Tales from the crypt(-oparty)

April.9.2015April.30.2015 / paladin1787 / 2 Comments

My story on Chicago’s CryptoParty scene appeared on the cover of the Chicago Reader last week.

Thanks for reading, folks. It’s a long piece, so if you get through it, kudos to you. And bravo if you somehow manage to not get lost as you go, with all the techno-terminology. We tried to make it as friendly to novices as we could. Especially the sidebar, about helpful tools.

I guess this makes me Chicago’s crypto educator in chief?

I’d like to paste below a few sections that got cut from the final story. The Reader editors know: people just don’t read long, meandering pieces anymore. It’s either solidly on-topic or people click away.

About the psychological science behind surveillance:

Psychological studies bear out the detriments of surveillance. Knowing or suspecting that you’re being watched definitely changes a person’s behavior, according to several controlled, peer-reviewed studies. Stress and anxiety tend to rise under surveillance, according to a 1996 study in the Journal of Applied Psychology. And job performance suffers under constant watch, according to a 1992 study in the journal Applied Ergonomics. (While anyone with a helicopter boss could tell you that, a proper study isolated that cause from other potential factors.)

And since the 1950s, psychologists have known that surveillance encourages social conformity in a person even when their larger social group is “obviously wrong,” writes the neuroscientist Chris Chambers, in an article in The Guardian.

About the applications of crypto to whistleblowing:

Conversations at CryptoParty often revolve around government transparency and corporate accountability. Many planners and attendees use freedom of information laws to demand answers from public entities. Their questions are often, but not always, about surveillance. (Institutional racism comes in at a close second.)

But as a transparency tool, the Freedom of Information Act is limited. No one can prove whether an agency is withholding something. There are no audits of FOIA offices or officers. Even if you sue, as I have, judges simply take an agency at its word that it gave you everything it found—and that it searched in all the possible places.

And what about all the things we scribes don’t think to ask, or won’t know to ask? That stuff will only see the light of day if whistleblowers choose to tell someone outside their offices. And in the private sector, forget about it—unless a whistleblower tries to tell the public about a hidden danger. Cryptography can protect whistleblowers’ identities when the government won’t.

If a whistleblower tries to tell the public about a hidden danger, cryptography can protect their identity when the government won’t. These days, governments seem a lot more interested in punishing whistleblowers than protecting them. Just ask John Kiriakou, who, when asked to be a part of the CIA’s torture program, instead blew the whistle on it. Or William Binney, who built the NSA’s surveillance apparatus after 9/11 and saw it get out of hand. Binney narrowly avoided jail. Kiriakou spent time in prison for his classified leaks. Former General David Petraeus, part of Washington’s “in crowd,” was fired for leaking classified information but has not faced any charges.

eBay entrepreneur could make the powerful and corrupt shiver

January.10.2014 / paladin1787 / Leave a comment

If the stories are saying what I think they are, one of the biggest barriers to doing important journalism—heavy security protecting your sources and research—will soon be less about cobbling together your own ragtag system and more about buying into a proven solution.

Let’s just hope they open the source code.

I’m excited about Greenwald and Omidyar’s new organization for its journalism potential, but even more excited about the fact that it’s getting into the “technology” business to produce tech for “new media.” That’s so incredibly vague, but I suspect it’ll be looking to fill the need for end-to-end-secure products that are easy enough for everyone to use.

For example, PGP (the widely used e-mail encryption scheme) works, and is fun for those who use it, but I posit that’s in part because it has such a small user base. It’s like you’re in a little club. And in fact, the not-insignificant setup work and learning curve can fuel a nice smug attitude with every use.

It shouldn’t be this way. If everyone encrypted their communication, corporations and governments wouldn’t be developing the huge profiles on us that they do. (If you don’t care about that, read this right now, then return if you’d like.) Lots of folks wish for the ability to evade the dragnet—and journalists NEED to—so I figured it was only a matter of time before someone capitalized on these gaps.

(Of course, PGP is only good so far as the NSA doesn’t have quantum computing, which it looks like they don’t at the moment…and so far as they don’t keylog everyone, or in particular, YOU. I hope First Look Media makes some software that detects and eludes keyloggers.)

What are the gaps as I see them? I already mentioned encrypted e-mail and keylogging. (OTR chat is pretty easy enough already.) To head off the potential fall of RSA, they could ramp up the development of elliptic curve cryptography. They could get into making whole-drive encryption systems that rely on both hardware and software-level encryption. I suspect they could develop software (free software as a loss-leader??) that helps folks pick strong, easy-to-remember passwords. They could use Poitras’ experience in mail drops and drive-wiping to create systems for that with less friction.

