I’ve written here before about French use of encryption in the 16th Century, and prior art. A new history article makes brief mention of ancient secrecy methods found in England.
The spies had a few special tricks up their sleeves. “They practiced secret inks,” explains Alford. “Quite a lot of use of code and cypher, which to our eyes looks relatively unsophisticated, although it develops an increasing sophistication.”
Cyphers became particularly important during the infamous Babington Plot, when Walsingham’s agents decrypted letters to and from Mary Queen of Scots. This provided evidence that Mary was conspiring against Elizabeth, leading to Mary’s trial and execution.
By the 1580s, ciphers were extremely complex – they could incorporate substitute letters, Arabic numerals, nulls, letters with a dot before or after, substitute names for locations, and numbers, signs of the zodiac or days of the week for individuals.
If you think that sounds innovative, consider how French and English secrecy methods seem to have roots elsewhere:
Muhammad ibn Abbad al-Mu’tamid (المعتمد بن عباد), King of Seville from 1069-1092, used birds in poetry for secret correspondence.
Leaflets are so basic, so black beret, it sounds like something higher up on the beret color chart may be coming to attract talent into Psychological Operations (PSYOP) as they modernize.
Nothing is decided yet, there’s still a chance someone could influence the decision, but rumors have it the psychological warfare troops will be represented by wearing a beret in color of white noise:
The idea is essentially still being floated at this point, but it could be a recruiting boon for the PSYOP career field, which is tasked with influencing the emotions and behaviors of people through products like leaflets, loudspeakers and, increasingly, social media.
“In a move to more closely link Army Special Operations Forces, the PSYOP Proponent at the U.S. Army John F. Kennedy Special Warfare Center and School is exploring the idea of a distinctive uniform item, like a grey beret, to those Soldiers who graduate the Psychological Operations Qualification Course,” Lt. Col. Loren Bymer, a USASOC spokesman, said in an emailed statement to Army Times.
Still seems a little fuzzy on the details, yet reporters also dropped some useful knowledge bombs in their story:
1) The new Army Special Operations Command strategy released just a month ago states everyone always will be trained in cyber warfare and weaponizing information
LOE 2 Readiness, OBJ 2.2 Preparation: Reality in readiness will be achieved using cyber and information warfare in all aspects of training.
2) Weaponizing information means returning to the influence operations in World War II, let alone World War I…I mean adapting to the modern cloud platform (Cambridge Analytica) war
“We need to move beyond our 20th century approach to messaging and start looking at influence as an integral aspect of modern irregular warfare,” Andrew Knaggs, the Pentagon’s deputy assistant secretary of defense for special operations and combating terrorism, said at a defense industry symposium in February. Army Special Operations Command appears to take seriously the role that influencing plays in great power competition.
As some of the most highly trained military personnel, the “grey beret” are a force to be reckoned with. Until SOWT gives the “all-clear” the mission doesn’t move forward.
Kessler AFB: “Team members collect atmospheric data, assist mission planning, generate accurate and mission-tailored target and route forecasts in support of global special operations, conduct special weather reconnaissance and train foreign national forces.” Click for original.
Meanwhile over at the Navy and Marines there’s much discussion about vulnerability to broad-based information attacks across their entire supply chain.
While Brigadier General (BG) William P. Yarborough, commander of the U.S. Army Special Warfare Center, waited at the pond, the presidential caravan drove down roads flanked on both sides by saluting SF soldiers, standing proudly in fatigues and wearing green berets.
“Late Thursday morning, 12 October 1961, BG Yarborough welcomed the 35th President, Secretary McNamara, GEN Decker, and the distinguished guests at the reviewing stand.”
General Yarborough very strategically wore the green beret as he greeted JFK and they spoke of Special Forces wanting them a long time (arguably since 1953 when ex-OSS Major Brucker started the idea).
A few days after the visit JFK famously wrote poetically to the General:
The challenge of this old but new form of operations is a real one…I am sure the Green Beret will be a mark of distinction in the trying times ahead.
Just one month later the green beret became official headgear of the Special Forces.
In 2013 I was flying around speaking on big data security controls, and waste water analysis was one of my go-to examples of privacy and integrity risks.
The charts I showed sometimes were the most popular drugs detected in each city’s wastewater site (e.g. cocaine in Oregon) and I would joke that we could write a guide-book to the world based on what “logs” were found.
