• Categories

  • Pages

  • Archives

Tips For Witness Statements By Email Or Phone & Statement Checklist

With so many people with busy schedules these days, sometimes, an investigator does not have the opportunity to sit down with a witness and take a statement.  While an in-person statement is best and the ideal as the operative can view the witness’ demeanor, mannerisms and interpret the witness’ body language, that simply may not be possible. Or you can have a witness that has moved very far out-of-town.  For whatever reason, the investigator now finds herself having to take a statement via email or the phone.

There are several steps that we follow specific to these methods of recording testimony: (For this article’s purpose, references to emails and phones numbers are for those to be used in connection to a witness’ statement.)

  1. Verify your witness’ identity.   Via phone or email, you may not be able to tell if you are speaking with John Doe, Sr. or Jr., so ensure you are speaking with your true witness by verifying personal identifiers such as full name, DOB and SSN.
  2. Verify the owner/registrant of the phone number or the email.  Imagine trying to follow up with a witness for clarification on a point in his statement only to get this text in return, “Don’t text this number ever again. I don’t know where that lying cheater is and I never want to hear from him again either.”  Or, worse, you disclose sensitive information in an email only to find out that, for his own purposes,  your witness had given you someone else’s email address.
  3. Verify the person’s residence rather than where they are staying on the date and time of your call/email.   You may be reaching someone at their beach house or ski chalet.  Ask if the address is their permanent residence.
  4. Before taking any statement, talk with your witness at length.  Remember that a witness statement is taken not only for the sake of preserving evidence and recall of events, but also for the purpose of negotiation, therefore, the strength of your witness’ recall is critical in that the other side can then determine the validity of the monetary demand by the plaintiff’s attorney.  Witnesses should therefore, prior to any official statement recording, be walked through an initial recitation of events involved in the client’s matter to a) jog and strengthen their memories and  b) allow the witness to experience the logical chain of thought involved so that the memories are returned in efficient, logical order – especially important if live court testimony will be involved, enabling the witness to become adjusted to the pace of Q&A.  Also, always write for the court.  Presume a judge will see your witness statement at some point. The witness’ recall must therefore be recorded clearly.
  5. *Use a witness statement checklist for the actual statement. An investigator can go off script if there is reason to but for the most part, a comprehensive statement checklist ensures that no relevant information is lost or goes unrecorded.
  6. Request the contact formation of at least two emergency or backup contacts.  Two alternate contacts should be on record for any witness statement undertaking, in-person, via phone or by email.   You do not know the witness’ plans to relocate and neither may she at the time of statement intake.

*Below is an actual Witness Statement Checklist currently in use by BNI operatives for MVA (Motor Vehicle Accident) incidents.

Keep in mind that a strong witness statement may position a case for a fair settlement sooner rather than later.

BNI Operatives; Situationally aware.

As always, be safe.

With An Ear For New Technology: New API Can Copy The Voice Of Anyone

IN BRIEF: Montreal-based technology startup Lyrebird has launched a new app interface that allows people to synthesize speech using just a 60-second recording of anyone’s voice audio. While the technology is ground-breaking, its potential use to commit fraud is a huge red flag.

From Futurism: (For those you blessed/cursed with avid curiosity:  A lyre bird is most notable for its superb ability to mimic natural and artificial sounds from its environment.)

We regularly hear about new technologies for editing images in a unique way or better algorithms for visual recognition software. Clearly, a lot of work is being done to improve image generation techniques, but very rarely, however, does news about new voice-editing tech emerge. Adobe’s Project VoCo software is one of just a few exciting examples, but now, Montreal-based startup Lyrebird believes it’s done something even more impressive.


Like VoCo, Lyrebird’s latest application program interface (API) synthesizes speech using anyone’s voice. Unlike VoCo, which requires 20 minutes of audio to generate its replication, Lyrebird’s tech only needs a minute-long sample of the voice it’ll synthesize.

And, as if that’s not impressive enough, Lyrebird’s new service doesn’t require a speaker to say any of the actual words it needs. It can learn from noisy recordings and put different intonations into the generated audio to indicate varied emotions, also.

