Category Archives: Surveillance

Uncovering Spy Cops in the UK

Uncovering Spy Cops in the UK

A collection of posters from the #SpyCops campaign
Download This Episode

This week, I spoke with Dónal O’Driscoll, an animal rights activist and anarchist from the UK talking about the work of the Undercover Research Group to investigate possible SpyCops in the UK, share resources by those harmed by the lies of long term undercovers in activist communities and the current Inquiry that activists are using to unearth the legacy of police infiltration since the 1960’s.

Helpful sites:

. … . ..

Track Heard In This Episode:

SpyCops by Armoured Flu Unit from Crusading Nations

Cora Borradaile on Phone Extraction, Cloning and Keyword Warrants

Cora Borradaile on Phone Extraction, Cloning and Keyword Warrants

image of a cop holding a cellphone
Download This Episode

This week on the The Final Straw you’ll hear me speaking with Cora Borradaile, who sits on the advisory board of the Civil Liberties Defense Center and works around issues of tech security in movements and is an associate professor at OSU.

We discuss the use of phone cloning by US Marshall’s and other law enforcement while engaging protestors in Portland, OR. We talk about UpTurn’s recent report concerning widespread use of cellphone extraction tools to copy and search the contents of cell phones captured during interactions with cops. Finally, we talk about Keyword Searches, where (often without warrants) google hands over information from peoples google searches to law enforcement.

Sean Swain Update

We’ll also be presenting a segment by Sean’s fiance, Lauren, about his current silencing and the injustice of his case. More on president-in-exile Sean Swain can be found at Swain2020.Org and SeanSwain.Org.

. … . ..

Transcription of the conversation with Cora Borradaile

BOG: So I’m speaking with Cora Borradaile who is on the advisory board of the Civil Liberties Defense Center or CLDC and we spoke before about a range of issues in May of this year, and before the George Floyd uprising and the resulting ACAB Spring. During the uprising researchers, journalists, and activists saw that applications of new, or new to us, surveillance methods were being used by security forces against the populace in the so called US, so I was hoping to pick Cora’s brain a bit about this and see, especially since upcoming months in the US also might get a little spicy with the election and all. Thank you Cora very much for taking the time to have this conversation.

Cora Borradaile: Yeah, it’s great to talk to you.

BOG: So just to list off a few things, like this summer we saw the use of military drones surveilling and sharing information with law enforcement in Minneapolis, lots of militarized gear being brought out in the streets across the US, or for late May at least protests against police violence, and collusion with para-state white supremacists have been ongoing in Portland, Oregon. In July we saw the deployment of federal officers from the Department of Homeland Security (DHS) including Customs and Border Patrol (CBP), and the Department of Justice (DOJ) sent out to fight against protesters in the streets of Portland and attack and kidnap people. Including journalists from that and other cities. the US Marshalls also had their own aerial surveillance to track crowds in Portland, it came out this summer. On the tech side of things, the public got wind, apparently from leaks within the department of homeland security, that DHS had been cloning activists’ cell phones. Could you talk a little bit about this and what cell phone cloning is?

CB: Yeah, from that report their were very few details so a lot of it is guesswork as to what could possibly be going on. I could imagine two different ways in which their cloning cellphones- One which is scarier than the other. The more likely I think, is the less scary version which is if they manage to physically get your cell phone, like if you’re arrested and your cell phone is confiscated from you. Even if it’s confiscated temporarily, then they’re copying everything from your cell phone and possibly making a new cell phone that behaves just like your cell phone. So it would allow them to intercept calls possibly receive messages that you were intended to receive.

The scarier version but probably less likely, is the ability for them to be able to do the same thing without having the need to confiscate your phone to do so. That feels unlikely to me that they were doing that. If it was some sort of remote cloning I would gather that they were just cloning the sort of network ID of your phone, and not the contents of your phone. This would still allow them to do things like intercept calls, and intercept data, but in both scenarios I think end-to-end encryption (E2E) apps that you use like Signal or Keybase or Wire, that enable E2E encryption, I think the messages you’re receiving there would still be safe and that the cloned device shouldn’t be able to have the keys enabled to decrypt those messages that were intended for you. And even traffic that is encrypted – if you are visiting a website on your phone that your accessing via HTTPS, where the S stands for Secure – I think that even they wouldn’t be able to see the contents of that web page either because there is a key exchange that happens between you and the web server that they would have to play man in the middle on. Which is more complicated to do in a way that you wouldn’t be able to tell that something was going wrong.

