Category Archives: Creeping Totalitarianism

FBI vs. Apple: Might Is Not So Right

If Manhattan DA Cy Vance’s New York Times op-ed supporting the FBI’s attempt to force Apple to unlock an iPhone was annoying, then prosecutor Andrew King’s blog post at Fault Lines is infuriating. Starting with the title, “Uncle Sam can Compel Apple — Whether You Like It Or Not,” King’s argument about the FBI’s demand on Apple seems to boil down to a simple message: Fuck you, do as you’re told.

Persons and things can be examined and seized under the Fourth Amendment. Parties in court cases can compel witnesses to attend trials. Non-parties to civil and criminal cases can be forced to produce documents and other items on behalf of private parties.

Those examples are a little different from what the FBI is demanding of Apple. The court order isn’t for Apple employees to testify in a trial or turn over evidence in Apple’s possession. The FBI is demanding that Apple use its resources to develop a piece of software for the FBI.

To see why that’s a problem, let’s consider a few thought experiments. Suppose the FBI wins all its legal maneuvers and gets a solid ruling that Apple must develop the iPhone-cracking software for the FBI or else (for values of or else that include lengthy contempt sentences for Apple’s corporate officers). Now suppose that on the very day of that ruling, every single Apple software engineer quits their job. What could the FBI do then?

It’s not the Apple corporate officers’ fault that all the engineers quit — Apple has no way to prevent employees from leaving. And in any case, threatening the corporate officers with jail won’t get the software written, because they don’t know how. So what alternatives does the FBI have? Force the engineers to come back to work at Apple? Get court orders against individual software engineers, forcing them to write code for the FBI?

If that scenario is too fanciful for you, let’s try something a little more realistic. Suppose Apple unlocks the phone, and the FBI agents discover that the owner used a third-party iPhone app to store encrypted notes. The FBI now has yet another layer of encryption to get through, so now they need to get another court order to force the app developer to help them. But what if instead of a behemoth like Apple, the app developer is a tiny one-man software shop? Would the FBI actually force an innocent software developer to spend months writing software for them?

Would we want them to have that power? I don’t think so, at least not since the ratification of the Thirteenth Amendment. Because forcing people to work for your benefit is pretty much the definition of slavery.

Don’t get me wrong, I’m not saying that forcing Apple or their developers to write software for the FBI is exactly the same thing as historic American chattel slavery. What I am saying, however, is that both kinds of involuntary labor are bad for the same reasons. If you made a map of all the evils in the world, plantation slavery would be out at the extreme edge, but they’d both be in the same direction. And that’s a similarity we should take notice of.

You may think I’m being over-the-top by comparing FBI vs. Apple to slavery, but Andrew King goes there himself:

And it’s not just the judicial branch, law enforcement has historically had the power to force local citizens to join a posse. So too was the interment of people based solely on their ancestry found to be legitimate. Of course there’s still selective service—soon to include the other half of the population.

None of that is to say that the government always uses that power wisely. For example, the Fugitive Slave Act compelled Northerners to aid in the capture of fleeing slaves and likely hastened the onset of war.

I honestly don’t know what to make of this. To bolster his argument that the government has the authority to compel Apple to write software, King is invoking conscription, the Japanese internment, and slavery? Those are not exactly our government’s most admired accomplishments. Slavery and internment are widely regarded as evil, and conscription has been kicked to the curb.

Is he trolling us? I mean, it sounds like something a troll would say to piss people off: Of course we can force Apple programmers to write code. After all, we forced the Negroes to pick cotton, right? And calling the Fugitive Slave Act “unwise” is letting it off pretty easy. Slavery isn’t just a bad idea, it’s a crime against humanity.

Or am I missing the sarcasm? Perhaps he’s linking the Apple court order to the evils of conscription, internment, and slavery as a way to ironically point out what a bad idea it is. “Yeah, forcing people to work against their will, that never turns out badly…”

I think he means it, though, because of statements like this:

But the wisdom of the government exercising authority is not the same thing as whether the government has the authority.

King’s definition of authority seems to be nothing more than the capacity and will to use violence. In that sense, of course, he’s right about the Apple situation. The government certainly could send SWAT teams to seize Apple facilities by force of arms and compel its software developers to write code for the FBI. If authority doesn’t need to have limits or legitimacy, then the government has the authority to do whatever it wants.

[The] assertion that the government can coerce private citizens to act in certain ways is both mundane and incontestable.

You know what else is both mundane and incontestable? That private citizens can use violence to coerce other private citizens. It happens all the time. If might makes right, and there’s no need for moral authority or limits to power, then how does the thug have any less authority than the police officer? And why should we assume there is a difference between them? It’s certainly not an argument that leads to respect for the criminal justice system. It’s Fuck you, do as you’re told.

Fighting Crime…With Homelessness

Just when I thought I’d heard every awful thing in the criminal justice system —

Actually, I’ve learned by now that the criminal justice system is an unending source of unjust practices and terrible outcomes, so let me start again…

It’s been a while since I heard any new stories about awful things in the criminal justice system, but that’s remedied today in this depressing story from ProPublica writer Sarah Ryley, which begins with an anecdote about what can happen to drug suspects in New York City, even after they are exonerated:

Finally, the results confirmed what she had told the officers all along: the wooden tray and the 45 paper cups of powder were drug-free. Jameelah El-Shabazz and Shakoor were released from Rikers and fully exonerated.