Fancy corporate slide for “log analysis” in wastewater treatment centers around the world
Scientists at that time claimed the ability to look at city-wide water treatment plants and backtrack outputs to city-block locality. In near future they said it would be possible to backtrack to house or building.
For example, you get a prescription for a drug and the insurance company buys your wastewater metadata because it shows you’re taking the generic drug version while putting brand label receipts in claim forms. Or someone looks at past 5 year analysis of drugs you’re on, based on sewer data science, to estimate your insurance rates.
This wasn’t entirely novel for me. As a kid I was fascinated by an archaeologist who specialized in digs of the Old West. Everything in a frontier town might be thrown down the hole (e.g. destroy evidence of “edge” behavior), so she would write narratives about real life based on the bottles, pistols, clothes, etc found in and around where an outhouse once stood.
…Auggi, a gut-health startup that’s building an app for people to track gastrointestinal issues, and Seed Health, which works on applying microbes to human health and sells probiotics — are soliciting poop photos from anyone who wants to send them. The companies began collecting the photos online on Monday via a campaign cheekily called “Give a S–t”…
It’s a novel approach in that you aren’t pinned to the toilet in your home and can go outside and take pictures of poop on a sidewalk to upload.
This could be a game-changer given how many rideshare drivers are relieving themselves in cities like San Francisco.
Here’s the sort of chart we need right now, and not just because it looks like ride-share companies giving us the finger.
Uber’s army of 45,000 people suddenly driving from far-away places into a tiny 7 mile by 7 mile peninsula, with zero plans for their healthcare needs, infamously drove up rates of feces deposited all over public places.
…anecdotal complaints have gotten the attention of San Francisco City Attorney Dennis Herrera. Last week, his office released information for the first time about the number of Uber and Lyft drivers estimated to be working in the city: 45,000. To compare, 1,500 taxi medallions were given out [in 2016], according to the city’s Treasurer & Tax Collector. For perspective, Bruce Schaller, an urban transportation expert, said there are about 55,000 Uber, Lyft and other ride-sharing drivers in New York City, a metropolis of 8 million people, eight times the size of San Francisco.
I’ll just say it again, that a rise in human waste on the streets correlates pretty heavily to a rise of ride share drivers from far away needing a convenient place to relieve themselves (especially as many ended up sleeping in their cars).
In a conversation I had with a man in 2016 who had jumped out of his car to start peeing on the sidewalk in front of my house (despite surveillance cameras pointed right at him), he told me his plight:
Uber driver: I plan to quit as soon as I got my $700 bonus for 100 rides
Me: Because you just needed that quick money?
Uber driver: No, man there are no restrooms. I’m tired of taking a shit on sidewalks and peeing in newspaper boxes. It’s degrading
There definitely was a spike in 2016, which perhaps could have been correlated to gig economy workers seeing that $700 bonus and wandering into the city.
Sightings of human feces on the sidewalks are now a regular occurrence; over the past 10 years, complaints about human waste have increased 400%. People now call the city 65 times a day to report poop, and there have been 14,597 calls in 2018 alone. Last year, software engineer Jenn Wong even created a poop map of San Francisco, showing the concentration of incidents across the city. New mayor London Breed said: “There is more feces on the sidewalks than I’ve ever seen growing up here.” In a revolting recent incident, a 20lb bag of fecal waste showed up on a street in the city’s Tenderloin district.
Do you know what also became a regular occurrence over the past 10 years? Ride share vehicles with drivers needing to poop and no time or place to go.
Many people mistakenly attribute the dirty truth about ride-share driver behavior to homelessness, despite curious facts like “there aren’t actually more homeless people than there have been in the past”.
People also ignore the fact that being homeless and living on the street doesn’t mean that people don’t care about their living environment. Homeless are known actually to clean and sweep, whereas a driver is far more likely to poop at whatever spot they can get away with and then scoot.
I’m not sure why it is so hard for people to admit that a massive rise in ride-sharing drivers and no public restrooms for them becomes an obvious contributor of waste problems.
In one case I even saw an Uber SUV stop in the middle of a street, a passenger with a dog jumped out and peed directly uphill from a small restaurant with sidewalk seating…the Uber crew then jumped back in and sped away as those eating watched helplessly while rivers of hot dog urine flowed under their dining tables.
That kind of scenario is common sense bad, no? Just look at ride-sharing booms in the 1800s for cities like London, which led to special huts being built for driver care and control.
By 1898 newspapers around the world reported “40 shelters in London, accommodating 3500 cabmen, and there was a fund, provided mostly by subscription, for the maintenance of them.”
