Archive for the ‘Government’ Category

#Resist vs. #EffectiveResist

Monday, February 27th, 2017

DAPL Could Be Operational In Less Than 2 Weeks

From the post:


“Dakota Access estimates and targets that the pipeline will be complete and ready to flow oil anywhere between the week of March 6, 2017, and April 1, 2017,” company attorney William Scherman said in the documents filed in Washington, D.C., on Tuesday.

Opponents to the Dakota Access Pipeline (DAPL) have two choices, #Resist or #EffectiveResist.

The new moon for February, 2017, was February 26, 2017 (yesterday). (Bookmark that link to discover other new moons in the future.)

Given the reduced visibility on nights with a new moon, you can take up rock sculpting with a thermal lance.

This is a very portable rig, but requires the same eye protection (welding goggles, no substitutes) and protective clothing as other welding activities.

Notice in the next video, which demonstrates professional grade equipment, the heavy protective headgear and clothing. Thermal lances are very dangerous and safety is your first concern.

If you create a bar-b-que pit from large pipe, follow Zippy the Razor‘s advice, “Down the block, Not across the street” to create long cuts the length of your pipe.

Will DAPL be a lesson to investors on the risk of no return from oil pipeline investments? Pending court litigation may play a role in that lesson.

#ProtectTheTruth [Reframing Opposition to Energy Transfer Partners]

Monday, February 27th, 2017

#ProtectTheTruth by George Lakoff.

From the post:

Journalists are bravely standing up to Trump’s attacks on the free press, as they should. Yet one way in which they’re expressing their solidarity and resistance shows how little most journalists know about political framing and messaging.

Case in point: Trump has labeled journalists as “enemies.” So, journalists have responded by labeling themselves “#NotTheEnemy.” This hashtag is currently trending on Twitter, which is unfortunate. Adopting this slogan is a big mistake that helps Trump.

Anyone who has read my books or taken my classes at Berkeley will immediately understand why. For those new to political framing and messaging, I’ll explain briefly here.

Quick: Don’t think of an elephant!

Now, what do you see? The bulkiness, the grayness, the trunkiness of an elephant. You can’t block the picture – the frame – from being accessed by your unconscious mind. As a professor in the cognitive and brain sciences, this is the first lesson in framing I have given my students for decades. It’s also the title of my book on the science of framing political debates.

The key lesson: when we negate a frame, we evoke the frame.

I don’t know current characters known to both children and parents, but what if instead of:

#NoDAPL

we said:

#SaveSmokeyTheBear

would that be a better framing?

Or even better:

#SaveBambi

What are some more current memes to swell support to stop the ecocide promised by Energy Transfer Partners?

ForWarn: Satellite-Based Change Recognition and Tracking [Looking for Leaks/Spills/Mines]

Sunday, February 26th, 2017

ForWarn: Satellite-Based Change Recognition and Tracking

From the introduction:

ForWarn is a vegetation change recognition and tracking system that uses high-frequency, moderate resolution satellite data. It provides near real-time change maps for the continental United States that are updated every eight days. These maps show the effects of disturbances such as wildfires, wind storms, insects, diseases, and human-induced disturbances in addition to departures from normal seasonal greenness caused by weather. Using this state of the art tracking system, it is also possible to monitor post-disturbance recovery and the cumulative effects of multiple disturbances over time.

This technology supports a broader cooperative management initiative known as the National Early Warning System (EWS). The EWS network brings together various organizations involved in mapping disturbances, climate stress, aerial and ground monitoring, and predictive efforts to achieve more efficient landscape planning and management across jurisdictions.

ForWarn consists of a set of inter-related products including near real time vegetation change maps, an archive of past change maps, an archive of seasonal vegetation phenology maps, and derived map products from these efforts. For a detailed discussion of these products, or to access these map products in the project’s Assessment Viewer or to explore these data using other GIS services, look through Data Access under the Products header.

  • ForWarn relies on daily eMODIS and MODIS satellite data
  • It tracks change in the Normalized Difference Vegetation Index (NDVI)
  • Coverage extends to all lands of the continental US
  • Products are at 232 meter resolution (13.3 acres or 5.4 hectares)
  • It has NDVI values for 46 periods per year (at 8-day intervals)
  • It uses a 24-day window with 8-day time steps to avoid clouds, etc.
  • The historical NDVI database used for certain baselines dates from 2000 to the present

Not everyone can be blocking pipeline construction and/or making DAPL the most-expensive non-operational (too many holes) pipeline in history.

Watching for leaks, discharges, and other environmental crimes as reflected in the surrounding environment is a valuable contribution as well.

All you need is a computer with an internet connection. Much of the heavy lifting has been done at no cost to you by ForWarn.

It occurs to me that surface mining operations and spoilage from them are likely to produce artifacts larger than 232 meter resolution. Yes?

Enjoy!

Countering Inaccurate/Ineffectual Sierra Club Propaganda

Sunday, February 26th, 2017

This Sierra Club ad is popular on Facebook:

First problem, it is inaccurate to the point of falsehood.

“…about to start their chainsaws…. …trying to clearcut America’s largest forest, the Tongass National Forest in Alaska…. (emphasis added)”

Makes you think clearcutting is about to start in the Tongass National Forest in Alaska. Yes?

Wrong!

If you go to Forest Management Reports and Accomplishments for the Tongass, you will find Forest Service reports for logging in the Tongass that start in 1908. Cut History 1908 to Present.

The first inaccuracy/lie of the Sierra ad is that logging isn’t already ongoing in the Tongass.

The Sierra ad and its links also fail to mention (in millions of board feet) harvesting from the Tongass:

Calendar Year Board Feet
2016 44,076,800
2010 35,804,970
2000 119,480,750
1990 473,983,320
1980 453,687,320
1970 560,975,120

A drop from 560,975,120 board feet to 44,076,800 board feet looks like the Forestry Service is moving in the right direction.

But you don’t have to take my word for it. Unlike the Sierra Club that wants to excite alarm without giving you the data to decide for yourself, I have included links with the data I cite and data I don’t. Explore the data on your own.

I say the Sierra Club propaganda is “ineffectual” because it leaves you with no clue as to who is logging in Tongass?

Once again the Forestry Service rides to the rescue with Timber Volume Under Contract (sorry, no separate hyperlink from Forest Management Reports and Accomplishments), but look for it on that page and I picked Current Calendar Year Through: (select Jan).

That returns a spreadsheet that lists (among other things), ranger district, unit ID, contract form, purchaser, etc.

A word about MBF. The acronym MBF stands for thousand, as in Roman numberals, M = 1,000. So to read line 4, which starts with Ranger District “Thorne Bay,” read across to “Current Qty Est (MBF)”, the entry “6.00” represents 6,000 board feet. Thus, line 23, starts with “Juneau,” and “Current Qty Est (MBF)”, reads “3,601.00” represents 3,601,000 board feet. And so on. (I would have never guess that meaning without assistance from the forestry service.)

The Sierra Club leaves you with no clue as to who is harvesting the timber?, who is purchasing the timber from the harvesters?, who is using the timber for what products?, etc. The second and third steps removed the Forestry Service can’t provide but the harvesters gives you a starting point for further research.

A starting point for further research enables actions like boycotts of products made from Tongass timber, choosing products NOT made from Tongass timber and a whole host of other actions.

Oh, but none of those require you to be a member of the Sierra Club. My bad, it’s your dues and not the fate of the Tongass that is at issue.

If the Sierra Club wants to empower consumers, it should provide links to evidence about the Tongass that consumers can use to develop more evidence and effective means of reducing the demand for Tongass timber.

BTW, I’m not an anti-environmentalist. All new factory construction should be underground in negative-pressure enclaves where management is required to breath the same air as all workers. No discharges of any kind that don’t match the outside environment prior to its construction.

That would spur far better pollution control than any EPA regulation.

Availability Cascades [Activists Take Note, Big Data Project?]

Saturday, February 25th, 2017

Availability Cascades and Risk Regulation by Timur Kuran and Cass R. Sunstein, Stanford Law Review, Vol. 51, No. 4, 1999, U of Chicago, Public Law Working Paper No. 181, U of Chicago Law & Economics, Olin Working Paper No. 384.

