Category Archives: Security

History, Security

Woodlock Gags Speech, Again

3 Comments

America has a sad “gag rule” history few Americans know.

…the U.S. House of Representatives instituted the “gag rule,” the first instance of what would become a traditional practice forbidding the House from considering anti-slavery petitions. Representative James Hammond of South Carolina first proposed the gag rule in December 1835.

It lasted years, and was used by abusive men specifically to silence the speech of anyone perceived to have empathy for the oppressed (e.g. de oppresso liber).

Members of Congress publicly ridiculed [human rights petition] efforts. Senator Thomas Hart Benton responded to the tide of petitions by saying, “I would recommend to these ladies, not to douse their bonnets, and tuck up their coats, for such a race, but to sit down on the way side, and wait for the coming of the conquerors.”

“The conquerors” ended up losing their Civil War over denying rights to “such a race”.

Fast-forward to today and a story from The Register explains the difference between a Judge in Holland and one in America, when faced with the same situation:

NXP Semiconductor, maker of the cryptographically challenged Mifare card, has also taken legal action to silence researchers who poked holes in fare collection systems used in the Netherlands. A Dutch judge rejected the request.

Opsahl said the EFF planned to appeal the decision, even though a ruling will not be issued in time to save the canceled talk. He said the judge reached a very, very wrong conclusion when using the Computer Fraud and Abuse Act as grounds for canceling the talk.

“The statute on its face appears to be discussing sending code, programs or similar types of information to a computer,” Opsahl said. “It does not appear to contemplate somebody who’s giving a talk to humans.

A Dutch judge rejected the request. That could have been the end of the story, but America’s secret society of “gag rule” men still occupy the highest government seats.

Opsahl is referring to US District Judge Douglas P. Woodlock, who has ordered a gag for three students of MIT who were going to present the Mifare card story yesterday, but in context of the Boston transit system.

Some may remember that Woodlock is the same judge that told antiwar activists that they were “stuck under the tracks”. He ruled against their right to speech because of what he called an “irretrievably sad” post-9/11 world that requires internment camps as security precautions to gag speech.

Woodlock said he had initially assumed that activists were exaggerating when they likened the protest zone near Canal Street to an internment camp. But he said that after touring the area for 90 minutes Wednesday, he concluded that comparison was “an understatement.”

[…]

“One cannot conceive of other elements [that could be] put in place to create a space that’s more of an affront to the idea of free expression than the designated demonstration zone,” Woodlock said.

Nonetheless, Woodlock said that unruly demonstrators at other political events have made the precautions necessary to foil protesters who might hurl objects at delegates arriving on buses

The logic is tortured to the point where Woodlock seems to favor a dark authoritarian world as a form of “safety”.

In another example, Woodlock ruled against the free speech rights for three newspapers. These papers argued that speech rights were violated when an Architectural Commission in Boston banned “street furniture” including news racks. Unfortunately for the papers, Woodlock was a student of architectural history and favored the aesthetics and safety of the street more than any individual right:

“While the guideline forces plaintiffs to use distribution means in the district which they find economically unappealing or that they would otherwise not use,” Woodlock said, “this does not change the fact that alternatives to newsracks in the district are available to plaintiffs.”

The conditions might be economically unappealing, also known as financially prohibitive, but the judge said he was unsympathetic because he saw no evidence of expense/damage from the alternatives. Again, logic tortured to the point where you are told to think of possibilities still available to you once your speech is restricted. Maybe a paper can survive without a forum for speech, maybe not, but at least the streets are clean.

Reasons for “an affront to the idea of free expression” seem to be stacking up under Woodlock. Has he ever ruled in favor of free speech? Does he even believe in it? Anyone surprised that this man was nominated to his position by Ronald Reagan, or was a college friend of George W. Bush?

Douglas Woodlock was appointed to the district court in 1986 by President Ronald Reagan. He possessed an interesting pedigree: a couple of high school years at Phillips Academy Andover, a distinguished undergraduate career at Yale, capped by being chosen for the secret society known as Skull and Bones by fifteen club members (including George W. Bush) from the class ahead.

Woodlock’s distance from Bush should not be underestimated. Bush has been a long-time critic of free speech. He is still listed as the #1 Muzzle in The Thomas Jefferson Center for the Protection of Free Expression. Bush threatened legal action against individuals who tried to expose or discuss his flaws on the Internet:

In a May 21 press conference, Bush himself stated “[t]here ought to be limits to freedom.

[…]

On April 14, 2000, the FEC dismissed the Bush complaint stating, “this matter is less significant relative to other matters pending before the Commission.”

Americans should be ashamed of Woodlock’s decision on this matter.

The gag action on the Boston transit research is an embarrassment to the nation. Consider how the same situation played out in Holland:

The case went to court in Holland and now the court in Arnhem has overturned the injunction citing local freedom of expression laws.

In its ruling, the court said: “Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings.”

In a statement, Radboud University hailed the ruling and said: “…in a democratic society it is of great importance that the results of scientific research can be published”.

Oh, wow. That is really, REALLY well said.

Damage to NXP is not the result of the publication of the article but of the production and sale of a chip that appears to have shortcomings

These people are clearly intelligent and capable, and this ruling happened PRIOR to Woodlock’s gag order.

