Nasty attempt to destroy evidence

Eat it, eat it, eat it, eat it
If it’s gettin’ cold, reheat it
Have a big dinner, have a light snack
If you don’t like it, you can’t send it back
Just eat it, eat it, eat it, eat it
From Eat It by Weird Al Yankovic

And in news of the weird, we have this article from The Smoking Gun entitled Giga-Biter In Obstruction Charge that begs an entire post filled with genuine potty humor.

In a bold and bizarre attempt to destroy evidence seized during a federal raid, a New York City man grabbed a flash drive and swallowed the data storage device while in the custody of Secret Service agents

Yowza! I would have loved to hear the e-discovery motions by the prosecution on this one. [The following scenario is entirely fictional and occurred only in the mind of the author].

Prosecutor: Your honor, in order to access the evidence acquired through the legal search warrant we will require a court order to administer laxatives and/or enema to the defendant.
Judge: WTF! Is that some new encryption protocol?

But sadly they were able to avoid any hilarious legal maneuvering the old fashioned way. Through collusion with friendly medical professionals.

When [the suspect] was unable to pass the item after about four days, doctors – concerned that the drive was not compatible with the suspect’s GI tract – concluded he “would be injured if they allowed the flash drive to remain inside of him”. [The suspect] eventually agreed to allow doctors at New York Downtown Hospital to remove the item, according to a source familiar with the incident.

I must concur that a flash drive is probably not compatible with your GI tract. Although passing it would definitely be a pain in the… Well, you get it. So, presumably after cleaning up the evidence, [this adds a whole new meaning to "sanitizing data"] there was still the question of whether the data was damaged by the tour of the suspect’s digestive system.

A Kingston executive said it was unclear if stomach acid could damage a flash drive. “As you might imagine, we have no actual experience with someone swallowing a USB device”.

Since the case is still pending, we have no idea of the ultimate disposition or disposal of the evidence. Or of the state of the suspect’s GI tract.

Left naked in the rain by social networking

I must have been out cold
But the way the story’s told
They found me lying naked in the rain
From Bible Black by Heaven and Hell

Any number of times in the past I’ve warned about the inherent lack of privacy with social networking in posts like thisthisthis and even this. But this week Sharon Nelson of the {ride the lightning} Electronic Evidence blog had a very interesting post wherein she points outs that employees who engage in social networking at work expose their employers as well as themselves.

So you have a policy against social networking on work computers? Who cares? Probably not your Millennial generation employees. 45% of them use social networking at work whether or not their employers have imposed policy restraints. Of course, you can use technology to block them from visiting these sites on their computers. And then they reach for their cell phones chanting the Millennial mantra, “There’s an app for that.”

That’s right Mr. CIO, pretty much leaves you naked in the rain. But it’s not all bad though, e-discovery folks like Sharon love these miscreants for the bounty they allow them to harvest. Well okay, maybe it is all bad for you. The post references this report from Accenture titled Jumping the Boundaries of Corporate IT which examines the Millennials’ use of technology. Some of the highlights include:

29% of those surveyed say that they don’t know if their company has a social networking policy.
17% say a policy has never been published.
11% say that what the company has published is too complex to understand.
11% say – in essence – screw the policy, I’ll do as I see fit.

If these little tidbits don’t have your IT security folks hyperventilating then you’re not paying attention. I’m thinking that it might be a really good idea to check out that Accenture report and try to understand how Millenials think and their proclivity for defying company policy and look for things that policy tells you shouldn’t exist. It’s not much but it’s better than being completely naked in the rain.

Captain X-Ploit: Bills + Bagels = BOOYA!!!

February 26, 2010 Joseph Webster 1 comment

The Adventures of Captain X-Ploit:
Bills + Bagels = BOOYA!!!
– Part 2 of the epic chronicle –
Captain X-Ploit vs The Bills

David hastily dressed and ran downstairs where he was greeted by his dog Nicky, an intelligent, good natured Shetland Sheepdog. Nicky’s full name was David Nicholas Stone. The chief reason for her strangely unfitting, yet oddly familiar name was that David had trouble coming up with original names. He figured his name had served him well and didn’t see why it wouldn’t serve just as well for Nicky. That and Nicky didn’t seem to mind being confused with David on Bill Day.