All that’s to say, it’s still scary and I think if you have poor encryption practices like keeping your phone in an unlocked form, they have access to all of your encryption keys for things like Signal and Keybase and whatever other secure messaging apps you might be using. You should do whatever you need to do to alert everyone you contact with to delete your contact from their messages, groups, and so on. And if you have a phone that is confiscated – and certainly in an unlocked form – I would not trust that phone again. If your phone is confiscated but it was locked at the time and presumably you have a good password so they can’t easily unlock your phone, I would still maybe do a factory reset of your phone and start fresh by installing everything over again.

BOG: So, I’m not sure what the basis of this is, but conversations that I was having with friends when we were talking about the latter of the two instances that you were talking about- the hypothetical that remotely the cloning of the network ID or SIM connection could be done. It would be similar to you getting a new phone but having the same number, and that if Signal was installed on that device and it was connecting to the same phone number, by a Man in the Middle attack via a cloned SIM, it would appear that the interception could still be happening but that everyone would see a notation that there had been a change in safety number. Is that maybe what would happen?

CB: Yes. That is perfectly said. Right, so for them to be able to both clone your phone and intercept messages without those “safety number has changed” messages happening would be very, very difficult. So yeah, certainly if there are reports of anybody who’s had a confiscated phone and then all of a sudden all of their contacts are noticing that their safety number has changed with them, that would be super interesting to find out. —

BOG: –Or they stopped getting messages.

CB: Also horrifying.

*Laughter

BOG: Yeah. You know, they noticed that they stopped getting messages, everyone notices that the safety number changed, then that means that hypothetically the cloned phone or whatever would now be in those chats.

CB: So I don’t know if it’s as simple as that, because when you add a new device on Signal all the other devices get a notification of that.

BOG: Oh I see. So if I had a desktop and at least one cell phone that was getting messages… Yeah, but if that device was no longer getting new messages because the traffic was being routed to a different device, you wouldn’t like –

CB: Right so, your contacts should at the very least get the notification saying that the safety number has changed. If it’s a remote clone I think the only way in which the cloned phone would be able to read the messages in preexisting groups, for example, would be if the device was physically confiscated and copied. Because there are encryption keys that are used to start those conversations which are needed.

BOG: Do you mean the messages that were in loops before?

CB: No, to continue to receive messages from conversations that had already been going on. If someone started a new conversation after the cloning then the other people in the conversation might not be able to notice, but if you were continuing a conversation that had started before the cloning I don’t think you would be able to get that information without having physical access to the device and being able to copy over the encryption keys that were used to start those conversations.

BOG: Because they’re being stored on the phone and not on the server.

CB: That’s right, yeah. So for example, when you add a new Signal device part of what happens is copying over the encryption keys needed to continue conversations. And there’s a QR code that, say if you have Signal on your phone and you start using Signal on your desktop, you link those 2 devices so that both devices are able to receive and decrypt messages that go to you as an identifier.

BOG: If you know that if someone in your group or one of your friends has changed their number, whats a good verification?

CB: Don’t message them on Signal, and ask them, right? Because who knows who’s answering. Try to find a different form of communication even if its via friend or via a regular phone call, but ideally via email or some other band that is unrelated to your phone would be perfect to ask them, ‘Hey, I noticed your Signal safety number’s changed, what went on?’ Most of the time, or every time this has happened to me, the answer’s been ‘Oh, I had to reinstall my operating system on my phone’ or ‘I dropped my phone in a pool and had to get a new phone’. That’s usually the reason for a safety number changing, but definitely what you want to do is find a different way to ask that, other than using Signal and ideally other than using the phone. Especially if we are worried about cloned phones. Because if you just use a normal SMS text message to send to your friend and your friends phone has been cloned, then it could be the cops responding saying ‘Oh, yeah I had to get a new phone’.

BOG: I’ve seen some people do a thing where they ask someone in a group, when their safety number changed, ‘Hey could you leave a voice memo with your name and current time that you’re recording the memo and send it into the loop?’ And that way everyone hears this person’s voice, and it’s the time when they specifically get asked to record the memo so it’s outside of Enemy-Of-The-State-level NSA level operation that’s probably not somebody compiling an automated voice message in that person’s voice.

CB: Yeah, that’s a pretty good method for doing that. As you point out, synthesizing peoples’ voices can be done, but taking into account what your threat level is – are you someone who they’re going to be throwing everything at and be able to synthesize your voice in a very short time? For the protest movements we’ve seen, probably not. However if you are the leader of a protest group, hmm… If you are someone that they’re really going to be going after because they think that going after this one person will completely destroy the movement – which I don’t think is the kind of movement time that we are in right now which is good, to avoid those specific people who could really destroy a movement – that’s a pretty good method.

