As virtually everyone is aware, the Internet has changed the way people do business and how they live their lives. It has also changed the way people do activism.

Gary Franchi, who helped Aaron Russo found Restore The Republic in 2007, spoke at the 2009 New Hampshire Liberty Forum on how to use Internet technologies for political activism.

Along the way, he also explained his relationship to award-winning filmmaker and libertarian political activist Aaron Russo, and how, despite being an outspoken activist who regularly questions the government, he got a top secret security clearance.

“I recently went to a top secret military facility called the National Reconnaissance Office,” Franchi said during his speech. Reading from a book, Top Secret Tourism, which explained that the NRO “coordinates all of America’s spy satellite operations,” he said that he had been invited to a retirement party being held at the NRO, but needed a security clearance to get in.

“It was really weird,” he said. “The security to get in that building was less than the TSA at the airport.” Franchi went on to say that if someone like him could get a security clearance, then “what’s to be afraid of? . . . Don’t have any fear about what you do.”

Franchi explained several ways for activists to use Internet technologies such as forums, social networking sites, and more, to advance activism. I’ll let you watch the video to judge them for yourself.

You haven’t done anything wrong, so why should you worry about surveillance? It was Cardinal Richelieu who said, “If you give me six lines written by the most honest man, I will find something in them to hang him.” The United States doesn’t hang innocent people any more, but it certainly does imprison them by the millions, and occasionally does kill them.

So why worry about surveillance, if you are honest? As the Miranda saying goes, anything can be used against you in a court of law. Law enforcement’s job is to come up with things to use against you, and the most innocent bits of data, combined together in ways you might not expect, can paint the most honest, innocent person as a criminal. Someday you could find yourself on trial for a crime you never committed, for instance, or you could be detained for hours every time you try to board an airplane or cross the border.

Last week the Electronic Frontier Foundation launched its Surveillance Self-Defense project, an online guide for protecting your private data against government spying. EFF created the guide, it said in a news release, “to educate Americans about the law and technology of communications surveillance and computer searches and seizures, and to provide the information and tools necessary to keep their private data out of the government’s hands.”

After all, data the government doesn’t have can’t be used against you. I presume, of course, that you are innocent of wrongdoing, and it is for innocent people that this guide is designed: activists who use their First Amendment rights to lobby for changes in government policy, for example, or ordinary Americans who get caught up in a criminal investigation due to a computer error, or simple human mistake such as police serving a warrant at the wrong house. Unfortunately this sort of thing happens far too often.

“Despite a long and troubling history in this country of the government abusing its surveillance powers, most Americans know very little about how the law protects them or about how they can take steps to protect themselves against government surveillance,” said EFF senior staff attorney Kevin Bankston. “The Surveillance Self-Defense project offers citizens a legal and technical toolkit with tips on how to defend themselves in case the government attempts to search, seize, subpoena or spy on their most private data.”

The site explains the law in the United States as it applies to what data the law enforcement and intelligence communities can obtain about you and how they obtain it. It then covers in depth how to protect your personal data on your computer, as it is in transit over the Internet, and while it is held by third parties. Importantly, it also provides an easy to understand overview of what security is and how to assess your personal security risks so that you can implement security measures which make sense for your own circumstances. Finally it covers specific security measures and technologies which you can use to protect yourself.

I’ve reviewed the site myself and I highly recommend it for anyone who has even the slightest possibility of being targeted by the government for any reason. And, unfortunately, that means every single individual, since, but for happenstance, the next person who gets their house mistakenly raided and their dog shot to death by a SWAT team could be you. Protecting your privacy using these techniques won’t guarantee your security, of course, but it will certainly reduce the likelihood of becoming the next victim of government surveillance.

Ask Internet users what they hate more than anything else online, and invariably the answer will be spam.

I get more spam than most, and I just hit the Junk button for most of it. But when spam comes in with my real name attached, then I give the spammer a few minutes of extra attention. Usually this results in their web hosting and advertising accounts being canceled.

In the case of a spam I received Monday, it might result in someone losing his cushy federal government job.

It appears that on Monday morning someone at the Overseas Security Advisory Council came into work early, and by early I mean six in the morning, sat down at workstation “dsi200w2k3a41,” and started sending spam. The spam is typical of get rich quick schemes, advertising a Web site I won’t link to that wants $44.95 for a copy of the same web site and the ability to send 1,000,000 more spam messages per day — or 2,500,000 per hour, depending on which piece of hype you believe — to rake in $44.95 from hapless Internet users from the buyer’s copy of the site, and so on.

I don’t know what the penalties are, if any, for a federal government employee sending spam from a government computer, but I’m sure there’s a rule somewhere that covers it.

It’s possible that instead of this being an employee actively sending spam from his office computer, that it is instead a Trojan of some kind installed on the workstation sending spam. Though this raises the question of how did such a Trojan get there? Did someone put it there or were the IT staff asleep at the switch?

I contacted OSAC Monday morning and have so far received no response.

OSAC, part of the State Department’s Bureau of Diplomatic Security, exists “to promote security cooperation between American business and private sector interests worldwide and the U.S. Department of State,” according to its Web site. OSAC should start promoting security on its own internal network.

Perhaps the webmaster at Lamperd Less Lethal needs an electric shock.

The Sarnia, Ont.., based defense company told theWashington Times last week that it had removed from its Web site a letter from a Department of Homeland Security official who the department claimed was receiving death threats.

The 2006 letter, from Paul S. Ruwaldt of the DHS Science and Technology Directorate, requested information on a “Security Bracelet” which could be used for “restraint of large numbers of individuals” in “prisoner transportation, detainee control and . . . it is conceivable to envision a use to improve air security, on passenger planes.”

The letter, accompanying a video on the company’s web site which shows a theoretical use in which every airline passenger would be forced to wear a bracelet capable of delivering a powerful electric shock, received national attention a month ago after being posted on aWashington Times blog.

