Thursday, April 29, 2010

Electronics OpSec

Electronic devices make our lives much easier.  Almost without exception, they also leave a trail of data that can easily be mined to paint a picture of your actions - legitimately or not.

Email.  For instance, I'm no fan of Goldman Sachs, for a huge number of reasons.  We all just saw the public flogging they received over a handful of emails where they crudely discussed how much money they were going to make from a declining real estate market.  Goldman provided over 20 million pages of email messages, and a dozen or so were plucked from that pile, supposedly to paint a picture of how the company operates.

Emails have brought down the forward momentum of the Global Warming zealots when a hacker published some sensitive messages.  Governor Mark Sanford's mistress came to light because of emails.

If it's not something you don't want the world to see, don't send it via email.  You may have sent an email to a Goldman address from a personal account.  It went to their business account, so it's now fair game.  Hell, if you send an email to a friend's personal account, and THEY forward it to someone's business account, tag, you're it.

Photocopies.  In the past, if you made a copy of something and then decided it wasn't a good idea to have it in print, you simply found the closest shredder or fireplace, and destroyed the evidence.

No more.

Virtually every photocopier contains a hard drive.  Every single copy that is made is also copied to the hard drive.  If you have a business plan, strategic marketing piece or anything that is sensitive, and you run down to Kinko's to burn a quick copy, it's now there for all the world to see.

If you're at work and print off something from the internet, it will likely be on a print server somewhere AND on the hard drive of the printer.
One of the machines had been used by the Buffalo, N.Y., Police Sex Crimes Division. The hard drive from it yielded “detailed domestic violence complaints and a list of wanted sex offenders.” A second machine from the Buffalo Police Narcotics Unit, contained “targets in a major drug raid. ” On the third machine, once used by a New York construction company, CBS News and Juntunen found “design plans for a building near Ground Zero in Manhattan; 95 pages of pay stubs with names, addresses and social security numbers; and $40,000 in copied checks.”
Cell phones.  If you make a phone call, assume it is being recorded, because it is.  That doesn't mean your conversation will be acted upon, but it's still there.  If you think that's being paranoid, just read up on the FISA/Warrantless Wiretapping that went on during the Bush administration.  It continues with the Obama administration.

Virtually every new phone also has a GPS, and they work even if it is turned off.  You must remove the battery to disable the tracking feature.  It's for your own good, though.
The Federal Communications Commission has mandated that the majority of wireless providers be able to provide location information for 911 calls for the originating cellular phone so that emergency services can find the callers.
(...)
Carriers can either provide the location information that resides in the cellular network (triangulation of location based on the distance of the cell phone's signal to nearby cellular towers), or they can rely on satellite data from global positioning system (GPS) chips embedded in the handsets of their customers. Wireless carriers using CDMA technology, such as Verizon and Sprint Nextel, use GPS technology to fulfill E911 requirements. AT&T and T-Mobile use network-based technology that computes a phone's location using signal analysis and triangulation between towers.

Location-tracking features have privacy implications both from a law enforcement and behavioral marketing standpoint. Under certain circumstances, law enforcement personnel may obtain either retrospective (past) or prospective (future) locational data.
If you're doing something that you don't want anyone to know about - legal or not - don't take or use a cell phone.

GPS - OnStar.  Speaking of GPS, if you own a vehicle with OnStar, you are fairly begging to have your privacy invaded.  You may be saying, "My car has OnStar, but I don't have the service turned on," and feel you're "safe".

Think again. OnStar can be remotely turned on.

If you've signed up for the service, and you're having a conversation, you can have that conversation listened to.  Now, it has been found to be illegal for the government to do this without a warrant, so I'm sure it never happens.  Yeah.
The police are investigating a crime. They ask OnStar where your car was on a certain date and time, to corroborate an alibi. Or what if you're in a crash and the other guy's attorney would like to know how fast you were driving when you ran the red light? Would OnStar surrender the information? "OnStar is required to locate the car to comply with legal requirements, including valid court orders showing probable cause in criminal investigations." And OnStar may use gathered information to "protect the rights, property, or safety of you or others."

Imagine the following scenario. The FBI shows up at OnStar master command and tells them your car's been stolen by a terrorist, who may be using it to commit a crime at this very moment. Contacting the owner is out of the question; the owner may also be a terrorist. What does OnStar do? They cooperate with the FBI and give them everything they've got on your car. No warrant needed and no notification to you. Hell, you may not even have the service enabled.

In other words, you not only have to trust OnStar to protect your privacy, you have to trust the police not to ask the questions in the first place.
Credit and debit cards.  Cash is king, especially where privacy is concerned.  Debit and credit cards build a profile of your buying patterns.

Online ammo purchases.  Range time buys with your debit card.  A credit card purchase of that newest "black rifle".  More ammo purchases and maybe some training.

Pretty easy to paint the picture of a gun-nut to a jury of citizens inundated with stories of "domestic terrorists".

Throw in online purchases of buckets and lids for food storage, books from Amazon on emergency preparedness, gas masks that provide NBC protection and water filters to purify 20,000 gallons of water, and you can be painted as one of those, "survivalist extremists" instead of a person that is preparing for uncertain times.

Accept The Challenge

What's the saying?  "Just because you're paranoid doesn't mean they're not after you".

I hear so many people say things along the lines of, "If you're not doing anything wrong, you should have nothing to hide."  That drives me crazy.

The statement presumes the government has the right to monitor your activities.  It attempts to nullify your right to privacy.  When someone says the Constitution doesn't grant us the right to privacy, I point them to the Ninth Amendment -
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Basically, just because a right isn't specifically listed doesn't mean we don't have it.  The Tenth Amendment then says that the government is precluded from invading our privacy, because the power to do so was not specifically granted to them -
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
Yet here we are.

We must act pragmatically.  What you do, buy, say and practice are tracked if they're done using some electronic medium.  The magazines to which you subscribe, the clubs you join, the candidates which you support and the opinions you espouse are all logged and available for inspection.

What would your "profile" look like?

---  
Please click our advertiser links. They pay us so you don't have to. A click a day is all we ask! Copyright 2010 Bison Risk Management Associates. All rights reserved. You are encouraged to repost this information so long as it is credited to Bison Risk Management Associates. www.BisonRMA.com

3 comments:

  1. Buying a handgun creates a record. Doesn't this create enough of a flag that avoiding the other stuff you mention won't help much at that point? How about having a Title II weapon? At that point, why bother? (That is, with using cash to buy ammo, range time, preps, etc.) If "lists" are really maintained (don't know if they are, but it's possible), you're on it. Done. Do you disagree? What is the smart action then? Something I'm wondering.

    Nice blog, btw.

    R

    ReplyDelete
  2. Also, do you know of any "anonymity solutions" for cellphones. I know they exist for websurfing - have you got a favorite for that either?

    Thanx,
    R

    ReplyDelete
  3. Anon, not all guns in possession have a sales/registration record - even here in California.

    I can recommend Secure-Tunnel.com as an email anonymity solution. I know there are many others out there as well.

    Cell phones? I haven't looked into that, but off the top of my head, it would seem that one solution would be to buy the cheap phones that don't require a contract. Just buy the air time cards. I have no idea what kind of ID they require for the phones or the air time cards.

    ReplyDelete