Posts

Three Things: Goodbye to the Once and Former Shitty Crustpunk Bar

[NB: As always, check the byline. /~Rayne]

Social media sites can be like your favorite watering hole, whether a blog, a forum, a platform like Orkut. You find one you’re comfortable hanging around because of content, and then you stay longer if you like the regulars who are likewise attracted to the content.

You get to know the regulars’ names after becoming familiar with the dynamics of the digital neighborhood. After a while you realize you’re a regular too – you’ve gotten to know this person has kids, that person has a beloved pet, yet another has a quirky habit manifest in the way they comment.

They get to know you and call you by your name as if you were Norm entering that Boston pub called Cheers.

Site moderators get to know you, too, may cut you a little slack if you’ve been there long enough and paid your dues to the community by making your own form of contribution with credible comment material and respectful interaction.

With some investment getting yourself situated for optimum comfort, it’s easy. Everything just comes to you — the bartender now knows exactly what to serve you.

All of this is incredibly important to people who are marginalized offline. The digital neighborhood can be a lifeline of sanity, a place where they can escape the oppressive crap of the real world. They can join the community through a lingua franca within their circle of safety. They don’t have to burn any more precious energy to obtain a measure of peace.

Safety borne of familiarity, regularity, and connection, of a cultivated common culture — that’s what the digital refugees who are fleeing Twitter miss, that’s what they’re seeking.

It’s not at all easy to replace. It also feels like personal and social loss to leave it.

Except the refugees didn’t leave it. It left them.

~ 3 ~

A couple years ago there was a really great thread at Twitter in response to comments made about the far right’s weaponization of free speech.

We’ve seen the weaponization in action in many ways – the white nationalist Nazi-types terrorizing Charlottesville with tiki torches while exercising their free speech, ultimately resulting in the death of a young woman crushed by a white nationalist expressing himself with his car.

Cosplay Nazi-lite lighting smoke bombs during a rally without a permit on the National Mall, or planning to disrupt a Pride parade again in cosplay.

Disrupting community events at libraries, terrorizing families enjoying themselves.

Or the January 6 insurrectionists storming the U.S. Capitol expressing their anger as they laid bombs the night before, breached barriers, assaulted police, shat on the floor, stole equipment while hunting for the House Speaker and the Vice President in order to kill them. Multiple people died as a result of the insurrection.

Anyhow, this chap at Twitter noted the point at which this weaponization of free speech should be addressed to prevent the predictable overreach into violence, when Popper’s Paradox is optimally preempted.

The venue needs to deal with the hate speech as soon as it arrives with its hair neatly combed wearing a button down with an insignia-covered tie. Cut it off in the whitewashed alt-right larval form; grab the club and set on on the bar top long before the Nazi must be punched. That’s when the effort is most effective; that’s when you can still fight and eliminate the emerging Nazis.

Unfortunately, Elon Musk figured out how to get inside this OODA loop.

He bought the bar. He was simply faster at doing this than Paul Singer was back in 2019.

And now the once-beloved shitty crustpunk bar which many of us could comfortably call home is now a goddamned Nazi pub.

The longer you stay there, the more that shit rubs off on you: you’re one of the Nazi watering hole’s patrons.

You’re a Nazi by association.

~ 2 ~

Jack Dorsey is a crypto Nazi. He’s been encouraging Musk for some time, and now he’s nudging him to take all remaining restraints off the Nazis Musk has already freed, including insurrectionists like Roger Stone. “[M]ake everything public now,” which will allow right-wing propagandists to run amok and distort past moderation decisions.

The way Twitter responded to Trump’s racist crap back when Dorsey was at the helm should have been clue enough; the donation Twitter made to the ACLU was just whitewash, the few hundred thousand a feint when Musk would spend billions to upend the entire place to free his Nazi fanbois’ speech.

Dorsey tried to play both sides but it was ultimately easier to let his buddy Musk strip away the veil. Or hood, if you’d prefer.

Bari Weiss is a Nazi apologist who thinks she can escape what Nazis do by being their handmaid, carrying Nazis’ water, chopping their wood for them.

All the Musk fanbois who are Oh-My-God-Twitter-Moderated, amplified in turn by Fox News in the wake of Musk euphemistically ‘exiting’ Twitter’s counsel? Nazis.

And of course there are the Nazis Musk let back in the bar, putting out the Welcome mat for them.

They’re all hanging at the Nazi bar Musk bought in order to make sure Nazis had a cozy place to call home because Gab, Parler, and Truth Social don’t have the commercial cachet to realistically achieve any level of social and economic success.

The financiers who either bought stock or loaned Musk money are likewise good with Nazism. It’s not a stretch to see how three Middle Eastern fossil fuel producing countries might want to destabilize the U.S. by normalizing Nazis in American right-wing culture.

This normalization which heightens internal conflict is to them not a failure.

So long as the American left and center are preoccupied with fighting Nazis, they’ll have less wattage to undermine stultifying fossil fuels to the benefit of alternative energy development.

No idea what the hell Oracle’s CEO Larry Ellison was thinking by loaning Musk money to buy Twitter. We can only rely on first principles and allow his actions to convey exactly what they look like: Ellison wanted a chunk of Nazi bar action.

That goes for all the other investors who loaned Musk money for Twitter.

Remember that social success may mean their ideas as noxious as they are gain what has been a mainstream platform used by this country’s largest media outlets — they are legitimized by proximity.

Remember that economic success may mean benefits other than those obtained by Twitter’s profitability. Like stifling discussion about alternatives to oil. Or disrupting conversations about open source, open data, open systems in the case of a proprietary database corporation’s CEO. Or thwarting changes to tax code which may affect billionaires by throttling communications by elected representatives who’d like to pass a tax increase on the 1%.

$44 billion for a Nazi bar might be a bargain.

~ 1 ~

This is when it gets – and already has been – dicey for advertisers.

Because they’re buying ad space from a Nazi bar, to be shown in a space where their brands appear cheek-and-jowl with Nazis.

The back and forth between Musk and Apple about Apple’s ad buys shouldn’t fool anyone. Apple doesn’t want to leave Nazi money on the table.

I say this with great disgust and a letter to the board of directors because I own Apple stock and the cost to buy Twitter would have been chump change to Apple.

It would have been more valuable to have access to a big chunk of the Android market’s users for advertising purposes while preventing damage to Apple’s brand if Apple had stepped up this past March after Musk’s stake in Twitter became public. Just whip out some cash and cut off the incipient Nazi bar.

But no, Apple fucked up.

Instead of making a values-based statement about its products and service the way they would have in the past, they’ve remained silent too long as Musk taunted them about free speech and nagged them about advertising buys.

