entries friends calendar profile Organised Adversary Previous Previous
Ben's Bazaar
A collection of observation and opinion
I've fixed the horrible errors that were sending my tweets here, it only took a few hours.

To do that I've had to disable cross-posting and it looks like it won't even work manually, so my updates will likely only occur on my own domain.

Details of the changes are here. They include better response times for my domain and no more Twitter posts on the main page, which should please those of you who hate that. Apparently that's a lot of people, but since I hate being inundated with FarceBook's crap I guess it evens out.

The syndicated feed for my site around here somewhere will get everything, but there's only one subscriber to that (last time I checked) and she's smart enough to decide how she wants to deal with that.

Tags: , ,

5 comments or Leave a comment

Now to give them their last hurrah: sign my current key with them and then revoke them! #crypto

Originally published at Organised Adversary. Please leave any comments there.

Tags:

These are the same keys I referred to in the PPAU #NatSecInquiry submission as being able to be used against me. #crypto

Originally published at Organised Adversary. Please leave any comments there.

Tags:

Sometimes I amaze even myself; I remembered the passphrases to old PGP keys I thought had been lost to time. #crypto

Originally published at Organised Adversary. Please leave any comments there.

Tags:

@GregBehrendt Thanks for introducing me to @goSuperego they’re hilarious. :)

Originally published at Organised Adversary. Please leave any comments there.

Tags:

Trialling @CloudFlare‘s service for my domain, but only for the website everything else is still in house. #AdversaryOrg

Originally published at Organised Adversary. Please leave any comments there.

Tags:

@Longi_au What?

Originally published at Organised Adversary. Please leave any comments there.

Tags:

@crazyjane13 The giveaways were using a job description for a temp gov’t contract and particular email alias on my domain.

Originally published at Organised Adversary. Please leave any comments there.

Tags:

@Neefsck It’s cool, I remember what those weeks are like. ;)

Originally published at Organised Adversary. Please leave any comments there.

Tags:

Current pet peeve: people using LinkedIn to find personal domains to spam to.

Originally published at Organised Adversary. Please leave any comments there.

Tags:

@NathanFillion @MELGMG Did you really mean to say “I would love to come in France this summer” or did you mean “to France”? :)

Originally published at Organised Adversary. Please leave any comments there.

Tags:

RT @piratepartyau: .@serkowski speaking at Metro Screen #piracy debate here: youtube.com/watch?feature=… #copyright

Originally published at Organised Adversary. Please leave any comments there.

Tags:

Heisenberg’s Law of Job Applications: if you tell your mother your going for a particular job, you won’t get it.

Originally published at Organised Adversary. Please leave any comments there.

Tags:

Yesterday’s #Bitcoin loan worked out very well for me, so now I’ve written code to make it easier in future.

Originally published at Organised Adversary. Please leave any comments there.

Tags:

A petition to get #Bitcoin recognised as a currency: is.gd/PGYMGn

Originally published at Organised Adversary. Please leave any comments there.

Tags:

Just made my first #Bitcoin loan on OTC, this should be interesting.

Originally published at Organised Adversary. Please leave any comments there.

Tags:

@Wil_Anderson Which means the police will finally be doing something useful.

Originally published at Organised Adversary. Please leave any comments there.

Tags:

BOOM! That must’ve been the safe.

Originally published at Organised Adversary. Please leave any comments there.

Tags:

In the interests of making next year’s Federal Election a little more entertaining for myself and other Bitcoin users I have returned to the Bets of Bitcoin site and made a couple of statements on the outcome.

The first statement is that the ALP will form government and the second is that the Coalition will do so.

It is ninety-nine point something ridiculous percent guaranteed that one of these being true will guarantee the other being false. Since there is an almost insignificantly tiny chance that both could be true or both could be false, I decided to make both bet statements.

For both statements to be true the Coalition and ALP would need to form an alliance against minor parties and independents. For both statements to be false a minor party (probably the Greens) would need to form government in conjuction with a massive number of independents and face off against both the ALP and the Coalition. While that would be quite entertaining, I don’t expect to ever see it. Both statements deal entirely with the results of the election for the House of Representatives, so even if an election is called prior to the 3rd of August the results of these statements are not affected.

