Thanks to the Internet of Things

Your trash disposal habits might now require a small EMP generator before you can safely throw away a lightbulb.

Recycling is definitely contraindicated without that EMP.  Or a 2 pound sledge (wear eye-protection).

The people scanning the conveyor belt to sort actual trash out of the recycling stream could quickly “monetize” burned out lightbulbs without even the bother of diving into a dumpster, and without any computer skills whatever.

Discarded smart lightbulbs reveal your wifi passwords, stored in the clear

I am quite sure this does not apply only to IoT lightbulbs.

The future is stupid, but not stupider than LIFX management. They sell you electronic security breachers so you can implant them yourself. Which would make you the stupidest.

The engineers at LIFX did not encrypt the RSA key on their “smart” lightbulbs, so an enterprising garbage collector who’d ‘learned to code’ could have root access to your home WiFi because you threw one away.

It isn’t believable that the engineers at LIFX failed to understand this problem.

Therefore, it wasn’t the engineers who decided to ship these Trojan Horses.

Therefore, protestation from LIFX that they’ve cleaned up their act is incredible.

That is, it is as credible as Google and Facebook when they claim they protect your privacy – even though selling it is how they prosper.

This is not to say LIFX planned to harvest your WiFi passwords.  It is to say they just didn’t give a shit.

I can’t wait until lightbulbs speak like HAL… I wonder if you can get HAL’s voice on Alexa or Google Home?

“Light?… Off.”
“Sorry, I can’t do that _your name here_.”

Sadly, most Millennials wouldn’t get the reference, not having seen 2001: A Space Odyessy. I’m sure they are installing these bulbs in their parent’s basements.

Google’s new motto…

Don’t be Facebook.
At Google, of course, that would not mean “respect user’s privacy.” It would mean “don’t get caught.”

I see Facebook CEO Mark Zuckerberg is reacting to his company’s poor user-data stewardship by inviting regulation. Not regulation of his company; he’s asking for political advertising to be regulated.

“Actually, I’m not sure we shouldn’t be regulated,” Zuckerberg said in an interview with CNN that represented some of his first public remarks since the Cambridge Analytica controversy plunged his company into crisis and led to calls for his testimony before Congress.

“I actually think the question is more ‘What is the right regulation?’ rather than ‘Yes or no, should it be regulated?’” Zuckerberg told CNN.

The Facebook CEO said that “he would love to see” new transparency regulations for political advertisements. Facebook has been criticized for a lack of transparency.

OK, Mr. Zuckerberg, I’ll take a shot at “What is the right regulation?”

First, it’s not about political advertising. You’re looking to make government regulation a CYA for Facebook: “Look, we followed the regulations!” You’re asking to “consult” with government on how political advertising should be constrained. Foxes. Henhouse. Plus a helping of partisanship and financial self-interest.

Advertising isn’t the problem. The problem is your business model and its intentional lack of honesty.

The regulation of Facebook, Google, Amazon, Twitter, Apple, etc. should start from the premise that users own their identity data, including when it’s aggregated. This enables micro-payments to those whose data is aggregated, each time it is accessed or updated. Basically, an identity copyright law. You’re using my identity, you have to pay me.

Defining ownership of the data as the individual’s would require absolute positive opt-in – data can’t be sold without payment and unless specific permission is given. Big Data like their interminable click-through contracts; they love changing the terms of service at will; they love hiding the opt-out buttons. We need these contracts re-written. One thing would happen for sure; the mandatory opt-in buttons would be prominent and they would list the payment to be gained.

Granting ownership of users’ data to users also encourages companies who gather and store it to be careful with it as a fiduciary duty. CEO Zuckerberg appears to agree that that is a good idea.

On Wednesday afternoon, Zuckerberg published a post promising to audit and restrict developer access to user data, “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”

He’s right, Facebook doesn’t deserve to serve you for exactly the reason he gave. The word “serve” in that sentence can be interpreted in two very different ways. Zuckerberg is only too happy to “serve” you to advertisers. This attitude is long standing, as noted by the New Yorker in 2010

In [an] exchange leaked to Silicon Alley Insider, Zuckerberg explained to a friend that his control of Facebook gave him access to any information he wanted on any Harvard student:

Zuck: yea so if you ever need info about anyone at harvard

Zuck: just ask

Zuck: i have over 4000 emails, pictures, addresses, sns

Friend: what!? how’d you manage that one?

