Quotulatiousness

October 24, 2017

More on Quebec’s niqab ban

Filed under: Cancon, Government, Law, Liberty — Tags: , , , , , — Nicholas @ 04:00

Ted Campbell is emphatically against Quebec’s attempt to ban facial coverings for Islamic women:

These laws are stupid … but they are worse than stupid, they are an assault on individual liberty by a bunch of political nincompoops.

Now, there are a number of variants of head and face coverings, they are especially common among some Muslim women …

… and some restrictions on some of them in some situations are, pretty clearly, justified on common sense or security-identification grounds. We, most of us, can probably agree that a lady should not wear a burqa or chador or even a niqab when she’s driving a car (it might restrict her vision) or when she is applying for a driving licence, which is a pretty common form of recognized identification … and it seems pretty clear that airport security should insist that a burqa or chador must be removed for security screening (to permit positive facial recognition).

But, why the hell does the state ~ the BIG, collective, state ~ care what any individual wears when (s)he boards a bus. It ought to care that she deposits the correct fare, of course, or taps her card to pay, but why does the state care if her face is covered? It’s arrant nonsense, and it is an infringement on a fundamental right.

    Reminder: you (and I, and Muslim women, too) have lots of rights but four of them are quite fundamental: life, liberty and property as defined by John Locke in 17th century England and privacy, as defined by Brandies and Warren in 19th century America. These rights all accrue to all individuals, only, and they, those individuals, need to have their fundamental rights protected against constant threats from collectives including religions, societies and states, themselves. These new laws, passed by big, collectivist states, are threats to individual liberties and must be challenged and overturned. Liberals, like Justin Trudeau, will not do it because they are progressives, not liberals, and because people like Justin Trudeau cannot think about fundamental rights … only about partisan, short term, political advantage.

Let me be clear about my own position:

  • Women may wear whatever they want for their own (good or not so good) reasons; but
  • It is wrong for anyone (including any father or husband or rabbi or provincial premier) to force women to dress in some certain way for social (including political) or religious reasons.

Your religion is a wholly private matter between you and your gods … you may never try to impose your beliefs on others, including your wife and children.

September 8, 2017

Google’s unbridled market power and ability to quash critics and competitors

Filed under: Business, Technology — Tags: , , , , — Nicholas @ 03:00

In Wired, Rowland Manthorpe reports on another case of Google roughing up someone for being critical of their current “be evil” business philosophy:

The latest allegation against Google? Jon von Tetzchner, creator of the web browser Opera, says the search giant deliberately undermined his new browser, Vivaldi.

In a blogpost titled, “My friends at Google: it is time to return to not being evil,” von Tetzchner accuses the US firm of blocking Vivaldi’s access to Google AdWords, the advertisements that run alongside search results, without warning or proper explanation.

According to Von Tetzchner, the problem started in late May. Speaking at the Oslo Freedom Forum, the Icelandic programmer criticised big tech companies’ attitude toward personal data, calling for a ban on location tracking on Facebook and Google. Two days later, he suddenly found Vivaldi’s Google AdWords campaigns had been suspended. “Was this just a coincidence?” he writes. “Or was it deliberate, a way of sending us a message?” He concludes: “Timing spoke volumes.”

Von Tetzchner got in touch with Google to try and resolve the issue. The result? What he calls “a clarification masqueraded in the form of vague terms and conditions.” The particular issue was the end-user license agreement (EULA), the legal contract between a software manufacturer and a user. Google wanted Vivaldi to add one to its website. So it did. But Google had further complaints.

According to emails shown to WIRED, Google wanted Vivaldi to add an EULA “within the frame of every download button”. The addition was small – a link below the button directing people to “terms” – but on the web, where every pixel matters, this was a potential competitive disadvantage. Most gallingly, Chrome, Google’s own web browser, didn’t display a EULA on its landing pages. Google also asked Vivaldi to add detailed information to help people uninstall it, with another link, also under the button.

