Saturday, June 29, 2013

The NSA and You - Privacy in a Connected World

By now everyone has (hopefully) heard about the most recent scandal involving the National Security Agency (NSA) collecting data on everyone's "private" phone calls, emails, internet activity, etc.. While I do agree that this activity is illegal, a violation of our rights, and not to mention wildly inappropriate in a nation formerly known as "the land of the free," I am not in the least bit surprised. You shouldn't be, either.  Here's why.

The thing that makes the internet wonderfully awesome is that, at its core, it is really dirt simple. It's just a really great and (usually) efficient way of moving bits and bytes of data across networks of computers. It was never designed with security in mind - just simplicity.  It's that simplicity that has allowed it to be used for so many different things from email to streaming music videos to phone calls to shopping .. the sky's the limit, really. If it can be done by moving information from one point to another, it can be done on the internet. And the convenience and speed with which it can accomplish that simple task has become an inextricable part of our modern lives.

The thing is, we have also developed several unrealistic expectations when it comes to privacy on the internet. We expect our email and text messages, for example, to only be "opened" and read by the recipient - similar to when we send a letter via the US Postal Service. We expect our phone calls made over digital networks to be private, just like our old analog phones were back when you had to get a warrant and climb a telephone pole to establish a wire-tap. And for some reason that is incomprehensible to me, we also seem to expect information we post on public web sites like Facebook and Twitter to only be seen by people we want to see it and no one else. The thing is, these things just aren't so. Those of us who make a living in the computer industry and have been exposed to the internet and its internal workings for a long time know this, and it's about time the rest of the world did, too.

Your "private" email and text messages are not at all like a sealed letter going through the post office. They're more like postcards - able to be read, copied, archived, and even modified undetectably any time during transit. The protocols that handle these "letters" were not designed with security in mind - they were designed to be dirt simple and fast.  Security was to be the responsibility of the user, not the transporter.  And don't even get me started about your facebook and twitter activity - you might as well be publishing your information in a newspaper or yelling it through a megaphone on a street corner.

"Well, what does all this have to do with the NSA spying program," you ask?

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

-- US Constitution, Amendment 4

Written as part of the original Bill of Rights, the Fourth Amendment pre-dates the internet by 2 centuries. However, it has been interpreted to apply to modern forms of communications like telephone calls, etc, and presumably also to internet communications. At this point, before you continue, I'd like you to followthat link up there and read the Wikipedia page on the Fourth Amendment.  Go ahead, read it. I'll wait...

So .. did you notice how much it's already been eroded over time by the courts?  Did you notice how the government can basically look at anything you say or do as long as they can show you had no "reasonable expectation of privacy?"  Did you notice how "reasonable" isn't clearly defined, so it can mean whatever they want it to?  So, how do you think they will argue when you say your un-encrypted email had a reasonable expectation of privacy?  What about your unencrypted text messages?

What you need to know is that there's a very good reason the NSA and other government agencies and even corporations are spying on internet users the way they are:  it's because it's so EASY, and because we let them in exchange for convenience.  That's right, when you sign up for a gmail or facebook or yahoo or whatever account, you usually agree to allow them to collect, analyze, and sell anything you do with that account.  You basically waive your "reasonable expectation" of privacy by agreeing to the terms and conditions for your shiny and very convenient google account. Don't get me wrong, I love the convenience these things offer - I even have 2 google accounts myself!  But, I harbor no delusions about privacy or security of anything I do online, because I know how the internet works. And now you have an idea, too.

"I don't use encryption because no-
one I communicate with uses encryption."
 -- Me
If you want the privacy afforded in the "snail mail" world by a "privacy envelope," then you need to use encryption, and you need to encrypt your stuff in files on your own computer before you type them into your GMail (or whatever web mail client you like) window.  You need to learn about public key cryptography and secure passwords and entropy and a host of other complex and scary-sounding words. You need to learn about SSL and secure data destruction as well, as well as all the shortcomings and vulnerabilities of these methods.  Did you know that, for example, anything stored to your hard drive can be recovered after being deleted?  This is true to the point that even so-called "secure data destruction" software isn't a guarantee. In fact, the standard FBI-approved method for secure data destruction involves melting the hard drive with a thermite bomb!

The thing is, encryption and security is HARD.  Certainly harder than it was in 1789!  Back then, if you wanted privacy, all you had to do was lock your papers up in your house, or talk to your buddy out behind the woodshed without anyone in earshot. Today, the "lock" is strong encryption .. the "secure envelope" is public key crypto with strong digital message signing and trusted public keys. And while some degree of anonymity and privacy can be had from Virtual Private Networking and projects like TOR, "Behind the woodshed" remains unchanged:  if you want real privacy in your communications, that's where you have to be - not on the internet and not through the mail.  I think the real purpose of these tools, rather than to actually keep your stuff away from prying eyes, is to allow us to reclaim some of that "reasonable expectation of privacy" in case we're ever taken to court over something we said in an email.  A lawyer could conceivably argue that the evidence, if seized without a warrant or probable cause (as in the case of NSA surveillance), was inadmissible if the user attempted to protect it with strong encryption.

Anyway, the whole point of this article is to shatter your illusions of privacy online, and provide you some search terms to check out if you're interested in trying to get some of those illusions back.  Meanwhile, one simple rule applies:  don't do or say anything on the internet that you wouldn't want Big Brother to know. Because if you think they're going to stop spying on us, you're even more delusional than I thought.