The company that literally smashed the iconography of then-giant IBM in 1984 and Microsoft to follow, the company which was the first to be valued at a trillion dollars and subsequently two trillion, has been tippy-toeing around a fucking Nazi bar owner tweaking its nose.

What’s really even more egregious: while Musk is trash talking Apple and Apple responds in a way totally unlike one of the wealthiest and most creative on earth should, Musk is using Apple and refusing to compensate the corporation for it.

He just jacked up from $8 to $11 a month the price of Twitter Blue, the subscription service with verification to be available only to Apple iOS users, so that he passes on the fee Apple charges for listing in its app store.

In other words, Musk expects Apple to validate every Twitter Blue account by virtue of being an iPhone or iPad user with access to the Apple app store.

And he’s not going to pay Apple one goddamned cent for this validation service.

Meanwhile, Apple will continue to look Nazi-adjacent in Musk’s Nazi bar.

I hate that I’m going to trash my own retirement account saying this; I have a big chunk of my portfolio in Apple stock.

But I hate even more that Apple — which could have afforded to buy Twitter without going to other lenders as Musk did — is fucking up so badly and torching its brand by advertising in a Nazi bar and allowing a Nazi bar to profit off its hard work.

If Google ever figures out how to do microblogging, they may yet eat Apple’s lunch if they can stay clear of the Nazi bar and avoid Musk’s predatory moochery.

~ 0 ~

Yeah, I know — people I know, care about, and even in some cases love are still using Twitter.

You don’t need to know any longer what it was like in the 1930s before Kristallnacht, before the Reichstag fire. This is what it looked like, all the rationalizations, all the denialism, all the lingering doubts about whether it’s better to remain and hold the space, stay and fight, or walk away even as people fled Germany for safety.

The fight’s done, though.

Think about it: what happens to you when you get into a fight inside a Nazi bar?

There are other bars. Some of them are shitty, some crusty, some punk. One of them may only need you to make it a shitty crustpunk bar.

Maybe even one with a surly bartender who clearly hates you but still keeps a hand on their bat for Nazis.

Google at Temple: Did DOJ Follow Its New Guidelines on Institutional Gags?

On October 19, 2017, DOJ issued new guidelines on default gag orders under the Stored Communications Act. It required that prosecutors “conduct an individualized and meaningful assessment requiring the need for protection from disclosure prior to seeking” a gag “and only seek an order when circumstances require.” Sometime after that, in association with its investigation of leaks about Carter Page, DOJ sought Ali Watkins’ call records, including her email subscriber records from when she was an undergraduate at Temple.

Under Justice Department regulations, investigators must clear additional hurdles before they can seek business records that could reveal a reporter’s confidential sources, such as phone and email records. In particular, the rules require the government to have “made all reasonable attempts to obtain the information from alternative, non-media sources” before investigators may target a reporter’s information.

In addition, the rules generally require the Justice Department to notify reporters first to allow them to negotiate over the scope of their demand for information and potentially challenge it in court. The rules permit the attorney general to make an exception to that practice if he “determines that, for compelling reasons, such negotiations would pose a clear and substantial threat to the integrity of the investigation, risk grave harm to national security, or present an imminent risk of death or serious bodily harm.”

Top Justice Department officials must sign off on any attempt to gain access to a journalist’s communications records.

It is not clear whether investigators exhausted all of their avenues of information before confiscating Ms. Watkins’s information. She was not notified before they gained access to her information from the telecommunications companies. Among the records seized were those associated with her university email address from her undergraduate years.

This request would almost certainly not have been presented to Temple University. It would have been presented to Google, which provides email service for Temple. At least, that’s what appears to have happened in the case of Professor Xiaoxiang Xi in DOJ’s investigation of him for carrying out normal academic discussions about semiconductors with colleagues in China.

Thus far (as reflected here with the NYT coverage), the focus on whether DOJ followed its own regulations pertains to whether they followed guidelines on obtaining the records of a journalist. But the circumstances surrounding their request for Temple records should focus as much attention on whether the government followed its brand new regulations on imposing gags even when obtaining records from an institutional cloud customer like Temple.

The new guidelines were adopted largely in response to a challenge from Microsoft on default, indefinite gags. While few noted it at the time, what Microsoft most worried about was its inability to give its institutional customers notice their records had been subpoenaed. That meant that certain kind of cloud customers effectively gave up a legal right to challenge legal process by outsourcing that service to Microsoft. Microsoft dropped its suit to legally force this issue when DOJ adopted the new guidelines last year. Best as I understand, those guidelines should have governed whether Google could tell Temple that DOJ was seeking the records of a former student.

So it’s not just that DOJ didn’t give Watkins an opportunity to challenge this subpoena, but also whether they gagged Google from telling Temple, and providing Temple the opportunity to challenge the subpoena on academic freedom grounds.

Given how they treated Xi, it’s unlikely Temple would have done much to protect their former student. But some universities — and other institutions with special First Amendment concerns that use Microsoft or Google for their email service — might. They can only do so, however, if DOJ doesn’t obtain frivolous gags to prevent them from doing so.

On 702, NSA Wants to Assure You You’re Not a Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target Target

NSA just released a touchy-feely Q&A, complete with a touchy-feely image of the NSA, explaining “the Impact of Section 702 on the Typical American.”

I shall now shred it.

First note that this document deals with 702? It should be dealing with Title VII, because the entire thing gets reauthorized by 702 reauthorization. That means Sections 704 and 705(b), which are used to target Americans, will be reauthorized. And they have had egregious problems in recent years (even if the problems only affect some subset of around 300 Americans). Sure, Paul Manafort and Carter Page are not your “typical” Americans, but abuses against them would be problematic for reasons that could affect Americans (not least that they could fuck up the Mueller probe if FISA disclosure for defendants weren’t so broken).

The piece starts by talking about how the IC uses 702 to “hunt” for information on “adversaries,” which it suggests include terrorists and hackers.

The U.S. Intelligence Community relies on Section 702 of the Foreign Intelligence Surveillance Act in the constant hunt for information about foreign adversaries determined to harm the nation or our allies. The National Security Agency (NSA), for example, uses this law to target terrorists and thwart their plans. In a time of increasing cyber threats, Section 702 also aids the Intelligence Community’s cybersecurity efforts.

Somehow, it neglects to mention the foreign government certificate — which can target people who aren’t “adversaries” at all, but instead foreign muckety mucks we want to know about — or the counterproliferation certificate — which can target businesses of all kinds that deal in dual use technologies. Not to mention the SysAdmins that it might target for all these purposes.

The piece then lays out in two paragraphs and six questions (I include just one below) the basic principles that 702 can only “target” foreigners overseas.

Under Section 702, the government cannot target a U.S. person anywhere in the world, or any person located in the United States.

Under Section 702, NSA can target foreigners reasonably believed to be located outside the United States only if it has a basis to believe it will acquire certain types of foreign intelligence information that have been authorized for collection.