Zuck: people just submitted it

Zuck: i don’t know why

Zuck: they “trust me”

Zuck: dumb f*cks

Indeed.

While Zuckerberg claims he’s matured since that exchange, “if you ever need any information” nonetheless remains the raison d’être of Facebook. Zuckerberg went on to say, “I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again.” Well, since privacy violations and sleazy ethical conduct just keep happening, he must be a slow learner.

In 2006 Facebook’s introduction of “News Feed” made information public that users had intended to keep private. In 2009, Facebook made posts public by default, when they had been private, again by simply changing its ToS. That attracted the attention of the U.S. Federal Trade Commission. In 2011, Facebook was caught tracking you with its cookies even after you had logged out. Zuckerberg is worried about regulating advertising, but Facebook had no problem in 2013 with the posting of beheading videos. In 2014, the company was forced to acknowledge that it had conducted a psychology experiment intended to manipulate users’ emotions.

The current angst over Cambridge Analytics should be directed at Facebook business practices. The same thing happened in 2012 with the Obama campaign – except with Facebook’s active participation. At the time this was considered a clever advertising use of social media by the Democrats.

So, suddenly, 6 years later, Zuckerberg wants political advertising regulated? You know he made the offer because his lobbyists would write the legislation. It’ll turn into a barrier to competition while likely eroding freedom of speech.

Facebook has repeatedly violated agreements with users, changed ToS without warning, hidden privacy controls deep within users’ profiles, made and allowed unethical use of its data, and directly participated in targeting election advertising. Maybe they’d be more careful, ethical and transparent if you owned the data.

A final word from Zuckerberg:

The real question for me is, do people have the tools that they need in order to make those decisions well? And I think that it’s actually really important that Facebook continually makes it easier and easier to make those decisions… If people feel like they don’t have control over how they’re sharing things, then we’re failing them.

Only one way to fix that. Give them control.

Further reading on owning your own identity:
Who owns your identity?
Google’s Alphabet, “A” is for amoral

Advantage Sanders

Dem sen: Sanders has no ‘interest in foreign policy’

Democratic senator and top Clinton surrogate Claire McCaskill bashed rival Bernie Sanders on the day of the Iowa caucus as lacking the foreign policy chops needed to serve as commander-in-chief…

“He doesn’t have experience and hasn’t shown a great deal of interest in foreign policy, hasn’t really demonstrated the breadth and depth of knowledge you need to lead this country at a dangerous time.”

McCaskill has a point. Mrs. Bill’s interest in sharing state secrets with foreign intelligence agencies is well documented, and we are in a dangerous time.

Thanks, in no small part, to Mrs. Bill.

If only she’d shown a lack of interest in foreign policy, our national security wouldn’t be compromised, Libya wouldn’t be breeding ISIS, four Americans might not have died in Benghazi and she wouldn’t be on the verge of indictment.

At this point

Official: Some Clinton emails ‘too damaging’ to release

The intelligence community has deemed some of Hillary Clinton’s emails “too damaging” to national security to release under any circumstances, according to a U.S. government official close to the ongoing review. A second source, who was not authorized to speak on the record, backed up the finding.

I find it hard to believe that emails intelligence experts declare ““too damaging” to national security to release under any circumstances” can possibly be evidence of mere internecine bureaucratic catfights.

Mrs. Bill says I’m mistaken: Hillary Campaign: Withholding of Emails Just ‘Over-Classification Run Amok’

Hillary Clinton’s campaign insisted today that the former secretary of State wants the release of more than 20 emails determined to have contained top-secret information, calling the withholding “over-classification run amok.”

Indeed: What difference, at this point, does it make? Any interested foreign intelligence services already read them.

It’s a vast intelligence agency conspiracy.