Typical London Cabman’s Shelter after 1873
An app uploading photos for analysis, or even doing checks within the app itself, would both be a privacy threat to all the ride share drivers hoping to get away with their dirty business on streets, as well as give knowledge that would prove a city’s most vulnerable (homeless) populations aren’t always to blame.
It’s a highly political topic, such that a “wasteland” interactive map with 2014 data turned into a crazy right-wing propaganda campaign to generate fear about San Francisco sanitation.
No mention ever is made in these political fights about unregulated ride-share drivers despite the obvious impact of at least 40,000 people driving into the city and around in circles all day every day generating pollution, noise, congestion and ultimately desperate for places to poop.
Waste analysis sensors could change all that and the real cost of Uber, Lyft etc could lead to sanitation fees (maintenance funds) for a modern-day Rideshare Shelter, which of course would have sensors on toilets.
However, already there’s a security issue mentioned in the plan for these startups. Their data collection requires people uploading photos to manually classify, which sounds to me like an integrity disaster. A recipe for shitty data, if you will.
[Jack Gilbert, a professor of pediatrics at the University of California San Diego School of Medicine and cofounder of the American Gut Project, a science project that solicits fecal samples from people] said that people are asked to rate their stool on the Bristol stool chart in pretty much every clinical trial he conducts, and automating this process would reduce bias and variation in data collection. “Human beings are just not very good at recording things,” he said.
Hopefully the startups will transition to the automated app and then traditional San Francisco residents who still walk on sidewalks, instead of calling a car to drive them three blocks, can use AI to efficiently report the prevalence of Uber poops.
Also in the news lately is an infamous Russian “seabed warfare” ship that suddenly appeared in Caribbean waters.
Original artwork from Covert Shores, by H I Sutton. Click on image for more ship details.
She can deploy deep-diving submarines and has two different remote-operated vehicle (ROV) systems. And they can reach almost any undersea cable on the planet, even in deep water where conventional wisdom says that a cable should be safe.
In the same news story, the author speculates that ship is engaged right now in undersea cable attacks.
…search patterns are different from when she is near Internet cables. So we can infer that she us doing something different, and using different systems.
So has she been searching for something on this trip? The journey from her base in the Arctic to the Caribbean is approximately 5,800 miles. With her cruising speed of 14.5 knots it should have taken her about two weeks. Instead it has taken her over a month. So it does appear likely.
Maps of the Caribbean waters illustrate the relevance of any ship’s position to Internet cables and seabed warfare.
TeleGeography Submarine Cable Map 2019
A Russian ship on the northwest coast of Trinidad means it’s either inspecting or even tapping into the new DeepBlue cable, listed as going online 2020. Trinidad is in the lower right corner of the above map. Here’s a zoomed in look at the area to compare with the ship position map above:
And the DeepBlue cable specs give a pretty good idea of why a Russian seabed warfare ship would be hovering about in those specific waters…
Spanning approximately 12,000 km and initially landing in 14 markets, the Deep Blue Cable will meet an urgent demand for advanced telecom services across the Caribbean. This resilient state-of-the-art cable has up to 8 fibre pairs with an initial capacity of 6Tbps and ultimate capacity of approximately 20Tbps per fibre pair. It is designed to be fully looped maximizing system resiliency. With more than 40 planned landings, Deep Blue Cable will bring 28 island nations closer to each other and better connected to the world.
The USS Grayback was discovered more than 1,400 feet under water about 50 miles south of Okinawa, Japan, in June by Tim Taylor and his “Lost 52 Project” team, which announced the finding Sunday.
Their announcements are public and thus show how clearly technology today can map the seabed.
Announcing the discovery of the USS Grayback on June 5th, 2019 by Tim Taylor and his “Lost 52 Project” team.
Wrecked ship Captain de Kam said “It’s just like losibng a beautiful woman”. Photograph: Michael Prior
The creator of Ruby on Rails tweeted angrily at Apple November 7th that they were discriminating unfairly against his wife, and he wasn’t able to get a response:
By the next day, he had a response and he was even more unhappy. “THE ALGORITHM”, described similarly to Kafka’s 1915 novel “The Trial“, became the focus of his complaint:
She spoke to two Apple reps. Both very nice, courteous people representing an utterly broken and reprehensible system. The first person was like “I don’t know why, but I swear we’re not discriminating, IT’S JUST THE ALGORITHM”. I shit you not. “IT’S JUST THE ALGORITHM!”. […] So nobody understands THE ALGORITHM. Nobody has the power to examine or check THE ALGORITHM. Yet everyone we’ve talked to from both Apple and GS are SO SURE that THE ALGORITHM isn’t biased and discriminating in any way. That’s some grade-A management of cognitive dissonance.
