NIST has put its privacy framework (PDF) up for comment again.
Current controversy circles around whether the framework appropriately handles the relationship between privacy and security. Should the framework, for example, even be separate from the cybersecurity framework, or a sub/superset?
Also worth considering is how it will fare with an expansion of the IoT market and the adoption of artificial intelligence.
From a recent interview with Oregon’s Senator Wyden
Mark Zuckerberg has repeatedly lied to the American people about privacy. I think he ought to be held personally accountable, which is everything from financial fines to—and let me underline this—the possibility of a prison term. Because he hurt a lot of people. And, by the way, there is a precedent for this: In financial services, if the CEO and the executives lie about the financials, they can be held personally accountable.
Often in 2018 I made similar suggestions, based on the thought that our security industry would mature faster if a CSO personally can be held liable like a CEO or CFO (e.g. post-Enron SOX requirements):
And at Blackhat this year I met with Facebook security staff who said during the 2016-2017 timeframe the team internally knew the severity election interference and were shocked when their CSO failed to disclose this to the public.
Maybe the Senator putting it all on the CEO today makes some sense strategically…yet also begs the question of whether an “officer” of security was taking payments enough to afford a $3m house in the hills of Silicon Valley while intentionally withholding data on major security breaches during his watch?
Given an appointment of dedicated officer in charge of security, are we meant to believe he was taking a big salary only to be following orders and not responsible personally? Don’t forget he drew press headlines (without qualification) as an “influential” executive joining Facebook, while at the same time leaving Yahoo because he said he wasn’t influential.
To be fair he posted a statement explaining his decision at the time, and it did say that safety is the industry’s responsibility, or his company’s, not his. Should that have been an early warning he wasn’t planning to own anything that went awry?
I am very happy to announce that I will be joining Facebook as their Chief Security Officer next Monday…it is the responsibility of our industry to build the safest, most trustworthy products possible. This is why I am joining Facebook. There is no company in the world that is better positioned to tackle the challenges…
There also is a weird timing issue. The start to the Russian campaign is when Facebook brings on the new CSO. Maybe there’s nothing to this timing, just coincidence, or maybe Russians knew they were looking at an inexperienced leader. Or maybe they even saw him as “coin-operated” (a term allegedly applied to him by US Intelligence) meaning they knew how easily he would stand down or look away:
Given the security failures from 2015 to 2017 we have to seriously consider the implications of a sentence that described Stamos’ priors, which somehow are what led him into being a Facebook CSO
At the age of 36, Stamos was the chief technology officer for security firm Artemis before being appointed as Yahoo’s cybersecurity chief in March 2014. In the month of February, Stamos in particular clashed with NSA Director Mike Rogers over decrypting communications, asking whether “backdoors” should be offered to China and Russia if the US had such access.
There are a couple problems with this paragraph, easily seen in hindsight.
First, Artemis wasn’t a security firm in any real sense. It was an “internal startup at NCC Group” and a concept that had no real product and no real customers. As CTO he hired outside contractors to write software that never launched. This doesn’t count as proof of either leadership or technical success, and certainly doesn’t qualify anyone to be an operations leader like CSO of a public company.
Second, nobody in their right mind in technology leadership let alone security would ask if China and Russia are morally equivalent to the United States government when discussing access requests. That signals a very weak grasp of ethics and morality, as well as international relations. I’ve spoken about this many times.
If the U.S. has access it in no way has implied other governments somehow morally are granted the same access. Moreover it was very publicly discussed in 2007 because Yahoo’s CEO was told to not give the Chinese access they requested (when Stamos was 28):
An unusually dramatic congressional hearing on Yahoo Inc.’s role in the imprisonment of at least two dissidents in China exposed the company to withering criticism and underscored the risks for Western companies seeking to expand there. “While technologically and financially you are giants, morally you are pygmies,” Rep. Tom Lantos (D., Calif.)
If anything these two points probably should have disqualified him to become CSO of Facebook, and that’s before we get into his one-year attempt to be CSO at Yahoo! that quickly ended in disaster.
In 2014, Stamos took on the role of chief information security officer at Yahoo, a company with a history of major security blunders. More than one billion Yahoo user accounts were compromised by hackers in 2013, though it took years for Yahoo to publicly report…Some of his biggest fights had to do with disagreements with CEO Marissa Mayer, who refused to provide the funding Stamos needed to create what he considered proper security…
Let me translate. Stamos joined and didn’t do the job disclosing breaches because he was campaigning for more money. He was spending millions (over $2m went into prizes paid to security researchers who reported bugs). While his big-spend bounty-centric program was popular among researchers, it didn’t build trust among customers. This parallels his work as CTO, which didn’t build any customer trust at all.