[snip]

Q: Can I, as an American, be the target of Section 702 surveillance?

A: No. As an American citizen, you cannot be the target of surveillance under Section 702. Even if you were not an American, you could not be targeted under Section 702 if you were located in the United States.

Effectively, this passage might as well say, “target target target target target target target target target target
target target target target target target target target target,” which is how many times (19) the word is used in the touchy-feely piece. The word “incidental” appears just once, where it entertains what happens if one of “Mary’s” foreign relatives were in a terrorist organization.

Q: One of Mary’s foreign relatives in South America is a member of an international terrorist group. Could Mary’s conversations with that relative be collected under Section 702?

A: Yes, it’s possible, if the U.S. government is aware of the relative’s membership in a terrorist group and the relative is one of the 106,000 targets under Section 702. However, even if this scenario occurred, there would still be protections in place for Mary, a U.S. citizen, if her conversations with that target were incidentally intercepted. For example:

U.S. intelligence agencies’ court-approved minimization procedures are specifically designed to protect the privacy of U.S. persons by, among other things, limiting the circumstances in which NSA can include the identity of a U.S. person in an intelligence report. Moreover, even where those procedures allow the NSA to include the identity of a U.S. person in an intelligence report, NSA frequently substitutes the U.S. person identity with a generic phrase or term, such as “U.S. person 1” or “a named U.S. person.” NSA calls this “masking” the identity of the U.S. person.

There are also what’s known as “age-off requirements”: After a certain period of time, the IC must delete any unminimized Section 702 information, regardless of the nationality of the communicants.

I guess the NSA figured if they used “Fatima,” whose relatives were in Syria, this scenario would be too obvious?

Yet in this, the only discussion of “incidental” collection, the NSA doesn’t explain how it is used — for example to find informants (meaning Fatima might be coerced into informing on her mosque if she discussed her tax dodging with her cousin) or to find 2nd degree associates (meaning Fatima’s friend in the US, Mohammed, might get an FBI visit because Fatima’s cousin in Syria is in ISIS). It also doesn’t explain that the “age-off” is five years, if Fatima is lucky enough to avoid having the FBI deem her conversations with her cousin in Syria interesting. If not, the data will sit on an FBI server for 30 years, ready to provide an excuse to give Fatima extra attention next time some bigot gets worried because he sees her taking pictures at Disney World.

Curiously, while the NSA doesn’t address the disproportionate impact of 702 on Muslims, it does pretend to address the disproportionate impact on Asians or their family members — people like like Xiaoxiang Xi and Keith Gartenlaub.

Q: Could the government target my colleague, who is a citizen of an Asian country, as a pretext to collect my communications under Section 702?

A: No. That would be considered “reverse targeting” and is prohibited.

Thanks to Ron Wyden, we know how cynically misleading this answer is. He explained in the SSCI 702 reauthorization bill report that the government may,

conduct unlimited warrantless searches on Americans, disseminate the results of those searches, and use that information against those Americans, so long as it has any justification at all for targeting the foreigner.

Effectively, the government has morphed the “significant purpose” logic from the PATRIOT Act onto 702, meaning collecting foreign intelligence doesn’t have to be the sole purpose of targeting a foreigner; learning about what an American is doing, such as a scientist engaging in scientific discussion, can be one purpose of the targeting.

After dealing with unmasking, the NSA then performs the always cynical move of asking whether the NSA can query US person content.

Q: Can NSA use my information to query lawfully collected 702 data?

A: NSA can query already lawfully collected Section 702 information using a U.S. person’s name or identifier (such as an e-mail account or phone number) only if the query is reasonably designed to identify foreign intelligence information.

However, a U.S. person is still afforded protection. The justification for the query must be documented. The process for conducting a query is also subject to internal controls. Such queries are reviewed by the Department of Justice and the Office of the Director of National Intelligence to ensure they meet the relevant legal requirements. Additionally, if the query was subsequently identified as being improper, it would be reported to the Foreign Intelligence Surveillance Court and to Congress.

This passage is absolutely correct. But also absolutely beside the point, because NSA sends a significant chunk of its collection to the FBI where it can be searched to assess leads and search for evidence of crimes, and where queries get nowhere near the kind of oversight that NSA queries get.

Then the piece tries to explain the need for all the secrecy.

Q: Terrorists aim to hurt Americans and our allies, so why doesn’t the Intelligence Community share more Section 702 information about how the IC goes after them?

A: The Intelligence Community has dramatically enhanced transparency, especially regarding its implementation of Section 702. Thousands of pages of key documents have been officially released, and are available on IC on the Record. The public has more information than ever before on how the IC uses this critical foreign surveillance authority. That said, the IC must continue to protect classified information. This includes specifics on whether or not it has collected information about any particular individual.

If terrorists could find out that NSA had intercepted their communications, terrorists would likely change their communications methods to avoid further detection.

This is, partly, a straw man. People aren’t really asking to know NSA’s individual targets. They’re asking to know whether the government has back doored their iPhones via demands under FISA, or whether the NSA is collecting on the 430,000 Americans that use Tor every day, or if they’re also using this “foreign intelligence” collection program to hunt Americans buying drugs on Dark Markets or even BLM activists that our racist Attorney General has deemed a threat to national security. And in the name of keeping secrets from terrorists (who actually have the feedback mechanism of observing what gets their associates drone-killed to learn what gets collected), the government is refusing to admit that the answer to all those questions is yes: yes, the government has back doored our iPhones, yes, the government is spying on the 430,000 Americans that use Tor, and yes, for those who use Tor to buy drugs, they may even use 702 data to prosecute you.

Finally, the NSA pretends that everyone else in the world has a program just like this.

Q: Is the U.S. government the only one in the world with intercept programs like 702?

A: No. Many other countries have intelligence surveillance intercept programs, nearly all of which have far fewer privacy protections. Section 702 and its supporting policies and practices stand out in terms of strength of oversight, privacy protections, and public transparency.

It is true that other countries have “intercept programs,” but with the exception of China and Russia’s access to domestic Internet companies, no other country has a program “like 702” that, by virtue of the United States hosting the world’s most popular Internet companies, gives the US the luxury of spying on the rest of the world using a nice note to Google rather than having to hack users individually (or hack all users, as Russia did with Yahoo).

So, yes, the NSA has now offered a picture of itself, literally and metaphorically, that minimizes the scope, the thousands of spies it employs, and the reach, both domestic and global. But it’s a profoundly misleading picture.

PureVPN Doesn’t Need to Keep Logs Given How Many Google Keeps

There’s a cyber-stalking case in MA that has a lot of people questioning whether or not VPNs keep serial cyber-stalkers safe from the FBI. In it, Ryan Lin is accused of stalking a former roommate, referred to by the pseudonym Jennifer Smith in the affidavit, as well as conducting some bomb hoaxes and other incidences of stalking (if these accusations are true he’s a total shithole with severe control problems).