And the following day he appeals to regulators for a transparency regulation:
It should be the law that credit assessments produce an accessible dossier detailing the inputs into the algorithm, provide a fair chance to correct faulty inputs, and explain plainly why difference apply. We need transparency and fairness. What do you think @ewarren?
Transparency is a reasonable request. Another reasonable request in the thread was evidence of diversity within the team that developed the AppleCard product. These solutions are neither hard nor hidden.
What algorithms are doing, time and again, is accelerating and spreading historic wrongs. The question fast is becoming whether centuries of social debt in forms of discrimination against women and minorities is what technology companies are prepared for when “THE ALGORITHM” exposes the political science of inequality and links it to them.
Woz, founder of Apple, correctly states that only the government can correct these imbalances. Companies are too powerful for any individual to keep the market functioning to any degree of fairness.
And the women named in the original tweet also correctly states that her privileged status, achieving a correction for her own account, is no guarantee of a social system of fairness for anyone else.
I care about justice for all. It’s why, when the AppleCard manager told me she was aware of David’s tweets and that my credit limit would be raised to meet his, without any real explanation, I felt the weight and guilt of my ridiculous privilege. So many women (and men) have responded to David’s twitter thread with their own stories of credit injustices. This is not merely a story about sexism and credit algorithm blackboxes, but about how rich people nearly always get their way. Justice for another rich white woman is not justice at all.
Again these are not revolutionary concepts. We’re seeing the impact from a disconnect between history, social science of resource management, and the application of technology. Fixing technology means applying social science theory in the context of history. Transparency and diversity work only when applied in that manner.
In my recent presentation to auditors at the annual ISACA-SF conference, I conclude with a list and several examples of how AI auditing will perform most effectively.
One of the problems we’re going to run into with auditing Apple products for transparency will be (from denying our right-to-repair hardware to forcing “store” bought software) they have been long waging a war against any transparency in technology.
Apple’s subtle, anti-competitive practices don’t look terrible in isolation, but together they form a clear strategy.
The closed-minded Apple model of business is also dangerous as it directly inspires others to repeat the mistakes.
A good analogy I give to our customers is, what we used to do [with industrial technology] was like a Nokia phone. It was a phone. Supposed to talk. Or you can do text. That’s all our systems are. They’re supposed to do energy management. They do it. They’re supposed to protect against fire. They do it. Right? Now our systems are more like Apple. It’s a platform. You can load any app. It works. But you can also talk, and you can also text. But you can also listen to the music. Possibilities emerge based upon what you want.
That closing concept of possibilities can be a very dangerous prospect if “what you want” comes from a privileged position of power with no accountability. In other words do you want to live in a building run by a criminal brain?
When an African American showed up to rent an apartment owned by a young real-estate scion named Donald Trump and his family, the building superintendent did what he claimed he’d been told to do. He allegedly attached a separate sheet of paper to the application, marked with the letter “C.” “C” for “Colored.” According to the Department of Justice, that was the crude code that ensured the rental would be denied.
Somehow THE ALGORITHM in that case ended up in the White House. And let us not forget that building was given such a peculiar name by Americans trying to appease white supremacists and stop blacks from entering even as guests of the President.
…Mississippi senator suggesting that after the dinner [allowing a black man to attend] the Executive Mansion was “so saturated with the odour of the nigger that the rats have taken refuge in the stable”. […] Roosevelt’s staff went into damage control, first denying the dinner had taken place and later pretending it was actually a quick bite over lunch, at which no women were in attendance.
A recent commentary about fixing closed minds, closed markets, and bias within in the technology industry perhaps explained it best:
The burden to fix this is upon white people in the tech industry. It is incumbent on the white women in the “women in tech” movement to course correct, because people who occupy less than 1% of executive positions cannot be expected to change the direction of the ship. The white women involved need to recognize when their narrative is the dominant voice and dismantle it. It is incumbent on white women to recognize when they have a seat at the table (even if they are the only woman at the table) and use it to make change. And we need to stop praising one another—and of course, white men—for taking small steps towards a journey of “wokeness” and instead push one another to do more.
