To me, Comey is a man who has lost the goal in pursuit of his particular mission.
Defense, intelligence, policing, all these things exist in order to uphold the constitution, protect the "American ideals", etc. Many of his statements pretty directly show that he doesn't care about the collateral damage to innocent people's privacy or any founding principles, he just wants his mission to be unhindered. It's the same mentality behind police forces wanting to make their job less dangerous and more straightforward, by escalating use of force and trampling rights.
With this hypocrisy, as has come many times before (congress shocked and demanding privacy when the CIA spies on them, for instance)... I can only shake my head. Come on.
This is a pattern you see in a lot of high-performing people.
They aren't particularly interested in the 'big picture'. They may say they are, they may think they are, but on a practical, day-to-day basis, it's irrelevant. They know the mission of their organizational unit, they know the goals that need to be accomplished to achieve that mission, they know the metrics they need to hit to advance within that organization, and they are adept at focusing their full attention and energy on whatever task is in front them that leads directly to those ends. It's a personality type that thrives in large organizations - government, private, whatever - and to a certain extent its necessary to make large organizations work, but the risk is that you end up with people wielding significant power who behave like wind-up dolls.
Something else to consider: Comey is also the man who famously rushed to the bedside of a very ill John Ashcroft who was being asked by Alberto Gonzales to reauthorize the warrantless wiretapping [now known as STELLAR WIND] to stop it because he felt it was illegal. Like he actually threatened to quit and was acting AG. [1]
I'm no way trying to defend his agency's actions on encryption - it's chilling and probably one of the most important and defining issues of the information age. Only adding this to point out that people are complex and not black and white and their motives and beliefs and actions can sometimes be in conflict and cognitively dissonant.
I don't understand why smart people have so much trust on encryption mechanisms. For any information to be useful, it has to be converted in some way. For example, if it is an image it has to be unconverted and presented as pixels in a screen. If you're typing an email it has to come unencrypted from a keyboard. Encryption only make it difficult to access the information once it is transmitted, but it is still pretty easy to create a virus or something that access the data at the moment it is used. In my opinion there are cases in which using tape on a webcam is far superior than using complicated encryption strategies.
> To me, Comey is a man who has lost the goal in pursuit of his particular mission. Many of his statements pretty directly show that he doesn't care about the collateral damage to innocent people's privacy or any founding principles, he just wants his mission to be unhindered.
There's nothing new about this, btw. The US government doesn't care about protecting the elusive "American ideals" or your freedoms and it has been that way for decades if not hundreds of years. There's nothing idealistic about the way a government operates, regardless of country.
I care about audio so much more than video, and text/keys/etc captured from the machine even more. As long as my screen and keyboard are out of the frame of the camera, I don't really care about it getting RATed. At worst, you'll see me naked, or making angry/etc. faces at someone on irc or email. While embarrassing it would be less bad than most of what you could accomplish by stealing actual information.
OTOH, carrying around a microphone connected to the Internet which can be remotely enabled at any time without leaving any real trace (battery use/network use is the only real sign, although even that could be covered up to a great degree -- there is probably a way to do either low-fidelity or infrequent audio pickup, maybe keyed on location and charger state, and on-device pre-processing) -- people do this all the time Mostly because there's no real alternative to carrying smartphone yet.
Plus, of course, there's the fact that no modern desktop OS is particularly secure -- either you give up auto-updates and likely fall to bugs, or use auto-updates and are at risk to your OS vendor or anyone who can compel him. So sensors attached to it, as well as stuff processed on it, is also at risk. You can somewhat mitigate this through a large combination of other protections, but it's almost impossible for a single user single machine to solve that problem.
I'd love a custom run of Dell Chromebook 13 or Lenovo Thinkpad 13 Chrome Edition with no built-in mic/camera, and an EPROM vs. EEPROM, and some special case features. Would be willing to commit to buy 10k units at ~$800/unit retail in 8-16GB x 32GB config.
I typically buy older Lenovo laptops that I can put LibreBoot on, an open-source BIOS replacement. Then I open it up and disconnect the speakers, microphone, and camera. When I close the laptop back up, I usually place tamper-resistant seals over several locations.
