Face Police coming to US Airports...

Newsweek: "Specially trained security personnel" will be watching passengers for "micro-expressions" that will reveal treacherous agendas and insidious intentions at airports around the country. These agents, who may literally hold your fate in their hands have been given a lofty, Orwellian name: 'Behavior Detection Officers.'"

"So while TSA employees are confiscating our scissors and water bottles, they’re going to secretly be staring at us, looking for some telltale sign of terrorist intent in a grimace, a sigh, a crinkled nose"


Creepy, yes. But probably more effective than strip searching toddlers based on inaccurate name matches from a super-duper-secret watchlist, or taking our water away. Can we just be free and get on with it? Take our chances? Not be anal probed OR terrorized?

U.S. to Expand Domestic Use Of Spy Satellites

Wall Street Journal: "The U.S.'s top intelligence official has greatly expanded the range of federal and local authorities who can get access to information from the nation's vast network of spy satellites in the U.S. The decision, made three months ago by Director of National Intelligence Michael McConnell, places for the first time some of the U.S.'s most powerful intelligence-gathering tools at the disposal of domestic security officials.

The move was authorized in a May 25 memo sent to Homeland Security Secretary Michael Chertoff asking his department to facilitate access to the spy network on behalf of civilian agencies and law enforcement.

Until now, only a handful of federal civilian agencies, such as the National Aeronautics and Space Administration and the U.S. Geological Survey, have had access to the most basic spy-satellite imagery, and only for the purpose of scientific and environmental study. "


When did the people represented by the government become separated from it? Why have they become the enemy, to be tagged, cataloged, monitored and watched? Why are we wasting resources watching ourselves? Do you, personally, need to be watched? If the answer is 'no', then any time spent watching you is wasted, and time that could be spent watching someone who needs watching. Why would you support a plan to watch yourself, at great cost and exactly zero impact? Lame.

Warning Label Generator

What more to say? It's a warning label generator! Pick the ominous tone of your warning template, pick your universal symbol, then pop in up to 6 lines of poetic-scary text.

Fun for literally everyone.

US Military rolling out new drones with anti-crowd tech

The Register: "The US military has taken another step forward with its research into 'non-lethal crowd control systems' after reaching back into the disco era for inspiration.

The US Army is looking to deploy a powerful strobe searchlight mounted in a pilotless drone aircraft. The strobe is intended to cause 'immobilisation to all those within the beam'.

Earlier this year the US Marines tested a vehicle-mounted directed microwave cooker which is intended to lightly grill the outer skin layer of troublemakers, causing an 'intense burning sensation' which is nonetheless harmless – or anyway, less harmful than other things which the US Marines might do."


...does make you wonder what they're anticipating.. A crowd abroad, or at home?

FBI conducting multi-year internet porn study

ZDNet: "The FBI appears to have adopted an invasive Internet surveillance technique that collects far more data on innocent Americans than previously has been disclosed."

"Such a technique is broader and potentially more intrusive than the FBI's Carnivore surveillance system, later renamed DCS1000. It raises concerns similar to those stirred by widespread Internet monitoring that the National Security Agency is said to have done, according to documents that have surfaced in one federal lawsuit, and may stretch the bounds of what's legally permissible." On Monday, a Justice Department representative would not immediately answer questions about this kind of surveillance technique.

"What they're doing is even worse than Carnivore," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation who attended the Stanford event. "What they're doing is intercepting everyone and then choosing their targets."



Only a matter of time before the needle-stack makers legislate full data retention at ISPs.. First for the 'war on terr-r', then 'for the children', and later .. well, it will be too late to matter because they won't care what you think. ISP costs go up due to massive storage requirements, innocent Americans will have ALL internet surfing, communications, etc. stored for later perusal by law enforcement, divorce lawyers, the RIAA/MPAA or anyone else who can hack a massively distributed database.

Meanwhile, terrorists and others are unaffected as the needlestack gets larger. But it's not really about that. It's about control. And in the end, the government has the shiny new law enforcement tool they wanted. We're sure it will be useful, but at what cost to the rest of us? And what happens to checks, balances, the fourth amendment, etc. If anything will spur consumer adoption of encryption and Tor-like objects, this will be it.

Stay tuned.

SSH key spoofing at Tor exit nodes?

