[security-news] Bulletin #5, August 21, 2002

[security-news-admin at resist.ca]

***************************************************************
Security-news <security-news at resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************

August 21, 2002

You know, it's been a bad couple of weeks for crypto - first the SSL
problem, followed by the PGP flaw uncovered by the counterpane
folks (link to that below).... fantastic reminders really that good sense
rather than good technology is indeed the foundation of all activist
security. We're a bit late with the bulletin this week - and apologies for
that - hope you find these collected articles relevant to your struggles
and campaigns.


**********************************
Security-news: Issue #5 - Contents
**********************************
* Security tip of the week: Peer to Peer Networks
* News & Analysis: War on Terror Being Used as a Fig Leaf
* News & Analysis: Camps for Citizens: Ashcroft's Hellish Vision
* News & Analysis: PGP Flaw Leaves E-mails Vulnerable
* How-to: Recognize and Counter Police Harassment in your Community

*****
Security Tip of the Week: Peer to Peer networks offer no identity security
*****
Peer to Peer (P2P) networking and filesharing systems such as KaZaa,
Morpheus and Gnutella offer *no* security at all. Any other user on the
internet connected to the P2P network that you are on has the ability to
see your ip address and all sorts of other information about your
computer. Activists should be wary of using any of the current P2P
networksfor group filesharing, and also recognize that even though you
may choose an alias while using those systems, you actually have very
little identity protection. 

*****
News & Analysis: War on Terror being used as a fig leaf
August 20, 2002 - Toronto Star
*****

Thomas Walkom - THE SO-CALLED war on terrorism continues to spill into
other areas. In the wake of Sept. 11, critics warned that police and
government would use tough new powers to settle old scores.

The critics appear to be correct.

The latest case comes from Courtenay, B.C.

On July 30, members of the RCMP's spanking new Integrated National
Security Enforcement Team broke down the door of a man named David
Barbarash. When he returned home, he found his house ransacked, his cat
gone and his computers and files missing. A copy of the search warrant had
been left on his kitchen table.

Barbarash has long been a thorn in the side of authority.

An animal rights activist, he was convicted in 1988 for vandalizing
Kentucky Fried Chicken outlets in Toronto. Later, as a member of the
Animal Liberation Front, he did jail time after freeing cats from a
University of Edmonton research lab.

In 1997, he and another animal activist were charged with sending letters
containing razor blades to an odd assortment of neo-Nazis and hunting
industry executives.

Testimony at the subsequent Vancouver trial revealed that neither the
RCMP's National Security Investigations Service nor the Canadian Security
Intelligence Service had covered themselves in glory during the razor
blade investigation.

To read the rest of this story - go to http://www.torontostar.com and
search for the title (the url is too long to post here)

Security-news note: Like it's been said - If it can happen in Canada it
can happen anywhere.... Stories of RCMP and CSIS investigations of
activists, that have transgressed civil rights and overstepped all legal
bounds, are numerous. It appears from this case that the RCMP's new
anti-terrorist team "INSET" is little more than a puppet for US control in
their war against civil liberties and freedoms worldwide.

*****
News & Analysis: Camps for Citizens: Ashcroft's Hellish Vision
LATimes Headlines  
*****
       
By JONATHAN TURLEY, Jonathan Turley is a professor of constitutional law
at George Washington University.


Atty. Gen. John Ashcroft's announced desire for camps for U.S. citizens he
deems to be "enemy combatants" has moved him from merely being a political
embarrassment to being a constitutional menace.

Ashcroft's plan, disclosed last week but little publicized, would allow
him to order the indefinite incarceration of U.S. citizens and summarily
strip them of their constitutional rights and access to the courts by
declaring them enemy combatants.