Abstract:

An availability cascade is a self-reinforcing process of collective belief formation by which an expressed perception triggers a chain reaction that gives the perception of increasing plausibility through its rising availability in public discourse. The driving mechanism involves a combination of informational and reputational motives: Individuals endorse the perception partly by learning from the apparent beliefs of others and partly by distorting their public responses in the interest of maintaining social acceptance. Availability entrepreneurs – activists who manipulate the content of public discourse – strive to trigger availability cascades likely to advance their agendas. Their availability campaigns may yield social benefits, but sometimes they bring harm, which suggests a need for safeguards. Focusing on the role of mass pressures in the regulation of risks associated with production, consumption, and the environment, Professor Timur Kuran and Cass R. Sunstein analyze availability cascades and suggest reforms to alleviate their potential hazards. Their proposals include new governmental structures designed to give civil servants better insulation against mass demands for regulatory change and an easily accessible scientific database to reduce people’s dependence on popular (mis)perceptions.

Not recent, 1999, but a useful starting point for the study of availability cascades.

The authors want to insulate civil servants where I want to exploit availability cascades to drive their responses but that’a question of perspective and not practice.

Google Scholar reports 928 citations of Availability Cascades and Risk Regulation, so it has had an impact on the literature.

However, availability cascades are not a recipe science but Networks, Crowds, and Markets: Reasoning About a Highly Connected World by David Easley and Jon Kleinberg, especially chapters 16 and 17, provide a background for developing such insights.

I started to suggest this would make a great big data project but big data projects are limited to where you have, well, big data. Certainly have that with Facebook, Twitter, etc., but that leaves a lot of the world’s population and social activity on the table.

That is to avoid junk results, you would need survey instruments to track any chain reactions outside of the bots that dominate social media.

Very high end advertising, which still misses with alarming regularity, would be a good place to look for tips on availability cascades. They have a profit motive to keep them interested.

White House blocks news organizations from press briefing [Opsec vs. Boromir, Ethics]

Friday, February 24th, 2017

White House blocks news organizations from press briefing by Dylan Byers, Sara Murray and Kevin Liptak.

From the post:

CNN and other news outlets were blocked Friday from an off-camera White House press briefing, raising alarm among media organizations and First Amendment watchdogs.

The New York Times, the Los Angeles Times, Politico and BuzzFeed were also excluded from the meeting, which is known as a gaggle and is less formal than the televised Q-and-A session in the White House briefing room. The gaggle was held by White House press secretary Sean Spicer.

In a brief statement defending the move, administration spokeswoman Sarah Sanders said the White House “had the pool there so everyone would be represented and get an update from us today.”

The pool usually includes a representative from one television network and one print outlet. In this case, four of the five major television networks — NBC, ABC, CBS and Fox News — were invited and attended the meeting, while only CNN was blocked.

And while The New York Times was kept out, conservative media organizations Breitbart News, The Washington Times and One America News Network were also allowed in.
… (emphasis in original)

Good opsec counsels silence in the face of such an outrage but as Boromir says in The Fellowship of the Ring:

But always I have let my horn cry at setting forth, and though thereafter we may walk in the shadows, I will not go forth as a thief in the night.” (emphasis added)

I trust this outrage obviates “ethical” concerns over distinctions between leaking, hacking, or other means of obtaining government information?

Influencing Pipeline Investors (False DAPL Flags)

Thursday, February 23rd, 2017

Standing Rock Becomes Symbolic Battlecry by HechoEnLA.

From the post:

Water Protectors have meticulously defended moral and ethical obligations on behalf of the greater good for years now. Today, we all watched and waited for what would be the symbolic #LastStand and collision between Militarized forces and Peaceful Protectors. Things are ending peacefully as many left the camps in anticipation of the forces that hovered but some remain and sing peacefully in the face of riot gear and weapons. They still remain, they continue to sing, they burn sage, they are women, they are men, their hearts are heavy, but they will continue to pray peacefully.

WE HAVE DEFUNDED $69 Million Dollars from Big Banks: just from the people alone. Seattle Divested over $3 BILLION Dollars from Wells Fargo! University of California Divested $250 Million and Santa Monica is in the process of Divesting as well. There is more that is coming and we are all uniting behind the battle cry #StandingRock #NoDAPL #WaterProtectors there is beauty where there is pain, there is glory in defeat, there can be a better tomorrow when we come together and commit to fight.

… (emphasis in the original)

Speaking of going forward:

  1. Beyond DAPL
  2. Why Invest In Pipelines
  3. Investor Uncertainty
  4. DAPL False Flags


 
 
Beyond DAPL

Defunding is the right note to strike with banks, but DAPL isn’t the only injury investors have planned for the Earth.


Using pipelines for the movement of crude oil, NGLs, refined products, and natural gas greatly benefits the United States economy. Direct capital investments for the construction of new pipelines will average approximately $55 billion between 2014 and 2025, with more being spent between 2016 and 2020. This estimate considers a conservative path of oil and gas production during that time period. If access to off limit areas of production, like the Atlantic, the Eastern Gulf of Mexico, the Pacific, and Alaska, is granted, direct capital investments will increase and average around $65 billion between 2014 and 2025. Regardless of the amount of production, these direct investments will further elicit indirect investments from others in the supply chain, such as steel manufacturing and engineering companies. Wages provided to workers will also be used to purchase consumer goods and contribute even further to the economy. In the end, while the approximate direct investment value may be between $55 and $65 billion, more contributions to the economy are likely providing all the indirect factors that are a part of construction and maintenance of gas and liquid pipelines. (Investing In Pipelines February 23, 2017)

There is a distinction between gas and oil pipelines. Gas pipeline projects that are pending, can be found the Major Pipeline Projects Pending (Onshore) page, which is maintained by the Federal Energy Regulatory Commission.

Can you guess who doesn’t regulate oil pipelines? Yes, the Federal Energy Regulatory Commission (FERC).

Dan Zukowski lists 14 proposed pipeline projects in 14 Pipeline Projects in 24 States … Which Will Be the Next Battleground?, mapped as:

That didn’t scale down very well but as you can see, if DAPL wasn’t close enough for you to take action, a closer opportunity is at hand.


 
 
Why Invest In Pipelines?


There currently are about 40 major interstate pipelines connecting to about 100 minor interstate pipelines operating in a highly regulated environment. As I wrote above, the barriers to entry are quite high if you’re considering building a pipeline any time soon. Most of the grid is in place, with access to building new lines ever more difficult because of urbanization. Oil and gas pipelines are simply great fixed assets that offer excellent long-term prospects for income-oriented investors seeking stable cash flow, upside appreciation and tax benefits from the way they are structured for the capital markets.

Because they are capital-intensive businesses, pipeline operators choose a structure that allows them to aggressively depreciate the huge amounts of money that go into building out and maintaining their lines. In practice, master limited partnerships (MLPs) pay their investors through quarterly required distributions (QRDs), the amount of which is stated in the contract between the limited partners (the investors) and the general partner (the managers).

Because of the stringent provisions on MLPs and the nature of the QRD, the vast majority of MLPs are energy-related businesses, of which pipeline operators tend to earn very stable income from the transport of oil, gasoline or natural gas. Because MLPs are a partnership, they avoid the corporate income tax on both a state and federal basis. Additionally, the limited partner (investor) also may record a prorated share of the MLP’s depreciation on his or her own tax forms to reduce liability. This is the primary benefit of MLPs and allows MLPs to have relatively cheap funding costs.

The tax-free income component to oil-and-gas-pipeline MLPs is very attractive to me at a time when higher income taxes are a reality fueled by a debt-ridden government. My view is that income investors seeking tax-advantaged income will continue to own MLPs and other tax-free investments if the tax code remains as is or becomes even more burdensome. I don’t see any major overhaul in the tax code with next year’s election because neither party in Congress has the will to cut spending. (The Advantages Of Investing In Oil And Gas Pipelines, February 23, 2017)

Altering the tax code to impact investment in pipelines is a theoretical possibility, but not an effective one.

Consult a tax lawyer for the exact details but investors in a pipeline partnership make money two ways:

  1. Pass through of depreciation for the pipeline and its maintenance
  2. Pass through of income from operation of the pipeline

Assuming there is nothing to be done to alter #1 (changing the tax code), altering investor behavior depends solely upon #2.

