Poll for parents (research for my next book)

When I talk about my book to people, the most common question I get is: “Does it talk about protecting kids online?” While my book DOES have a  section on this, it wasn’t the focus of the book. I’ve been looking for a topic for my second book and this seems to be an excellent choice.

Before I decide for sure to do this, I need to do some research. I’ve created a poll for parents and other people that spend a lot of time with minor children (teachers, youth leaders, etc). Please fill this out and/or pass it along to others. There’s no time limit, but the sooner, the better. Thanks!

http://goo.gl/forms/le0zQ2qfQm

Book review: No Place To Hide by Glenn Greenwald

I finally finished reading “No Place To Hide: Edward Snowden, the NSA, and the U.S. Surveillance State” by Glenn Greenwald. Glenn, a respected and fiercely independent journalist, along with CITIZENFOUR documentarian Laura Poitras (winner of an Oscar this year), were the two people Ed Snowden sought out to handle the release of the documents he took from the NSA, detailing the massive surveillance regime of both the United States (NSA) and Britain (GCHQ).

This book has four distinct stories to tell. The first two chapters detail how Ed was able to contact Glenn and Laura and manage to convince them that he was for real, and then the harrowing tale of how they met him in China and walked away with tons of classified documents that detailed the vast array of surveillance tools and programs used by the NSA and GCHQ. These two chapters read like a spy novel – a real page-turner. And yet, they’re just the setup for the real meat of the book. (I can’t wait to see CITIZENFOUR.)

The next three chapters cover three very distinct aspects of the situation. The third chapter, aptly named “Collect It All”, goes into detail on the surveillance techniques and processes, outlining the astounding depth and breadth of what these agencies are capturing. You’ve read a little of this in the mainstream press, but until you see these details laid out, you just can’t appreciate what’s really been going on. I actually found this chapter to be a little too heavy on the details – at times it was a little dry – but frankly there’s just no other way to convey the enormity of these surveillance programs.

The fourth chapter called “The Harm of Surveillance” does a fantastic job of explaining why constant, clandestine scrutiny and observation have such a profoundly adverse affect on the human psyche and democracy in general. This chapter methodically debunks the classic rebuttals to the worry over Big Brother such as “I’m not doing anything wrong so I have nothing to hide” or “if they want to listen to my boring life, then they’re welcome”, including some poignant references from U.S. history. It explains how the constant threat of being watched and overheard has a chilling effect not only on dissidents and adversarial journalists, but also on everyday citizens (the concept of the Panopticon that I covered in my book, as well). I think this may well be the most important chapter of the book for the average reader – to understand clearly why it’s actually counterproductive to trade privacy for “security” – in fact, it’s a false choice. These programs are a two-way mirror, allowing those in power to see everything that the governed are doing while blocking the governed from seeing what their elected representatives are up to. (You can also see a great TED talk from Glenn on this topic, but it doesn’t diminish the value of reading this chapter.)

The final chapter, “The Fourth Estate”, comes off as a bit of rant against many modern journalists and their organizations, often by name. This is understandable given the harsh treatment Glenn and his partner have received from many of his “colleagues” and the governments of the United States and Britain. However, he’s absolutely right in calling out the failing of U.S. political journalism and how cozy mainstream journalists, editors, pundits and producers have become with the people and institutions they are claiming to be holding accountable. If I were in his position, I would have a very hard time not taking it all personally… well, because a lot of it has been very personal. But the important takeaway is not how Glenn in particular was treated, but how the media have abdicated their solemn duty to be a check on these powers, to be adversarial when necessary, to be stand up for truth and justice, to challenge authority and power, to see the bigger picture and put things in proper historical context.

Bottom line: I heartily recommend this book for everyone. I wish some of the personal aspects would have been saved for a second book because it can be too easy to view his analysis as sour grapes. I happen to agree that he, his partner, Laura and Ed are being wrongly persecuted and maligned – but addressing these grievances in the book taints the more general arguments he makes. But look past that – just because he’s pissed off doesn’t make him wrong – he’s not wrong. This is an important book and essential reading for anyone who believes in true democracy (and the 1st and 4th amendments to the U.S. Constitution).

truly secure mobile communication (for free)

It’s been almost two years now and the bombshells from the Snowden leaks are still falling. If we didn’t believe it before, we must all now acknowledge that we simply cannot trust that our regular mobile communications are secure – that includes phone calls as well as text messaging. While I believe in my heart that companies like Apple are trying to minimize illicit access to these communications, their system and their software are closed and proprietary – and therefore, we can never be truly sure.

The only solution to this is 100% transparency: the software must be open for inspection and auditing. It’s the only way we can know what’s going on behind the scenes.

And thankfully, Open Whisper Systems has come to the rescue! Over the past few years, they have developed some fantastic apps for truly secure phone calls and text messaging – all completely open source. Co-founded by security researcher Moxie Marlinspike, these tools are the real deal – praised by both Edward Snowden and the EFF.

