Brett's Blog

Just some ramblings.

Barking up the Encryption Tree. You're doing it wrong.

Barking up the Encryption Tree.  You're doing it wrong.

There always comes a time when an obscure, yet important concept, leaves the technical world and enters the main stream.  Recovering deleted files was one of those where we pretty much knew all along not only that it can be done, but that we have been doing it all along. The Snowden releases were another aspect of ‘yeah, we knew this all along, but the GFP (general f’ing public) was oblivious.

Encryption is just the most current ‘old’ thing to make the limelight.  Whenever something like this happens, there are ton of people ringing the end-of-the-world bells, clamoring that national security will be lost, and personal freedoms take a back seat to everything.  It happens all the time and when it happens, there is a fire to make new laws on top of thousands of other laws, in which the promise of better safety and security is as strong as a wet paper bag holding your groceries on a windy and rainy day.

b2ap3_thumbnail_bancalifornia.JPG

Legally, it is super easy to ban, control, and/or regulate encryption. A stroke of the pen with or without citizen oversight can make it happen quickly and painlessly.  One signature on the last page of a law that is a ream in size is all it takes.

Practically, it is impossible to completely eliminate or control or regulate encryption.  The only thing laws will do is restrict the sale of encryption products by corporations.  Encryption exists in the minds of mathematical practitioners and can be recreated over and over again. You can't blank out someone’s brain (I hope not…).  Encryption is available everywhere on the Internet, from software programs that are FREE and OPEN SOURCE to download and even in TOYS that can be bought off Amazon.com.  These 'toys' work by the way.

...
Continue reading
868 Hits
0 Comments

The four corners of the Apple v FBI encryption debacle

The four corners of the Apple v FBI encryption debacle

If only the FBI had picked a case where the issue was clear cut…that would make this encryption issue so much easier.

  1. The FBI doesn’t want Apple to simply “unlock” the phone.

Apple (and just about every other high tech company) has been unlocking devices and allowing access to data for law enforcement for decades.  That’s not the issue here.  The FBI wants the encryption to be broken. They want software to be rewritten or written that compromises security features. That’s a lot different than just unlocking a device.  That request breaks security.  Worse yet, it sets a precedent.  Law enforcement knows about precedent setting laws. Sometimes it is good, but sometimes it is not.

  1. It’s not the end of the world if encryption is broken.

Our lights will still turn on. Cars will still run.  Kids will still be able to go to school.  However, online payment systems will be as protected as a wet paper bag, secure communications will be as secure as Windows 3.1, and anything you send electronically is fair game to hackers (and government).  But don’t worry. If encryption is banned or broken, there will still be those able to use encryption (hint: one is government and the other is not law-abiding citizens).

  1. “Terrorist will Go Dark” is the best marketing ever created by government. 

The only time terrorists are not operating in the dark is when they use social media in the open, print terrorism training manuals (which are then posted online), and killing people in the open.  Plus, they still have to drive, fly, walk, eat, sleep, talk, go to the doctor, read a book, watch TV, and surf the Internet.  Terrorist and criminals have all the faults of ‘regular’ folks like complacency, laziness, incompetence, and bad luck when they plan and commit terrorist acts.  I've published two books on catching criminals (and terrorists) with online and forensic investigations.  You can put both books in the hands of a terrorist and the methods to find and catch them will still work.  "Going dark"? If a criminal or terrorist can do all the things needed to carry out their devious plans in encrypted emails ONLY, their plans are going to stink.  Planning an attack or conspiring to commit a crime requires way more than sending encrypted emails.  Working undercover in criminal organizations did teach me a thing or two in how it really works and how they really think and plan.

  1. You have nothing to hide, so what’s the big deal?

The government claims that since you cannot build a house that is impenetrable, you should not have use of encryption that can’t be broken.  Well..if I could make my home impenetrable, you bet I would. If I could buy a safe that was unbreakable, I would.  They just don’t exist.  It’s not that I have anything illegal to hide in a safe, but I don’t want anyone to steal what I have.  It’s not that I have anything top secret in an email, but I just don’t want strangers reading what I am sending to a friend, or to a business colleague.  The point is NOT having something to hide, but rather, NOT hanging my underwear in the front yard on a clothesline for anyone to see or steal (that is, if they wanted to steal my undies…).

...
Continue reading
1380 Hits
0 Comments

Let's not go all Patriot Act on this Apple - FBI encryption thing.

Let's not go all  Patriot Act on this Apple - FBI encryption thing.

I’ve been involved in about a half dozen conversations, three different email threads, and twice as many emails with friends and clients about this Apple – FBI encryption issue.   It seems to be a divided opinion with no compromise, at least as far as I can see.

 

FBI's Fight With Apple Over Encryption May Erode European Trust in US - Newsweek

http://news.google.com Sat, 20 Feb 2016 19:24:00 GMT

...
Continue reading
1348 Hits
0 Comments

Apple. Oranges. And Encryption.

Apple. Oranges. And Encryption.