Nicky licked his face as he knelt to pet her. “What do you want to eat today, Nicky?” David asked, whereupon Nicky cocked her ear with a confused sort of expression as if to say “you think I can talk now?” David simply responded with, “I’ll get you something nice,” as he stood up and walked out the door on his way to his favorite breakfast shop, “Bill’s Big, Bombastic Bagels“.

David entered the shop and after a quick glance around, realized that the familiar ubiquitous cash registers were no longer there. In their place was a strange, small machine. When David inquired about this change, Bill (from Bill’s Big, Bombastic Bagels not from Bill Day) responded smartly, “Just the guy I’ve been waiting for! Every week you short change my clerks or find some other sneaky way out of paying. Well this week I have you beat! This new state-of-the-art system is foolproof, not even you can beat it.”

“How does it work?” asked David casually. “Well, you see, you put your credit card in that machine,” he said, cackling and pointing to the new strange, small machine, “and it will give you a magnetic chip. Then you pick your items and exit the store. The chip activates the door and charges you for any items in your possession. Your credit card comes out on the other side of the door. It’s foolproof, I say! Not even the infamous Captain X-Ploit can beat it.”

“That’s really quite interesting,” David said rubbing his goatee, “But I believe I’ve already found a flaw in the system.”
“What!? No way! Show me!” sputtered the incredulous Bagel shop proprietor. David promptly walked over to the machine, inserted his credit card, got the chip, grabbed a shopping basket and walked out the door. He set the empty basket outside behind the door and reentered the shop, leaving his credit card in the return receptacle outside. Sauntering over to the bagels, he selected and bagged several dozen, and returned to the counter exclaiming, “I’m sorry I have no credit card, and therefore no way to purchase these many bagels. Further, I am unable to leave this establishment and that’s very inconvenient for I now must stay here and hold my bagels until this horrible flaw is fixed.

Visibly relieved, Bill, the Big Bombastic Bagel guy, smirked and proclaimed magnanimously with an air of victory, “No problem, I will retrieve your card for you.” The shopkeeper then inserted his own card into the strange, small machine, picked up the chip and exited the store. But just as Bill was halfway through the door, David tossed his bag of bagels over the open door and into the strategically placed basket outside on the side of the door opposite the credit card retrieval portal. Bill didn’t see this clever toss-the-bag-o-bagels move since he was busy retrieving David’s card.

Reentering with a triumphant look the Bagel-Meister returned David’s card to him. David, acting dejected said, “It would seem you are correct. I have been foiled. Sadly, I’ve lost my appetite.” He then used his card to exit the store empty-handed. As he retrieved his bagel booty, David was fairly certain that when Bill realized that he, Bill, and not David had been charged for the bagels there would be a barrage of exclamations emanating from Bill’s Big, Bombastic Bagels that would be heard throughout all of Trustonia. But that would be later.

Happy with himself David set off for his favorite coffee shop intending to obtain a cup of coffee into which he would dunk his, or rather Bill’s bagels.

In this episode of The Adventures of Captain X-Ploit by Nicholas Webster, we find our hero engaging in a sort of man in the middle attack whereby he obtains the goods and the unlucky victim gets the bill. But the important part of this parable is, I think, the misplaced confidence the victim places in his security measures that causes him to defeat his own system by attempting to work around an unexpected circumstance. Rest assured – all vulnerabilities are exploited strictly through unexpected circumstances. Stay tuned for more questionable adventures of the (not so) good Captain.

Why does Johnny get phished?