The links Vivaldi says it was forced to add to comply with Google’s demands (image via Wired)

August 12, 2017

Why The Government Shouldn’t Break WhatsApp

Filed under: Britain, Government, Law, Liberty, Technology — Tags: , , , — Nicholas @ 02:00

Published on 3 Jul 2017

Encryption backdoors – breaking WhatsApp and iMessage’s security to let the government stop Bad Things – sounds like a reasonable idea. Here’s why it isn’t.

A transcript of this video’s available here: https://www.facebook.com/notes/tom-scott/why-the-government-shouldnt-break-whatsapp/1378434365572557/

August 1, 2017

Ontario adopts voluntary self-surveillance app from CARROT Insights

Filed under: Cancon, Government, Liberty, Technology — Tags: , , , , , — Nicholas @ 05:00

I often joke about how inexpensive it appears to be to “influence” politicians, but it’s only fair to point out that the voters those easily influenced politicians represent are even more easy to influence:

Ontario announced earlier this month that it will become the fourth Canadian government to fund a behavioral modification application that rewards users for making “good choices” in regards to health, finance, and the environment. The Carrot Rewards smartphone app, which will receive $1.5 million from the Ontario government, credits users’ accounts with points toward the reward program of their choice in exchange for reaching step goals, taking quizzes and surveys, and engaging in government-approved messages.

The app, funded by the Canadian federal government and developed by Toronto-based company CARROT Insights in 2015, is sponsored by a number of companies offering reward points for their services as an incentive to “learn” how to improve wellness and budget finances. According to CARROT Insights, “All offers are designed by sources you can trust like the BC Ministry of Health, Newfoundland and Labrador Government, the Heart and Stroke Foundation, the Canadian Diabetes Association, and YMCA.” Users can choose to receive rewards for companies including SCENE, Aeroplan, Petro-Canada, or More Rewards, a loyalty program that partners with other businesses.

It’ll be interesting if they share the uptake of this new smartphone app … just how many of us are willing to let the government track just about all of our actions in exchange for “rewards”.

In order to use the app, users are giving Carrot Insights and the federal government permission to “access and collect information from your mobile device, including but not limited to, geo-location data, accelerometer/gyroscope data, your mobile device’s camera, microphone, contacts, calendar and Bluetooth connectivity in order to operate additional functionalities of the Services.”

Founder and CEO of CARROT Insights Andreas Souvaliotis launched the app in 2015 “with a focus on health but the company and its partner governments quickly realized it was effective at modifying behavior in other areas as well,” according to CTV News.

April 20, 2017

We now know that there are more than 30,000 registered gun owners in London

Filed under: Britain, Law — Tags: , , , , — Nicholas @ 04:00

What’s disturbing about the knowledge is that London’s Metropolitan Police revealed that information to a private company and may have violated British privacy laws in the process:

London gun owners are asking questions of the Metropolitan Police after the force seemingly handed the addresses of 30,000 firearm and shotgun owners to a direct mail marketing agency for a commercial firm’s advertising campaign.

The first any of the affected people knew about the blunder was when the leaflet (pictured below) landed on their doormats in Tuesday’s post.

Titled “Protect your firearms and shotguns with Smartwater”, the leaflet – which features Met Police logos – advises firearm and shotgun certificate holders to “buy a firearms protection pack at a reduced price” of £8.95.

Smartwater is basically invisible ink. You mark your property using it and if you are burgled, police can use a UV light reader to see who rightfully owns stolen items. The company behind it was formed by an ex-police detective and his industrial chemist brother, and the firm has since forged very close links with a number of UK police forces. Its website boasts of the “traceable liquid’s” crime-reducing properties, something that police actively endorse.

[…]

The front and reverse of the Metropolitan Police Smartwater firearms leaflet

Questions were immediately raised as to whether the Met had broken the law. The data protection statement that both police and certificate holders agree to is found in Firearms Form 201 (PDF), the application form for a firearm certificate. It says:

    I understand that all information submitted will be handled in accordance with the Data Protection Act 1998 and the Freedom of Information Act 2000 and connected legislation. I understand and give consent for information contained within my application form or obtained in the course of deciding the application to be shared with: my GP, other government departments, regulatory bodies or enforcement agencies in the course of either deciding the application or in pursuance of maintaining public safety or the peace.

