No One Is Sure Which Country Is Helping North Korea Make Its Missiles (HBO)

By The Rundown Live

Last year, Michael Elleman, a weapons expert at the International Institute of Strategic Studies, published an alarming claim about North Korea’s recent missile gains: they may have been getting technology from a one-time Soviet factory.

Elleman rooted his analysis in a close examination of the rockets used on North Korea’s latest tests — which looked a lot like ones that were once made in the Yuzhmash factory, in the eastern Ukrainian town of Dnipro.

But at the factory itself — which since the fall of the Soviet Union has been rebranded as a space-exploration agency — officials were in a panic. They adamantly denied having anything to do with North Korea. And they let VICE News visit, the first time American cameras were allowed inside, in an attempt to prove they had nothing to hide.

Subscribe to VICE News here: http://bit.ly/Subscribe-to-VICE-News

Check out VICE News for more: http://vicenews.com

Follow VICE News here:
Facebook: https://www.facebook.com/vicenews
Twitter: https://twitter.com/vicenews
Tumblr: http://vicenews.tumblr.com/
Instagram: http://instagram.com/vicenews
More videos from the VICE network: https://www.fb.com/vicevideo

9 Reasons People Fear Freedom (From “A Lodging of Wayfaring Men”)

By Liberty Under Attack

9 Reasons People Fear Freedom (From “A Lodging of Wayfaring Men”)

Editor’s Note: I’ve currently been in a mood where I’m reading as much crypto-agorist/anarchist fiction as I possibly can. The current read is an absolutely terrific book by Paul Rosenberg titled, “A Lodging of Wayfaring Men.” (FREE DOWNLOAD | AMAZON AFFILIATE)

For context: when James Farber presents their private, anonymous, free, online marketplace to his new lover, Frances Marden, she is overcome with emotions. When she’s read about ideas such as these, she’s always loved them and been in favor of them–but, now that it’s a reality, she is emotionally torn up. One of James’ colleagues, Michael, provides her with 9 possible reasons for her current apprehension, or, in other words, why she fears freedom as a reality.


[BEGIN EXCERPT]

  1. Fear of responsibility. Freedom is threatening because it eliminates the possibility of shifting responsibility for your errors onto others. Freedom puts you right out in the open, with no cloak for your mistakes. It also gives you full credit for your successes, but that is seldom considered, as the fear-based impulses are generally stronger.
  2. Fear of separation. For a variety of reasons, most people have an instinctual fear of being separate. The feeling is that separation means death. This may be true in some rare situations, and certainly was true more commonly in the distant past, but it is an impulse only, not reason.
  3. Rulership as a force of nature. For the last several thousand years, nearly all humans have lived and died under some form of rulership. So many generations have come and gone under this arrangement, that it now seems to most people as a force of nature: That which was, is, and shall be. When you mention something different, it causes them mental stress.
  4. No mental image. Because none of us have ever lived in any situation except subjection to state power, we have no mental images of anything different. So, when we start talking about a truly free place with no rulers, the listeners have no images to draw upon. It seems like we are proposing a pointless journey into an unknown and dangerous place. Again, this is a feeling, not reasoned thought.
  5. Group conditioning. A central fact of modern social behavior is that almost the entire populace has gone through 11-17 years of social conditioning in the school systems. This conditioning shows up in a variety of ways, especially in dealing with authority figures. The conditioned responses are: Obey authority. Don’t cause a disruption. Accept the place given to you. Conform. The real effect here is the installing of comfort-reactions and discomfort-reactions. Our system flies in the face of almost all of this.
  6. Lack of critical thinking skills. For a variety of reasons (which I have not spent the time necessary to properly catalog), the 20th Century saw a mass movement away from respect for reason and toward a devotion to emotion. Have you ever tried to reason with someone who lives by emotion? It is essentially impossible. These people can be influenced by getting them to identify with characters from movies and television, or with celebrities, but seldom by reason. Now, most people aren’t fully that way, but modern critical thinking skills are disastrous, and a great many people distrust reason, with full faith in emotion. Many of them are beyond hope of recovery, and could be extremely dangerous in the wrong hands.
  7. Cognitive dissonance. This is what happens to people when they have accepted an idea, or series of complimentary ideas; then, an obviously different idea is presented, and it makes some sort of sense to them. It causes a conflict. This is properly called cognitive dissonance, and it is really just a mental conflict. People don’t do well with these conflicts; their general reaction is to eliminate them as quickly as possible. The easiest way to do this is to simply drown them out by reciting their original ideas, and trying to convince themselves that the previous ideas are right, and that they should not think about the new idea. Yes, this is dishonest, and yes, it requires denial, but most people prefer it to critical analysis of their existing ideas, and, potentially, changing their minds. Combine this with all the other items shown here, and the conflicts arising from taking on a difficult new idea are too much for many people to bear.
  8. Fear of reprisal. This is the simplest one. Think of an IRS audit, an FBI raid, or of Stalin. Obviously the rulers won’t like our free markets. It is not unreasonable to expect that they will take reprisals against people who displease them. A very reasonable concern.
  9. Fear of the world falling apart. The central myth of the nation-state is that it is necessary to hold civilization together; that without it, we would all degenerate quickly into killers and thieves. This has been repeated so frequently and so consistently, that most people accept it as fact, even though if asked to provide evidence, they have none. Actual analysis of this idea leads to a contrary conclusion, but that does not stop the impulse of fear. Very few people have ever questioned the nation-state myth at all.

Please enjoy, share the podcast around, and consider financially supporting the podcast–we need YOUR help to keep this going. You can become a patron on Patreon for exclusive content by clicking the image below. You can also donate crypto-currencies by clicking here.

The post 9 Reasons People Fear Freedom (From “A Lodging of Wayfaring Men”) appeared first on Liberty Under Attack.

The Fog of Cryptowar (4/4)(ShadowLife/Anarplex Mirror)

By Liberty Under Attack

The Fog of Cryptowar (4/4)

Editor’s Note: This is page 4/4 of this extensive article. Click here to go back to the beginning.


Regulation undermines innovation.

Regulation in all areas creates a cost of compliance that redirects resources from developing what the customer actually needs. This is a commonplace. Furthermore, regulation in this particular field prevents the use of best practices, which actually creates harm for the customer.

However, regulation in other fields is accepted since it is perceived to provide a public good that would otherwise not be created. Here the argument cannot be simply that of arguing against regulation – since it is otherwise widely accepted – but instead it must be questioned if regulation in the field of cryptography would create any public good at all.

In our survey of the various means to regulate cryptography it should have become clear that while a primary public good – security – is attempted, all known means to provide it in this field also come with enormous risks for security itself, making regulation self-defeating.

Certification

If any specific regulation on cryptography is established, the question of certification arises. Which software and hardware implementations implement the legal requirements, and how can a customer verify this?

This requires both setting a standard for implementation, as well as verifying individual implementations of this standard. The standard will also require timely updates as technology progresses.

Since software and hardware are global markets, international cooperation will be required. It is unlikely that the majority of relevant countries, so diverse as USA, Germany, Canada, Russia, China, India (to name just a few), can agree on such a sensitive topic – especially since the necessary mutual trust is simply not present. If they don’t, a fragmentation of the market or mounting legal risks will be the result.

Enforcement and Effectiveness

For any regulation to be effective it first needs to be enforced, or adherence will be very low.

Some pro-crypto activists argue however that enforcement is impossible, since it would require censoring all sources of illegal cryptographic software, apply protocol fingerprinting to detect illegal use, and that no big vendor would adhere to regulation anyways because of market demands.

We would agree if the goal were total enforcement. However, almost no laws are completely enforced. All complete enforcement requires totalitarian systems.

Instead, pragmatic politics is aware and accepts that enforcement is necessarily incomplete. This acceptance has three reasons:

  1. A large number of people will obey the law simply because there is a non-negligible risk of being caught and punished. As soon as enforcement pressure is high enough, most people fall in line. This is the case for copyright infringement on the Internet, speed limits, gun laws, and drug laws. Complete enforcement fails, but the behavior of the population is nevertheless shaped according to the goal of the law.

Unless the want for cryptographic protection trumps the probability of being caught and the punishment to expect, people will obey.

This is fundamentally influenced by how much cryptographic protection adds to the satisfaction of wants and needs, since it is no primary motivator for most people. For decades, strong cryptography was available on the market, but inconvenient to use. So the vast majority of people did not use it. Will the new inconvenience of enforced crypto regulation drive down use? It certainly will.

  1. For those that break the law the risk of being caught will increase. This means that some of the people that hide their crimes with illegal cryptography will at least be caught for their use of illegal cryptography.
  2. Law changes social perception. Lawbreakers must hide the fact that they break the law in front of people that might be law abiding. This leads to social ostracism which becomes a means of enforcement. Unless a behavior is widely accepted, this mechanism is highly effective. It is not unheard of that users of cryptography are asked justify themselves, most often with the old tome: “If you have nothing to hide you have nothing to fear.” Similarly, people that are suspected by their social environment to be criminals face a much higher risk of being reported to law enforcement.