Those sailing the ship need to course correct it. We shouldn’t expect people outside the cockpit to drive necessary changes. The exception is when talking about the governance group that licenses ship captains and thus holds them accountable for acting like an AppleCard.
This new NY Books essay reads to me like prose and raises some important points about the desire to escape, and believing reality exists in places that we are not:
…when I look back at the series of wilderness travel articles I wrote for The New York Times a decade ago, what jumps out at me is the almost monomaniacal obsession with enacting Denevan’s myth by finding unpopulated places. Camped out in the Australian outback, I boasted that it was “the farthest I’d ever been from other human beings.” Along the “pristine void” of a remote river in the Yukon, I climbed ridges and scanned the horizon: “It was intoxicating,” I wrote, “to pick a point in the distance and wonder: Has any human ever stood there?”
Rereading those and other articles, I now began to reluctantly consider the possibility that my infatuation with the wilderness was, at its core, a poorly cloaked exercise in colonial nostalgia—the urbane Northern equivalent of dressing up as Stonewall Jackson at Civil War reenactments because of an ostensible interest in antique rifles.
As a historian I’d say he’s engaging in a poorly cloaked exercise is escapism, more like going to Disneyland than trying to reenact real events from the past (whether it be the white supremacist policies of Britain or America).
Earlier this year researchers disclosed in a study that the lack of regulation has allowed BitCoin markets to be over 90% fraud.
Nearly 95% of all reported trading in bitcoin is artificially created by unregulated exchanges, a new study concludes, raising fresh doubts about the nascent market following a steep decline in prices over the past year.
Bitcoin prices were being manipulated in late 2013 by a pair of autonomous computer programs running on bitcoin exchange MtGox, according to an anonymously published report.
The programs, named Willy and Markus, allegedly pushed prices up to $1,000 before the bubble burst after MtGox’s collapse in late February.
The report’s author alleges that some of the trades were coming from inside the exchange itself. “In fact,” the report says, “there is a ton of evidence to suggest that all of these accounts were controlled by MtGox themselves.”
The farm has both left- and right-wing troll accounts. That makes their smear and support campaigns more believable: instead of just taking one position for a client, it sends trolls to work both sides, blowing hot air into a discussion, generating conflict and traffic and thereby creating the impression that people actually care about things when they really don’t – including, for example, about the candidacy of a recently elected member of the Polish parliament.
I suppose we can say now the Ashley Madison dataset was no exception to widespread online fraud:
Over 20 million male customers had checked their Ashley Madison email boxes at least once. The number of females who checked their inboxes stands at 1,492. There have already been multiple class action lawsuits filed against Ashley Madison and its parent company, Avid Life Media, but these findings could send the figures skyrocketing. If true, it means that just 0.0073% of Ashley Madison’s users were actually women — and that changes the fundamental nature of the site.
People keep asking what will a future life with robots look like, when we’re obviously already living in it. It basically looks like a world where the late 1800s common phrase in America “there is a sucker born every day” continues to haunt the security industry…
The Great Conspiracy: A Complete History of the Famous Tally-sheet Cases, by Simeon Coy, 1889, p 222
“Sneaking” banks refers to a social engineering trick where one person creates a distraction while the other sneaks money out of the vault.
Note how even back in 1889 an author writes about banks and jewlers hacking themselves to become wise to how to stop hackers. Threats mostly were targeting people too weak to protect themselves individually (hinting towards a need for regulatory oversight).
White Lightning, a movie about police corruption in Arkansas, gives only a very general and fictional retelling of what justice was like in the town and county where Williams was murdered.
Ned Beatty played the fictitious Sheriff J.C. Connors, said by some to be the spitting image of Faulkner County Sheriff Joe Martin, who served as jailer the night Williams died in police custody.
I’ve searched high and low and there seems to be no mainstream re-telling of the exact Marvin Williams story. It reads like such an obvious script for a major movie I’m curious why nothing has been done.
In brief, Williams was a black 21-year old man in May 1960 (serving in the military?) when two white police officers apparently pulled him into a County jail at night where he was beaten to death by police clubs.
The officers reported Williams was so intoxicated he was non-responsive and fell down stairs killing himself by hitting his forehead. An autopsy report stated that Williams had no alcohol in his blood and he died from a blot clot caused by concussions to the back of his head.
The Williams family reached out to lawyers and the FBI for an investigation and were rebuffed completely. The autopsy wasn’t even reviewed.
A few very brief news mentions of the case then get made 25 years later.