Many on both sides of the political fence who heard of the story were outraged at the idea of strapping an electric shock device to airline passengers. The company’s EMD Security Bracelet is capable of storing personal information about a passenger, matching each passenger to his or her luggage, tracking passengers as they move through an airport or other large area, and delivering an electro-muscular disruption to individual bracelets on command. The electric shock, more powerful than a standard Taser, is capable of immobilizing a person for several minutes.

Although DHS spokesman John Verrico said that the department was not considering using the bracelet for airline passengers, the attention resulted in Ruwaldt receiving threatening phone calls at home, and the company receiving hate mail, according to Lamperd Less Lethal CEO Barry Lamperd.

“We decided we certainly didn’t want him to get more threats, so we took [the letter] off,” Lamperd told theTimes.

Yet the letter remains on the company’s Web site as of this afternoon. It appears the company removed some links to the letter, but not the letter itself. (See for yourself: Page 1, Page 2) Despite being notified a week ago that the letter was still online, the company has not actually removed the letter and it remains available for download.

Removing the links which point to a document on the Internet doesn’t actually remove the document; it can still be accessed by anyone who knows the Web address or through any links from third-party sites and search engines. Biofilm, Inc., manufacturer of Astroglide personal lubrication products, learned this lesson the hard way last year when it leaked 260,000 customer records by publishing the records on its Web site and then blaming the search engines for doing what they naturally do.

No word on whether the bracelet will be used for the other suggested purposes of detaining illegal immigrants and transporting prisoners.

Transportation Security Administration rules are to blame for the conditions leading up to an accidental discharge of a US Airways pilot’s pistol during landing, say airline pilots familiar with the program.

On March 22, pilot James Langenhahn was stowing his Heckler & Koch USP .40, issued to him by the Department of Homeland Security under the Federal Flight Deck Officer program, while his co-pilot prepared to land the plane. As he was placing the pistol, locked in its holster, into his flight bag, it discharged a single shot which exited the left side of the plane, doing little damage.

Outside the cockpit, no one heard the gunshot, and Flight 1536 from Denver to Charlotte, N.C., landed safely. But Langenhahn has been suspended without pay, according to an airline spokesman.

Some 10,000 pilots participate in the program, which allows for pilots, co-pilots and flight engineers to carry firearms in the cockpit during flights, and according to the TSA this is the first time a gun has been discharged. But some pilots say it was an accident waiting to happen.

At issue is a highly unusual TSA requirement that pilots remove the guns from their belts and lock them up using a government-provided combination padlock before leaving the cockpit, a requirement that pilots say creates unsafe conditions.

“The pilot was trying to lock his gun and remove the holster in an airplane going 300 miles per hour in preparation for landing and the padlock depressed the trigger,” said a federal flight deck officer who declined to be identified. “TSA knew this could happen but didn’t get rid of the requirement.”

“Every other federal law enforcement officer in the air and on the ground carries his gun concealed on his person where he can control it. And he never touches it except in an emergency, because the less it is handled, the better,” said David Mackett, president of the Airline Pilots Security Alliance. “TSA’s got these pilots taking off and putting on their guns 10 times a day. It’s a recipe for disaster and that’s why no other agency does it.”

Paul Huebl, a former Chicago police officer turned private investigator, created a video which shows how the accident happened and why the TSA’s requirement is unsafe.

The holster has a hole in it through which the padlock is meant to pass. When installed, the padlock should lie behind the trigger. However, if the gun has become loose in the holster, which can happen through normal handling, the lock ends up in front of the trigger, which can cause the gun to discharge.

It’s pretty obvious that nobody who knows anything about firearms had anything to do with setting up these procedures, because they would have instantly rejected them as unsafe. James Langenhahn is to be commended, though, for ensuring the safety of his aircraft even in the face of procedures designed to make it unsafe, by following the normal firearm safety rules, to wit: Always keep the muzzle pointed in a safe direction. This is why the bullet hit nothing important as it exited the aircraft.

Pilots have been unable to criticize this arrangement publicly because the TSA had classified it; however, a group of federal air marshals met with the TSA last year to recommend that pilots carry their pistols in the same way that air marshals do, not to mention everyone else who carries a firearm safely. “We said, ‘Just use the same procedures you use for your own air marshals,’” said one federal flight officer. “How hard is that to understand?” The TSA took no action on the recommendation.

It was not clear whether the pistols issued in the FFDO program had external safeties. On the H&K USP the external safety can be removed by a gunsmith and the pistol can be delivered from the factory without it.

“We have to have the FFDO program since screeners miss so many weapons at checkpoints and air marshals will never protect more than 1% or 2% of flights,” Mackett said, adding that the TSA’s requirement has also resulted in numerous guns being lost or stolen. “But, TSA can’t continuously ignore standard procedures proven over thousands of other law enforcement officers and then blame the pilot when it goes wrong.”

Lawmakers on the House Homeland Security Committee were to be briefed on the incident this week. Perhaps the TSA can explain to Congress why it created such bizarre and unsafe firearm handling rules for airline pilots. Further, let’s hope the TSA finally takes the air marshals’ recommendation and changes these rules before the government’s stupidity gets someone killed.

The 2008 New Hampshire Liberty Forum, for me, was three action-packed, fun-filled days of meeting great people, hearing some of the best speakers anywhere, and partying hard late into the nights.

In the middle of all this I had the additional work of shooting videos and trying to get them on the Internet in some kind of reasonable timeframe. This I didn’t manage to accomplish. First, the Internet connection in my hotel room died, then my video editing software started acting strangely, (and it still is acting strangely) and to top it all off I shot so much video that I ran out of hard drive space, which meant I couldn’t render the videos from Saturday and Sunday until I got home where I left my external hard drive.