Because the affidavit in the case refers to tying Lin’s usage to several VPNs, it has been read to confirm that PureVPN, especially, has been keeping historic logs of users, contrary to their public claims. To be clear: you can never know whether a VPN is honest about keeping logs or not, and simply having a VPN on your computer might provide means of compromise (sort of like an anti-virus), that makes you more vulnerable. But I don’t think the affidavit, by itself (particularly with a great deal of the evidence in the case still hidden), confirms PureVPN is keeping logs. Rather, I think the account matching described in the affidavit says the FBI could have identified which VPNs Lin used via orders to Google, Facebook, and other tech companies, and using that, obtained a pen register on PureVPN collecting prospective traffic. I don’t think what is shown proves that FBI obtained historic logs (though it doesn’t disprove it either).

One thing to understand about this case is that Lin would have been the suspect right from the start, because his stalking started while he still lived with Smith, and intensified right after his roommates got him evicted. Plus, some of his stalking of Smith and others involved his real social media accounts. That means that, at a very early stage in this investigation, FBI would have been able to get all this information from Google and Facebook, which his victims knew he used.

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers);
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as [] the accounts listed in Part 1; and Records of any accounts that are linked to either of the accounts listed in Part 1 by machine cookies (meaning all Google user IDs that logged into any Google account by the same machine as [] the accounts in Part 1). [my emphasis]

So very early in the investigation (almost certainly 2016), the FBI would have started obtaining every IP address that Lin was using to access Google and Facebook, and any accounts tied to the IP addresses used to log into his known accounts.

Instragram IDs WAN usage

Now consider the different references to VPNs in the affidavit. First, in February 2017, Lin registered a new Instagram account via WAN Security, one of the three VPNs listed.

February 2017: Lin registers Instagram account via WAN Security, also uses it to send email from [email protected] to local police department

That would mean that from the time FBI learned he used WAN to register with Instagram, the FBI would have known he used that service, and probably would have a very good idea which WAN server he default logged into.

Gmail ties WAN usage to other pseudonymous accounts

Then, FBI tracked April 2017 activity to connect Lin to an anonymous account at a service called Rover that he used to stalk people.

  • April 14, 2017, 14:55:52: Lin’s Gmail address accessed from IP address tied to WANSecurity server
  • April 14, 2017, 15:06:27: “Ashley Plano,” using [email protected], accessed Rover via same WANSecurity server
  • April 17, 2017, 21:54:25: “Ashley Plano” accesses Rover via Secure Internet server
  • April 17, 2017, 23:19:12: Lin’s Gmail address accessed via same Secure Internet server
  • April 18, 2017, 23:48:28: Lin’s Gmail address accessed via same Secure Internet server
  • April 19, 2017, 00:30:11: Ashley Plano account accessed via same Secure Internet server
  • April 24, 2017 (unspecified times): Lin’s Gmail and [email protected] email account accessed via same Secure Internet server

The WAN Security usage would have been accessible from Lin’s Gmail account (and would have been known since at least February). A subpoena to Rover after reports it was used for stalking would have likewise shown the WAN Security usage and times (assuming their logs are that detailed).

The Secure Internet use would have likewise shown up in his Gmail usage. Matching that to the Rover logs would have been the same process as with the WAN Security usage. And matching Lin’s known Gmail to his (alleged) pseudonymous teleportx email would have been done by Google itself, matching other accounts accessed by the IP Lin used (though they would have had to weed out other multiple Secure Internet server users).

In other words, this stuff could have come — and almost certainly did — from 2703(d) order returns available with a relevance standard, probably starting months before this activity.

Work computer confirms PureVPN usage, may provide account number

Then there’s this information, tying Lin’s work computer to PureVPN.

July 24, 2017: Lin fired by his unnamed software company employer — he asks, but is denied, to access his work computer to sign out of accounts

August 29, 2017: FBI agents find “Artifacts indicat[ing] that PureVPN, a VPN service that was used repeatedly in the cyberstalking scheme, was installed on the computer.”

What is not mentioned here is whether the “artifact” that showed Lin, like a fucking moron, loaded PureVPN onto his work computer also included him loading his PureVPN account number onto the computer. I think the vagueness here is intentional — both to keep the information from us and from Lin (at least until he signs a protection order). I also think this discussion, while useful for establishing probable cause to search his house, is also a feint. I suspect they already had Lin tied to PureVPN, and probably to a specific account there.

FBI’s not telling when and how they IDed Lin’s PureVPN usage, but Google would have had it

Which leads us to this language, which is the stuff that has everyone wigged out about PureVPN keeping logs.

Further, records from PureVPN show that the same email accounts–Lin’s gmail account and the teleportfx gmail account–were accessed from the same WANSecurity IP address. Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time.

[snip]

PureVPN also features prominently in the cyberstalking campaign, and the search of Lin’s workplace computer showed access of PureVPN.

Unlike almost every reference in this affidavit, there’s no date attached to this knowledge. It appears after the work computer language, leaving the impression that the knowledge came after the work computer access. But particularly since FBI alleges Lin used PureVPN for a lot of his stalking, they probably were looking at PureVPN much earlier.

One thing is certain: FBI could have easily IDed a known PureVPN server accessing Lin’s Gmail account and the teleportfx one FBI identified at least as early as April, months before finding PureVPN loaded onto his work computer.

The FBI doesn’t say which victims Lin accessed via PureVPN or when, only that it figured prominently. It does say, however, that PureVPN identified use from both Lin’s home and work addresses.

Most importantly, FBI doesn’t say when they asked PureVPN about all this. Nothing in this affidavit rules out the FBI serving PureVPN with a PRTT to track ongoing usage tied to Lin’s known accounts (rather than historical usage tied to them). Mind you, there’s nothing to rule out historical logs either (as the affidavit also notes, Lin at one point tweeted something indicating knowledge that VPNs will at least keep access information tied to users).

Here’s the thing, though: if you’re using the same Gmail account tied to the same home IP to access three different VPN providers, often on the same day, your VPN usage is going to be identified from Google’s extensive log keeping. It is an open question what the FBI can do with that knowledge once they have it — whether they can only collect prospective information or whether a provider is going to have some useful historical knowledge to share. But the FBI didn’t need historic logs from PureVPN to get to Lin.

Why Did Google Miss a Lot of Users Affected by FISA?

There’s been some bad news in the transparency reports issued by America’s tech companies thus far. First, Apple revealed a huge spike in FISA requests.

the number of national security orders, including secret rulings from the Foreign Intelligence Surveillance Court, spiked during the period.