For an OS, I run Whonix and have it configured so the system wipes the memory and shuts down immediately if anything foreign is attached or removed from USB.
Since I don't use any eSata or Firewire devices, if those ports exist I epoxy over them. There are too many ways to dump memory with direct DMA access.
If you were serious about a custom run of security-focused laptops, I think you would have a market for them. Dell and Lenovo just subcontract with manufacturers in China and it wouldn't be too difficult to contact one and give them the specs and do a custom run of laptops. Considering putting actual hardware switches for both the Wifi and Bluetooth.
That custom run you've described sounds like exactly the sort of "interesting" order I'd like to intercept and backdoor (as part of NSA's TAO or some other yet unnamed organization).
Personally I'd prefer to buy off-the-shelf hardware and just snip the mic and camera.
My mother used to be a police officer, and she once came back from a visit to the department of the interior in our federal state (of Germany) and told me about a room they had there (maybe several) for meeting where sensitive issues are discussed. What sets them apart - among other things, I guess - is that there are no phone lines, no network, and for meetings people are not allowed to bring telephones/smartphones, tablets, or computers of any kind.
So, yes, the audio thing is something to worry about.
Some laptops already have physical switches for wireless connectivity, couldn't you just add one of those that cuts power to the onboard microphone and camera?
It is already possible to run a VM and get 95% of the normal performance with a processor with recent virtualization instructions. My next computer will be built with this specifically in mind. I think this is an important step to better computer security.
I removed the mic and speaker from my phone and now make calls using a bluetooth enabled headset that is usually turned off. This "hack" took about 15 minutes and is not too inconvenient for my lifestyle.
>"I saw something in the news, so I copied it. I put a piece of tape — I have obviously a laptop, personal laptop — I put a piece of tape over the camera. Because I saw somebody smarter than I am had a piece of tape over their camera."
Such a telling statement. It's my belief that this man does not adequately comprehend the magnitude of the issues at hand. General Hayden, on the other hand, is a man whom I believe to actually understand the technology that he was charged with professional addressing.
This can't be unfamiliar to the director of the FBI. I have tape on my laptop cameras placed there by intelligence agencies as a prerequisite for bringing my laptop inside their security perimeter, albeit in a quarantined space.
The reason I was given for the tape when asked was interesting, since they obviously didn't care about the microphone. Supposedly it was possible for the camera to capture people in the facility in the background and through glass that could be matched with facial recognition. The very fact that certain people were seen inside their facility could be sufficient to expose secrets they wanted to protect. Audio, on the other hand, just captures ambient noise in quarantined spaces which isn't that interesting since the discussion is not classified. In that sense, the camera has much greater range than the microphone. Which makes some sense.
But surely the Director of the FBI would know this.
"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.
"That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, ..."
Sorry man, you were instituted to serve me, at my consent and pleasure, not the other way around. You have the make the case to me to do what you want, not the other way around.
I'd be interested in finding out how many people do this with the front facing camera on their phone. It seems to be a much lower percentage than those who do it with their laptop webcam (from what I've observed at least).
To me it's not about the computer being compromised, but rather joining a WebEx/Hangouts/other conference/meeting software that suddenly decides to start sharing your webcam without prompting you.
There's been numerous times where I've joined meetings and someone gets caught with a goofy face or working from home in their PJs because they mis-clicked something on a crappy e-meeting UI.
If someone hacks into my computer and steals my CC info, I can very easily remedy that situation by calling the bank. Hell, my bank will probably notice before I do. I'm not even liable for the fraudulent transactions. The same is true to varying degrees of inconvenience for most information.
If someone hacks into my computer and takes videos of me in the buff (or worse, in an intimate situation) and posts them online, I have no remedy. The Rubicon has been crossed. The ship has sailed. The cat is out of the bag. You get the point.
Spare me the lecture about nudity and sex being a stupid taboo. If the world was how I wanted it to be, a lot of things would be different. You have to deal with the reality you live in.