A CONCERNED VOICE:  Lyrebird’s new tech is revolutionary, indeed. It doesn’t just edit audio recordings — it makes it easy for someone to generate a new recording that truly sounds like it was spoken by a particular person and not created by a computer.

This raises some rather interesting questions, and not only does Lyrebird acknowledge these, the company actually wants everyone else to as well:

Voice recordings are currently considered as strong pieces of evidence in our societies and in particular in jurisdictions of many countries. Our technology questions the validity of such evidence as it allows to easily manipulate audio recordings. This could potentially have dangerous consequences such as misleading diplomats, fraud, and more generally any other problem caused by stealing the identity of someone else […] We hope that everyone will soon be aware that such technology exists and that copying the voice of someone else is possible. More generally, we want to raise attention about the lack of evidence that audio recordings may represent in the near future.

In short, Lyrebird want people to know they can easily be duped by audio, and hopes this knowledge will actually prevent fraud: “By releasing our technology publicly and making it available to anyone, we want to ensure that there will be no such risks.”

Being aware of the potential to be bamboozled by audio is one thing, but protecting oneself from potential fraud is another. Still, the value of Lyrebird’s technology can’t be denied. Whether its usefulness for things like creating more realistic-sounding virtual assistants outweighs its potential for nefarious endeavors remains to be seen.

***************************

Lyrebird’s developer API is still under development.  BNI has become a beta-tester and we will be informed of its launch which we will, of course, pass along.  Our readers will be among the first to know how this new technology works in the real world.  Stay tuned.

BNI Operatives: Situationally aware.

As always, stay safe.

 

Your Daughter Arrested By Your Own DNA? Ancestry Sites & Law Enforcement

Back in 2009, I’d written an article on Disney theme parks sharing facial recognition technologically enhanced photos of park-goers with the Department of Homeland Security in an effort to boost the DHS’ base population photo database.  Shortly thereafter, the theme parks were joined by cruise lines, vacation spots and just about all hotel, domestic and international, check-ins.  Now firmly in possession of billions of citizen and visitor photos, law enforcement has moved on to absorb as much DNA from the public as it can, often to identify relatives of those on file in connection with crimes.

This 2015 Fusion article describes the acquisition of genetic IDs from family ancestry sites like Ancestry.com and 23andMe:

When companies like Ancestry.com and 23andMe first invited people to send in their DNA for genealogy tracing and medical diagnostic tests, privacy advocates warned about the creation of giant genetic databases that might one day be used against participants by law enforcement. DNA, after all, can be a key to solving crimes. It “has serious information about you and your family,” genetic privacy advocate Jeremy Gruber told me back in 2010 when such services were just getting popular.

Now, five years later, when 23andMe and Ancestry both have over a million  customers, those warnings are looking prescient. “Your relative’s DNA could turn you into a suspect,” warns Wired, writing about a case from earlier this year, in which New Orleans filmmaker Michael Usry became a suspect in an unsolved murder case after cops did a familial genetic search using semen collected in 1996. The cops searched an Ancestry.com database and got a familial match to a saliva sample Usry’s father had given years earlier. Usry was ultimately determined to be innocent and the Electronic Frontier Foundation called it a “wild goose chase” that demonstrated “the very real threats to privacy and civil liberties posed by law enforcement access to private genetic databases.”

The FBI maintains a national genetic database with samples from convicts and arrestees, but this was the most public example of cops turning to private genetic databases to find a suspect. But it’s not the only time it’s happened, and it means that people who submitted genetic samples for reasons of health, curiosity, or to advance science could now end up in a genetic line-up of criminal suspects.

Both Ancestry.com and 23andMe stipulate in their privacy policies that they will turn information over to law enforcement if served with a court order. 23andMe says it’s received a couple of requests from both state law enforcement and the FBI, but that it has “successfully resisted them.”

23andMe’s first privacy officer Kate Black, who joined the company in February, says 23andMe plans to launch a transparency report, like those published by Google, Facebook and Twitter, within the next month or so. The report, she says, will reveal how many government requests for information the company has received, and presumably, how many it complies with. (Update: The company released the report a week later.)

“In the event we are required by law to make a disclosure, we will notify the affected customer through the contact information provided to us, unless doing so would violate the law or a court order,” said Black by email.