February 22, 2010 Joseph Webster Leave a comment

I was taught a month ago
To bide my time and take it slow
But then I learned just yesterday
To rush and never waste the day
Well I’m convinced the whole day long
That all I learn is always wrong
From Character Zero by Phish

Pretty much everybody realizes that phishing is not only a growing and painfully expensive problem - in 2006 phishing enjoyed a whopping 70% success rate on social networks – it’s also a demonically difficult attack to prevent and mitigate. We’ve tried detecting and preventing phishing scams by using filters to detect and delete suspicious emails at the server. We’ve tried finding and shutting down suspicious sites that have domain names similar to trusted sites. We’ve even tried using domain keys and Sender Policy Framework (SPF) to verify the DNS domain of the email server and to reject forged addresses in the SMTP mail from address. We’ve built tons of tools to provide visual indicators that help users identify potential phishing scams such as anti-phishing toolbars that display colored icons to indicate the degree of danger of a website, and others that provide risk ratings, information about the age and physical location of a web site. All designed to inform users about potentially fraudulent sites. We’ve even tried legislative remedies such as the CAN-SPAM Act of 2003 in the US and the Fraud Act 2006 in the UK. But after all that, the only really effective weapon we have is user training.

But here’s the rub – users are just not motivated to learn about security. They just want to get their jobs done and socialize with their friends on FaceBook. Until they get pwned. Then it’s our problem. Yep that user education stuff is not easy. In fact it’s so difficult that it prompted Martin Overton, a U.K.-based security specialist at IBM to say “User education is a complete waste of time. It is about as much use as nailing jelly to a wall.” In public and on the record. Recently I came across a presentation by Ponnurangam Kumaraguru (PK) from the School of Computer Science at Carnegie Mellon University where he and his colleagues seriously studied this problem of user education about phishing. Sort of like a Defence Against the Dark Arts class for web users. The fruit of their labors, PhishGuru, which turns out to be more like Finding Nemo than Harry Potter, is a surprisingly effective effort. PhishGuru which has been monetized through Wombat Security Technologies offers cute comic strips and games that, while admittedly silly and derivative (“Phil” is totally like Nemo), are also quite effective.

PhishGuru™ comic strips can help you learn to protect yourself, your employees and your friends from phishing attacks.

Anti-phishing education can be as easy and fun as playing a game! In about 10 minutes you can learn the basics of how to spot phishing attacks. Try out our game, Anti-Phishing Phil™, the first two rounds are free online for anyone to play.

I tried Anti-Phishing Phil myself, thinking “I know this stuff cold (I’m a pro after all)” and was chastened to find that I didn’t get a perfect score. PhishGuru was nice about it though. The point is that the information was great, and presented in a fashion that my mom can understand and identify with. And be able to put into action. Stuff like how to really understand the parts of a URL. I was impressed. So I read the paper on which this is all based: Teaching Johnny Not to Fall for Phish which concludes thusly:

In this paper we have presented the results of a user study that evaluated the effectiveness of existing online anti-phishing training materials. We demonstrated that – contrary to popular wisdom – anti-phishing user education can be effective: users get significantly better at identifying phishing websites when they actually read training materials. We also showed the different strategies that users adopt to recognize phishing sites, and how those strategies evolve due to the training. We also presented an analysis of existing training materials using learning science principles, and derived recommendations to develop further training materials in the context of phishing.

We have not tested the relative importance of the learning science principles in the context of phishing education; we plan to do this as a future work. We also plan to test whether these principles can be generalized to educate users about other online security issues.

So if you’ve ever tried nailing jelly to a wall you’ll be interested in the study. If you just want some help trying to understand and avoid phishing scams check out PhishGuru. And tell your mom about it.

Captain X-Ploit vs. The Bills

February 16, 2010 Joseph Webster 1 comment

There is no hope for a civilization which starts each day to the sound of an alarm clock. — Author Unknown

-~-~-~-~ ~-~-~-~-

The Adventures of Captain X-Ploit:
Greeting another morning in Trustonia
– Part 1 of the epic chronicle –
Captain X-Ploit vs. The Bills

David awoke this cheery summer day in his usual way, to the sound of his phone ringing. David had arranged, by the means of an online service, a wake-up call every day at 10 am. The average person would pick up the phone and hear the happy digital greeting saying “good morning, <insert name here>.” But David is far from your average person.

David had long ago discovered that the website collected a $1 call charge, adding it to your phone bill when you answer the call. While David enjoys waking up every morning to a voice saying “Good morning, David!”, he does not enjoy spending his money. So being clever, he came up with a solution: changing his ring tone to a voice saying “Good morning, David, you smart, handsome, brilliant, amazing…” it goes on from there, but you get the point.