But El-Shabazz’s battle with New York’s legal system was only beginning. That September, another of her sons called to say the police were back, this time with a lawyer and a court order to seal the Bronx apartment. Her entire family had to leave — immediately.

El-Shabazz was facing a nuisance abatement action, a little-known type of lawsuit that gives the city the power to shut down places it claims are being used for illegal purposes. The case against her was based on the same drug allegations that had been dismissed in May.

As you might guess if you’re familiar with this sort of thing, it’s yet another situation where the state can use civil court proceedings to punish people for a crime without having to convict them of a crime or even charge them. In this case, the legal action was originally created to shut down business locations that had a lot of criminal activity (e.g. prostitution), but the NYPD now uses it to kick people out of their homes.

Three-quarters of the cases begin with secret court orders that lock residents until the case is resolved. The police need a judge’s signoff, but residents aren’t notified and thus have no chance to tell their side of the story until they’ve already been locked out for days. And because these are civil actions, residents also have no right to an attorney.

The story is filled with infuriating details:

Luis Rivera, 58, was shut out of his apartment in the Bronx for nearly a month in 2013 while he fought his case. […]

Rivera was described by people who knew him as having significant mental and physical impairments. […]

“He was not doing good at all,” she said. “He had cancer; he was on the transplant list. You could tell he was very sick. There were times when he didn’t remember what was what. He would shit on himself and everything.”

In court filings, Rivera said he did not understand what was happening when the police arrested him a second time as they served him with the nuisance abatement action. When he was released, he simply went home, then was arrested a third time for violating a temporary closing order.

“My understanding was that I could go back to my apartment because I was given my keys. I was handed some papers but I am not able to read or understand them on my own,” he said in an affidavit filed through his attorney, Rajagopal. “I am still very confused as to how or why the police were able to evict me from my home without a hearing or trial.”

I’m not a lawyer, but to me the justification sounds similar in concept to they way in rem civil forfeiture is justified:

Assistant Commissioner Robert Messner, who heads the NYPD’s Civil Enforcement Unit, concurred, saying, “You have to remember, it’s an action about a place. It’s not about people.”

Get it? They’re not kicking people out of their homes, not at all, they’re just preventing the homes from having people in them. It’s a totally different thing. Because asshats like Assistant Commissioner Robert Messner say it is.

And why would you need protections just for kicking people out of their homes? Can’t we trust the police?

The narcotics officer behind nuisance abatement cases against El-Shabazz and others, Detective Peter Valentin, has his own history. The Daily News earlier identified him as the most-sued officer on the NYPD’s 35,000-member force. Valentin was put on desk duty in 2014 for allegedly fabricating buys from confidential informants.

The idea for nuisance abatement actions shares a familiar history with other abusive policies:

William Bratton, fresh into his first tenure as the city’s top law enforcement official, hailed such actions in a 1995 white paper on quality-of-life policing as “probably the most powerful civil tool available to the police,” allowing officers to “sweep down on a location and close it without warning.”

And without any of that pesky due process. The NYPD usually asks a judge for an emergency order to kick residents out immediately, rather than waiting a few days to allow them to get a lawyer and come to court. The argument for an emergency is that the location is dangerous and there’s no time to wait. Apparently, few judges question the sincerity of this claim, even though the paperwork often shows that the NYPD has been sitting on the evidence of this supposed emergency for months.

NYPD’s Messner said his lawyers “talk to” the precinct officers to confirm the location still poses a problem, but don’t include this information in court filings for the sake of efficiency.

A person less charitable than me might suggest that the real reason they don’t include this information in court filings is that it’s not actually true.

“The judges don’t want to read tomes,” he said. “We could do 100 cases a year instead of 800 cases a year, with, you know, tremendous levels of detail. But we wouldn’t end up with a better product.  We’d just end up helping a lot less people.”

In other words, giving New York residents due process just isn’t in the budget.

Naturally, once people are kicked out of their homes, the NYPD can use the possibility of returning as a bargaining chip:

At the courthouse, the NYPD’s attorney usually offers to settle the case without going to trial — often by requiring tenants to bar specific people from their homes or to give up their leases. Then the closing order is lifted.

But if tenants decide to fight the case, they may not be allowed to go home until the case is resolved. Though cases rarely go to trial, settlement negotiations can take weeks.

That results in situations like this:

Juan Vadi, a 53-year-old recovering addict, pleaded guilty to misdemeanor drug possession and was fined $500 after police turned up a Ziploc bag of crack, two pipes and a plate with crack residue, and a marijuana grinder during a search of his parents’ Jamaica, Queens apartment.

Eight months later, police issued a nuisance abatement action detailing the arrest and claiming Vadi was using the apartment to sell crack. He insisted he would never sell drugs from the family home, where multiple generations share four bedrooms, and said he believes an acquaintance who always seemed to get arrested but never did any time fabricated allegations about buying drugs there. Nonetheless, in order to protect his family members from losing their home, Vadi agreed never to sleep there again for the rest of his life.