The first Apple iSight cameras, back in the days of Firewire, had this nifty mechanical iris that covered the lens. A twist of the bezel ring and it opened, another and it closed.
Granted, just that feature was 6 times the volume of a modern webcam and probably three times the cost, but it did perfectly address people's discomfort with the eye staring at them.
For some reason, the ear listening to them doesn't seem to evoke the same reaction. I don't know anyone that tries to deafen their microphone.
Some people want to take additional assurances that they won't be blackmailed with explicit footage or find themselves on a revenge porn site. That sort of thing can make identity theft pale in comparison.
Another aspect to consider are devices used by children. Tape should be pretty much requisite.
How stupid do you have to be to doubt the security of your laptop enough to put tape over your webcam, but not enough to stop using it all together. If you are concerned that your laptop might be compromised, then you should stop using it. If hackers have access to your webcam, they most certainly also have access to your keyboard, mic, and every file on your system as well. So, what you are basically saying to the world is you don't care enough about your personal communication, files, and speech to properly secure your laptop, but by god, no one shall see you in front of your laptop. It's like sitting in a car that's on fire and saying to your self: "I know, I'll turn on the air con!"
I used to have a piece of tape on my webcam. But I figured that it couldn't possibly be so interesting to see my face, so I took a different strategy, and moved the tape piece 1cm to the right, so it covers the led indicating if the camera is in use.
I don't trust that LED anyway, and if someone should peek at me, I do not want to be made aware of it (and thereby distracted)
I've been telling friends and family to do this long before the Snowden revelations (as well as disabling their computers internal microphone). Many of them mocked me about the shine on my tinfoil hat. They don't do so much mocking anymore.
I have been following this surveillance and privacy debate. I understand that encryption cannot go both ways. We cannot create back doors that are only available to the good guys. Add to this that the 'good' guys are known to abuse power.
But I also cannot deny that at certain times there are legitimate reasons for law enforcement. What solution, maybe political if not technical, can we adopt to meet the legitimate demands of law enforcement?
Is it just me or is there at least one other person laughing their ass-off. Honestly, I am not sure to know if I am laughing at or feeling sorry for the FBI director. I felt that the director of FBI would not be scared of anyone monitoring him.
I think it's a big stretch to compare this to uncrackable encryption. While the piece of tape makes one avenue of surveillance impossible, it doesn't block them all. If law enforcement needed to surveil him in the same way that a webcam could, they could get a court order and place a camera in his home.
Uncrackable encryption, on the other hand, blocks all possible avenues of surveiling the desired communications. That isn't a bad thing, but it is different than placing tape over a webcam. I am definitely a proponent of government-proof encryption technologies, but grasping at straws trying to call this guy a hypocrite seems like a wasted effort to me.
There are actually smartphones and laptops where you can close the camera with an integrated sliding window. I don't know of such a thing for integrated microphones, but Thinkpad's bios allows disabling mic and camera, though if you don't trust bios's software switch, I'd recommend pulling the internal cables. Then you can connect a USB headset and/or camera on demand, knowing there's no always-on mic.
But, since even Windows desktop edition has Cortana these days, I'm afraid mic will be harder to disable in newer machines.
NPR suggests people in the director's position have a more legitimate need to cover their webcams "... It's certainly not unreasonable to worry about webcams, especially for someone as high-profile as Comey"
And teenagers?
There is no mention in the article of the "Lower Merion School District" case where school officials were spying on teenagers through their webcams in their rooms.
Call me old fashioned, but I think that's an important case for the general public to know about when discussing webcam privacy...
[+] [-] white-flame|10 years ago|reply
Defense, intelligence, policing, all these things exist in order to uphold the constitution, protect the "American ideals", etc. Many of his statements pretty directly show that he doesn't care about the collateral damage to innocent people's privacy or any founding principles, he just wants his mission to be unhindered. It's the same mentality behind police forces wanting to make their job less dangerous and more straightforward, by escalating use of force and trampling rights.
With this hypocrisy, as has come many times before (congress shocked and demanding privacy when the CIA spies on them, for instance)... I can only shake my head. Come on.
Encryption is our webcam tape.