The proposed camp plan should trigger immediate congressional hearings and
reconsideration of Ashcroft's fitness for this important office. Whereas
Al Qaeda is a threat to the lives of our citizens, Ashcroft has become a
clear and present threat to our liberties

To read the rest of this article go to:
http://www.infoshop.org/inews/stories.php?story=02/08/14/2716921

Security-news note: not to be alarmist - but we think this is about the
scariest thing we've heard in a long time. now, it could turn out that
Ashcroft is just the next Ollie North, and will end his political career
in crackpot disgrace - but given the political climate today (as opposed
to that of the 80s), there's no telling how serious this could be. since
9-11 hundreds of people have been illegally detained in the US, and
Ashcroft's plan just seems to be an extension of what is already working.
resistance is imperative.

*****
PGP Flaw Leaves E-mails Vulnerable
By Ryan Naraine - esecurityplanet.com
*****

Security researchers have unearthed a flaw within the popular PGP
encryption tool that could allow snoopers to decode sensitive e-mails. 

PGP , or Pretty Good Privacy, is the defacto standard for encryption on
the Internet and is widely thought of as invincible but researchers at
Counterpane Internet Security Inc and Columbia University say they have
found a way to modify a PGP-encrypted e-mail without having to
descrambling it. 

In an advisory, Counterpane said an attacker could repackage the message
and pass the modified message on to the intended recipient of the original
message. 

It said the text within the message would appear as gibberish and could
lead to a request for a resent. If the original text is included in the
resend request, the adversary may be able to determine the original
message. 

Read the rest of this article at
http://www.esecurityplanet.com/trends/article/0,,10751_1444351,00.html
and check out the advisory on this at
http://www.counterpane.com/pgp-attack.pdf

Security-news note: It is easy enough not to fall victim to this sort of
attack. You must remember two things: 
1) do not turn off data compression in your PGP or GPG client - they are
defaulted on and should be left that way, as these attacks are
unsuccessful against compressed data, and 
2) If you receive a message from someone that appears encrypted, but you
can't open it - when you email the person back to ask them for more info -
do *not* include the original apparently encrypted message, as you may be 
unwittingly assisting someone in a person-in-the-middle attack.

*****
How-to: Recognize and Counter Police Harassment in the Community
by kendra at resist.ca
*****

INTIMIDATION AND HARASSMENT 

Police harassment and intimidation of activist communities is on the
increase and has been marked with a demonstrated rise in the level of
aggression that law enforcement agencies have been enacting on
protesters. Recent examples of harassment and intimidation include: 

* raids on activist houses and shared spaces with little pretense (bogus
  drug warrants and fire inspections being the two favorite reasons to
  search/shut down a space) 
* neighbours being notified that "terrorists" live in the neighbourhood 
  police showing up unannounced at the homes of activists and threatening
  them with physical or legal repercussions 
* (if the activist is under the age of majority) police showing up to warn
  parents that their child is involved with dangerous groups 
* police spreading lies, rumours and mistrust in the community (telling
  activists lies about other activists - in some cases very extreme lies) 
* mass arrests of organizers prior to actions 

There is a much longer list than this - and all of these situations must
be dealt with very differently, but below are a few general tips on how to
deal with police harassment and situations of intimidation. 

General Police Hassles 

***In your home: If the police, csis or the fbi come to your door - unless
they have a warrant to search your home, or a warrant for your arrest,
they have no reason to be there (in normal circumstances). You are not
even legally obligated to give a police officer your name. Do not act
suspiciously or aggressively (these things may give an officer a legal
right to enter your home under grounds of "suspicion"), but do act firmly
and let them know that you are not interested in talking to them (see the
rest of the section on Interrogation for more info). 

If for some reason, you do talk to them for a moment - DO NOT let them in
your house. Once you have invited them in it is next to impossible to get
them to leave - and they are looking for anything that may give them
insight into you or your housemates (to use against you later). 

***In your vehicle: If the police pull you over in your vehicle you do
have to give them your name, address, licence and registration. Again,
being polite and efficient is the key here to keep yourself from being
searched. You do not have to tell the police where you are coming from or
where you are going to, or any other information that does not pertain to
your vehicle and its safety on the road. DO answer any and all questions
about your vehicle that the officer might ask. 

