Sat, 18 Jun 2011

Security Issues at Home

*Originally published in the June 15th Issue of FidoGazette

Time to Surround Your Driveway with Fencing?

by Janis Kracht, 1:261/38

It used to be that when one thought about fencing your yard, it was enough to figure in the cost of the perimeter of the yard, or at the least surrounding your pool (as a safety measure for children)... not so these days is seems. And as is often the case in our society, it's those-guys-with-$$ who can afford expensive fencing who will be exempt from a recent ruling regarding attaching a tracking device to your car (I know how much the chain-link fence we put in for our labrador retrievers cost us.. over $3000.00, about 7 or 8 years ago..)

We've been hearing about safety and security on our systems thanks to Richard Webb's ToolBox series. Given that, I thought some of you might be interested in one of my favorite sites regarding security.

I subscribe to a security newsletter, the "CRYPTO-GRAM" published and written by by Bruce Schneier. He's an internationally renowned security technologist and author. He's been described as a "security guru," bringing security issues to the world in a clear and understandable way. As his page states, "When people want to know how security really works, they turn to Schneier."

You can read his newsletters or subscribe to his newsletters here:

In the latest issue, Mr. Schneier points out, as Richard has already mentioned in his ToolBox series, that a recent ruling by the 9th U.S. Circuit Court of Appeals affirms that it's legal for law enforcement to secretly place a tracking device on your car without a warrant, even if it's parked in a private driveway.

An article that Mr. Schneier links to at http:/ tracking-is-legal/ (wraps) states the ruling, which sets precedent for Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon and Washington, holds that "the right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures" doesn't apply to driveways.

From that article written by Jim Garrettson:

'This decision upsets years of legal precedent establishing "curtilage" (legalese for the property surrounding a house) as protected under the Fourth Amendment, and represents an officiously narrow interpretation of the "open fields doctrine" test established in United States v. Dunn in 1987. In that case, DEA agents tracked a large shipment of chemicals used to manufacture drugs to Mr. Dunn, a meth lab operator. Agents crossed his fence, looked through the barn window, found the meth lab, executed a search warrant and convicted Dunn of conspiracy to manufacture and distribute methamphetamine.

The prosecution argued that, as per Hester v. United States, Fourth Amendment protection does not extend to the "open fields." Dunn argued that the case didn't concern an "open field"; it concerned a barn surrounded by barbed wire. Dunn's conviction was thrown out by the Supreme Court, and established the four-point test of whether curtilage privacy protections apply.

From the ruling, "curtilage questions should be resolved with particular reference to four factors: the proximity of the area claimed to be curtilage to the home, whether the area is included within an enclosure surrounding the home, the nature of the uses to which the area is put, and the steps taken by the resident to protect the area from observation by people passing by."

In the majority opinion, the Ninth Circuit Court ruled that since Pineda-Moreno's driveway wasn't enclosed and was open to passersby like delivery men and neighborhood children, it didn't pass the Dunn test for curtilage. Never mind that in the Dunn opinion, the majority writes "we do not suggest that combining these factors produces a finely tuned formula that, when mechanically applied, yields a "correct" answer to all extent-of-curtilage questions."

This strict application of precedent really means that only people who can afford to fence off their driveways have a reasonable expectation of privacy, as pointed out by Chief Judge Alex Kozinski in his dissenting opinion. Though he was appointed by Reagan and remains a vocal conservative in the predominantly liberal Ninth Circuit, his dissenting opinion makes him sound like a hardline leftist.

"There's been much talk about diversity on the bench, but there's one kind of diversity that doesn't exist," he wrote. "No truly poor people are appointed as federal judges, or as state judges for that matter."

But the Ninth Circuit doesn't make precedent for the whole country, and the U.S. Court of Appeals for the District of Columbia recently ruled that extended tracking via GPS requires a warrant. But, since conflicting precedent has now been set on the West Coast, this issue is bound for the Supreme Court. Hopefully, they'll side with the rights of the people.'

I didn't expect much...

posted at: 22:16 | path: /security | permanent link to this entry | 3 comments | "


* Originally published in the June 15th Issue of FidoGazette

The Old School Toolbox

By Richard Webb, 1:116/901

the real paradigm shift

I stumbled across a news story in February which featured proposed "do not track me" laws which might be introduced in congress. Such laws would apply to commercial entities, and in this writer's opinion give folks a false sense of security. I grant that such laws would keep commercial entities from tracking your viewing and spending habits as you surf the web, but that doesn't eliminate many of the real dangers. There are laws on the books prohibiting burglary too, but if they make you feel safe enough to leave your house unlocked when you leave for the day then I want some of whatever you're having. Remember that old public service TV ad back in the late '60's which admonished folks to "lock your car, take your keys" and aired quite frequently? Even then, you'll notice that devices such as "the club" are big sellers. A common rite of passage for teenage boys back then was to learn how to "hot wire" a car, even though many of us never stole one, even for a joyride. We've made that more difficult since those days, and should do the same for our personal data.