Originally developed as two separate tools for Android called RedPhone and TextSecure, they have since been combined into a new app called Signal for iPhone/iPad. (The Android apps will eventually be consolidated under the same name.) These apps will allow you to make truly secure phone calls and send text messages that simply cannot be cracked – anywhere around the world, for free. It doesn’t get much better than that. You use your existing phone number to register, making it easy to add your friends and family at contacts.

You can read all about how to install and set up these apps here:

Here’s the important part: we should ALL immediately download, install, and use these apps. And we need to encourage everyone we know to do the same. The only way this works is if everyone does it. And I mean everyone. Your mom. Your neighbor. Your kids. Your friends. Everyone. It’s not about having something to hide. You’re a human and privacy is a human right. When we’re being watched, we act differently (see this TED talk if you’re skeptical). The only way we can fight back against dragnet surveillance and avoid the Panopticon is to “go dark” – all of us. If you need more convincing, check out this wonderful essay by Bruce Schneier.

I’ll give you one more reason to download and use these apps: you will be registering your concern for privacy and showing support for groups that are taking steps to preserve this most basic of human rights.

Security roundup (3/1/2015)

It’s been quite an active few weeks in the realm of security and privacy. Here are the top stories and what they mean for you. I’m trying to keep these short and sweet, and then point you to other sources for more information.

  • IRS phone scams. It’s tax time, and the bad guys are out in full force. The money to be made can be massive. First of all, there’s a phone scam where people call you pretending to be an IRS agent and tell you that you owe back taxes. You must pay immediately by wire transfer or credit card – if you refuse, they threaten arrest or deportation. See this IRS web site for more info on how to spot this scam, but the bottom line is that the IRS will never ask you for a wire transfer or credit/debit card.
  • Fraudulent tax returns. The folks at Intuit (the makers of TurboTax) are saying there’s been a massive spike in fake tax returns being filed, particularly at the state level. This is basically identify theft – these crooks have enough info on you to file a tax return on your behalf. But it appears that the way they’re getting this info is to hack your TurboTax Online account by using hacked passwords found from other sites. So if you filed your taxes using the web version of TurboTax, and you used the same password on some other web site that was hacked, then you’re at risk. Log in to TurboTax and change your password to something strong and unique. If they offer two-factor authentication, sign up for it. Check for a return filed this year that you didn’t file. Look at the direct deposit information and make sure it hasn’t been changed. You can find more info in this NY Times article and this more technical article on Krebs Security.
  • Beware stowaway crapware. How can you make money on “free” software? Answer: lace it with crap software (“crapware”) that pays money. Download sites like Download.com provide a handy one-stop-shop for finding and downloading free applications, but in order to “monetize” this business model, they turn to lacing this software with lots of other junk software that you didn’t ask for. How bad is it? Pretty bad. Check this fascinating article from HowToGeek. Always try to get your free software directly from the source. If you’re on a Mac, try to use the Mac App Store as much as you can.
  • Malware you can’t see or remove. There were two bombshell stories in the past few weeks in the realm of government mass surveillance. First up: superhuman malware. Kaspersky Labs uncovered a vicious new bit of malware that corrupts your hard drive directly. Hard drives are not just dumb buckets of bits – they’re highly sophisticated mini computers complete with a mini operating system. While this has become a necessity due to the high complexity of modern drives, it has allowed the NSA and/or GCHQ to install malware that your operating system can’t see and you can’t remove, even if you try to erase the entire drive… because all you’re really doing is asking the drive to do something, and it’s lying to you when it says that it did what you asked. Read the technical details here. The only good news is that this software is likely not already installed with every computer, it appears to be highly targeted.
  • The Great SIM Heist. (bombshell #2) Mobile phones weren’t really built for privacy – this capability was added after the fact. Unfortunately, it was built around symmetric keys – that is, both sides have to use the same key. That means that in addition to the secret key burned into the SIM card (which is the Subscriber Identity Module built into almost all modern cell phones), the cell network needs to also have a copy of that key. Turns out that most SIM cards are made by one company – and that company was hacked, probably by the NSA or GCHQ. Whoever has those keys can now decrypt all cell phone communication, including past conversations that were recorded in encrypted form. This is just appalling and astounding. Read more here and here.
  • “The Man” in the Middle. Computer maker Lenovo was caught red handed breaking SSL encryption with the purpose of inserting advertising on your computer. Lenov did this using a third party tool called Superfish that basically allowed them to insert themselves into the middle of all your supposedly private, encrypted web connections so that they could insert advertisements. This by itself would be bad enough – but the implementation of this adware was so bad, they exposed their users to hacking from just about anyone else. And just to make matters worse, the underlying tool that performs this hack from a company called Komodia is embedded in other software. Read more about the Lenovo part here, and how to remove Superfish software here.