BOG: If you could speak to that prior scenario, is that actually copying the contents of a phone? I think that was the subject of the recent article by Upturn called Mass Extraction —

CB: That’s right.

BOG: If you could talk a little bit about what the findings were there. I was kind of surprised yet kind of not surprised to see the local law enforcement here in Asheville spent at least $49,000, according to their studies, on cell phone extraction tools. But what are mobile device forensic tools, and what do you know about them, how widespread and what kind of stuff do they do?

CB: So these things have existed for a long time. We’ve been talking about them at CLDC for a long time but this Upturn report is really wonderful for just as you say, how widespread they are. Small police departments have them, medium police departments spend hundred of thousands of dollars on access to this over the course of 5 years, and some of the capabilities were actually, I suppose, not really surprising. But reading them all in one place and knowing how low cost access to that technology is was sobering.

So these cell phone extraction devices, they come in different forms but the kind that is most popularly seen is a small stand alone device that you plug a cell phone into and that stand alone device either tries to break into that phone if it’s locked or otherwise just copies all of the content of that phone for later analysis. Some of the things that were surprising to me was how much was available even when the phone was locked and encrypted. There’s a lot of data that is existing in an unencrypted form on your phone.

For example say your phone is locked, you receive a phone call and the name of your contact still shows up, right? It’s not the name that your contact is sending you, its not metadata associated with that contact. if your mother is calling you, it probably shows up “Mom” in your phone, and the reason it says that is because your address book has an entry with that phone number and the name “Mom” attached to it. So your address book entries are existing in an unencrypted state, for example.

Some of the other things that were sort of surprising that were pointed out, that exist in this unencrypted state even though your phone was in a locked condition, were Telegram files and Discord files, and files associated with Google mail. I think a lot of this stuff could just be from bad decisions that the app developer made. Like Telegram is not necessarily focused on security, and so for convenience or speed they may just not be hiding that information behind the device encryption.

There was definitely some reporting in that Upturn report about being able to brute force guess passwords and so there are some things that you can do to protect yourself from that, which is to have a long enough password. Or if you have an Apple device you can enable your phone to self-wipe if you have 10 incorrect guesses, for example. Which if you have a small child at home maybe you don’t want to do because I almost guarantee you will end up with a wiped phone by the end of the week.

BOG: With encrypted files, if there are messages or what-have-you that are saved in an encrypted section on the phone would that just get copied and saved, and tested against decryption later? Is that the idea?

CB: I think what’s happening in most cases is they’re taking a copy of encrypted information, possibly in the hopes that they could decrypt it later or in the hopes that they would be able to get the unlock password from you by other means, like a court order for example. You know, they did point to instances where they were still able to bypass security features like encryption because of security flaws, which is very common. If your phone is badly out of date and you haven’t been keeping up with installing security updates, always install your security updates. That’s a common thing in computer security, that there are flaws that can be taken advantage of that can allow bad actors to break through otherwise strong encryption. But I think if you’re keeping an up-to-date phone, I think that’s the best that any of us can do.

BOG: Another point that was interesting in the article, and I’m glad that they pointed it out, was the sorts of instances when this is being applied to people. You hear about Apple being pressed to give up encrypted information or give a back door when there’s a mass shooting, or a sort of incident that may involve multiple conspirators and the loss of life – something very serious. But in the Upturn article they talk about how through their research and requesting of records it showed that a lot of law enforcement agencies, even local law enforcement agencies, are attempting either to pressure people whose devices they get a hold of or apply for warrants to copy peoples’ contents of their phones for minor things that they’re being accused of.

Like if it’s something like shoplifting or graffiti or public intoxication, petty drug charges, sex work, these are a few of the examples that they give. Considering the way that policing works in the United States, and this shouldn’t surprise anyone in the listening audience, police tend to focus their attention on poor and racialized parts of the population. So if law enforcement gets people’s data, whether by asking for it and pressuring people into it or by using devices, and then saves it for a later investigation and there’s no sort of oversight of this, it seems very likely that the sorts of data that they’re collecting could be used to build future cases or for building profiles on people for things they haven’t actually been accused of so far.

CB: Yup. Phishing for data. Maybe they’re just trying to justify the purchase of this stuff. In Oregon they spend half a million dollars on cellphone extraction technologies, Portland alone spent a quarter of a million in a period of 4-5 years. That’s a lot of money to justify, right? If you’re only using it 3 times a year for homicide cases then maybe you can’t justify actually spending that money and you would just farm out, whenever you do need it for something like that, either to a fusion center or a pay-per-service from one of these companies. So it might just be they’re partially covering their asses and saying ‘Oh yeah, we use it 10 times a week’.