Immigration Policy is national security

The Weekly Standard notes that

Marco Rubio, the Florida senator who is running for president, was among those who voted against the USA Freedom Act. “Just four days before the terrorist attack in California this week, the USA Freedom Act limited our access to critical information about potential threats,” said Rubio’s campaign in a statement provided to THE WEEKLY STANDARD. “Because too many in Washington have failed to grasp the nature of this enemy, we have less access to intelligence information now than we did just days ago. In the wake of Wednesday’s attack on innocent Americans doing nothing more than going about their daily lives, we must act swiftly to reverse the limitations imposed on these critical intelligence programs. Radical jihadists are trying to kill as many Americans as they can. Our law enforcement and intelligence professionals need access to this information. Failing to give them the tools they need to keep Americans safe is dangerous and irresponsible.”

It’s just a bit odd to connect an attack your policy didn’t detect with the efficacy of that policy in preventing such an attack.

Rubio is better spoken than Josh Earnest, but the Senator sounds just like the Press Secretary when the latter was asked for an example of a mass shooting “more gun control” would have prevented.

Our law enforcement and intelligence professionals had the authority Senator Rubio is complaining they lost before the San Bernadino attack. Were they not using it, was it overwhelmingly vast or just useless? Or all three?

Of course, there was intelligence which could have stopped the attack, but law enforcement and intelligence professionals were prevented from using it by the Obama Administration’s exquisite tribalist sensitivities, not by Senators who voted in favor of the Fourth Amendment.

The male shooter in San Bernadino was aligned with a Mosque known to promote radical Islam, but an investigation that would have raised that flag was shut down by Homeland Security on the request of the State Department’s Office of Civil Rights. Killing this investigation can only be viewed as a public relations exercise in political correctness. No profiling!

The female shooter had publicly indicated she supported ISIS long before she was Federally “vetted” on three separate occasions. Federal policy prevented a search of her Facebook account that would have revealed this. On the admittedly flimsy assumption that support for ISIS is disqualifying, she would have been denied the opportunity to shoot anyone in San Bernadino.

Fearing a civil liberties backlash and “bad public relations” for the Obama administration, Homeland Security Secretary Jeh Johnson refused in early 2014 to end the secret U.S. policy that prohibited immigration officials from reviewing the social media messages of all foreign citizens applying for U.S. visas, according to a former senior department official.

“During that time period immigration officials were not allowed to use or review social media as part of the screening process,” John Cohen, a former acting under-secretary at DHS for intelligence and analysis. Cohen is now a national security consultant for ABC News.

Since multiple sources for determinative information which would have put these two under surveillance was ignored – because the approbation of the American elite left was more important to the Obama Administration than protecting Americans – we’re supposed to bend the Fourth Amendment to Senator Rubio’s will? Over an incident where the program he’s pushing failed?

Senator Rubio, if he wants to prevent future terror attacks, might consider directing his fire at the people who failed us with their PC attitude to vetting immigrants. Of course, Rubio has demonstrated he shares a bit of that attitude. He seems not to realize that Immigration Policy is the intersection of Foreign Policy with Domestic Policy. Rubio advances the surveillance state in order to maintain the illusion the two sets of policy are unrelated.

His complaint about the USA Freedom Act boils down to this: We need this intrusion into your life to keep you safe from our incompetence in using the obvious intelligence sources we already have.

Related: Quite a long article, but with a good bit of explanatory power about Cruz and Rubio on foreign and immigration policy. And why they’re attacking each other in precisely the way they are. This addresses some very substantive issues.

YMMV, but I do recommend it. It may assist you in a choice we’ll face if we can ever get rid of the blowhard rug-head.

And let’s finish by examining the Weekly Standard’s intro to the piece in the first link:

Thanks to a law recently passed by Congress and signed into law, federal law enforcement are unable to access phone records of the terrorists who killed or injured dozens of people in San Bernardino this week.

Wrong. All that’s necessary is a subpoena to get the needed records. I’m sure they got one almost instantly. I call Marco Rubio shilling on the Standard.

The database

Donald Trump is taking flak for proposing a “Muslim database.” In fact, this was proposed by a reporter, Trump never said it. Trump’s mistake is that he didn’t address the idea. As if the content of a reporter’s question is his responsibility.

What he did say, however, is worse:

Well, we’re going to have to do things that we never did before. And some people are going to be upset about it, but I think that now everybody is feeling that security is going to rule. And certain things will be done that we never thought would happen in this country in terms of information and learning about the enemy.