It is no question that some criminals will not forgo the protection of cryptography, but even criminals are faced with choices and trade-offs. They have to invest their time, money and risk-tolerance wisely. This will undoubtedly lead to some criminals lowering their guard in the common assumption that “it wont be me that is caught”. It is the easy access to cryptography that makes it wide-spread in some criminal circles, if the effort to procure cryptographic tools increases, some will not go the extra mile to procure it. And for those that do, if they cannot effectively hide their use of illegal cryptography, it will paint a target on their back for law enforcement to employ more targeted (and expensive) methods.

Another consideration in this case is that the lack of a public market for cryptographic software will inevitably lead to less knowledge about which products are trustworthy and which are not. There will be less recognized experts looking at illegal products, so illegal products will be harder to trust. This will certainly be exploited by intelligence agencies that then will spread fear, doubt and uncertainty about some products, while trying to lure targets into products that have been outfitted with some kind of backdoor or weak algorithm.

It must therefor be concluded that no regulation actually targets the highly professional, well equipped, deeply educated and risk aware criminal. No previous laws have – notwithstanding public assurances of the contrary, which are just for soothing the general public. Otherwise our prison would be empty and judges out of work.
It is important to get this illusion of perfectly effective enforcement out of our heads, and the debate.

It remains the question of how to lower the availability of cryptographic tools to even begin with having any enforcement pressure.

The vast majority of all installations of cryptographic software is either shipped with the operating system (hard disc encryption) or delivered via App Stores (almost exclusively messenger software). The current majority usecase clearly points at smartphones and tablets, as well as netbooks. Sales of personal computers and laptops have been plummeting, except for gaming.

This puts the platform operators into a position of substantial control. While side-loading of applications is possible on most devices, it is inconvenient and not emplyed by the majority of users.

One approach then could be to enlist the support of these platform operators, that control both hardware, operating system and application delivery. A simple request could be to ban certain software from the App Stores. This has precedent, for example Apple banning VPN applications, and Google removing the Catalonian Referendum App because of a mere court order.

Such a ban on illegal cryptographic software does not need to be total, it is sufficient if vendors remove those applications on a case by case basis as prompted by law enforcement. If vendors do not comply, they could be held liable.
It is probably unfounded to believe that platform providers will actually stand up against government demand if they do not have public opinion strongly on their side. This should be concluded from their behavior towards China, Iran and India, where they cooperated with local government against the security and freedom interests of the population.

Do those corporation risk losing customers when they go along with regulation? Certainly they do, though the impact is hard to measure. If public opinion can be swayed in favor of regulation, the impact will be minimal. Especially since most consumer decisions will not be primarily informed by privacy issues, but rather by convenience, availability, network effects, and low risk (through certification). This should have become clear in the wake of the Snowden leaks – neither Google, nor Facebook, nor Apple lost substantial numbers of customers – even though everybody now knew that they participated in mass surveillance programs.

Unless public opinion firmly opposes regulation of cryptography, enforcement will be no major hindrance. And to accomplish public resistance, sound arguments are required.

Plausible regulation to mitigate the Going Dark Problem. A prediction.

After describing the motives for regulation and various technical approaches to implement it, we have to ask what actual means of regulation are realistic today. The survey of technologies has revealed that hard-handed approaches like those of the 1990s are hard to implement, and even harder to keep secure enough in a digital society.

Furthermore government is confronted with a much wider landscape of cryptography vendors and international stakeholders than before.

Various approaches can be ruled out:

  • Undermining algorithms and outlawing strong cryptography: Both lower the security of critical systems, and the general security of the population so far that the risks posed by cybercrime and cyberwar would become unacceptable.
  • Mandatory government backdoors: Again, the security impact here is out of control. Risking the computing and storage of whole nations to be subverted by criminals and foreign enemies cannot be justified.
  • Domestic or international key escrow, content escrow and key discovery schemes: The costs of implementation, maintenance, verification and certification would make this the biggest coordinated information technology project ever. The risks of project failure, insufficient security and stifled innovation are enormous. The required international coordination to prevent market fracture goes beyond what is possible in the current global political climate.

It is not clear if it can be ruled out that protocols would be undermined. While the risks posed by this approach are uncontrollable and many international technical standards would need modification, the repeated focus of some politicians on end-2-end encryption is concerning. Maybe this points at an actual attempt to persuade vendors to limit its use, or it is a position taken to shift the future compromise further into the field of the anti-crypto faction.

This apparently leaves government hacking and to convince software vendors to ship software with less secure default settings, especially to hide key ownership verification (to support man in the middle attacks) and to automatically backup communication logs and recovery keys to the cloud.

We think that this conclusion is a bit rushed and not in line with the (apparently) coordinated statements of politicians from various countries. The pressure generated by public opinion and law enforcement interest groups, and specific statements by politicians that they “just want frontdoor access” and “providers need to be able to provide plaintext” should give us pause and allow us to outline a few plausible additional regulatory steps.

Let’s first remember that the goal of regulation can only be to influence mass market availability and adoption of cryptographic tools that preserve confidentiality of content and communication relationships (metadata) against targeted government investigatory powers (1). That is where the going dark problem rests, and it is the minimal request by law enforcement. An extension of this goal would be to make users of strong, unregulated cryptography easier to identify and consider the use of these technologies as circumstantial evidence for criminal intend (as is today the possession of a “weapon” while committing any other crime).

Second, it seems that the problem with most regulatory approaches is that they create the centralization of control (escrow keys or access keys) in systems that are hard to build, maintain, secure and certify (2).

Third, international coordination of detailed regulation does not seem realistic in the current global political context (3).

Lastly, fourth, the technical context is currently dominated by few platform providers that control operating systems, application delivery and to some extend hardware (4).

Can there be a regulatory approach that recognizes these four points and incorporates them? We argue that five regulatory approaches are both realistic, and likely:

  1. Defense of metadata access: Convince vendors to refrain from creating systems that do not produce or retain metadata. This solves one part of the Going Dark problem and is relatively easy to argue for in the public sphere. While confidentiality of content is a long-cherished value in many societies, the anonymity of communication is widely faced with suspicion. Furthermore systems that suppress metadata are relatively hard to create, while metadata itself is of great interest to many vendors because it opens potential monetization strategies.

Various attempts in this direction have already been made, notably by the EU (data retention), UK (investigative powers act) and the USA (repeal of regulations that prevent metadata collection and use by providers). Furthermore metadata generation and retention are one of the core demands of Interpol and Europol reports on cybercrime.

  1. Nudge vendors to deliver software with less secure default settings: Many cryptographic tools can be weakened indirectly by exploiting human error. Most users are unaware of the necessity of verifying the identity of communication partners and the ownership of keys. This can be exploited by making key verification not a mandatory part of the user experience, but instead hide the feature, or refrain from implementing automatic protections. Intentionally or not, this could already be witnessed with Whatsapp, where verification of keys during key rotation was not performed, and the user not informed about the fact that keys had been rotated. This would in many cases be sufficient to trick users into communicating with a man-in-the-middle.

A similar approach could be taken when it comes to preserving communication histories or backups of local data to the cloud in a way that keeps the data accessible by the vendor. This could already be witnessed with Apple iMessage.

  1. Lawful hacking: Various countries, among them the USA, Germany and the Netherlands have made the exploitation of security vulnerabilities and infiltration of computer systems legal for law enforcement. Even in the wake of protests and legal ambiguities, this is quickly becoming a standard tool of police. A further strengthening of international cooperation in this field, especially in the sharing of exploit code and methods, would decrease costs and increase applicability, and potentially mitigate the problem of 0-Day exploits (secret vulnerabilities) by making 1-Day exploits (vulnerabilities known to vendors but not yet patched) practicable.

One issue in this regard does require more attention: International frameworks for cross-border lawful hacking are both necessary and so far non-existent. We can witness, however, that since the G-20 talks in 2017 there have been efforts to regulate this aspect. Various proposals for cross-border cooperation, digital evidence collection and legal process coordination have been made and are finding growing support especially in the group of EU, USA, UK, Canada. It should be expected that this tool will soon receive a multi-jurisdictional framework and standardization, which in turn will allow cooperation to increase effectiveness and efficiency. Lawful hacking most certainly is here to stay and spread.

  1. Use of update mechanisms to deliver police trojans: An extension of the lawful hacking approach is to use the system or application updaters to directly deliver government software to targeted devices. This is a very attractive method since it could potentially solve problems with exploit availability, targeting, security, and documentation that can be revealed in legal discovery. Updater software already exists, it already has the necessary authorization to install and modify running code, the delivery infrastructure exists, and pin-point targeting is available as well. Using updaters thus does not introduce new security or reliability problems while at the same time reaching the vast majority of devices.