The company received between 13,250 and 13,499 national security orders, affecting between 9,000 and 9,249 accounts.

That’s a threefold increase compared to the year earlier, which saw up to 2,999 orders for the period.

It’s the largest number of national security orders that Apple has ever reported in five years of publishing transparency reports.

My guess is this reflects increasing reliance on requests to Apple to obtain information that would otherwise be encrypted (it might even suggest Apple was forced to put a back door into their phones, though there has been no declassified FISC opinion that would reflect that, so I doubt that’s it). I’m wondering, because of the change Apple just made in iOS 11 that requires passwords before a phone trusts a computer, whether Apple has been asked to turn over backups of iPhones shared to iTunes, but that’s admittedly a wildarseguess.

Then, in addition to an new high in standard government information requests, Google also revised its previously issued national security request numbers to reflect (on the most part) significantly more users and/or accounts affected (CNet reported this here).

At first I thought this might reflect either the two-year delayed reporting on new services being requested or delayed collection off an original target (which might happen if someone commented, four years later, on a YouTube video posted by an account being tasked).  And while some combination of those might be involved, Google claims this was an inadvertent undercounting

We’ve also posted updated figures for the number of users/accounts impacted by Foreign Intelligence Surveillance Act (FISA) requests for content in previous reporting periods. While the total number of FISA content requests was reported accurately, we inadvertently under-reported the user/account figures in some reporting periods and over-reported the user/account figures in the second half of 2010. The corrected figures are in the latest report and reflected on our visible changes page. [my emphasis]

Which suggests it may instead pertain to uncertainty — on the part of the government, especially — of which selectors relate to a natural person.

As I have noted, in the government’s own transparency reporting, they provide estimated numbers of targets for both 702 and traditional FISA. The reason they can only provide estimates is almost certainly because for both authorities (and for much of NSA’s 12333 targeting) they’re targeting selectors of interest, only some of which they’ve tied to a known person’s identity. And it’s likely they have selectors that are interesting because of their contacts and other behaviors that belong to already known targets using other selectors.

I provided some background on why this is the case in this post on changes in the reporting provisions the 2015 version of USA Freedom Act.

First, the reporting provisions as a whole move from tracking “individuals whose communications were collected” to “unique identifiers used to communicate information.” They probably did that because they don’t really have a handle on which of the identifiers all represent the same natural person (and some aren’t natural persons), and don’t plan on ever getting a handle on that number. Under last year’s bill, ONDI could certify to Congress that he couldn’t count that number (and then as an interim measure I understand they were going to let them do that, but require a deadline on when they would be able to count it). Now, they’ve eliminated such certification for all but 702 metadata back door searches (that certification will apply exclusively to CIA, since FBI is exempted). In other words, part of this is just an admission that ODNI does not know and does not planning on knowing how many of the identifiers they target actually fit together to individual targets.

But since they’re breaking things out into identifiers now, I suspect they’re unwilling to give that number because for each of the 93,000 targets they’re currently collecting on, they’re probably collecting on at least 10 unique identifiers and probably usually far, far more.

Just as an example (this is an inapt case because Hassanshahi, as a US person, could not be a PRISM target, but it does show the bare minimum of what a PRISM target would get), the two reports Google provided in response to administrative subpoenas for information on Shantia Hassanshahi, the guy caught using the DEA phone dragnet (these were subpoenas almost certainly used to parallel construct data obtained from the DEA phone dragnet and PRISM targeted at the Iranian, “Sheikhi,” they found him through), included:

  • a primary gmail account
  • two secondary gmail accounts
  • a second name tied to one of those gmail accounts
  • a backup email (Yahoo) address
  • a backup phone (unknown provider) account
  • Google phone number
  • Google SMS number
  • a primary login IP
  • 4 other IP logins they were tracking
  • 3 credit card accounts
  • Respectively 40, 5, and 11 Google services tied to the primary and two secondary Google accounts, much of which would be treated as separate, correlated identifiers

So just for this person who might be targeted under the new phone dragnet (though they’d have to play the same game of treating Iran as a terrorist organization that they currently do, but I assume they will), you’d have upwards of 15 unique identifiers obtained just from Google. And that doesn’t include a single cookie, which I’ve seen other subpoenas to Google return.

In other words, one likely reason the IC has decided, now that they’re going to report in terms of unique identifiers, they can’t report the number of identifiers targeted under PRISM is because it would make it clear that those 93,000 targets represent, very conservatively, over a million identifiers — and once you add in cookies, maybe a billion identifiers — targeted. And reporting that would make it clear what kind of identifier soup the IC is swimming in.

Here’s another list of the kinds of identifiers the government seeks with just a 2703(d) order (remember, under PRISM, the government would get both this list of the identifiers, as well as the content or other activity, including location data, tied to the identifiers).

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers);
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part 1; and Records of any accounts that are linked to either of the accounts listed in Part 1 by machine cookies (meaning all Google user IDs that logged into any Google account by the same machine as either of the accounts in Part A).

But for PRISM requests (as opposed to the new phone dragnet implemented in 2006), this works in reverse, with the government providing long lists of identifiers it wants to task, which may or may not reflect groupings using NSA’s own correlation process into identifiable targets. While the government surely asks for all Google content knowingly tied to all accounts of a known identifier (so, for example, if the government tasked “emptywheel” they also might get random Google accounts I set up under different names years ago, as well as accounts they connect by common use of the same cookie), it’s possible the government submits selectors believing they belong to the same person when in fact they are separate individuals.

Particularly once you’re tying collection to an IP address, it’s likely you’ll get multiple people off the same selector. And it may take Google some time to sort all that out. So that’s my guess of what’s going on: the change in numbers reflects the degree of uncertainty — even for Google! — regarding how many people are actually being targeted here.

 

That said, given the obviously different methodologies in counting these numbers, it may also work the other way. That is, Google may at first believe it has just turned over the data for, say, 10 of a user’s Google services, only to later realize it has also provided content or ad profile or Google map location data or Google pay.

Whatever it is, it is telling that even Google (!!!) can’t track how many targets FISA collection involves in real time.

Twitter Asked to Tell Reality Winner the FBI Had Obtained Her Social Media Activity

Last week, the Augusta Chronicle reported that the government had unsealed notice that it had obtained access to Reality Winner’s phone and social media metadata. Altogether, the government obtained metadata from her AT&T cell phone, two Google accounts, her Facebook and Instagram accounts, and her Twitter account. Of those providers, it appears that only Twitter asked to tell Winner the government had obtained that information. The government obtained the 2703(d) order on June 13. On June 26, Twitter asked the FBI to rescind the non-disclosure order. In response, FBI got a 180-day deadline on lifting the gag; then on August 31, the FBI asked the court to unseal the order for Twitter, as well as the other providers.

