Thursday, March 1, 2012

Key Bank, (in)Security & Datafarming

Today I logged into my bank account at Key Bank, and after answering my security questions (crafted with years of experience), instead of being sent to my account pages, I was thrown to this page:

I have no loans with Key Bank. I have no credit line with Key Bank. I have nothing with Key Bank but a checking account, with no Direct Deposit, no tie-ins, nothing; a plain old-fashioned manual checking account.

Look at what they are asking for: height (last time it was driver's license number), employment history information, car registration information...

This is the second time I have been forced to go through this "verification process" without ever having given Key Bank this information. Key Bank has absolutely no business having this information. I put money in; I take money out. I do not Direct Pay any bills; I maintain absolute manual control over my banking processes.

Not only is this bypassing my own crafted security, it is destroying my own security. They are linking my bank account to publicly-searchable information, which is no security at all; it is a menace to security. They are compiling my separate data in one place, which means if they are hacked, the crackers get all of my information in one nice package.

This is a security threat, Key Bank. This is irresponsible, reprehensible, stupid and way more intrusive than you are allowed to be as a handler of my money, which you make profits from. I am not your child; I am not your consumer. I am your customer, your client.

6e * 65 * 74 * 77 * 6f * 72 * 6b

Key Bank, you are history; I'll be changing bank accounts tomorrow and deleting you from my existence. You are also now the target of an information campaign to spread awareness of exactly how insecure your systems are, how inadequate and possibly-criminally negligent whatever unqualified bonehead "security IT person" injected this process into your verification system & are under suspicion of selling my data for profit in a way you were never authorized to do. Congratulations. Enjoy the feedback.

6e * 65 * 74 * 77 * 6f * 72 * 6b

Friday, January 27, 2012

In Defense of Twitter

*DISCLAIMER: Unlike usual, this is an OP-ED piece. It's a pain day for me, so I'm a bit scrambled on pain & meds - this post won't have the usual links to everything in it. You can trust me, or you can do your research to verify what I set forth as fact (which I recommend anyway).

6e * 65 * 74 * 77 * 6f * 72 * 6b

Why you should consider this post

There's a big wave of discontent against Twitter for announcing that it can/will be censoring tweets by country to comply with their legal requirements. People are "outraged" and want to "show Twitter who's boss" and "communication should be free" and...

Please listen to me now: I've been fully-involved in the internet and politically-aware of what concerns it both technically and legally since Operation Sun Devil & the Steve Jackson Games FBI raids. I happened to be a noobie on the net at that time, and SJG/Illuminati site was a place to go for game info and community revolving around Steve's excellent tabletop RPG games.

If you read my last post about #SOPA (or this entire site) you know that I know my stuff; I know a lot about the legal shenanigans the government & industry have been using to attempt to control the channels of communication for the last 25+ years. It has been my privilege and my pleasure to consider myself a Netizen (a citizen of the Internet) for longer than most people. Because I live here, more than most, I've considered it my civic duty to watch, learn, investigate and talk about the technology & the implications of it for evolutionary change and human freedom.

Also because I have spent as much time here as other people spend on "having a real life" - children, a home, a career - I do know things; I spend a lot of time learning about my environment, the people who live there and the forces arrayed against this historically-unique manifestation of free speech.

So now I must speak out in defense of Twitter.

6e * 65 * 74 * 77 * 6f * 72 * 6b

What Twitter Did (as opposed to what people think they did)

Twitter has announced that, in order to keep within the legal requirements of other countries in order to continue operating in those countries, their tech allows the company to block tweets or users on a country-by-country basis. Previously, blocking tweets had to be done globally, meaning if an oppressive regime asked Twitter to remove a tweet or block a user, it had to be done for everyone in the world. Now, Twitter can remove that tweet in that country, but allow the world to see it.

At the same time, Twitter slipped users a key to the lock. Think about that.

With all this chatter lately about "what companies are doing to suppress our rights," it's easy to get caught up in someone's gut reaction, their outrage or their political position. But that's playing the game we all want to get away from. That's the Polarity Game; the Chessboard with two opposing sides, in black and white. But that is not how things work. That is not the Network Model; "it's a trap!"

By slipping us the Key, Twitter is walking a minefield, and you should understand just what minefield Twitter is in before you start formulating adamantine black-and-white opinions.

6e * 65 * 74 * 77 * 6f * 72 * 6b

What's going on

If you're reading this, you're one of the people that have become aware of the attempts by governments and industries to contain, alter, geld and control the internet. There was a reason this was named "The Information Revolution" many years ago; it is only now that people are understanding this was no whim, no PR snappy soundbyte; no cute metaphor like "the information superhighway" - this was a dry, technical description of what this technological breakthrough meant/would mean. This is war.

