Category Archives: Technology

Cora Borradaile on Phone Extraction, Cloning and Keyword Warrants

Cora Borradaile on Phone Extraction, Cloning and Keyword Warrants

image of a cop holding a cellphone
Download This Episode

This week on the The Final Straw you’ll hear me speaking with Cora Borradaile, who sits on the advisory board of the Civil Liberties Defense Center and works around issues of tech security in movements and is an associate professor at OSU.

We discuss the use of phone cloning by US Marshall’s and other law enforcement while engaging protestors in Portland, OR. We talk about UpTurn’s recent report concerning widespread use of cellphone extraction tools to copy and search the contents of cell phones captured during interactions with cops. Finally, we talk about Keyword Searches, where (often without warrants) google hands over information from peoples google searches to law enforcement.

Sean Swain Update

We’ll also be presenting a segment by Sean’s fiance, Lauren, about his current silencing and the injustice of his case. More on president-in-exile Sean Swain can be found at Swain2020.Org and SeanSwain.Org.

. … . ..

Transcription of the conversation with Cora Borradaile

BOG: So I’m speaking with Cora Borradaile who is on the advisory board of the Civil Liberties Defense Center or CLDC and we spoke before about a range of issues in May of this year, and before the George Floyd uprising and the resulting ACAB Spring. During the uprising researchers, journalists, and activists saw that applications of new, or new to us, surveillance methods were being used by security forces against the populace in the so called US, so I was hoping to pick Cora’s brain a bit about this and see, especially since upcoming months in the US also might get a little spicy with the election and all. Thank you Cora very much for taking the time to have this conversation.

Cora Borradaile: Yeah, it’s great to talk to you.

BOG: So just to list off a few things, like this summer we saw the use of military drones surveilling and sharing information with law enforcement in Minneapolis, lots of militarized gear being brought out in the streets across the US, or for late May at least protests against police violence, and collusion with para-state white supremacists have been ongoing in Portland, Oregon. In July we saw the deployment of federal officers from the Department of Homeland Security (DHS) including Customs and Border Patrol (CBP), and the Department of Justice (DOJ) sent out to fight against protesters in the streets of Portland and attack and kidnap people. Including journalists from that and other cities. the US Marshalls also had their own aerial surveillance to track crowds in Portland, it came out this summer. On the tech side of things, the public got wind, apparently from leaks within the department of homeland security, that DHS had been cloning activists’ cell phones. Could you talk a little bit about this and what cell phone cloning is?

CB: Yeah, from that report their were very few details so a lot of it is guesswork as to what could possibly be going on. I could imagine two different ways in which their cloning cellphones- One which is scarier than the other. The more likely I think, is the less scary version which is if they manage to physically get your cell phone, like if you’re arrested and your cell phone is confiscated from you. Even if it’s confiscated temporarily, then they’re copying everything from your cell phone and possibly making a new cell phone that behaves just like your cell phone. So it would allow them to intercept calls possibly receive messages that you were intended to receive.

The scarier version but probably less likely, is the ability for them to be able to do the same thing without having the need to confiscate your phone to do so. That feels unlikely to me that they were doing that. If it was some sort of remote cloning I would gather that they were just cloning the sort of network ID of your phone, and not the contents of your phone. This would still allow them to do things like intercept calls, and intercept data, but in both scenarios I think end-to-end encryption (E2E) apps that you use like Signal or Keybase or Wire, that enable E2E encryption, I think the messages you’re receiving there would still be safe and that the cloned device shouldn’t be able to have the keys enabled to decrypt those messages that were intended for you. And even traffic that is encrypted – if you are visiting a website on your phone that your accessing via HTTPS, where the S stands for Secure – I think that even they wouldn’t be able to see the contents of that web page either because there is a key exchange that happens between you and the web server that they would have to play man in the middle on. Which is more complicated to do in a way that you wouldn’t be able to tell that something was going wrong.

All that’s to say, it’s still scary and I think if you have poor encryption practices like keeping your phone in an unlocked form, they have access to all of your encryption keys for things like Signal and Keybase and whatever other secure messaging apps you might be using. You should do whatever you need to do to alert everyone you contact with to delete your contact from their messages, groups, and so on. And if you have a phone that is confiscated – and certainly in an unlocked form – I would not trust that phone again. If your phone is confiscated but it was locked at the time and presumably you have a good password so they can’t easily unlock your phone, I would still maybe do a factory reset of your phone and start fresh by installing everything over again.

BOG: So, I’m not sure what the basis of this is, but conversations that I was having with friends when we were talking about the latter of the two instances that you were talking about- the hypothetical that remotely the cloning of the network ID or SIM connection could be done. It would be similar to you getting a new phone but having the same number, and that if Signal was installed on that device and it was connecting to the same phone number, by a Man in the Middle attack via a cloned SIM, it would appear that the interception could still be happening but that everyone would see a notation that there had been a change in safety number. Is that maybe what would happen?

CB: Yes. That is perfectly said. Right, so for them to be able to both clone your phone and intercept messages without those “safety number has changed” messages happening would be very, very difficult. So yeah, certainly if there are reports of anybody who’s had a confiscated phone and then all of a sudden all of their contacts are noticing that their safety number has changed with them, that would be super interesting to find out. —

BOG: –Or they stopped getting messages.

CB: Also horrifying.

*Laughter

BOG: Yeah. You know, they noticed that they stopped getting messages, everyone notices that the safety number changed, then that means that hypothetically the cloned phone or whatever would now be in those chats.

CB: So I don’t know if it’s as simple as that, because when you add a new device on Signal all the other devices get a notification of that.

BOG: Oh I see. So if I had a desktop and at least one cell phone that was getting messages… Yeah, but if that device was no longer getting new messages because the traffic was being routed to a different device, you wouldn’t like –

CB: Right so, your contacts should at the very least get the notification saying that the safety number has changed. If it’s a remote clone I think the only way in which the cloned phone would be able to read the messages in preexisting groups, for example, would be if the device was physically confiscated and copied. Because there are encryption keys that are used to start those conversations which are needed.

BOG: Do you mean the messages that were in loops before?

CB: No, to continue to receive messages from conversations that had already been going on. If someone started a new conversation after the cloning then the other people in the conversation might not be able to notice, but if you were continuing a conversation that had started before the cloning I don’t think you would be able to get that information without having physical access to the device and being able to copy over the encryption keys that were used to start those conversations.