This time I bet both for and against each of my statements, so even though I will receive a percentage of the winnings in addition to my successful bets, I don’t expect to actually come out ahead in this. The main reason for making the bets is to add more than just bets on American elections to the site and make things a little more entertaining for Australian Bitcoin users. There’s also some interesting aspects with the weighting being based on the dates I put in which are the latest possible date for the election. So the weighting will never be reduced to zero, which is a bonus for any bet made, even if an early election is called.

Betting on both sides of each statement effectively just seeds the pot so that people betting on either statement in either direction are guaranteed something if they win. While I can’t break even unless there is a total of 8.00 BTC in the winning pools across both bets. Half of that would cover the statement fees and the other would half cover my inevitable losing bets.

The most unlikely outcome, of course, is that something really weird happens and both statements are declared a draw. If that happens I’ll just be down 0.2 BTC, but on the plus side Australian politics would be a very weird and interesting thing.

What will be really interesting with both bets is the social experiment. Since the bets are effectively the opposite of each other, except for weird results, will people prefer to vote for a party or against one? Although as more people bet on one statement or the other, an estimate of likely winnings is more likely to determine which way a bet will be placed and on which statement.

Hopefully this will provide a shade more entertainment in the election for some people.

Originally published at Organised Adversary. Please leave any comments there.

Tags: , , , , , , ,

Last month the Pirate Party Australia, along with hundreds of other organisations and individuals, made a submission to the Joint Parliamentary Committee’s Inquiry into potential reforms of National Security Legislation. I co-authored the Pirate Party Australia submission and wrote around half of it.

When the submissions were published there was one in particular which caught my attention. That being this submission by Andrew Brunatti and Neveen Abdalla of Brunel University in London. Mr. Brunatti is a doctoral candidate at the Brunel Centre for Intelligence and Security Srudies, while Mr. Abdalla is a masters candidate.

The Brunel submission was interesting because, in addition to offering support to the proposals in the Inquiry’s discussion paper, they proposed Australia introduce a system they termed a National Digital Identity Regime (NDIR). Essentially this amounted to a national ID program for all online activity by everyone in Australia and possibly elsewhere, by assigning a number or code to every Internet user.

Their proposal was based on a number of assumptions regarding the situation in Australia, incorrect information regarding existing regulations and falsified or obscured data. My concern with their proposal stemmed from the possibility of the government or law enforcement in Australia attempting to adopt their proposal, in spite of the significant flaws in both the NDIR proposal and the research backing it.

I decided to email Mr. Brunatti and copied the email to his PhD supervisors at Brunel with my concerns and criticism. Mr. Brunatti’s response was brief and answered none of my questions, concerns or criticisms. Nor did he defend himself or his co-author (I was unable to find an email address for Mr. Abdalla). As a consequence, I am standing by and stating publicly in regards to Mr. Brunatti, Mr. Abdalla and the Brunel Centre for Intelligence and Security the following criticism:

The lack of proper research and selective presentation of just those facts which support the implementation of your National Digital Identity Regime is, at best, both incompetent and disingenuous. Your evidence, such as it is, appears to utilise deliberate fallacies and obfuscation of opposing data; in order to promote an authoritarian scheme designed to eviscerate basic civil liberties.

Below I am including copies of the full correspondence with Mr. Brunatti, including links to the original email files. My emails are digitally signed with my GPG key using PGP/MIME for additional verification. Mr. Brunatti’s sole email is base64 encoded and needs to be viewed in an email client to be read.

My emails include thorough details of my criticisms and specific flaws in the Brunel submission. This includes, but is not limited to: the assumption that so-called “burner phones” are available in Australia as they are in the United States or United Kingdom (prepaid SIMs in Australia must be linked to a driver’s license or Medicare number); their addressing privacy risks with not implementing their NDIR, but do not address the privacy risks with doing so; completely ignoring previous failed attempt to implement national identity schemes in Australia (e.g. the Australia Card and the Access Card); their failure to address issues of identity theft using the NDIR and numerous unanswered questions regarding their motives for making their submission.