And still, when I got home I was so exhausted from running around and having fun that I simply fell asleep, meaning I missed even more fun when current.tv descended on Murphy’s Taproom last night. I really wanted to go to this, but I couldn’t have possibly stayed awake. I hear something is going on there tonight, which I will certainly attend. And then there’s Tuesday, the day of the primary here in New Hampshire, a long day of getting people to the polls and then a victory party with Ron Paul in the evening.

So the fun isn’t over yet, but I want to take a moment to recap the Liberty Forum. Thursday night I met up with a nice and attractive young woman and Ron Paul supporter from Texas who is planning to move up to New Hampshire for the Free State Project. We spent some time in my hotel room watching the Iowa caucus returns and heckling Barack Obama. I was up until around 3 in the morning. And that was a relatively quiet evening compared to the rest of the weekend.

That night there were literally dozens of people wandering around the hotel openly carrying their sidearms, something we freedom lovers like to do whenever possible. It appears that some of John McCain’s staff, who were also staying in the hotel, complained, and the hotel asked us not to openly carry them. After hearing that, some people disarmed themselves, but most, including myself, simply concealed their firearms.

I was so upset after hearing this that Friday morning I filmed one of the McCain staffers and immediately put that online, with my own complaint about McCain’s apparently not caring about our Second Amendment rights. From that point through the rest of the weekend, McCain’s staff avoided everyone with a camera that they could, and at one point on Saturday night physically shoved one videographer out of the elevator that McCain was in.

Friday I watched the opening ceremonies and then rushed through lunch so I could get back and upload the videos I’d already shot. Then I took a nap and managed to miss all the afternoon panel sessions. I’m kind of upset about this because I really wanted to hear Peter Christ from Law Enforcement Against Prohibition and a couple of the other Friday afternoon sessions. But I woke up in time for the cocktail hour and the dinner and keynote address from Bernard von NotHaus. Excuse me, Captain Roughseas.

After his address, I took some people from the New York City Meetup group to Murphy’s Taproom where a few hundred Operation Live Free or Die activists were hanging out, and we had a few beers and enjoyed the place. Here I ran into David Weigel from Reason and clued him in on a Ron Paul event for undecided voters on Saturday which wasn’t on any published schedule. I think he blogged it afterward. Then it was back to the hotel room to once again post and upload some videos. I was up until 3 am again.

Saturday I yanked myself out of bed around 9 am and went back to work on more videos. It really takes forever to process these things, when you’ve shot hours of video and have to render them on a laptop. At home I can use a small render farm of three computers to speed things up, but on the road it takes longer.

I got to lunch at noon and managed to meet up with Peter Christ there and chatted with him. (I decided not to shoot any video at lunch; I wanted to concentrate on eating.)

Then it was off to see Barry Cooper, yet another person I really wanted to see. I don’t really do illegal drugs, but I recognize that drug prohibition has caused so many problems with our society that it must be stopped, and current efforts to stop the drug war are not doing enough, that we need some more aggressive approaches, and Barry Cooper certainly has some aggressive ideas. They might even work. Only time will tell.

I also got some short video of Bernard von NotHaus hallmarking copper and silver Liberty Dollar pieces, including three that I bought for myself. These things will sell on eBay if I ever really need the money.

After I shot those videos, it was back up to the hotel room to download it all off the camera. I did so much of that that I missed yet more afternoon sessions I would have liked to attend. I think next year I’ll bring someone with me to do all this grunt work so I can have fun.

Saturday night was John Sununu’s keynote speech. He wasn’t as warmly received as many other speakers, despite being considered the most libertarian Senator, and there was even a small protest outside the hotel. When he came in, I handed him my business card and the expression on his face when he read “Homeland Stupidity” was priceless. Regrettably, my video camera was off at the time. That would have been a YouTube moment.

Sununu made a short self-promotional speech and I’m not sure I really got my money’s worth on that one. Fortunately it was short, so I could leave and go watch the debates. While I filmed the whole thing, as I said, it really wasn’t worth watching; however, I have posted a short clip of a Ron Paul joke he made during the speech. Depending on your perspective, it’s either the high point or the low point of his speech.

I ran into Declan McCullagh and Anne Broache from CNET News.com again and took them to Murphy’s Taproom, where Ron Paul supporters were mixing it up with Barack Obama supporters, and from the idle talk I heard, were actually converting some of them into Ron Paul supporters. Declan bought me a couple of beers and expensed them, but then again I introduced him to several interesting people in the liberty movement here.

When I got back to the hotel, near 1 am, a party was in full swing in the lobby. We got thrown out and promptly retired to the rooms of Ian and Mark from Free Talk Live, one of which became the cigar smoking room, and the other of which became the room for smoking things other than cigars. Barry Cooper, who announced on Free Talk Live Saturday night that he is a marijuana smoker and that it saved his life, was in the latter room. Gardner Goldsmith dropped in and brought beer and wine with him. It’s no wonder everybody likes him. I finally got to bed at around 4 am.

Sunday morning I was up at 9 am yet again, and realized why I stopped smoking marijuana all those years ago. Combined with alcohol it gives me serious headaches. Or maybe that was all the cigar smoke rather than the other smoke. I can’t tell. Fortunately the headache was short-lived and after some coffee I was mostly functional again. I filmed the closing ceremonies, including Ron Paul. And just today remembered that my name was announced to win a free Bureaucrash T-shirt, but I was so tired I forgot to claim it.

Afterward I went off to find food. In the hotel bar I found Jason Osborne from Sakal CAI, Barry Cooper and some other people watching a football game while I ate and tried to work with some video.

Unfortunately at the time I didn’t realize I was low on hard drive space and that that’s why I couldn’t get anything to work right. Didn’t figure that one out until this morning.

All in all it was a hell of a time, and despite it being utterly exhausting I wish it had gone on longer. The people who believe in freedom so strongly that they’re even thinking about moving across the country to get more of it, let alone the people who have already done so, are some of the best people you’ll ever have the pleasure of meeting.

Thursday afternoon I arrived at the Crowne Plaza Hotel here in Nashua, N.H., to attend this year’s New Hampshire Liberty Forum. And I would have posted this yesterday morning, if it weren’t for Comcast.