    Note: Any information shared will be shared in accordance with data sharing protocols. We do not share your personal or company details with other applicants or members of the public and treat information in connection with the application in confidence, but individuals should be aware that we may be required to disclose some information in accordance with the legislation referred to above.

The Register has made the Information Commissioner’s Office aware of the breach and is awaiting a statement from the data watchdog.

April 16, 2017

If Walls Could Talk The History of the Home Episode 3 The Bedroom

Filed under: Britain, History — Tags: , , , — Nicholas @ 02:00

Published on 1 Feb 2017

March 31, 2017

“You can’t buy my internet data. You can’t buy your internet data. That’s not how this works

Filed under: Government, Liberty, Technology, USA — Tags: , , , — Nicholas @ 04:00

At Techdirt, Mike Masnick bravely attempts to tamp down the hysteria over this week’s vote in Congress to kill broadband privacy protections (which, as he notes, hadn’t yet come into effect anyway):

People are rightfully angry and upset about this. The privacy protections were fairly simple, and would have been helpful in stopping truly egregious behavior by some dominant ISPs who have few competitors, and thus little reason to treat people right. But misleading and misinforming people isn’t helpful either.

[…]

But here’s the real problem: you can’t buy Congress’ internet data. You can’t buy my internet data. You can’t buy your internet data. That’s not how this works. It’s a common misconception. We even saw this in Congress four years ago, where Rep. Louis Gohmert went on a smug but totally ignorant rant, asking why Google won’t sell the government all the data it has on people. As we explained at the time, that’s not how it works*. Advertisers aren’t buying your browsing data, and ISPs and other internet companies aren’t selling your data in a neat little package. It doesn’t help anyone to blatantly misrepresent what’s going on.

When ISPs or online services have your data and “sell” it, it doesn’t mean that you can go to, say, AT&T and offer to buy “all of Louis Gohmert’s browsing history.” Instead, what happens is that these companies collect that data for themselves and then sell targeting. That is, when Gohmert goes to visit his favorite publication, that website will cast out to various marketplaces for bids on what ads to show. Thanks to information tracking, it may throw up some demographic and interest data to the marketplace. So, it may say that it has a page being viewed by a male from Texas, who was recently visiting webpages about boardgames and cow farming (to randomly choose some items). Then, from that marketplace, some advertisers’ computerized algorithms will more or less say “well, I’m selling boardgames about cows in Texas, and therefore, this person’s attention is worth 1/10th of a penny more to me than some other company that’s selling boardgames about moose.” And then the webpage will display the ad about cow boardgames. All this happens in a split second, before the page has fully loaded.

At no point does the ad exchange or any of the advertisers know that this is “Louis Gohmert, Congressional Rep.” Nor do they get any other info. They just know that if they are willing to spend the required amount to get the ad shown via the marketplace bidding mechanism, it will show up in front of someone who is somewhat more likely to be interested in the content.

That’s it.

* Amusingly, Rep. Gohmert voted to repeal the privacy protections, which makes no sense if he actually believed what he was saying in that hearing a few years ago…

H/T to Amy Alkon for the link.

On a related note, LifeHacker posted a recommendation for “The Laziest, Cheapest Way to Circumvent Your Snooping ISP“. (Spoiler: it’s Opera). I use Opera, but not exclusively … I also use Brave, Chrome, and Firefox on a daily basis.

March 11, 2017

The EFF’s guide to digital privacy at US border crossings

Filed under: Government, Liberty, Technology, USA — Tags: , , — Nicholas @ 03:00

The Electronic Frontier Foundation (EFF) provides a quick overview of your rights when entering the United States:

February 23, 2017

An open letter to the DHS on social media identities

Filed under: Government, Liberty, Technology, USA — Tags: , , , — Nicholas @ 03:00

Cory Doctorow:

A huge coalition of human rights groups, trade groups, civil liberties groups, and individual legal, technical and security experts have signed an open letter to the Department of Homeland Security in reaction to Secretary John Kelly’s remarks to House Homeland Security Committee earlier this month, where he said the DHS might force visitors to America to divulge their social media logins as a condition of entry.