After brushing his teeth to the steady stream of compliments spewing forth from his phone he walked over and pressed the deny call button. David looked out the window and gave a good loud yawn-stretch. It was a cheery enough day. The sun was shining and the people walked with smiles on their faces as is the custom in the small town of Trustonia. David couldn’t help but let out a smile himself. He always enjoyed starting his day with a good cup of coffee from the local coffee shop. The thought of that warm sweet coffee was not the only cause for his smile, however, today was also his favorite day of the month. Bill day!

Now for the average person bill day is hardly a day for celebration. It is a day for sober reflection on how lucky one is to have a job and money to pay for things like water and shelter. Things that, in a perfect world, you would get for free. But as I have already said, David is far from your average person. He sees bill day as a thrilling opportunity to solve progressively more complex puzzles. You see, David doesn’t work, and in fact has not held a job for years.

To this day he cringes at the mere thought of the hell he endured during his one day as a retail associate. For the average person it would have been a decent job, but not for David. No, David insisted on writing what was, in his mind, a short list of three hundred or so ways to avoid doing the tasks he was given. Then he presented the list of ideas to his boss, who apparently in a fit of pure joy and celebration at the wisdom of the words promptly fired him.

But I’m straying from the point I fear. Back to bill day. David enjoyed bill day most of all because it offered him the opportunity to use his unparalleled intellect to find new clever and creative ways to avoid paying his bills. At least with his own money. He had so far tried and succeeded with ploys ranging from arranging for his dog, also named David Nicholas Stone, to be responsible for paying the bills to convincing the bank that David Nicholas Stone’s bills had been paid at least several times that month. This month David was excited to see what new tactic they would use to get him to pay and what clever way he could dodge it. Every month along with the bill came a new letter of rules defining everything from who must pay to how they must be paid.

David’s rumbling stomach afforded him little time to dwell on the past and the upcoming fun. Right now he needed food and coffee.

The Adventures of Captain X-Ploit is a new feature of Security For All written by guest blogger Nicholas Webster. Each week you can follow the antics of David Stone and get a glimpse into the mind of Captain X-Ploit. In case you haven’t worked it out yet, this is an allegory of cyberspace viewed through a hacker’s prism. Let me point out that while our (anti-)hero is, at least in his own mind, quite clever his primary motivation is money. And if getting bills with a letter of new rules each month seems eerily familiar in a compliance sort of way, rest assured it is no mistake. Feel free to comment with ideas, interpretations, alternate realities or whatever. But be careful out there in Trustonia because I’m pretty sure that Captain X-Ploit is not out to save the day. Your day at any rate.

Computer as scapegoat

February 11, 2010 Joseph Webster Leave a comment

Don’t you just love it when the mainstream press does a story involving computers. It’s even better when the sources of that story are bureaucratic flacks. That can make for some truly amusing reading. But I have to admit that this headline on the Denver channel site, home of 7News the local ABC affiliate, takes the cake:

Unemployment Issues Blamed On Aging State Computer

I’ll admit to having quite the WTF moment after reading that. I mean all this time I thought it was the economy tanking that was responsible for unemployment issues. I had no idea it was due to an old computer right here in Colorado. Somebody should tell the President. I’m sure we could get that fixed for a whole lot less than he’s talking about spending.

But alas the article, which does in fact feature the aging computer pimped in the headline, was about problems at the Colorado Department of Labor and Employment. Better cancel that call to the President.

Despite a long list of problems, the state of Colorado is unable to replace its 25-year-old computer system, which is being blamed for several errors at the Department of Labor and Employment.

From long wait times on the phone to printing problems involving tax forms, the state says its computer can’t always effectively handle the high volume of unemployment claims.

Holy artifact, Batman! Slap a Museum sign on the door to that data room and charge admission. Or donate it to the Smithsonian Institute for the American Museum of Defunct Technology [not a real museum]. Yeah, I’ll bet it “can’t always effectively handle the high volume”! Question is can it ever effectively handle high volume. Now most stories like this one follow the predicable trajectory of all bureaucratic debacles:

  1. We’re doing our job poorly because [insert scapegoat here] isn’t working right.
  2. But we know exactly what the problem is with [insert scapegoat here] and how to fix it.
  3. It will cost [insert large amount of money here].
  4. But the [insert elected officials or group here] won’t give us the money.
  5. So the poor [insert afflicted constituency here] are suffering because of the bad [insert scapegoat here] that the [insert elected officials or group here] won’t fix.
  6. Recriminations and counteraccusations by [insert elected officials or group here].