The kind of statements Stamos made about Artemis launching in the future (never happened) should have been a warning. Clearly he thought taking over a “dot secure” domain name and then renting space to every dot com in the world was a lucrative business model (it wasn’t).
I’m obviously not making this up as you can hear him describe rent-seeking with a straight face. His business model was to use a private commercial entity to collect payments from anyone on the Internet in exchange for a safety flag to hang on a storefront, in a way that didn’t seem to have any fairness authority or logical dispute mechanism.
Here is a reporter trying to put the scheming in the most charitable terms:
In late 2010, iSEC was acquired by the British security firm, NCC Group, but otherwise the group continued operating much as before. Then, in 2012, Stamos launched an ambitious internal startup within NCC called Artemis Internet. He wanted to create a sort of gated community within the internet with heightened security standards. He hoped to win permission to use “.secure” as a domain name and then require that everyone using it meet demanding security standards. The advantage for participants would be that their customers would be assured that their company was what it claimed to be—not a spoof site, for instance—and that it would protect their data as well as possible. The project fizzled, though. Artemis was outbid for the .secure domain and, worse, there was little commercial enthusiasm for the project. “People weren’t that interested,” observes Luta Security’s Moussouris, “in paying extra for a domain name registrar who could take them off the internet if they failed a compliance test.”
Imagine SecurityScorecard owning the right to your domain name and disabling you until you pay them to clean up the score they gave you. Dare I mention that a scorecard compliance engine is full of false positives and becomes a quality burden that falls on the companies being scanned? Again, this was his only ever attempt at being a CTO (before he magically branded himself a CSO) and it was an unsuccessful non-starter, a fizzle, a dud.
From that somehow he pivoted into a publicly traded company as an officer of security. Why? How? He abruptly quit Artemis by taking on a CSO role at Yahoo, demanding millions for concept projects more akin to a CTO than CSO. He even made promises upon taking the CSO role to build features that he never delivered. Although I suppose the greater worry still is that he did not disclose breaches.
It was after all that he wanted to be called CSO again, this time at Facebook. That is what Wyden should be investigating. I mean I’m fine with Wyden making a case for the CEO to be held accountable as a starting point, the same way we saw Jeff Skilling of Enron go to jail.
It makes me wonder aloud again however if the CFO of Enron, Andrew Fastow, pleading guilty in 2004 to two counts of conspiracy to commit securities and wire fraud…is an important equivalent to a CSO of Facebook pleading guilty to a conspiracy to commit breach fraud.
Stamos says he deserves as much blame as anyone else for Facebook being slow to notice and stamp out Russian meddling in the 2016 presidential election
Ironically Stamos, failing to get anywhere with his three attempts at leadership (Artemis, Yahoo and Facebook) has now somehow reinvented himself (again with no prior experience) as an ethics expert. He has also found someone to fund his new project to the tune of millions, which at Blackhat some Facebook staff reported to me was his way to help Facebook avoid regulations by laundering their research as “academic”.
It will be interesting to see if Wyden has anything to say about a CSO being accountable in the same ways a CFO would be, or if focus stays on the CEO.
In any case, after a year of being CSO at Yahoo and three years of being CSO at Facebook, Stamos’ total career amassed only four years as a head of security.
Those four years unmistakably will be remembered as one person who sat on some of the biggest security operations lapses in history. And his 2015 tout he was taking an officer role because “no company in the world is better positioned” to handle challenges of safety continues to produce this legacy instead:
Another month, another Facebook data breach.
Update September 7th, 2019:
In another meeting with ex-Facebook staff I was told when “CEO and CSO are nice people” it should mean they don’t go to jail for crimes, because nice people shouldn’t go to jail. That perspective makes me wonder what people would say if I told them Epstein had a lot of friends who said he was nice. I mean it suggests to me a context change might help. I first will raise the issue in my CS ethics lectures with an example outside the tech industry: Should the captain of sunken ship face criminal investigation for saving self as 34 passengers died in an early morning fire?
A Chinese/German drone collaboration is delivering micro-dose poison at 14 hectares/hour and achieving a 98% kill-rate on armyworm.
Specifically, the drone atomises the pesticides into micron-level droplets, so the chemicals can evenly adhere to the surface of maize plants with higher coverage rate. The strong downdraft generated by the propellers can significantly reduce liquid drifting and increase pesticide deposition, which means that both sides of the leaves and the central part of crops can be more precisely targeted. Such mechanism can not only increase fall armyworm’s exposure to chemicals but also cut down a large amount of pesticide use and better conserve the beneficial insects.