However, vendors need to cooperate in this and must actively support law enforcement with each investigation. It would be too risky to weaken update security by giving police direct access to the infrastructure or required signature keys. Vendors in turn will refuse to cooperate if the process is not completely transparent and secured by legal safeguards – like the issuing of warrants, auditing, and notification of users after the fact. Furthermore the use of this method must be effectively limited to prevent accusations of mass surveillance. It might plausibly be enough to agree on limits on the number of undermined update events and publish statistics to sway public opinion – and thus vendor cooperation – to support this.

A variation of this approach is to not deliver police trojans, but to simply suppress updates for targeted devices. This could be used to extend the lifetime of security vulnerabilities that can be exploited by lawful hacking – after a device has been successfully infiltrated, patching of security vulnerabilities could again be allowed.

One warning should be added: Vendor cooperation to target specific devices leaks investigation details to the vendor. Law enforcement prefers to keep this secret.

  1. Mandate plaintext access: An elegant solution to the intricacies of key escrow and key recovery issues, at least from the point of view of regulators, is to refrain from defining any specific scheme on how to implement these. This gets around many of the complex details of certification, verification and international standard creation, as well as the impacts of regulation on innovation, single point of failure creation, and some security issues. Instead of mandating specific technical implementations, a result driven regulation would “only” mandate that vendors have to be able to make the plaintext of specific messages or device contents available on request.

Vendors would face fines in those cases where they are unable to deliver plaintext to law enforcement in specific cases.

This approach would of course put the complete technical burden on the shoulders of vendors, meaning that some vendors would be driven out of the market since they cannot provide adequate technical and organizational implementations to fulfill law enforcement requests. But it would also mean that no new entities have to be introduced that would present new points of failure or breach – leading to a more decentralized infrastructure.

To further enforce such a scheme, app-stores could be forced through court orders to remove applications that have failed to implement plaintext access as demonstrated by unsuccessful law enforcement requests – in the worst case automatic de-installation of those applications is technically feasible.

This approach of simply mandating plaintext access is attractive to law enforcement and politicians since it reduces the complexity of their parts significantly, hides the problematic details, and shifts all effort and liability to vendors. It looks good on paper. But it may not be forgotten that, while reducing the complexity of the overall implementations, the security problems of key escrow, content escrow and key recovery schemes still exist, even if on a smaller scale. Implementing such a regulation would undoubtedly lead to lower overall confidentiality for data at rest and in transit – not just versus law enforcement, but also unlawful access. While this might be partially mitigated by some platform providers that also have control over the hardware design, independent software-only vendors would still face a situation in which they will have to increase the risks their users face just to be able to cater to law enforcement.

Conclusion and advice.

We hope to have given some perspective into the technical, organizational and legal aspects of this new iteration of the Crypto Wars. We face a different situation today than the one faced in the 1990s.

The arguments usually parroted in media are not sufficient to make cryptographic regulation unattractive to politicians. Several possible routes of regulation exist, as well as approaches that do not require vendor regulation (for example, to support lawful hacking).

The risk here is that overcome arguments distract from those alternative routes instead of resisting them. The problem we face is much bigger than just cryptographic regulation – we are facing a change in the views and guarantees of confidentiality.

This means that we have to extend the debate to include these aspects:

  • Vendor neutrality: Should it be possible to force vendors of software and hardware, and not just communication providers, to provide law enforcement with extraordinary means of access?
  • Integrity of Information Processing Devices: Should we allow for provisions that undermine the integrity of – and the user’s control over – personal computers, smartphones and tablets? What are the ramifications of such provisions in light of legally binding digital contracts, liability, and the permissibility of digital evidence? Should information processing devices be considered extensions of the person that operates them, or do we consider them external artifacts that fall under public purview?
  • Freedom of Processing: Do users have the right to control what software runs on their devices? Do they have the freedom to install, remove, and develop whatever software they see fit? Do users actually own – and control – their devices?
  • The Right to Digital Self-Defense: Are individuals allowed to take steps to defend themselves against security risks in the digital sphere? Are they allowed to take best practice approaches to make themselves less vulnerable to cyber crime, and in extend contribute to making a nation less vulnerable to cyber war? Should we consider good security practice in the digital realm as part of civil defense?

These are the hard questions to ask, and they are closer to the public’s interest and domain of knowledge than many intricacies of cryptography. The answers to those question also have broader applicability – they inform future debates as well and thus can serve as precedent for finding new norms in social ethics.

Apart from these political and ethical aspects, the debate has also revealed potential weak spots in how we do computing these days. Especially the dominance of few platform providers, the vulnerability of update processes and lawful hacking should inform us to take technological action. A few suggestions in this regard:

  • Software delivery should be secured by some form of “Single Source of Record” that automatically verifies that a product delivered to a device does not deviated from installations on other devices.
  • Secure software development: The process by which software is developed needs to be taken more serious, especially for open source software. We need better review and auditing processes for security critical code, and greater isolation between security critical and non-critical modules. Furthermore, review and auditing processes deliver only limited protection to users if the build (compile) process cannot be verified. This means that verifiable, deterministic builds should become commonplace.
  • Platform vendors: The angle by which any regulation today is possible is through the high dependence of most users on platform providers that control both the operating system and the application delivery channels. It is this dependency that allows regulation to capture wide sections of the market by focusing all attention on a handful of corporations in very few jurisdictions. Both from public policy and security perspectives this is a risk-laden state of affairs that requires to be defused.

We hope that we could widen the perspective on the current debate with this text and warn against arguments that are not timely anymore. Furthermore we hope that we could give some hints to make the debate more fruitful, and suggest some areas of focus for engineers and developers in which they can help shape the environment of the debate towards more secure, and more freedom-preserving systems.

PREVIOUS PAGE | BEGINNING


Please enjoy, share the podcast around, and consider financially supporting the podcast–we need YOUR help to keep this going. You can become a patron on Patreon for exclusive content by clicking the image below. You can also donate crypto-currencies by clicking here.

The post The Fog of Cryptowar (4/4)(ShadowLife/Anarplex Mirror) appeared first on Liberty Under Attack.

The Fog of Cryptowar (3/4)(ShadowLife/Anarplex Mirror)

By Liberty Under Attack

The Fog of Cryptowar (3/4)

Editor’s Note: This is page 3/4 of this extensive article. Click here to go back to the beginning.


Key Escrow

Key escrow in the strict sense means that all keys (in this debate, confidentiality keys), must be shared with a trusted agent – like a government agency – before they can be used for encryption. In the case that encrypted data must be decrypted under a warrant, the police would then request the key from the agent and perform the decryption.

While possible to implement from a purely theoretical point of view, key escrow mechanism are inherently complex when deployed on a larger scale. It must be considered that there must be a secure way of transmitting the secret keys between the user and the escrow agent, and that those keys must be made accessible to law enforcement in some way.

Very naive approaches use only one additional, global key to secure this key transport. But this makes that gloabl key a secret on which the confidentiality of all communication within the domain of regulation would rest. The escrowed keys must be stored, managed and protected against unlawful access.

If recent history is any indicator, then building such a system even on a national scale is unrealistic. Many government agencies have suffered fatal data breaches recently, including the NSA (which is specialized on keeping secrets), the CIA (the same) and the Office for Personal Management in the USA. This list of breaches is far from being exhaustive, but it demonstrate the risk of a key escrow agent would face.

This risk is compounded by the fact that two conflicting requirements exist for an escrow agent. On the one hand he must protect all keys against unlawful access, on the other hand he must establish a way to share those keys with law enforcement in a timely manner. This makes it necessary to keep some form of the key digitally available and online -which in turn exposes that key to attacks.

To mitigate the risk of a single escrow key, some schemes suggest the use of splitting the user’s key between many key escrow agents that then have to cooperate to reveal the key. While the security of these schemes is higher, they also multiply the complexities and cost of such a system, especially in regards to deployment and operation.

Furthermore the process by which law enforcement can request keys from the escrow agent(s) must be secured and authenticated, meaning that law enforcement requires to have some form of authentication key that would be used to demonstrate legal access. Each authorized agency and office would require one of those authentication keys. However, since each of those keys comes with the ability to reveal an escrowed key from the agent, the security of a key escrow scheme would rely on the secrecy of each of those authentication keys.

Additional problems like secure key rotation, availability of the agent, and cost of operation would likely turn this approach into the biggest and most complex government mandated information system project in history. The risk of failure to deploy, security breaches, and the cost of operation make such an approach unrealistic.

Another problem of key escrow systems is the scope in which they are to be deployed. If they are deployed as a global infrastructure, the management and regulation would require global political coordination. If they are however deployed on a national scale, they would require some means to enforce the specific demands of the jurisdiction on the user’s device – like choosing the transport key of the national key escrow agent.

