21 July 2013

Since v0.5b of Byzantium Linux hit the Net, all of us have been taking the opportunity to get a little R&R before proceeding to the fifth and final milestone, which is writing up everything that happened in the previous six months. That's going to be a lot of stuff, but we've got good notes, a bunch of blog posts, and no shortage of lessons learned through the development process. I think when we sit down and get to work, we'll get it knocked out, edited, and published in not a very much time. I'll also be in a rush to get some material together because I'll be going back on the conference circuit in a few weeks, and even though it's technically an unconference, I find that I still operate better when I have a handful of bullet points to hang stuff off of.

For what it's worth, I'm taking a couple of days off to recuperate before I pick up where I left off. I ran myself into the ground with the last two milestones (the amateur radio project was much harder than any of us predicted, and two weeks to incorporate a bunch of new stuff to get another release together was, in hindsight, not a good idea) and a few of us are getting over being sick as a result. I'm more or less back on my feet but dealing with a persistent headache that's made concentration difficult. I'm also dealing with worsened chronic pain that's been both distracting me as well as keeping me awake at night. I'm planning out a couple of lifestyle changes that I hope will get the pain back under control. I'm also going to make some more progress on the sewing project I have on deck, namely the plushie for my little nephew, whom I'll be meeting for the first time next weekend.

Also, the implications of the latest net.scandal - Edward Snowden leaking a large volume of classified documents from the National Security Agency - have hit me hard. In point of fact, every time I sit down to write something on this site (and that's easily been two dozen times in the past two weeks) I stop and consider whether or not what I may write, or what I've written in the past will be used against me. Every time, I deleted the post because it was a risk that I wasn't willing to take.

Let me preface this by saying that I haven't read any of the original documents. Leaked or not, whistleblower or not, classified material is classified material and the penalties for possessing or gaining access to such are steep. Too steep, I think, in light of recent developments. What I have read, however, are analyses from second and third parties who have whom I have reason to trust due to their published work in the past five to ten years as well as their professional credentials. People who have actually read and understood the laws and statues in question and don't throw terms like "terrorist" or "traitor" around, like most of the people weighing in on this matter. So, for those of you who keep asking me friendly questions, I don't have them, never have, and I'm not going to, so stop freaking asking me.

NSA whistleblower William Binney said the first time this scandal broke (that's right, this isn't the first time) that we are not far from living in a turnkey surveillance state. Well, the key has turned. There is evidence that the PRISM surveillance programme may have influenced the political process. Last week the Fourth Circuit Court (whose sphere of influence are matters of state) decreed that there is no such thing as journalistic protection, which means that journalists can be prosecuted for what they write about even though it's covered by the First Amendment. On the same day James Risen, a journalist working for the New York Times was ordered to testify in a court of law about classified information he recieved from a source at the Central Intelligence Agency. So, whether you're a blogger or a talking head on an international news network, if you bring the news to the people you can be prosecuted for doing so. I give you three guesses what that's going to do to investigative journalism, and Geraldo Rivera doesn't count.

Over a dozen companies, from Skype (before it was bought out) to Microsoft have been caught in lies. They say publically that they're not providing surveillance information to anyone for any reason, but evidence keeps getting out that they're working with the NSA to provide as much usable information as possible. So, as I've said time and time again, if it's not on your machine it's not your data anymore. This also means that many people working in the human rights sphere are probably compromised due to intel sharing programs. For everyone who says that it's only logical that they cooperate because the law tells them to, I'd like to point you to this analysis of CALEA as well as this specific part of CALEA, statute 47 USC § 1002(b)(3) (Encryption), which says explicitly, "A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication" (emphasis mine).

For those of you who talk about opting out of social media so you can't be tracked, that's not an option anymore. Not being active in social media is considered inherently suspicious, and in fact it's implied that it may be a sign of mental instability. More and more employers consider the disuse of social media unusual behaviour and have done so since 2005 at the very earliest. In the interest of full disclosure, this was a sticking point when I first started working after I moved to DC, and I was asked to set up a couple of accounts by my employers at the time so they could keep tabs on me. Work being what it is, I set them up and then immediately forgot about them because I had real work to do. In addition, Rick Falkvinge made some insightful observations about this that I encourage everyone to read and consider.

The Panopticon, a prison in which there are no doors or blinds and everything you say and do is on display, but it remains unknown whether or not anyone is actually watching exists now. SomeONE may not be watching, but someTHING is, in the form of advanced AI software plugged into every bit of telecom infrastructure that matters, making inferences, drawing conclusions, and writing reports. It is no longer a matter of whether or not we're being watched because we now know beyond the shadow of a doubt that we are. It is now a matter of whether or not someone who is unaccountable cares enough to do anything with what they've heard, read, or seen. We now live in a world which would have made Cardinal Richelieu clap with glee because there are now so many things that can be creatively misinterpreted. Meaning, context, and intent are all irrelevant because what really matters is whether or not somebody powerful feels like justifying their actions however they please.

Unfortunately, I can envision a world in which a local fusion center rings up somebody out of the blue and says, "Hello. We think you ought to know something about this person you hired," and just like that a career may be destroyed or a family shattered. It's stood up in court several times that evidence can come out of nowhere during court cases and the source of the evidence doesn't have to be disclosed, meaning that it's harder to challenge. Under such circumstances it would be trivial for someone who can't be identified (let alone held accountable) to make something up, put it into an official container, and use it to destroy someone.

And one more thing: Is it bad that this verified hoax is completely plausible in the twenty-first century?