But we’ve also seen examples of law enforcement agencies that just collect so much data, almost for the purpose of just having data. The LAPD famously uses Palantir which is a horrible company, to do all sorts of data analytics for their region collecting data on pizza purchases and parking passes and all sorts of things that don’t seem relevant at all to law enforcement, but it’s almost a compulsion to just collect the data and see what they can do with it.

BOG: Another thing that I had seen was Google was recently in the news when court documents were unsealed in Detroit relating to witness intimidation and arson by an associate of R. Kelly, and this in regards to keyword warrants. Are you familiar with this case and could you talk a little about keyword warrants and what they are?

CB: Yeah, so keyword warrants. I hadn’t heard about them before this news story came out earlier this month, but it’s not surprising. I certainly was familiar with just how many requests for data Google gets and responds to, affecting hundreds of thousands of user accounts every year in the US. So it wouldn’t surprise me if Google, instead of just getting requests saying ‘Hey, I’d like to have all of the emails associated with email address thefinalstraw@gmail.com’, which seems to be the more straight forward type of request related to a specific account that might be included in a law enforcement issue… probably not though. To expand that to ‘Hey, I want to know all of the information you have about people who searched for ‘The Final Straw’ ’. So that’s the keyword warrant or the keyword search request that happened in this case. We’ve seen examples of Geofencing warrants happening for Google Maps asking for anybody who has searched for an address within a given region, that there were a few stories about over the last year. So yeah of course, the data is there why not ask for it? Google is not going to say no, why would they?

BOG: Basically, again by collecting information based on its availability then attempting to apply it. So in this case with the arson, they asked for people who had searched for the address of the house where a car got set on fire within a certain period of time and then cross-referenced that to a Geofence of what phones were in the area within a period of time, and were able to pinpoint and place charges. And not all of the information came out from that, some of the court records are still sealed. It’s kind of a frightening application of technology and as you say, a very happy-to-oblige industry.

CB: Yeah. I think the potential for false arrests and harassment of people, like say you happen to find someone in that area who you don’t like for one reason or another you can arrest them and hold them for a while even if you have no evidence. Harassment arrests are used all the time by law enforcement and have been for decades, centuries probably.

BOG: So I guess… use DuckDuckGo if you’re going to be committing an – – – – ?

*Laughter

CB: I would avoid Google, I definitely use DuckDuckGo. I prefer DuckDuckGo for selfish reasons, I find the personalized search aspect of Google to be somewhat infuriating. When I search for something I don’t want to find what Google thinks I want to find, I want to find the documents related to my search. It’s hard to avoid these tools, but I think DuckDuckGo, anything but g-mail for email please, and there are alternatives to Google Docs as well. Cryptpad seems to be getting better. Every month there are improvements. It offers collaborative online editing to documents, all E2E encrypted.

BOG: I am going to presume with this question that you are not a lawyer, am I correct in that?

CB: I am not a lawyer, no.

BOG: It seems things like intercepting phone calls, peoples text messages, or getting deep into their cellphones and all of the information that’s collected in them for arguably unrelated topics, might overstep into the realm of FISA (Foreign Intelligence Surveillance Act), or might overstep into the realm of one of those amendments that protects our rights against unfair search and seizure. That just doesn’t seem to be the case? Or in these instances is it that these methods haven’t been brought before courts to be challenged?

CB: Everything I know about the law I learned from CLDC, and Law & Order in a previous lifetime. So what I do know about these from reading various news articles and conversations with CLDC is, as pointed out by Upturn, a lot of the extraction of data from cellphones was based on consent and not a warrant. It was about a 50/50 split depending on jurisdiction. So this was probably the case of intimidation by a cop to a person with a cellphone, to say ‘Oh, well let us check your cellphone”. I’m not sure if they give full disclosure of what they mean by ‘let me check your cellphone’, right? (laughs) ‘Let me copy everything there is on your cellphone off your cellphone, if you’re not guilty of this minor misdemeanor’. You know, they’re just asking permission.

That’s one of the things CLDC shoves down the throats of everyone at their trainings, which is don’t consent to searches. Just don’t do it! Even if they’re going to go ahead and do the search, even if you’re not consenting to it, say over and over again ‘I do not consent to this search’. Have a sticker on your phone that says ‘I do not consent to this search’. Because then it can’t be used in the court of law at least. The other thing that we’ve seen over the years is, parallel reconstruction. I don’t know if I’ve seen a well researched example of this but certainly people have hinted that this a common practice, where they’ll find out something via methods that wouldn’t be admissible in the court of law and then they figure out a way to reconstruct what they know using admissible methods.

BOG: Oh like in The Wire.