A further problem of key escrow mechanisms is that they conflict with cryptographic best practices, especially Perfect Forward Secrecy. Here a new key is generated for each message and old keys are immediately destroyed. This ensures that a leak of keys does not put all communication at risk of being decrypted, but only the communication during a short time frame for which the key was stolen. Key escrow systems however require that keys are shared with the agent which both introduces a long-term storage of secret keys that can potentially decrypt the communication of years and an enormous amount of communication between user and escrow agent since every new key needs to be escrowed.

Another best practice that is incompatible with key escrow is the use of authenticated encryption. Here the same key is not only used for confidentiality, but also for integrity protection (and indirectly authentication) of the communication. Sharing this key with an escrow agent would allow the agent to not just read the communication, but also manipulate it without the original parties being able to detect this. Which means that not only confidentiality of data is at risk, but also the security of the communicating devices.

Instead of the user generating a key and then sharing it with the escrow agent, the escrow agent could also generate keys for the user. This suffers from the same problems, but introduces an additional one that the security of all keys relies on the security of the key generation method employed by the escrow agent. Implementation mistakes in cryptographic algorithms are commonplace enough that this could potentially lead to a situation in which the security of all keys is undermined but without anybody being able to detect it – except for a successful attacker.

Advances in cryptography may also lead to key escrow becoming much more secure. For example, various proxy re-encryption schemes could be employed to mitigate many of the security problems of previous approaches and reduce the complexity of implementing key escrow.

Content Escrow

Instead of encrypting data end-2-end between the intended sender and recipient only, a third party (called agent) can be introduced to which all content is encrypted. Various protocols exist that make this possible and enforceable, as long as at least one of the original parties is honest. The communication can then be intercepted by regular means and decrypted if the need arises.

Content Escrow schemes allow the continued use of some forward secrecy mechanism as long as the agent actively supports them.

One additional problem of content escrow mechanism is that the agent plays an active role in communication, which increases the demands for reliability and accessibility of the agent. Should the agent become unavailable, this could (depending on the protocol) prevent communication which turns the agent into a single point of failure and would make it a prime target for denial of service attacks.

Key Recovery

Key Recovery schemes are similar to Key Escrow schemes in that they make keys available to a trusted third party. However, keys are not directly made available to an escrow agent to be stored, but instead require access either to one of the devices that communicate with each other, or realtime interception of the communication.

In key recovery schemes the confidentiality keys generated by the user are stored in a secure storage module of his device, stored in a remote cloud account, or transmitted with his communication. The keys are encrypted for one or more escrow agent keys.

Key recovery schemes have the same problems that key escrow schemes have, but they are less resource intensive because no communication with the escrow agent is required by the user. Instead the existing interception capabilities of communications providers are used only in those cases when a need for interception actually arises.

Key recovery schemes for data at rest, especially encrypted devices, are a seemingly attractive approach because any access to the secret keys would require access to the device as well as cooperation of the escrow agent(s). This could potentially satisfy part of the law enforcement demands without undermining security too much. However, the implementation of such a recovery scheme would require the creation and deployment of special secure storage modules in all relevant devices – current devices would not be covered.

A final note should be added concerning key escrow, content escrow, and key recovery. All these approaches are brittle in the sense that there is no guarantee that they will work when they are most needed. Verifying that such a scheme works in a specific case requires actually decrypting the data of interest. If such a verification is not undertaken frequently, these schemes might break without being noticed. However, this creates new legal problems since the interception and decryption of data for verification purposes is hardly justifiable by current standards of law. Attempts to verify those schemes by employing the (automated) cooperation of the communication partners only applies for data in transit, and always relies on the honesty of at least one party. Since these schemes are only considered to catch criminals (people that actively and intentionally break the law), such a cooperation cannot be assumed. It is this verification (among some other aspects) that doomed the famous Clipper Chip key recovery system that the USA tried to roll out in the 1990s. Since then, no substantial improvement on this front has been made.

Mandatory Key Discovery

Several jurisdictions (UK, indirectly USA and Canada, amongst others) have codified laws that are meant to compel suspects to reveal their secret keys and passwords to law enforcement or the court. If the suspect does not comply, fines and prison time await him.

This approach suffers from technical, practical and legal problems:

First, it is of no use if the suspect employed Perfect Forward Secrecy in his communication, or uses timed encryption for his storage devices.

Second, it is hard – and sometimes impossible – to distinguish between a suspect that is unwilling to reveal his keys and one that is unable to – either because he forgot or he never actually knew the keys (mis-attributed device, or hardware security token that has been destroyed).

Third, it is questionable if anybody should be mandated to produce incriminating evidence against himself. Since we are no legal experts, we must refrain from further judgments. However, the legal implications are deeply troubling.

Insecure default settings

It seems that one of the approaches that have been tried by both the USA and the UK is to influence software and hardware vendors to abstain from making strong cryptography the default configuration of their products, while keeping the capability in tact.

This attempts to at least catch the low hanging fruit, the fully incompetent criminals. Surprisingly, this might actually be a productive means since criminals in general are caught because of their incompetence – until they learn.

Remote Access Schemes

A prominent approach to solving the Going Dark problem is to allow law enforcement remote access to the device of a suspect. Various variations of this method exist which we will cover below. Common to those variations is that they suffer from three problems:

  1. Access control for the use of those remote access methods is a hard problem. Only law enforcement, and ideally only with a warrant, may be able to use them. Hackers and foreign governments must be excluded. This essentially mirrors some of the problems that key escrow systems have. There must be a secure way of targeting the device and necessary access credentials (or other secret knowledge required for access) must be securely managed.

As is evident from the NSA and CIA Vault 7 leaks, it is an enormous undertaking to guarantee this. Without such a guarantee, remote access schemes have the potential to undermine the digital infrastructure of nations, making it vulnerable to hackers and cyberwar.

From a purely national security perspective, this appears a price too high to be paid.

  1. Digital evidence gathered through remote access, as already mentioned before, is of questionable repute. Since remote access would necessarily allow control over the target system any data on it could be manipulated and falsified, including the suppression of evidence or the creation of false evidence. Because all access happens in a covert manner, legal recourse is at risk, and because the access methods must be closely guarded for security reason, they cannot be revealed in legal discovery. This boils down to the necessity to simply trust the individual law enforcement officers to be honest – and that in light of cases in which police has planted drugs as evidence, and the proverbial “Saturday Night Special”.
  2. Devices may be hard to assign to a jurisdiction. It is necessary to determine the actual location of a device before infiltrating it, otherwise the police of country A could break into a device in country B, leading to potential diplomatic turmoil. It is unlikely that a country like the USA would welcome the remote searching of a domestic device by the police of China or Russia.

Mandatory Software Backdoors

Government could mandate backdoors to be implemented in operating systems so that law enforcement can access any device remotely, given the necessary authentication credentials. This is highly problematic since it risks the integrity of all devices because of an intentional security hole. Securing the access credentials so that they do not fall prey to hackers and foreign adversaries would be an enormous, and potentially impossible task. Furthermore, since software and devices are shipped internationally, such a backdoor would have to be deployed per jurisdiction – potentially at the border. This is frankly unrealistic and dangerous beyond words.

In addition, the backdoor would also be required to be securely programmed in the first place to prevent exploitation even if there are no valid authentication credentials known. Furthermore the communication towards such a remote backdoor would have to pass through all firewalls on the way – meaning that firewalls need to be configured accordingly as well. This applies not just to corporations but also to standard users since off the shelf home routers come with enabled firewalls. Beyond that, the targeting and the reachability of the device must be guaranteed, even though NAT, and especially Carrier Grade NAT is widely deployed and doesn’t support uninitialized incoming connections.

This would mean that government has to deploy something like current malware that actively reaches out to a command and control server or network (C&C) to request instructions. This C&C would become a prime target for denial of service attacks, but also a great source to find out who is currently under investigation, counteracting investigative goals.

Lawful Hacking

Several countries, including Germany, the Netherlands, USA, have created legal frameworks to allow law enforcement to use existing security holes in deployed software to break into systems to remotely identify, search or tap them.

The main problem with this approach is that it requires that law enforcement has access to exploits – software that uses security vulnerabilities in the target to gain system access. These exploits are highly sought after knowledge, and with the growing demand by not only cyber criminals but also law enforcement, intelligence agencies and military, they become a tradeable good that demands increasing prices.

This creates a dilemma. On the one hand government has the mandate to protect its citizens (and that includes their computers) against crime and foreign aggression. On the other hand government needs to keep exploits secret because law enforcement relies on it to execute remote access for investigative purposes.

In addition to the problem of deciding which security holes to make known to vendors for patching and which to keep secret, the demand for exploits by government potentially creates a market that further erodes security because criminals are incentivized to introduce these vulnerabilities into software. For example, contributers to open source software, or employees of software companies, might be tempted to introduce exploitable bugs into software and to later auction exploits for them to the highest bidder.

Since these exploits often demand prices beyond 500,000 USD, this is a pressing risk – especially for open source software where contributors are usually not vetted and identified sufficiently.