The larger point that seems to have gone missing is that there already is a database of Muslims… and tea partiers and ACLU supporters and college protesters and gun owners and Bernie Sanders contributors and… well, what ever filters the NSA wishes to apply to the bulk data they’re collecting.

They already know where you’ve been, if an email had a keyword they’re looking for, your age, your race, your charitable contributions, where you were born, what you’ve purchased, what you read, what you eat and drink, the state of your health and who you’ve called and when. Do you really think they can’t already pretty precisely figure out your religion? A bit of information, moreover, some of you may have already directly declared on some government form or other.

Promises

File Says N.S.A. Found Way to Replace Email Program

So, NSA does not need to collect and store everyone’s email to provide security insights. They told a Clinton “Truth” when they said they shut the program down for “operational and resource reasons” – they meant they found another way to do it.

As far as phone records, all the bulk data is still available from the phone companies – it just requires observance of the 4th Amendment.

When we are asked to trade fundamental civil rights for security by a government that could find no wrongdoing at the IRS, blamed a minor film maker for its own deadly security lapse at Benghazi, runs an airport security agency which misses 95% of weapons it’s tasked with finding, prevaricates about the data it gathers on its own citizens, ignores precise warnings about bomb plots (the Tsarnaevs), refuses to use the words “Radical Islam” even while terrorists shouting “Allahu Akbar!” murder scores – calling the terrorists a lesser threat than climate change – why should we trust their promises regarding our civil rights?

Why, in fact, should we trust such power even to men and women with a good track record? Men and women in government change, sooner or later you get ones like we have now. A “good track record” means preserving and protecting the Bill of Rights.

Security vs Liberty

Leaked NSA doc reveals ‘sheer luck’ needed to find useful info in sea of surveillance data

This is the national security program Marco Rubio apparently puts ahead of the 4th Amendment. It’s actually more like the TSA playing with keyboards.

The NSA didn’t know it was already sitting on a “goldmine” of data on one of its targets until one of its analysts discovered it by “sheer luck,” according to an internal newsletter entry leaked by Edward Snowden.

It increases our chance of getting lucky, but does not fulfill what’s promised in exchange for giving up civil liberties.

None dare call it reason

I’ve been in IT for 47 years. I’ve been responsible for protecting computer networks as CIO. I’ve been extensively involved on both sides of penetration testing and auditing of computer networks. I’ve performed forensic analysis of suspected breaches of computer security.

Any CEO who asked me to do what Hillary Clinton asked her “IT staff” to do would have found my resignation on their desk in less than 60 seconds. Any client would have been fired in less time than that.

Since it’s the Associated Press telling us one of their favored politicians invited hackers, ranging from kiddie scripters to foreign intelligence agencies, to freely peruse the clintonemail.com server: I tend to believe it is true that Hillary Clinton ran a jawdroppingly inept IT operation when she decided to keep her email secret from the Department of which she was head.

She did succeed in keeping her personal email a secret from the Department of State for a long time, which is why they eventually had to ask her to cough up Official Business emails, but it’s mindbogglingly doubtful she kept it secret from anyone else.

She said, at one point, that our government knew she had her own server because they got email addressed from the clintonemail server. Unexplained is how the invitation to invade the server known to be used for official business by SecState was kept from hackers employed by Vladimir Putin, Kim Jong-un, Xi Jinping or Ali Khamenei. Or, for that matter, the thugs who killed four Americans in Benghazi. Or, for that matter, President Obama, who found out from the newspapers.

Even if no foreign government, or terrorist cell, read Department of State email during Mrs. Bill’s tenure, can we afford to assume that to be true? As it stands, we have to assume everything was leaked. That’s worse than if we knew what was leaked: And we don’t know because she deleted 30,000 or so emails on her own recognizance, quite a number of which contradict her claim that she knew what was classified and never sent anything that was. The timing of classification doesn’t even matter.

The guy who set the server up for her is taking the 5th Amendment. Mrs. Bill left all her email in the care of a third party administrator who did not possess the necessary security clearance. She left a copy with her lawyer, another uncleared recipient. She ignored directives from her own department outlawing the use of remote access software as she used it.