Seul.org: Looks like someone is running 'evil' TOR exit nodes that are trying to do man-in-the-middle attacks against SSH run through them... Interesting.

Hard to be secure when you can't trust the exit point...

Face search engine will let anyone find every picture of you on the Internets...

New Scientist: "A search engine that uses sophisticated facial recognition to allow users to identify and find people in online images will launch next month. But civil liberties groups say the biometric-style tool could compromise the privacy of anyone who has their picture online."


Yikes. And people have called us paranoid for years because we chose not to be in photographs or put our mugs on the Internets... Nice search tool for stalkers, ID thieves and governments.. Not to mention blackmailers. Or employers who want to pre-screen candidates for 'youthful indiscretions'..

Come to think of it, this is a huge risk to undercover officers, CIA or other covert operatives... Take a picture of someone who's past or loyalty or identity may be suspect, post it to the web, then run a cross index for every photo of this person -- turning up any family photos (and in the process, identifying family members), further leveraging any surrounding ID or metadata to suss out the real identity of the individual in question... This could go very dark very quickly.

It's like a huge internet-wide social network that you can't opt out of.

The idea's out there now (and was originally developed for governments), but it should still die a fiery death on principal.

RFID passports less useful to machines too...

EPIC: "A document obtained by EPIC from the State Department reveals that 2004 government tests found passports with radio frequency identification (RFID) chips that are read 27% to 43% less successfully than the previous Machine Readable Zone technology (two lines of text printed at the bottom of the first page of a passport)."

"Recent reports by the Department of Homeland Security Data Privacy and Integrity Advisory Committee and European experts also recommend against the use of RFID tags in identity documents."


Not particularly surprising on the face of it. What is surprising is that in spite of the above reports (even within DHA), we're all marching headlong into requirements for a fundamentally flawed and insecure system in the name of theater. Blech.


(link via Schneier)

Voting Machines. Need we say more?

AP: "Voting machines began wreaking havoc the minute the polls opened Tuesday, delaying voters in dozens of Indiana and Ohio precincts and leaving some in Florida with little choice but turn to paper ballots instead.

In Cleveland, voters rolled their eyes as election workers fumbled with new voting machines that they couldn't get to start properly.

'We got five machines _ one of them's got to work,' said Willette Scullank, a trouble shooter from the Cuyahoga County, Ohio, elections board.

Election officials in Delaware County, Ind., planned to seek a court order to extend voting after an apparent computer error prevented voters from casting ballots in 75 precincts. Delaware County Clerk Karen Wenger said the cards that activate the machines were programmed incorrectly.

'We are working with precincts one-by-one over the telephone to get the problem fixed,' Wenger said.""


Oh, this is going to go well. There are apparently tens of thousands of lawyers on standby, and the EFF will be taking calls on 'irregularities' at 1-866-OUR-VOTE. Of course, if these horribly insecure boxes are hacked with minimal effort to swing elections, we'll probably never know.

New 'contactless' credit cards are like wearing your data on a t-shirt...

New York Times: "The demonstration revealed potential security and privacy holes in a new generation of credit cards — cards whose data is relayed by radio waves without need of a signature or physical swiping through a machine. Tens of millions of the cards have been issued, and equipment for their use is showing up at a growing number of locations, including CVS pharmacies, McDonald’s restaurants and many movie theaters.

The card companies have implied through their marketing that the data is encrypted to make sure that a digital eavesdropper cannot get any intelligible information. American Express has said its cards incorporate “128-bit encryption,” and J. P. Morgan Chase has said that its cards, which it calls Blink, use “the highest level of encryption allowed by the U.S. government.”

But in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder’s name and other data was being transmitted without encryption and in plain text. They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150."

We'd touched on this topic back in '03 when 'Paypass' was announced, but it's good to see that the card companies continue to spend millions on a solution in search of a problem. Even better that they've found a way to make ID theft and credit card fraud easier than it already is.

File under "WTF?"

Chron.com: "WASHINGTON - Nonlethal weapons such as high-power microwave devices should be used on American citizens in crowd-control situations before they are used on the battlefield, the Air Force secretary said Tuesday.

Domestic use would make it easier to avoid questions in the international community over any possible safety concerns, said Air Force Secretary Michael Wynne.

'If we're not willing to use it here against our fellow citizens, then we should not be willing to use it in a wartime situation,' said Wynne."