BOG: Because they’re being stored on the phone and not on the server.

CB: That’s right, yeah. So for example, when you add a new Signal device part of what happens is copying over the encryption keys needed to continue conversations. And there’s a QR code that, say if you have Signal on your phone and you start using Signal on your desktop, you link those 2 devices so that both devices are able to receive and decrypt messages that go to you as an identifier.

BOG: If you know that if someone in your group or one of your friends has changed their number, whats a good verification?

CB: Don’t message them on Signal, and ask them, right? Because who knows who’s answering. Try to find a different form of communication even if its via friend or via a regular phone call, but ideally via email or some other band that is unrelated to your phone would be perfect to ask them, ‘Hey, I noticed your Signal safety number’s changed, what went on?’ Most of the time, or every time this has happened to me, the answer’s been ‘Oh, I had to reinstall my operating system on my phone’ or ‘I dropped my phone in a pool and had to get a new phone’. That’s usually the reason for a safety number changing, but definitely what you want to do is find a different way to ask that, other than using Signal and ideally other than using the phone. Especially if we are worried about cloned phones. Because if you just use a normal SMS text message to send to your friend and your friends phone has been cloned, then it could be the cops responding saying ‘Oh, yeah I had to get a new phone’.

BOG: I’ve seen some people do a thing where they ask someone in a group, when their safety number changed, ‘Hey could you leave a voice memo with your name and current time that you’re recording the memo and send it into the loop?’ And that way everyone hears this person’s voice, and it’s the time when they specifically get asked to record the memo so it’s outside of Enemy-Of-The-State-level NSA level operation that’s probably not somebody compiling an automated voice message in that person’s voice.

CB: Yeah, that’s a pretty good method for doing that. As you point out, synthesizing peoples’ voices can be done, but taking into account what your threat level is – are you someone who they’re going to be throwing everything at and be able to synthesize your voice in a very short time? For the protest movements we’ve seen, probably not. However if you are the leader of a protest group, hmm… If you are someone that they’re really going to be going after because they think that going after this one person will completely destroy the movement – which I don’t think is the kind of movement time that we are in right now which is good, to avoid those specific people who could really destroy a movement – that’s a pretty good method.

BOG: If you could speak to that prior scenario, is that actually copying the contents of a phone? I think that was the subject of the recent article by Upturn called Mass Extraction —

CB: That’s right.

BOG: If you could talk a little bit about what the findings were there. I was kind of surprised yet kind of not surprised to see the local law enforcement here in Asheville spent at least $49,000, according to their studies, on cell phone extraction tools. But what are mobile device forensic tools, and what do you know about them, how widespread and what kind of stuff do they do?

CB: So these things have existed for a long time. We’ve been talking about them at CLDC for a long time but this Upturn report is really wonderful for just as you say, how widespread they are. Small police departments have them, medium police departments spend hundred of thousands of dollars on access to this over the course of 5 years, and some of the capabilities were actually, I suppose, not really surprising. But reading them all in one place and knowing how low cost access to that technology is was sobering.

So these cell phone extraction devices, they come in different forms but the kind that is most popularly seen is a small stand alone device that you plug a cell phone into and that stand alone device either tries to break into that phone if it’s locked or otherwise just copies all of the content of that phone for later analysis. Some of the things that were surprising to me was how much was available even when the phone was locked and encrypted. There’s a lot of data that is existing in an unencrypted form on your phone.

For example say your phone is locked, you receive a phone call and the name of your contact still shows up, right? It’s not the name that your contact is sending you, its not metadata associated with that contact. if your mother is calling you, it probably shows up “Mom” in your phone, and the reason it says that is because your address book has an entry with that phone number and the name “Mom” attached to it. So your address book entries are existing in an unencrypted state, for example.

Some of the other things that were sort of surprising that were pointed out, that exist in this unencrypted state even though your phone was in a locked condition, were Telegram files and Discord files, and files associated with Google mail. I think a lot of this stuff could just be from bad decisions that the app developer made. Like Telegram is not necessarily focused on security, and so for convenience or speed they may just not be hiding that information behind the device encryption.

There was definitely some reporting in that Upturn report about being able to brute force guess passwords and so there are some things that you can do to protect yourself from that, which is to have a long enough password. Or if you have an Apple device you can enable your phone to self-wipe if you have 10 incorrect guesses, for example. Which if you have a small child at home maybe you don’t want to do because I almost guarantee you will end up with a wiped phone by the end of the week.

BOG: With encrypted files, if there are messages or what-have-you that are saved in an encrypted section on the phone would that just get copied and saved, and tested against decryption later? Is that the idea?

CB: I think what’s happening in most cases is they’re taking a copy of encrypted information, possibly in the hopes that they could decrypt it later or in the hopes that they would be able to get the unlock password from you by other means, like a court order for example. You know, they did point to instances where they were still able to bypass security features like encryption because of security flaws, which is very common. If your phone is badly out of date and you haven’t been keeping up with installing security updates, always install your security updates. That’s a common thing in computer security, that there are flaws that can be taken advantage of that can allow bad actors to break through otherwise strong encryption. But I think if you’re keeping an up-to-date phone, I think that’s the best that any of us can do.

BOG: Another point that was interesting in the article, and I’m glad that they pointed it out, was the sorts of instances when this is being applied to people. You hear about Apple being pressed to give up encrypted information or give a back door when there’s a mass shooting, or a sort of incident that may involve multiple conspirators and the loss of life – something very serious. But in the Upturn article they talk about how through their research and requesting of records it showed that a lot of law enforcement agencies, even local law enforcement agencies, are attempting either to pressure people whose devices they get a hold of or apply for warrants to copy peoples’ contents of their phones for minor things that they’re being accused of.

Like if it’s something like shoplifting or graffiti or public intoxication, petty drug charges, sex work, these are a few of the examples that they give. Considering the way that policing works in the United States, and this shouldn’t surprise anyone in the listening audience, police tend to focus their attention on poor and racialized parts of the population. So if law enforcement gets people’s data, whether by asking for it and pressuring people into it or by using devices, and then saves it for a later investigation and there’s no sort of oversight of this, it seems very likely that the sorts of data that they’re collecting could be used to build future cases or for building profiles on people for things they haven’t actually been accused of so far.