First, in August 1985 a trial opens when a witness comes forward no longer afraid to testify:
The case was closed until a former inmate wrote to officials last year saying he saw a black man being beaten by two men the night Mr. Williams was arrested.
Two white former policemen were acquitted by an all-white jury today of charges that they beat a black jail inmate to death 25 years ago. A gasp echoed around the courtroom when the verdict was read, ending the trial of O.H. Mullenax, 48 years old, and Marvin Iberg, 50. […] The day after Mr. Williams died, a coroner’s jury cleared the two policemen, saying Mr. Williams had fallen and struck his head on the courthouse steps. But the jury was not shown either an autopsy report that said Mr. Williams had died of a brain hemorrhage caused by a fracture to the back of his skull or results of a blood test that found no alcohol in his blood. Witnesses at the trial of the two former policemen testified that Mr. Williams drank little or nothing and was uninjured before his arrest.
That seems obviously corrupt on the face of it.
Marvin Iberg allegedly had a reputation of being a stereotypical “white power” personality who joined the police to abuse authority.
Presiding Judge Don Langston said after the verdict that the jury ‘could have gone either way. I think the evidence was there to find a guilty verdict’ or to find an innocent verdict.
The key witness reportedly felt so fearful he had to withhold his testimony for 25 years. Fairness clearly was an issue. Also the witness said he thought jailer Joe Martin was the man who beat Williams to death (Martin later became Sheriff and allegedly so corrupt he inspired a 1973 movie about tax evasion called White Lightning).
After all that in 1985, the 1987 Court of Appeals seems to have written their decision as if there was no barrier to a fair prosecution.
The question presented here is whether these defendants fraudulently concealed evidence. The racial atmosphere of an entire State cannot justly be charged to their personal account. Nor is it true that a black plaintiff’s Section 1983 claim would not have been fairly tried in a federal court in the early sixties…
There are just so many disappointing turns to this case, again I wonder why someone hasn’t at least made a short film about it.
USA Today has been working on a modern “tarnished brass” database of police misconduct, which might help reveal why Marvin Williams’ family was unable to achieve justice.
Every year, tens of thousands of police officers are investigated for serious misconduct — assaulting citizens, driving drunk, planting evidence and lying among other misdeeds. The vast majority get little notice. And there is no public database of disciplined police officers.
Two security professionals recently were on their way to jail, sent by a Dallas County Sheriff in Iowa, despite the pair having an authorization letter for their $75,000 contract to do some basic penetration tests. Why were they arrested? The Sheriff’s Posse Comitatus doctrine is an old political struggle in Iowa and real threat to national security, as these pentesters unfortunately may have uncovered.
The pentest company, Coalfire, clearly either went unprepared to handle political machinations in Iowa, or someone was itching for a dispute with an increasingly powerful County over who has authority in the State. A County Sheriff stepping in to claim he is in charge and openly saying he recognizes no higher authority than himself (or his fellow Sheriffs) should surprise few who know history for this region of America.
Coalfire CEO’s Open Letter Searching for Answers
The Coalfire CEO has written in plain language that their authorization letter should be all that would be needed for a team to avoid trouble when discovered, as that’s the way it always worked for them:
Coalfire has done hundreds of these types of engagements, typically finding open doors, unconcealed passwords, and other items that criminals can use to exploit organizations, and is often stopped by law enforcement or security personnel. When this occurs, the authorization letter is presented. This is the first time that the authorization letter has not resulted in the immediate release of our employees.
The question is whether this is the first time Coalfire has run tests under Sheriff’s Posse Comitatus doctrine? The past doesn’t always predict the future. Presumably other pentest letters did not have the risk of a fight between a State and its County law enforcement over who has actual authority in America.
The Coalfire CEO also says he worries about a slippery slope.
If what is happening in Iowa begins to happen elsewhere, who will keep those who are supposed to protect citizens honest? This is setting a horrible precedent for the millions of information security professionals who are now wondering if they too may find themselves in jail as criminals simply for doing their job.
The question is, again like above, whether any other pentester would run into a situation where a Sheriff’s Posse Comitatus tosses a valid authorization letter aside because it didn’t come from the Sheriff himself; how many pentesters will run into a guy who recognizes no other authority?
