Five Senators Join the Fight to Learn Just How Bad Ring Really Is: “…if police want to request footage from a person’s front door in reference to a car break-in on that street, there is no need for police to verify that footage would be helpful to solving that incident, or whether the footage would even be used for that particular incident and not for other purposes. If a person agrees to share their footage with police, police then have that footage forever and can share it with whoever they want without oversight or restrictions. This means footage from your door, requested by local police to catch an alleged thief in the neighborhood, could end up being used by another law enforcement agency for a completely attenuated purpose, such as identifying someone for deportation—without your knowledge or direct consent.”

Sometime between April 12th and April 15th, I thought this stuff was interesting. You might think so too!

Thanks to Dreamhost’s Let’s Encrypt initiative, plus a little nudging while setting up the iOS version of Ulysses, the (simple but very powerful) editor I’m using for writing posts here, my site is now HTTPS enabled.

For those who don’t know the terminology, all that means is that all traffic between my blog and your web browser is encrypted, and cannot be read by anyone who might intercept the data stream in transmission. You don’t have to do anything, it just happens automagically in the background.

While there’s nothing here that really requires the transmission to be encrypted — I don’t sell anything or have any reason to ask for sensitive information, which is the primary use case (and why HTTPS is used by financial institutions, shopping site, and so on) — I’m increasingly of the opinion that it’s just good practice to encrypt whenever possible.

Think of it like sending a physical letter to a friend via traditional snail mail; there might not be anything in the letter that needs to be kept private, but I’d still be pretty disturbed if I got a letter from someone and saw that the envelope had been opened so that someone else could read the contents.

Of course, with electronic communication, there’s no ripped envelope to let you know that someone’s taken a peek at what you’re saying or reading. Unsecure websites (or emails) are more like sending postcards: while for most people it’s pretty unlikely that anyone between the sender and receiver would be reading the postcard, it’s entirely possible that it could happen. Adding encryption means that not only is there an “envelope”, but it’s an envelope that can’t be opened by anyone but the receiver.

Good security isn’t paranoia. Just a good idea.

(Incidentally, I’m also set up with PGP encryption for my email, and would use it more often if I knew my contacts were similarly set up. Just contact me for my PGP public key if you’d like to securely email me (I’ll get it posted here eventually, I’m just finding bits and pieces of my site that need to be recreated after letting it lie fallow for so long, and that’s one).)

So, security and privacy have been in the news a lot lately, particularly with Apple’s fight against the FBI over accessing data on an iPhone. This is something that I pay attention to, and try to make sure I have the option to do, not because I feel I’m doing anything that needs to be hidden, but because I believe that personal privacy is important, and because I don’t think the government (or Facebook, or Apple, or Google, or any other company) really needs to have unfettered access into my life.

But I’m a little curious how many people I know actually take steps to protect their communications. I’ve only seen a few people actually mention using overtly privacy-conscious applications, and though I have a few installed, since I don’t know of that many other people that bother, they don’t really get used all that much.

Here’s what I’m set up with at the moment, in case anyone’s interested. I’m also open to suggestions for other possibilities.

For email, I have Apple Mail on my desktop computer set up to use PGP encryption (through the GPG Tools suite), and have iPGMail on my iPhone and iPad so that I can en/de-crypt messages when mobile (it’s a little kludgy, but workable).

For messaging, I have both the Signal and Telegram messaging apps on my iPhone, both of which boast secure end-to-end encryption for chats. I can be reached through each of those via my phone number, which either you have, or can be asked for, since I tend not to post that entirely publicly.

Bruce Schneier nails this.

From Schneier on Security: Close the Washington Monument:

Securing the Washington Monument from terrorism has turned out to be a surprisingly difficult job. The concrete fence around the building protects it from attacking vehicles, but there’s no visually appealing way to house the airport-level security mechanisms the National Park Service has decided are a must for visitors. It is considering several options, but I think we should close the monument entirely. Let it stand, empty and inaccessible, as a monument to our fears.

An empty Washington Monument would serve as a constant reminder to those on Capitol Hill that they are afraid of the terrorists and what they could do. They’re afraid that by speaking honestly about the impossibility of attaining absolute security or the inevitability of terrorism — or that some American ideals are worth maintaining even in the face of adversity — they will be branded as “soft on terror.” And they’re afraid that Americans would vote them out of office if another attack occurred. Perhaps they’re right, but what has happened to leaders who aren’t afraid? What has happened to “the only thing we have to fear is fear itself”?

An empty Washington Monument would symbolize our lawmakers’ inability to take that kind of stand — and their inability to truly lead.