[+] [-] blackbagboys|10 years ago|reply
They aren't particularly interested in the 'big picture'. They may say they are, they may think they are, but on a practical, day-to-day basis, it's irrelevant. They know the mission of their organizational unit, they know the goals that need to be accomplished to achieve that mission, they know the metrics they need to hit to advance within that organization, and they are adept at focusing their full attention and energy on whatever task is in front them that leads directly to those ends. It's a personality type that thrives in large organizations - government, private, whatever - and to a certain extent its necessary to make large organizations work, but the risk is that you end up with people wielding significant power who behave like wind-up dolls.
[+] [-] spinchange|10 years ago|reply
I'm no way trying to defend his agency's actions on encryption - it's chilling and probably one of the most important and defining issues of the information age. Only adding this to point out that people are complex and not black and white and their motives and beliefs and actions can sometimes be in conflict and cognitively dissonant.
1 http://www.washingtonpost.com/wp-dyn/content/article/2007/05...
[+] [-] coliveira|10 years ago|reply
[+] [-] rpgmaker|10 years ago|reply
There's nothing new about this, btw. The US government doesn't care about protecting the elusive "American ideals" or your freedoms and it has been that way for decades if not hundreds of years. There's nothing idealistic about the way a government operates, regardless of country.
[+] [-] krick|10 years ago|reply
Excuse me, but you are made to believe that they exist in order to uphold the constitution and yada yada.
[+] [-] frade33|10 years ago|reply
[+] [-] rdl|10 years ago|reply
OTOH, carrying around a microphone connected to the Internet which can be remotely enabled at any time without leaving any real trace (battery use/network use is the only real sign, although even that could be covered up to a great degree -- there is probably a way to do either low-fidelity or infrequent audio pickup, maybe keyed on location and charger state, and on-device pre-processing) -- people do this all the time Mostly because there's no real alternative to carrying smartphone yet.
Plus, of course, there's the fact that no modern desktop OS is particularly secure -- either you give up auto-updates and likely fall to bugs, or use auto-updates and are at risk to your OS vendor or anyone who can compel him. So sensors attached to it, as well as stuff processed on it, is also at risk. You can somewhat mitigate this through a large combination of other protections, but it's almost impossible for a single user single machine to solve that problem.
I'd love a custom run of Dell Chromebook 13 or Lenovo Thinkpad 13 Chrome Edition with no built-in mic/camera, and an EPROM vs. EEPROM, and some special case features. Would be willing to commit to buy 10k units at ~$800/unit retail in 8-16GB x 32GB config.
[+] [-] deftnerd|10 years ago|reply
For an OS, I run Whonix and have it configured so the system wipes the memory and shuts down immediately if anything foreign is attached or removed from USB.
Since I don't use any eSata or Firewire devices, if those ports exist I epoxy over them. There are too many ways to dump memory with direct DMA access.
If you were serious about a custom run of security-focused laptops, I think you would have a market for them. Dell and Lenovo just subcontract with manufacturers in China and it wouldn't be too difficult to contact one and give them the specs and do a custom run of laptops. Considering putting actual hardware switches for both the Wifi and Bluetooth.
I would certainly buy one!
[+] [-] brbsix|10 years ago|reply
Personally I'd prefer to buy off-the-shelf hardware and just snip the mic and camera.
[+] [-] krylon|10 years ago|reply
So, yes, the audio thing is something to worry about.
[+] [-] shurcooL|10 years ago|reply
[+] [-] HappyTypist|10 years ago|reply
So it's here.
[+] [-] 50CNT|10 years ago|reply
[+] [-] jimhefferon|10 years ago|reply
Most people would settle for a physical switch, that is, a switch in hardware.
[+] [-] SixSigma|10 years ago|reply
And yet somehow, I manage
[+] [-] CyberDildonics|10 years ago|reply
[+] [-] witty_username|10 years ago|reply
[+] [-] c22|10 years ago|reply
[+] [-] JabavuAdams|10 years ago|reply
[+] [-] zxcvcxz|10 years ago|reply
[+] [-] kobayashi|10 years ago|reply
Such a telling statement. It's my belief that this man does not adequately comprehend the magnitude of the issues at hand. General Hayden, on the other hand, is a man whom I believe to actually understand the technology that he was charged with professional addressing.