The applications all include this language on Winner’s use of Tor, and more details about using a thumb drive with a computer last November.

During the search of her home, agents found spiral-bound notebooks in which the defendant had written information about setting up a single-use “burner” email account, downloading the TOR darkweb browser at its highest security setting, and unlocking a cell phone to enable the removal and replacement of its SIM card. Agents also learned, and the defendant admitted, that the defendant had inserted a thumb drive into a classified computer in November 2016, while on active duty with the U.S. Air Force and holding a Top Secret/SCI clearance. The defendant claimed to have thrown the thumb drive away in November 2016, and agents have not located the thumb drive.

Given that the FBI applied for and eventually unsealed the orders in all these cases, it provides a good way to compare what the FBI asks for from each provider — which gives you a sense of how the FBI actually uses these metadata requests to get a comprehensive picture of all the aliases, including IP addresses, someone might use. The MAC and IP addresses, in particular, would be very valuable to identify any of her otherwise unidentified device and Internet usage. Note, too, that AT&T gets asked to share all details of wire communications sent using the phone — so any information, including cell tower location, an app shares with AT&T would be included in that. AT&T, of course, tends to interpret surveillance requests broadly.

Though note: the prosecutor here pretty obviously cut and paste from the Google request for the social media companies, given that she copied over the Google language on cookies in her Twitter request.

AT&T

AT&T Corporation is required to disclose the following records and other information, if available, to the United States for each Account listed in Part I of this Attachment, for the time period beginning June 1, 2016, through and including June 7, 2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses. Electronic Serial Numbers (“ESN”), Mobile Electronic Identity Numbers (“MEIN”), Mobile Equipment Identifier (“MEID”), Mobile Identification Numbers (“MIN”), Subscriber Identity Modules (“SIM”), Mobile Subscriber Integrated Services Digital Network Number (“MSISDN”), International Mobile Subscriber Identifiers (“IMSl”), or International Mobile Equipment Identities (“IMEI”));
7. Other subscriber numbers or identities (including the registration Internet Protocol (“IP”) address); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to wire and electronic communications sent from or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers), and including information regarding the cell towers and sectors through which the communications were sent or received.

Records of any accounts registered with the same email address, phone number(s), or method(s) of payment as the account listed in Part I.

Google

Google is required to disclose the following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”), for the time period beginning June 1, 2016, through and including June 7,2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers);
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part 1; and Records of any accounts that are linked to either of the accounts listed in Part 1 by machine cookies (meaning all Google user IDs that logged into any Google account by the same machine as either of the accounts in Part

Facebook/Instagram

Facebook, Inc. is required to disclose tbe following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”),
for the time period beginning June 1, 2016, through and including June 7, 2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Intemet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Intemet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Intemet Protocol addresses;
2. Information about each communication sent or received by tbe Account, including tbe date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers). Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address as either of the accounts listed in Part I; and
3. Records of any accounts that are linked to either of the accounts listed in Part I by machine cookies (meaning all Facebook/Instagram user IDs that logged into any Facebook/Instagram account by the same machine as either of the accounts in Part I).

Twitter

Twitter, Inc. is required to disclose the following records and other information, if available, to the United States for each account or identifier listed in Part 1 of this Attachment (“Account”), for the time period beginning June 1,2016, through and including June 7,2017:

A. The following information about the customers or subscribers of the Account:
1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Local and long distance telephone connection records;
4. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol (“IP”) addresses) associated with those sessions;
5. Length of service (including start date) and types of service utilized;
6. Telephone or instrument numbers (including MAC addresses);
7. Other subscriber numbers or identities (including temporarily assigned network addresses and registration Internet Protocol (“IP”) addresses (including carrier grade natting addresses or ports)); and
8. Means and source of payment for such service (including any credit card or bank account number) and billing records.

B. All records and other information (not including the contents of communications) relating to the Account, including:
1. Records of user activity for each connection made to or from the Account, including log files; messaging logs; the date, time, length, and method of connections; data transfer volume; user names; and source and destination Internet Protocol addresses;
2. Information about each communication sent or received by the Account, including the date and time of the communication, the method of communication, and the source and destination of the communication (such as source and destination email addresses, IP addresses, and telephone numbers).
3. Records of any accounts registered with the same email address, phone number(s), method(s) of payment, or IP address the account listed in Part I; and
4. Records of any accounts that are linked to the account listed in Part I by machine cookies (meaning all Google [sic] user IDs that logged into any Google [sic] account by the same machine as the account in Part I).

Wednesday: Feliz Dia de los Muertos — Happy Day of the Dead!

In this Day of the Dead roundup: World Series Game 7, Rule 41, AT&T and net neutrality, Google spanks Microsoft, Slack smacks.

Happy All Saints’ Day Two — the second day of observation through Latin America as el Dia de los Muertos.

Was thinking of death and dying when I saw a post about one of my favorite movie soundtracks by one of my favorite contemporary composers. The Fountain, composed by Clint Mansell, was released today on vinyl. The 2006 film directed by Darren Aronofsky may not be everybody’s cup of tea, but the score surely must have wider appeal. The score features collaborative work of the contemporary classical chamber group Kronos Quartet and post-rock quartet Mogwai. The former provides most of the string work and the latter most of the rhythm, melding into some truly haunting music.

I think The Fountain is some of Mansell’s finest work; it was nominated for multiple awards including a Golden Globe. But do check out some of Mansell’s other film work, including that for Requiem for a Dream (especially the cut Lux Aeterna) and Black Swan. Stoker did not receive the recognition it should have; its presence is another character in the film. Granted, Mansell’s score for Stoker was only part of a soundtrack featuring other artists’ compositions.

World Series – Great Lakes Edition
So Game 7 is underway. I’d rather see Chicago Cubs up against Detroit Tigers, but the summer kitties let me down. I’m hoping for a Cubs win just because. What about you?