The forces arrayed against an open Internet are formidable. This slowly-building, covert war against the technology and implications of an easily-accessible means of mass communication is coming to a head.

For a moment, compare Twitter's actions and speech to those of Google, AT&T, Viacom, Comcast & the rest of the Players. Google has not only told users to STFU and take what they offer, its been less-than-forthcoming about its compliance with the US Gov/TSA/DHS/NSA/spook crowd. The same goes for AT&T, who has not only folded and let the spooks install monitoring on every trunk line they own, they've used their muscle and weight to push legislation (hand-in-hand with government) for retroactive immunity for Constitutional violations and illegal operations. Rinse and repeat for the rest of the Players.

On the other hand, what Twitter has done is technically comply with these draconian measures to suppress speech, meanwhile dispersing the technical information necessary to route around these measures in order to keep the channel of communications that is Twitter open and in use.

What Twitter could have done

Twitter could have complied like Google and allowed whatever country(s) to dictate whether Twitter could be reached at all. By technically complying with these requests/dictates, Twitter remains open as a tool for communication in war time.

On the other hand, if Twitter did not bow to these "regulations" and gave the metaphorical Finger to these communications-fascists, Twitter could have easily been blocked/cut off/removed from an entire country's use (except in cases of VPN/ssh and other tools/techniques which require a bit of technical ability). At this point, I wouldn't trust our own government not to resort to dirty tricks, "business regulations," obscure lines buried in telcomm laws already passed or secret DHS/TSA "orders" to destroy Twitter as a business.

Think of the French Resistance, operating under cover in Vichy France. You might wish to run out into the street and scream "Fascist!" at any passing member of the ruling junta... which would get you shot; end of story. But what if communications with the Resistance depended on you to relay messages, supplies and information? Giving in to your (understandable) rage would hurt a lot more people than you... so you wouldn't; you'd bite the bullet, smile and nod to the Jackboots, serve their coffee and listen carefully for information that would be of use to the Resistance.

6e * 65 * 74 * 77 * 6f * 72 * 6b

This is war

This is war, and you have to think; the world is not black-and-white - that's the old revolving-gameboard, binary, dualistic model we're trying to get out from under. Twitter has not bent over like the others. Twitter has basically played by the letter of those rules in order to get around those rules with imagination, cleverness and technical know-how while striving to keep the ability to communicate freely open.

This took some guts, knowledge of their own system and knowledge of the ignorance of the enemy. Twitter was very clever... much more so than, say, Google. Twitter was also very transparent about what was going on; again in contrast to the Goog, the telcomms and the govt.

Twitter has openly danced on the plank like Capt. Jack Sparrow, putting on a good show for the Powers while flashing signals with a concealed mirror to Loyalists and Netizens to be aware, be ready and use the tools provided.

For these reasons, in this case, I commend Twitter and I put my experience, my technical, legal and historical knowledge behind that support. Twitter's gone much farther for netizen's rights than almost any other major company I can think of and it is important to me (as it should be to you) to recognize a clever ally in wartime.

For these reasons, I will not be participating in Op #Twitterblackout.

6e * 65 * 74 * 77 * 6f * 72 * 6b

Tuesday, January 17, 2012

SOPA & PIPA: An Internet Legal History Primer

Today, January 18, 2012, a huge amount of websites will be "going dark" as a protest and demonstration of the damage that the Stop Online Piracy Act [SOPA / HR 3261] and the and the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 [P.R.O.T.E.C.T. IP Act -PIPA - S. 968] are prepared to do to the functionality of the internet in the name of "protecting intellectual property" at the behest of the media megacorps.

An incredible array of tech and internet sites are taking part in this protest/declaration/demonstration; your internet will not look the same at all [for a day]. The provisions in PIPA and SOPA can actually break the internet's functionality; this is being pushed by a coalition of media and entertainment companies to "protect their intellectual property from pirates." Yes; they'd rather break the internet's functionality than figure out why their old rapacious business models are failing.

You may not know it, but SOPA & PIPA are only the latest in a long line of laws attempting to limit, contain, channel and control the internet. I have lived through these times on the net and offer some historical outline below. Unfortunately, since Wikipedia will be blacked out today, you'll have to come back tomorrow if you want to explore these links in more depth.