One suggested escape from this multi-faceted dilemma is that government only uses security vulnerabilities that have already been made known to vendors but not yet fixed. For example, it is rumored that the NSA has access to the CERT feed over which vendors are informed about found vulnerabilities. While this softens the dilemma, it comes with its own problems:

  • The time to create and deploy the exploit code is significantly shortened, requiring that the government employs highly skilled and motivated experts that program and test these exploits around the clock. Again, those exploits should not fall into the wrong hands, but at the same time need to be quickly made available to authorized law enforcement entities.
  • Giving government access to a stream of vulnerabilities also means that potentially many more people gain that knowledge, risking leaks. Furthermore: How to decide WHICH government should have priority access to that knowledge, and what consequences does this have for national security?

At least the approach of using only 1-Day exploits (those vulnerabilities made known to vendors already) would contribute to drying up part of the market for exploits.

A variant of this method has recently become known. In some (unidentified) countries, internet service providers were enlisted to help the government in targeting specific users by infecting downloads with remote access trojans on the fly. So called drive-by attacks depend however on insecure usage practices of the user and are unreliable. They also suffer from mistakenly attacking innocents.

Targeted Updates

A rarely discussed method for remote access is the subversion of update procedures. All devices require regular updates to fix existing security vulnerabilities or deliver new features.

Update processes already inherently have the ability to change every part of the device’s software and they often provide targeting methods already – through device identifiers or licenses.

As such, they could be considered to be intentional backdoors.

Software vendors currently employ digital signatures to secure and authorize their updates. This method could however be used by law enforcement if software vendors can be convinced (or forced) to comply. It is certain that vendors would resist such a move vehemently, but they have also a record of previously cooperating, especially when it comes to third-party software delivery.

Both Google (Android) as well as Apple (iOS/iPhone) have already suppressed and forcibly deinstalled software from their customers’ devices, which allows for the assumption that they could also be made to install software – if government asks for it and a sound legal process for it is established.

Common Problems with various regulatory means.

In the following we will touch several open questions and problems that are common to all attempts to regulate cryptography, as well as engage with some of the arguments against it that are often repeated.

Regulation undermines security

All means known to us that soften the Going Dark problem lower the security of information systems and communication to some extend. This is to be expected, since the whole question is that of granting access to third parties that is not necessary for operation in and of themselves. Security thus must be lowered to include those parties even against the will of the user, therefor lowering the extend to which the user is able to control his devices and software. This is even further amplified by the fact that any approach will increase the complexity of the software and infrastructure – and complexity is the enemy of security. Fundamentally, security and control are synonyms in this field.

However, security is not binary. It is a gradient on which we pick a value in light of trade-offs like convenience and cost. The public policy decision to deal with the Going Dark problem is just one of these trade-offs, namely that of public security and enforcement of law.

That presents us with the question on how to balance individual control against the provision of (at least) the rule of law. This is no question of cryptography or computer security, but one of social ethics, politics and statecraft. It therefor has to be answered in that domain.

Within that domain previous answers have been to regulate gun ownership, doors that resist police raids, mandatory government identification schemes that enable identity theft, and TSA locks on luggage. For some special needs licensing schemes have been introduced, which could apply to crypto regulation as well – allowing unrestricted used of cryptography for some uses, like banking and e-commerce, while strictly regulating it everywhere else.

Our answer to the public policy question is radically on the side of individual control and security: Cryptographic protections, privacy, control over our devices and the integrity of information processing systems is one of the most fundamental requirements in a world that relies on international communication and data processing for national, economic and personal wellbeing. This is especially true in face of risks of cyber crime and cyber warfare. Lowering our defenses will make us even more vulnerable than we are already, potentially risking our critical infrastructure and personal autonomy.

PREVIOUS PAGE | NEXT PAGE


Please enjoy, share the podcast around, and consider financially supporting the podcast–we need YOUR help to keep this going. You can become a patron on Patreon for exclusive content by clicking the image below. You can also donate crypto-currencies by clicking here.

The post The Fog of Cryptowar (3/4)(ShadowLife/Anarplex Mirror) appeared first on Liberty Under Attack.

Mark Zuckerberg Eyes Cryptocurrency For Facebook In Attempt To Take Down STEEMIT.COM

By The Rundown Live

SUPPORT INDEPENDENT MEDIA ➜ https://pressfortruth.ca/donate
Patreon ➜ https://www.patreon.com/PressForTruth
Mark Zuckerberg is interested in cryptocurrencies and implementing them into his website Facebook…Sound familiar? On Thursday morning the CEO of FaceBook Mark Zuckerberg announced that he is “interested to go deeper and study the positive and negative aspects of these technologies, and how best to use them in our services”. In this video Dan Dicks of Press For Truth provides his theory on what mark actually may have in store for his website when it comes to cryptocurrencies and it might not be what you think it’s gonna be!

Join Dan in Acapulco Mexico from Feb 15th to 18th at Anarchapulco! Get 10% off when you use promo code “PFT”
https://anarchapulco.com/buy-your-tickets/

Support independent media:
Patreon ➜ http://www.patreon.com/PressForTruth
Patreon Alternative ➜ https://pressfortruth.ca/donate
Paypal ➜ https://www.paypal.me/PressforTruth
Bitcoin ➜ 13oNiHUNGn9vdfv7MT5kjwe7np9bwf5ccv
Ethereum ➜ 0xEce2AEf1F26373a00BDC7243d1201a98578CC67e

For more info from Press For Truth visit: http://pressfortruth.ca/

Follow Dan Dicks:
PATREON ➜ http://www.patreon.com/PressForTruth
FACEBOOK ➜ http://www.facebook.com/PressForTruth
INSTAGRAM ➜ http://instagram.com/dandickspft
TWITTER ➜ http://twitter.com/#!/DanDicksPFT
https://twitter.com/PressForTruth
STEEMIT ➜ https://steemit.com/@pressfortruth
SNAPCHAT ➜ https://www.snapchat.com/add/dandickspft

Support PFT by donating ➜ https://pressfortruth.ca/donate
Rock some PFT Gear ➜ http://pressfortruth.ca/shop

Check out our sponsors:

One World Digital Solutions:
http://www.oneworlddigitalsolutions.ca/

Get your digital content box and save $50 with promo code “PFT”
http://www.oneworlddigitalsolutions.ca/

AND

Skunk and Panda Shatter Shack https://www.instagram.com/skunkandpandaextracts/

Visit them in Victoria or online by going here:
http://www.shattershack.ca/

And

Liberty Farms: https://www.instagram.com/libertyfarms/

Visit them in Squamish or online by going here:
http://www.grassrootsmedicinal.ca/

https://pressfortruth.ca/register

Building the Second Realm #3 – Putting Bludiges Six Feet Under with Ben Stone & Jason Boothe

By Liberty Under Attack

In this episode of Liberty Under Attack Radio, I continue a short miniseries to end 2017 and begin 2018 titled “Building the Second Realm.” The idea is to begin this new year with a refocusing on strategies in this pursuit for personal freedom/vonu (becoming as invulnerable to coercion as humanely possible).

As I did last week, I begin by providing a more thorough introduction on various components of the Second Realm. Then, I am joined by the great Ben Stone and Jason Boothe in an attempt to answer the questions: can killing bludgies in the pursuit of true justice influence individuals to join the Second Realm? And, can it help to maintain the safety and viability of the Second Realm?

To elaborate, we connect the strategies of anarchist vigilantism, assassination politics, and avenging angels short miniseries to Ben’s book and discuss how these things can help in building the Second Realm. And don’t worry, it’s full of great stories, analogies, and metaphors, as those who have listened to Ben before will expect.

The technology for the Second Realm is here…what are you waiting for?

Please enjoy this conversation, share the podcast around, and consider financially supporting the podcast–we need YOUR help to keep this going. You can become a patron on Patreon for exclusive content by clicking the image below. You can also donate crypto-currencies by clicking here.

Show Notes:
LUA Podcast #57: Anarchist Vigilantes — An Idea for Real Justice
LUA Podcast #58: Anarchist Vigilantes, Assassination Politics, & Avenging Angels
[Ben’s Book/Audiobook] Sedition, Subversion, and Sabotage
The Second Realm: Book on Strategy

The post Building the Second Realm #3 – Putting Bludiges Six Feet Under with Ben Stone & Jason Boothe appeared first on Liberty Under Attack.

The Righteous Persecution of Drug Consumers and Other Heretics (George H. Smith)

By Liberty Under Attack

The Righteous Persecution of Drug Consumers and Other Heretics

Editor’s Note: The following is Chapter 12, “The Righteous Persecution of Drug Consumers and Other Heretics,” from George H. Smith’s book, “Atheism, Ayn Rand, and Other Heresies. It seems the current rulers are going to ramp back up the War on Drugs, so I figured I’d let Mr. Smith have his two cents, once again. Herein, he compares the current drug inquisitors to former inquisitors of the past. I guess the saying is true: there really is nothing new under the sun, especially when it comes to the State.