CB: Yeah, exactly. So that’s something that might be why they’re getting information that they can’t necessarily use. The other part is just general intelligence work. It’s not necessarily going to be used to arrest anyone, it’s not necessarily going to be used in a court of law, but they just want to know what’s going on, and so are going to collect as much data as they can. Unless you find out about it and unless you prove harm in a court of law, then how are you going to stop it from happening? Which is why this report about the Google keyword searches and Google Geofencing searches is so important. If we can find out about that and we can get a case brought forth and have it deemed unconstitutional to do this kind of search then that would stop those kinds of requests from happening. Then you could put pressure on a company – even a company like Google – you could put public pressure on them to say ‘Don’t respond to these requests, they’ve been deemed illegal’.

BOG: There are a couple of other, I guess not insights but points in that Upturn article that I thought were useful. Like if someone deletes information on their phone, are they actually deleting information off of their phone, and are there appropriate or useful, good tools for actually wiping data off of phones or does it just kind of sit there?

BOG: –MAGNETS–

CB: I don’t know of a good tool. I think that if you do a factory reset of your phone that’s most likely to help make that data inaccessible. Even then, is it actually getting completely deleted? It might not be. You have memory on your computer or on your cellphone, and when you delete something it just kind of takes the index away… I’m trying to use an analogy that people would remember. Do people remember libraries and card catalogs? (laughs) All of my analogies are too old.

BOG: I think it’s fair, go ahead.

CB: You think people will remember?

BOG: I think so, or they’ve heard the analogy enough they’ll recognize what a card catalog is.

CB: They’ve seen a movie with an old-timey library and card catalogs?

BOG: Ghostbusters

CB: So. you have a big library with books on all the shelves and the way you know where to find a book is to go to the card catalog. You look up the book that you want and you find its listed location on the shelf and then you go to the shelf and you find the book. Well now, when you delete a file from a computer, really all you’re deleting is the card from the card catalog. So when it comes time to put a new photo in the memory of your computer or cellphone, you go to the shelf and you find out ‘Oh, there’s supposed to be space here because according to the card catalog there’s nothing stored here, so this old data must be something that I don’t need anymore, now I’m going to delete that old stuff.’ Right, ‘I’m going to remove that book from the shelf whose existence was deemed not there anymore by the card catalog, I’ll throw it away now and put my new one in.’ So it’s not until you use the memory again that the old information actually gets deleted.

BOG: At least on computers there’s – for instance I had to reinstall my operating system recently. And when I installed it I went to encrypt the home folder and the file system and it asked ‘Do you want to overwrite everything else on the hard drive?’ Is that what you’re talking about?

CB: Yeah, so that would be the equivalent of actually going to all the shelves of the old library and removing all of the old books. So that’s pretty common when you’re setting up on a computer but I’ve never seen that option on a phone. I’m wondering, does a factory reset actually delete all of that information? I haven’t noticed that myself.

BOG: Microwaves. I mean I saw –

*Laughter

BOG: Yeah, I got nothing.

CB: Drop your phone in the pool, start over.

BOG: They invented this thing called rice though, where if you put your phone into a bag of rice it extracts the water… and the data…

*Laughter

BOG: Well are there any other things you’d like to share with the audience concerning digital tech or any insights?

CB: I did want to share one thing. You asked about them getting this data, and is this illegal search and seizure. There are still strange laws that date back to the 80’s, for example e-mail can be accessed by law enforcement form somewhere like Google with just a subpoena and not a warrant, necessarily. For a law enforcement agency to get information that would otherwise be deemed illegal search and seizure, they need to get a warrant from a judge that proves probable cause for them to get that data or that physical item. But if it’s email on a server held at Google then they don’t need to prove probable cause and they just need a subpoena which is essentially just a ‘Please can I have this information’. I think that’s where these keyword searches are coming in, I’m not sure that they actually need to have a warrant for those. So that’s maybe one extra detail on that front.

BOG: In those instances it’s in one centralized place, although if your doing a keyword search… Yeah I don’t know– I guess I don’t know how Google works on the inside and if it’s just constantly categorizing what people are typing into its different services for later use and then providing that in easily digestible pills to law enforcement. If you’re sending email and it’s unencrypted, it’s probably getting Hoovered up somewhere and fully readable anyway.

CB: Depends on who your adversary is. I don’t think the Portland police department has access to a big Hoover of data on a global scale, but they certainly can ask Google for all of the emails of the activists whose email addresses they’ve extracted from the phones they confiscated during protests.

BOG: Cora, thank you so much. Cora is an associate professor of Computer Science at Oregon State University with a focus on Security State and The Adoption of More Secure Apps, and also is on the board of the CLDC. Thanks again for having this chat.