Targeting sounds like it’s more of a “bracketing” spray than an injection into each worm on a leaf, although the drone company suggests they are looking into worm-recognition capabilities.
Targeting the individual worms instead of plant-level dosing still seems cost-prohibitive in this story. To achieve that accuracy I think we’d be talking Integrated Pest Management (IPM) with technology-augmented insects, or micro-drones, instead of these sprayers.
Perhaps soon there will be Integrated Drone Management (IDM) appearing in agricultural operations centers where augmented bugs are deployed from drones like static-line parachute jumpers.
Many years ago when we were starting research on how to stop drones setup as biological weapons, we looked at them as flying bombs in the same way the Italian fascist military dropped mustard gas on field-hospitals and ambulances.
Chinese agriculture, however, clearly is being driven to develop more highly-efficient low-dose toxin delivery at a micro-target levels. That kind of emphasis in tooling accuracy means drones soon may advance past U.S. bladed assassination missiles, innovating so quickly we will have to update the risk discussions.
To be fair, five years ago any kind of anti-drone methods to stop weaponized versions meant a specific audience where examples needed to be general. Today it seems a general audience is open to hearing what harms may be ahead and more specific examples are more welcome.
Unfortunately what I must emphasize most today isn’t just how drones rapidly move towards highly-targeted assassination methods for something labelled pest. I must also point out members of our security community actively have been found labeling non-whites as pests. Beware people advertising themselves as deserving authority to protect humans from harm, who may in fact be enabling and promoting harm through technology.
I said I would write up my notes from DEFCON27, where I had the “opportunity” to meet General Flynn’s residual guy with cyber in his title, so here it is.
DEFCON always has been for me about meeting with the Federal Government. Since the mid-1990s it has felt like the place government staff come to party with reduced accountability and oversight.
This year I stepped into the “Ethics Village” and listened to Joshua Steinman present his vision. To be honest in my decades of experience in security and working with the government I never had heard of Josh. When he began speaking I kind of realized why. He said very emphatically to the moderator:
Please don’t ever say cyber security. It’s just cyber.
This was like telling us not to say Internet security because just saying Internet somehow magically implies security. Yeah, not going to happen.
Few things self-reveal someone inexperienced in security like their overuse of the term cyber, leaving off modifiers needed to clarify, or lacking a sense of irony.
He also gave an intro of his background where he claimed to be a world-class expert on Al Qaeda before 9/11, issuing a national security report based on all available evidence (I later found out this was just a short paper he wrote in high school, and I am not kidding).
He also said he was a big supporter of the Republican candidate for President and that pulled him straight into the White House after victory.
And finally he called himself entrepreneurial (I later found out he started a knitting company to make socks for men, and again I am not kidding).
While he definitely puffed out himself in presenting his background as someone believing he is on the right side of history and ahead of his time, something about his self-promotion seemed off, especially compared to the quality of other speakers in prior sessions in the Ethics Village.
For the next 30 minutes or so Josh rattled randomly about personal life philosophy like basic water-cooler tactics and how surprised he was to find out the 1800s-era White House is physically small.
For someone repeatedly claiming he was able to see into the future, it was the opposite of substance. Imagine travelling all the way to a conference, sitting down to hear the “head of cyber” for a national government, and getting a presentation like this:
Usually I like to stand around in the break room area by the coffee. That’s where I hear conversations others are having and can find out what’s happening in the White House. Sometimes I join their conversation.
This was by no means a comforting talk to hear from the person purporting to be the policy making leader of our industry. I’m also paraphrasing here as Josh said several times “Raise your hand if you are a reporter. There are no reporters here? What I’m saying is off the record.” It appeared he was joking about this, although nobody laughed.
What caught my attention, among the rambling stories of hanging around and doing nothing tangible, was Josh said with the utmost confidence “executive privilege is right there in the Constitution. Go read it to see for yourself.”
I’m no constitutional lawyer but as a historian who studied cold-war machinations of Presidents I’m well aware that the executive privilege line most definitely is NOT something you can read in the Constitution. Furthermore, as a security professional, I’m well aware of the danger of executive privilege being used to suppress evidence/speech and deny freedoms necessary to avert suffering at massive scale.
Perhaps Constitution Daily put it best:
One of the great constitutional myths is the principle of executive privilege. Though the term is not explicitly mentioned in the Constitution, every President has called upon it when necessary.