Altering #2 means no oil or gas flowing through the pipeline.


 
 
Investor Uncertainty

One of the aspects of pipeline that make them attractive to investors, as mentioned above, is stable income. Whatever the prices of oil or gas, it’s not worth anything unless it can be brought to market, hence the constant demand for pipelines.

As I mentioned in Stopping DAPL – One Breach At A Time, a pipeline cannot deliver oil or gas if it has even one breach in it. A breach renders it just pipe in the ground and that doesn’t produce any income.

Breaches in pipelines do occur but as far as reported, only by accident, so investors see no uncertainly to the revenue they expect from pipelines.

What if that were to change?

What if the final 13% of DAPL becomes irrelevant because the completed 1,172 miles of pipe begins to resemble Swiss cheese?


 
 
DAPL False Flags

Because I mentioned thermite recently, someone asked about a video showing its capabilities:

Be forewarned this was created by a 9/11 conspiracy theorist but it is a good illustration of the power of a pound or so of thermite. Properly used, breaching even 1/2″ steel pipe is a matter of seconds.

Getting there:

could take a bit longer.

That plus a #NoDAPL flag:

made me think of a DAPL false flag operation.

Assuming someone is to foolish as to dig up a portion of DAPL and breach it with thermite, then cover it back up with dirt and plant a #noDAPL flag, how would you distinguish that from a freshly dug area, with a #noDAPL flag?

Or any number of freshly dug areas with #noDAPL flags?

Would you not dig on the hopes there wasn’t a breach of the pipe?

Gives the idea of a “false flag operation” more immediate currency. Yes?

PS: Tracking proposed oil pipelines requires monitoring all fifty (50) states. There is no centralized regulation of such pipelines.

Letterlocking [Activist Security]

Thursday, February 23rd, 2017

Letterlocking The technology of folding & securing an epistolary writing substrate to function as its own envelope.

From the about page:

Letterlocking – Unlocking History

Welcome to letterlocking! You can find essential information about letterlocking and the Unlocking History research team on this page. We will be updating the website regularly in the coming months, including major uploads to the Dictionary of Letterlocking (DoLL) – so please check in periodically, and follow us on social media for all the news.

Unlocking History

Unlocking History is the name for a group of conservation specialists, scholars, publishers, book-artists, imaging specialists, engineers, and scientists who are interested in the historical practice of letterlocking. We want to make sure letters are conserved properly so that they can be studied for the historical secrets they reveal. The material features of letters can speak to us about the past, but in order to hear them we have to learn their language. Unlocking History is dedicated to bringing together all the tools we need to do so – a dictionary, instructional videos, images, and hands-on workshops in libraries, museums, universities, and schools around the world.

Letterlocking and the Dictionary of Letterlocking (DoLL)

Letterlocking refers to the technology of folding and securing an epistolary writing substrate to function as its own envelope – a vital communications technology before the invention of the mass-produced envelope in the 19th century. A full definition of letterlocking can be found in the Dictionary of Letterlocking (DoLL).

Documenting the physical details of well-preserved letters has helped us discern and define different locking formats with multiple levels of built-in security and various authentication devices. DoLL will explain the key differences between these formats – and show you how to make them. With practice, you will be able to examine flattened historical letters in libraries and archives, and make models to show you which letterlocking format the writer or secretary was using. These formats may correlate to the sensitivity of the information contained inside, or contribute to the meaning of the text they carry.

Imaging and Conservation

The study of letterlocking is important for the preservation of documents because it informs conservators about the evidential value of folds, creases, and intentional damage.

View and share images of letterlocking preservation: #PreserveTheFolds.

Letterlocking interests curators and historians but has advantages for modern activists as well.

Those advantages include:

  1. Accessible to nearly anyone
  2. Flummoxes the average FBI agent
  3. Provides visual evidence of tampering
  4. Slower search than digital communications
  5. Supports physical encryption (measurable distances)

Not to mention the use of “antiquated” technology will draw attention to the letters, whether they contain valuable or useless information. Government agents, being risk adverse, will fear some later review will prove the letters had valuable intelligence.

A trap entirely of their own making and one you should exploit whenever possible.

If that captures your interest, continue onto: A Postal Treasure Trove:

In 1926, a seventeenth-century trunk of letters was bequeathed to the Museum voor Communicatie in The Hague, then as now the centre of government, politics, and trade in The Netherlands. The trunk belonged to one of the most active postmaster and post mistress of the day, Simon and Marie de Brienne, a couple at the heart of European communication networks. The chest contains an extraordinary archive: 2600 “locked” letters sent from all over Europe to this axis of communication, none of which were ever delivered. In the seventeenth century, the recipient also paid postal and delivery charges. But if the addressee was deceased, absent, or uninterested, no fees could be collected. Postmasters usually destroyed such “dead letters”, but the Briennes preserved them, hoping that someone would retrieve the letters – and pay the postage. Hence the nickname for the trunk: “the piggy bank” (spaarpotje). The trunk freezes a moment in history, allowing us to glimpse the early modern world as it went about its daily business. The letters are uncensored, unedited, and 600 of them even remain unopened. The archive itself has remained virtually untouched by historians until it was recently rediscovered. Our international and interdisciplinary team of researchers has now begun a process of preservation, digitization, transcription, editing, and identification of letterlocking formats that will reveal its secrets for the first time – even, we hope, those of the unopened letters.

How cool is that? Letters preserved because the post office was hoping to nick the recipient for the postage!

Does that explain pay-in-advance postal systems of today. 😉

Both Letterlocking and A Postal Treasure Trove provide links to other resources on letterlocking.

A YouTube search on letterlocking returns approximately 525 videos.

On Twitter, follow @letterlocking, among others.

Any CS/Math types in the crowd who want to express letterlocking more formally? Thinking of Paper Folding Geometry and the exploration of folding algorithms more generally, such as with protein folding (except in 2 dimensions).

Transparent Government Has Arrived (sorta)

Tuesday, February 21st, 2017

I saw US Cities Exposed: Industries and ICS, source of this graphic, in Violet Blue‘s report Hacking and infosec news: February 21, 2017

Violet’s report has other useful security news but I just had to share the increasing government transparency graphic with you.

The growing insecurity of government computers makes the news organization stance that leakers must hand them documents all the more puzzling.

I don’t know if that is a result of being hand fed all these years, genuine concern over prosecution or both.

Think about it this way, short of a source outing themselves, how is anyone going to know that a journalist enlisted hackers versus having a genuine leaker?

Put that way, perhaps there are loose confederations of hackers breaching government networks right now. (Sorry, didn’t mean to panic any security types.)

😉

Read the rest of the report and Violet’s post as well.

Enjoy!

DAPL – 49 Sheriffs + Bull Connor of the North

Tuesday, February 21st, 2017

Before reporting on a spreadsheet about the 49 sheriffs and Bull Connor of the North, I have to share this urgent plea that arrived just moments ago:

Militarized police have completely surrounded the camp. If you intend to join the camp as a protector, the time is now.

I don’t have any reports on who is surrounding any of the 1,172 odd miles of the DAPL pipeline. Seems to me that turn about would be fair play. Yes?

I have created a spreadsheet that lists all 50 counties and their sheriffs where the DAPL pipeline runs.

The columns are as follows:

A – Name of County

B – Name of Sheriff

C, D, E, F – street address, town, state, zip code

G – Sheriff’s email (if they have one)

H – Phone

I – Fax

J – Link to Wikipedia on county

K – County population

L – County area (in square miles)

M – Population density

N – Geohack URL from Wikipedia that lists numerous map resources for that county (This is especially important for planning purposes.)

(Apologies! I forgot to link to the file: dapl-counties-sheriffs.xls)

Reasoning that you may want to concentrate your monitoring of DAPL for breeches in areas of low population density. While you may stand out, there are fewer people to notice you in such places.

Someone asked me earlier today if DAPL could be breached using explosives, to which any number of government publications, FM 3-34.214 Explosives and Demolitions, Steel Cutting with High-Explosive Charges, and private publications, Cutting Techniques for Facilities Dismantling in Decommissioning Projects, all answer in the affirmative. Cutting Techniques… includes coverage of a number of cutting techniques, including explosives.