CB: It was wonderful talking to you, as always.

 

Prison By Any Other Name: Vikki Law on Toxic Reforms

Prison By Any Other Name: Vikki Law on Toxic Reforms

Book cover of first, hardback edition of "Prison By Any Other Name"
Download This Episode

This week we speak with author and activist, Vikki Law about the book Prison By Any Other Name: The Harmful Consequences of Popular Reforms, just out from The New Press and co-authored by Maya Schenwar.

We talk about how reform and so-called ‘more humane’ ‘alternatives’ to incarceration such as electronic monitoring, drug courts and probation in fact extend the carceral net. We also talk about alternatives to the ‘Punishment Paradigm’ in responding to harm, police and prison abolitionism and resisting recuperation in our struggles to imagine and birth a new world.

More of Vikki’s writings can be found at https://victorialaw.net

You can find all of our interviews with Vikki at our website.

Sean Swain Silenced

We got word that Sean Swain has had his email, phone and mail blocked, likely in response to his “An Open Letter to Annette Chambers-Smith,” available via DetroitABC, as well as his soon-to-be-published book, “Ohio” (parts 1-3 of the first half available here in zine form, soon via LBC). Pass it on…

Digital Security Tools for Organizing with the CLDC

Digital Security Tools for Organizing with the CLDC

 

Radio Possum by Beehive Collective
Download This Episode

We’re happy to share the rest of our conversation with Michele Gretes, director of the Digital Security project at the Civil Liberties Defense Center, and Cora Borradaile, who is on the board of the CLDC. For this podcast special, you’ll hear the two discuss different tools for more secure, encrypted communication that is available on various platforms to folks organizing. They publish guides on CLDC.org/Security. We discuss the end-to-end encrypted alternative to Slack (Keybase) **, pgp email encryption (particularly the enigmail tool), Signal Messenger, problems with Whatsapp, Cryptpad, Jitsi, Wire, VPNs and The Onion Router,the TorBrowser, OnionShare, Zoom, Protonmail and some of the challenges of running longstanding movement infrastructure such as the RiseUp collective does (plus their file sharing and pad services). Check our show notes for links to some of these projects.

** Keybase was just purchased by Zoom. See the CLDC article.

(image lifted from the amazing Beehive Collective)

. … . ..

featured tracks:

Bojkez – Snap Your Fingers – Instrumental EP vol. 1

Glutton For Insurrection – V!RU$ 5TR!K3

Tracking Technology and Food Distro in Pandemic

Tracking Technology and Food Distro in Pandemic

Tucson Food Share logo
Download This Episode

This week, we feature two conversations. Cora Borradaile and Michele Gretes, folks involved in the Digital Security Project of the Civil Liberties Defense Center, speak about contact tracing apps and surveillance. Then, Se speaks about Tucson Food Share’s grocery distribution program.

Contact Tracing Apps

First up, we hear Michele Gretes and Cora Borradaile. Michele is the Digital Security Coordinator of the Civil Liberties Defense Center and also does digital security for an environmental non-profit. Cora is a co-founder of the CLDC Digital Security Program and is an Associate Professor of Computer Science at Oregon State University with a focus on the security state and the adoption of more-secure apps. They talk about surveillance and the use of apps for tracing folks contact with people infected with covid-19 to slow the pandemic spread. This is a segment of a larger conversation we’ll be releasing in the middle of this week as a podcast in which Cora and Michele talk about and compare tools for online organizing that engage encryption and offer alternatives to the google and other “free” products that often surveil their users. We speak about Jitsi, Wire, Zoom, RiseUp, Signal, vpns, The Onion Router, TAILS, KeyBase, Riot.IM, pgp and other mentionables. More at CLDC.org/Security/

  • Apple & Google announced this approach toward contact tracing we didn’t really cover in detail / by name in this  conversation. Here’s an article from Wired about it.
  • The White Paper referenced by Cora references from the EU with cryptographers is here.
  • GDPR (General Data Protection Regulation) laws, European restrictions on the collection and longtime storage of data on private individuals has been in place since 2016.
  • An article from VOX speaking about ICE using private phone data to seek out and arrest undocumented people in the US. Another talking about current tracking by phone companies of our movements.

Tucson Food Share

After that, we’ll hear from Se of Tucson Food Share, based in Arizona. We talk about their project, how it scaled up from Tucson Food Not Bombs to deliver groceries and hand out burritos publicly, multi-lingual engagement, resisting burnout and finding joy in feeding people. More at TucsonFoodShare.Org . You should get in touch if you’re thinking of setting up a food distribution project and have any questions.