I really have no idea why Josh would say “go read it” for something that doesn’t exist in writing. He’s supposed to be a policy expert. Moreover you can imagine there is a big issue with oversight for that qualifier “when necessary”, since it’s for a privilege that is going to be argued as above all oversight.
Ronald Reagan infamously invoked executive privilege, while carefully avoiding use of the exact phrase, in attempts to avoid accountability for illegal arms deals:
The alternative language used by Mr. Reagan’s lawyers appears to reflect a desire to avoid the negative connotation associated with the term, which over the years has come to be thought of by critics as a legal ploy invoked by Presidents seeking to deflect embarrassing inquiries.
The legal skirmish is taking place in advance of Mr. Poindexter’s trial, which is scheduled to begin on Feb. 20. He faces five criminal charges, including accusations that he obstructed Congressional inquiries and made false statements to Congress about the Government’s secret arms sales to Iran and about efforts to aid the Nicaraguan rebels, or contras, at a time when such assistance was banned by Congress.
That reference to legal ploy comes from Richard Nixon, who similarly claimed he had such an executive privilege to conceal his guilt. He thought he could block White House tape recordings being revealed during the Watergate Scandal.
During the Bush Administration, executive privilege was argued to be not only non-specific but also quite limited. Note the reference to Kavanaugh (now on the Supreme Court) lying to Congress.
Predictably, the White House is claiming executive privilege and refusing to cooperate with the legitimate Congressional investigations, one springing from Mr. Bush’s decision to spy on Americans without a warrant and the other from the purge of United States attorneys. The courts have recognized a president’s limited right to keep the White House’s internal deliberations private. But it is far from an absolute right, and Mr. Bush’s claim of executive privilege in the attorneys scandal is especially ludicrous. […] Nor can it be used to shield an official who might have lied to Congress. The Senate Judiciary Committee has asked the Justice Department to investigate Brett Kavanaugh, a former White House official who told a Senate hearing on his appointment to a federal judgeship that he was not involved in forming rules on the treatment of detainees. Recent press accounts suggest that he was.
That’s a far more restrictive interpretation of executive privilege theory versus a Washington Post article from 1986 that spells out how proponents had wanted to use it under the Reagan Administration:
While serving in effect as lawyer for Attorney General Edwin Meese III, Cooper also advises the Justice Department, other federal agencies and inquiring members of Congress on a wide range of legal questions. Most of his opinions remain confidential, but some that have surfaced have generated headlines. In one opinion, Cooper argued that employers may fire persons with AIDS because of fear that the disease may be contagious, even if that fear is irrational. In another, he said that President Reagan must support an executive privilege claim by former president Richard M. Nixon to keep Nixon’s White House papers secret. […] In addition, department sources say, Cooper has been advising Meese on the U.S. decision to allow arms to be shipped to Iran in connection with efforts to free American hostages. Meese, in turn, has provided assurances to the White House that the shipments were legal.
Perhaps most importantly for this Ethics Village talk, that comment on AIDS is more significant than you might realize. Ronald Reagan claimed executive privilege could block the Centers for Disease Control from issuing a pamphlet on the AIDS crisis despite tens of thousands of Americans dying.
First, let’s set the context of how Reagan handled a threat to Americans that started in 1981. After it already killed nearly twice the number of 9/11 casualties Reagan used his authority to stay silent on the issue:
One of the most prominent stains on the…Reagan administration was its response, or lack of response, to the AIDS crisis as it began to ravage American cities in the early and mid-1980s. President Reagan famously…didn’t himself publicly mention AIDS until [Sept 17th] 1985, when more than 5,000 people, most of them gay men, had already been killed by the disease.
Even in 1985, Roberts (now on the Supreme Court) wrote an infamous memo that recommended the President keep quiet for self-benefit, avoid reassuring people with science, and wait instead for hyperbolic commentators to be proven wrong by scientists.
I would not like to see the President reassuring the public on this point, only to find out he was wrong later. There is much to commend the view that we should assume AIDS can be transmitted through casual or routine contact…
AIDS can not be transmitted through casual or routine contact. It is known today as it was already known then.
After years of intentional silence on the subject by an American President the threat went on to be the greatest public health catastrophe of the twentieth century and kill approximately 650,000, the same as number of Americans estimated killed during the Civil War.
…for the first four years in office, the nation’s top health officer was prevented from addressing the nation’s most urgent health crisis, for reasons he insisted were never fully clear to him but that were no doubt political.