Cyber-y stuff

  • Less than a month before Rule 41 deadline (ZDNet) — Congress has diddled around after the Supreme Court created a potentially awful opportunity for law enforcement overreach. I can’t even imagine the foreign policy snafus this could create, let alone the fuckups which could happen from searching machines with spoofed identities and locations. I can think of a case where a political entity plopped on an IP address belonging to a major corporation — now imagine some huckleberry charging into that situation. FIX THIS, CONGRESS.
  • That’s not the airport, that’s the Kremlin! (MoscowTimes) — Speaking of spoofed identities, apparently the Kremlin’s location has been masked by a beacon emitting the GPS and GLONASS geolocation coordinates for the Vnokovo airport to prevent drones from snooping. An interesting bit, this…I wonder where/when else geolocation coordinates have been spoofed?
  • AT&T ‘zero-rating’ on DirecTV content should be reviewed (WSJ) — Favoring DirecTV — owned by AT&T — by lifting data caps on its content isn’t net neutrality when content streamed from other providers like Netflix does count against data limits.
  • AT&T already in the hot seat with USDOJ on Dodgers’ games (Bloomberg) — USDOJ sued AT&T and DirecTV for colluding with competitors to influence negotiations for Los Angeles Dodgers’ ball games. Imagine what this network will do if it owns content? Definitely not net neutrality — a perfect example of the conflict of interest between ISPs/network carriers and content creators.
  • Google takes Microsoft to the woodshed in full view of public (Threatpost) — I think Google is fed up with Microsoft’s buggy software and slow response which causes Google a mess of heartburn to plug on their end. Google told Microsoft of a new major zero-day vulnerability being actively exploited and then told the public 10 days after they told Microsoft. Apparently, MSFT hadn’t gotten a grip on a fix yet nor issued an advisory to warn users. By the way, guess when the next Patch Tuesday is? Election Day in the U.S. Uh-huh.
  • Slack takes out a full-page ad to welcome/razz Microsoft (WinBeta) — Microsoft is currently working on a competing group communication tool called Team, aimed at Slack’s market share. Slack welcomed the competition and gave MSFT some free pointers. Based on my experience, these pointers will go right over the head of MSFT’s management as they don’t mesh with their corporate culture.

That all for now, off to finish watching the Cubs who are giving it to Cleveland in a really fast-paced game that won’t last much longer at this rate. Must be all that Great Lakes water.

Thursday: Science Fair

In this roundup: Google’s Science Fair, keeping one eye peeled, and odd news.

Featured video here profiles the grand prize winner of Google’s sixth annual science fair. The caliber of work this program yields every year is pretty amazing. I hope Google or its parent Alphabet helps these contestants protect their work from corporate poaching while encouraging them to continue their research. This soil moistener, for example, is something a few companies would like to get their hands on, as orange peels and avocados are surely less expensive than existing superabsorbent polymers (SAPs) currently used as soil moisteners.

What this youngster may not have thought about as she focused on drought-stricken farms, is that SAPs are used in other non-farming products. Diapers in particular use SAPs — and that’s a massive market dwarfing the demand for soil moisteners. Let’s hope this teen’s work does what she wants it to do rather than getting snapped up by mega-corps with other uses for her research.

What I’m watching

Strange/odd news

  • FCC wants search history under your control (Bloomberg) — Big social media firms’ use of your search history is regulated by the FTC. As more telecom/ISPs provide broadband internet services, their access to your search history has not been safe from predatory resale. The FCC wants to protect search history, ensuring it cannot be used by telecom/ISPs and third parties without subscribers’ permission. A vote on this rule is scheduled October 27th. Keep in mind the data from Yahoo’s subscribers is what made it such an appealing buy-out target for telecom Verizon.
  • ‘Fusion’ RNA may not indicate cancer but chimeric tissue (ScienceDaily) — In spite of the way we rely on what we do know, we still don’t know a lot about genetics. This particular study suggests cancer tests relying on detection of ‘fusion’ RNA may not find cancer but chimeric tissue. (This is why I worry about CRISPR technology, but that’s another story.)
  • New study says Tabby’s Star even stranger (Carnegie) — Two researchers from Carnegie Institution and Caltech analyzed data on star KIC 8462852, also known as Tabby’s Star, named for Yale University researcher Tabetha Boyajian. They found the star had indeed dimmed by 14 percent between 1890 and 1989, confirming work by another Louisiana State researcher. The pattern of dimming — slow at first and now rapidly increasing — doesn’t match theories the star has been obstructed by orbiting planets or by a comet swarm. The pattern may support the theory that an advanced life form has built a Dyson sphere to harvest the star’s energy.

Longread: Surprisingly, Max Boot
Boot’s not on my usual list of reads, but this article spells out one of the biggest problems with this election: America is turning into a confederacy of dunces. Having just finished putting my oldest through college and launched my youngest in his freshman year at university, I can agree wholeheartedly that our education system is utterly jacked up. I can tell you from experience that my kids visited state and/or U.S. government three times during their K-12 public schooling, but I know the majority of their cohort did not retain what they learned in a way which will encourage civic understanding and participation. Add a complete lack of statewide and nationwide computer education and our youth are not prepared to make informed decisions about governance using technology to aid their choices. And the GOP, having undermined education for decades with its whining about taxes and spending and teaching to standards, is reaping the harvest of its refusal to do more than the minimum. They’ve insured indoctrination instead of real knowledge. Enjoy your party’s death at Trump’s hands.

¡Ya basta! Hope you are all someplace snug and safe this evening.

Thursday: Alien Occupation

Since I missed a Monday post with a movie clip I think I’ll whip out a golden oldie for today’s post.

This movie — especially this particular scene — still gets to me 37 years after it was first released. The ‘chestburster’ as scene is commonly known is the culmination of a body horror trope in Ridley Scott’s science fiction epic, Alien. The horror arises from knowing something happened to the spacecraft Nostromo’s executive officer Kane when a ‘facehugger’ leapt from a pod in an alien ship, eating through his space helmet, leaving him unresponsive as long as the facehugger remained attached to his face. There is a brief sense of relief once the facehugger detaches and Kane returns to consciousness and normal daily functions. But something isn’t right as the subtle extra scrutiny of the science officer Ash foreshadows at the beginning of this scene.

Director Ridley Scott employed a different variant of body horror in his second contribution to the Alien franchise, this time by way of a xenomorph implanted in her mimicking pregnancy in scientist Shaw. She is sterile, and she knows whatever this is growing inside her must be removed and destroyed or it will kill both her and the remaining crew. The clip shared here and others available in YouTube actually don’t convey the complete body horror — immediately before Shaw enters this AI-operated surgical pod she is thwarted by the pod’s programming for a default male patient. In spite of her mounting panic and growing pain she must flail at the program to enter alternative commands which will remove the thing growing inside her.

I suspect the clips available in YouTube were uploaded by men, or they would understand how integral to Shaw’s body horror is the inability to simply and quickly tell this surgical pod GET THIS FUCKING THING OUT OF ME RIGHT THE FUCK NOW.

I don’t know if any man (by which I mean cis-man) can really understand this horror. Oh sure, men can realistically find themselves host to things like tapeworms and ticks and other creatures which they can have removed. But the horror of frustration, being occupied by something that isn’t right, not normal, shouldn’t continue, putting its host at mortal risk — and not being able to simply demand it should be removed, or expect resources to avoid its implantation and occupation in one’s self? No. Cis-men do not know this terror.