6e * 65 * 74 * 77 * 6f * 72 * 6b

A History of Communications, Privacy and Internet Law

1984: Cable Communications Policy Act of 1984 - set forth strong protections for subscriber privacy by restricting the collection, maintenance and dissemination of subscriber data. The Act prohibited cable operators from using the cable system to collect "personally identifiable information" concerning any subscriber without prior consent, unless the information is necessary to render service or detect unauthorized reception. The Act also prohibited operators from disclosing personally identifiable data to third parties without consent, unless the disclosure is either necessary to render a service provided by the cable operator to the subscriber or if it is made to a government entity pursuant to a court order.

[The USA P.A.T.R.I.O.T. Act [Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act of 2001] has narrowed/gutted the CCPA privacy provisions considerably]

1986: The Electronic Communications Privacy Act (ECPA) was passed by Congress to expand the scope of existing federal wiretap laws, such as the the Omnibus Crime Control and Safe Streets Act of 1968 (Wiretap Act) to include protection for electronic communications and expanded the privacy protections of the Wiretap Act in five significant ways:
  1. ECPA broadened the scope of privileged communications to include all forms of electronic transmissions, including video, text, audio, and data.
  2. ECPA eliminated the requirement that communications be transmitted via common carrier to receive legal protection.
  3. ECPA maintained restrictions on the interception of messages in transmission and adds a prohibition on access to stored electronic communications.
  4. ECPA responded to the Supreme Court's ruling in Smith v. Maryland (June 1979) that telephone toll records are not private and restricts law enforcement access to transactional information pertaining to users of electronic communication services.
  5. ECPA broadened the reach of the Wiretap Act by restricting both government and private access to communications.

[The USA P.A.T.R.I.O.T. Act [Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act of 2001] narrowed/gutted the ECPA privacy provisions considerably]

1987: The Computer Security Act of 1987 reaffirmed that the National Institute for Standards and Technology (NIST) is responsible for the security of unclassified, non-military government computer systems. The main purpose of the Act is to protect unclassified information from military intelligence agencies. However, the Act has since been weakened, primarily as a result of the efforts of the National Security Agency and repealed with the Federal Information Security Management Act of 2002 [FISMA, see below]

: The Secret Service is given authority by Congress over "access device fraud" as an extension of its "wire fraud" authority.

1990: Operation Sun Devil, Steve Jackson Games, Inc. v. United States Secret Service

These two raids and subsequent court cases resulted in the creation of the Electronic Frontier Foundation and provided law enforcement with evidence to convince the US Congress of the need for additional funding, training and overall expansion of Federal law enforcement.

The great hacker witch hunt hysteria begins in earnest; "hackers are going to destroy your word perfect documents and steal your credit cards!!!!!"

1991: Telephone Consumer Protection Act of 1991 amended Title II of the Communications Act of 1934 and requires the Federal Communications Commission ("FCC" or "Commission") to promulgate rules "to protect residential telephone subscribers' privacy rights." In 2002, a federal judge ruled that the TCPA's ban on sending unsolicited fax advertisements was an unconstitutional restriction on commercial speech.

1994: Communications Assistance for Law Enforcement Act of 1994 [CALEA] aka "Digital Telephony Act" was passed by Congress to preserve the Government's ability, pursuant to court order or other lawful authorization, to intercept communications over digital networks. The Act requires phone companies to modify their networks to ensure government access to all wire and electronic communications as well as to call-identifying information. The law also included several provisions enhancing privacy, including a section that increased the standard for government access to transactional data.

6e * 65 * 74 * 77 * 6f * 72 * 6b

1996: The Telecommunications Act of 1996 [TCA] and Title V of that Act - Communications Decency Act [CDA]

Signed into law on February 8, 1996 by then-President Bill Clinton, this bill purported to foster competition among companies sharing the underlying infrastructure of networked technologies. Buried in that legislation was an amendment - Title V - The Communications Decency Act of 1996 [CDA] - which proposed to "regulate pornographic material on the Internet". This amendment is the precursor to the Child Online Protection Act [COPA] of 1998; the Children's Internet Protection Act [CIPA] of 2000 and the current pending PROTECT IP Act as well as scores of bills passed in the intervening 15 years, using the specter of pornography (later switched to child pornography), terrorism and fear to push through legislation that favors media cartels and the government's interest in strangling the free flow of information.

[Section 230 of the CDA added protection for online service providers and users from actions against them based on the content of third parties, stating in part that "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider". Effectively, this section immunizes both ISPs and Internet users from liability for torts committed by others using their website or online forum, even if the provider fails to take action after receiving actual notice of the harmful or offensive content. We'll return to this important proviso later.]