Imagine executive privilege being used to prevent experts from addressing the nation’s most urgent security crisis, then look at this graph of Reagan’s policy of censorship and silence on harms.
So this prompted me to ask Josh about the large and vague theory of executive privilege. Already we can see Josh was wrong about executive privilege being written in the Constitution. Now I wanted to know if he supported its use to block discussion of a bug that can kill hundreds of thousands of Americans.
I stepped up at the end of his presentation and asked 1) where executive privilege was written and 2) whether Ronald Reagan’s interpretation of it would enable the White House to secretly harm Americans with backdoors in encryption, much in the same way he avoided public accountability for export death (illegal arms shipments to Iran) and domestic death (blocking AIDS scientific alerting).
As I asked my question he shook his head disapprovingly. Perhaps my question, like my blog posts, was rambling and lacked clarity.
I was thinking of how to ask about executive privilege in terms of the AIDS epidemic because in computer security terms it would be a virus that easily could be remotely controlled. If the executive privilege theory means the White House can block scientific discussion for political self-benefit, leading to masssive harms of citizens, is the White House cyber policy head also saying secret government backdoors in encryption could be within this privilege?
Josh didn’t answer directly and instead said in a long statement that encryption was complex as a topic, there were many sides, and the market would decide backdoors. He also invited everyone to speak with him after as he could easily show where in the Constitution executive privilege was written (it’s not).
When he finished and got up to leave I walked up to him and he quickly exited towards the back of the room, passing directly by me. Several people said “he must not have seen you” so I rushed out the door and caught him in the hallway. He looked me directly in the eyes, turned and ran away.
On January 17, 1961 President Eisenhower gave a phenomenal speech about the future of technology, especially Internet authorization models. Consider his words in context of today’s social networks and data platform controls:
Down the long lane of the history yet to be written America knows that this world of ours, ever growing smaller, must avoid becoming a community of dreadful fear and hate, and be, instead, a proud confederation of mutual trust and respect.
Video of the speech is available via C-SPAN
Many people reference this speech due to its stern warning against a congressional-military-industrial-complex diverting public funding to itself and away from education and healthcare.
People also tend to leave out the congressional role related to Eisenhower’s warning, probably because it was inferred and not explicit. Fortunately a professor of government explains how and why we still should include Congress in that speech:
When the president’s brother asked about the dropped reference to Congress, the president replied: “It was more than enough to take on the military and private industry. I couldn’t take on the Congress as well.”
Perhaps we can agree in hindsight that Eisenhower’s warnings were right. There is over-centralization in the American communications industry as well as a state of near-perpetual warfare. This means we should have also expected the “congressional-military-industrial-complex” to expand naturally into a “cyber” domain.
Of course, just like in 1961, we have more than one path forward. The tech industry should be moving itself away from power abuses and more towards something like Eisenhower’s prescient vision of globally decentralized “mutual trust” confederations.
Meanwhile, “For Nato, a serious cyberattack could trigger Article 5 of our founding treaty.”
WalMart is suing Tesla for negligence, saying Elon Musk’s rush to market is failing industry standards of safety
…as of November 2018, fires broke out at no fewer than seven of the stores, forcing the disconnection of all the solar panel systems for the safety of the public…[because installed] haphazardly and as quickly as possible in order to turn a profit
Has Tesla released a transparency report on the total number of unexplained fires it’s caused? There are so many.
Even more concerning is how very little tangible response has come from the manufacturer, despite being cited as significantly worse than other manufacturers. For example:
Spontaneous combustion without warning:
…around 8:15 pm on Sunday night, the Tesla Model S is seen emitting smoke before suddenly bursting into flames. Further video shows the resulting charred wreckage, including that of two other nearby cars.
Once you realize the likelihood of a fire is unpredictable and could be increasing dramatically without explanation, the severity of these fires is also a major concern.
The fires seem to re-ignite unpredictably, are extremely toxic and, because of those two attributes, require expensive special training and equipment funded by tax-payers:
“With a gasoline fire, they know if they get enough water on it, it’ll go out,” [Peter Sunderland, a professor of fire protection engineering at the University of Maryland] said. “But with a deep-seated fire, it’s hard to spray the water deep enough into the battery to stop the fire.”
Slate reported that the firefighters who attempted to put out the 2013 Model S car fire in Seattle had trouble and “ended up using a circular saw to cut a hole that would allow them to pour water directly on the battery.”
In a fiery Tesla crash into a barrier in Austria, the car kept reigniting, forcing firefighters to battle the flames for hours. The car had to be put into quarantine for 48 hours to remove the chances of reignition, Jalopnik reported.