I don’t think they could compete with LastPass or 1Password. I don’t think they could compete with Freedom of the Press Foundation’s SecureDrop system for anonymous submissions. They could manufacture extremely cheap burner phones whose cases decompose in landfills when you toss ’em. If the battery were easier to disconnect, people would be more inclined to do that whenever they weren’t using it. No GPS transponder, obviously, but tower triangulation is a problem. I wonder if there’s software akin to TOR that could mask what towers your signal is going through. (hint hint)

Seriously, the opportunity for providing secure systems to journalists, in particular, is huge. After the past year’s disclosures, inkbloods are shaking in their boots.

In a few years, if journos like me are armed with the right tools, I suspect any sufficiently corrupt politician or corporate executive will be doing the same.

Business cards

December.14.2013 / paladin1787 / Leave a comment

I’m excited about my new business cards, created with design help by my friend Matt Albacete. Here’s the back:

My name is set in different versions of the typeface ZXX, all designed by a former NSA staffer to thwart optical character recognition. And yes, it’s purely for show.

But the security suggestions aren’t.

With some 91 percent of American adults keeping cell phones mostly on their persons, effectively everyone’s full-time location data is gathered and stored by your carriers and the government. To boot, sophisticated software analyzes who crosses paths with whom. Unless we adopt practices formerly considered crazy-paranoid, whistleblowing will become a thing of the past.

And the cash-for-transit reference? That’s because it’s hard to be anonymous in a car when automatic license plate scanning is so ubiquitous. Even public transit anonymity is going down the tubes—in Chicago, anyway—with new payment systems that penalize you (75 cents tacked onto each $2.25 ride) if you don’t use the card that’s tied to your identity.

With my journalism work, I’ll have to pay the premium. You should, too.

Information anarchy as naiveté?

October.21.2013October.21.2013 / paladin1787 / Leave a comment

Below I’ve copied an excerpt from an Esquire piece mostly about Deric Lostutter, the primary Anonymous member behind “hive justice” actions in Steubenville.

I may not agree with the columnist’s every sentiment. But he implies a good question: what steps need to be taken before whistleblower-type reporting—easier than ever these days—sees the light of day? What does wisdom actually mean in this space? Surely governments need secrets to function. But aside from the truly vile ones, most secrets ride the fence as to which might offend the public. So we, reporters and editors, have to make the call; we’re judges and juries now more than ever before.

I’ve been thinking about all this for a long time, more than most journalists, and I still feel under-qualified.

Since the convictions of the Steubenville football players, elite media outfits like The New Yorker have reviewed the story and criticized the bloggers and activists for getting things wrong. And the real problem with these new democratic voices, as Marshall McLuhan predicted, is a function of the medium that makes them available to us. Many of the WikiLeaks cables showed professional diplomats ignoring corruption in the countries where they were stationed, for example, something that should shock only children. The Snowden documents have revealed more troubling secrets about the NSA’s espionage programs and the fate of privacy in the networked world, but Snowden himself spouts the same immature anarchist clichés as Julian Assange, that the governments of the world must stop trying to keep secrets and maintain order and simply allow “maximal diversification of individual thought.” The technology democratizes information, and a little bit of technical sophistication gives you a power that no twenty-five-year-old could have dreamed of before. But technology doesn’t give you wisdom. The information-is-free idealists depend on maintaining a certain naivete about how the world really works, which seems to be a result of lives lived online — sitting at home on their sofas, detached from a tangible sense of real-world consequences, they blunder into our worlds with results we cannot anticipate. This will not stop. It is the world we live in today.

Smart commentary

October.18.2013October.18.2013 / paladin1787 / Leave a comment

One of my favorite journalists—one I hope to meet some day—Mort Rosenblum. Photo thanks to the International Journalism Festival, whose chroniclers used a Creative Commons license.

I read Rosenblum’s book shortly after its release a few years back. What a great piece of wisdom. Wisdom: that’s what journalism (and by necessity, journalists!) needs these days. It’s gratifying, then, to learn that Mort has a keen interest in all the NSA reporting of late by Poitras-Greenwald. Or Greenwald-Poitras. Whatever.

Rather than preach to the choir (have you seen my contact page, called Blowing The Whistle?), after the break I’ll offer some of Rosenblum’s recent thoughts, posted without fanfare on the Facebook page of his educational organization.

I think Greenwald’s new outlet needs to hire Rosenblum. And then me.

Continue reading →

Brandon Smith

accountability journalism

NSA