CB: Yup. Phishing for data. Maybe they’re just trying to justify the purchase of this stuff. In Oregon they spend half a million dollars on cellphone extraction technologies, Portland alone spent a quarter of a million in a period of 4-5 years. That’s a lot of money to justify, right? If you’re only using it 3 times a year for homicide cases then maybe you can’t justify actually spending that money and you would just farm out, whenever you do need it for something like that, either to a fusion center or a pay-per-service from one of these companies. So it might just be they’re partially covering their asses and saying ‘Oh yeah, we use it 10 times a week’.

But we’ve also seen examples of law enforcement agencies that just collect so much data, almost for the purpose of just having data. The LAPD famously uses Palantir which is a horrible company, to do all sorts of data analytics for their region collecting data on pizza purchases and parking passes and all sorts of things that don’t seem relevant at all to law enforcement, but it’s almost a compulsion to just collect the data and see what they can do with it.

BOG: Another thing that I had seen was Google was recently in the news when court documents were unsealed in Detroit relating to witness intimidation and arson by an associate of R. Kelly, and this in regards to keyword warrants. Are you familiar with this case and could you talk a little about keyword warrants and what they are?

CB: Yeah, so keyword warrants. I hadn’t heard about them before this news story came out earlier this month, but it’s not surprising. I certainly was familiar with just how many requests for data Google gets and responds to, affecting hundreds of thousands of user accounts every year in the US. So it wouldn’t surprise me if Google, instead of just getting requests saying ‘Hey, I’d like to have all of the emails associated with email address thefinalstraw@gmail.com’, which seems to be the more straight forward type of request related to a specific account that might be included in a law enforcement issue… probably not though. To expand that to ‘Hey, I want to know all of the information you have about people who searched for ‘The Final Straw’ ’. So that’s the keyword warrant or the keyword search request that happened in this case. We’ve seen examples of Geofencing warrants happening for Google Maps asking for anybody who has searched for an address within a given region, that there were a few stories about over the last year. So yeah of course, the data is there why not ask for it? Google is not going to say no, why would they?

BOG: Basically, again by collecting information based on its availability then attempting to apply it. So in this case with the arson, they asked for people who had searched for the address of the house where a car got set on fire within a certain period of time and then cross-referenced that to a Geofence of what phones were in the area within a period of time, and were able to pinpoint and place charges. And not all of the information came out from that, some of the court records are still sealed. It’s kind of a frightening application of technology and as you say, a very happy-to-oblige industry.

CB: Yeah. I think the potential for false arrests and harassment of people, like say you happen to find someone in that area who you don’t like for one reason or another you can arrest them and hold them for a while even if you have no evidence. Harassment arrests are used all the time by law enforcement and have been for decades, centuries probably.

BOG: So I guess… use DuckDuckGo if you’re going to be committing an – – – – ?

*Laughter

CB: I would avoid Google, I definitely use DuckDuckGo. I prefer DuckDuckGo for selfish reasons, I find the personalized search aspect of Google to be somewhat infuriating. When I search for something I don’t want to find what Google thinks I want to find, I want to find the documents related to my search. It’s hard to avoid these tools, but I think DuckDuckGo, anything but g-mail for email please, and there are alternatives to Google Docs as well. Cryptpad seems to be getting better. Every month there are improvements. It offers collaborative online editing to documents, all E2E encrypted.

BOG: I am going to presume with this question that you are not a lawyer, am I correct in that?

CB: I am not a lawyer, no.

BOG: It seems things like intercepting phone calls, peoples text messages, or getting deep into their cellphones and all of the information that’s collected in them for arguably unrelated topics, might overstep into the realm of FISA (Foreign Intelligence Surveillance Act), or might overstep into the realm of one of those amendments that protects our rights against unfair search and seizure. That just doesn’t seem to be the case? Or in these instances is it that these methods haven’t been brought before courts to be challenged?

CB: Everything I know about the law I learned from CLDC, and Law & Order in a previous lifetime. So what I do know about these from reading various news articles and conversations with CLDC is, as pointed out by Upturn, a lot of the extraction of data from cellphones was based on consent and not a warrant. It was about a 50/50 split depending on jurisdiction. So this was probably the case of intimidation by a cop to a person with a cellphone, to say ‘Oh, well let us check your cellphone”. I’m not sure if they give full disclosure of what they mean by ‘let me check your cellphone’, right? (laughs) ‘Let me copy everything there is on your cellphone off your cellphone, if you’re not guilty of this minor misdemeanor’. You know, they’re just asking permission.

That’s one of the things CLDC shoves down the throats of everyone at their trainings, which is don’t consent to searches. Just don’t do it! Even if they’re going to go ahead and do the search, even if you’re not consenting to it, say over and over again ‘I do not consent to this search’. Have a sticker on your phone that says ‘I do not consent to this search’. Because then it can’t be used in the court of law at least. The other thing that we’ve seen over the years is, parallel reconstruction. I don’t know if I’ve seen a well researched example of this but certainly people have hinted that this a common practice, where they’ll find out something via methods that wouldn’t be admissible in the court of law and then they figure out a way to reconstruct what they know using admissible methods.

BOG: Oh like in The Wire.

CB: Yeah, exactly. So that’s something that might be why they’re getting information that they can’t necessarily use. The other part is just general intelligence work. It’s not necessarily going to be used to arrest anyone, it’s not necessarily going to be used in a court of law, but they just want to know what’s going on, and so are going to collect as much data as they can. Unless you find out about it and unless you prove harm in a court of law, then how are you going to stop it from happening? Which is why this report about the Google keyword searches and Google Geofencing searches is so important. If we can find out about that and we can get a case brought forth and have it deemed unconstitutional to do this kind of search then that would stop those kinds of requests from happening. Then you could put pressure on a company – even a company like Google – you could put public pressure on them to say ‘Don’t respond to these requests, they’ve been deemed illegal’.

BOG: There are a couple of other, I guess not insights but points in that Upturn article that I thought were useful. Like if someone deletes information on their phone, are they actually deleting information off of their phone, and are there appropriate or useful, good tools for actually wiping data off of phones or does it just kind of sit there?