Now imagine the dull background terror of young women in this country who must listen to white straight male legislators demand ridiculous and offensive hurdles before they will consider funding birth control to prevent sexual transmission of Zika, or fund abortions of Zika-infected fetuses which put their mothers at risk of maternal mortality while the fetuses may not be viable or result in deformed infants who’ll live short painful lives. Imagine the horror experienced by 84 pregnant women in Florida alone who’ve tested positive for Zika and are now being monitored, who don’t know the long-term outcomes for themselves or their infants should their fetuses be affected by the virus.

Body horror, daily, due to occupation not only by infectious agents alien to a woman’s body, but occupation by patriarchy.

I expect to get pooh-poohed by men in comments to which I preemptively say fuck off. I’ve had a conversation this week about Zika risks with my 20-something daughter; she turned down an invitation this past week to vacation with friends in Miami. It’s a realistic problem for her should she accidentally get pregnant before/during/immediately following her trip there.

We also talked about one of her college-age friend’s experiences with Guillain–Barré syndrome. It’s taken that young woman nearly three years to recover and resume normal function. She didn’t acquire the syndrome from Zika, but Guillain–Barré’s a risk with Zika infections. There’s too little research yet about the magnitude of the risk — this vacation is not worth the gamble.

But imagine those who live there and can’t take adequate precautions against exposure for economic reasons — imagine the low-level dread. Imagine, too, the employment decisions people are beginning to make should job offers pop up in areas with local Zika transmission.

What’s it going to take to get through to legislators — their own experience of body horror? Movies depicting body horror don’t seem to be enough.

Wheels
Put these two stories together — the next question is, “Who at VW ordered the emissions cheat device from Bosch before 2008?”

Pretty strong incentives for Volkswagen to destroy email evidence. I wonder what Bosch did with their emails?

Self-driving electric cars are incredibly close to full commercialization based on these two stories:

  • Michigan’s state senate bill seeks approval of driverless cars (ReadWrite) — Bill would change state’s code to permit “the motor vehicle to be operated without any control or monitoring by a human operator.” Hope a final version ensures human intervention as necessary by brakes and/or steering wheel. I wonder which manufacturer or association helped write this code revision?
  • California now committed to dramatic changes in greenhouse gas emissions (Los Angeles Times) — State had already been on target to achieve serious reductions in emissions by 2020; the new law enacts an even steeper reduction by 2030 in order to slow climate change effects and improve air quality.

I don’t know if I’m ready to see these on the road in Michigan. Hope the closed test track manufacturers are using here will offer realistic snow/sleet/ice experience; if self-driving cars can’t navigate that, I don’t want to be near them. And if Michigan legislators are ready to sign off on self-driving cars, I hope like hell the NHTSAA is way ahead of them — especially since emissions reductions laws like California’s are banking heavily on self-driving electric cars.

Google-y-do

  • Google’s parent Alphabet-ting on burritos from the sky (Bloomberg) — No. No. NO. Not chocolate, not doughnuts, not wine or beer, but Alphabet subsidiary Project Wing is testing drone delivery of Chipotle burritos to Virginia Tech students? Ugh. This has fail all over it. Watch out anyhow, pizza delivery persons, your jobs could be on the bubble if hot burritos by drone succeed.
  • API company Apigee to join Google’s fold (Fortune) — This is part of a big business model shift at Google. My guess is this acquisition was driven by antitrust suits, slowing Google account growth, and fallout from Oracle’s suit against Google over Java APIs. Application programming interfaces (APIs) are discrete programming subroutines which, in a manner of speaking, act like glue between different programs, allowing programmers to obtain resources from one system for use in a different function without requiring the programmer to have more than passing understanding of the resource. An API producer would allow Google’s other systems to access or be used by non-Google systems.
  • Google to facilitate storage of Drive content at cloud service Box (PC World) — Here’s where an API is necessary: a Google Drive user selects Box instead of Drive for storage, and the API routes the Drive documents to Box instead of Drive. Next: imagine other Google services, like YouTube-created/edited videos or Google Photo-edited images, allowing storage or use by other businesses outside of Google.

Longread: Digitalization and its panopticonic effect on society
Columbia’s Edward Mendelson, Lionel Trilling Professor in Humanities and a contributor at PC Magazine, takes a non-technical look at the effect our ever-on, ever-observing, ever-connected technology has on us.

Catch you later!

Monday: Skate Away

Monday means it’s movie day, and I think this charming little documentary fills the bill. Valley Of A Thousand Hills from Jess Colquhoun looks at Zulu youth participating in a skate camp and the impact on their lives. They’re quite optimistic in spite of limited resources and opportunities. The film left the feeling they’re on the verge of a breakthrough — like these kids could really change global culture if they wanted to. They appear more self-aware and energized than most adults I run into of late.

Wrath of Gods kind of weather

Might be time to brush off that copy of J. G. Ballard’s The Drowned World and ponder a post-apocalyptic future under water. We’ve likely passed the 1.5C degree global warming threshold without any sense of urgency to act on climate change which fuels this wave of flooding.

Sigh-ber

  • Hotels across ten states breached (Reuters) — Hey, now you philanderers have an excuse for that bizarre charge to your room at the Starwood, Marriott, Hyatt, or InterContinental hotel for strawberries, whip cream, and a leather flogger during your last business trip. “It’s just a hacker, honey, that’s all, really…” HEI Hotels & Resorts, the operator of the affected hotels, found the malware in its systems handling payment card data. The malware had been present in the system for roughly 18 months while 20,000 transactions were exposed.
  • Google ‘secretly’ developing a new OS (TechnoBuffalo) — A well-known Linux blogger wrote Google references “Pink + Purple == Fuschia (a new Operating System)” in its Git repository. The two colors are believed to refer to Magenta and LK kernels which Google is using to build a wholly new operating system. Magenta does not have a Wikipedia entry at the time of this post but Googlesource has a brief explainer for Magenta and LK. The two kernels serve different purposes but combined they may be able to operate any device whether small Internet of Things single purpose devices or multi-purpose devices like personal computers. This may be the direction Google has chosen to go rather than fully merge its Chrome OS with Android. The new operating system could also resolve some annoying problems with antitrust regulators if Android is cut loose and managed by an open source consortium, perhaps one established by and aligned with the Open Handset Alliance.
  • Banking malware attacks Android users browsing sites using Google AdSense (SecureList) — The thieves pay for a listing on AdSense, put their malicious ad in the system, and it downloads to an Android device whenever the user reads a website featuring the contaminated ad. Yuck. Use your antivirus app regularly on your Android devices as this nasty thing may pick up your financial information.

Longread: Manners matter?
At Aeon.com, Professor Eleanor Dickey of University of Reading-UK discusses the ‘magic word’ and its use in early democratic society, and its decline with the rise of a hierarchical system in the fourth century BCE. Are we a more or less democratic society based on our current level of societal manners?

Catch you tomorrow if the creek doesn’t rise!