Ancestry.com would not say specifically how many requests it’s gotten from law enforcement. It wanted to clarify that in the Usry case, the particular database searched was a publicly available one that Ancestry has since taken offline with a message about the site being “used for purposes other than that which it was intended.” Police came to Ancestry.com with a warrant to get the name that matched the DNA.

“On occasion when required by law to do so, and in this instance we were, we have cooperated with law enforcement and the courts to provide only the specific information requested but we don’t comment on the specifics of cases,” said a spokesperson.

As NYU law professor Erin Murphy told the New Orleans Advocate regarding the Usry case, gathering DNA information is “a series of totally reasonable steps by law enforcement.” If you’re a cop trying to solve a crime, and you have DNA at your disposal, you’re going to want to use it to further your investigation. But the fact that your signing up for 23andMe or Ancestry.com means that you and all of your current and future family members could become genetic criminal suspects is not something most users probably have in mind when trying to find out where their ancestors came from.

“It has this really Orwellian state feeling to it,” Murphy said to the Advocate.

If the idea of investigators poking through your DNA freaks you out, both Ancestry.com and 23andMe have options to delete your information with the sites. 23andMe says it will delete information within 30 days upon request.

Another example of familial DNA invasion:

From pri,org:

DNA is taken from the crime scene and compared against a federally regulated FBI-run database used to process DNA evidence, called CODIS. The process can take as long as 18 months before a match is identified. In the meantime, the perpetrator has committed a string of other crimes.

But some local police departments claim they can get faster results — as little as 30 days — by using private labs and local DNA databases.

Frederick Harran, director of public safety at the Bensalem Police Department in Pennsylvania said, “18 months is not prevention, that’s not what they pay me for.”

“I would agree the federal database is a good thing, but we’re just moving too slow,” he claims.

So more and more law enforcement agencies are turning to local databases. But with loose regulations, that can present troubling scenarios. Take this real example from Melbourne, Florida, for example.

A few teenagers were sitting in a parked car, when a police officer pulled up and requested someone provide a DNA sample. The officer gave one boy a cotton swab and a consent form. Once the officer made the collection, he went back on patrol as usual.

Increasingly, local police departments are collecting consensual DNA samples, processed using private labs. It’s happening in cities across Florida, Pennsylvania, Connecticut and North Carolina.

The potential issues for these databases vary state by state. In Florida, minors are allowed to consent to having their DNA collected, which isn’t true in other states, like Pennsylvania. But simply maintaining the databases allows each jurisdiction to test every sample already collected, meaning that the DNA from a minor crime scene from years before could be immediately matched with the new sample.

Stephen Mercer, chief attorney for the Forensics Division of the Maryland Office of the Public Defender, finds the practice deeply troubling.

“The collection procedureshighlights the very real threat to liberty interests that local DNA databanks pose,” Mercer said. “The usual suspects are targeted, so we see this amplification of bias in the criminal justice system along the lines of race being amplified through the criminal justice system.”

Granted, many may think, “Well, if you have nothing to hide…”.  That’s not the point. The innocent, unindicted individual should retain a basic form of control over whether she becomes involved in situations wherein she identifies relatives in potential criminal acts. There is something perverse in having one’s DNA finger one’s own flesh and blood for the government’s purposes.  Identification by familial DNA isn’t a slippery slope… it’s a well-greased slalom of privacy infringement.

We will be looking into the matter of DNA familial finger-pointing in-depth and report back as developments warrant .

BNI Operatives: Situationally aware.

As always, stay safe.

Protect Your Privacy: Block Your Phone Number or Display A Fake Phone Number

At some point or other, we’ve all had the desire or need to make a phone call yet did not wish to reveal our phone number.  Below are three methods of phone number blocking that work and can be enacted immediately.

1. Use a caller ID blocking prefix. In many countries, you can enter a code before you dial a number and your phone number will be blocked from appearing on the recipient’s caller ID. The code varies depending on your country and your service provider, and it is not possible to block in all countries. Enter the prefix, followed immediately by the number you are dialing. For example, if you are in the US and want to call (555)123-4567, you would enter *675551234567.