BOG: –MAGNETS–

CB: I don’t know of a good tool. I think that if you do a factory reset of your phone that’s most likely to help make that data inaccessible. Even then, is it actually getting completely deleted? It might not be. You have memory on your computer or on your cellphone, and when you delete something it just kind of takes the index away… I’m trying to use an analogy that people would remember. Do people remember libraries and card catalogs? (laughs) All of my analogies are too old.

BOG: I think it’s fair, go ahead.

CB: You think people will remember?

BOG: I think so, or they’ve heard the analogy enough they’ll recognize what a card catalog is.

CB: They’ve seen a movie with an old-timey library and card catalogs?

BOG: Ghostbusters

CB: So. you have a big library with books on all the shelves and the way you know where to find a book is to go to the card catalog. You look up the book that you want and you find its listed location on the shelf and then you go to the shelf and you find the book. Well now, when you delete a file from a computer, really all you’re deleting is the card from the card catalog. So when it comes time to put a new photo in the memory of your computer or cellphone, you go to the shelf and you find out ‘Oh, there’s supposed to be space here because according to the card catalog there’s nothing stored here, so this old data must be something that I don’t need anymore, now I’m going to delete that old stuff.’ Right, ‘I’m going to remove that book from the shelf whose existence was deemed not there anymore by the card catalog, I’ll throw it away now and put my new one in.’ So it’s not until you use the memory again that the old information actually gets deleted.

BOG: At least on computers there’s – for instance I had to reinstall my operating system recently. And when I installed it I went to encrypt the home folder and the file system and it asked ‘Do you want to overwrite everything else on the hard drive?’ Is that what you’re talking about?

CB: Yeah, so that would be the equivalent of actually going to all the shelves of the old library and removing all of the old books. So that’s pretty common when you’re setting up on a computer but I’ve never seen that option on a phone. I’m wondering, does a factory reset actually delete all of that information? I haven’t noticed that myself.

BOG: Microwaves. I mean I saw –

*Laughter

BOG: Yeah, I got nothing.

CB: Drop your phone in the pool, start over.

BOG: They invented this thing called rice though, where if you put your phone into a bag of rice it extracts the water… and the data…

*Laughter

BOG: Well are there any other things you’d like to share with the audience concerning digital tech or any insights?

CB: I did want to share one thing. You asked about them getting this data, and is this illegal search and seizure. There are still strange laws that date back to the 80’s, for example e-mail can be accessed by law enforcement form somewhere like Google with just a subpoena and not a warrant, necessarily. For a law enforcement agency to get information that would otherwise be deemed illegal search and seizure, they need to get a warrant from a judge that proves probable cause for them to get that data or that physical item. But if it’s email on a server held at Google then they don’t need to prove probable cause and they just need a subpoena which is essentially just a ‘Please can I have this information’. I think that’s where these keyword searches are coming in, I’m not sure that they actually need to have a warrant for those. So that’s maybe one extra detail on that front.

BOG: In those instances it’s in one centralized place, although if your doing a keyword search… Yeah I don’t know– I guess I don’t know how Google works on the inside and if it’s just constantly categorizing what people are typing into its different services for later use and then providing that in easily digestible pills to law enforcement. If you’re sending email and it’s unencrypted, it’s probably getting Hoovered up somewhere and fully readable anyway.

CB: Depends on who your adversary is. I don’t think the Portland police department has access to a big Hoover of data on a global scale, but they certainly can ask Google for all of the emails of the activists whose email addresses they’ve extracted from the phones they confiscated during protests.

BOG: Cora, thank you so much. Cora is an associate professor of Computer Science at Oregon State University with a focus on Security State and The Adoption of More Secure Apps, and also is on the board of the CLDC. Thanks again for having this chat.

CB: It was wonderful talking to you, as always.

 

Digital Security Tools for Organizing with the CLDC

Digital Security Tools for Organizing with the CLDC

 

Radio Possum by Beehive Collective
Download This Episode

We’re happy to share the rest of our conversation with Michele Gretes, director of the Digital Security project at the Civil Liberties Defense Center, and Cora Borradaile, who is on the board of the CLDC. For this podcast special, you’ll hear the two discuss different tools for more secure, encrypted communication that is available on various platforms to folks organizing. They publish guides on CLDC.org/Security. We discuss the end-to-end encrypted alternative to Slack (Keybase) **, pgp email encryption (particularly the enigmail tool), Signal Messenger, problems with Whatsapp, Cryptpad, Jitsi, Wire, VPNs and The Onion Router,the TorBrowser, OnionShare, Zoom, Protonmail and some of the challenges of running longstanding movement infrastructure such as the RiseUp collective does (plus their file sharing and pad services). Check our show notes for links to some of these projects.

** Keybase was just purchased by Zoom. See the CLDC article.

(image lifted from the amazing Beehive Collective)

. … . ..

featured tracks:

Bojkez – Snap Your Fingers – Instrumental EP vol. 1

Glutton For Insurrection – V!RU$ 5TR!K3

Tracking Technology and Food Distro in Pandemic

Tracking Technology and Food Distro in Pandemic

Tucson Food Share logo
Download This Episode

This week, we feature two conversations. Cora Borradaile and Michele Gretes, folks involved in the Digital Security Project of the Civil Liberties Defense Center, speak about contact tracing apps and surveillance. Then, Se speaks about Tucson Food Share’s grocery distribution program.

Contact Tracing Apps

First up, we hear Michele Gretes and Cora Borradaile. Michele is the Digital Security Coordinator of the Civil Liberties Defense Center and also does digital security for an environmental non-profit. Cora is a co-founder of the CLDC Digital Security Program and is an Associate Professor of Computer Science at Oregon State University with a focus on the security state and the adoption of more-secure apps. They talk about surveillance and the use of apps for tracing folks contact with people infected with covid-19 to slow the pandemic spread. This is a segment of a larger conversation we’ll be releasing in the middle of this week as a podcast in which Cora and Michele talk about and compare tools for online organizing that engage encryption and offer alternatives to the google and other “free” products that often surveil their users. We speak about Jitsi, Wire, Zoom, RiseUp, Signal, vpns, The Onion Router, TAILS, KeyBase, Riot.IM, pgp and other mentionables. More at CLDC.org/Security/

  • Apple & Google announced this approach toward contact tracing we didn’t really cover in detail / by name in this  conversation. Here’s an article from Wired about it.
  • The White Paper referenced by Cora references from the EU with cryptographers is here.
  • GDPR (General Data Protection Regulation) laws, European restrictions on the collection and longtime storage of data on private individuals has been in place since 2016.
  • An article from VOX speaking about ICE using private phone data to seek out and arrest undocumented people in the US. Another talking about current tracking by phone companies of our movements.