Posse Comitatus is a better explanation of why this pentest authorization case is so unusual, and I see two key points in the Coalfire CEO explanation of the incident that speak directly to Posse Comitatus concepts:
(1) Sheriff says he respects no higher authority than self
(2) Sheriff says he will inform every other Sheriff despite being ordered to maintain secrecy
The team was ready to leave after one of the deputies returned the authorization letter to them and stated: “You guys should be all good to go.” It was at that point that the local Sheriff, Chad Leonard, arrived at the Dallas Courthouse. Despite the authorization letter, his deputies onsite already having verified our team, and State employees urging their release, the local Sheriff proceeded to arrest Mr. Wynn and Mr. DeMercurio.
Failing to de-escalate the issue and bring in State/County politics, Sheriff Leonard communicated in an email “that this building belonged to the taxpayers of Dallas County and the State had no authority to authorize a break-in.” Leonard also added that a state employee asked him not to tell other Sheriffs about the incident to ensure the operation continued at other locations, but that he was going to tell every Sheriff.
I don’t know why he reacted the way he did. I’ve never met or spoken to Sheriff Leonard. Perhaps he didn’t like being tested without his knowledge or that our team found major security concerns at the facilities he was protecting.
The CEO is looking for answers. I may have one. When a Sheriff of a County has little respect for authority of the State, you’re seeing Posse Comitatus doctrine.
In its original flavor it was a virulently racist, anti-Semitic and subversive hate group that attacked State and federal authority. Think of it like a group that believed in continuation of the Civil War.
In its modern incarnation it may appear different, manifesting as self-proclaimed “patriots” who see themselves as victims of immigration/outsiders and who despise any authority higher than their friends and family; a sort of fantasy “lone ranger” imbibed with propaganda of a manifest Wild West that never really existed.
Here’s a cartoon from a “Patriot” newsletter explaining how they should feel versus how they feel they are being treated:
Click to enlarge
Is this Posse Comitatus stuff for real?
Iowa has a strong history of the hate group. The fact that a unapologetic racist like Steve King can be a State representative to federal government should inform you how likely it is that law enforcement in the area also would have an adherent to Posse Comitatus.
Wickstrom is unquestionably one of the most significant figures within the history of American white supremacy and did as much to influence the movement as William Potter Gale, Richard Butler, William Pierce and George Lincoln Rockwell.
Wickstrom was at the height of his influence during the late 1970s and throughout the 1980s. In 1975, the former Snap-On Tools salesman was recruited by Thomas Stockheimer of the right-wing Posse Comitatus movement. Within several years, he attained a leadership position within the organization, declaring himself the “National Director of Counter-Insurgency” for the Posse Comitatus. In 1980, Wickstrom began spreading Posse Comitatus doctrine to farmers across the Midwest and the Great Plains.
Also worth noting is that active resistance in Iowa was required or communities shifted dangerously towards Posse Comitatus doctrine and similar hate groups masquerading as patriots. If you don’t believe they are a real threat, they become one quickly albeit quietly.
Where an antidote to these groups fails to materialize, there’s a higher likelihood of running into them masquerading as a friendly neighbor or law enforcement officer.
Hate group expert Daniel Levitas explained this in a SPLC interview:
…you have the formula: Christian Identity plus tax protest equals Posse Comitatus. […] For a period of five years, from 1983 to 1988, there was very, very vigorous competition between the Posse and groups like the Iowa Farm Unity Coalition and the National Family Farm Coalition that tried to directly attack the Posse’s conspiracy theories, race hatred and anti-Semitism. These groups made it very difficult for Posse leaders to meet, even in church basements where years before they’d been treated with the greatest respect. But by 1989, many of the people who’d been struggling to stay in agriculture, who had been willing to invest themselves politically in the positive farm movement, they were gone.
Of course not all sheriff’s in Iowa would be in such a group, at least historically. Some of the positive farm movement may have also joined law enforcement. It’s far less likely, yet that might help explain how deputies in Dallas County could have acted so inversely to their Sheriff.
“The FBI still lists the Posse Comitatus as an active ‘gang’ in Iowa,” [Portage County Sheriff Dan] Hintz wrote as a postscript to the chapter. […] Hintz said the ingredients for the Posse’s success in the 1980s remain in place today, including racism, religious extremism and strong anti-government sentiment. He believes that clear leadership is needed to prevent groups such as the Posse from gaining footholds.
So the lingering question really is whether we see a case here of Sheriff’s Posse Comitatus doctrine being applied, a particular strain of group where a fox is placed into the hen house, so to speak.
Dallas County Hearings
The County government seems to think “fabulous” is how they should describe their Sheriff, despite these arrests being a fabulously stupid idea.