That sort of provision is not unusual:

The settlements often impose provisions that critics say erode tenants’ constitutional rights. The Daily News and ProPublica identified 74 cases in which tenants or homeowners agreed to allow warrantless searches in order to get back into their homes. They routinely waive their right to sue, and promise to vacate the home immediately and surrender their lease without going before a judge if accused of wrongdoing in the future.


Otero signed a settlement that says the NYPD can make unannounced inspections for a year, and if anyone besides her and her son are found in the apartment during the first six months, she will immediately surrender her lease.


Some of those facing nuisance abatement actions told the Daily News and ProPublica they thought the NYPD attorney was actually there to give them advice, unaware they weren’t entitled to free counsel and that the attorney actually represented the other side.

I’m sure it was an unfortunate and totally accidental misunderstanding.

By the way, if you’re wondering what kind of person makes it their life’s mission to throw people out of their homes, all I can say is that Assistant Commissioner Robert Messner sure has the ego to be a sociopath:

Messner said he was pleased that his staff’s caseload increased even as the department was cut from 65 to 55 people. “I’m an astronomically good manager,” he said. “This is an efficient way to address crime and provide police services.”

Yeah…I’m guessing this isn’t the only awful NYPD shit he’s been into over the years.

There are a whole lot more details in Sarah Ryley’s story. Read the whole thing.




A Few Notes About Obama’s Anti-Terror Plan

So President Obama gave a short speech about his administration’s plan to fight terrorism in the wake of the possibly ISIS-linked shootings in San Bernardino. I don’t know enough about the subject to comment on his foreign policy plans. On the domestic side, however, I saw a few things I want to bitch about:

I will urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice.

He’s not being very specific, but I’m pretty sure this means that the law enforcement establishment is going to take another run at banning strong encryption. The folks in charge hate the idea that regular people might be keeping secrets from them.

Congress should act to make sure no one on a no-fly list is able to buy a gun. What could possibly be the argument for allowing a terrorist suspect to buy a semi-automatic weapon?

The argument is simple: “Suspect.” Or if you prefer two words: Due process.

Getting on the no-fly list doesn’t require a criminal conviction or any other kind of due process. It’s done in secret, by secret people, for secret reasons. That means it can happen for any reason at all. Or no reason at all. In one of the few cases where we know why someone was placed on the no-fly list, it turned out that an agent had literally checked the wrong box. Most of the time, we don’t know why someone is on the list, and if you find out you’re on it, the procedure for contesting your inclusion is a piss-poor excuse for due process.

Look, if you want to keep some people from buying guns, we already have a process. It’s called a felony conviction. We do it hundreds of thousands of times a year. The no-fly list is a constitutional abomination that allows bureaucrats to arbitrarily and secretly curtail people’s right to fly. It has no place in a free society, and we should be eliminating it rather than trying to subject even more American rights to its infringements.

We also need to make it harder for people to buy powerful assault weapons like the ones that were used in San Bernardino. […] But the fact is that our intelligence and law enforcement agencies — no matter how effective they are — cannot identify every would-be mass shooter, whether that individual is motivated by ISIL or some other hateful ideology. What we can do — and must do — is make it harder for them to kill.

So our intelligence and law enforcement agencies can’t find every would-be mass shooter, but apparently stopping them from getting guns is somehow totally doable. Right.

Awaiting the List

Journalist Glenn Greenwald has announced plans to publish his final big leak from the Snowden files: A list of U.S. citizens that the NSA has spied on. Naturally, this raises a very important question: Am I on the list? ‘Cause it would really help my badass libertarian rep if I was. I’m just beside myself with excitement!

Truthfully, I doubt they’ve ever spied on me, except to the extent that they’ve spied on everyone, such as phone call metadata. Actually, I’m kind of hoping that the list will run to hundreds of millions of people — damned near everyone with a digital footprint. That would make the NSA’s contempt for privacy pretty damned clear.

But if the list is more exclusive than that, I doubt I’ve drawn their attention. However, I wouldn’t be surprised if a few of the people I know in the blogosphere have made the list. A couple of obvious candidates come to mind:

#1 by a mile is Mirriam Seddiq. She’s a Muslim criminal defense and immigration lawyer from Kandahar, Afghanistan. If the NSA isn’t watching her, they’re not paying attention.

Another likely candidate is Jamison Koehler. Jamison seems mostly harmless, but his wife Susan Burke likes to stir up some shit, and she travels overseas to do it.

Beyond that, I follow a bunch of criminal defense lawyers who probably make a lot of trouble between them — Mark Bennett, Norm Pattis, Rick Horowitz, PDgirl, Matthew Haiduk, Matt Brown, Gideon, the Squawk, the list goes on and on — but they mostly do state work, which I’m guessing wouldn’t draw a lot of attention from the national security types at the NSA. But maybe Scott Greenfield… He does federal work and used to represent drug dealers, and we know the NSA was feeding information to the DEA. Scott is also friends with Lynne Stewart, a defense lawyer who was prosecuted in connection with her defense work for some accused terrorists. If he had contact with her during that time, he could be on the list. Besides, it wouldn’t be the first time the feds spied on Scott.