The letter points out that the years’ worth of private data — including commercially sensitive information; privileged communications with doctors, therapists and attorneys; and personal information of an intimate and private nature — that the DHS could access this way would not belong only to non-US persons (who are, of course, deserving of privacy!), but also US persons, whose lives the DHS would be able to peer into without warrant, oversight or limitation.

The letter also points out that once America starts demanding this of foreigners visiting its shores, other governments will definitely reciprocate — so American travelers would be forced to reveal everything from trade secrets to the most personal moments with their loved ones with governments hostile to US interests.

Trade disputes tend to devolve into tit-for-tat retaliation. Initiatives like this will work exactly the same way (except you can be certain that politicians will hold out for their own right to privacy while demanding that private citizens and foreigners give up theirs).

November 6, 2016

Canadian intelligence agencies and domestic overreach

Filed under: Cancon, Law, Liberty — Tags: , , , , — Nicholas @ 02:00

Michael Geist on the drumbeat of revelations — but less outrage than you’d expect — on the extent of surveillance being conducted within Canada by CSIS and law enforcement organizations:

In the aftermath of the Snowden revelations in which the public has become largely numb to new surveillance disclosures, the Canadian reports over the past week will still leave many shocked and appalled. It started with the Ontario Provincial Police mass text messaging thousands of people based on cellphone usage from nearly a year earlier (which is not government surveillance per se but highlights massive geo-location data collection by telecom carriers and extraordinary data retention periods), continued with the deeply disturbing reports of surveillance of journalists in Quebec (which few believe is limited to just Quebec) and culminated in yesterday’s federal court decision that disclosed that CSIS no longer needs warrants for tax records (due to Bill C-51) and took the service to task for misleading the court and violating the law for years on its metadata collection and retention program.

The ruling reveals a level of deception that should eliminate any doubts that the current oversight framework is wholly inadequate and raises questions about Canadian authorities commitment to operating within the law. The court found a breach of a “duty of candour” (which most people would typically call deception or lying) and raises the possibility of a future contempt of court proceeding. While CSIS attempted to downplay the concern by noting that the data collection in question – metadata involving a wide range of information used in a massive data analysis program – was collected under a court order, simply put, the court found that the retention of the data was illegal. Further, the amount of data collection continues to grow (the court states the “scope and volume of incidentally gathered information has been tremendously enlarged”), leading to the retention of metadata that is not part of an active investigation but rather involves non-threat, third party information. In other words, it is precisely the massive, big data metadata analysis program feared by many Canadians.

The court ruling comes after the Security Intelligence Review Committee raised concerned about CSIS bulk data collection in its latest report and recommended that that inform the federal court about the activities. CSIS rejected the recommendation. In fact, the court only became aware of the metadata retention due to the SIRC report and was astonished by the CSIS response, stating that it “shows a worrisome lack of understanding of, or respect for, the responsibilities of a party [SIRC] benefiting from the opportunity to appear ex parte.”

July 27, 2016

Security concerns with the “Internet of things”

Filed under: Technology — Tags: , , — Nicholas @ 03:00

When it comes to computer security, you should always listen to what Bruce Schneier has to say, especially when it comes to the “Internet of things”:

Classic information security is a triad: confidentiality, integrity, and availability. You’ll see it called “CIA,” which admittedly is confusing in the context of national security. But basically, the three things I can do with your data are steal it (confidentiality), modify it (integrity), or prevent you from getting it (availability).

So far, internet threats have largely been about confidentiality. These can be expensive; one survey estimated that data breaches cost an average of $3.8 million each. They can be embarrassing, as in the theft of celebrity photos from Apple’s iCloud in 2014 or the Ashley Madison breach in 2015. They can be damaging, as when the government of North Korea stole tens of thousands of internal documents from Sony or when hackers stole data about 83 million customer accounts from JPMorgan Chase, both in 2014. They can even affect national security, as in the case of the Office of Personnel Management data breach by — presumptively — China in 2015.