In summation, I would highly recommend this book; George is a great writer, historian, and philosopher. You can get it by clicking cover image below [Amazon affiliate].

Any errors in this transcription are solely mine. -Shane


[BEGIN SMITH]

“Righteous persecution” — that is how St. Augustine (354-430) described the punishment of Christian heretics. Augustine, called by a biographer “the first theorist of the Inquisition,” was not the first to defend the persecution of dissenting minorities. But previous defenders did not presume to punish dissenters for their own good. It was left to the peculiar genius of Augustine to recommend persecution as fulfillment of the maxim, “Love thy neighbor.”

Augustine’s doctrine of righteous persecution became a rationale for the medieval Inquisition and, later, the Spanish Inquisition. The American government is currently engaged in its own Inquisition: the “war on drugs” — or, more precisely, the war on consumers of illegal drugs.

The modern drug inquisitor is another Augustine dressed in secular garb. Whereas Augustine sought to save the religious heretic from a literal hell, the modern inquisitor seeks to “save” the social heretic (the drug consumer) from the metaphorical “hell” of his “addiction.” And just as Augustine’s theory wreaked havoc in previous centuries — so the same theory, when secularized and applied to the “war on drugs,” has created social turmoil and devastated hundreds of thousands of lives through imprisonment.

For over two decades, while Augustine was a bishop in northern Africa, he campaigned against a large group of Christian schismatics known as Donatists. Initially, Augustine favored voluntary conversion, but he later called for righteous persecution “inflamed by love” — “a love which seeks to heal” heretics and deliver them from “the darkness of error.”

Heretics, Augustine believed, imperil their “spiritual health”; they are destined to suffer the torments of hell. Thus, those who truly “love their neighbor” will recognize their “duty” to compel those “wandering sheep.” Righteous persecutors are like physicians who try to help a “raving madman,” for heretics “commit murder on their own persons.” When motivated by love, persecutors cannot do evil: “Love and you cannot but do well.”

In true Augustinian fashion, the modern drug inquisitor seeks to “heal” wayward drug users who “commit murder on their own persons.” Indeed, Augustine’s defense of righteous persecution anticipates virtually every argument used by drug inquisitors.

For example, our modern inquisitors claim that drug consumers are slaves to evil habits and so require coercive intervention for their own good. Augustine, too, warned against the “fetters” of sinful habits which have “the strength of iron chains.” These evil habits (“a disease of the mind”) become a “necessity,” forming a “chain,” which holds the victim “in the duress of servitude.”

Sinful humans, according to Augustine, cannot overcome their evil habits without divine intervention — the grace of God. Drug consumers, according to modern inquisitors, cannot overcome their evil habits without secular intervention — the grace of government.

Can coercion change a person’s beliefs and compel him to do good? No, said Augustine, but coercion can provide an incentive to avoid evil: “The fear of punishment…keeps the evil desire from escaping beyond the bounds of thought.” Persecution can break the bonds of habit and induce the heretic “to change his purpose for the better.”

Drug inquisitors offer the same justification for their righteous persecution of drug consumers. But what about those consumers who don’t change their habits even after they are punished? Augustine faced the same problem with heretics who had stubbornly refused to embrace Catholicism. His response has been echoed by a long line of drug inquisitors: “Is the art of healing, therefore, to be abandoned, because the malady of some is incurable?”

Drug inquisitors love to trot out former users who, having been saved from an earthly “hell,” now give thanks to drug laws and their enforcers. Augustine used the same tactic. Converted heretics — “conquests of the Lord” — told how they had wished to return to the Catholic Church but, enslaved by habit, were unable to do so. “Having recovered their right minds,” these reformed heretics expressed thanks that “these most wholesome laws were brought to bear against them, with as much fervency as in their madness they detested them.” Converted heretics were grateful to their persecutors — their “truest friends” — for having delivered them “from that fatal and eternal destruction.”

(Augustine acknowledged that some heretics refused to submit to their persecutors and committed suicide instead. Modern reporters would probably call these “heresy-related deaths.”)

Through the Middle Ages, it was often difficult for heretics to spread their poison, because book production was confined to monasteries and universities. This changed in the mid-fifteenth century, however, with the invention of printing. German printers carried their art throughout western Europe — to Italy, France, Spain, the Low Countries, Switzerland, and elsewhere.

During the sixteenth century, more and more people became hooked on literacy. These reading addicts, unable to control their habit, demanded more books, a greater variety of books, and books of better quality. Their insatiable demand created a huge market for heretical books, and unscrupulous book lords capitalized on this opportunity.

For example, Geneva, the center of Calvinism, produced some 300,000 volumes each year. These books, “full of abominable errors,” recognized no frontiers, as pushers carried their illicit merchandise along trade routes or smuggled them in ships.

Many rulers tried to win the war on heresy with a policy of zero-tolerance. Emperor Charles V established censorship in Germany, backed by the penalties of burning (for men), live burial (for women), tongue-piercing, and confiscation of property. England’s Henry VIII issued a list of banned books, and he forbade the importation of books printed abroad in the English language. Frances I prohibited all printing in France. Phillip II decreed the death penalty for importing books into Spain.

Book lords often faced the death penalty. In 1524, the bookseller Herrgott was beheaded in Leipzig, and, three years later, an Anabaptist printer was burned at Nuremberg.

In 1625, the Englishman George Withers attacked booksellers as “the Devil’s seedsmen” and as “pernicious superfluities.” Booksellers, Withers charged, are concerned only with profit; in pushing their wares, they have no regard “either to the glory of God or the public advantage.” Another Englishman complained of “pamphlet-mongers” who “impoison” their pens “for a little mercenary gain.” Even John Milton, a critic of prepublication licensing, warned that books “are as lively, and as vigorously productive, as those fabulous dragon’s teeth; and being sown up and down, may chance to spring up armed men.”

Despite their best efforts, governments found it difficult to curb the growing number of book addicts and their dealers. Indeed, authorities could not even keep proscribed books out of prisons. While French Calvinists (Huguenots) languished in seventeenth-century prisons, they still managed to satisfy their habits with smuggled reading material.

If large, established printers violated antibook laws, they were easily shut down. This was not true of small printers, however, who could publish in homes, dismantle their equipment, and move to other towns.

For example, in sixteenth-century England, a group of Puritans published the notorious “Marprelate tracts.” The first of these irreverent attacks on the Established Church was printed near Kingston in the home of Mrs. Crane. Then, with authorities at their heels, the printers moved their press to the north of England and the home of Richard Knightly. (Meanwhile, a pusher disguised as a cobbler smuggled the illicit tracts to London.)

The renegade printers moved their press several more times, until they were finally apprehended at Warrington. There, while the press was being unloaded from a cart, a piece of type fell to the ground. A conscientious townswoman became suspicious and reported the incident to authorities. This brought an end to the activities of the Marprelate book lords.

The underground book-market had a serious drawback. Small printers, in search of quick profits, often did hasty, careless work. This caused many books to become adulterated with errors. For instance, in 1541 Martin Luther complained that reprints of his books were done by printers who “look only to their own greed.” Some of his books had become “so garbled that in many places I have not recognized my own work.”

Then of course, there were the children. In 1562, Paris authorities were asked to prosecute a butcher who had given heretical alphabet books to about two hundred children. Centuries later, during Thomas Paine’s trial for sedition in England, the prosecutor claimed that candy had been wrapped in pages from Rights of Man and then sold to kids. The government, duly alarmed, prohibited the dangerous book.

Righteous persecutors — whether of heretics, printers, book addicts, or drug addicts — are cut from the same cloth. Modern drug inquisitors are nothing more than updated versions of previous zealots who, inflamed with an intolerant self-righteousness, presumed to tell others how to live.

Today, the United States government has target millions of citizens for righteous persecution. Thousands of nonviolent Americans are imprisoned each year, civil and economic liberties are fast disappearing, and foreign wars loom on the horizon. The much-heralded “war on drugs” is a war on individual rights — one of the greatest threats to liberty ever experienced by Americans.

The post The Righteous Persecution of Drug Consumers and Other Heretics (George H. Smith) appeared first on Liberty Under Attack.

BUSTED! Google & Amazon “Digital Assistant” Patents For Spying Exposed!

By The Rundown Live

SUPPORT INDEPENDENT MEDIA ➜ https://pressfortruth.ca/donate
Patreon ➜ https://www.patreon.com/PressForTruth
It is no longer just some “conspiracy theory” that we are now living in a big brother Orwellian Nightmare. Our so called “smart devices” in our “smart homes” have been designed to spy on us for the purposes of advertising and for control. In this video Dan Dicks of Press For Truth covers a bombshell expose released from Consumer Watching detailing the patents that Google and Amazon filed for spying on you through devices such as Alexa and the Echo.