After that, I don’t know. I’d like to think all us libertarians are on the government’s list, since we hate it so much — maybe Jennifer Abel for all the shit she says about the TSA or anyone at Reason because they despise both parties — but the truth is I suspect nobody in the government regards us as a threat. It kind of hurts my feelings.

(There is, of course, the hive mind that is Popehat. Between Clark’s libertarian ranting and Ken’s federal criminal work, maybe the hat made the list.)

The thing is, if the NSA is spying on libertarian writers like me, it’s an invasion of privacy in service to a witch hunt. That’s pretty bad, but it’s nothing compared to what it means if they’re spying on people like Mirriam Seddiq or Scott Greenfield or any of the other people for whom opposing the will of the government isn’t just a political leaning but their whole professional calling. And if the government has been spying on privileged lawyer-client communications, it raises a lot of disturbing possibilities.

I suppose it’s unlikely that anyone I know will make the list. But if they do, I expect they’ll be really angry.

Nearly Setec Astronomy

Holy crap.

I’m still reeling from the latest revelation to come from Edward Snowden:

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

This goes far beyond anything I was speculating about a few weeks ago. They don’t mention compromising a CA, but given the scope of the programs revealed yesterday, compromising multiple certificate authorities would be just one small part of the NSA’s assault on privacy. And they really do think of our privacy as the enemy:

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.

Here’s how the Guardian article describes what the NSA has been doing:

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.

If I understand the revelations correctly, this doesn’t describe a single program so much as a strategy.

Cryptography is based on math. The broad idea is to find classes of math problems that are that are easy to solve if you have a hint. Encryption then consists of two steps: Generating a random math problem in this class, and then taking plaintext data and transforming it into ciphertext in such a way that the reverse transform back into plaintext will require you to solve the math problem. Since the problem is much easier to solve with the hint, having the hint is like having the key to unlock a door, and this hint becomes the decryption key.

For example, our math problem might involve rotating letters around the alphabet, transforming each letter into, say, the 5th letter after it. A becomes F, B becomes G, Z rotates around to become D, and so on. The decryption is just the reversal: F becomes A, G becomes A, and D rotates back around to become Z. In this example, the class of math problems is rotation around the alphabet, and this particular math problem is based on rotating 5 steps.

Now if I give you a string such as “BNSIDUZSINY” and tell you that it has been rotated by some number of characters, the only way you can decode it is to try all 26 possible rotations and see if any of them make sense. This will take you, on average, 13 tries. Since it is 11 letters long, you will do a total of 143 rotations, on average, to decode it.

On the other hand, if I also tell you that the number of characters it has been rotated is 5, then it will only take you one try — 11 rotations — to decode it to “WINDYPUNDIT”. In other words, by having the hint “5”, you can decrypt it 13 times faster than without the hint. This hint is our decryption key.

Real encryption systems, such as the ones protect your bank’s website, are based on the same principle, but the math problems are much more complicated, and instead of a 13-to-1 advantage to having the decryption key, it’s more like a 13, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000, 000 – to – 1 advantage.

Even if you could convert all the matter in the entire known universe into cloud computing, using any computing technology we know of, you couldn’t try all those keys before the stars burnt out. (Not that there are stars anymore, because you’ve converted them to computers.)

Of course, nobody seriously trying to attack modern public-key encryption will actually try to brute-force it; that would be impossible (unless the key is really tiny). Instead, they try to look for shortcuts that solve the math problem by something other than brute-force guessing. After all, if the problem collapses from impossible to trivial when you have the hint (the decryption key) maybe there are intermediate non-trivial but non-impossible solutions that can be found through analysis of the encrypted data.

Much of internet-based security depends on the RSA algorithm, and there are no known attacks on RSA that improve on brute force enough to make it seriously insecure. On the other hand, nobody has proven that such attacks don’t exist.

Public key encryption algorithms are that complex and that hard to crack because they were designed to be. It’s why they’re secure.


The design process is done by humans, often in the form of standards documents, and this latest document dump from Snowden reveals that some of those humans work for the NSA, and some of them have been secretly making design choices in standards documents that make the encryption weaker.

Some of this may be obvious, in the form of performance trade-offs. Encryption with 2048-bit keys requires more computing power than 1024-bit keys, and since even 1024-bit keys are currently secure, why not use the smaller key and save computing power? Other ways to weaken encryption maybe be a lot less obvious. Cryptography experts have often questioned the reasoning behind some strange decisions by the standards bodies, and subornation by the NSA could explain some of them.

Furthermore, although cryptographic algorithms are math, practical implementations of encryption systems require more than just the encryption algorithm — you have to generate the keys, distribute the public keys, encode the data, and so on — and a lot of that can introduce vulnerabilities. For example, some RSA public keys are inherently weak, so a good implementation has to test each key for these weaknesses and discard keys that don’t pass. Other times, weaknesses in the key generations can produce collections of keys that have mathematical relationships that can be exploited, so that an attacker who collects enough keys from the weak generator can crack all the related keys.