But it turns out that this one kinda goes off the rails at step 4.

Estimates place an upgrade at $40 million.

The move to replace the system dates back to when [previous Colorado] Gov. Bill Owens was in office, but that attempt died.

The [current Colorado Gov. Bill] Ritter administration set taxes aside for replacement, but those funds were diverted and instead used for unemployment assistance.

Remember when $40 million was a lot of money? Ah those were the days… But I digress. So what they’re saying is that the the politicians did, in fact, set aside the 40 megabucks but then diverted it to pay for the service that the Department of Labor and Employment provides. Why those scoundrels! But wait, it gets better.

This isn’t the first time the Department of Labor has had computer issues. In the late ’90s, the state ditched a program called Genesis. It was supposed to track employment benefits, but was dropped because of accuracy problems.

Accuracy problems? Are you serious? A buggy program has accuracy problems. You fix those in engineering unit test – way before release. Unless you are Adobe, but again I digress. Maybe they mean there were implementation issues like with transferring and converting old data. Or maybe they mean that the data capture was just beyond the capability of the Labor Department IT staff. Or maybe all or none of the above. I’m guessing that it was just your typical government IT cluster…

Whatever the real story, one thing is very clear: we need to upgrade that old SCAPEGOAT v1.0. Maybe with a nice new SCAPEGOAT v20.10.

Cyber-bullying by the copyright Gestapo

January 31, 2010 Joseph Webster 1 comment

And though they’ll hunt you like a dog
Well they won’t take you alive
Because you make them piles of money
Stacked up twenty stories high
And the boys in every bar
Will not miss you when you gone
From A Heady Tale by The Fratellis

Whenever I write about copyright issues I like to set the record straight right off the bat. Having been a software developer for my entire career and a musician who records and produces music, I am not in any way opposed to the concept of copyright or copyright law. I’m certainly do not espouse the idea that all software wants to be free nor, much as I dislike the entertainment industry,  do I advocate torrenting music or movies to avoid paying. So having gotten that out of the way, I’m here to tell you that copyright enforcement is a whole other deal. Here in the US we must contend with the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) who have apparently decided that it’s far easier to blame any decline in revenue on “piracy” and sue potential customers, or threaten to and hope to settle out of court, than it is to come up with a viable distribution model for the digital age. But this week our European friends get to share the pain and witness the quasi-legal shenanigans that Americans have come to know and loathe. In this story by Nick Farrell in the Inquirer we hear about an episode of what I think can best be described as cyber-bullying by a law firm in the name of copyright enforcement.

So far at least 150 innocent people have been wrongly targeted in a crackdown on illegal file-sharing that’s being conducted by the rogue law firm run amok, ACS:Law.

The outfit has sent out letters to thousands of Brits accusing them of ‘piracy’ – that’s copyright infringement to anyone not trying to whip up public sentiment for their own monetary gain – and offering them a chance to settle by paying about £500.

However, loads of people are being accused with what must be inaccurate information. One was a 78 year-old accused of downloading pornography and others are unaware of having done any downloading at all.

“My 78 year-old father yesterday received a letter from ACS Law demanding £500 for a porn file he is alleged to have downloaded. Apparently the poor bloke does not know what file sharing is and has never even heard of BitTorrent. Nor has he given anyone else permission to use his computer.”

Which? Computing estimates that up to 50,000 letters have been sent out and is outraged that too many innocent people are being wrongly accused. Matt Bath, technology editor of Which? told the BBC that innocent consumers are being threatened with legal action for copyright infringements they not only haven’t committed, but wouldn’t know how to commit. But many “will be frightened into paying up rather than facing the stress of a court battle.”