  • North America – *67 or #31#
  • Albania, Australia, Denmark, Greece, Israel, Italy, Netherlands, Sweden, Norway: #31#
  • Argentina, Iceland, Switzerland, South Africa: *31*
  • Germany: *31# or #31#
  • Hong Kong: 133
  • Japan: 184
  • UK and Ireland: 141
  • New Zealand: 0197 (Telecom) or *67 (Vodafone)
  • Australia: 1831 or #31#
  • India: *31# – Must be enabled by network.
  • If your country is not listed, chances are you can use either *67 or #31#. Most GSM mobile networks work with #31#.

2. Contact your carrier. If you want all of your phone calls to always be blocked, you can contact your carrier and set up permanent Caller ID blocking. There is typically a charge for this, and the fees and terms will vary from carrier to carrier.

  • Most pre-paid plans cannot enable permanent Caller ID blocking.
  • Some people have Anonymous Call Rejection enabled, which means your call will not be able to be completed unless you call from an unblocked number.

3. Hide your number through your device’s settings. Many phones allow you to block your Caller ID information by changing the phone’s settings. If your phone does not have the option to do this, then it is not allowed by your carrier, and you will have to try one of the previous steps.

  • iPhone – Open the Settings app, tap Phone, tap Show My Caller ID, and then toggle the slider to ON.
  • Android 4.0 and earlier – Open the Settings app, tap Call, tap “Additional settings”, tap Caller ID, and then tap “Hide number”.
  • Android 4.1 and later – Open the Phone app, tap the Menu button, tap “Call settings”, tap Caller ID, tap “Hide number”.
  • Windows Phone 8 – Open the Phone app, tap the More button (…), tap “settings”, tap the box under “Show my caller ID to”, tap “no one” or “my contacts”.
  • BlackBerry – Press the Menu key, click Options, click General Options, find the Restrict My Identity field, set it to Always.

Fake Phone Number: If however you wish to display a fake phone number, try one of the many apps available that do just that – pop up a fake phone number on your target’s phone.  A new app on the market also allows you to change your voice to sound like a man or a woman: FakeCallerID.  Let’s bear in mind that ultimately, all fake phone numbers are logged somewhere and if necessary, law enforcement can certainly obtain these records.

BNI Operatives: Situationally aware.

As always, stay safe.

Lifesaver: Use A Penny Or A Quarter To Determine Adequate Tire Tread

(In our new block, we pass on useful tips each Friday.  since travel season has begun with Spring, first things first, let’s make sure your vehicle should even be spinning along the road.  From PepBoys: tread life and how to check your tires with the change in your pocket. )

The Truth About Tread Life

Tires are designed with treads that provide your vehicle with traction. This traction keeps your car driving along the road – even in inclement weather. Without tread, the elements would literally lift your tires off the road. When you drive through snow or a puddle, the grooves in between the tread blocks of the tires become channels that divert the water or snow away from the tires, allowing the tires to maintain traction in these slick conditions.

When the tread gets worn down, the water, snow, and other slippery substances don’t have anywhere to go except directly under your tires severely decreasing your vehicle’s traction. If your tires are nearly bald, traction will be eliminated completely. Decreased traction will negatively affect your control over the car, making the vehicle unsafe for you and your passengers. Tread depth will determine whether or not you require new tires. You can easily tell if your tires’ tread is too worn by using a penny or a quarter.

Penny Test

Tire Penny Test

The penny test is the gold standard for measuring tire tread-depth because it is easy and it works. Just take a penny and, with Lincoln’s head upside down, put it between the tread blocks of the tire. If you are not able to see the top of Lincoln’s head – if his head is “buried” between the tread blocks – then you still have more than 2/32 of an inch of tread remaining. If you can see the top of Lincoln’s head, it’s time to go tire shopping because the tread is worn down to or beyond 2/32 of an inch.

Flip the penny over so that the Lincoln Memorial (pennies from 2010 and earlier will have the memorial on the back) is facing you and put the penny between the tread blocks with the memorial upside down. If the Lincoln Memorial is completely hidden, you have more than 3/32 of an inch of tread left.

Did You Know – Most state laws require tires to have a tread depth of at least 2/32″ to remain in service?