***On the street: If you are under arrest - a police officer must tell you
so. Otherwise, you do not have to give the officer your name or address
and you have the right to walk away at any time. The only exception to
this is if you have committed a non-arrestable offence and they want to
serve a summons on you or give you a ticket. They must tell you this is
the case. 

***In a public activist space: Spaces such as warehouses or offices are in
a different category than private residences and thus are open to
inspections by the city or the fire department. In many cases the police
request that the fire dept. do a safety inspection or that the city go in
to ensure that the building is safe etc. There is very little that you can
do in this case other than deal with the inspector(s) politely and show
them what they want to look at. A group should designate one or two people
to speak with the inspector and limit it to that. The people speaking for
the group should be very familiar with the space itself and any
renovations or work that have been done there since taking
occupancy. Necessary permits should be stored in one easy-to-reach
location in case they are required. Keep drugs and weapons out of activist
spaces as a general rule as they are prone to search. 

Generally, to stop and search you, or your vehicle, a police officer must
give their grounds for having reasonable suspicion that drugs, offensive
weapons or stolen goods are on your person, or in your vehicle, or that a
Breach of the Peace is going to occur. You cannot be searched on private
land unless you are a trespasser. In public places they can only search
outer clothing, more thorough searches must be made out of sight, in a
police van or station. Reasonable minimum force may be used to effect a
search. In practise it can be hard to stop the police searching you when
there are few witnesses about but stay calm and confident and they may
back down. 

Community Response 

Overall community harassment, which includes the spreading of lies by
police officers and covert agents, the sowing of mistrust among
neighbours, threats and intimidation etc. can be fought by strengthening
our political communities considerably. Activists must learn that law
enforcement and the media are generally not telling the truth and that
unless they know information first-hand, it is not to be believed coming
out of a police officer's mouth. Practising good security culture is an
essential part of this. 

Activists must resist the temptation to spread rumours or to speculate on
the actions or crimes of other activists no matter what the situation as
it only feeds mistrust in the community allowing police agents to exploit
these weaknesses and divide us from each other. 

Inside our physical communities, it is important to interact with
neighbours when it makes sense to do so. Your next door neighbour is a lot
less likely to believe the police who say you're a terrorist if they are
coming to your monthly vegan potlucks (for example)! Activists must work
to be fully integrated in their communities so that if something does
happen, they are not isolated from where they live. Living in areas that
have good community support networks is essential to not only building
activism but protecting it from outside intervention. 

Most of all, it is important for the political community to discuss
harassment when it is happening. Make sure that incidents of police
harassment are discussed in the wider community and that there are
strategies in place for verifying information and strengthening trusted
networks. 

COPWATCH

COPWATCH organizations can be an excellent vehicle for having community
discussions and organizing neighbourhoods to stand up to police harassment
- esp. in areas where police bullying affects large numbers of
people. Following and documenting (with cameras and other
witnesses) officers conducting their "rounds" (such as community sweeps,
and routine harassment of street people) can be an extremely effective
strategy as it lets to police know that you are watching them as much as
they are watching you. In more than one case, COPWATCH campaigns and
spontaneous incidents have lead to police backing off of a targetted
neighbourhood (at least for a short period of time). Remember, if you
confront officers in these situations (or are acting as a witness to
harassment), make sure that you do not get in their way physically, or
touch them in any way - as this can lead to charges of obstruction and
assault. As well, you shouldn't go out and do COPWATCH activities on your
own, but with a group, to protect your own personal safety. For more
information on COPWATCH organizations, check out http://www.copwatch.com/

Above all, be empowered and intentional in your actions and you will find
it much easier to stand-up against police harassment - Be conscious about
your resons for being an activist and use that consciousness to stay
strong in bad situations.... 

that's it for this week... as always, send how-to suggestions and other
relevant info for inclusion in this bulletin to secure at resist.ca.

***************************************************************
Security-news <security-news at resist.ca>
Good security is no substitute for good sense!
To unsub go to http://resist.ca/mailman/listinfo/security-news
***************************************************************