Announcements

New Station: KODX Seattle

We’d like to mention that we’re now airing on Monday mornings at 2am on KODX in Seattle. You can check out that station’s schedule up at kodxseattle.org or hear them in north eastern Seattle on 96.9 on the FM dial.

Recent Release: Bomani Shakur and Lorenzo Kom’boa Ervin

Just a headsup, if you’re looking for more content for your ears, we released a small segment of Lorenzo Kom’boa Ervin talking about prisoner organizing in the 1970’s and today. This was paired with a longer chat with Lucasville Uprising survivor and death row prisoner Bomani Shakur aka Keith Lamar. For a little over an hour, Bomani talks about his youth, the uprising in 1993, his case and being railroaded. He has an execution date set by the state of Ohio for November 16, 2023.

. … . ..

Naughty By Nature – Hip Hop Hooray (instrumental) – Hip Hop Hooray

Leslie Fish – Bella Ciao – Smoked Fish and Friends

Playlist

Error451 #14: Leap Encryption Access Project on VPNs and Psuedonymity

Leap Encryption Access Project

Download This Episode

This week, we’d like to share a conversation had a little bit ago with Kali Kaneko, from LEAP.  Leap Encryption Access Project, like pEp featured in our prior Error451 interview, is an open-source project meant to ease… access to encryption (and it’s a project).  At a point in the past, LEAP had an interest in shifting paradigm of email but is now focusing mainly on distribution, upkeep, and improvement of it’s VPN service, Bitmask.  Bitmask is partnering with Riseup Black and Calyx (and hopefully other trustworthy projects) to expand access to free, psuedonymized web traffic with ease.

Here’re a few links Kali sent my way for sharing and further investigation:

The song for this episode was “Crashing The System” by ¡Tchkung! from the album Post World Handbook.

 

A Jailhouse Lawyer Speaks About #PrisonStrike 2018

A Jailhouse Lawyer Speaks About #PrisonStrike 2018

Download This Episode

This week, we feature three segments. First, we’ll feature a statement about recent doxing of a number of anti-racists in the Asheville area by far-right keyboard warriors.

After that, we feature an interview with Dee, an anonymous incarcerated organizer affiliated with Jailhouse Lawyers Speak. In this conversation we ask about the effectiveness of the #August21 2018 Nationwide Prisoner Strike, the push to move prisoners under storm threat as these increase under climate change, repression and changes in response to the strike, mail limitations in PA prisons, standardization of increased security in Ohio, outside support and organizing, critiques of the methods of NPS2018, and more. Check our show notes for links to more info concerning the strike.

If prisoners want to communicate with and/or join JLS, Dee suggests in some words near the end of the show that they reach out to:

Jailhouse Lawyers Speak
P.O. Box 1076
Knightdale, NC 27545

And you can find JLS on fedbook or twitter to keep up with their organizing

Hambach Forest Updates

In our final section of the show, you’ll hear a report by audio comrades in Germany about the recent resistance to the destruction of the Hambach Forest by authorities. The clearing of the ancient forest is to create the largest open-pit lignite coal mine in Europe on behalf of the corporation RWE, which sells to Netherlands, Germany & the UK. Lignite has a carbon content of around 60-70%, has a low energy yield, and is responsible for 1/3 of CO2 emissions in Germany. This segment shows up in the November 2018 episode of B(A)DNews, Angry Voices from Around The World from the A-Radio Network, of which we’re a proud member. Keep an eye on our podcast stream and website for a link to this episode coming out in the next couple of days.

Local Doxxings

Within the last week, over 15 people were doxxed by white supremacists in our community. Here is most of a collective statement released a day or two after the fact by some of those folks:

They’ve targeted more than twenty people they believe are involved in anti-racist organizing in North Carolina. They’ve posted information such as our home addresses, places of work, family members, license plates, social media profiles–whatever information they could find. They seem to be fixating on trans and nonbinary people in particular, and delight in trying to deadname and misgender us whenever possible. Some of us, and some of our family members, have received harassing messages.

They wrote about us like it’s some big secret that we oppose fascism, that we oppose racism, that we oppose all forms of bigotry and oppression. It’s not a secret. We weren’t hiding. We are not ashamed.

This isn’t a plea for sympathy. Our friends and immediate community have been amazing. Rather, this is a message to let you know that if you ever find yourself targeted by neo-Nazis and the far right, you are not alone. None of us need to face this rising tide of fascist scum alone. We have each other.

Robert Bowers, the Pittsburgh Synagogue shooter, actively and publicly chatted with alt-right trolls who had doxxed anti-racist activists. He even discussed violence against anti-racists in our region. This is probably a good time to think seriously about your online security and that of your family members and friends. But staying safe isn’t just a matter of changing your Facebook settings or making your Instagram private. It’s a matter of us showing up for each other. Of us not letting them intimidate us, not letting them isolate us. Not letting them stop us from our work. Especially when the work is stopping fascism.