This means Woodlock must have decided to silence three students presenting the information to their peers despite the fact that already it is in the public domain. America’s “skull and bones” tin-pot dictatorship crew are indefatigable.

Who wants to bet the American judge will say something about how “unfortunate” or “sad” it is that his “hands are tied” or he is “forced” by post-9/11 events to censor and restrict the scientific community into an internment camp for their own “safety”?

Security

Decrypting PIN numbers

Leave a comment

The TJX case just keeps giving and giving. A recent indictment of a man named Gonzales, which has the rather revealing filename of N:\SHeymann\Case Files\TJX\Indictment and Informations\Final Versions\Gonzalez Indictment Final.wpd, shows that PIN numbers were being decrypted in large batches:

e. Downloaded from the corporate networks processing and/or storing payment card transactions the track 2 data for tens of millions of credit and debit cards and PIN blocks associated with millions of debit cards;

f. Obtained technical assistance from criminal associates in decrypting encrypted PIN numbers

This is major news. How did they decrypt PINs?

I have seen few report on the implications of this for bank security, but frankly it changes everything. If an attacker can steal your PIN number even when it is encrypted and stored within a bank, then your financial data is under an even bigger threat than ever before.

Security

Corporations are not people, stupid

Leave a comment

Another overly detailed post on Schneier’s Blog

“Corporations are people, too!”

That’s the problem. They really should not be treated as such. They should be allowed privileges, but no rights. Rights should be reserved for people.

The modern American treatment of corporations came out of post-Civil War lawless and corrupt practices. From 1866 onward, following the stupid mistake of a judge who allowed a court reporter to insert his opinion into the official record, it has been tough to pin down and put the robber barons back in the bottle.

http://www.straightdope.com/columns/030919.html

Oil, Finance, and Transportation industries among others in America have all been totally f*$ckd by giant corporations fighting to gather all the rights of a singular person, while avoiding any kind of accountability that a real person would face.

President Grover Cleveland explained the problem in his 4th Annual Message to Congress on December 3, 1888

“Corporations, which should be carefully restrained creatures of the law and the servants of the people, are fast becoming the people’s masters.”

Kind of like Asimov’s laws of robots, they need to live within the rules, as dictated by humans, not the other way around.

http://en.wikipedia.org/wiki/Three_Laws_of_Robotics

Should free speech, for example, be a right of corporations, artificial entities created by states, or only extended to individual and real people? In other words is commercial speech to be treated as free speech or should it be regulated more strictly to guard against harm?

Here is a case on the matter:

http://www.law.ucla.edu/volokh/nike.htm

If America rules that commercial speech is free speech, than does it seem plausible that even phishing and spam corporations would have their tactics protected by the courts as a form of expression?

Here is an excellent essay about America’s founding fathers their warnings on this very issue:

http://www.thevoicenews.com/News/2003/0111/Front_page/002.html

“…with an audacity and willingness to take on overwhelming multinational corporate power similar to that displayed by the Founders, the elders of Porter Township said that: ‘Corporations shall not be considered to be ‘persons’ protected by the Constitution of the United States or the Constitution of the Commonwealth of Pennsylvania within the Second Class Township of Porter, Clarion County, Pennsylvania.'”

Or something like that…

Security

FasTrack hacked

Leave a comment

There was a lot of doom and gloom at BlackHat this year, but my favorite presentation was the one just picked up by the ACLU of Northern California

Researcher Nate Lawson has discovered that FasTrak transponders are vulnerable to sniffing, cloning, and surreptitious tracking of a driver’s comings and goings.

That is because the systems have no encryption or other technological protection measures to ensure that the information is not read by unauthorized readers or copied and cloned for misuse. Without protections, it is not just those toll booth and freeway sign readers that can track who you are and where you are going, but also that homegrown sniffer that Lawson plans to put up to collect information.

Lawson is amazed that “there has not already been widespread fraud, cloning, and selling of ‘free transponders’ that” were hacked and reprogrammed, he says. “There’s nothing there technically to prevent it.”

What he meant to say, I think, is that the system was not designed to prevent it today. However, an important point to his research is that the transponders also allow an attacker to WRITE data to them. This actually would allow the system to prevent abuse, should new/fixed code be installed with authentication capabilities.

Thus, something COULD be done to prevent and fix a number of flaws. The question is whether they will be done. In the meantime, you can not only sniff IDs and track people by the FasTrack system, but you can mix and install IDs as you please.

Hacking this system is actually not news, as Lawson suggests in the fact that he is buying transponders off the grey/black market. The officials surely watch this as well. They usually monitor some degree of abuse. Lawson is just the guy who wants credit for writing up his “research” and wants to be in the press for announcing the flaws, as opposed to building himself and his friends/family a free ride or making some pocket change for selling transponders.

In a similar case, Barbadians have harshly criticized the researcher who recently claimed to have “discovered” a snake on their island:

“If he needs to blow his own trumpet … well, fine,” said 43-year-old Barbadian Charles Atkins. “But my mother, who was a simple housewife, she showed me the snake when I was a child.”

One writer to the Barbados Free Press blog took an even tougher tone, questioning how someone could “discover” a snake long known to locals, who called it the thread snake.

At least Lawson did not try to rename FasTrack.