What’s more, lithium-ion fires can release high levels of “toxic gases” such as carbon monoxide, soot, hydrogen fluoride, and particulates of oxides of nickel; aluminum; lithium; copper; and cobalt, according to a Tesla Model X emergency response guide. As a result, firefighters need to wear a self-contained breathing apparatus and should use hoses that spray fog and special ventilation fans that push air out at a high velocity to protect bystanders downwind of the fire, according to the guide.
There are dozens of stories of Tesla fires not only being far less predictable, more expensive and more toxic than other products, they seem to not have any cohesive story yet of what to expect in the future.
In several cases the fires were extinguished at first encounter. Then had to be extinguished again on the tow truck. Then had to be extinguished again in the junk yard. That’s a multiplier effect for several reasons, not least of all because fires on tow trucks and in junk yards are not supposed to happen.
Initially Tesla’s CEO tried use social media to claim his products “500% less likely” to catch fire. This almost immediately was disproved (not to mention ridiculed by many for using math incorrectly)
Tesla, without a question, has a way higher incidence of fire deaths than other cars.
Then the car manufacturer tried to pivot to an argument that their fire death statistics aren’t being separated from collisions, where occupants would have died anyway. This again ignores the fact that their fires are different in ways that increase the likelihood of fatalities, not only for occupants but also those responding to help.
Tesla’s CEO should not be allowed to misrepresent harm likelihood and severity of his products when clearly there is ample and growing data on sub-standard engineering practices and threat to society. WalMart is picking up a hot topic, to be sure.
The CEO’s “safer than what you can buy from others” false claim even seems to be turned into a joke by him in 2018, as you can see in his attempts at humor when promoting sales of a flamethrower:
A Boring Company spokesperson said its flamethrower is ‘safer than what you can buy right now off-the-shelf on Amazon to destroy weeds’.
If Tesla wanted to extol virtues of battery technology, it would be that the carbon footprint producing them is zeroed out in just a few years and they emit zero harms when operating normally. That would be a viable defense, while they work to improve engineering to reduce fire likelihood and severity.
However, instead we see a company try dismissive fallacies (false equivalence in fires) and make claims their products give better odds of survival than other manufacturers.
The data doesn’t support Tesla in this comparison, since likelihood and severity of their fires already appear to be higher and trending worse with minimal explanation and no recall.
Tesla had at least quadruple (5 observed fire deaths vs. 1.19 expected) the fire-related mortality of the average car from 2016 through 1Q 2019
In fact, arson soon could be added to increasing probability of Tesla fires as owners realize what spontaneous fire in an unexpected location can mean (e.g. parking garage near structural integrity of a building). Imagine investigators trying to ascertain whether a Tesla exploding within a building was predictable with intent or just another “safer that what you can buy from others” incident.
The infamously glib and unapologetic “everything’s better with fire” social media presence of their CEO suggests WalMart’s lawsuit declaring his product line to be a public safety hazard…may document how failures in engineering duty-to-care may even come from the top.
A nearly constant state of mass shootings in America has sprung up a bizarre cottage industry. When someone volunteers at a church, it may mean the church will pay money to an outside firm that claims that volunteer as an employee.
A paper in Texas attempts to explain:
The company incorporates Christian teachings into its courses and more than 90 people at 18 churches have completed the 70 hours of initial training and become state-licensed guards through its program, Riggall said. The so-called sheepdogs are insured and technically employed by the company. But they volunteer doing security at their own churches, which in turn pay Riggall.
On a Sunday in July, Brett Faulkner stood with an AR-15 in hand and his back to the cross in the sanctuary of Fellowship of the Parks campus in Haslet, a community about 15 miles (24 kilometers) north of Fort Worth. He pointed the rifle at a young woman’s back and yelled at the armed men advancing into the room, “I’m going to kill this woman. It’s going to happen right now.”
[…]
“It really just comes down to caring about the people in that building,” Faulkner said of choosing to [threaten to kill this woman in] his small Baptist church.
The article is as weird as that sounds. Really. What part of the Christian teachings says volunteers can’t do their volunteer work unless the church pays money to an outside firm to claim them as employees?
It reads to me like “sheepdogs” are people volunteering to carry assault rifles into churches and threaten to kill their own congregations. However, these churches seem to have so little faith that they set it up by paying an outside firm for liability protection against likely bad sheepdogs.