Again, encryption implementations are more than just math, they are code. And the latest Snowden revelations reveal that the NSA has been working with the major technology companies to make sure the code further weakens the security of our encryption systems. There have been convincing allegations of such attacks in the past, and Snowden is claiming that other encryption systems have been compromised as well.

Finally, the Snowden documents mention some sort of breakthrough that makes it easier for the NSA to crack Internet encryption. It’s possible this is some sort of improved attack on the RSA algorithm, or some other part of the encryption process. Bruce Schneier has seen the Snowden documents, and he says the RSA algorithm is still secure, but the NSA has undermined everything around it.

Between these three strategies — undermining standards, undermining code, and some kind of cryptographic breakthrough — it’s possible that the NSA has significantly reduced the practical difficulties of cracking RSA as used in the real world. Even if decryption without the key remains a billion times harder than with the key, those supercomputers mentioned in the quote above could probably crack them in a time frame of seconds to minutes.

In addition, they apparently have built themselves a huge toolkit for compromising computing systems, and people smarter than me say they can probably get into any computer on the internet if they try hard enough. It’s not so easy that they can do it to more than a small fraction of the world’s computers, and it’s risky because they could get caught, but

These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

Then, once the NSA gets into a computer, they can search it for private decryption keys. Lots of good it does to use SSL or PGP if the NSA can copy the keys and certificates off your computer and throw them to a cloud of 100,000 computers to brute-force your password. Or they can compromise your computer’s encryption software to weaken it, then intercept and decrypt the data stream out on the Internet. They may also have broken into the Certificate Authorities’ computers and stolen the signing keys, allowing them to conduct man-in-the-middle attacks.

All of this leaves me feeling somewhat conflicted. On the one hand, I’m a techno-geek, and what the NSA has done is damned impressive. This is as close as we’ve come in the real world to Setec Astronomy, and it’s an awe-inspiring accomplishment of breathtaking scope.

On the other hand — although the major media doesn’t seem worried about it, judging by the lack of coverage — the NSA has essentially destroyed the trusted framework of the internet. Not just the parts of it used by terrorists, cybercriminals, and human traffickers, but all of it, from the secure website where you do your banking, to your medical records, to Gmail, Facebook, and Twitter.

The documents seem to claim that the NSA’s subversions don’t weaken security unless we know what the NSA knows about them:

“These design changes make the systems in question exploitable through Sigint collection … with foreknowledge of the modification. To the consumer and other adversaries, however, the systems’ security remains intact.”

That sounds just like something the NSA would do. They’re trying to balance their espionage role of spying on everyone’s communications with their counter-espionage role of securing American communications. The problem is that we’re all on the same global Internet — everyone uses the same technology and everyone talks to everyone else — so those goals collide head-on: The NSA wants to have back doors through the encryption, but they don’t want anyone else to use them, so they poke holes in the security, and then they make those holes as secure as they can.

There are two problems with that. The first is technological: If the NSA has weakened the security technology of the internet, then we’re all using weaker security technology. We all become more vulnerable because of that.

However, even if the NSA has taken great pains to ensure that other adversaries cannot easily benefit from the backdoors they’ve installed, they’re still going to run into the second problem: People. The people making up the NSA are fallible and flawed, and subject to failure and indiscretions. Some of them probably have evil intentions.

One of the NSA slides describes a part of this program as “Extremely fragile.” That may be, but even worse than that, it’s brittle: All it would take is for someone to leak detailed information about the NSA’s subversion of Internet security, and then other intelligence agencies could do it. It’s the cyber equivalent a corporate security officer who puts steel doors with $1000 electronic locks on 100 offices but keeps a copy of the master key locked in his desk. Thieves who want to rob the place blind don’t have to break through 100 locks, they only have to break through one. Anyone who can compromise the NSA can compromise the Internet.

And we know the NSA is compromised. The proof is that we’re reading about this right now. Edward Snowden has taught the NSA a brutal lesson in the hazards of brittle security systems. As the Director of National Intelligence, James R. Clapper, says:

The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.

I think “outweighed” is not his place to decide, but I’m sure he’s right about the damage. Our national enemies have learned of our ability to spy on them, and they will change their behavior to get out from under NSA surveillance. This is a devastating blow.

I actually feel bad for the NSA about this. An awful lot of very smart people with good intentions have done a lot of hard work, and they’ve accomplished something rather amazing: Making most of the internet transparent, at least to the U.S. government. Depending how our adversaries respond, Edward Snowden has destroyed much of their work. Hundreds of millions of dollars worth of effort down the tubes. Maybe more.

But again, the problem is people. Snowden is not the guy who has stolen the NSA’s secrets. He’s just the only guy who has stolen NSA secrets that we know about.

I mean, what are the chances that the only person who has ever walked this information out the door of the NSA is an outside contractor with idealistic tendencies? It’s starting to look like the NSA didn’t even know he took this stuff until he started dumping it to the world media. If somebody else walked out with another thumb drive and sold it to the Russians and the Chinese, is there any way we could even tell? Our nation’s enemies could have had this information for years before we heard about it.