Source:
http://www.consumerwatchdog.org/sites/default/files/2017-12/Digital%20Assistants%20and%20Privacy.pdf

Join Dan in Acapulco Mexico from Feb 15th to 18th at Anarchapulco! Get 10% off when you use promo code “PFT”
https://anarchapulco.com/buy-your-tickets/

Support independent media:
Patreon ➜ http://www.patreon.com/PressForTruth
Patreon Alternative ➜ https://pressfortruth.ca/donate
Paypal ➜ https://www.paypal.me/PressforTruth
Bitcoin ➜ 13oNiHUNGn9vdfv7MT5kjwe7np9bwf5ccv
Ethereum ➜ 0xEce2AEf1F26373a00BDC7243d1201a98578CC67e

For more info from Press For Truth visit: http://pressfortruth.ca/

Follow Dan Dicks:
PATREON ➜ http://www.patreon.com/PressForTruth
FACEBOOK ➜ http://www.facebook.com/PressForTruth
INSTAGRAM ➜ http://instagram.com/dandickspft
TWITTER ➜ http://twitter.com/#!/DanDicksPFT
https://twitter.com/PressForTruth
STEEMIT ➜ https://steemit.com/@pressfortruth
SNAPCHAT ➜ https://www.snapchat.com/add/dandickspft

Support PFT by donating ➜ https://pressfortruth.ca/donate
Rock some PFT Gear ➜ http://pressfortruth.ca/shop

Check out our sponsors:

One World Digital Solutions:
http://www.oneworlddigitalsolutions.ca/

Get your digital content box and save $50 with promo code “PFT”
http://www.oneworlddigitalsolutions.ca/

AND

Skunk and Panda Shatter Shack https://www.instagram.com/skunkandpandaextracts/

Visit them in Victoria or online by going here:
http://www.shattershack.ca/

And

Liberty Farms: https://www.instagram.com/libertyfarms/

Visit them in Squamish or online by going here:
http://www.grassrootsmedicinal.ca/

https://pressfortruth.ca/register

Secret Rockefeller System Exposed

By The Rundown Live

In this video, Jason Bermas discuses the revelation of the secret Rolodex system that David Rockefeller personally used to categorize over 100,000 individuals with over 200,000 cards. Some of his globalist ties are exposed through these revelations.

Visit our MAIN SITE for more breaking news http://wearechange.org/

PATREON https://www.patreon.com/WeAreChange?alert=1&ty=h
SNAPCHAT: LukeWeAreChange
FACEBOOK: https://facebook.com/LukeWeAreChange
TWITTER: https://twitter.com/Lukewearechange
INSTAGRAM: http://instagram.com/lukewearechange
STEEMIT: https://steemit.com/@lukewearechange

OH YEAH since we are not corporate or government owned help us out http://wearechange.org/donate

We take Crypto Coins

Bitcoin – 1F6oeUnhXfr5UMC95apbJg7CLjm3BUrT8V
Dash – XiZebHViTKxjngJ8U8Gekbz34XDcMjKe29
ETH — 0x9124589c4eAD555F04a7214214c86EA80E129abB

Fifty Things to Do NOW (By Free and Unashamed)

By Liberty Under Attack

Fifty Things to Do NOW!

Editor’s Note: The following is a highly valuable list of 50 things to do NOW, taken from the terrific crypto-agorist website, Anarplex. I’ve seen lists like these before, but the majority of these are original to my knowledge. Read the list and found out what YOU can do now to help build the Second Realm/counter-economy/vonu minicultures.


[

—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA1

Fifty Things To Do NOW!

  1. Become a part-time entrepreneur, garage-market-dealer, urban farmer, welder, whatever. Just be productive under your own command. It doesn’t matter what it is; just be directly productive, and directly deal with suppliers and clients. You’ll find it awesomely liberating and it will be highly useful for the free underground market.
  2. Switch off the TV. Read books!
  3. Socialize with people that share your ethics and that are productive and respectful. Eat together, discuss, challenge each other, help each other, have a good time.
  4. Get a safe or safe deposit box. Start moving all the cash you can get in there, convert at least 30% of your cash to silver and/or gold coins.
  5. Invest in trust. Do minor deals for people on a trust basis. Taking others at their word, and let yourself be challenged by yours.
  6. Start looking for matches. When you talk with people, memorize what they do, and if an opportunity comes up, connect them with someone else for a minor finders fee (a burger, a few beers, whatever).
  7. Join your local LIMA house. (We’ll explain this in a future post.)
  8. Travel, but don’t go sight-seeing – spend your time getting to know the people there. Think about business opportunities with them.
  9. Start using aliases and pseudonyms. Get comfortable using them in real-life situations.
  10. Learn to use cryptography.
  11. Learn ethics and law (not the government law!).
  12. Study logic, especially the fallacies.
  13. Put more cash aside. Use your part-time job as the source of saved cash.
  14. Start to invest cash with people you know, in off the books projects. Start making micro-loans to people or buy shares in their operations.
  15. Learn basic double-entry book-keeping. Don’t waste effort on the account-numbers they teach you – understand the concept and use it.
  16. Learn to write in code. We all have to use recordings, bookkeeping, contact books, transaction notes etc. These should be hard to decipher for someone taking a quick glimpse, and even hard for someone taking time to analyze them. Use tricks like date-shifting, shorthand, making up your own terms, etc. Or, if you want to spend a little more effort, learn to use memorized ciphers, such as memorizing some longer text, then apply it as a simple shifting-key to what you write, with the page number or a marker as a keypart.
  17. Tell other producers, entrepreneurs, traders etc that you appreciate what they do.
  18. Buy primarily from others like you, stay away from the on-the-books market as much as you can.
  19. When in conflict, ask someone to mediate. Solve conflicts yourself wherever you can. Use a mutually respected and trusted third party when necessary. Stay away from state ‘justice’ whenever you can.
  20. Start respecting secrets. Secrets are good most of the time; transparency is bad most of the time. Detox yourself from the ‘everything should be in the open’ propaganda.
  21. Slowly make your part-time, off-the-books business, your main line of income. Things like underground dental hygiene are very cool.
  22. Learn that ‘off-the-books’ means that you really have to excel in what you do. You have to provide quality.
  23. Don’t invest in single deals; invest in relationships with the market.
  24. Get over it: Voting doesn’t help at all.
  25. Work with friends to create buying associations and selling associations. This will give you and others lots of money to save and lots of money to hide.
  26. Harbor a fugitive. (Good ones, obviously.)
  27. Help someone cross a border without documents.
  28. Offer small merchants silver or gold rather than fiat currency.
  29. Sell your products in silver or gold.
  30. Accept and use digital gold, such as Pecunix or C-gold.
  31. Start a community currency in your town.
  32. Use digital cash, such as eCache.
  33. Use Loom, Truebanc.
  34. Get serious about protecting your Internet traffic.
  35. Get comfortable working your will in the world.
  36. Learn how to work your will beneficially. This is not about being ‘right,’ it is about causing benefit.
  37. Fix your mistakes (you will make them). Learn not to repeat them.
  38. Learn how to communicate effectively. Again, this is not about proving that you are right – this is about getting true ideas into other minds effectively.
  39. Stop obeying the state in some new way. Tell your friends about your success doing so.
  40. Get comfortable with the term ‘Economic Civil Disobedience.’
  41. Spread the idea that the state is not magic – it is nothing more than a collection of your neighbors – no more ethical and noble than the lamer next door.
  42. Learn how to find the false assumptions in arguments. Most public lies sound okay if you don’t find their unspoken assumptions. If they pass too quickly, find the written version and search for the lie it contains.
  43. Learn how to disagree with kindness.
  44. Accept the fact that most people are confused and are just barely hanging on to their last shreds of self-esteem. Understand that state intellectuals like this condition, as it makes people easier to keep in line – a little shame goes a long way.
  45. Don’t waste your energy on the political crisis de jour. Busy your mind with more substantial things. Daily political dramas are a time-sink, and the statists like it. Stop following their script.
  46. Use jurisdictional arbitrage to deprive the state of your money. Work with friends if the setup costs are too large for you.
  47. Learn to defend yourself, your family, your neighbors and your town. No state means no military. Until you take this upon yourself, your plans will always have a gaping hole in their middle. There is no free lunch here either. Get weapons and be mentally prepared to use them. Decide in advance how and when you would use them – do not leave it to the emotion of the moment – that will make a shipwreck of the whole venture. Learn how to use them safely.
  48. Do something nice for your neighbor. The people who live near you are a far more important part of your environment than any other.
  49. Help people who suffer undeservedly. No state means you are responsible for charity. Sure, it will be much easier when the state isn’t stealing all your extra money (or chasing you in hope of theft), but do what you can now and get used to the process.
  50. Watch over your friends. Notice when they are having a bad day, show some kindness and concern. If they are overloaded, carry some of their burden. We all have bad times, and your bad day may come too. Help one another. Restore one another.