Promises, promises

The TCA was actually a deregulation of the 1975 FCC cross-ownership rules put in place to limit media concentration and monopolies in the radio and television space, preventing companies from denying accessibility of airspace and broadcast space to other companies through the conglomeration and consolidation of media and denial of the common carrier infrastructure built with US tax dollars as the telegraph and later telephone copper wiring.

The TCA was supposed to foster competition, fairly distribute the use of infrastructure paid for by the public and allow for the collection of a levy handed to the telcos to upgrade and improve the national backbone and fiber-optic cables, requiring "fiber to the curb" by 2006. The Bell companies — SBC, Verizon, BellSouth and Qwest, claimed that they would step up to the plate and rewire homes, schools, libraries, government agencies, businesses and hospitals, with a fiber (and coax) wire capable of at least 45 Mbps in both directions, and could handle 500+ channels... if they received financial incentives. This wiring was to be done in rich and poor neighborhoods, in rural, urban and suburban areas equally and would be open to ALL competitors, not a closed-in network or deployed only where the phone company desired.

[This was not DSL, which travels over the old copper wiring and did not require new regulations. This is not Verizon's FIOS or SBC’s Lightspeed fiber optics, which are slower, can't handle 500 channels, are not open to competition, and are not being deployed equitably. This was NOT fiber somewhere in the network ether or only on the intranets of the telcos but directly to homes. The FCC now defines broadband as 200 kilobytes per second in one direction — 225 times slower than what was promised in 1992]

In exchange for building these networks, the Bell companies ALL received changes in state laws that handed them excessive profits, tax savings, and other perks to be used in building these networks. It is estimated that $300 billion dollars in excess profits and tax deductions has been collected for this purpose.

(not) Built on lies

But there was a problem with this - the networks couldn't be built at the time the commitments were made. TELE-TV and Americast, the Bell companies' fiber optic front groups, spent about $1 billion and were designed to make America believe these deployments were real in order to pass the TCA.

Instead of spending the money on these promised networks, the Bell companies used the money to enter long distance markets, roll out wireless and inferior ADSL services: customers paid for a fiber optic wire and got ADSL over the old copper wiring with old and failing routers, switches and exchanges. Network capacity was lied about and the network was oversold.

[Verizon and SBC are rolling out new fiber optic services but want the laws changed again. These services are crippled, closed networks. FIOS’s top speed is only 35% of the Asian standard, and yet it cost $199 vs $40 for 100 Mbps in many European countries]

What the TCA really was about was deregulation and an open invitation to telcos, media conglomerates and lobbyists to swoop into the vacuum left by the breakup of ATT on antitrust grounds in 1982-1984. On the promises of the telcos, the FCC succumbed to lobbyist cash and sold out the protected common carrier infrastructure to corporations to use as they saw fit.

The Net Speaks Back

Written in outraged response to government's intrusion on the development of the internet through the passage of the TCA, John Perry Barlow, an early and influential voice on the web, published the Declaration of the Independence of Cyberspace on Feb. 8, 1996. Although strident and anthemic, Barlow's opinion was shared by many of the top technicals, theorists and legal scholars of that time, who saw in the TCA and the embedded CDA the beginnings of censorship and control over the channels of communication the net was opening. They also saw the first attempts by corporations to use Congress and lobbyists to shape the net for the convenience and profit of the entrenched entertainment industry, who had already begun consolidating companies and muscling out new businesses built around the net with bagsful of cash to attorneys, congressmen and the FCC.

Barlow was not alone in his perception that something underhanded was going on. Articles began appearing online and in print media pointing to something rotten in all this quickly-moving legislation:

The Telecommunications Act of 1996:A Commentary on What Is Really Going on Here

The Telecommunications Act of 1996 - Mauer School of Law

Will The New Telecommunications Act Promote Monopoly? Yes, It Will

Digital Robber Barons?

... and countless others. Search "Telecommunications Act of 1996" for more information and some awareness that these rats were smelled early by many respectable journalists and newspapers.

Those few who protested and claimed the Act would lead to mass media consolidations were surprised by how quickly that consolidation happened. Within just a few years, radio stations, over the air TV stations, cable TV stations and telephone companies were eaten up by the larger, richer companies in a feeding frenzy that has resulted in the limited, false "choices" we are forced into today. Rather than "encouraging competition," the TCA allowed consolidation of the media and control of all information received by people to a small group of sources, all of them incestuously feeding content to their own networks in a war for eyeballs (and click-throughs).

Some Further Reading on the TCA:


False Premises, False Promises: A Quantitative History of Ownership Consolidation in the Radio Industry

Lessons from 1996 Telecommunications Act: Deregulation Before Meaningful Competition Spells Consumer Disaster [Consumer Reports]

Fallout from the 1996 Telecommunications Act [PDF file - Common Cause]

Moyers on America . The Internet @ Risk . Resources . Timeline

Com101- Intro to Mass Communication: Media Economics [Cabrini College]

A Little Analytical Honesty Please...