Tucson Food Share

After that, we’ll hear from Se of Tucson Food Share, based in Arizona. We talk about their project, how it scaled up from Tucson Food Not Bombs to deliver groceries and hand out burritos publicly, multi-lingual engagement, resisting burnout and finding joy in feeding people. More at TucsonFoodShare.Org . You should get in touch if you’re thinking of setting up a food distribution project and have any questions.

Announcements

New Station: KODX Seattle

We’d like to mention that we’re now airing on Monday mornings at 2am on KODX in Seattle. You can check out that station’s schedule up at kodxseattle.org or hear them in north eastern Seattle on 96.9 on the FM dial.

Recent Release: Bomani Shakur and Lorenzo Kom’boa Ervin

Just a headsup, if you’re looking for more content for your ears, we released a small segment of Lorenzo Kom’boa Ervin talking about prisoner organizing in the 1970’s and today. This was paired with a longer chat with Lucasville Uprising survivor and death row prisoner Bomani Shakur aka Keith Lamar. For a little over an hour, Bomani talks about his youth, the uprising in 1993, his case and being railroaded. He has an execution date set by the state of Ohio for November 16, 2023.

. … . ..

Naughty By Nature – Hip Hop Hooray (instrumental) – Hip Hop Hooray

Leslie Fish – Bella Ciao – Smoked Fish and Friends

Playlist

Doing For Selves: Open Source Supplies and Tenant Organizing

Doing For Selves: Open Source Supplies and Tenant Organizing

3d printed n95-quality face mask
Download This Episode

Welcome to a podcast special from The Final Straw. While William is was busy producing an episode featuring voices of medical professionals and activists inside and out of prison to talk about the impacts of covid-19 on incarcerated people for broadcast, I had a couple of conversations about work folks are doing on the outside that I’d like to share.

Sean Swain [00:08:06-00:15:12]

Hacking To Fight Covid-19

[00:15:12-00:33:01]

First, I spoke with Bill Slavin of Indie Lab, space in Virginia that is in the process of shifting it’s purpose since the epidemic became apparent from an broader scientific and educational maker space to work on the manufacturing and distribution of covid-19 related items in need such as testing kits, medical grade oxygen, ventilators and 3d printed n95 quality masks for medical professionals to fill public health needs. Bill talks generally about the ways that community and scientists can come together through mutual aid to deal with this crisis left by the inaction of the government on so many levels. They are also crowd-sourcing fundraising for scaling up their production and facilities and there’s a link in our show notes on that. The platform that Bill talks about in the chat is known as Just One Giant Lab, or JOGL. Consider this an invitation for makers to get involved.

Organizing With Your Neighbors For Homes and Dignity

[00:35:08-01:45:44]

Then, I talked to Julian of Tenants United of Hyde Park and Woodlawn in Chicago. What with all of the talk about rent strikes in the face of such huge leaps in unemployment during the spread of covid-19 and accompanying economic collapse, I thought it’d be helpful to have this chat to help spur on these conversations of how we seize power back into our hands while we’re being strangled by quarantine and hopefully afterwards. You can learn more about the group Julian works with at TenantsUnitedHPWL.Org. Philadelphia Tenants Union and Los Angeles Tenants Union were both mentioned and will be linked in the show notes, alongside a reminder that the national Autonomous Tenants Union Network (ATUN) is being organized and folks can reach out to Philly TU or LA TU via email to get onto their organizing zoom calls. Finally, if you’re in the Chicago area and need a lawyer for housing, check out Lawyers Committee For Better Housing online at lcbh.org. Julian also mentioned squatting of homes in southern CA owned by the state, here’s a link to an article.

Announcements

WNC Mutual Aid Projects

Linked in our show notes is also a googledoc that Cindy Milstein and others are helping to keep updated that lists many mutual aid projects that have sprung up all over concerning the exacerbation of capitalism by the covid-19 crisis, as well as a similar page up from ItsGoingDown.Org

If you’re in so-called Western NC and want to get involved, the project Asheville Survival Project has a presence on fedbook and is soliciting donations of food and sanitary goods for distribution to indigent, bipoc, elder and immune compromised folks in the community. We’ll link some social media posts on the subject that list our donation sites around Asheville in the show notes and you can venmo donations to @AVLsurvival.

If you care to contribute to efforts in Boone, NC, you can follow the instagram presence for @boonecommunityrelief or join the fedbook group by the same name, reach them via email at boonecommunityrelief@protonmail.com find donation sites and venmo donations can happen up at via venmo at @Bkeeves.

NC Prisons Covid-19 Phone Zap

Flyer about call-in to NC prisonsAnd check our show notes for an invitation to call the NC Department of Public Safety and Governor’s offices to demand the release of NC prisoners susceptible to infection and possible death of Corona Virus in the NC system due to improper care. Wherever you are listening, consider getting together with others and calling jails, prison agencies and the executive branches to demand similarly the release of AT THE VERY LEAST the aged, infirm, folks in pre-trial detention, upcoming release or who are held because they can’t pay bail.

North Carolina Corrections Department-Prison Division

(919) 838-4000

North Carolina Governors Office

919-814-2000

https://governor.nc.gov/contact/contact-governor-cooper

sample script:

My name is ________, and I am a North Carolina resident  deeply concerned about the safety of the states’s incarcerated people during the COVID-19 pandemic. Incarcerated people have a unique vulnerability to disease due to their crowded, unsanitary living conditions and lack of access to adequate medical care. For humanitarian reasons as well as reasons of public health, we call for the immediate release of all people in the North Carolina prison system. We also urge that you stop the intake of new prisoners during the pandemic. The cost of failing to take these steps will be paid for in human lives, and we refuse to abandon our neighbors and loved ones to die in lockup.