My initial email (original email here):

From: Ben McGinnes
Subject: Brunel submission to Australia’s National Security Inquiry
Date: Date: Sat, 25 Aug 2012 19:24:07 +1000
To: Andrew Brunatti
CC: Philip Davies, Kristian Gustafson (Staff)

Hello,
I’ve been reading your submission to Australia’s Joint
Parliamentary Committee on Intelligence and Security’s Inquiry into
potential reforms of National Security Legislation. I should state
that I would have also sent this to your co-author, Neveen Abdalla,
but I have been unable to find an email address for him.

Your submission is interesting and I have a few issues with it that I
wanted to raise. I will start with the factual errors and ommissions,
and then move on to other matters.

1) On page 6 you cite Operation PENDENNIS as a “significant terrorist
plot” in spite of the fact that the Benbrika cell was almost
completely useless, had not selected a target beyond some initial
ideas and had no means by which to carry out an attack. There was a
significant amount of law enforcement resources deployed in catching
and charging them, though.

2) On page 6 you refer to people being able to “pay cash for a
no-check ‘pay-as-you-go’ mobile phone” which are commonly referred to
as burner phones. These exist in the United States and may exist in
the UK, but do not exist in Australia. To activate a pre-paid SIM in
Australia requires a valid Medicare number or driver’s license number.

3) On page 10 you cite risks to citizens’ privacy as a result of not
implementing a National Digital Identity Regime, but you fail to
mention any of the risks caused by such a scheme (see points 4 to 8).

4) On pages 10 to 14 you describe your proposed National Digital
Identity system, drawing parallels to existing systems (e.g. Medicare
numbers and Tax File Numbers) by assigning a number to every person in
Australia. You ignore the fact that both the Medicare and Tax systems
are limited to a very limited subset of individual interaction with
government departments and some businesses, whereas this would apply
to everything done online. You also completely fail to mention
previous similar proposals, such as the Australia Card proposed in
1985 and the Access Card proposed in 2007. Both the Australia Card
and the Access Card were rejected by Australians.

5) You have failed to address any issues pertaining to the value of
anonymity and/or pseudonymity in a democratic society. Both anonymity
and pseudonymity, while possessing some potential for abuse, also
provide essential safeguards to privacy and the democratic process by
enabling whistleblowing or protecting the identity who may be afraid
to comment publicly under their so-called “real” identity (e.g. rape
victims, domestic violence victims, stalking victims, etc.) as the
result of a geuine fear of some form of reprisal. Nor does it address
the fact that there is currently no requirement in Australia for
people to always identify themselves by the name that appears on their
birth certificate, citizenship papers or passport.

6) Your National Digital Identity Regime requires mandatory
identification of all individuals to law enforcement, which is not
something that is currently required.

7) Your National Digital Identity Regime appears designed to be
utilised with all online services and communication, yet it contains
no detail as to how the system would be designed to prevent identity
theft if just one such online service were compromised by criminals.

8) Your National Digital Identity Regime does not address the problems
stemming from other unlawful or unauthorised access to it. In
particular abuse of power by law enforcement personnel, including
corrupt members of law enforcement. Nor have you addressed the risk
to lives by corrupt personnel accessing National Digital Identity
systems (ref. the murder of Terence and Christine Hodson following the
leaking of their Victoria Police LEAP records to criminals during
Melbourne’s gangland war).

The lack of proper research and selective presentation of just those
facts which support the implementation of your National Digital
Identity Regime is, at best, both incompetent and disingenuous. Your
evidence, such as it is, appears to utilise deliberate fallacies and
obfuscation of opposing data; in order to promote an authoritarian
scheme designed to eviscerate basic civil liberties.

You appear to be trading off the reputation of Brunel University in an
attempt to foist a scheme which would reduce the privacy of a everyone
in a society in which you do not live and would not be directly
affected by the adverse repercussions of.

Your submission and proposed National Digital Identity Regime raises
more questions than it appears to answer:

* Why did Brunel University decide to make a submission to a national
security inquiry when no one involved in the submission is
Australian or lives in Australia?

* Is the National Digital Identity Regime being recommended to
Australia because Australia lacks the treaty obligations that
European Union member states have protecting human rights (e.g. the
European Convention on Human Rights)?