The Quarter Test

Tire Quarter Test

Some automotive experts believe that using a quarter to test tire depth provides a better read than using a penny. Some independent tests have concluded that cars were able to stop faster with tires that had a little more than 4/32 of an inch of tread depth, which is the measurement the quarter test indicates. To perform the quarter test, put a quarter between the tread blocks of a tire (just like the penny test) with Washington’s head upside down, If you cannot see the top of Washington’s head, you have 4/32 of an inch of tread or more.

Did You Know – In snowy and slushy conditions, 4/32 of an inch of tread or more is necessary for good traction

For your Consideration

Pep Boys Point B

Whether you go with Lincoln or Washington, both coin tests are also good ways to check to see if your tires are wearing evenly. Simply do the test between other tread blocks and if the measurements aren’t the same on all the tire treads, the tires may need to be rotated or your vehicle may require an alignment. Different types of treadwearwill indicate how your tires are wearing. If you don’t have any coins handy, check to see if the tires’ wear bars are showing. Wear bars run across your tires tread pattern from the outside edge to the inside edge. If the wear bar is visible you are in need of new tires as you have hit 2/32” of an inch of tread depth. Most states consider a tire’s service life over if any point of the tread is at 2/32” or less. If you are still unsure, your local Pep Boys can evaluate the depth of your tires.

NYC Bosses Can’t Ask Prospective New Hires This Sensitive Question

(Washington Post, with permission from Jena McGregor)

In a vote Wednesday, April 5, 2017, NYC approved legislation that will ban employers from asking job applicants about what they make in their current or past job and could have far-reaching consequences beyond the city as employers try to standardize their practices. It’s an idea that’s starting to spread: In passing the measure, New York City joins Massachusetts, Puerto Rico and the city of Philadelphia — where the local Chamber of Commerce filed a lawsuit against that measure Thursday — in banning the question from job interviews. More than 20 other city and state legislatures have introduced similar provisions.

The measure, aimed at tackling pay inequity, prohibits employers from asking the candidate’s current or former employers about salary, as well as querying public records for it, although applicants can volunteer the information if they choose. The city’s Public Advocate, Letitia James, said it would affect about 3.8 million workers when it takes effect in six months and extends the prohibition to private employers. New York City Mayor Bill de Blasio (D) and Gov. Andrew M. Cuomo (D) had earlier passed orders that would ban salary history details from public-sector jobs.

The thinking behind the new law is that when employers ask about an applicant’s salary history, they can end up perpetuating any discrimination that women or people of color may have faced in the past. When employers ask about current or previous salary, they can hear a number that “anchors” them, and then offer to pay some percentage more on a figure that could already be too low. “Being underpaid once should not condemn one to a lifetime of inequity,” James said in a statement.

Although the measure is for New York-based employees, employees well beyond New York could feel the effects, say equal pay advocates and employment lawyers. Fatima Goss Graves, president-elect of the National Women’s Law Center, said in an email that the measure “stands to transform the way that companies operate around the country,” she said. “So many companies operate in multiple jurisdictions. If a company changes its practices in New York, it is likely to also make changes around the country.”

Melissa Osipoff, a labor and employment attorney with Fisher & Phillips, agreed that companies like to homogenize things as standard as a job application. With so many companies doing business in New York, “I think what we’ll see is companies that do business in New York City just eliminate that from their applications entirely,” she said. “This will have wide-ranging influence.”

Meanwhile, nearly 20 states, the District of Columbia and two cities (San Francisco and Pittsburgh) have introduced legislation that includes a provision against salary history information, according to data from the NWLC. At the federal level, the newly reintroduced Paycheck Fairness Act also calls to ban the question, and Rep. Eleanor Holmes Norton (D-D.C.) plans to reintroduce a bill from 2016 that did, too.

Some business groups have opposed the measure. Kathryn Wylde, president and chief executive of the Partnership for New York City, said in a statement that “closing the gender pay gap is important” and most major employers are already taking steps to correct the problem. “Inserting the city government into the relationship between employer and potential employee is potentially disadvantageous to both,” she said. “Politicians are eager to demonstrate their contribution to popular causes, which is about all this legislation accomplishes.”

It’s also possible the measure in New York could face legal challenges. On Thursday, the Greater Philadelphia Chamber of Commerce filed litigation against the law in that city. “The ordinance is a broad impediment to businesses seeking to grow their workforce in the city of Philadelphia,” the chamber said in a statement, citing a violation of employers’ First Amendment rights.