Wednesday, June 26, 2013

Harry Potter and the Zombie Apocalypse

Consider the following scenario.  You are a wizard or witch from the Harry Potter universe. You find yourself confronted with a horde of mindless zombies, like the ones found in The Zombie Survival Guide or World War Z (both by Max Brooks).  Armed with only your wand and your magical abilities, how do you eradicate the undead threat?  What spells do you use and when?  Hopefully, this post can help.

Avada Kadavra*
*not for use with zombies
Perhaps everyone's favorite spell is the unforgivable killing curse. When cast, it shoots a green bolt from the caster's wand that instantly kills whoever it hits. Like all spells, though, this one can miss its intended target, reflect off of objects with shiny surfaces, or strike something that's not alive with zero effect.  Therein lies the problem: zombies, by definition, are already dead.  Avada Kadavra all you like, you can't kill that which is already dead.

You can, however, set it on fire with an Incendio spell. While this particular charm can be very effective against a horde of undead, it can also backfire on  you, and therefore should be used only with the greatest caution.  A flaming zombie will still be able to move for a time, and it won't stop chasing you until it's brain is consumed by the fire. Meanwhile, it
Fire! Fire! Fire!
will set ablaze anything else it comes in contact with for even a second or two, including other zombies, curtains, trees, dry grass, wooden structures, and any unfortunate wizard who happens to trip while fleeing the conflagration.  While this is not to say that setting a zombie ablaze is never a good thing, one must be very aware of your surroundings when using Incendio in order to avoid being killed by their own firestorm.

At this point, let's take a breather and consider what we really wish to accomplish. From this article's perspective, we're looking for a spell to permanently end the zombie threat - in other words, to "kill" the zombie. We know from other sources that in order to do this, one must destroy the zombie's brain, therefore we will concentrate on that goal. While kinetic energy spells (such as levitation and/or push-back effects) may have their place in combat with the undead, simply throwing zombies around will not usually permanently destroy them unless you're fortunate enough to be able to levitate a zombie into boiling lava or something.

Reducto - to dust!
Perhaps the most effective counter-zombie spell, then, is the multi-mode Reducto charm. I'm told this spell can have several different effects, depending on what the wizard is envisioning while casting. These include shrinking the object, cutting it into multiple pieces, and an immediate incineration effect that reduces the target to ash rather quickly.

While examining the usefulness of each effect, one must also consider the tactical situation at hand and consider any unintended consequences.  For example, in a close-combat situation with multiple attackers, you probably don't want a cloud of burning hot ash obstructing your view, or landing on your skin. In this case, you may be better off with going with a vertical wand flourish and slicing the zombie straight down the middle. As long as the cut goes through the head, it will slice through the brain and destroy it, granting you victory. For multiple zombies, you might be able to accomplish multiple kills in one cast by using a horizontal flourish at about eye level. I wouldn't want to be the person to have to clean up that mess, though.

As for the shrinking effect, further research and caution is definitely required. We simply don't know yet if the zombie brain can still function after being reduced in size this way. If you're going to try it, be sure to shrink them to a size where they can be easily squashed under-foot, and be sure you're wearing strong shoes that can't be bitten through. The virus that causes zombification in the first place can almost certainly be passed through a puncture wound or bite to the foot, regardless of the size of the biter.

For longer range open-air combat, the obvious choice is the incineration-to-ash effect. The will probably work best if you're upwind of the zombie horde and atop a structure they won't be able to climb. You can simply perch up there and take them out one-by-one until all that remains is a giant pile of smoldering ash. Your only limitation is the range and accuracy of your wand, which we will now discuss.

Your typical wizard's wand is, at the very basic level, a handheld piece of wood infused with some sort of empowering magical core. All of the spells we've discussed need to be aimed by the wizard - there are no "fire and forget" charms or "smart spells" known to the wizarding world. It is also well documented that spells and especially curses can not only miss their intended targets, but also reflect off of certain surfaces and sometimes fly off in unexpected directions similar to a ricochet or stray bullet.  Therefore, in any magical combat situation, it is important to have a precise and accurate aim, as well as finely-tuned situational awareness.

Since your typical wand is held in a single hand, it can be assumed to have roughly the accuracy and accurate range of a typical handgun - about 6 or 7 meters. Of course, when the I first made this connection, a Jacob's Ladder of brilliant ideas began to buzz inside my backwoods, redneck-turned-engineer, firearm-loving brain.

At first I thought, why not fit a wizard's wand with some optics - a scope, for example. But why stop there?  Why not add a laser site?

Then, it hit me. What a wizard really needs for effective zombie combat is a long-range wand with an advanced tactical sighting system that can be extended and adapted to meet his or her individual needs as situations arise. What you need, young sorcerer, is an assault wand!

As far as I can tell, Wand Lore contains nothing to suggest that a wand must be held in one hand, or even maintain the traditional wand shape.  So, we could, theoretically, form-fit the wooden section of the wand to resemble, say, an AR-15, complete with rails, pistol grip, etc. Instead of a magazine, the magical core of the wand would be precisely aligned inside the "barrel" of this creation, allowing for precision long-range casting of any spell the wizard could conjure. Combine this type of wand with the Reducto charm, and you'll be disintegrating zombies from 300 meters or farther. Since spell bolts don't drop over distances like bullets, we wouldn't need to design a separate platform for those record distance shots from kilometers away - it simply becomes a training issue.

Alternatively, it may be possible to simply attach a wizard's existing wand as an accessory to a traditional tactical rifle. The best place for this would probably be on the forearm of the rifle since the wizard would then be able to maintain the physical contact with the wand itself that seems to be required for spell casting. Conveniently, this position also offers close proximity to the barrel and, therefore allows spells to be aimed just as precisely as bullets without having to adjust the rifle's sights.