Trail of Atredis (Trail of Bits and Atredis Partners) have released findings on Kubernetes security in a series of GitHub documents
Overall, Kubernetes is a large system with significant operational complexity. The assessment team found configuration and deployment of Kubernetes to be non-trivial, with certain components having confusing default settings, missing operational controls, and implicitly defined security controls. The codebase is large and complex, with large sections of code containing minimal documentation and numerous dependencies, including systems external to Kubernetes.
NIST has just released a publication with guidance for AI, to help innovation through general regulations.
U.S. LEADERSHIP IN AI: A Plan for Federal Engagement in Developing Technical Standards and Related Tools. Prepared in response to Executive Order 13859
There’s a lot of chatter about Epstein conspiracy theorists, which I may run risk of getting bundled into given my recent post about his peculiar counterfeit passport.
However, I’d like to keep my post as factual as possible, as I attempted to do in the passport blog post analysis. Here are some references that may help when looking into the very high likelihood Epstein was assassinated.
One
Epstein was held in jail on charges of “serial child molestation and sex trafficking”, which the current Administration’s Secretary of Labor Acosta apparently tried to help hide.
Acosta used a peculiar way of promoting himself despite allowing sadly lenient treatment of Epstein:
Acosta, the top federal prosecutor for the Southern District of Florida when the 2008 deal was struck, portrayed his actions and those of his fellow federal prosecutors as heroic and possibly unprecedented.
Remember the word “heroic”. You’ll see why in few minutes.
Critics of Acosta point out he actually blamed the victims for not getting stronger charges, and he falsely asserted a general “climate” of 10 years ago prevented prosecution of sexual crimes. Both of these are reprehensible positions to take.
2019 was the first time Epstein was being seriously incarcerated for crimes he’s been infamously charged with for many years (from 2008 to 2015 Epstein reportedly settled over a dozen lawsuits). Whatever special treatment he had been used to from the likes of Acosta, it now was wearing off quickly.
Also, while Attorney General Barr recused himself from this earlier Florida case where Epstein was given light treatment, Barr did not recuse himself from the NY case.
Something clearly changed, and it seems to be related to the fact that Acosta claimed some intelligence community earlier had been willing and able in Florida to protect Epstein from harm.
Perhaps that is really what Acosta meant when strangely claiming sexual crimes prosecution climate today is different from 10 years ago? Acosta and Barr both act differently towards Epstein now, as if they can’t help him.
Two
Epstein was considered a flight risk and his movement was tightly restricted because large cash holdings as well as private jets and powerful friends that could enable his “Lolita Express”. Court documents have now revealed “flight logs show Trump flew on Epstein’s private plane at least once, in 1997”. Whatever mobility and leverage Epstein had grown used to with his jet-set friends, now also was gone.
Three
While Epstein had lost his help and couldn’t move, others could move on him. Numerous irregularities have been catalogued in the jail, well known by the DoJ and going back at least two years.
Corrections officers may have falsified reports saying they checked on Jeffrey Epstein as required by protocol…[bail was posted for his cellmate] leaving Epstein alone in his cell the day before he died…[and he] was taken off suicide watch about one week after [his throat had choke-marks] on July 23. At least one temporary employee at the detention center was on watch Friday night into Saturday morning, multiple sources said. The replacement employee was not part of the regular detail…A representative for staffers at the Metropolitan Correctional Center said work conditions at the facility have been inadequate for nearly two years. Corrections officers have long complained…
This is stark contrast to his prosecution by Acosta, where in “detention” Epstein was said to be walking around naked and completely without concern for his own safety. A lack of controls over this predator used to be a point of pride, letting him roam and be accessible to whomever, whereas now every minute unobserved became a serious cause for concern.
Four
There was an audible struggle at the time of death, and multiple first-person accounts have explained why suicide is improbable.
‘There’s no way that man could have killed himself. I’ve done too much time in those units. It’s an impossibility,’ said the insider…
These reports come just days after Epstein was found with choke marks around his neck, as mentioned in point three above. A second struggle is suggested by first-person experts to have happened. For whatever reason the first struggle failed, and obvious protections were not put in place, this time it was fatal.
Five
It fits a pattern. Suspected spies (see my passport blog post) that are categorized as distraught and linked to recent events, still end up with gaps in monitoring during the exact moments of “suicide”, limiting internal investigations. A jail in Australia sets a prior example worth studying.
Among the faults that Beltman highlighted were that in the hour before [accused spy’s] death there was no guard positioned at the cell and a journal that should have recorded Zygier’s activities was not filled in. In addition, one of the cameras in the cell was not working properly and the others were inadequate in poorly lit conditions, such as when the light in the cell was turned off.