There's so much wrong with this one, I'm not even sure where to begin...

US Citizens more likely to die at the hands of law enforcement than terrorists...

Wired News:: "Al-Qaida's attacks on the Pentagon and the World Trade Center killed 2,976 people, and the country recoiled in horror as we witnessed the death of thousands of Americans when the towers fell.

In the five years since that shattering day, the government has spent billions on anti-terrorism projects, instituted a color-coded alert system that has never been green, banned fingernail clippers and water bottles from airplanes, launched a pre-emptive war on false pretenses, and advised citizens to stock up on duct tape and plastic sheeting.

But despite the never-ending litany of warnings and endless stories of half-baked plots foiled, how likely are you, statistically speaking, to die from a terrorist attack?"


Fascinating return to rational thought... Victims of terror aren't the actual targets. We are. Live, love, laugh, and their power dissapears. The handy reference guide above (courtesy Wired) illustrating number of deaths per cause over the past 11 years should help put things back in perspective... How to win against terrorists? Simple. Don't be terrorized.

Well, the Germans were always good at numbering people...

SecurityFocus: "The U.S. government is going forward with the public deployment of its electronic passport, ordering millions of the wireless chips from semiconductor firm Infineon to place in the back cover of the nation's travel document, the German company announced on Monday."

"at the latest Black Hat Briefings security conference, a German researchers showed how someone could read the data out from a passport and clone the functions of the digital document using a smart-card chip. The Smart Card Alliance, an industry group, dismissed the significance of the finding."


Note: The cloneable insecure identity-laden spychips can easily be negated with a few seconds in a microwave before traveling...

Security Theater: Shoe-scanning x-rays cannot detect explosives

AP: "X-ray machines that screen airline passengers' shoes cannot detect explosives, according to a Homeland Security Department report on aviation screening.

Findings from the report, obtained by The Associated Press, did not stop the Transportation Security Administration from announcing Sunday that all airline passengers must remove their shoes and run them through X-ray machines before boarding commercial aircraft."


This is just dumb. Why inconvenience millions for no good purpose? Theater.

Prepare for an influx of greasy-headed tourists...

AP: "In major U.S. airports, guards armed with rifles stood at security checkpoints, and passengers were met by signs warning that all liquids were now banned from carry-on luggage."


Well.. one fundamental phase of matter down, only a few more to go. Good luck banning solids. Although it must be pointed out that passengers are now technically banned, as they are mostly comprised of liquid...

Al-Quota -- innocents landing on 'terror' watchlists...

TheDenverChannel.com : "You could be on a secret government database or watch list for simply taking a picture on an airplane. Some federal air marshals say they're reporting your actions to meet a quota, even though some top officials deny it.

The air marshals, whose identities are being concealed, told 7NEWS that they're required to submit at least one report a month. If they don't, there's no raise, no bonus, no awards and no special assignments.

'Innocent passengers are being entered into an international intelligence database as suspicious persons, acting in a suspicious manner on an aircraft ... and they did nothing wrong,' said one federal air marshal."


Lovely. Not like the watch list data was clean to start with, but whatever. Effective use of tax dollars for theater...

California DMV preps for National ID card rush...

SF Chronicle: "Starting in 2008, all 22 million licensed California drivers will be required to go in person to a DMV office and prove their identity and address with three different documents before getting a new, federally approved state license."

"The Real ID Act requires every state to issue driver's licenses that comply with a national standard. The goal is to prevent fraud and make sure people applying for licenses are who they say they are and do not pose security risks.

The perpetrators of the Sept. 11 attacks had valid licenses, which allowed them to board airplanes."


So since the terrorists had real and valid licenses, we should require a different license? dumb. Keeping in mind that knowing someone's name does exactly zero to indicate intent.. It's appropriate that these madates are referred to as 'Acts' given the 'security theater' going on.. Won't stop a terrorist. Won't do squat.

Criteria: have to bring someone's birth certificate and two bills with the same name on them. No verification. Nice. Lovely thing is that anyone can print a birth certificate, and all that's required to set up ultilities (if you don't just steal bills from a mailbox first) is a driver's license. Old ones work just fine. You can buy those on the street (timetable for street vendors to sell federal IDs? 2008.) Whatever. The terrorists had valid licenses. Intent is the issue. Not a name you can bootstrap your way into through other insecure documents.