Andrew Crossley of ACS:Law admitted that some cases had been dropped although he declined to give numbers. He told the Beeb [BBC to us yanks] that the method used to detect the IP address used for illegal downloads was foolproof, although that really does not explain why some cases needed to be dropped.

But behold, there is a glimmer of hope in this story. I mean other than the wicked sick ego and reputation boost for the 78-year-old guy accused of torrenting porn – You go, grandpa! No, I mean that you really can’t get too worried about litigation originating from a group whose spokes-weasel actually says “the method used to detect the IP address used for illegal downloads was foolproof” out loud. In public. To the press. I mean seriously, I can only assume that ACS:Law lawyers are the same class of moron as Mr. Crossley. [Andy, dude! - one word: TOR].

But sadly I don’t believe that Mr. Crossley and the gang at ACS:Law are stupid. They know very well that such a statement is ludicrous on it’s face and that no one with any kind of technical expertise will believe it. You know, the kind of technical expertise it takes to illegally torrent copyrighted material. So ACS:Law knows very well that the only folks naive enough to fall for their threats are not capable of doing what they are accusing them of. And that, my friends, smells a whole lot like cyber-bullying to me.

Meanwhile we have this dubious report by the International Federation of the Phonographic Industry (IFPI) [Note: Web of Trust (WoT) rates this site BAD in vendor reliability and privacy so be careful if you follow this link] that claims to provide a basis for such egregious behavior by the copyright gestapo. This article in Sonic State reports it like so.

The IFPI report that 95% of all music downloads are illegal – and they say that “cooperation from Internet Service Providers holds the key to this problem.”

The IFPI made the announcement as part of their Digital Music Report 2009:

Piracy is the major barrier to growth of the legitimate digital music sector and is causing severe damage to local music industries around the world.

Three of the world’s biggest music markets, all heavily dependent on local repertoire – France, Spain and Brazil – have seen a sharp slump in the fortunes of their local music industries:

  • In Spain, which has one of the highest rates of illegal file-sharing in Europe, sales by local artists in the top 50 have fallen by an estimated 65% between 2004 and 2009;
  • France, where a quarter of the internet population downloads illegally, has seen local artist album releases fall by 60% between 2003 and 2009;
  • In Brazil, full priced major label local album releases from the five largest music companies in 2008 were down 80% from their 2005 level.

The report shows that, while the music industry has increased its digital revenues by 940% since 2004, piracy has been the major factor behind the overall global market decline of around 30% in the same period.

Okay… So let me get this straight. All of the music purchased and downloaded from iTunes, Amazon, eMusic, Walmart, Napster and Rhapsody plus all of the smaller independent music label sites like Matador Records and individual artist sites together make up only 5% of music downloads? And that 25% of the internet population of France downloads illegally? And this is what is responsible for the 80% drop in full priced major label local album releases in Brazil? I don’t know what those IFPI guys have been smoking but they’d sure have a better chance of convincing me if I had some too. I mean seriously how would you find out that a quarter of the internet population downloads illegally in France and how can you correlate that to local artist album releases fall by 60% between 2003 and 2009. Hello! This is the internet. It’s everywhere. Like lint. And the copyright gestapo. What’s worse is that these bozos (or is that beau zauxs) are trying to convince ISPs that they should collude with the copyright gestapo. And the really sad thing is that some ISPs are going to buy into this nonsense. Let’s be clear here. I sympathize with the musicians who have seen sales of their albums decline. And I also sympathize with their unemployed fans who can no longer afford to buy music. What I don’t sympathize with is the copyright gestapo and their cyber-bullying.

Keeping up appearances at CSU

January 23, 2010 Joseph Webster 1 comment

This week my alma mater, Colorado State University, is engaged in a bit of bureaucratic theater that has once again thrust the city of Fort Collins into the national media spotlight. Ok flashlight. This article in the Denver Post covers it thusly.

Colorado State University today distributed a draft of its proposed weapons policy that would ban all weapons on the Fort Collins and Pueblo campuses, including guns being held by those with a concealed-weapons permit.

The issue became controversial late last year, when the CSU faculty voted for such a ban while student leaders voted against it. The CU Board of Governors will decide whether to implement the policy at their February meeting in Pueblo.