Terrorism isn’t a crime against people or property. It’s a crime against our minds, using the death of innocents and destruction of property to make us fearful. Terrorists use the media to magnify their actions and further spread fear. And when we react out of fear, when we change our policy to make our country less open, the terrorists succeed — even if their attacks fail. But when we refuse to be terrorized, when we’re indomitable in the face of terror, the terrorists fail — even if their attacks succeed.

We can reopen the monument when every foiled or failed terrorist plot causes us to praise our security, instead of redoubling it. When the occasional terrorist attack succeeds, as it inevitably will, we accept it, as we accept the murder rate and automobile-related death rate; and redouble our efforts to remain a free and open society.

I’ve excerpted a fair chunk here (perhaps slightly more than is strictly appropriate), but there’s a good bit more at the source. You really should read the full thing.

Sad, but very true.

From elusis: (stix cartoon by eyeteeth of Small Pecul:

The thing is that nothing about this is new. Private citizens being arbitrarily singled out for intrusive searches and rough treatment by authority figures because of their appearance, their “attitude,” or just a momentary need for an endorphin rush by a small-minded bureaucrat? Welcome to the lives of people of color, the phenomenon of Driving While Black, the lives of women, of transpeople, of disabled people (oh hai, Canada!).

It is no accident that women have been complaining about being pulled out of line because of their big breasts, having their bodies commented on by TSA officials, and getting inappropriate touching when selected for pat-downs for nearly 10 years now, but just this week it went viral. It is no accident that CAIR identified Islamic head scarves (hijab) as an automatic trigger for extra screenings in January, but just this week it went viral. What was different?

Suddenly an able-bodied white man is the one who was complaining.

(via Bruce Schneier’s excellent roundup of recent TSA stories)

TSA Checkpoint A couple days ago, disgusted (as everyone should be) with the TSA’s current policy of sexual abuse at the screening stations (your choice: nude photos or sexual assault), I tweeted this:

After this and similar, I’m almost disappointed I’m not flying soon. I’d wear my kilt. Commando. Grope away, sucker!

It seems I’m not the only one who’s had this idea….

From TSA Opt-Out Day, Now with a Superfantastic New Twist! – Jeffrey Goldberg – National – The Atlantic:

It’s a one-word idea: Kilts. Think about it — if you’re a male, and you want to bollix-up the nonsensical airport security-industrial complex, one way to do so would be to wear a kilt. If nothing else, this will cause TSA employees to throw up their hands in disgust. If you want to go the extra extra mile, I suggest commando-style kilt-wearing. While it is probably illegal to fly without pants, I can’t imagine that it’s illegal to fly without underpants.  I If you are Scottish, or part Scottish, or know someone who is Scottish, or eat Scottish salmon, or enjoy Scotch, or have a vestigial affection for “Braveheart” despite Mel Gibson, you can plausibly claim some sort of multicultural diversity privilege — the term “True Scotsman” refers to soldiers who honor their tradition and heritage by wearing kilts without drawers underneath.

For the record, I always fly wearing a Utilikilt, and as with any time I wear a kilt, unless there’s some situation that demands otherwise, I generally do go commando. Hey, it’s comfortable, and under normal circumstances, there’s little to no likelihood that anyone’s going to be seeing anything they don’t want to. It’s never been a problem — quite the opposite, in fact, I usually just breeze through the metal detectors.

This past summer, though, as I was flying up to Anchorage from Seattle, I was pulled aside after going through the metal detector for a patdown. I was surprised, especially when the TSA screener told be that I was pulled aside specifically because I wore the kilt. My best guess is that because they can’t eyeball the shape of your upper legs as easily as when wearing pants, it’s marginally more likely that I could have something dangerous but non-metallic strapped to my upper/inner thigh. If that was the reasoning (they didn’t say), it does make me wonder if they regularly pull women wearing skirts aside for the extra pat-down, or if they reserve that treatment for men in skirts. Obviously, weirdos like us are far more likely to be dangerous.

The pat-down itself was about what I’d expect of a normal pat-down — thorough enough, with a quick run of the hands up my legs and under the kilt, but not so thorough that the screener knew whether or not I was commando. No fondling was involved, though there was a cursory brush-down of the front of the kilt that jostled things around a bit. A bit surprising, but at the time, I just shrugged it off.

No more of that, though. While I’m not flying anytime soon, if all of this ridiculousness is still going on when I do have to fly somewhere, I’m definitely opting out, and they just better do their jobs. If they’re determined to sexually assault me, then I’m at least going to get my money’s worth!

(via @jackwilliambell‘s retweet of @furf; image via BoingBoing via Oleg Volk)