And she did this, she claims (or did, at one point), for “convenience.”

Her rash and unconscionable sense of privilege, her toying with classified information at the highest levels of our government, her continual flat out lies about it… All make her unfit for the office she seeks.

Someone should ask her in tonight’s debate, “If you are elected President, do you promise not to use a home brew server for official business?”

Depends on who the definer of "marked" is

According to The Washington Post, Hillary Clinton sent emails from her private server that the State Department redacted for reasons of national security before they (StateDept) released them to the public.

Although government officials deemed the e-mails classified after Clinton left office…

The classified e-mails, contained in thousands of pages of electronic correspondence that the State Department has released, stood out because of the heavy markings blocking out sentences and, in some cases, entire messages.

The State Department officials who redacted the material cited national security as the reason for blocking it from public view.

Lest we blame the Department of State for tardiness in this matter, the first time they knew about these emails was 2 years after she left office and turned over 55,000 printed pages.

“I have said repeatedly that I did not send nor receive classified material and I’m very confident that when this entire process plays out that will be understood by everyone,” she said. “It will prove what I have been saying and it’s not possible for people to look back now some years in the past and draw different conclusions than the ones that were at work at the time. You can make different decisions because things have changed, circumstances have changed, but it doesn’t change the fact that I did not send or receive material marked classified.”

It’s certain that by the time this ends it will be understood by everyone that she kept saying what she says.

Her defense has evolved from “no classified emails were sent or received” to “they weren’t classified at the time” she wrote them. But, it appears failing to do so was a mistake.

In the small fraction of emails made public so far, Reuters has found at least 30 email threads from 2009, representing scores of individual emails, that include what the State Department’s own “Classified” stamps now identify as so-called ‘foreign government information.’ The U.S. government defines this as any information, written or spoken, provided in confidence to U.S. officials by their foreign counterparts.

This sort of information, which the department says Clinton both sent and received in her emails, is the only kind that must be “presumed” classified, in part to protect national security and the integrity of diplomatic interactions, according to U.S. regulations examined by Reuters..

Although it appears to be true for Clinton to say none of her emails included classification markings, a point she and her staff have emphasized, the government’s standard nondisclosure agreement warns people authorized to handle classified information that it may not be marked that way and that it may come in oral form..

Clinton and her senior staff routinely sent foreign government information among themselves on unsecured networks several times a month, if the State Department’s markings are correct. Within the 30 email threads reviewed by Reuters, Clinton herself sent at least 17 emails that contained this sort of information. In at least one case it was to a friend, Sidney Blumenthal, not in government.

The information appears to include privately shared comments by a prime minister, several foreign ministers and a foreign spy chief, unredacted bits of the emails show. Typically, Clinton and her staff first learned the information in private meetings, telephone calls or, less often, in email exchanges with the foreign officials.

That she has said repeatedly she “did not send or receive classified information” (the “marked classified” bit showed up later, as demonstrated in the next paragraph) contains probably the only true thing she’s said about the whole sordid mess: She’s said it repeatedly. One example from her March, 2015 UN press conference:

“I did not email any classified material to anyone on my email. I’m certainly well aware of the classified requirements and did not send classified material.”

As noted here in March, the emails Secretary of State Clinton wrote weren’t marked “classified,” because Secretary of State Clinton didn’t mark them classified when she sent them.

Why not? She’s sloppy with National Security information? She actually does not know the classified requirements? She forgot she was using her own private server?

This is not, as she has portrayed it, some internecine struggle with the intelligence community over the definition of “classified.” The emails she wrote are classified according to the State Department and were classified when she sent them. It’s a security breach whether she recognized that or not. The meaning of “is” in “There is no classified information,” doesn’t change that.

National security information doesn’t become more sensitive over time, it becomes less sensitive. Otherwise, we’d wait forever for release of all the Nixon tapes, military details about the attack on Pearl Harbor and the identity of Benedict Arnold.

Can anyone come up with any explanation excusing Hillary Clinton from the allegation she sent classified email not involving incompetence? Any explanation not leading inexorably to the conclusion that she cannot be trusted with Presidential level information? Anyone?

Bueller? Bueller?