Checking in was a breeze, unlike last year when the event was at a different hotel. That hotel inexplicably demanded government issued photo ID, which almost became a real problem.

I would have had this posted yesterday, except for a couple of technical problems. The first one was Comcast. The hotel provides free Internet service, with Wi-Fi in the common areas, and wired Ethernet in every room, provided by Comcast. And when something goes wrong, well, you have to call up Comcast. Friday morning I woke up, and sure enough, the wired Internet connection in my room was dead. And the Wi-Fi doesn’t reach quite as far as my room. It took three hours and two phone calls to Comcast’s technical support line somewhere in East Asia to get it fixed.

Then I discovered my non-linear video editing software has decided it wants to be buggy and not let me work with the clips I shot. So the videos I’ve published here today are closer to Dave Ridley style (he’s here, too) and are consequently of somewhat lower quality than I’d otherwise have. I still haven’t gotten that fixed, and don’t have time to do so until long after this event is over. So bear with me on the videos.

I dropped off my stuff and grabbed the video camera, and promptly went back downstairs to see who was already here. Immediately I ran into Declan McCullagh, who is libertarian enough that he would have come here on his own, even if he wasn’t writing for CNET News.com. Liberty Forum organizer Chris Lawless cracked the “DEC LAN” joke. I reminded him that it was “DECnet,” a technology I’ve actually had the displeasure of using, and would rather forget. Jon Maltz explained to Declan some of the details of the Ron Paul Revolution here in New Hampshire.

Then it was down the hall, where Ian Bernard was setting up the remote equipment to broadcast three consecutive nights of his nationally syndicated radio show (and podcast) Free Talk Live.

Then it was off to the reception, hosted by Sakal/CAI, where owner Jason Osborne told me about the Free Talk Live engraved iPod he’s giving away to one lucky person at the Liberty Forum. You can hang out here with the people I hung out with: Libertarian Party presidential candidate George Phillies, State Rep. Dan Itse (R-Rockingham), talk radio host and author Gardner Goldsmith, science fiction/horror author F. Paul Wilson who wrote the Repairman Jack series, and over the course of the weekend, many more. Sen. John McCain (R-Ariz.) is around here somewhere, too, though I haven’t run into him yet.

Still more to come this weekend, including Friday’s events, which I should have up later today.

Chinese hackers broke into Department of Homeland Security computers and made off with “many megabytes” of data, and the contractor charged with securing the department’s networks attempted to cover up the breaches, according to Congressional investigators who have asked the department’s inspector general to investigate the computer security breaches.

The Federal Bureau of Investigation has launched a separate investigation into Unisys Corp., which for $1.75 billion was supposed to install and monitor network intrusion devices for the Transportation Security Administration and at DHS headquarters, but failed to install and monitor the devices properly, according to a letter (PDF) signed by House Homeland Security Committee chairman Bennie Thompson (D-Miss.) and Subcommittee on Emerging Threats, Cybersecurity, Science and Technology chairman James Langevin (D-R.I.) and sent to DHS inspector general Richard Skinner.

The FBI would not confirm whether it had launched an investigation.

The subcommittee has been investigating “hacking activity against Federal agencies” for several months, and the allegations against Unisys are the latest find. In April, the committee heard that Chinese hackers had infiltrated Department of Commerce computers and left “little evidence behind them” of who they were or what files they had copied, the letter said.

“The department is the victim not only of cyber attacks initiated by foreign entities, but of incompetent and possibly illegal activity by the contractor charged with maintaining security on its networks,” Thompson wrote in his letter, which included 27 pages of prior correspondence (PDF) with DHS chief information officer Scott Charbo.

A Unisys spokeswoman, Lisa Meyer, said that “no investigative body has notified us formally or informally of a criminal investigation” on the matter and added that she could not comment on specific security incidents.

She said that Unisys has provided DHS “with government-certified and accredited security programs and systems, which were in place throughout 2006 and remain so today.”

Among the security devices Unisys had been hired to install and monitor were seven “intrusion-detection systems,” which flag suspicious or unauthorized computer network activity that may indicate a break-in. The devices were purchased in 2004, but by June 2006 only three had been installed — and in such a way that they could not provide real-time alerts, according to the committee. The rest were gathering dust in DHS storage closets and under desks in their original packaging, the aide said. — Washington Post

I don’t know how your computer works, but mine doesn’t do anything while it’s still in the box it was shipped in.

Department of Homeland Security spokesman Russ Knocke declined to comment on allegations Unisys covered up evidence of hacking.

“We take cyber security very seriously and there have been major improvements since the administration’s cyber security strategy announced in 2003,” he said.

Knocke said DHS has responded to “malicious cyber activity directed at the U.S. government over the past few years,” and such activity is “growing more sophisticated and frequent.” — CNN

Meanwhile, DHS grows more bloated and incompetent, unable to protect its own networks, let alone the country’s critical infrastructure.

Last weekend the Bush administration pushed through Congress a law to bolster the government’s ability to intercept the electronic communications of foreigners and other “persons reasonably believed to be outside the U.S.” without a court order.

The so-called Protect America Act, which passed both the House and Senate by wide margins just before Congress went on its August recess, allows the government to intercept the phone calls and e-mails of people in the United States who communicate with people overseas, and for the first time, allows the government to intercept communications between foreigners which are merely routed through the United States, as well as conversations of Americans traveling abroad.

The only bright spot in this legislation is that it requires the government to design procedures to prevent the intelligence collection under the law from infringing on the privacy of ordinary Americans and for the Foreign Intelligence Surveillance Court to sign off on those procedures within six months. It also requires a review of the program every six months afterward.

The legislation will “give our intelligence professionals the essential tools they need to protect our nation,” spokesman Tony Fratto said.

Democratic leaders expressed disappointment about the result, but they pointed to language that would require lawmakers to reconsider the key provisions in six months.