Drafted by campus administrators, the policy and its risk management approach is consistent with best practices of other colleges and universities, CSU spokesman Brad Bohlander said. It is essentially an extension of the current campus weapons policy banning weapons – including weapons owned by concealed-carry permit holders – in resident halls. The policy now expands those regulations to the entire campus with some exceptions.

So what problem does this proposed weapons policy address? Is CSU reverting to the wild west? Are gunfights erupting in classes and dorms? Are teachers and students threatened by gun-toting thugs? Well… not exactly. The raison d’être for this policy is best described in the preamble to the draft policy itself [emphasis mine].

Colorado State University recognizes that the possession, use, or display of Weapons on Campus should be subject to reasonable control to manage the increased risks associated with having Weapons on Campus, which is consistent with the best practices of other colleges and universities. Some of the data and analysis supporting those best practices are contained in the position statement dated August 12, 2008, by the Board of Directors of the International Association of Campus Law Enforcement Administrators, Inc. (“IACLEA”). According to that statement, the presence of students carrying concealed weapons would not reduce violence on campuses and that having such weapons may dramatically increase violence on campus arising from (a) the potential for accidental discharge or misuse of firearms at on‐campus parties or student gatherings, (b) the potential for guns to be used as a means to settle disputes, and (c) that campus police officers responding to a situation involving an active shooter may not be able to distinguish between the shooter and others with firearms. Colorado State University concurs with IACLEA’s position statement and believes that safety on Campus will be improved by reasonably controlling Weapons.

Ahh, I get it. This is one of those keeping up appearances kind of deals. For those woefully uncultured readers [in case there are any] Keeping Up Appearances is a British sitcom wherein the heroine, one Hyacinth Bucket – who insists her surname is pronounced Bouquet – is a social-climbing snob who passes her time visiting stately homes, hosting “executive” style candlelight suppers, and maintaining the integrity of her woodblock floor, wallpaper, and status in the community. Her aim in life is to impress neighbours, friends, and important people.

“Okay…,” I hear you saying, “so this policy only addresses potential problems, and mainly brings CSU in line with other colleges and universities. What’s wrong with removing guns from college campuses? And what does this have to do with security?”. Great questions. Glad you asked.

The problem is that this policy, like far too many security and anti-terrorism policies, does absolutely nothing except display political correctness. Aptly put by Shakespeare in Macbeth, “It is a tale told by an idiot, full of sound and fury, signifying nothing”. Manifestly, the danger of violence involving firearms on college campuses is real and present. Recall the Virginia Tech massacre in 2007. In fact the 2008 IACLEA position statement referenced so prominently in the CSU draft policy includes this not-so-veiled reference to that incident in it’s potential threats: “campus police officers responding to a situation involving an active shooter may not be able to distinguish between the shooter and others with firearms“. Certainly sounds reasonable. Except for these inconvenient facts – the “active shooter” was already actively violating any number of state and federal laws and there were no “others with firearms” except those who would be exempt in the policy. In other words it does absolutely nothing but keep up appearances.  That and waste time with debate and media coverage diverting attention from the fact that CSU, other colleges and universities – and pretty much everybody else including me – have no idea how to address the real problem. Will this policy prevent a tragedy involving guns at CSU? No. Will it make CSU students and staff safer? No. Will it make CSU appear more concerned with campus violence? Bingo! A tale told by an idiot, full of sound and fury, signifying nothing; but keeping up appearances.

Captain Underpants and the Traumatizing Titillation of the TSA

January 14, 2010 Joseph Webster Leave a comment

I’ll admit it. I’ve read every one of Dav Pilkey’s epic novels featuring Captain Underpants (the defender of all things pre-shrunk and cottony) and the rest of the crew from Jerome Horwitz Elementary. So when the Christmas underwear bomber incident hit the news, well it was just too easy to adopt the sobriquet for the hapless wannabe suicide bomber. While I’d like to take credit for the idea, I saw it first in tweet from @sectorprivate. But once again I digress.