If anyone asks you to use explosives to interrupt the DAPL pipeline you should, of course, decline, but if, nevertheless, they persist, give them this advice:

  1. Under no circumstances use explosives (commercial or homemade) so as to endanger law enforcement personnel, members of the public or even yourself. Many law enforcement officers are avid hunter and care as much for the environment as anyone. Don’t make yourself “special” by endangering or harming members of law enforcement or the public.
  2. Always use commercial explosives. Homemade explosives as seen on the Internet are dangerous and a trap for the “independent” minded. Sure, you can waste your time, energy and endanger yourself by attempting to make homemade explosives but why? Yes, there restrictions on the sales of explosives but there are laws against human trafficking as well.

    The Trafficking in Persons Report 2016 — Complete Report (PDF) reports that despite being illegal, human trafficking continues. I’ve seen it reported that 200 to 300 children are trafficked through the Atlanta airport, every month. Somehow I doubt the existence super effective enforcement efforts on explosives.

A longer post is coming but remember that investors, even investors in pipelines, are risk adverse. Should it come to pass that even a passing mention of DAPL creates waves of panic over the potential for entirely lost pipeline investments, the investment environment of and interest in pipeline investments will change.

After all, who wants to invest in 1,172 miles of sporadically broken, virgin pipe that has never carried a drop of oil? Yes?

PS: If you don’t know 1960’s civil rights history, the moniker Bull Connor of the North may escape you. Bull Connor used fire hoses and dogs against children marching for civil rights in Birmingham, Alabama. He, like the Bull Connor of the North, is a stain on the history of law enforcement in the United States.

Red Team Journal [Lessons for Standing Rock?]

Sunday, February 19th, 2017

Red Team Journal

From the homepage:

Red Team Journal was founded in 1997 to promote the practice of red teaming, alternative analysis, and wargaming. Since its founding, the site has influenced a generation of red teamers to think systematically and creatively about their assumptions, challenges, adversaries, and competitors.

My encounter with Red Team Journal was quite accidental but welcome since despite years of protests, the Dakota Access Pipeline, spanning four states, is nearing completion.

The bravery and dedication of those who have fought a long and lonely fight against that project are to be admired. But continuing with tactics that allowed near completion of an 1,172 mile long pipeline isn’t a winning strategy.

What tactics for stopping the Dakota Access Pipeline occur to you?

The Bakken Pipeline

Sunday, February 19th, 2017

The Bakken Pipeline > AKA The Dakota Access Pipeline (DAPL) by Nitin Gadia.

This static screen shot doesn’t do the map justice. It covers the entire route and enables you to zoom in at any particular location.

You can read more about the map here.

Githug page (for sources, data collaboration):
https://github.com/nittyjee/bakkenpipelinemap

Software Is Politics [Proudhon’s Response]

Sunday, February 19th, 2017

Software Is Politics by Richard Pope.

From the post:

If you work in software or design in 2016, you also work in politics. The inability of Facebook’s user interface, until recently, to distinguish between real and fake news is the most blatant example. But there are subtler examples all around us, from connected devices that threaten our privacy to ads targeting men for high-paying jobs.

Digital services wield power. They can’t be designed simply for ease of use—the goal at most companies and organizations. Digital services must be understandable, accountable, and trusted. It is now a commercial as well as a moral imperative.

DESIGN IS POLITICAL

Power and politics are not easy topics for many designers to chew on, but they’re foundational to my career. I worked for the U.K.’s Government Digital Service for five years, part of the team that delivered Gov.uk. I set up the labs team at Consumer Focus, the U.K.’s statutory consumer rights organization, building tools to empower consumers. In 2007, I cofounded the Rewired State series of hackdays that aimed to get developers and designers interested in making government better. I’ve also worked at various commercial startups including moo.com and ScraperWiki.

The last piece of work I did in government was on a conceptual framework for the idea of government as a platform. “Government as a platform” is the idea of treating government like a software stack to make it possible to build well-designed services for people. The work involved sketching some ideas out in code, not to try and solve them upfront, but to try and identify where some of the hard design problems were going to be. Things like: What might be required to enable an end-to-end commercial service for buying a house? Or what would it take for local authorities to be able to quickly spin up a new service for providing parking permits?

With this kind of thinking, you rapidly get into questions of power: What should the structure of government be? Should there be a minister responsible for online payment? Secretary of state for open standards? What does it do to people’s understanding of their government?

Which cuts to the heart of the problem in software design today: How do we build stuff that people can understand and trust, and is accountable when things go wrong? How do we design for recourse?
… (emphasis in original)

The flaw in Pope’s desire for applications are “…accountable, understandable, and trusted…” by all, is that it conceals the choosing of sides.

Or as Craig Gurian in Equally free to sleep under the bridge illustrates by quoting Anatole France:

“In its majestic equality, the law forbids rich and poor alike to sleep under bridges, beg in the streets and steal loaves of bread.”

Applications that are “…accountable, understandable, and trusted…” will have silently chosen sides just as the law does now.

Better to admit to and make explicit the choices of who serves and who eats in the design of applications. At least then disparities are not smothered by the pretense of equality.

Or as Proudhon would say:

What is equality before the law without equality of fortunes? A balance with false weights.

Speak not of “…accountable, understandable, and trusted…” applications in the abstract but for and against who?

EFF Urges Trusting Cheaters

Sunday, February 19th, 2017

Congress Must Protect Americans’ Location Privacy by Kate Tummarello.

From the post:

Your smartphone, navigation system, fitness device, and more know where you are most of the time. Law enforcement should need a warrant to access the information these technologies track.

Lawmakers have a chance to create warrant requirements for the sensitive location information collected by your devices.

It’s already against the law to intercept and transcribe all phone calls but the weight of the evidence shows the US government is doing exactly that.

The periodic EFF calls for legislation by known cheaters leave me puzzled.

Laws, to government agencies, mark “don’t get caught zones” and little more.

Protecting sensitive location information, to be effective, must be demanded by consumers of manufacturers.

No backdoors, no warrants, no snooping, it’s just that simple.

Taking The Pressure Off Standing Rock

Sunday, February 19th, 2017

Standing Rock is standing firm:

However, their historic betrayers, the Department of Indian Affairs, and more recent betrayers, their own tribal council, are aligned to focus their efforts on the water protectors.

One of the disadvantages Standing Rock faces is government sycophants who favor the pipeline can focus all their efforts at Standing Rock.

Consider this illustration of spreading their efforts over a wider area, say the 1,172 miles of the pipeline:

One or two breaches might be manageable and repairs would make economic sense. What about five major breaches? Or perhaps 10 major breaches? Each one in different sections and not too overlapping in time.

Interest, as you know, runs on loans 24 x 7 and repairs drive up the break even point for any endeavor.

Hemorrhaging cash at multiple locations isn’t sustainable, even for large foreign banks. Eventually, how long is unknown until figures come in for repairs, etc., the entire pipeline will be unprofitable and abandoned.

In the mean time, those points where cash is being lost by the barrel full (sorry), will capture the attention of investors.

Protecting DAPL From Breaches (Maps and Hunting Safety)

Sunday, February 19th, 2017

Any breach in the 1,172 length of the DAPL pipeline renders it useless.

Local sheriffs, underfunded and short staffed, are charged with guarding DAPL’s 1,172 length, in addition to serving their communities.

Places to patrol include heavy equipment rental companies in Illinois, Iowa, North Dakota and South Dakota.

Sheriff’s won’t have to pay overtime and these maps will help deputies reach their patrol areas every day:

Illinois heavy equipment rental

Iowa heavy equipment rental

North Dakota heavy equipment rental

South Dakota heavy equipment rental

Hunting/Police Safety

Hunters have long used pipelines as lines of sight, which could put deputies patrolling the pipeline in harms way. Sheriffs should advertise the patrol locations of deputies well in advance. Due to their professionalism, you won’t find any breaches being made in the pipeline in areas under active deputy patrols.

Observations

Some people may question the effectiveness of patrolling heavy equipment rental companies and announced deputy patrols of the pipeline. But sheriffs juggle competing demands for resources and the good of their local community everyday.

A community that sees higher restaurant, motel, employment figures as breaches are repaired.