CALL AS MANY TIMES AS YOU CAN

stay tuned to the twitter accounts for @NCResists and @EmptyCagesColl for updates

10th Anniversary

Even while the world burns, our 10th anniversary still approaches and we’re still soliciting messages from you, our listenership. Not sure what to say, likely you have a LOT of time on your hands, so go back through our archives and dive in. If you want a deep dive, visit our website where you can find hundreds of hours of interviews and music. If you want to drop us a line, check out the link in the show notes, or you can leave a voicemail or signal voice memo at +18285710161, you can share an audio file with the google drive associated with the email thefinalstrawradio@riseup.net or send a link to a cloud stored audio filed to that email address. Tell us and listeners what you’ve appreciated and or where you’d like us to go with this project.

Spreading TFS

If you appreciate the work that we do here at TFS, you can also help us out by making a donation if you have extra cash rustling around. The link on our site called Donate/Merch will show you tons of ways. If, like most of us, money is super tight at the moment, no prob, we struggle together. You can share our show with other folks to get these voices out there and more folks in the conversation. And if you REALLY like us and have a community radio station nearby who you’d be excited to have us air on for free, get in touch with us and we’ll help. The page on our site entitled Radio Broadcasting has lots of info for radio stations and how to let them know you want us on the airwaves. Thanks!

. … . ..

Featured music:

  • From Monument To Masses – Sharpshooter – The Impossible Leap In One Hundred Simple Steps
  • Filastine – Quémalo Ya (instrumental) – Quémalo Ya
  • Etta James – I Don’t Stand A Ghost of a Chance (With You) – Mystery Lady: The Songs of Billie Holiday

Digital Security / Tenant Organizing / #MeToo and Updates from Hong Kong

Digital Security / Tenant Organizing / #MeToo Hong Kong

This week, we feature three portions.

Lauren Regan of CLDC

art by Ar To
poster by Ar To
Download This Episode

First up, we share a chat with Lauren Regan of the Civil Liberties Defense Center, or CLDC, to chat about safer practices around technology for activists, as well as the “reverse search” warrant used by the NYPD with Google to capture info on antifascists and the Proud Boy attackers last year. More at https://cldc.org. An article about tech security and phones that Bursts references is called “Never Turn Off The Phone” [starts 10m 08s]

Palm Beach Tenants Union

Following this, Withers (a new collective member at The Final Straw) shares a chat with Adam and Amy, two organizers with the Palm Beach Tenants Union out of Florida about their work and the sorts of mutual aid disaster work they’ve done with Hurricane Irma and advocating for and organizing with renters in their communities for dignity in housing. More on the Union at https://pbctu.org and more on how you can get involved in mutual aid up at https://mutualaiddisasterrelief.org. There are a number of donation sites around the region to prepare for this Hurricane season, as well as distribute support to Bahamas that you can find by searching social media for DRASL (Dorian Response Autonomous Supply Line), as mentioned on itsgoingdown.org. [starts at 54m 06s]

#MeToo and Updates from Hong Kong

Finally, you’ll hear a conversation with Enid and Rebecca, who feminist activists in Hong Kong about the current state of protests there. Content warning, that segment deals in part with organizing around sexualized assault by police and by protestors. To hear our prior interview with Ahkok on protests in HK, check our website and see the great articles up at crimethinc. Also, the guests talk about the term 自由閪, or “Freedom Cunt” as a re-appropriation of a misogynist insult by police from the protests. [starts at 1hr 15m 51s]

*Correction to the HK conversation: The full name of the IPCC mentioned in regards to the establishment of an independent police inquiry is called the Independent Police Complaints Council. Hong Kong Chief Executive Carrie Lam appointed two new committee members to the already existing committee, not independent investigators. However, the IPCC has hired five foreign investigators to participate in examinations, though it must be clarified that the role of the IPCC is observational rather than investigative. The IPCC has no jurisdiction to either call witness nor collect evidence for the independent inquiry called for by citizens.

If you’re listening to the radio version, as usual, we suggest that you check out the podcast version for longer versions of all three chats in this episode as well as Sean Swain’s audio this week. You can hear that at thefinalstrawradio.noblogs.org or via various streaming platforms we publish to, such as youtube, soundcloud, stitcher, pandora and so-on.

. … . ..

playlist ending

There Is No Liberation Until The Borders Are Gone: Bruno from CIMA and Members of IAF Speak

Download Episode Here

This week we are super pleased to share an interview that William did a few weeks ago with two members of the Indigenous Anarchist Federation, Bombshell and insurgent e! We got to talk about a lot of topics in this episode, which was recorded on about the year anniversary of the formation of the Indigenous Anarchist Federation. Bombshell and insurgent e talked about their histories as anarchist people, about the formation of this Federation, what true decolonization of anarchism could look like, and about the upcoming Indigenous Anarchist Convergence which is happening from August 16th-18th in Kinlani, Navajo land, occupied Flagstaff AZ, plus many other topics!

William really appreciated getting to connect with Bombshell and e, hearing their words on the topics at hand, and also really appreciated their patience with me as he stumbled thru my sentences with them.

To learn more about them you can follow them on Twitter, where they post active updates, news, and analysis @IAF_FAI
or go to their website iaf-fai.org where they post more in depth articles about Indigenous struggle all around the world.

If you do the Twitter follows, just note that there is an active fake account that is attempting to badmouth and discredit the work of the IAF, and this account has the handle @fai-mujer; their interventions have been confusing to followers of the IAF in the past. To see a full account of this situation, plus of course many more topics that are like not about internet trolls but are about the work, you can visit them at iaf-fai.org! To learn more about the Convergence, to register, and for tips for outsider participation, you can visit taalahooghan.org.

If in listening to this you are curious about whose land you were born on or live on, a fantastic resource for this is native-land.ca which provides a world wide map, insofar as it’s possible, of indigenous lands and the names of their people spanning thousands of miles.

For more great interviews with members of IAF, including words from Bad Salish Girl and Green City:

Rev Left Radio

Coffee With Comrades

A list of recommendations from B and e:

-Do some digging and research to find a bunch of recent authors who have done the work to center Indigenaity and decolonization,

-read the complete works of Cutcha Risling Baldy on Decolonized and Indigenous Feminism,

-Talk to and listen to Indigenous people, do the necessary research to not ask folks to perform unnecessary emotional labor.