On the Internet of Things, integrity and availability threats are much worse than confidentiality threats. It’s one thing if your smart door lock can be eavesdropped upon to know who is home. It’s another thing entirely if it can be hacked to allow a burglar to open the door — or prevent you from opening your door. A hacker who can deny you control of your car, or take over control, is much more dangerous than one who can eavesdrop on your conversations or track your car’s location.

With the advent of the Internet of Things and cyber-physical systems in general, we’ve given the internet hands and feet: the ability to directly affect the physical world. What used to be attacks against data and information have become attacks against flesh, steel, and concrete.

Today’s threats include hackers crashing airplanes by hacking into computer networks, and remotely disabling cars, either when they’re turned off and parked or while they’re speeding down the highway. We’re worried about manipulated counts from electronic voting machines, frozen water pipes through hacked thermostats, and remote murder through hacked medical devices. The possibilities are pretty literally endless. The Internet of Things will allow for attacks we can’t even imagine.

The increased risks come from three things: software control of systems, interconnections between systems, and automatic or autonomous systems. Let’s look at them in turn

I’m usually a pretty tech-positive person, but I actively avoid anything that bills itself as being IoT-enabled … call me paranoid, but I don’t want to hand over local control of my environment, my heating or cooling system, or pretty much anything else on my property to an outside agency (whether government or corporate).

March 29, 2016

Why did Apple suddenly grow a pair over consumer privacy and (some) civil rights?

Filed under: Business, Technology, USA — Tags: , , , , , — Nicholas @ 03:00

Charles Stross has a theory:

A lot of people are watching the spectacle of Apple vs. the FBI and the Homeland Security Theatre and rubbing their eyes, wondering why Apple (in the person of CEO Tim Cook) is suddenly the knight in shining armour on the side of consumer privacy and civil rights. Apple, after all, is a goliath-sized corporate behemoth with the second largest market cap in US stock market history — what’s in it for them?

As is always the case, to understand why Apple has become so fanatical about customer privacy over the past five years that they’re taking on the US government, you need to follow the money.

[…]

Apple see their long term future as including a global secure payments infrastructure that takes over the role of Visa and Mastercard’s networks — and ultimately of spawning a retail banking subsidiary to provide financial services directly, backed by some of their cash stockpile.

The FBI thought they were asking for a way to unlock a mobile phone, because the FBI is myopically focussed on past criminal investigations, not the future of the technology industry, and the FBI did not understand that they were actually asking for a way to tracelessly unlock and mess with every ATM and credit card on the planet circa 2030 (if not via Apple, then via the other phone OSs, once the festering security fleapit that is Android wakes up and smells the money).

If the FBI get what they want, then the back door will be installed and the next-generation payments infrastructure will be just as prone to fraud as the last-generation card infrastructure, with its card skimmers and identity theft.

And this is why Tim Cook is willing to go to the mattresses with the US department of justice over iOS security: if nobody trusts their iPhone, nobody will be willing to trust the next-generation Apple Bank, and Apple is going to lose their best option for securing their cash pile as it climbs towards the stratosphere.

March 20, 2016

Apple software engineers threaten to quit rather than crack encryption for the government

Filed under: Business, Government, Liberty, Technology, USA — Tags: , , , , — Nicholas @ 02:00

It’s only a rumour rather than a definite stand, but it is a hopeful one for civil liberties:

The spirit of anarchy and anti-establishment still runs strong at Apple. Rather than comply with the government’s requests to develop a so-called “GovtOS” to unlock the iPhone 5c of San Bernardino shooter Syed Rizwan Farook, The New York Times‘ half-dozen sources say that some software engineers may quit instead. “It’s an independent culture and a rebellious one,” former Apple engineering manager Jean-Louis Gassée tells NYT. “If the government tries to compel testimony or action from these engineers, good luck with that.”