If I were a sheriff, I would also bear in mind the local community votes in elections, not foreign banks.

Congressmen Counsel Potential Leakers!

Friday, February 17th, 2017

Federal Employees Guide to Sharing Key Information with the Public.

From the webpage:

On February 16, 2017, Congressman Ted W. Lieu (D | Los Angeles County) and Congressman Don Beyer (D | Virginia) released the following resource guide for federal employees who wish to break the Administration’s communications blackout on federal agencies. The guide explains how to safely and responsibly share information, and encourages employees to “Know Your Rights” and “Know Your Options.” In the “Know Your Rights” section, federal employees can learn about which federal laws apply to them. In the “Know Your Options” section, employees can learn about how to safely disseminate information to agency inspectors general and the press. The resource guide also includes links to an in-depth list of federal whistleblower statutes and information about agency inspectors general. The full press release can be found here.

Links to whistleblower resources, etc. follow.

Here’s a screen shot of the top of their guide:

The links for whistleblowers are great but rely upon the you take all the risk, media reaps all the glory model.

Better than no leaks at all but having news organization step up with cyberexpertise to safely extract data sounds like a better model.

Maps Enable Searching For DAPL Pipeline Breaches

Friday, February 17th, 2017

As I mentioned yesterday, Stopping DAPL – One Breach At A Time, oil cannot flow through the pipeline in the face of known breaches to the pipeline.

But that presumes the ability to monitor the DAPL pipeline.

Someone, perhaps you, will discover a DAPL pipeline breach and notify the press and other responsible parties.

An unknown breach does no good for anyone and can result in environment damage.

If you see a breach, report it!

The question is: Where do you look for breaches of the DAPL pipeline?

Here are maps filed by Dakota Access, LLC, in public hearings, that can help you with your public spirited endeavor.

North Dakota

A Project Aerial Maps

A.2 Avoidance and Exclusion Maps

A.4 Environmental Features Maps

B Tank Terminal Plot Plans

South Dakota

A1 – Project Vicinity Maps

A2 – Topographic Maps

A3 – Soil Maps

A4 – Hydrology Maps

A5 – USGS Landcover/Land Use Field Data Maps

Iowa

Construction Progress Maps (1 of 2) Dated: 12/28/2016

Construction Progress Maps (2 of 2) Dated: 12/28/2016

Illinois

Exhibit E, Project Route Map – Illinois Segment

Exhibit F, Legal Description of Illinois Route

Exhibit G, Landowner List (71 pages with parcel id, full name, addresses)

The maps vary from state to state but are of sufficient quality to enable discovery and monitoring of the pipeline for breaches.

Stopping DAPL – One Breach At A Time

Thursday, February 16th, 2017

Despite years of opposition and a large number of donations, the Dakota Access pipeline is moving inexorably towards completion. Charlie Northcott writes in Dakota Access pipeline: Is the Standing Rock movement defeated?:

“Our hope is that the new administration in Washington will now provide North Dakota law enforcement the necessary resources to bring closure to the protests,” said Kyle Kirchmeier, the sheriff of the local Morton County Police, in a press release.

The last 1.5 mile (2.4 km) stretch of the pipeline is expected to be completed in less than 90 days.

Kyle “Bull Connor” Kirchmeier is the sheriff responsible for spraying Standing Rock protesters with water canon in sub-freezing weather. A real piece of work.

For speculation purposes, let’s assume the government does overwhelm the protesters at Standing Rock.

Aside from completion, what does the 1,172 miles of DAPL require to be used?

bakken_pipeline_map-460

It must have no known holes.

That is to say that if the pipeline were breached and that breach was known to the operator (as well as members of the press), no oil would flow.

Yes?

What do we know about the DAPL pipeline?

First, since the pipeline can be approached from either side, there is 2,344 miles of land for staging actions against the integrity of the pipeline.

The pipeline’s right of way is described in: Dakota Access Pipeline Project, U.S. Fish and Wildlife Service, Environmental Assessment, Grassland and Wetland Easement Crossings (May 2016):


Construction of the new pipeline would require a typical construction right-of-way (ROW) width of 125 feet in uplands, 100 feet in non-forested wetlands, 85 feet in forested areas (wetlands and uplands), and up to 150 feet in agricultural areas. Following construction, a 50-foot wide permanent easement would be retained along the pipeline. … (page 12)

Which means staging areas for pipeline interference activities can be located less than 30 yards (for US football fans) from the DAPL pipeline on either side.

A propaganda site for the DAPL builders helpfully notes:

99.98% of the pipeline is installed on privately owned property in North Dakota, South Dakota, Iowa, and Illinois. The Dakota Access Pipeline does not enter the Standing Rock Sioux reservation at any point.

Which of course means that you can lawfully, with the land owner’s permission, park a backhoe,

backhoe-loader-digging2-460

or, a bulldozer,

bulldozer-20626-2957877-460

quite close to the location of the DAPL pipeline.

Backhoes, bulldozers and suitable heavy equipment come in a wide variety of makes and models so these images are illustrative only.

The propaganda site I mentioned earlier also notes:


The Dakota Access Pipeline is an entirely underground pipeline. Only where there are pump stations or valves of testing stations is there any portion of the pipeline above ground. The pipeline is buried nearly 4 feet deep in most areas and in all agricultural lands, two feet deeper than required by law.

which if you remember your army training:

fighting-position-460

(The Infantry Rifle Platoon and Squad, FM 3-21.8 (FM 7-8) March, 2007, page 8-35.)

puts the DAPL pipeline within easy reach of one of these:

USMC_ETool-460

Of course, an ordinary shovel works just as well.

shovel-460

Anyone breaching or damaging the pipeline will be guilty of a variety of federal and state crimes and therefore should not do so.

If you discover a breach in the pipeline, however, you should document its location with a GPS phone and send the image to both local law enforcement and news organizations.

You will need maps to make sure you have discovered a breach in DAPL for reporting. I have some maps that will help. More on 17 February 2017.

Bypassing ALLR Protection on 22 CPU Architectures (Why This Is Good News!)

Thursday, February 16th, 2017

A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures by Swati Khandelwal.

From the post:

Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them, and the worse — the flaw can not be entirely fixed with any mere software update.

The vulnerability resides in the way the memory management unit (MMU), a component of many CPUs, works and leads to bypass the Address Space Layout Randomization (ASLR) protection.

ASLR is a crucial security defense deployed by all modern operating systems from Windows and Linux to macOS, Android, and the BSDs.

In general, ASLR is a memory protection mechanism which randomizes the location where programs run in a device’s memory. This, in turn, makes it difficult for attackers to execute malicious payloads in specific spots in memory when exploiting buffer overflows or similar bugs.

In short, for attackers, it’s like an attempt to burglarize a house blindfolded.

But now a group of researchers, known as VUSec, from the Vrije University in the Netherlands have developed an attack that can bypass ASLR protection on at least 22 processor micro-architectures from popular vendors like Intel, AMD, ARM, Allwinner, Nvidia, and others.

The attack, dubbed ASLR Cache or AnC, is particularly serious because it uses simple JavaScript code to identify the base addresses in memory where system and application components are executed.

So, merely visiting a malicious site can trigger the attack, which allows attackers to conduct more attacks targeting the same area of the memory to steal sensitive information stored in the PC’s memory.

See Swati’s post for two videos demonstrating this unpatchable security flaw in action.

For a more formal explanation of the flaw,

ASLR on the Line: Practical Cache Attacks on the MMU by Ben Gras, et al.

Abstract:

Address space layout randomization (ASLR) is an important first line of defense against memory corruption attacks and a building block for many modern countermeasures. Existing attacks against ASLR rely on software vulnerabilities and/or on repeated (and detectable) memory probing.

In this paper, we show that neither is a hard requirement and that ASLR is fundamentally insecure on modern cachebased architectures, making ASLR and caching conflicting requirements (ASLR⊕Cache, or simply AnC). To support this claim, we describe a new EVICT+TIME cache attack on the virtual address translation performed by the memory management unit (MMU) of modern processors. Our AnC attack relies on the property that the MMU’s page-table walks result in caching page-table pages in the shared last-level cache (LLC). As a result, an attacker can derandomize virtual addresses of a victim’s code and data by locating the cache lines that store the page-table entries used for address translation.