Books:

Open Veins of Latin America by Eduardo Galeano (en Espanol Las Venas Abiertas de América Latina)

Indigenous Peoples History of the United States by Roxane Dunbar-Ortiz

1491: New Revelations of the Americas Before Columbus by Charles C. Mann

Our History Is The Future by Nick Estes

500 Years of Indigenous Resistance by Gord Hill

Some good podcasts, recommended by William of TFS, from Indigenous folks, while not being politically anarchist identified are good to listen to!

All My Relations by Matika Wilbur and Adrienne Keene

While Indigenous by the NDN Collective

Stay tuned next week for an interview with Kanahus Manuel, a Secwepemc woman fighting a pipeline thru her lands in so called BC!

CIMA Speaks about ICE Raids

But first up Bursts spoke with Bruno Hinojosa Ruiz of the local immigrants advocacy group, CIMA, about the threatened raids by ICE and  CPB, ways for folks to get plugged in wherever they are with defending  their communities and helping those most targeted and strengthening our  bonds. More about CIMA can be found online by searching C I M A W N C on  facebook or at their site cimawnc.org. After the conversation,  Bursts learned that there’s a wiki page that’s compiling ICE offices and companies profiting from Immigrations police and Border Patrol. That  wiki can be found and added to at https://trackingice.com/wiki/Main_Page

Rest In Power, Willem

In related news to the ramping up of ICE repression of people around the so-called US, protests, sit-ins and sabotages of profiteers have been on the rise. Much of this can be tracked by visiting https://itsgoingdown.org/closethecamps/. Of note, in Asheville someone claimed responsibility for damaging an atm owned by PNC and claiming it anonymously on IGD. Also, on Saturday, July 13th, a 69 year old, northwest anarchist named Willem Van Spronsen was gunned down by authorities outside of the North West Detention Center in Tacoma, WA while attempting to destroy buses used by GEO group to transport detainees to and from the center. Van Spronsen was allegedly armed with a rifle and  was attempting to arson the buses when pigs opened fire and ended his life. There’s a statement by a local group focused on shutting down the facility, La Resistencia, up on fedbook and linked in our show notes. We’re sorry to lose you,  comrade and mourn your loss, but are inspired by your motivation.

. … . ..

Music for this episode:

Affinity by Shining Soul off of We Got This

Look of Pain by Soul Position

Norman Shamas updates on FOSTA and Digital Harm Reduction

Norman Shamas updates on FOSTA and digital harm reduction

Download This Episode

This week, we continue our look at sex, work and the state with guest, Norman Shamas. Norman Shamas is an activist and educator whose work focuses on human-centered information and digital security and privacy. Now, Norman is not a lawyer but shares their insights about the legal situation around FOSTA, or Fighting Online Sex Trafficking Act that passed into law in the U.S. last year and it’s implications for sex workers, for those trying to fight sex trafficking and for people communicating desire without coercion or monetary exchange, folks looking for a hookup. This interview was conducted for our Error451 podcast, an occasional project focusing on digital security and tech from an anarchist perspective, but because of the prescience of Norman’s words, we wanted to share it as an episode for the airwaves. Later in the interview we talk about Norman’s writing a bit, including issues around queer dating apps and how they’ve been used to persecute folks for their sexualities and genders in various parts of the world and how we can pressure app developers and platforms to take the security of their users more seriously.

For the full conversation including links to articles and subjects we talk about, as well as this week’s Sean Swain segment, check out our podcast version available at thefinalstrawradio.noblogs.org. Subcribing to our show is free and easy if you have a computer or a smart phone. There are some instructions up at our website under the “podcasting” tab at the top of the page.

Red Umbrella Tech Collective: https://redumbrellatech.com/

Safer Nudes from Coding Rights: https://www.codingrights.org/4/

Hacking // Hustling (incl. a recording of the panel): http://melissagiragrant.com/hackinghustling/

Open Privacy: https://openprivacy.ca/

CWTCH platform and protocol: https://cwtch.im/

Guide on Harm Reduction and WhatsApp: https://blog.witness.org/2018/11/harm-reduction-whatsapp

Denver Prisoner Letter Writing Event

On February 13th, 7PM at Hooked on Colfax in Denver, CO, folks’ll be sharing love and solidarity with political prisoners with letter writing.

There’ll be a presentation from the Anarchist Black Cross with tips for writing a letter and the February birthdays.

The event will be excitedly co-hosted by many local groups including the Denver Anarchist Black Cross, Denver Black and Pink, Denver IWW, Femme Left, and the Denver CryptoParty.

Prisoners Left Cold at Brooklyn MDC

If you’re in New York, there are rolling demo’s at the Brooklyn Metropolitan Detention Center where it was discovered that prisoners have been held with limited heat and electricity for days now during this time of record-breaking cold, as reported in the New York Times on February 1st. To keep up on actions around this, one can check out IWOCNYC, the New York City Incarcerated Workers Organizing Committee where demo’s are being announced. If you’re concerned for the health and safety of the over 1,000 prisoners at the MDC Federal jail but can’t make it to a demo, the group Sunset Park for a Liberated Future has called for a phone zap. Those wanting to participate can call Warden Herman Quay & Associate Warden David Ortiz at 718-840-4200. You can also call
Nicole McFarland, US Marshall Assistant Chief at 718-840-4200 ext. 41740.

A sample script from Black and Pink NYC reads:

“I’m a resident of NYC and am very concerned about the situation at MDC. People are living in intolerable conditions without heat or hot meals. This is unacceptable and a violation of human rights. I believe this poses serious harm to the health and safety of people at MDC and fails to meet Eighth Amendment standards prohibiting cruel and unusual punishment. What is your action plan to stop this immediately? What do you commit to in ending this suffering of people in your custody?”

. … . ..

Donate or Get TFSR Swag

. … . ..

Playlist

Error451 #14: Leap Encryption Access Project on VPNs and Psuedonymity

Leap Encryption Access Project

Download This Episode

This week, we’d like to share a conversation had a little bit ago with Kali Kaneko, from LEAP.  Leap Encryption Access Project, like pEp featured in our prior Error451 interview, is an open-source project meant to ease… access to encryption (and it’s a project).  At a point in the past, LEAP had an interest in shifting paradigm of email but is now focusing mainly on distribution, upkeep, and improvement of it’s VPN service, Bitmask.  Bitmask is partnering with Riseup Black and Calyx (and hopefully other trustworthy projects) to expand access to free, psuedonymized web traffic with ease.