“My Republican colleagues chose to rubber-stamp a flawed administration proposal that fails to provide the accountability needed in the light of the administration’s past mismanagement of key tools in the war on terror,” said Senate Majority Leader Harry M. Reid (D-Nev.). — Washington Post

Privacy and civil liberties advocates were not mollified by the privacy provisions in the bill.

“Rather than acting as a meaningful check on the Executive, Congress essentially handed him a blank check to invade Americans’ privacy,” said Electronic Frontier Foundation activism coordinator Derek Slater. “Congress’ actions are particularly disgraceful given that the Administration has concealed the truth about its illegal spying.”

“This bill would grant the attorney general the ability to wiretap anybody, any place, any time without court review, without any checks and balances,” said Rep. Zoe Lofgren, D-Calif., during the debate preceding the vote. “I think this unwarranted, unprecedented measure would simply eviscerate the 4th Amendment,” which prohibits unreasonable searches and seizures.

Republicans disputed her description. “It does nothing to tear up the Constitution,” said Rep. Dan Lungren, R-Calif. — Associated Press

House Democrats complained that they had been “railroaded” into passing the bill, since they were close to passing a much narrower bill when the administration presented its demands for additional powers.

“I’m not comfortable suspending the Constitution even temporarily,” said Rep. Rush D. Holt (D-N.J.), a member of the House intelligence committee. “The countries we detest around the world are the ones that spy on their own people. Usually they say they do it for the sake of public safety and security.” — Washington Post

The rush to push through enhanced spying powers came from a ruling by the Foreign Intelligence Surveillance Court earlier this year that found that several key portions of President Bush’s terrorist surveillance program were illegal.

House Minority Leader John A. Boehner (R-Ohio) disclosed elements of the court’s decision in remarks Tuesday to Fox News as he was promoting the administration-backed wiretapping legislation. Boehner has denied revealing classified information, but two government officials privy to the details confirmed that his remarks concerned classified information.

The judge, whose name could not be learned, concluded early this year that the government had overstepped its authority in attempting to broadly surveil communications between two locations overseas that are passed through routing stations in the United States, according to two other government sources familiar with the decision.

The decision was both a political and practical blow to the administration, which had long held that all of the National Security Agency’s enhanced surveillance efforts since 2001 were legal. The administration for years had declined to subject those efforts to the jurisdiction of the Foreign Intelligence Surveillance Court, and after it finally did so in January the court ruled that the administration’s legal judgment was at least partly wrong. — Washington Post

This is important to the administration because by monitoring foreign communications from within the U.S., where many of them are routed, the National Security Agency can gain access to over one-third of the world’s communications traffic.

Bush administration officials, though, said that the measure didn’t grant any broad authority to expand the government’s intelligence activities.

In a telephone briefing for reporters on Monday, officials said the administration had set out to resolve a “narrow” technical problem that had called into question whether intelligence officials needed to get a court warrant to intercept foreign-to-foreign communications that happened to pass through American telecommunication switches. But in fact the legislation as enacted not only provides that no warrant is needed in such a situation but also goes further, in giving the administration discretion to eavesdrop on foreign communications that might involve Americans.

The officials who participated in the briefing spoke on condition of anonymity, saying only that doing so would allow them to talk more freely.

They said the legislation did not authorize “a driftnet” aimed at eavesdropping on large volumes of phone calls and e-mail messages inside the United States. But they declined to discuss in detail the N.S.A.’s broader efforts tracing and analyzing the patterns of American communications — who is calling and e-mailing whom — without actually listening to or reading the content of the conversations. Those broader data-mining activities were part of a heated dispute within the administration that led senior Justice Department officials in 2004 to refuse at first to certify the legality of the N.S.A. operations and to threaten to resign in protest over their continuation. — New York Times

On Wednesday, the American Civil Liberties Union filed a motion with the Foreign Intelligence Surveillance Court requesting the release of court orders interpreting the Foreign Intelligence Surveillance Act. “Over the next six months, Congress and the public will debate the wisdom and necessity of permanently expanding the executive’s authority to conduct intrusive forms of surveillance without judicial oversight,” the motion said.

Indeed, the only oversight the program will get is from Mike McConnell, the director of national intelligence, and the attorney general. Alberto Gonzales has hardly proved himself capable of overseeing and preventing abuses of the American people’s rights. His idea of oversight, it seems, is the word’s other definition: to fail to notice, to overlook.

As for McConnell, he says in a letter to the U.S. Senate that he is “committed to keeping the Congress fully and currently informed of how this Act has improved the ability of the Intelligence Community to protect the country and reporting — and remedying — any incidents of non-compliance.” It remains to be seen if he’s up to the task.

There are at least three other problems with this law and the surveillance system it represents.

First among them is that the government will pay communications providers to create a potentially permanent surveillance infrastructure out of the country’s communications facilities, one which could be turned inward at any time and without legal recourse.

In short, the law gives the Administration the power to order the nation’s communication service providers — which range from Gmail, AOL IM, Twitter, Skype, traditional phone companies, ISPs, internet backbone providers, Federal Express, and social networks — to create possibly permanent spying outposts for the federal government.

These outposts need only to have a “significant” purpose of spying on foreigners, would be nearly immune to challenge by lawsuit, and have no court supervision over their extent or implementation.

Abuses of the outposts will be monitored only by the Justice Department, which has already been found to have underreported abuses of other surveillance powers to Congress.

In related international news, Zimbabwe’s repressive dictator Robert Mugabe also won passage of a law allowing the government to turn that nation’s communication infrastructure into a gigantic, secret microphone. — Threat Level

A second problem is that this surveillance infrastructure is unlikely to be secure, and will make an inviting target for hackers, criminals and other countries, not to mention the very terrorists it’s supposedly meant to catch.

Grant the NSA what it wants, and within 10 years the United States will be vulnerable to attacks from hackers across the globe, as well as the militaries of China, Russia and other nations.