When Captain Underpants attempted his incredibly inept act of terrorism and lit his privates on fire (that had to smart!) it was followed immediately by the requisite hand-wringing, blameshifting and calls for resignation of leading bureaucrats and political appointees from the opposing political party. In other words, same circus different clowns. The one actionable item that came out of this little in-flight weenie roast was a truly choice bit of expensive security theater. Full-body scanners. Yep, now we’re going to add that to the list of indignities heaped upon air travelers. This has raised privacy concerns within the air traveling public world wide. Witness the German “fleshmob” protesting against the use of full body scanners.

The underwear bomber’s Christmas Day attack has prompted calls for the increased use of full-body scanners at airports that would strip-search passengers down to their naked bodies.

So to protest the use of the so-called Nacktscanner (naked scanner), members of the Pirate Party in Germany organized a “fleshmob” of people who stripped down to their skivvies last Sunday and converged on the Berlin-Tegel airport.

It seems like everyone is worried about some TSA voyeur leering at naked images of them. But having spent a ridiculous amount of time in airports this last week I have several observations to make.

Observation the first – For every air traveling babe there are at least 50 bovines.
Observation the second – A similar ratio of hunks to heifers exists.

Therefore I posit that the real victims of the Nacktscanner are the TSA employees who will be forced to monitor them. I don’t know about you, but I think that it would take less than an hour of closely watching images of the air traveling public in the altogether before I was ready to poke out my own eyes. So if the public doesn’t like them and I can’t imagine anyone on the front lines of the TSA who is waiting breathlessly for them, then what exactly is the point?

Perhaps this is a new TSA plan to develop Super TSA Agents, figuring that if you can withstand a rotation of staring at a full-body scanner then you can handle anything – a real dead-eyed killer. Or maybe they can use them as a diciplinary device – “Jenkins, if you don’t pat down those passengers faster it’s the naked scanner for you!”. Or maybe even an HR screening mechanism – “So Mr. Smith, you would really enjoy being a full-body scan monitor? Sorry, pervert! Try politics or management”.

Being a “circle of life” kind of guy, I could really appreciate the symmetry of making Nacktscanner monitoring part of the punishment for Captain Underpants. Real biblical in a “reaping what you sow” kind of way. He should be forced to monitor high resolution scans of airline passengers in the buff all day every day for the rest of his life. While strapped to a chair so he can’t prematurely end the sentence. But that would truly be cruel and unusual punishment.

The naked truth is that we should just bag the whole lame idea of full-body scanners. But that wouldn’t make for very good theater now would it.

Web 2.0 Miranda

January 2, 2010 Joseph Webster 2 comments

don’t say a word or we’ll surely expose
that it’s you who are wicked and vile
anything you say will be used against you
and now it is you here on trial
from Don’t Say a Word by Cici Porter

For a long time now I’ve tried to get folks to realize that there is nothing private or protected about social networking. To wit, these posts here and here. In case you think I’m overreacting you should check out this post by Sharon Nelson in the {ride the lightning} blog.

Recently, Facebook spokesman Andrew Noyes said that the company has created a team led by a former FBI employee to manage requests for information in criminal cases. According to Noyes, a big part of the job is explaining the applicable laws and the limitations on access to Facebook user information. He said that Facebook strives to respect the balance between law enforcement’s need for information and the privacy rights of citizens.

To be fair to Sharon’s point in the post, judges are increasingly ruling on the side of individual privacy in cases with requests to make social network content discoverable or admissible. But the fact that the number of such cases have increased to the point that FaceBook needs a team to “manage requests for information in criminal cases” is my concern. It almost seems like this has progressed to the point that every social networking site should display your Miranda rights prominently. In actual fact FaceBook does display, albeit not terribly prominently, something like that in their Privacy Policy.

We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards. We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities.

Twitter has a similar statement in their privacy policy.

We may disclose your information if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect Twitter’s rights or property.

So what’s the big deal? These Web 2.0 site have to comply with the law just like everybody else. Exactly. So think about that the next time you want to post a photo of that truly epic party. You know, the one with the funny pictures of you and your peeps totally hammered and passing the bong. Or maybe that post where you really let everyone know how you feel about your sleazy ex. Just remember that you have been “Mirandized”. Sort of. And to the extent you have any rights you didn’t waive by using the social network.