No matter how many laws are passed those laws are subject to interpretation by the courts. They too are finding it hard to keep up with new methods of interaction and communication. That's why we need to be aware of all this stuff, and proceed with caution in choosing the services we use, and what information we might allow to be shared with others.

This is scary stuff. That's why Orwell's book was banned so many places. After all the benevolent ones, the cops and others of that sort will tell you that they're well aware of your civil liberties concerns. But we've all heard the horror stories about what happens when civil liberties are disregarded by the enforcers of the law. That still leaves us with the questions regarding the salesman, the foreign government endeavoring to coopt our broadband connected systems in a malevolent botnet, etc. Do they care about your civil liberties and your rights? NO they don't, they care about achieving their objectives, whether that be the sales quota, ripping you off or winning the battle. The panopticon isn't as scary if you know how to construct good fences, and good curtains or shades. We in Fidonet have been accustomed to thinking about these issues long before the average person even needed to be aware of them. We should bring that awareness to our neighbors coworkers and friends.

Anybody who hasn't lived under a rock has heard of medical records being hacked; banks and financial institutions being intruded upon by hackers and other sorts of miscreants. But, we don't think about all that convenience. We don't think that when we use that preferred customer card to get a few cents worth of discount or other perks that the retailer providing us this preferred customer card is tracking information about our purchasing habits. To whom does that retailer provide this information? We really can't say for sure, and they sure aren't rushing right out there to disclose it.

We emit a steady stream of personal information, often without realizing it. we use that credit card to buy things at the store, often with that aforementioned preferred customer card. WE fill out an online survey which can be correlated with our email address. We sign up for internet mailing lists relating to our hobbies professions and interests. We acquire a driver's license, own vehicles; register to vote; enroll children in school; pay various local state and Federal taxes. Often we allow folks to keep on file that handy nine digit number the government gave us, commonly known as a Social security number. I provide my social security number only where required by law, and then ask that if possible it not be provided when that organization or agency's databanks are queried. I also shred my junk mail which might contain personal information.

Even though we think that otherwise reputable longstanding companies and other popular sites on the net will utilize our personal information responsibly and ethically sometimes we soon learn different. Not just is it often difficult to get them to cease and desist with dumping your information out there, but often one finds that opt in is the default, and "opt out" takes a bit of work. Our good editor can tell you a story about which was I'm sure not a lot of fun to go through. She couldn't get any sort of positive resolution from those folks at all until she threatened to bring her state's attorney general into the loop.

I don't care for webmail, I don't social network in the modern meaning of the term. I don't have time, and I'm not willing to be bombarded with junk. I exercise my options to opt out of marketing campaigns, place myself on do not call lists, etc. If I want what you're selling I'll seek you out.

Even before the development of firesheep which allows someone to hijack your browser session whilst you use that wi fi hotspot I had a high degree of distrust of such facilities. i wonder how many of the multitude of public hotspot users are aware of this development.

As I keep repeating in this column, we in Fidonet were out there on that leading edge of explored cyberspace and bumped up against many of these issues. Fidonews articles looked at privacy questions from both sides. A couple of futuristic fiction pieces were published which also touched on them in that organ as well. We as Fidonet sysops and users can do a lot to educate our families and friends regarding these issues. To slightly modify a phrase I used to read often, we can teach them to know what to expect when they connect. Your family and friends are already aware of your Fidonet hobby I'm sure. They bring you their esoteric queries on computers and computer networking I'll bet. So, when this subject comes up in conversation with them you've a perfect opening to talk with them about protection. Protecting your personal information, as with all other aspects of personal security, begins with you. Ignore or neglect it at your peril.

If you felt this series of articles was a bit scary, and maybe a bit melodramatic I'm sorry about the latter part. As for the scary part, I meant to emphasize the scary. Don't just shudder when you consider how scary it was however, do something about it. Protect yourself, and encourage those you care about to do the same. Demanding more government regulations isn't really going to help here. You can't even depend on government enforcing laws already on the books, or interpreting them so as to protect your privacy. Make good personal security a habit and you'll have less reason to complain later.

posted at: 21:35 | path: /security | permanent link to this entry | 0 comments | "