Here’re a few links Kali sent my way for sharing and further investigation:

The song for this episode was “Crashing The System” by ¡Tchkung! from the album Post World Handbook.

 

A Jailhouse Lawyer Speaks About #PrisonStrike 2018

A Jailhouse Lawyer Speaks About #PrisonStrike 2018

Download This Episode

This week, we feature three segments. First, we’ll feature a statement about recent doxing of a number of anti-racists in the Asheville area by far-right keyboard warriors.

After that, we feature an interview with Dee, an anonymous incarcerated organizer affiliated with Jailhouse Lawyers Speak. In this conversation we ask about the effectiveness of the #August21 2018 Nationwide Prisoner Strike, the push to move prisoners under storm threat as these increase under climate change, repression and changes in response to the strike, mail limitations in PA prisons, standardization of increased security in Ohio, outside support and organizing, critiques of the methods of NPS2018, and more. Check our show notes for links to more info concerning the strike.

If prisoners want to communicate with and/or join JLS, Dee suggests in some words near the end of the show that they reach out to:

Jailhouse Lawyers Speak
P.O. Box 1076
Knightdale, NC 27545

And you can find JLS on fedbook or twitter to keep up with their organizing

Hambach Forest Updates

In our final section of the show, you’ll hear a report by audio comrades in Germany about the recent resistance to the destruction of the Hambach Forest by authorities. The clearing of the ancient forest is to create the largest open-pit lignite coal mine in Europe on behalf of the corporation RWE, which sells to Netherlands, Germany & the UK. Lignite has a carbon content of around 60-70%, has a low energy yield, and is responsible for 1/3 of CO2 emissions in Germany. This segment shows up in the November 2018 episode of B(A)DNews, Angry Voices from Around The World from the A-Radio Network, of which we’re a proud member. Keep an eye on our podcast stream and website for a link to this episode coming out in the next couple of days.

Local Doxxings

Within the last week, over 15 people were doxxed by white supremacists in our community. Here is most of a collective statement released a day or two after the fact by some of those folks:

They’ve targeted more than twenty people they believe are involved in anti-racist organizing in North Carolina. They’ve posted information such as our home addresses, places of work, family members, license plates, social media profiles–whatever information they could find. They seem to be fixating on trans and nonbinary people in particular, and delight in trying to deadname and misgender us whenever possible. Some of us, and some of our family members, have received harassing messages.

They wrote about us like it’s some big secret that we oppose fascism, that we oppose racism, that we oppose all forms of bigotry and oppression. It’s not a secret. We weren’t hiding. We are not ashamed.

This isn’t a plea for sympathy. Our friends and immediate community have been amazing. Rather, this is a message to let you know that if you ever find yourself targeted by neo-Nazis and the far right, you are not alone. None of us need to face this rising tide of fascist scum alone. We have each other.

Robert Bowers, the Pittsburgh Synagogue shooter, actively and publicly chatted with alt-right trolls who had doxxed anti-racist activists. He even discussed violence against anti-racists in our region. This is probably a good time to think seriously about your online security and that of your family members and friends. But staying safe isn’t just a matter of changing your Facebook settings or making your Instagram private. It’s a matter of us showing up for each other. Of us not letting them intimidate us, not letting them isolate us. Not letting them stop us from our work. Especially when the work is stopping fascism.

To read the full statement, you can visit https://ashevillesolidarity.tumblr.com/ , where you can also see a list of bands and businesses which have been included in the current harassment. And of course, there are ways to donate and send support!

For an article about this (released just as our radio show was airing), including a statement by Firestorm Books contextualizing the specific harassment they’ve received, you can visit The Asheville Blade, which you can donate to here! To support Firestorm Books, our local anarchist community space and bookstore, you can join their Community Sustainer’s Program or leave them a positive review on Facebook, Yelp, wherever you can.

Additionally, for a really excellent walk through of how to help prevent this kind of thing happening to you or your crew, you can visit the Smiling Face Collective guide to preventing doxxing. This site can be easily adapted into an interactive workshop, because let’s face it, wiping your presence off the internet is a tedious, upsetting, and grueling process which is designed to wear you down. It’s always better to do this in groups! You can write to us about your experiences with internet hygiene, good, bad, or whatever, at tfsradioshow@protonmail.com

Rural Organizing Against Racism Benefit

For those in the Western NC area, there will be a Fall Fundraiser to benefit rural organizing and resilience on Friday November 30th at 6pm at the Marshall Container Co. which is located at 10 South Main Street, Marshall, NC. The event will center around a cornbread and chili dinner and will include several surprise musical guests!

Support Anti-Fascist Protestors in Philly

And finally, if you are in the position to donate to those injured yesterday fighting the Proud Boys in Philly and elsewhere, you can go to this rally.org page. Remember that if you donate to do so anonymously!

. … . ..

Playlist here.

Error451: #12 (Efail w/ Micah Lee)

Download This Podcast

This week, Bursts spoke with Micah Lee.  Micah is, according to his bio at The Intercept: ”

a computer security engineer and an open source software developer. He writes about technical topics like digital and operational security, encryption tools, whistleblowing, and hacking using language that everyone can understand, but without dumbing it down. An avid user of Qubes and Linux, he develops security tools such as OnionShare.”

Micah is kind enough in this conversation to break down the Efail scandal that rocked security-minded folks in mid-May.  A weakness in the way that many email clients handled PGP & S/MIME came to light months after it was discovered by a team of security investigators.  Micah explains how this encryption works, what was found out, safer approaches to encrypted messaging. We also talk a little about threat modeling and quantum computing.

Send encrypted text messages to Micah using Signal Messenger at (415) 964-1601.  Here’s a link to a cool article Micah published at The Intercept about a method of cheaply creating a second signal account, so you can give out a signal # without giving away your personal phone number.

Check out past episodes of Error451 and hit us up if you have ideas for segments or guests you’d like to hear from.  Check out our contact page!

featured track: “I Did It For The Kids But They’re Gonna PAY” by Spook Rat.