But other companies have begun privately ending the practice of asking the question on their own. James’s office said that several New York-based companies, including Kickstarter, Peeled Snacks and BBMG were among those who had already prohibited the question.

Others are weighing the concept. Cindy Robbins, who leads human resources for the cloud computing giant Salesforce, said in an interview this week that it’s a shift her staff has discussed training their recruiters to make. “For example, instead of asking what current compensation is, ask what is the expectation they have around compensation,” she said. “That changes the tone around negotiation.”

================================================================================

As a boss, I’d definitely like to know a potential employment candidate’s previous salaries as it provides me with insight into employee performance.  Forcing employers to operate in the dark can only be bad for business as many small to medium sized businesses can not afford a high employee turnover rate and the less we know about a new hire, the more difficult it is to employ that person to his/her maximum capability.

BNI Operatives: Situationally aware.

As always, stay safe.

Privacy Interrupted: Time to Go VPN.

What Is A Virtual Private Network (VPN)

(from HowToGeek.com)

Overview: A VPN, or Virtual Private Network, allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more.

VPNs essentially forward all your network traffic to the network, which is where the benefits – like accessing local network resources remotely and bypassing Internet censorship – all come from. Most operating systems have integrated VPN support.

Definition:  When you connect your computer (or another device, such as a smartphone or tablet) to a VPN, the computer acts as if it’s on the same local network as the VPN. All your network traffic is sent over a secure connection to the VPN. Because your computer behaves as if it’s on the network, this allows you to securely access local network resources even when you’re on the other side of the world. You’ll also be able to use the Internet as if you were present at the VPN’s location, which has some benefits if you’re using pubic Wi-Fi or want to access geo-blocked websites.

When you browse the web while connected to a VPN, your computer contacts the website through the encrypted VPN connection. The VPN forwards the request for you and forwards the response from the website back through the secure connection. If you’re using a USA-based VPN to access Netflix, Netflix will see your connection as coming from within the USA.

Reasons To Use A VPN:

1. Access Full Netflix and Streaming Content from Outside the USA

Because of copyright agreements, Netflix and Hulu and Pandora and other streaming media providerscannot broadcast all content outside of the USA. This means: many movies and shows are blocked to users in the UK, Canada, South America, Australia, Asia, and Europe. This geographical enforcement is managed by reading your user login IP address and tracing it to its country of origin. By using a VPN service, you can manipulate your machine’s IP address to be from within the USA, therein unlocking access to more Netflix and Pandora streams. You will need to configure your television movie player or mobile device to use the VPN connection, but if you are a streaming fan, then the effort and cost of a VPN are worth it.

2. Download and Upload P2P Files in Privacy

MPAA and other cinema and music associations absolutely detest P2P file sharing. For reasons of both profit and legality, the MPAA and other authorities want to forbid users from sharing movies and music online. A VPN can be a P2P user’s best friend. While a VPN connection will slow your bandwidth by 25% – 50%, it will cipher your file downloads, uploads, and actual IP address so that you are unidentifiable by authorities. If you are a file sharer and do not wish to risk copyright prosecution or civil lawsuits, definitely consider spending 15 dollars a month on a good VPN. The privacy and protection from surveillance are definitely worth it.

3. Use Public or Hotel Wi-Fi in Confidence

Most people are unaware of this, but that Starbucks hotspot and that 10-dollar-a-day hotel wi-fi are not safe for confidential email and browsing. Public wi-fi offers no encryption security to its users, and your signals are broadcast for anyone savvy enough to eavesdrop. It’s very easy for even a junior hacker to intercept your unencrypted wi-fi signal using an Evil Twin phony hotspot or a Firefox Tamper Data plugin. Public wi-fi is terribly insecure and is perhaps the biggest reason why mobile users should consider spending the 5 to 15 dollars per month for the safety of a VPN connection.

If you log into a public wi-fi network and then connect to a personal VPN, all of your hotspot web use will then be encrypted and hidden from prying eyes. If you are a traveler or a user who is regularly using public wireless, then a VPN is a very wise investment in privacy.