Relying only on basic memory accesses allows AnC to be implemented in JavaScript without any specific instructions or software features. We show our JavaScript implementation can break code and heap ASLR in two major browsers running on the latest Linux operating system with 28 bits of entropy in 150
seconds. We further verify that the AnC attack is applicable to every modern architecture that we tried, including Intel, ARM and AMD. Mitigating this attack without naively disabling caches is hard, since it targets the low-level operations of the MMU. We conclude that ASLR is fundamentally flawed in sandboxed environments such as JavaScript and future defenses should not rely on randomized virtual addresses as a building block.

and,

Reverse Engineering Hardware Page Table Caches Using Side-Channel Attacks on the MMU by Stephan van Schaik, et al.

Abstract:

Recent hardware-based attacks that compromise systems with Rowhammer or bypass address-space layout randomization rely on how the processor’s memory management unit (MMU) interacts with page tables. These attacks often need to reload page tables repeatedly in order to observe changes in the target system’s behavior. To speed up the MMU’s page table lookups, modern processors make use of multiple levels of caches such as translation lookaside buffers (TLBs), special-purpose page table caches and even general data caches. A successful attack needs to flush these caches reliably before accessing page tables. To flush these caches from an unprivileged process, the attacker needs to create specialized memory access patterns based on the internal architecture and size of these caches, as well as on how the caches interact with each other. While information about TLBs and data caches are often reported in processor manuals released by the vendors, there is typically little or no information about the properties of page table caches on
different processors. In this paper, we retrofit a recently proposed EVICT+TIME attack on the MMU to reverse engineer the internal architecture, size and the interaction of these page table caches with other caches in 20 different microarchitectures from Intel, ARM and AMD. We release our findings in the form of a library that provides a convenient interface for flushing these caches as well as automatically reverse engineering page table caches on new architectures.

So, Why Is This Good News?

Everything exists in a context and security flaws are no exception to that rule.

For example, H.J.Res.41 – Providing for congressional disapproval under chapter 8 of title 5, United States Code, of a rule submitted by the Securities and Exchange Commission relating to “Disclosure of Payments by Resource Extraction Issuers” reads in part:


Resolved by the Senate and House of Representatives of the United States of America in Congress assembled, That Congress disapproves the rule submitted by the Securities and Exchange Commission relating to “Disclosure of Payments by Resource Extraction Issuers” (published at 81 Fed. Reg. 49359 (July 27, 2016)), and such rule shall have no force or effect.
… (emphasis in original)

That may not sound like much until you read Disclosure of Payments by Resource Extraction Issuers, issued by the Security and Exchange Commission (SEC), which reads in part:


SUMMARY:

We are adopting Rule 13q-1 and an amendment to Form SD to implement Section 1504 of the Dodd-Frank Wall Street Reform and Consumer Protection Act relating to the disclosure of payments by resource extraction issuers. Rule 13q-1 was initially adopted by the Commission on August 22, 2012, but it was subsequently vacated by the U.S. District Court for the District of Columbia. Section 1504 of the Dodd-Frank Act added Section 13(q) to the Securities Exchange Act of 1934, which directs the Commission to issue rules requiring resource extraction issuers to include in an annual report information relating to any payment made by the issuer, a subsidiary of the issuer, or an entity under the control of the issuer, to a foreign government or the Federal Government for the purpose of the commercial development of oil, natural gas, or minerals. Section 13(q) requires a resource extraction issuer to provide information about the type and total amount of such payments made for each project related to the commercial development of oil, natural gas, or minerals, and the type and total amount of payments made to each government. In addition, Section 13(q) requires a resource extraction issuer to provide information about those payments in an interactive data format.
… (emphasis in original)

Or as By Alex Guillén says in Trump signs bill killing SEC rule on foreign payments:

President Donald Trump Tuesday signed the first in a series of congressional regulatory rollback bills, revoking an Obama-era regulation that required oil and mining companies to disclose their payments to foreign governments.

The danger posed to global corruption by this SEC rule has passed.

What hasn’t passed is the staffs of foreign governments and resource extraction issuers remain promiscuous web surfers.

Web surfers who will easily fall prey to a JavaScript exploit that bypasses ASLR protection!

Rather than protecting global corruption, H.J.Res 41 increases the incentives for breaching the networks of foreign governments and resource extraction issuers. You may find payment information and other embarrassing and/or incriminating information.

ASLR Cache or AnC gives you another tool for mining the world of the elites.

Rejoice at every new systemic security flaw. The elites have more to hide than youthful indiscretions and records of poor marital fidelity.

Investigating A Cyberwar

Thursday, February 16th, 2017

Investigating A Cyberwar by Juliana Ruhfus.

From the post:

Editor’s Note: As the Syrian civil war has played out on the battlefields with gunshots and mortars, a parallel conflict has been fought online. The Syrian Electronic Army (SEA), a pro-Assad government group of hackers, has wielded bytes and malware to obtain crucial information from opponents of the Assad regime. The extracted information has led to arrests and torture of dissidents. In this interview, GIJN’s Eunice Au talks to Al Jazeera’s Juliana Ruhfus about the methodology and challenges of her investigation into the SEA and the process of transforming the story into an online game.

How did the idea for a documentary on the SEA come about? Who was part of your investigative team and how long did it take?

I had the idea for the film when I came across a report called “Behind Syria’s Digital Frontline,” published by a company called FireEye, cybersecurity analysts who had come across a cache of 30,000 Skype conversations that pro-Assad hackers had stolen from anti-Assad fighters. The hack provided a unique insight into the strategic intelligence that had been obtained from the Skype conversations, including Google images plans that outlined the battle at Khirbet Ghazaleh and images of missiles which the rebels were trying to purchase.

The fascinating thing was, it also shed light on how the hack was carried out. Pro-Assad hackers had created female avatars who befriended fighters on the front line by telling them how much they admired them and eventually asked to exchange photos. These images were infected with malware which proved devastating once downloaded. Computers in the field are shared by many fighters, allowing the hackers to spy on a large number of targets at once.

When I read the report I had the Eureka moment that I wait for when I am looking for a new idea: I could visualize the “invisible” cyberwar story and, for the first time ever, I really understood the crucial role that social engineering plays in hacking, that is the hacker’s psychological skill to get someone to click on an infected link.

I then shot the film together with director Darius Bazargan. Ozgur Kizilatis and Alexander Niakaris both did camera work and Simon Thorne was the editor. We filmed in London, Turkey, and France, and all together the production took just under three months.
… (emphasis in original)

C-suite level material but quite good, if a bit heavy-handed in its support for rebel forces in Syria. I favor the foxes over the hounds as well but prefer a more balanced approach to the potential of cyberwarfare.

Cyberweapons have the potential to be great equalizers with conventional forces. Punishing the use or supplying of cyberweapons, as Juliana reports here, is more than a little short-sighted. True, the Assad regime may have the cyber advantage today, but what about tomorrow? Or other governments?

The Rise of the Weaponized AI Propaganda Machine

Tuesday, February 14th, 2017

The Rise of the Weaponized AI Propaganda Machine by Berit Anderson and Brett Horvath.

From the post:

“This is a propaganda machine. It’s targeting people individually to recruit them to an idea. It’s a level of social engineering that I’ve never seen before. They’re capturing people and then keeping them on an emotional leash and never letting them go,” said professor Jonathan Albright.

Albright, an assistant professor and data scientist at Elon University, started digging into fake news sites after Donald Trump was elected president. Through extensive research and interviews with Albright and other key experts in the field, including Samuel Woolley, Head of Research at Oxford University’s Computational Propaganda Project, and Martin Moore, Director of the Centre for the Study of Media, Communication and Power at Kings College, it became clear to Scout that this phenomenon was about much more than just a few fake news stories. It was a piece of a much bigger and darker puzzle — a Weaponized AI Propaganda Machine being used to manipulate our opinions and behavior to advance specific political agendas.

By leveraging automated emotional manipulation alongside swarms of bots, Facebook dark posts, A/B testing, and fake news networks, a company called Cambridge Analytica has activated an invisible machine that preys on the personalities of individual voters to create large shifts in public opinion. Many of these technologies have been used individually to some effect before, but together they make up a nearly impenetrable voter manipulation machine that is quickly becoming the new deciding factor in elections around the world.