Then there are the internal enemies. We already know from other leaks that NSA personnel spy on their friends and lovers, so why wouldn’t they compromise corporate computing facilities and sell trade secrets to the highest bidders? Why wouldn’t they read an opposing political party’s email? High-security activities are a breeding ground for misbehavior because of the lack of transparency. I’m sure the NSA has its share of the kind of grasping megalomaniacs that seem to populate middle and upper management throughout industry and government, and the NSA provides them with an opportunity to operate with relatively little oversight.

We also have to worry about the kinds of internal enemies that the NSA doesn’t even think of as enemies, such as other government agencies with totalitarian leanings. We already know they share information with the DEA, which then goes on to arrest people based on the information and then lie to everyone about where they got it. The NSA may be a pure intelligence agency, but at this point the DEA is pretty much the American equivalent of the Taliban, invading homes and locking people in cages out of a near-religious conviction that they’re doing something wrong. The United States has the highest percentage of it’s population in prison of any country in the world, and the NSA is helping it jail even more.

I keep coming back to Clapper’s invocation of “terrorists, cybercriminals, human traffickers…” Why is that third item on the list? It seems like a basic appeal to the moral panic of the day. Granted, human trafficking is a real problem, yet when government agencies talk about trafficking, they almost always mean sex trafficking, which they conflate with ordinary prostitution and other sex work. So now I’m imagining an NSA Human Trafficking department that breaks into escort web sites…Polish Princess sure sounds like it’s full of foreign nationals, right? It seems like the NSA are already thinking of themselves as a program in search of a justification.

I guess what I worry about most is that the revelation of this program will severely impair the legitimate activities of the NSA by alerting our nation’s enemies to the NSA’s capabilities, but that nothing else will change. Our enemies will have learned how to hide from the NSA, but the NSA will keep right on spying on the rest of us, using whatever justification seems to work.


Heads They Win, Tails You Lose

So, a few months ago, I wrote a post about sequestration in which I said, basically, bring it on!

I had a couple of reasons for saying that. First of all, from my libertarian point of view some of the threatened cuts were pretty awesome. The Obama administration was threatening to cut federal grants to law enforcement, the TSA, Customs and Border Protection, and especially the DEA. Lower federal spending through laying off government thugs. What’s not to like?

Second, I wanted to call Obama’s bluff. In addition to the law enforcement cuts, his press release also claimed that it would cut things like support for economically disadvantaged families, special education, homeless veterans and the mentally ill, and vaccination programs for children. It seemed to me that Obama was threatening to take hostages:

Let’s put that in perspective. At the beginning of the year, the federal government unceremoniously (and with surprisingly little debate or media coverage) increased payroll taxes by 2 percent. And all over America, millions of middle-to-low income-families — anybody with earnings below the cap, really — quietly learned to live with a 2 percent cut in the family budget.

But now when the government is asked to cut its budget by about the same percentage, they say they’ll have to cut programs that help women and children, the sick and the disabled. It’s hard to interpret this as anything other than a threat.

Third, I didn’t really think it would happen. Actually, the deadlines were only a few days away, so I know the sequestration would technically kick in, but I figured Congress would do another deal to kick the can down the road for a few months, a strategy that has always served them well.

I was wrong about that last part. The sequestration happened, and so far it hasn’t been fixed. We’re going down that road, maybe with few changes until the next election.

It turns out, however, that all those dire predictions neglected to mention one very important item that would be hurt by sequestration, the federal public defenders program:

Largely out of the public view, defenders and judges say, the federal public defenders system is buckling under the effects of the $85 billion across-the-board cuts known as the sequester, threatening the integrity of the criminal justice system, which guarantees the right to a court-appointed lawyer for those who cannot afford one…

The 81 defender offices across the country, which represent 60 percent of all criminal defendants in the federal court system, have already had their budgets cut by 10 percent because of the sequester and other reductions this year and could face up to a 23 percent cut in 2014. Additional cost-cutting measures may result in a smaller cut, around 10 percent. Although the cuts are widespread across the government, public defenders say the reductions are hitting them particularly hard. Unlike other federal programs, the public defenders say, they have little fat to trim since most of their costs are for staff and rent. Just 10 percent of their budgets are devoted to expert witnesses, investigative costs and travel.

Crap. I should have seen that coming.

The amount of sequestration in 2013 is actually a small fraction of the government budget — 1 or 2 percent, depending on how you count — and it doesn’t get that much larger in 2014, so cuts of this magnitude are the result of deliberate decisions to concentrate the damage in one program. You just know that unscrupulous upper managers are using the budget squeeze as an excuse to get rid of people and programs they don’t like, so I guess I shouldn’t be surprised that they’re trying to gut the federal defender program — that only helps the bad guys avoid justice, right?

It sounds like things are pretty bad:

Already, federal defenders said they have cut back on staff members and their workloads.

Almost all offices have had to furlough or lay off workers. In Virginia, a chief public defender said he had to lay off five lawyers, about 10 percent of his staff. Two other staff members retired to help save the office money, while another voluntarily went on active duty in the military.

In Delaware, public defenders had to take 15-day furloughs. In Illinois, a public defender’s office cut two lawyers and a computer technician.

Michael S. Nachmanoff, a federal public defender for the Eastern District of Virginia, who has represented Somali pirates and illegal arms and drug dealers, said he faced a difficult decision this year when he had to choose between paying staff members or continuing a case without adequate resources.