Dallas County Supervisors Chairperson Mark Hanson said he would attend and “tell them that our sheriff did a fabulous job in at least apprehending those that were in our building unauthorized.”
Dallas County Data
Now consider a few important points about the Iowa county that this Sheriff is operating within, to get some context around his comment “the State had no authority”.
The metro’s western county has increased in population by more than 36.4% since 2010.
Brookings analysis points to Dallas County as an exceptionally white county, with few minorities moving there, opposite nation-wide trends.
Whites even dominate population gains in a few suburban areas including those in the Des Moines [region]
Demographics and crime:
Population estimates, July 1, 2018: 90,180
Population white: 90.6%
Population black: 2.4%
Misdemeanor crime rate charged to blacks: 6X population (13%)
Violent crime rate: since 2015 increased 30.3%, from 2011 to 2016 increased 230.77%
Click to enlarge
The current Sheriff was elected abruptly after the former one was accused by the State of “misplacing” large amounts of money and possessions he seized from people on the street:
The petition for removal said Gilbert should be removed for “willful or habitual neglect or refusal to perform the duties of the office of sheriff, willful misconduct or maladministration in the office of sheriff, and corruption in the office of sheriff.”
State Auditor David Vaudt, in a report released Friday, said his office could not determine whether $120,000 taken in a traffic stop on March 15 is missing. Gilbert, 43, was charged with felony theft… [Sherrif] Gilbert said there have been serious errors in counting money seized by deputies. In the case for which he is charged, he said deputies at one point had miscounted $20 bills, reporting they had 3,933 bills when a recount showed they had 14,733 – a difference of $216,000.
After election the current Sheriff put up a list of his Organizational Goals, such as:
Perform our duties in a manner consistent with the law and the founding principles of our nation.
Educate the communities at large as to its role in establishing order and reversing moral decay.
Do those phrases (bold emphasis added by me) sound normal or highly political?
I can’t tell if “founding principles” is some kind of shout-out to the NRA or more like an “Organic” and “Sovereign” Constitution talking point. Reads to me like the kind of brochure that claims white male Christian property-owners must follow “God’s law” and stick to founding principles in order to fight federal government.
Beyond these phrases sounding to me like an anti-government Christian militia pamphlet it reminded me of Roy Moore’s infamous “I wanted to establish the moral foundation of our law” campaign, while also he faced credible charges of molesting teenagers.
From that perspective we need some explanation for the 2% black population numbers in Dallas County despite being a fast growing suburb for a major Iowa city that registers a 37% black population, as illustrated in a simple map:
Dallas County, upper left corner, has 2% black population
One can imagine a 37% black population in Des Moines would be unlikely to participate fully in a fast growing area if the Sheriff is exercising forms of Posse Comitatus doctrine, as seems to be evident in his words of dispute with Coalfire.
Speaking of maps, Dallas County sits in between Polk County and the widely rebuked racist Representative “Anyone But” Steve King’s District 4 area, which is hard to see in this map showing solid red from top (District 4) to bottom (District 3).
Dallas County sits just adjacent King’s District 4
All that being said I probably will write a letter in support of our industry, and thus Coalfire and their veterans, as the County Sheriff is wasting taxpayer time and money with his counter-productive political stunt.
The only good that may come of this is security teams gaining awareness of Posse Comitatus still present in Iowa and still being a threat to national security, as explained in the book “the Terrorist Next Door“.
Computer Business Review ran a fairly low-profile story of historic significance
…agency spokesman confirmed to Computer Business Review that the last NSA punched tape key had rolled off its machines on October 2, 2019. Such keys were used to encrypt military and other communications, and needed to be physically entered into devices that could store the key, then shipped around the world.
The technology, which uses paper-mylar-paper tape rolls punched with holes to store cryptographic keys (a hole represents a binary 1, and the absence of a hole a binary 0) remains in use in the UK, particularly by the Ministry of Defence.
The NSA only confirmed the end of the programme and declined to provide an image of the now obsolete kit.
The agency declined to provide an image, there are plenty to be found of ROCKEX, the punched tape crypto system essential to winning WWII
It also signals here a more successful project than ten years ago when an “overly ambitious and poorly executed” attempt was reported as “came to a crashing end“.
“The authority has a huge challenge to produce all those keys and then it’s got a challenge to distribute and install them all. I won’t describe what happens. But if Joe Public knew, you would think this was all a bit 1960s really.”