Such threats are not theoretical. For almost a year beginning in April 2004, more than 100 phones belonging to members of the Greek government, including the prime minister and ministers of defense, foreign affairs, justice and public order, were spied on with wiretapping software that was misused. Exactly who placed the software and who did the listening remain unknown. But they were able to use software that was supposed to be used only with legal permission.

The United States itself has been attacked. In six hours in August 2006, remote attackers entered computers at the Army Information Systems Engineering Command at Fort Huachuca, Ariz.; the Defense Information Systems Agency in Arlington; the Naval Ocean Systems Center in San Diego; and the Army Space and Strategic Defense Command in Huntsville, Ala. The hackers transported more than 10 terabytes of data to South Korea, Hong Kong or Taiwan, and from there to the People’s Republic of China. Each intrusion was only 10 to 30 minutes. The downloaded information included Army helicopter mission-planning-systems specifications and flight-planning software used by the Army and Air Force. — Washington Post

Why don’t we save the taxpayers a few hundred billion dollars and just publish all the government’s secrets on the Internet where everybody can get to them without having to waste 30 minutes hacking into an insecure system?

Finally, widespread surveillance introduces destructive changes in behavior in the population under surveillance.

Now imagine a society where everyone knows they are or may be watched as they walk through the streets, or while surfing online. That – as in societies like Hitler’s Germany or Soviet Russia – will have tangible and widespread psychological consequences, reinforcing conformity, and literally crippling the ability to make autonomous and ethical decisions, he argued.

An analogy might be the well-studied population of children with overprotective mothers, the philosopher said. Studies show that such children tend to be indecisive, dependent on others, have little “ethical competence,” and often live suppressed and unhappy lives.

As or more disturbing may be the political implications of having a surveillance infrastructure in place.

Many philosophers reject the notion that given technologies are inherently politically neutral, [philosopher Sandro] Gaycken said. Surveillance, for example, can be used to support democratic values of freedom, equality, and state neutrality – but its tendency to create a watched and a watching class lends itself better to totalitarianism. In a country such as Germany, which has seen democracy slide into the Nazi state, such a warning resonates strongly.

“Surveillance stabilizes totalitarianism, and destabilizes democracy,” Gaycken warned. — Threat Level

So the end result is 300 million Americans who think they’re safe because the government is watching out for them by watching them, even though they weren’t doing anything wrong to begin with. Shortly, the people begin watching what they say, suppressing themselves out of fear they could be mistaken for a terrorist, and the destruction is complete.

This makes yet another year I didn’t make it to DEFCON, the longest-running hacker conference now in its 15th year. Which is unfortunate, because I really would have loved to have been at the opening speech at the Black Hat Briefings, held just prior to the main event this weekend, and at which the National Security Agency got up and asked the hacker community for help.

Tony Sager, chief of NSA’s Vulnerability Analysis and Operations Group, addressed the crowd Wednesday, saying that IT security and information assurance is now too big a problem for government to solve on its own.

As part of its information assurance mission, NSA participates in various computer security initiatives such as the Common Vulnerabilities and Exposures security vulnerability index and the Department of Homeland Security’s Security Content Automation Program. NSA also publishes security configuration guides for various operating systems such as Windows Vista and Mac OS X, as well as SELinux, a version of the Linux kernel with improved security.

“We’ve got to figure out how to solve this problem with solutions that scale across the entire community,” Sager said. That means his agency has to bring its information to the table and find common ground with the private and academic sectors. “‘We’re from the government and we’re here to help’ doesn’t work with this crowd.”

Although much of NSA’s work remains secret, Sager’s group is a reflection of the need to develop open and standardized security and research practices.

When he began working at NSA in 1977, “it was a dramatically different security problem,” he said. IT security was a government monopoly. “The government owned the problem” and could control the technology. “Those days are over.”

NSA has struggled with the change in culture. “But you have no choice but to be concerned about the security of commercial products” over which the government has no control, Sager said. “We changed the way we behaved” to gain the trust and cooperation of the security research community. — Government Computer News

I’m always amazed on those rare occasions when government actually admits that it can’t do something. Government can’t really do much of anything very well, though it hates to admit it. Anything government isn’t doing means less taxpayer money lining bureaucrats’ and contractors’ pockets, and what government isn’t doing gets done better.

I just wish I could have been there to see it myself. Unlike last year, I could easily have afforded to go, but I waited too long to get my travel plans in order. Oh well, there’s always next year.

(Hat tip: Fergie’s Tech Blog)

On June 18, I visited the Plainfield, N.H., home of Ed and Elaine Brown, to attend a press conference. Since then, the U.S. Department of Justice has decided they should keep an eye on me.

But one or two people have decided that they should harass and annoy me as well.

The harassment campaign started in earnest June 27 with a message sent from a government-issued computer which stated that “you along with several of your fellow Ed supporters are going to jail.”

After publishing that message, the person who sent it backed off for a while, but in the last few days, more messages have come in.

Ed and Elaine Brown were convicted in federal court in January of tax evasion and money laundering charges. They walked out halfway through their trial after the judge refused to allow them to present portions of their defense. Since then they have remained at their Plainfield home, which is still under construction. They were sentenced in absentia in April to 63 months in federal prison each.

U.S. Marshals and others within DOJ have been reading this site for some time, but especially after I published information a month ago which indicated that a violent raid on the Brown residence was imminent. U.S. Marshal Stephen Monier has said he wants to resolve the standoff peacefully, but two apparent aborted raids stand as testimony to refute that position.

On Tuesday afternoon, one of them sent me an explicit message that I was sure to see. The following contains excerpts from the web server logs for this site.

149.101.1.130 - - [17/Jul/2007:18:54:26 +0000] "GET /2007/03/15/moving-to-new-hampshire-open-thread/ HTTP/1.0" 200 41062 "http://www.google.com/search?hl=en&q=%22Michael+Hampton%22+ Manchester+NH+We+are+still+looking" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; DOJ3jx7bf; SV1; .NET CLR 1.1.4322)"

This DOJ official performed a Google search for “Michael Hampton” Manchester NH We are still looking from the comfort of the office.