* Do you hope that a National Digital Identity Regime being applied in
Australia would serve as a basis to implement a similar system in
other countries, such as the UK and EU member states?

* Would you actually want to live in a country with a mandatory
National Digital Identity Regime or are you only interested
inflicting this on others?

* How do you respond to criticisms of your submission as being a
paternalistic attitude towards a former colony?

The National Digital Identity Regime would facilitate a significant
level of surveillance of everyone in Australia, especially in
conjunction with the decryption on demand (C15a) and data retention
(C15c) proposals of the original inquiry discussion paper. This
proposal would be a severe blow to human and civil rights in
Australia, which are already lacking the kind of constitutional and
legislative safeguards available to many other countries around the
world and all other western liberal democracies.

As you’ve probably guessed by now, not only do I oppose a large number
of the proposals in the discussion paper (see below for more detail),
I also oppose your National Digital Identity Regime. I find it
particularly offensive that you seek to advance this scheme in a
country where you won’t have to deal with the consequences yourself.
We’re not exported convicts anymore, you can’t simply use Australia as
a laboratory for testing your authoritarian theories.

Note: I co-authored the Pirate Party Australia submission to the
PJCIS inquiry (submission no. 134) and wrote a submission for the
Access Card Inquiry in 2007 (submission no. 16).

Those submissions are available here:

http://www.aph.gov.au/binaries/senate/committee/fapa_ctte/completed_inquiries/2004-07/access_card/submissions/sub16.pdf

http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committees?url=pjcis/nsl2012/subs/sub134.pdf

Regards,
Ben


Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes
Systems Administrator, Writer, Trainer, ICT Consultant
Encrypted email preferred – primary OpenPGP/GPG key: 0x73590E5D

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x321E4E2373590E5D

OpenPGP/GPG key transition: http://www.adversary.org/keyswitch.txt.asc

You might think that an email like that would produce a somewhat concerned response in a serious academic, but all I received was this (original email here):

From: Andrew Brunatti
Subject: RE: Brunel submission to Australia’s National Security Inquiry
Date: Sun, 26 Aug 2012 19:37:00 +0100
To: Ben McGinnes
CC: Philip Davies, Kristian Gustafson (Staff)

Dear Mr. McGinnes,

Thanks very much for your email commenting on our submission to the PJCIS. You raise some points that my co-author and I find very valuable and we look forward to integrating your critiques into any future work.

I’ve read your own submission with interest and have found it most engaging. I’m glad to see other informed and engaged voices weighing in on the lawful access debate, which I think we would both agree is one of fundamental importance.

I look forward, as I’m sure you do, to the Committee’s deliberations and final report, and hope that a balance can be struck which addresses both privacy and security concerns.

Best regards,

Andrew
_______________
Andrew Brunatti
PhD Candidate (Politics & History)
Brunel Centre for Intelligence and Security Studies (BCISS)
Brunel University, Uxbridge
UB8 3PH, UK

Academic Email: Andrew.Brunatti@brunel.ac.uk

“Most ambassadors do not worry that the wrong people will read their cables, but that the right people won’t.” (Peter W Galbraith)

Thus far, that is the entirety of the correspondence I have received from Andrew Brunatti or anyone else at Brunel University.

I didn’t really feel that that was a sufficient response, so I replied (original email here):

From: Ben McGinnes
Subject: Re: Brunel submission to Australia’s National Security Inquiry
Date: Mon, 27 Aug 2012 20:27:23 +1000
To: Andrew Brunatti
CC: Philip Davies, Kristian Gustafson (Staff)

On 27/08/12 4:37 AM, Andrew Brunatti wrote:
> Dear Mr. McGinnes,
>
> Thanks very much for your email commenting on our submission to the
> PJCIS. You raise some points that my co-author and I find very
> valuable and we look forward to integrating your critiques into any
> future work.

That’s good, but you have failed to answer any of my questions or
address any of the inaccuracies in your own submission.