Before you get too panicked, remember the techniques attributed to Cambridge Analytica were in use in the 1960 Kennedy presidential campaign. And have been in use since then by marketeers for every known variety of product, including politicians.

It’s hard to know if Anderson and Horvath are trying to drum up more business for Cambridge Analytica or if they are genuinely concerned for the political process.

Granting that Cambridge Analytica has more data than was available in the 1960’s but many people, not just Cambridge Analytica have labored on manipulation of public opinion since then.

If people were as easy to sway, politically speaking, as Anderson and Horvath posit, then why is there any political diversity at all? Shouldn’t we all be marching in lock step by now?

Oh, it’s a fun read so long as you don’t take it too seriously.

Besides, if a “weaponized AI propaganda machine” is that dangerous, isn’t the best defense a good offense?

I’m all for cranking up a “demonized AI propaganda machine” if you have the funding.

Yes?

Republican Regime Creates New Cyber Market – Burner Twitter/Facebook Accounts

Thursday, February 9th, 2017

The current Republican regime has embarked upon creating a new cyber market, less than a month after taking office.

Samatha Dean (Tech Times) reports:

Planning a visit to the U.S.? Your passport is not the only thing you may have to turn in at the immigration counter, be prepared to relinquish your social media account passwords as well to the border security agents.

That’s right! According to a new protocol from the Homeland Security that is under consideration, visitors to the U.S. may have to give their Twitter and Facebook passwords to the border security agents.

The news comes close on the heels of the Trump administration issuing the immigration ban, which resulted in a massive state of confusion at airports, where several people were debarred from entering the country.

John F. Kelly, the Homeland Security Secretary, shared with the Congress on Feb. 7 that the Trump administration was considering this option. The measure was being weighed as a means to sieve visa applications and sift through refugees from the Muslim majority countries that are under the 90-day immigration ban.

I say burner Twitter/Facebook accounts, if you plan on making a second trip to the US, you will need to have the burner accounts maintained over the years.

The need for burner Twitter/Facebook accounts, ones you can freely disclose to border security agents, presents a wide range of data science issues.

In no particular order:

  • Defeating Twitter/Facebook security on a large scale. Not trivial but not the hard part either
  • Creating accounts with the most common names
  • Automated posting to accounts in their native language
  • Posts must be indistinguishable from human user postings, i.e., no auto-retweets of Sean Spicer
  • Profile of tweets/posts shows consistent usage

I haven’t thought about burner bank account details before but that certainly should be doable. Especially if you have a set of banks on the Net that don’t have much overhead but exist to keep records one to the other.

Burner bank accounts could be useful to more than just travelers to the United States.

Kudos to the new Republican regime and their market creation efforts!

State of Washington & State of Minnesota v. Trump [Press Resource]

Thursday, February 9th, 2017

State of Washington & State of Minnesota v. Trump 9th Circuit Court of Appeals webpage on case: 17-35105.

The clerk of the Ninth Circuit has created a listing of all the pleading, hearings, etc., in date order (most recent at the top of the list) for your research and reading pleasure.

I won’t repeat the listing here as it would be quickly out of date.

Please include: State of Washington & State of Minnesota v. Trump, https://www.ca9.uscourts.gov/content/view.php?pk_id=0000000860 as a hyperlink in all your postings on this case.

Your readers deserve the opportunity to read, hear and see the arguments and briefs in this case for themselves.

PS: It appears to be updated after the close of business for the clerk’s office so filings today aren’t reflected on the page.

Latest Data on Cellphone Spy Tool Flood

Wednesday, February 8th, 2017

Cellphone Spy Tools Have Flooded Local Police Departments by George Joseph.

From the post:


In December 2015, The Intercept released a catalogue of military surveillance tools, leaked by an intelligence community source concerned by this perceived militarization of domestic law enforcement. The catalogue included tools that could track thousands of people’s cellphones at once, extract deleted text messages from captured phones, and monitor ongoing calls and text messages. Following this news, last April, CityLab began sending public records requests to the top fifty largest police across the country asking for purchasing orders and invoices over 2012 to 2016 related to any of the devices listed in the catalogue. (Note: The fifty largest list is based on data released in 2010 from the Police Pay Journal, and thus does not include some departments now among the top fifty largest).

Of the fifty departments sent public records requests, only eight claimed not to have acquired any spy tools leaked by The Intercept’s intelligence source. At least twelve have admitted to having cellphone interception devices, and nineteen have admitted to having cellphone extraction devices. The responses, security-based rejections, and outstanding requests still being processed for CityLab suggest that, at a minimum, thirty-nine of the fifty departments have acquired at least some of these military-grade surveillance tools over the last four years. (Click here to see the original cache of documents, or scroll down to the bottom of this article)
… (emphasis in original)

George details the results of their investigation by class of software/hardware and provides the original documents supporting his analysis.

Later in the post:


As these military-grade spy tools pour down into local police departments across the country, legal experts are concerned that their use isn’t in keeping with individuals’ due process rights. Law enforcement practices vary dramatically across the country. In 2014, the U.S. Supreme Court unanimously ruled that police could not extract data from an arrested individual’s cellphone without ob­tain­ing a war­rant. But the ruling itself did not give clear guidance on how broad police warrant requests could be designed, and such decisions are still left up to law enforcement discretion in many cases.

I puzzle over the “lack of rules for digital surveillance” discussions.

The police/government has:

  • Lied and/or concealed its use of digital surveillance software/hardware
  • Has evaded/resisted any meaningful oversight of its surveillance activities
  • Collects data indiscriminately
  • etc.,

Yet, fashioning rules for the use of digital surveillance is all the rage.

Why will government agencies fear to break digital surveillance rules when they have systematically broken the law in the past?

Personal privacy depends on defeating military grade surveillance tools.

Not military grade but an item for testing your surveillance defeating work:

Build Your Own GSM Base Station For Fun And Profit.

I don’t keep up on the hardware side of things so please comment with more recent hardware/software for surveillance or defeating the same.

Court: Posting Standards Online Violates Copyright Law [+ solution]

Wednesday, February 8th, 2017

Court: Posting Standards Online Violates Copyright Law by Trey Barrineau.

From the post:

Last week, the U.S. District Court for the District of Columbia ruled that public-records activist Carl Malamud’s organization, Public.Resource.Org, violated copyright law by publicly sharing standards that are used in laws such as building codes. It also said organizations that develop these standards, including those used in the fenestration industry, have the right to charge reasonable fees to access them. Malamud told DWM in an e-mail that he’ll appeal the ruling.
… (emphasis in original)

I was working on a colorful rant, invoking Mr. Bumble in Charles Dickens’s Oliver Twist:

“If the law supposes that,” said Mr. Bumble, squeezing his hat emphatically in both hands, “the law is a ass- a idiot.

based on the report of the decision when I ran across the full court opinion:

AMERICAN SOCIETY FOR TESTING AND MATERIALS, et al., Plaintiffs, v. PUBLIC.RESOURCE.ORG, INC., Defendant. Case No. 13-cv-1215 (TSC)

The preservation of copyright despite being referenced in a law and/or regulation (pages 19-24) is one of the stronger parts of the decision.

In part it reads:


Congress was well aware of the potential copyright issue posed by materials incorporated by reference when it crafted Section 105 in 1976. Ten years earlier, Congress had extended to federal agencies the authority to incorporate private works by reference into federal regulations. See Pub. L. No. 90-23, § 552, 81 Stat. 54 (1967) (codified at 5 U.S.C. § 552) (providing that “matter reasonably available to the class of persons affected thereby is deemed published in the Federal Register when incorporated by reference therein with the approval of the Director of the Federal Register”). However, in the Copyright Act of 1976, Congress made no mention of these incorporated works in § 105 (no copyright for “any work of the United States Government”) or any other section. As the House Report quoted above indicates, Congress already carefully weighed the competing policy goals of making incorporated works publicly available while also preserving the incentives and protections granted by copyright, and it weighed in favor of preserving the copyright system. See H.R. Rep. No. 94-1476, at 60 (1976) (stating that under § 105 “use by the Government of a private work would not affect its copyright protection in any way”); see also M.B. Schnapper v. Foley, 667 F.2d 102, 109 (D.C. Cir. 1981) (analyzing Copyright Act and holding that “we are reluctant to cabin the discretion of government agencies to arrange ownership and publication rights with private contractors absent some reasonable showing of a congressional desire to do so”).