Shortly after that, someone sent the following message, apparently intended to intimidate, through the site’s contact form. “We will be watching the Murphy’s Crew. So keep an eye out for those cameras and sedans that will be around. Keep checking over your shoulder. The Men in Black.”

70.195.30.181 - - [17/Jul/2007:20:13:37 +0000] "POST /contact/ HTTP/1.0" 200 23369 "http://www.homelandstupidity.us/contact/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"

POST /contact/ HTTP/1.0
Host: www.homelandstupidity.us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
X-McProxyFilter: ************
Keep-Alive: 300
Referer: http://www.homelandstupidity.us/contact/
Cookie: __utma=211943821.1295374641.1184702849.1184702849.1184702849.1; __utmb=211943821; __utmc=211943821; __utmz=211943821.1184702849.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Type: application/x-www-form-urlencoded
Content-Length: 364

wpcf_your_name: I wonder who it could be
wpcf_email: watchingyou@whatever.com
wpcf_website: www.thinkagain.com
wpcf_msg: We will be watching the Murphy's Crew. So keep an eye out for those cameras and sedans that will be around. Keep checking over your shoulder.

The Men in Black
Submit: Submit
wpcf_stage: process

(I hope that that IT purchase on your GSA purchase card was properly approved. The bean counters get really mad when you don’t fill out all the paperwork for one of those.)

The message refers to a weekly gathering of Free State Project members at Murphy’s Taproom, a local restaurant and bar.

This afternoon, two more messages came in via the contact form. The first: “Michael could you post a list of hot spots for us in Manchester, NH so that we may watch you a little better.”

64.241.37.140 - - [18/Jul/2007:17:44:57 +0000] "POST /contact/ HTTP/1.1" 200 23610 "http://www.homelandstupidity.us/contact/" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"

POST /contact/ HTTP/1.1
Host: www.homelandstupidity.us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
X-McProxyFilter: ************
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.homelandstupidity.us/contact/
Cookie: __utma=211943821.1126055031.1184780390.1184780390.1184780390.1; __utmb=211943821; __utmc=211943821; __utmz=211943821.1184780390.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)
Content-Type: application/x-www-form-urlencoded
Content-Length: 283

wpcf_your_name: The Watchers
wpcf_email: watchthis@bbb.com
wpcf_website:
wpcf_msg: Michael could you post a list of hot spots for us in Manchester, NH so that we may watch you a little better.

Thanks
Submit: Submit
wpcf_stage: process

Three minutes later, yet another one came in. “you really have no clue which computers are gov’t and which aren’t. you’re a joke, also we need more chemtrails.”

85.234.150.253 - - [18/Jul/2007:17:47:44 +0000] "POST /contact/ HTTP/1.0" 200 23611 "http://www.homelandstupidity.us/contact" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"

POST /contact/ HTTP/1.0
Host: www.homelandstupidity.us:80
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5
Referer: http://www.homelandstupidity.us/contact
Content-Type: application/x-www-form-urlencoded
Content-Length: 252

wpcf_your_name: MIB
wpcf_email: ioerror@ioerror.us
wpcf_website: michaels dementia
wpcf_msg: you really have no clue which computers are gov't and which aren't. you're a joke, also we need more chemtrails
Submit: Submit
wpcf_stage: process

This will be the first time the word “chemtrails” appears on this site. I double-checked to be sure. (Is that even a word?)

All three messages appear to be from the same computer. The IP addresses are a Verizon Wireless data connection, a Panera Bread Wi-Fi hotspot, and a well-known proxy server which DOJ has a long history of using.

I’ll let you draw your own conclusions about the mental state of the person sending these messages. For myself, I can say it’s quite amusing that the law enforcement agents who “always get their man” not only can’t seem to find me, (it’s not that hard, but you will need a warrant or three) but have been reduced to sending childish messages over the Internet.

Oh, wait, that was the Mounties. They, at least, are leaving me alone.

Updates to stories previously covered at Homeland Stupidity include spying, spying and more spying.

The National Security Agency has run out of power, causing it to implement severe power-saving measures across the Fort Meade, Md., complex from which it runs acres of computing equipment to collect and process signals intelligence. Now, the NSA has implemented rolling blackouts and scheduled shutdowns of computer equipment to help keep it running at all. But it still hasn’t arranged for more power to be brought into the complex, despite having known about the problem for years.

Speaking of the NSA, last week the federal Sixth Circuit Court of Appeals overturned an August 2006 decision that held that the NSA’s terrorist surveillance program was unconstitutional. The program monitors telephone calls and other communications entering and exiting the U.S. which the government says may have a connection to terrorists. The decision was overturned because the plaintiffs could not prove they had been directly affected by the program. Lawsuits related to the program remain alive in the Ninth Circuit.

In 2005, the Department of Defense was caught running an intelligence program which was collecting information on peaceful anti-war protesters. Much of the improperly collected data originated with the Department of Homeland Security. The database was cleaned up and later shut down. The Department of Defense Inspector General released a report (PDF) on the Threat and Local Observation Notice program saying that it complied with relevant law, though some information was improperly collected. But even though the database was shut down, NORTHCOM plans to bring back something like it.

Government auditors told a Congressional committee last week that computer security at the Department of Homeland Security still needs improvement, even after years of work to remedy the problems.

The Government Accountability Office reported (PDF) June 20 that while DHS had taken significant steps to improve its computer security since a 2005 investigation, the department still had “significant weaknesses” raising the risk that individuals could gain unauthorized access to sensitive data or disrupt operations.

During the hearing, House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology members took DHS chief information officer Scott Charbo to task about the dismal state of computer security at the department, saying he had “underinvest[ed] in IT security” and questioning whether he should keep his job.