F&U

—–BEGIN PGP SIGNATURE—– Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkqDPrQACgkQfTNN/LMh9oOmQwCglh264R2uU04ZP8nJofr14z+q oKwAn12nd+nevCRt+e7naGViXYWWBEbM =eM9m

—–END PGP SIGNATURE—–

]


Please enjoy, share the podcast around, and consider financially supporting the podcast–we need YOUR help to keep this going. You can become a patron on Patreon for exclusive content by clicking the image below. You can also donate crypto-currencies by clicking here.

The post Fifty Things to Do NOW (By Free and Unashamed) appeared first on Liberty Under Attack.

  • mostrecentshows
  • Can A Country Survive With Open Borders? - Disassociation Nation - 11/28/16

    Can A Country Survive With Open Borders? - Disassociation Nation - 11/28/16Niz and Paul welcome Shane Radliff to talk about his Direct Action series and a discussion burning up the Liberty community, Muh Borders! It's Spy vs. Spy vs You as the UK sets up to pass the largest domestic spy legistaltion in Western History. What happened to Kanye West? We announce our Tyrant of the week, and find out what's in your Aloe Vera. Disassociation Nation reveals the sordid underbelly of the dystopian reality of the American Dream.  We explore that reality while examining the principles of liberty that could liberate us all from the coercive enterprise that is the United States [more]

    Disassociation Nation - Guests: Lousander Feen & Danny Roldan - 11/21/16

    Disassociation Nation - Guests: Lousander Feen & Danny Roldan - 11/21/16Tonight on Disassociation Nation, Niz and Paul we're joined by Danny Roldan former member of 'We are Change' and Lousander Feen one of the hosts from Freedom Feens. The conversation started with the anti-gun referendum before the conversation switches to a debate on minarchism versus anarchy and how to end the state.  We end the show with Lou, Niz and Paul discussing the EU's attempt to pull Britain back in and how decentralized technologies are undermining the myth of the state.   Disassociation Nation reveals the sordid underbelly of the dystopian reality of the American Dream.  We explore that reality while examining [more]

    Liberty Under Attack - Government Regulations & The Vaping Industry with Guest, Jeff Nyzio - 11/17/16

    Liberty Under Attack - Government Regulations & The Vaping Industry with Guest, Jeff Nyzio - 11/17/16On tonight’s final live broadcast of Liberty Under Attack Radio on the Freedom Phalanx Radio Network, we were joined by Jeff Nyzio, host of Disassociation Nation, another show on the network. For most of the show, we discussed the impact the recent vaping regulations will have on the industry, as well as how it crushed his entrepreneurial venture. In the final segment, we do Fascistbook news and he tell us how to make our own vape juice, and provides some warnings for those that are considering entering the black/grey market. Make sure to find our future shows on iTunes, Tunein Radio, Stitcher [more]

    Disassociation Nation - Guest: Alex James from Backwordz - 11/14/16

    Disassociation Nation - Guest: Alex James from Backwordz - 11/14/16Tonight on Disassociation Nation, Niz and Paul are joined by Alex James from the Band Backwordz to talk about their upcoming album release. The conversation after the half time turns to the incremental organization of state abolition.   Disassociation Nation reveals the sordid underbelly of the dystopian reality of the American Dream.  We explore that reality while examining the principles of liberty that could liberate us all from the coercive enterprise that is the United States of America. You’ll laugh, you’ll cry, you’ll disassociate from the state. No flag waving here, folks, just unadulterated liberty. Click for More about Disassociation Nation LIVE: Mondays 8:00pm-10:00pm Eastern [more]

    Liberty Under Attack - Moderated Debate on Peaceful Parenting & Spanking - 11/10/16

    Liberty Under Attack - Moderated Debate on Peaceful Parenting & Spanking - 11/10/16On tonight’s broadcast of Liberty Under Attack Radio, we hosted a Peaceful Parenting debate between Kevin Geary and Kyle Rearden; Kevin is for the concept, and Kyle is against it. Please make sure to check out the Twitter link below and let us know who you think won. If you enjoyed this broadcast and appreciate the work we do, please consider contributing financially. Just visit www.libertyunderattack.com and use the buttons on the sidebar. To purchase the direct action series in its entirety, see below. Links: Let us know who you think won [Poll]: https://twitter.com/LUAradio/status/796911801610993665 Check out Kevin’s website: http://revolutionaryparent.com/ Check out Kyle’s website: www.thelastbastille.com Kyle’s [more]

    Liberty Under Attack - The "Sovereign Citizens" are Co-opting the CYVR Remedy - 11/03/16

    Liberty Under Attack - The On this broadcast of Liberty Under Attack Radio, Kyle Rearden joins me as we complete part three in our "sovereign citizen" trilogy. First, I discuss my recent meeting with some college students from the political organization Turning Point USA. Secondly, we discuss the method of strategic withdrawal that we promote, known as cancelling the voter registration. We close out the show with an in-depth discussion regarding a potential co-opting of the CYVR method by those who call themselves "_______ State Nationals" (i.e. Texas, Iowa, Illinois). This is certainly a broadcast you don't want to miss. If you enjoyed this broadcast and [more]

    Liberty Under Attack - Scientific Consensus Series pt. 2 - 10/27/16

    Liberty Under Attack - Scientific Consensus Series pt. 2 - 10/27/16On tonight’s broadcast of Liberty Under Attack Radio, we present part 2 of our scientific consensus series (or, science more generally). Darrell Becker and Dr. Stephanie Murphy join me as we discuss the notion of scientific consensus, concerns with scientific research today, the fascinating human mind when it comes to placebo (and nocebo effects), Stephanie’s experience getting her Ph.D, and much more. The show was entirely off-the-cuff, as the outline wasn’t even touched upon. It was a fantastic discussion. If you enjoyed this broadcast and appreciate the work we do, please consider contributing financially. Just visit www.libertyunderattack.com and use the buttons on [more]

    Disassociation Nation - Taxation is Slavery, and You Love It - 10/24/16

    Disassociation Nation - Taxation is Slavery, and You Love It - 10/24/16Tonight on Disassociation Nation Niz and Paul are joined by Lousander Feen from the Freedom Feens as well as Lisa DeLasho from Nutritional Anarchy. The show kicks off talking about Lisa's current projects. After the 30 minute mark the conversation shifts to taxation and government sanctioned theft. The show wraps up with a few tips on how to avoid the taxman without getting shot. Disassociation Nation reveals the sordid underbelly of the dystopian reality of the American Dream.  We explore that reality while examining the principles of liberty that could liberate us all from the coercive enterprise that is the United [more]

    Liberty Under Attack - Oh, You Think Your Vote Matters in a Presidential Election? That's Cute - 10/23/16

    Liberty Under Attack - Oh, You Think Your Vote Matters in a Presidential Election? That's Cute - 10/23/16Tonight’s broadcast of Liberty Under Attack Radio is titled, “Oh, you think your vote matters in a Presidential election? That’s cute.” Kyle Rearden, our creative consultant, joins us to offer his thoughts and conclusions on the subjects at hand. Namely, the fact that the President is not elected by popular vote (that is, the electorate); rather, the President is chosen by the electors. In other words, your vote especially doesn’t matter in Presidential elections, although that is the one that is the most heavily focused on. We also tell you how government officials in the other two branches of government constitutionally gain [more]

  • addwaystolisten
    archives
    tunein
    itunes
    FPRN Archives
    Whether you want to listen to the newest show, or take a trip to the past & check out some of our oldest broadcasts, you can find it all in the archives. Feel free to browse, download, or just stream, you can do it all right from the show's profile page:

    1. Head to the FPRN Radio Archives.
    2. Select the show of your choice (for show descriptions/bios, see our All Shows Page).
    3. Once on the profile page of the show you selected, you can listen to and/or download the latest broadcast, as well as any previous broadcast.
    Tune In Radio
    Begin listening to the FPRN Radio live stream on your smartphone or mobile device NOW from virtually anywhere with Tune In Radio for Apple iOS and Android:

    1. Go to the App Store on your smartphone or mobile device.
    2. Do a search for Tune In Radio.
    3. Download the App to your smartphone or mobile device.
    4. Once the download is complete, open the App and type FPRN Radio in the search bar.
    5. Click Enter and begin listening.
    6. To save FPRN Radio in the presets, tap on the heart while listening to the stream.
    iTunes
    Listen to your favorite shows on-demand on your PC, smartphone or mobile device when you subscribe to the FPRN Radio iTunes Podcast. Here's how:
    1. To subscribe with your computer, open iTunes, go to the iTunes Store & search for FPRN Radio and subscribe.
    2. To subscribe with your smartphone or mobile device, you will first need a podcasting app.
    3. We recommend Apple's Podcast App(free with the latest iOS), Downcast($1.99 for iOS) or OneCast(free for Android).
    4. Once downloaded, open the app & Browse or Search for FPRN Radio and Subscribe to the podcast.
    stitcher
  • vtuner
    streema
  • streamfinder
    internetradio
  • schedulebanner