However, recognizing the importance of public access to works incorporated by reference into federal regulations, Congress still requires that such works be “reasonably available.” 5 U.S.C. § 552(a)(1). Under current federal regulations issued by the Office of the Federal Register in 1982, a privately authored work may be incorporated by reference into an agency’s regulation if it is “reasonably available,” including availability in hard copy at the OFR and/or the incorporating agency. 1 C.F.R. § 51.7(a)(3). Thirteen years later, Congress passed the National Technology Transfer and Advancement Act of 1995 (“NTTAA”) which directed all federal agencies to use privately developed technical voluntary consensus standards. See Pub. L. No. 104-113, 110 Stat. 775 (1996). Thus, Congress initially authorized agencies to incorporate works by reference, then excluded these incorporated works from § 105 of the Copyright Act, and, nearly twenty years later, specifically directed agencies to incorporate private works by reference. From 1966 through the present, Congress has remained silent on the question of whether privately authored standards and other works would lose copyright protection upon incorporation by reference. If Congress intended to revoke the copyrights of such standards when it passed the NTTAA, or any time before or since, it surely would have done so expressly. See Whitman v. Am. Trucking Ass’ns, Inc., 531 U.S. 457, 468 (2001) (“Congress . . . does not alter the fundamental details of a regulatory scheme in vague terms or ancillary provisions—it does not . . . hide elephants in mouseholes.”); United States v. Fausto, 484 U.S. 439, 453 (1988) (“[It] can be strongly presumed that Congress will specifically address language on the statute books that it wishes to change.”). Instead, Congress has chosen to maintain the scheme it created in 1966: that such standards must simply be made reasonably available. See 5 U.S.C. § 552(a)(1).
… (emphasis in original, pages 21-23)

Finding to the contrary, that is referencing a privately authored standard as terminating the rights of a copyright holder, creates obvious due process problems.

Some copyright holders, ASTM for example, report sales as a substantial portion of their yearly income. ASTM International 2015 Annual Report gives an annual operating income of $72,543,549, of which, $48,659,345 was from publications. (page 24)

Congress could improve both the “reasonable access” for citizens and the lot of standard developers by requiring:

  • for works incorporated by reference into federal regulations, agencies must secure a license renewable without time limit for unlimited digital reproduction of that work by anyone
  • digital reproductions of such works, whether by the licensing agency or others, must reference the work’s publisher for obtaining a print copy

That gives standard developing organizations a new source of revenue, increases the “reasonable access” of citizens, and if past experience is any guide, digital copies may drive print sales.

Any takers?

“Don’t do the crime if you can’t do the time” – Scary Talk, Check The Facts

Tuesday, February 7th, 2017

Steve Morgan reprises that old adage in: Teenage hackers beware: Don’t do the cybercrime if you can’t do the jail time.

From the post:

The latest Hack Blotter features a garden variety of cyber perps who’ve been investigated, apprehended, arrested, and/or convicted.

Local U.S. law enforcement agencies are devoting more resources to cybercrime in an effort to prosecute cybercriminals. Atlanta and New York are the latest cities to invest into new cybercrime units and labs.

International authorities are also stepping up arrests and convictions of hackers.

Some teenagers are learning the hard way that cybercrime doesn’t pay. The Hack Blotter features the following children who’ve paid the price for hacking over the past few months:

Scary talk from Morgan but if you followed the link to Hack Blotter you will find:

  • forty-six (46) arrests/prosecutions around the world, Oct. – Dec. 2016
  • 7 billion, 482 million odd people, current world population

I can’t say those are bad odds. You?

More than improved cybersecurity or cybercops, the principal danger to your freedom is you.

Should you decided to hack, exercise of good operational security (opsec) is no guarantee you won’t get caught but it goes a long way in that direction.

The Power of Big Data and Psychographics [Fact Checking]

Thursday, February 2nd, 2017

From the description:

In a 10 minute presentation at the 2016 Concordia Summit, Mr. Alexander Nix discusses the power of big data in global elections. Cambridge Analytica’s revolutionary approach to audience targeting, data modeling, and psychographic profiling has made them a leader in behavioral microtargeting for election processes around the world.

A highly entertaining but deceptive presentation on the state of the art for marketing political candidates.

Nix claims that most marketing companies base their advertising on demographics and geographics, sending the same message to all women, all African-Americans, etc.

Worse than a “straw man,” that’s simply false. If you know the work Selling Blue Elephants by Howard Moskowitz and Alex Gofman, then you know that marketers tweak their pitches to very small market slices.

But you don’t need to find a copy of Selling Blue Elephants or take my word for that. On your next visit to the grocery store see for yourself how many variations of a popular shampoo or spaghetti sauce are offered. Each one is calculated to attract a particular niche of the overall market.

Nix goes on to describe advertising in the 1960’s as “top down,” “hope messages resonant,” etc.

Not only is that another false claim, but the application described by Nix was pioneered for the 1960 presidential campaign.


Ithiel de Sola Pool, with others, developed the Simulmatics program for the computation of a great variety of factors thought to influence voting, for specific use in the 1960 presidential election. A multitude of influences can be introduced into the program, together with modifications of a strategic nature, and the results bear on both prediction and choice of strategy, much in the manner that elaborate market research influences business decision on manufacture and sale of a new product. The Simulmatics project assembled a basic matrix of voter types and “issue clusters” (480 of the former and 52 of the latter, making a total of 24,960 cells), consolidating as values the accumulated archives of polling on all kinds of questions. The records of the Roper Public Opinion Research Center at Williamstwon were used as source material. With no data later than 1958, the simulation achieved a correlation by states of .82 with the actual Kennedy vote.

(“The Mathematical Approach to Political Science” by Oliver Benson, in Contemporary Political Analysis, edited by James C. Charlesworth, The Free Press, 1967, at pp. 129-130)

I’ll grant that Nix has more data at his disposal and techniques have changed in the last fifty-seven (57) years, but there’s no legitimate reason to not credit prior researchers in the field.

PS: If you find a hard (or scanned) copy of The Simulmatics Project by Ithiel de Sola Pool, let me know.

Neil M. Gorsuch (Library of Congress, Bibliography)

Thursday, February 2nd, 2017

This bibliography created by the Library of Congress on Neil M. Gorsuch covers articles, books, cases written by Judge Gorsuch and others.

One of the few sane resource collections you will find on Judge Gorsuch.

Share it widely.

How Is GIS Being Used To Map Resistance And Political Protests?

Wednesday, February 1st, 2017

How Is GIS Being Used To Map Resistance And Political Protests? by Sarah Bond.

From the post:

In the days since Donald Trump became president on January 20, 2017, millions of protestors have gathered in cities both big and small across the globe. And while presidential counselor Kellyanne Conway told Chuck Todd on NBC’s “Meet The Press” that, “There’s really no way to quantify crowd numbers“–digital humanists, data scientists, librarians and geographers beg to differ.

Let’s check in on some projects attempting to use GIS to visualize the recent political protests, preserve data and keep activists informed.

womens-march-460

Despite Conway’s remarks, a Google Doc started by Jeremy Pressman at the University of Connecticut and Erica Chenoweth of the University of Denver soon began to collect crowd-sourced estimates from the Women’s Marches on January 20, 2017 organized by city, state and country. As they say on the public spreadsheet, “We are not collecting this data as part of a research project. We are doing this in the public interest. We are not affiliated with any other efforts to collect data on the demonstrations.” Over at Vox, graphics reporter Sarah Frostenson turned their data into a static map. Other researchers also weighed in. Doug Duffy, a PhD candidate at the University of Toronto, made an interactive map of Pressman and Chenoweth’s data here and posted the visualization to his GitHub page. He even cleaned the data for easy download and reuse (with attribution) by others.

The post has links to a number of other projects that are mapping data related to resistance and political protests.

If that wasn’t encouraging enough, Sarah’s post appeared in Forbes, which isn’t known for being a hotbed of criminal syndicalism.

😉

Can using GIS to plan resistance and political protests be very far away?