In addition to the flaws in your submission and proposed National
Digital Identity Regime, I am still waiting for a response to this
criticism:

“The lack of proper research and selective presentation of just
those facts which support the implementation of your National
Digital Identity Regime is, at best, both incompetent and
disingenuous. Your evidence, such as it is, appears to utilise
deliberate fallacies and obfuscation of opposing data; in order to
promote an authoritarian scheme designed to eviscerate basic civil
liberties.”

I am also waiting for answers to these questions:

* Why did Brunel University decide to make a submission to a national
security inquiry when no one involved in the submission is
Australian or lives in Australia?

* Is the National Digital Identity Regime being recommended to
Australia because Australia lacks the treaty obligations that
European Union member states have protecting human rights (e.g. the
European Convention on Human Rights)?

* Do you hope that a National Digital Identity Regime being applied in
Australia would serve as a basis to implement a similar system in
other countries, such as the UK and EU member states?

* Would you actually want to live in a country with a mandatory
National Digital Identity Regime or are you only interested
inflicting this on others?

* How do you respond to criticisms of your submission as being a
paternalistic attitude towards a former colony?

To which I wish to add the following question:

* Is the National Digital Identity Regime proposal and your submission
part of an effort drum up business for the BCISS Consultancy
service?

> I’ve read your own submission with interest and have found it most
> engaging. I’m glad to see other informed and engaged voices
> weighing in on the lawful access debate, which I think we would both
> agree is one of fundamental importance.

It’s certainly important, but you and I clearly hold opposing points
of view regarding appropriate use of such power.

> I look forward, as I’m sure you do, to the Committee’s deliberations
> and final report, and hope that a balance can be struck which
> addresses both privacy and security concerns.

I’m certainly interested in the outcome of the report, but seeing the
shift in my country over the last decade or so I hold grave doubts
regarding what balance there will be. Especially with the lack of
constitutionally or legislatively protected rights in Australia.

You should be able to understand that, all you have to do is imagine
what would happen to your life if your government directed the powers
available to it under RIPA at you. There’s a reason I cited it along
with the USA PATRIOT Act in the PPAU submission.

Regards,
Ben


Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes
Systems Administrator, Writer, Trainer, ICT Consultant
Encrypted email preferred – primary OpenPGP/GPG key: 0x73590E5D

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x321E4E2373590E5D

OpenPGP/GPG key transition: http://www.adversary.org/keyswitch.txt.asc

More than three weeks after sending that email, which was ample time to at least deny my accusations regarding Mr. Brunatti’s and Mr. Abdalla’s academic credibility, I still didn’t see any kind of response or defense. This prompted me to send another email stating my intention to publish and giving them some additional time to reply. They have elected not to do defend themselves or respond.

My fair warning email (original email here):

From: Ben McGinnes
Subject: Re: Brunel submission to Australia’s National Security Inquiry
Date: Sun, 23 Sep 2012 06:42:13 +1000
To: Andrew Brunatti
CC: Philip Davies, Kristian Gustafson (Staff)

Hello,
It’s been a while since I sent this and, to my surprise, you
have thus far chosen not to respond to my criticism or questions.
Indeed, you have mounted no defence regarding my accusations
falsifying data to support your proposal, deliberate obfuscation of
data and generally poor academic practices.

Given what you have proposed for adoption in my country, I believe it
is appropriate to publicise your failure to address these valid
criticisms.

This email is fair warning that I intend to publish this
correspondence no earlier than Wednesday the 26th of September (AEST).
With the time difference that gives you two business days to discuss
this with any relevant Brunel staff (not to mention the three and a
half weeks prior to this email.

Any response addressing my concerns or queries received before that
time will be published. If a response is provided which leads to a
reasonable discussion I may postpone publication.

By the way, all of my email has been digitally signed with my GPG key,
which makes it possible to externally verify the messages I sent to
confirm that they were not modified or doctored prior to publication.
I also run my own mail server and can extract the logs showing
successful delivery to your server, as well as the connection from
your server with your one brief response. So simply letting this
slide and later claiming the email is fake won’t work. You can
double-check with your maths or computer science colleagues how
difficult it is to successfully forge a 3072-bit RSA signature.

Regards,
Ben

[included forward of my email from 27/8/2012]

Originally published at Organised Adversary. Please leave any comments there.

Tags: , , , , , , , , , , , , ,