To read the full statement, you can visit https://ashevillesolidarity.tumblr.com/ , where you can also see a list of bands and businesses which have been included in the current harassment. And of course, there are ways to donate and send support!

For an article about this (released just as our radio show was airing), including a statement by Firestorm Books contextualizing the specific harassment they’ve received, you can visit The Asheville Blade, which you can donate to here! To support Firestorm Books, our local anarchist community space and bookstore, you can join their Community Sustainer’s Program or leave them a positive review on Facebook, Yelp, wherever you can.

Additionally, for a really excellent walk through of how to help prevent this kind of thing happening to you or your crew, you can visit the Smiling Face Collective guide to preventing doxxing. This site can be easily adapted into an interactive workshop, because let’s face it, wiping your presence off the internet is a tedious, upsetting, and grueling process which is designed to wear you down. It’s always better to do this in groups! You can write to us about your experiences with internet hygiene, good, bad, or whatever, at tfsradioshow@protonmail.com

Rural Organizing Against Racism Benefit

For those in the Western NC area, there will be a Fall Fundraiser to benefit rural organizing and resilience on Friday November 30th at 6pm at the Marshall Container Co. which is located at 10 South Main Street, Marshall, NC. The event will center around a cornbread and chili dinner and will include several surprise musical guests!

Support Anti-Fascist Protestors in Philly

And finally, if you are in the position to donate to those injured yesterday fighting the Proud Boys in Philly and elsewhere, you can go to this rally.org page. Remember that if you donate to do so anonymously!

. … . ..

Playlist here.

Error451: #12 (Efail w/ Micah Lee)

Download This Podcast

This week, Bursts spoke with Micah Lee.  Micah is, according to his bio at The Intercept: ”

a computer security engineer and an open source software developer. He writes about technical topics like digital and operational security, encryption tools, whistleblowing, and hacking using language that everyone can understand, but without dumbing it down. An avid user of Qubes and Linux, he develops security tools such as OnionShare.”

Micah is kind enough in this conversation to break down the Efail scandal that rocked security-minded folks in mid-May.  A weakness in the way that many email clients handled PGP & S/MIME came to light months after it was discovered by a team of security investigators.  Micah explains how this encryption works, what was found out, safer approaches to encrypted messaging. We also talk a little about threat modeling and quantum computing.

Send encrypted text messages to Micah using Signal Messenger at (415) 964-1601.  Here’s a link to a cool article Micah published at The Intercept about a method of cheaply creating a second signal account, so you can give out a signal # without giving away your personal phone number.

Check out past episodes of Error451 and hit us up if you have ideas for segments or guests you’d like to hear from.  Check out our contact page!

featured track: “I Did It For The Kids But They’re Gonna PAY” by Spook Rat.

Error451: #11 (CLOUD Act)

Download This Podcast

A change of plans: instead of airing the interview with comrades in Yogyakarta about May Day repression of anarchists there, we’re including that in the radio show for next Sunday.  So, instead, kick back with this new issue of #Error451 !

The CLOUD Act (Clarifying Lawful Overseas Use of Data Act) got passed by the U.S. Congress earlier this year and signed into law by President Trump.  It’s a revision of the 1986 Stored Communications Act.  Basically, it allows U.S. cops from local up to Federal to request data belonging to persons of interest that is stored on overseas servers from the private corporations or organizations storing it. If the U.S. executive makes an agreement with the foreign power where the data is stored, that power also gets a degree of access to the data of persons of interest to the overseas powers.  Basically, governments can more easily spy on folks around the world!

We talk a bit about the implications of the Act, how it came to pass and the types of practices and services folks can engage to help protect themselves from some of these government excesses.

Check out past episodes of Error451 and hit us up if you have ideas for segments or guests you’d like to hear from.  Check out our contact page!

featured track: “Bob Ross remixed by Symphony of Science’s John D. Boswell for PBS Digital Studios

Error451: #10 (Facebook and Cambridge Analytica)

Download This Podcast

This week on Error451, William Budington and Bursts chat about the Facebook and Cambridge Analytica scandal.  We’ve seen Congressional hearings and M. Zuckerburg give testimony, we’ve seen punditry, we’ve seen evasion.

For the episode, the two chat about what’s going on with the hullabaloo and different solutions privacy advocates have proposed.

Check out past episodes of Error451 and hit us up if you have ideas for segments or guests you’d like to hear from.  Check out our contact page!