country, with more than 50 million people. So much of the population is there, and the country’s connectivity depends on that city, because that’s where all the multinational corporations are headquartered. It’s the same logic in Lagos — there is practically no Nigeria without Lagos. It applies to Sao Paulo in Brazil, Jakarta in Indonesia, Moscow in Russia, Istanbul in Turkey, and every single dot and oval you see on the map.

The good news for America is we have so many major cities that we have a distributed economy. Other countries are not so lucky. Russia is bigger than America, but it has one city that drives the whole country.

The map from your book that’s probably received the most attention is the United States broken down into seven economic mega-regions, all of which are driven by urban centers. You say that a high-speed railway could connect these cities, creating a “United City-States of America.” Why do you think we need to reorganize this way?

These seven colorful patches are the natural topography and economic geography of the United States. It separates the U.S. into areas that focus on farming, automobile manufacturing, technology, finance, tourism, national parks, etc. Each of those regions has an urban anchor that serves as a financial and business center, a population center and a transportation hub. That’s what those white patches are. Then we need the black lines, which are the high-speed rail networks and freight railways connecting these regions to each other.


U.S. high court approves rule change to expand FBI hacking power

U.S. high court approves rule change to expand FBI hacking power
Apr 29 2016

The Supreme Court on Thursday approved a rule change that would let U.S. judges issue search warrants for access to computers located in any jurisdiction despite opposition from civil liberties groups who say it will greatly expand the FBI’s hacking authority. 

U.S. Chief Justice John Roberts transmitted the rules to Congress, which will have until Dec. 1 to reject or modify the changes to the federal rules of criminal procedure. If Congress does not act, the rules would take effect automatically.

Magistrate judges normally can order searches only within the jurisdiction of their court, which is typically limited to a few counties.

The U.S. Justice Department, which has pushed for the rule change since 2013, has described it as a minor modification needed to modernize the criminal code for the digital age, and has said it would not permit searches or seizures that are not already legal.

Google, owned by Alphabet Inc (GOOGL.O), and civil liberties groups such as the American Civil Liberties Union and Access Now contend the change would vastly expand the Federal Bureau of Investigation’s ability to conduct mass hacks on computer networks.

They say it also could run afoul of the U.S. Constitution’s protections against unreasonable searches and seizures.

While Congress can reject amendments to the rules that govern federal courts, it rarely exercises that authority and is not expected to do so during a heated election year. And few lawmakers have shown interest in the subject.

Democratic Senator Ron Wyden of Oregon, condemned the rule change as having “significant consequences for Americans’ privacy,” and vowed to introduce legislation to reverse it.

“Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime,” Wyden said in a statement.

The Justice Department’s quest to broaden warrant jurisdiction has not drawn as much attention as other recent confrontations over government access to digital information. These included the FBI’s standoff with Apple over encryption arising from the agency’s effort to unlock an iPhone used by one of the shooters in December’s San Bernardino massacre.

A Justice Department spokesman said the change was necessary because criminals increasingly use “anonymizing” technologies to conceal their identity online, and remote searches are often the only way to apprehend such suspects.

The change does not authorize any new authorities not already permitted by law, the spokesman said.

Is humanity evolving into a hive?

Is humanity evolving into a hive?
Researcher Sugata Mitra argues that the human race is transforming in ways we do not realise – in this video from our World Changing Ideas series, he explains how.
By Sugata Mitra
Apr 15 2016

In the past decade or so, the human race has experienced a profound change, and the interesting thing is that we’ve barely noticed. So says Sugata Mitra, educational researcher at the University of Newcastle in the UK, who is known for his experiments to get children in the developing world online.
So what is that change, and what does it mean for us? In the video above, Mitra explains how the technology that underpins the internet has done more than simply allow us to get online – in the long-term, he argues, it will alter what it means to be human by joining up our minds like a giant ‘hive’.


Video: 4:03 min