Former senior product manager for Apple’s security and privacy division Window Snyder agrees. “If someone attempts to force them to work on something that’s outside their personal values, they can expect to find a position that’s a better fit somewhere else.”

In another instance of Apple’s company culture clashing with what the federal government demands, the development teams are apparently relatively siloed off from one another. It isn’t until a product gets closer to release that disparate teams like hardware and software engineers come together for finalizing a given gizmo. NYT notes that the team of six to 10 engineers needed to develop the back door doesn’t currently exist and that forcing any sort of collaboration would be incredibly difficult, again, due to how Apple works internally.

January 31, 2016

“To be honest, the spooks love PGP”

Filed under: Liberty, Technology — Tags: , , — Nicholas @ 03:00

If nothing else, it’s a needle in their acres of data haystacks. Use of any kind of encryption doesn’t necessarily let CSIS and their foreign friends read your communications, but it alerts them that you think you’ve got something to say that they shouldn’t read:

Although the cops and Feds wont stop banging on and on about encryption – the spies have a different take on the use of crypto.

To be brutally blunt, they love it. Why? Because using detectable encryption technology like PGP, Tor, VPNs and so on, lights you up on the intelligence agencies’ dashboards. Agents and analysts don’t even have to see the contents of the communications – the metadata is enough for g-men to start making your life difficult.

“To be honest, the spooks love PGP,” Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. “It’s really chatty and it gives them a lot of metadata and communication records. PGP is the NSA’s friend.”

Weaver, who has spent much of the last decade investigating NSA techniques, said that all PGP traffic, including who sent it and to whom, is automatically stored and backed up onto tape. This can then be searched as needed when matched with other surveillance data.

Given that the NSA has taps on almost all of the internet’s major trunk routes, the PGP records can be incredibly useful. It’s a simple matter to build a script that can identify one PGP user and then track all their contacts to build a journal of their activities.

Even better is the Mujahedeen Secrets encryption system, which was released by the Global Islamic Media Front to allow Al Qaeda supporters to communicate in private. Weaver said that not only was it even harder to use than PGP, but it was a boon for metadata – since almost anyone using it identified themselves as a potential terrorist.

“It’s brilliant!” enthused Weaver. “Whoever it was at the NSA or GCHQ who invented it give them a big Christmas bonus.”

January 7, 2016

QotD: The right to record police officers

Filed under: Law, Liberty, Quotations, USA — Tags: , , , , — Nicholas @ 01:00

Some advice for the beleaguered and backward states of Illinois, Massachusetts, et al.: If police are not obliged to ask our permission before recording their public encounters with us, then we should not be obliged to ask their permission before recording our public encounters with them. That states generally dominated by so-called progressives should be so insistent upon asymmetric police powers and special privileges for government’s armed agents is surprising only to those who do not understand the basic but seldom-spoken truth about progressivism: The welfare state is the police state.

Why Illinois Republicans are on board is another matter, bringing up the eternal question that conservatives can expect to be revisiting frequently after January: What, exactly, is the point of the Republican party?

Illinois is attempting to resurrect what the state’s politicians pretend is a privacy-protecting anti-surveillance law; in reality, it is the nearly identical reincarnation of the state’s earlier anti-recording law, the main purpose of which was to charge people who record police encounters with a felony, an obvious and heavy-handed means of discouraging such recording. Illinois’s state supreme court threw the law out on the grounds that police do not have a reasonable expectation of privacy when carrying out their duties, though police and politicians argued the contrary — apparently, some part of the meaning of the phrase “public servants” eludes them. The new/old law is, by design, maddeningly vague, and will leave Illinois residents unsure of which encounters may be legally recorded and which may not.

Here is the solution: Pass a law explicitly recognizing the right of citizens to record police officers. It is important to note that such a law would recognize a right rather than create one: Government has no legitimate power to forbid free people from using cameras, audio-recording devices, or telephones in public to document the business of government employees. The statute would only clarify that Americans — even in Illinois — already are entitled to that right.

Kevin D. Williamson, “Prairie State Police State”, National Review, 2014-12-10.

Older Posts »

Powered by WordPress