One of the hottest topics currently is the FBI vs Apple battle over encryption, in that the FBI wants Apple to rewrite their operating system in order for law enforcement to bypass Apple’s encryption.  The arguments on both sides are strong. Law enforcement must have the ability to bypass encryption in the name of national security.  Conversely, consumers (in the USA at least) are afforded protections in the Constitution against unreasonable search and seizure.  The third part of this argument is security and safety of ALL electronic data.  If the legal argument stands that encryption is outlawed, that puts all data at risk of being compromised by criminals, disgruntled employees, and lackadaisical custodians of data.

Apple Fights Order to Unlock San Bernardino Gunman's iPhone - New York Times

http://news.google.com Thu, 18 Feb 2016 02:59:37 GMT

New York TimesApple Fights Order to Unlock San Bernardino Gunman's iPhoneNew York TimesApple executives had hoped to resolve the impasse without having to rewrite their own encryption software. They were frustrated that the Justice Department had aired its demand in public, according to an industry executive with knowledge of the case ...Google's CEO just sided with Apple in the encryption debateThe VergeOn Apple, the FBI, encryption, and why you should be worriedVentureBeatApple, The FBI And iP ...

Read more ...

...
Continue reading
823 Hits
2 Comments

Bio-hacked humans and digital forensic issues...

Bio-hacked humans and digital forensic issues...

If you thought The Grudge was the scariest thing you’ve seen on screen, you must have not yet watched Showtime’s ‘The Dark Net’.  In short, the series show how humans are procreating less and merging digitally into technology with bio-hacks. That makes for a bad combination on a few different levels.

Without getting into non-techical issues (such as moral, ethical, or legal), I have a technical question: How the heck are we going to going to do a forensic analysis of a bio-hacked…human?

Before the human race ends up looking like robots, we are already in the era of implanting electronic data devices in our bodies.  Check out http://dangerousthings.com to find how you too can jab an injection device into your hand and shoot a RFID under your skin…all by doing it yourself. As for me, I don't think I'll be joining in that movement anytime soon.

RFID (http://en.wikipedia.org/wiki/Radio-frequency_identification) tags store data. Data such as medical, financial, personal, or any type of information can be stored on a RFID tag, although the amount is quite limited currently (2-10 kilobytes?).  That's not much data, but depending on the content, it may be more than enough to cause a war or bankrupt a company.

...
Continue reading
1288 Hits
1 Comment

What is this thing "privacy" you speak of?

What is this thing "privacy" you speak of?

 

I luckily missed being born into the Internet generation.  Facebook creeped me out with the amount of information demanded to create an account.  It took me all of 1 minute to create an account, 5 minutes to decide to delete it, and then two hours to figure out how. That was years ago and I still receive email reminders from Facebook to re-join with all my information still in the deleted  account, as if I never deleted it. If you ever wondered what Mark Zuckerberg thought of Facebook users, you may want to take a look...http://www.businessinsider.com/well-these-new-zuckerberg-ims-wont-help-facebooks-privacy-problems-2010-5 

Perhaps a decade of working undercover has made me ultra-paranoid on personal information. At the time of doing UC work, I had little concern of sitting in an illegal business, having dinner with an organized crime figure and having one of his goons run me through Google, because there was no Google when I first started. That changed before I left the narc world and an undercover friend of mine was identified with Internet searches (while he was in the midst of a group of bad guys). If I was still doing undercover work, I'd no longer be doing undercover work. Thanks Google...

I can imagine that being born into the Internet age means never knowing what privacy is, nor have any concern about it all. Kids are literally texting in grade school, Facebooking in middle school, and blogging by high school.  Every generation now willfully gives up every aspect of their lives on social media and to buy some gadget online.

So when I see that the majority of people could care less about their most intimate and private details of their lives, it gives me pause. If you don’t think your Internet searches and web browsing is intimate, take a look at your web history and tell me that you don’t have some secrets in what you look at that you wouldn’t want anyone else to know about you. Health, wealth, and interests. How much more intimate can you get?

...
Continue reading
1125 Hits
0 Comments

Massive Government Surveillance - Not a new thing

I'm close to wrapping up my latest book, Hiding Behind the Keyboard. One of the more interesting things I found while researching the electronic surveillance chapter is a historical note of massive electronic surveillance...way back in the early  1890s

Considering that government surveillance is one of the hottest topics today, no doubt brought into the spotlight by Edward Snowden, I found this one historical bit of surveillance in New York to be a reminder that electronic surveillance has been around much longer than what the average person may know.

Before getting into the New York Police massive surveillance story, you should know that wiretapping has been around as long as communicating electronically has existed.  For example, as soon as the telegraph was used, the telegraph communications were intercepted. During the Civil War, a "wire tapper" was an actual job in the war to intercept telegraphs!  But that's not what I mean in regards to mass goverment surveillance. The New York Police Department's history with wiretaps is what I found to be really interesting, even more interesting than the NSA surveillance disclosures

In short, back in the late 1800s, New York made wiretapping a felony but the NYPD believed they were above this law. They tapped people at whim and without warrants, including tapping Catholic priests.

In fact, NYPD quickly discovered that they could tap into any phone line of the New York Telephone Company, at anytime  to listen to any person on the line. They even tapped into hotels to listen to hotel any guest.

...
Continue reading
1157 Hits
0 Comments