“It really wasn’t much of a choice,” Mr. Nachmanoff said. “I’m not going to compromise the quality of a case to pay people.”

This is a terrible loss. The federal public defender program had a good reputation, built up over decades by a lot of dedicated people doing a lot of painstaking work. It will be a shame — and a threat to our freedom — if the public defense program were to end in ruin.

Scott Greenfield explains:

The emasculation of senior staff at federal defenders’ offices means that the strong cadre of lawyers will be gone, with only a barebones and less experienced (and less well-paid, and more capable and willing to work for a pittance of their pittance salary) staff remaining.  When and if things turn around, it will take years before staffing is back to adequate strength to handle its caseload, and even more years before that staff gains the experience to do its job as well as it had in the past.

Of course, if the public defenders are unable to keep up with the work due to budget cuts, there is of course an obvious solution to this problem: Reduce prosecutions. But that will never happen. You might think the sequestration cuts in the Justice Department would naturally reduce the volume of cases they bring, but politicians love law-and-order too much:

While federal defenders have had to cut back on the number of cases they handle, the Justice Department is increasing the number of cases it brings to court and also hiring staff.

Its annual budget is nearly $28 billion, compared with $1 billion for the federal public defenders program. Since both Republicans and Democrats were reluctant to hurt federal law enforcement, Congress granted the attorney general broad authority to shift money from other programs to pay for salaries and avoid furloughs.

As a result, the F.B.I., federal marshals, United States attorneys and other offices have been spared the steep job cuts predicted at the beginning of the sequester.

Still, you’d think the system would be self-regulating because of this:

The result, said lawmakers, judges and public defenders, are court delays that might violate defendants’ rights to speedy trials and could lead to the dismissal of criminal cases.

Everyone has a right to a defense, right? It takes two to tango. So if the federal defenders refuse to take more cases than they can handle, the courts will be unable to proceed, forcing prosecutors to either accept dismissals or pick and choose more carefully when they decide to charge people. Maybe that will lead to more funding for federal defenders.

Unfortunately, it doesn’t work that way. When the public defender is unable to take a case, the courts can appoint private lawyers under the Criminal Justice Act (CJA) to do the job. Although some excellent lawyers take CJA appointments out of a sense of duty, there are reasons to believe that the CJA program as a whole provides a less effective defense than full-time federal defenders. Also, following in the fine tradition of government contracting everywhere, the CJA lawyers actually cost more per hour than full-time federal defenders.

The Judicial Conference of the United States, which is responsible for the criminal defense budget, is dealing with that issue pretty much like any company facing cash flow problems:

The judicial conference announced on Aug. 16 that it would try to keep staffing of the public defenders program at current levels by delaying payments to court-appointed private lawyers and reducing by $15 an hour the rate at which they were paid.

Between the decreased fees and matters of principle, this is going to cause good lawyers to quit the program. Mark Bennett offers this explanation:

But the criminal-defense bar…gets psy­chic value from doing what it does.Even though CJA rates were already below mar­ket rates for good lawyers, good lawyers took appoint­ments in fed­eral court because it pro­vided other sat­is­fac­tions, among them the plea­sure of help­ing those whom God had for­saken, society’s strays.

I believe, as a mat­ter of prin­ci­ple, in call­ing bluffs. Criminal-defense lawyers ought to quit the CJA panel en masse, because gut­ting the defense to pre­serve the pros­e­cu­tion is wrong, and because the only way for the lawyers to keep the gov­ern­ment from cut­ting their pay and lay­ing off PDs is by refus­ing to accept it. If the gov­ern­ment wants to pros­e­cute peo­ple, it must pay to defend them; if it’s not will­ing to do so it should be forced to forgo prosecution.

There are plenty of strays I can help with­out being appointed to help them, so I am resign­ing from the CJA list.

He’s probably not the only one.

At a time when there are so many criminal laws that some lawyers estimate the average American commits three felonies a day, and our justice system already has a larger percentage of our population in prison than any other country, it’s hard to believe these budget cuts are anything other than a deliberate attempt to dismantle the public defense system and give prosecutors even more control over our lives.

Checkpoints And Despotism

So this story just makes me feel miserable:

The partner of the Guardian journalist who has written a series of stories revealing mass surveillance programmes by the US National Security Agency was held for almost nine hours on Sunday by UK authorities as he passed through London’s Heathrow airport on his way home to Rio de Janeiro.

David Miranda, who lives with Glenn Greenwald, was returning from a trip to Berlin when he was stopped by officers at 8.05am and informed that he was to be questioned under schedule 7 of the Terrorism Act 2000. The controversial law, which applies only at airports, ports and border areas, allows officers to stop, search, question and detain individuals.

The 28-year-old was held for nine hours, the maximum the law allows before officers must release or formally arrest the individual. According to official figures, most examinations under schedule 7 — over 97% — last under an hour, and only one in 2,000 people detained are kept for more than six hours.

Miranda was released, but officials confiscated electronics equipment including his mobile phone, laptop, camera, memory sticks, DVDs and games consoles.