“[I]nformation provided by DHS suggests that the CIO is failing to engage in defensive best practices that would limit penetrations into DHS networks,” said Rep. Jim Langevin (D-R.I.), subcommittee chairman. “The department’s failure to implement the Einstein program, contracts with Sprint and MCI where the carrier has misconfigured the firewall, and other problems are quite disturbing.”

“It was a shock and a disappointment to learn that the Department of Homeland Security . . . has suffered so many significant security incidents on its networks,” the congressman said. “DHS reported to the committee that it experienced 844 cybersecurity incidents in fiscal 2005 and 2006.”

Langevin pointed out these included workstations infected with Trojans and viruses, a workstation infected with a Trojan scanning for port 137, which demonstrates that “individuals attempting to scan DHS systems through the Internet,” and PCs containing suspicious beaconing activity and a botnet that lets a hacker control the compromised computer. — Government Computer News

Keith Rhodes, chief technologist at the Government Accountability Office, also performed penetration testing of DHS networks. The results were surprising, not because there were problems found, but because of how many problems he found.

“I would label them [DHS] as being at high risk,” Rhodes toldInformationWeek the day after a congressional hearing into the security of the government agency tasked with being the leader of the nation’s cybersecurity. “There was no system we tested that didn’t have problems. There was nothing we touched that didn’t have weaknesses, ranging from WAN to desktops. . . . If we had continued the audit we would have found more. We curtailed the audit because we just kept finding problems. At a certain point, we just ran out of room in our basket.” — InformationWeek

And why, exactly, is computer security so important? You may not have very much of importance on your computer, but DHS certainly does.

“Terrorists or nation states could be hacking Department of Homeland Security databases, changing or altering their names to allow them access to this country, and we wouldn’t even know they were doing it,” Langevin said.

And more bad news is coming down the pike. GAO is preparing to release a report on the US-VISIT program, which maintains a biometric database of foreign visitors to the U.S., which will say that computer security problems are so severe they prevent the government from even knowing whether the system has been penetrated, and that the problems could have been easily fixed.

“I did not see controls in place that would prevent (hacking), I did not see defensive perimeters, and I did not see detections systems in place that would let you know whether it had or had not” been hacked, Rhodes told the committee. — CNET News.com

Do you feel safer now?

When it comes to freedom on the Internet, the Electronic Frontier Foundation is at the forefront of the battle. Whether it’s the national ID card, digital rights management, online privacy or domestic spying, EFF is doing the hard work of defending against those who would abuse the power of government against the people.

That’s why I give them money.

And I just got a nice letter back from them for my recent contribution.

June 5, 2007

Dear Michael,

Thank you for your generous donation of $ 55.00 to the Electronic Frontier Foundation (EFF), which we received on 5/8/07. EFF is a 501(c)(3) organization, and EFF’s federal tax ID number is 04-3091431.

Your donation enables EFF attorneys, technologists, and activists to continue to protect free speech, fair use, innovation and privacy in the online world, as we have done since our founding in July of 1990. Keep up with our work by subscribing to our weekly electronic newsletter, EFFector, at http://www.eff.org. And become involved! Check out our action center to see the latest way you can help at http://action.eff.org.

Once again, thanks for your support.

Sincerely,

Nicole Nguyen
Membership Coordinator

PS: Your gift is tax deductible as allowed by law. EFF respects the confidentiality of its supporters and we do not lend, rent or sell our lists of donors at any time. No goods or services were provided in consideration of this contribution.

The history of how EFF got started is quite the interesting read. The Secret Service severely overreacted to a bunch of teenage hackers ripping off BellSouth (now AT&T) for an electronic copy of a $14 document.

I’ve been meaning to give them money for quite a while and for various reasons never quite got around to it. I won’t forget again.

The Internet sales tax is back.

Sen. Mike Enzi (R-Wyo.) has introduced a bill to require Internet-based businesses to charge state sales taxes on out-of-state purchases.

The bill, introduced May 22, would allow states which harmonize their sales tax laws under the Streamlined Sales and Use Tax Agreement to force out-of-state businesses to charge sales tax to customers in their states.

A press release from Enzi’s Senate office said that the bill would “level the playing field” by preventing consumers in high-sales-tax states from buying products out-of-state and avoiding paying sales taxes.

Enzi is concerned because states are missing out on billions of dollars of taxes because they buy products in interstate commerce, and he wants to bring the bacon back home.

“If Congress continues to allow remote sales taxes to go uncollected and electronic commerce continues to grow as predicted, other taxes, such as income or property taxes, will have to be increased to offset the lost revenue to state and local governments,” Enzi said.

“It is now time for Congress to provide states that enact the Streamlined Sales and Use Tax Agreement with the authority to require remote retailers to collect sales tax just as Main Street retailers do today.”

Enzi’s arguments about leveling the playing field have several fundamental flaws. To begin, nothing prevents brick-and-mortar shops from maintaining online presences — where generally no sales taxes would apply. An alternate solution, available to the states, is to follow the lead of Alaska, Delaware, Montana, New Hampshire and Oregon by eliminating the sales tax for brick-and-mortar operations. Instead, Enzi wishes to stifle a hundred billion dollar a year and rapidly growing sector of the American economy. The most obvious flaw is that government, at all levels, could concentrate on reducing spending as opposed to increasing taxes.

“This is yet another GOP tax increase to help pay for the Republican addiction to massive government spending,” said Libertarian Party Political Director Stephen Gordon, whose efforts helped kill a major Republican tax increase proposal in Alabama. “One would think that the Republicans, following the 2006 election results, would have learned to keep big government programs off the table.” — SmallGovTimes.com

So much for Wyoming being a bastion of limited government if tax-and-spenders like Mike Enzi represent the state’s Republican Party.

Keeping government spending in check and government out of people’s lives, historically conservative, Republican positions, seem to have fallen by the wayside. Unless, of course, you’re Ron Paul.