Six
New York seems to foster the idea of powerful predators walking freely by limiting child survivors of sexual abuse from making claims against them. However, New Jersey allowed a student of the school where Epstein worked to file sexual assault charges against the headmaster.
[Dunnan] served as headmaster at the East 89th Street school for 23 years [1974-1997].
J.S. never reported the alleged assaults to police. Under New York law, the former Dalton student lost the chance to file a criminal or civil claim against the headmaster after she turned 23. But she brought the suit in the Garden State, where the statute of limitations is more flexible than laws governing sexual abuse in New York.
Dunnan had replaced Barr, father of current Attorney General Barr who is registering surprise that the child predator hired by his father died while in custody of a jail with a history of known issues.
‘There were a number of teachers who looked at the student body as their next meal,’ said Mark Robinson who graduated in 1974. […] Epstein was hired by the school’s headmaster Donald Barr, the late father of Attorney General William Barr, whose office is now prosecuting Epstein. Barr apparently used to enjoy hiring young people in their early 20s whom he thought were full or potential, but it was unusual for a teacher, like Epstein, to be hired without a college degree.
Also unusual was Barr’s father writing a book at the time that glorified “Interplanetary Slavery & Sexual Domination”. A reviewer offers this synopsis:
Barr creates two openly ‘superior’ characters as his leads. Craig and Morgan freely kill, torture, seduce and make sweeping political decisions on behalf of thousands of people – but this is acceptable, because they’re somehow imbued with ‘natural heroism.’ Slavery and oppression are wrong, unless you’re someone as wise and talented as Craig or Morgan, in which you’re perfectly justified in forcing decisions on other people.”
Epstein has been described as leveraging the powerful people at that Dalton school into his financial career. It appears that means he adopted some of their philosophy, with an unusually framed sense of power over others. Recent news pointed out he even fantasized about “seeding” the human race, similar to Barr’s science fiction writings.
The Barr family connection does seem important. I’ve written before about how strange it was an Attorney General named “Jefferson Beauregard Sessions III” led the DoJ in modern times, since that department explicitly was created to defeat the Jefferson Beauregard legacy of KKK. Now that I know the man who replaced Sessions and is current AG is the son of a man who glorified slavery in fictional books…it has a certain “master race” similarity that could bring an extra-judicial capital-punishment to that Epstein jail cell.
Seven
Perhaps above all, child predators like Epstein operate with “exceptional” power in the United States as it remains alone in the world for refusing to ratify the Convention on the Rights of the Child (CRC).
On November 20, 1989, unanimously the United Nations General Assembly adopted the CRC, a landmark treaty protecting children from neglect, abuse, and exploitation. The CRC, which entered into force in 1990, is the most universally ratified human rights treaty.
The United States is the only country in the world that has not joined the other 196 nations in embracing the more than quarter-century old CRC treaty, the most universally-ratified human rights treaty in history.
Conclusion
Despite being in a country refusing to recognize rights of the child, and in a state limiting rights of children to prosecute, there may be a large network of powerful predators now willing to pay to assassinate the man who would expose their dealings.
On the face of it, suicide seems far less likely a story than homicide given similar deaths of agents, in similar jail conditions, based on reliable first-person reports, and the bizarre relationships with Acosta and Barr.
The risk Epstein posed to a large network of predators probably is not any obvious exposure of sexual crimes. That still might be brushed off with the same reasons they use to refuse ratifying CRC. Being “exposed” could have as little impact as the infamous “grab them” tape.
Rather, the real risk and pressure for an assassination likely is the exposure of other things Epstein and his network were doing. In their minds they were examples of “natural heroism” (Barr’s phrase, similar to Acosta) above any law; and these people probably are most afraid of exposure of the events used to justify Epstein delivering them his enslaved girls.
As a side note, and final thought, others in the case are far less likely to be in danger of assassination if they know only the names of the men involved, and not the “heroism” events and reasons that made men want to be Epstein’s acquaintance.
That is to say it would be a political assassination, and Epstein’s individual victims pose little political risk compared to his knowledge of operations.
One example of the kind of “executive privilege” events that now may be linked to Epstein is Ronald Reagan’s transfer of arms to Saddam Hussein, via Saudi Arabia, to illegally avoid Congressional oversight let alone accountability to the American public.
The Iran-Contra scandal seems to have been just a tip of the iceberg when factoring that Epstein may have been a useful pawn during that time to intelligence agencies, enslaving girls and trafficking them within arms deals to dictators.