The UK isn’t exactly known for respecting free speech, but this kind of intimidation is petty tyrannical crap.

And this detail in HuffPo‘s coverage didn’t help my mood:

Miranda was coming from Berlin, where, the Guardian said, he had stayed with Laura Poitras, the filmmaker and journalist who, along with Greenwald, has been at the center of the storm surrounding NSA leaker Edward Snowden. Ironically, Poitras, whose work usually involves sensitive national security issues, re-located to Berlin from America because she had grown tired of being constantly detained and questioned at airports.

Well isn’t that just great? Germany is the former homeland to the Gestapo and the Stasi, but now people are leaving my country to go there because the security goons manning our checkpoints are worse.

And while I was reading that other stuff, I stumbled across an Alan Dershowitz quote about Greenwald from a few weeks ago. Now is it all in my imagination, or was there a time when Dershowitz supported civil liberties? I notice that his official website’s list of his books omits two of his earliest books that helped shape my attitude towards criminal defense and civil liberties: The Best Defense and Taking Liberties. That Alan Dershowitz would have hated the Alan Dershowitz who says crap like this:

Dershowitz, for his part, insisted there is no gray area:

“Well, it doesn’t border on criminality – it’s right in the heartland of criminality. The statute itself, does punish the publication of classified material, if you know that it’s classified,” explained the guest. “Greenwald – in my view – clearly has committed a felony.”

Continuing his assessment of the reporter, Dershowitz held little back:

“Greenwald’s a total phony. He is anti-American, he loves tyrannical regimes, and he did this because he hates America. This had nothing to do with publicizing information.”

I’m not a huge fan of Greenwald’s, but I think he hits it on the head in his response:

This is obviously a rather profound escalation of their attacks on the news-gathering process and journalism. It’s bad enough to prosecute and imprison sources. It’s worse still to imprison journalists who report the truth. But to start detaining the family members and loved ones of journalists is simply despotic.

Pretty much.

Nuclear Terrorism Espionage

In the early days of the Usenet distributed bulletin board system, some of us used to include random  collections of suspicious-sounding keywords in everything we posted (usually in the signature block). We did this because we were paranoid enough to assume government agencies were watching everyone’s posts, and we thought it would be funny to sneak tons of spurious messages through their keyword filters.

Eventually, I gave up. Not because I thought they weren’t watching — an FBI agent had already told me they were — but because it seemed kind of pointless in the modern internet. Government agencies were less likely to spy on private email messages or social networking clusters.

But I could be very wrong about that, as revealed in a jaw-dropping Washinton Post story by  Barton Gellman, Laura Poitras, Julie Tate, and Robert O’Harrow Jr. It turns out the government is spying on our internet traffic rather a lot.

The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document obtained by The Washington Post.

The program, code-named PRISM, has not been made public until now. It may be the first of its kind.

My condolences to the NSA. For an intelligence agency, it really sucks to have your sources and methods exposed, let alone splashed all over the news.

How did this program come about?

Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.

In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to occasionally certify that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.

Is the program vulnerable in any ways?

Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM’s most sensitive secret, fearing that they would withdraw from the program if exposed. “98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don’t harm these sources,” the briefing’s author wrote in his speaker’s notes.

Oh, well then I guess this exposure really sucks.

Analysts who use the system from a Web portal at Fort Meade key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test.

I’ll say.

Training materials obtained by The Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report but add that “it’s nothing to worry about.”

Well, not for the analysts. But the rest of us should probably be worried.

Say, what happens to all that non-foreign data? You know, the stuff of ours that the NSA is not supposed to have?

Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.), who had classified knowledge of the program as members of the Senate Intelligence Committee, were unable to speak of it when they warned in a Dec. 27, 2012, floor debate that the FISA Amendments Act had what both of them called a “back-door search loophole” for the content of innocent Americans who were swept up in a search for someone else.

“As it is written, there is nothing to prohibit the intelligence community from searching through a pile of communications, which may have been incidentally or accidentally been collected without a warrant, to deliberately search for the phone calls or e-mails of specific Americans.”

What sort of data can they get?

There has been “continued exponential growth in tasking to Facebook and Skype,” according to the PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”

According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

I hope everyone is as outraged as I am.

In conclusion, I would just like to say uranium, FBI, phosgene, isopropyl alcohol, vengeance, knives, Khalid Sheikh Mohammad, ethanol, soman, sovereign citizen, World Trade Center, terrorism, killing, sarin, guns, militia, death, Julian  Assange, pseudoephedrine, Semtex, trinitrotoluene, Don’t Tread On Me, VX, Timothy McVeigh, Golden Gate Bridge, ANFO, Turner Diaries, tabun, marijuana, anthrax, Area 51, cobalt, RDX, plutonium, Treasury  Department, NSA, P2P, arsenic, botulinus toxin, chlorine, ricin, Ramzi Yousef, Pentagon, Posse  Comitatus, heroin, bombs, stinger, IED, C-4, Willis Tower, diisopropylaminoethanol, Empire State  Building, Homeland Security, crack, phosphorus trichloride, Jihad, methylphosphonyl difluoride, Bradley Manning, Al-Qaeda, isopropylamine, claymore, CIA, cyanide, smallpox.