[+] [-] jandrewrogers|10 years ago|reply
The reason I was given for the tape when asked was interesting, since they obviously didn't care about the microphone. Supposedly it was possible for the camera to capture people in the facility in the background and through glass that could be matched with facial recognition. The very fact that certain people were seen inside their facility could be sufficient to expose secrets they wanted to protect. Audio, on the other hand, just captures ambient noise in quarantined spaces which isn't that interesting since the discussion is not classified. In that sense, the camera has much greater range than the microphone. Which makes some sense.
But surely the Director of the FBI would know this.
[+] [-] a3n|10 years ago|reply
"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.
"That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, ..."
Sorry man, you were instituted to serve me, at my consent and pleasure, not the other way around. You have the make the case to me to do what you want, not the other way around.
[+] [-] tlrobinson|10 years ago|reply
[+] [-] NelsonMinar|10 years ago|reply
[+] [-] dublinben|10 years ago|reply
[+] [-] everly|10 years ago|reply
[+] [-] comboy|10 years ago|reply
[+] [-] CorpOverreach|10 years ago|reply
There's been numerous times where I've joined meetings and someone gets caught with a goofy face or working from home in their PJs because they mis-clicked something on a crappy e-meeting UI.
[+] [-] wildmusings|10 years ago|reply
If someone hacks into my computer and takes videos of me in the buff (or worse, in an intimate situation) and posts them online, I have no remedy. The Rubicon has been crossed. The ship has sailed. The cat is out of the bag. You get the point.
Spare me the lecture about nudity and sex being a stupid taboo. If the world was how I wanted it to be, a lot of things would be different. You have to deal with the reality you live in.
[+] [-] jws|10 years ago|reply
Granted, just that feature was 6 times the volume of a modern webcam and probably three times the cost, but it did perfectly address people's discomfort with the eye staring at them.
For some reason, the ear listening to them doesn't seem to evoke the same reaction. I don't know anyone that tries to deafen their microphone.
[+] [-] brbsix|10 years ago|reply
Another aspect to consider are devices used by children. Tape should be pretty much requisite.
[+] [-] kobayashi|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] maus42|10 years ago|reply
[+] [-] x0054|10 years ago|reply
[+] [-] leereeves|10 years ago|reply
[+] [-] throwaway0209a|10 years ago|reply
[+] [-] StanislavPetrov|10 years ago|reply
[+] [-] livus|10 years ago|reply
I have been following this surveillance and privacy debate. I understand that encryption cannot go both ways. We cannot create back doors that are only available to the good guys. Add to this that the 'good' guys are known to abuse power.
But I also cannot deny that at certain times there are legitimate reasons for law enforcement. What solution, maybe political if not technical, can we adopt to meet the legitimate demands of law enforcement?
[+] [-] sreenadh|10 years ago|reply
[+] [-] downandout|10 years ago|reply
Uncrackable encryption, on the other hand, blocks all possible avenues of surveiling the desired communications. That isn't a bad thing, but it is different than placing tape over a webcam. I am definitely a proponent of government-proof encryption technologies, but grasping at straws trying to call this guy a hypocrite seems like a wasted effort to me.
[+] [-] zhte415|10 years ago|reply
If needed for a function, a USB camera and/or microphone is applied for through various chains of approval, and plug-in pull-put tracked.
[+] [-] rhizome|10 years ago|reply
[+] [-] cm3|10 years ago|reply
But, since even Windows desktop edition has Cortana these days, I'm afraid mic will be harder to disable in newer machines.
[+] [-] irixusr|10 years ago|reply
And teenagers?
There is no mention in the article of the "Lower Merion School District" case where school officials were spying on teenagers through their webcams in their rooms.
Call me old fashioned, but I think that's an important case for the general public to know about when discussing webcam privacy...
[+] [-] giardini|10 years ago|reply
Snowden?
[+] [-] daveheq|10 years ago|reply