6e * 65 * 74 * 77 * 6f * 72 * 6b

: Child Online Protection Act [COPA] passed by Congress to protect children's personal information from its collection and misuse by commercial Web sites [the law, however, never took effect, as three separate rounds of litigation led to a permanent injunction against the law in 2009]... but that didn't seem to be enough, as Congress then passed the Children's Online Privacy Protection Act of 1998 (COPPA) - the "think of the children!" spectre was first being pushed as a way to make people fear the internet.

1999: The Gramm–Leach–Bliley Act (GLB), aka Financial Services Modernization Act of 1999 regulates the privacy of personally identifiable, nonpublic financial information disclosed to non-affiliated third parties by financial institutions. The Act requires written or electronic notice of the categories of personal information collected, categories of people the information will be disclosed to, the consumer's opt-out rights, and the company's confidentiality policy. The Act also requires administrative, technical, and physical safeguards to protect the security and privacy of information.

The Wireless Communication and Public Safety Act of 1999 required all mobile telephones created after 2000 to have the capability to map the user's location through the use of global positioning systems. The primary benefit of such a system is that it enables 9-11 operators to locate callers in distress. However, such systems also raise major privacy concerns since they allow mobile telephone users to be located at any time. The Act clarified that telephone companies' must obtain the customer's opt-in consent to collect location information in any non-emergency situation.

2000: Children's Internet Protection Act [CIPA] - proposed to limit children's exposure to pornography and explicit content online. Both of Congress's earlier attempts at restricting indecent Internet content, the Communications Decency Act and the Child Online Protection Act, were held to be unconstitutional by the U.S. Supreme Court on First Amendment grounds.

2002: E-Government Act of 2002 - expanded e-government initiatives in the executive branch. The Act contained privacy protections, such as prohibitions on the secondary disclosure of information obtained for statistical purposes. This Act included the Federal Information Security Management Act of 2002 [FISMA; Title III], which recognized the importance of information security to the economic and national security interests of the United States, and the Confidential Information Protection and Statistical Efficiency Act [CIPSEA; Title V], which establishes uniform confidentiality protections for information collected for statistical purposes by US statistical agencies. The law guides standardized approaches to the idea that a respondent's information should not be exposed in ways that lead to inappropriate or surprising identification of the respondent. By default the respondent's data is used for statistical purposes only. If the respondent gives informed consent, the data can be put to some other use.

6e * 65 * 74 * 77 * 6f * 72 * 6b

Reading the above laws in light of current knowledge, you can see a pattern of stretching interpretation, ignoring provisions stated explicitly in those laws regarding privacy and the responsibility of both government and private corporations to protect consumer's privacy, limit the sharing and pooling of information and identifying records.

You know this has not happened. You know that these laws have been exploited, twisted or ignored by both government and private corporations. This is the danger of SOPA and PIPA and their ilk; proponents of the law say "trust us!" when there is ample evidence for the last 28 years that such assertations are not to be believed; that any loophole, clever lawyer word-games or outright bribery or intimidation will be used to turn these laws into a bludgeon against free speech under the rubric of "protecting intellectual property."

6e * 65 * 74 * 77 * 6f * 72 * 6b

To the people who would say the government "has a right" to do this because "DARPA created the internet" or "companies pay for the servers and lines," let me make a very important point:

The government did not pay for the lines the internet uses, nor did the communications companies. Those (mostly) copper lines were paid for by your parents and grandparents in taxes, surcharges and easements given to The Bell System, AT&T and the rest of the corps, who then taxed you (through Congress) to lay those lines.

You continue to pay for a 1997 grant of $93 billion dollars to the communications companies to roll fiber out to the home by 2004. None of that has happened; the telcos took that money, in violation of the terms of the deal made with Congress for that purpose, and instead used it to invest in their own wireless market. You have been, and are being, ripped off [check your phone bill; see those "federal excise taxes" and "surcharges"? That's the debt you're paying for something not rendered].

You own the internet. You paid for it; you still pay for the infrastructure.The government does not own the internet, nor do the telcos.

46 75 63 6b 20 53 4f 50 41

46 75 63 6b 20 50 49 50 41

46 75 63 6b 20 74 68 65 20 52 49 41 41

46 75 63 6b 20 74 68 65 20 4d 50 41 41

46 75 63 6b 20 43 6f 6e 67 72 65 73 73