The past few months in photos, minus all the computers

Roadblocks en route to the world’s thinnest watch

CT Blue_Sky_Watch_05.JPGChicagoan Jerry O’Leary, wearing the watch he designed and helped engineer—the world’s thinnest. His company is called Central Standard Timing. Photo by Zbigniew Bzdak, used with permission from Chicago Tribune.

A year ago, when I read news stories on the Kickstarter hardware phenomenon of the millimeter-thin watch, I latched onto the catchy company name and the care taken to design the font used on the watch’s curved face.

Little did I know, I’d write a little blurb about these cats and what they’ve gone through, for the Tribune’s Blue Sky project.

Jerry made the process sound grueling. I got the sense he wasn’t trying to dissuade competition, but truthfully discuss the work involved. Still, I probably would have made the same choices he did.

That is, if I knew how  to engineer electronics.

eBay entrepreneur could make the powerful and corrupt shiver

If the stories are saying what I think they are, one of the biggest barriers to doing important journalism—heavy security protecting your sources and research—will soon be less about cobbling together your own ragtag system and more about buying into a proven solution.

Let’s just hope they open the source code.

I’m excited about Greenwald and Omidyar’s new organization for its journalism potential, but even more excited about the fact that it’s getting into the “technology” business to produce tech for “new media.” That’s so incredibly vague, but I suspect it’ll be looking to fill the need for end-to-end-secure products that are easy enough for everyone to use.

For example, PGP (the widely used e-mail encryption scheme) works, and is fun for those who use it, but I posit that’s in part because it has such a small user base. It’s like you’re in a little club. And in fact, the not-insignificant setup work and learning curve can fuel a nice smug attitude with every use.

It shouldn’t be this way. If everyone encrypted their communication, corporations and governments wouldn’t be developing the huge profiles on us that they do. (If you don’t care about that, read this right now, then return if you’d like.) Lots of folks wish for the ability to evade the dragnet—and journalists NEED to—so I figured it was only a matter of time before someone capitalized on these gaps.

(Of course, PGP is only good so far as the NSA doesn’t have quantum computing, which it looks like they don’t at the moment…and so far as they don’t keylog everyone, or in particular, YOU. I hope First Look Media makes some software that detects and eludes keyloggers.)

What are the gaps as I see them? I already mentioned encrypted e-mail and keylogging. (OTR chat is pretty easy enough already.) To head off the potential fall of RSA, they could ramp up the development of elliptic curve cryptography. They could get into making whole-drive encryption systems that rely on both hardware and software-level encryption. I suspect they could develop software (free software as a loss-leader??) that helps folks pick strong, easy-to-remember passwords. They could use Poitras’ experience in mail drops and drive-wiping to create systems for that with less friction.

I don’t think they could compete with LastPass or 1Password. I don’t think they could compete with Freedom of the Press Foundation’s SecureDrop system for anonymous submissions. They could manufacture extremely cheap burner phones whose cases decompose in landfills when you toss ’em. If the battery were easier to disconnect, people would be more inclined to do that whenever they weren’t using it. No GPS transponder, obviously, but tower triangulation is a problem. I wonder if there’s software akin to TOR that could mask what towers your signal is going through. (hint hint)

Seriously, the opportunity for providing secure systems to journalists, in particular, is huge. After the past year’s disclosures, inkbloods are shaking in their boots.

In a few years, if journos like me are armed with the right tools, I suspect any sufficiently corrupt politician or corporate executive will be doing the same.

A judge rules

It’s not the last word, but a hint of rulings to come. Below are excerpts from the Times’ story about a federal judge ruling against one NSA data-siphoning program.

In a statement distributed by the journalist Glenn Greenwald, who was a recipient of leaked documents from Mr. Snowden and who wrote the first article about the bulk data collection, Mr. Snowden hailed the ruling.

“I acted on my belief that the N.S.A.’s mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts,” Mr. Snowden said. “Today, a secret program authorized by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”

Though long and detailed, the ruling is not a final judgment, but rather a request for an injunction to stop the data collection while the plaintiffs pursued the case. It turned on whether there was a substantial likelihood that they would ultimately succeed and whether they would suffer substantial harm in the meantime.

But Judge Leon left little doubt about his view.

(Among other things, the judge stated the following)

“…it is significantly likely that on that day, I will answer that question in plaintiffs’ favor.”

I’d be at risk of re-posting the entire article if I were to paste more. But there’s more juicy stuff to be read—particularly about how effective the judge thinks the programs have been at thwarting terrorism—so head on over and read it.

Business cards

business card front

I’m excited about my new business cards, created with design help by my friend Matt Albacete. Here’s the back:

business card back

My name is set in different versions of the typeface ZXX, all designed by a former NSA staffer to thwart optical character recognition. And yes, it’s purely for show.

But the security suggestions aren’t.

With some 91 percent of American adults keeping cell phones mostly on their persons, effectively everyone’s full-time location data is gathered and stored by your carriers and the government. To boot, sophisticated software analyzes who crosses paths with whom. Unless we adopt practices formerly considered crazy-paranoid, whistleblowing will become a thing of the past.

And the cash-for-transit reference? That’s because it’s hard to be anonymous in a car when automatic license plate scanning is so ubiquitous. Even public transit anonymity is going down the tubes—in Chicago, anyway—with new payment systems that penalize you (75 cents tacked onto each $2.25 ride) if you don’t use the card that’s tied to your identity.

With my journalism work, I’ll have to pay the premium. You should, too.

 

SecureDrop in my house? You’d never know.

image

I’m well on my way to the prerequisites to install SecureDrop, the new anonymous submission system for those who would receive and publish things that might endanger the sender.

Originally coded by the late Aaron Swartz with help from Kevin Poulsen, the Freedom of the Press Foundation has taken up the mantle, updated the code and provided instructions for creating one’s own system.

Long live the whistleblower.