4. Break Out of a Restrictive Network at Work/School

As an employee of a company, or a student at a school/university, you will be subject to an ‘Acceptable Use’ policy for browsing the Web. ‘Acceptable Use’ is often debatable, and many organizations will impose draconian restrictions, like blocking you from checking your Facebook page, visiting YouTube, reading Twitter, surfing Flickr, performing instant messaging, or even accessing your Gmail or Yahoo mail.
A VPN connection will allow you to ‘tunnel out‘ of a restrictive network and connect to otherwise-restricted websites and webmail services. More importantly: your VPN browsing content is scrambled and indecipherable to the network administrator, so he cannot collect any recorded evidence about your specific web activities. About.com does not recommend violating Acceptable Use policies as a rule, but if you feel you have justifiable reasons for bypassing your specific network restrictions, then a VPN connection will help you.

5.  Bypass the Country’s Web Censorship and Content Surveillance

In the same way ‘Acceptable Use’ policies are enforced at workplaces and schools, some nations choose to impose oppressive internet censoring on their entire countries. Egypt, Afghanistan, China, Cuba, Saudi Arabia, Syria, and Belarus are some examples of nations who surveil and limit access to the World Wide Web.

If you live in one of these restrictive countries, connecting to a VPN server will enable you to ‘tunnel out‘ of the censorship restrictions and access the full World Wide Web. Simultaneously a VPN conceals your page-by-page activity from any government eavesdropping. As with all VPN connections, your bandwidth will be slower than the uncloaked internet, but the freedom is absolutely worth it.

6. Cloak Your VOIP Phone Calls

Voice-over-IP (internet telephoning) is relatively easy to eavesdrop on. Even intermediate-level hackers can listen in to your VOIP calls. If you regularly use VOIP services like Skype, Lync, or online voice chatting, definitely consider implementing a VPN connection. The monthly cost will be higher, and the VOIP speed will be slower with a VPN, but personal privacy is invaluable.

7. Use Search Engines Without Having Your Searches Logged

Like it or not, Google, Bing, and other search engines will catalog every web search you perform. Your online search choices are then attached to your computer’s IP address and are subsequently used to customize the advertising and future searches for your machine. This cataloging might seem unobtrusive and perhaps even useful, but it is also a risk for future public embarrassment and social faux pas.

8. Watch Home-Specific Broadcasts While You Are Traveling

Local network news can be rather dodgy in some countries, and access to your favorite streaming television, sports games, and video feeds can be locked out while you are away from your home country.

By employing a VPN tunnel connection, you can force your borrowed connection to access your home country as if you were physically there, therein enabling your favorite football feeds and TV and newscasts.

9. Avoid Reprisals and Traceback Because of Your Researching

Perhaps you are a celebrity, or you are an employee doing market research of your competition. Perhaps you are a reporter or writer who covers sensitive topics like war atrocities, violence against women, or human trafficking. Perhaps you are a law enforcement officer investigating cybercriminals. In any of these cases, it is in your best interests to make your computer untraceable to prevent reprisals.

A personal VPN connection is the best choice for manipulating your IP address and rendering you untraceable.

10. Because You Believe Privacy Is a Basic Right

All the above reasons notwithstanding, you are a firm believer in personal privacy and the right to broadcast and receive without being surveilled and cataloged by authorities. And that is perhaps the biggest philosophical reason you want to spend a nominal amount a month on a good VPN connection service.

PC Magazine’s Best VPNs For 2017. 

In last week’s Bulletin, we covered the repeal of many online privacy laws that, in essence, allow ISPs to now openly track our every move online and compile and distribute our online private search history.  It’s probably well past time for people and businesses to move to VPN use.

BNI Operatives: Situationally aware.

As always, stay safe.

Your Browsing History – SOLD! To the Highest Bidder; No Longer Private.

Soon,  every search you’ve ever made online will not only be available to your internet service provider (ISP)-  it will be available to any corporation or foreign government who wants to see your interests, peculiar as they may be.

Yesterday (March 28, 2017) via the House’s decision, ISPs can sell your entire web browsing history to literally anyone or any entity without your permission: The CRA resolution.  Literally, it would take an act of Congress to enact legislation now to prevent this massive governmental overreach.   The House basically repealed all prior legislation that would have prevented ISPs from marketing your private browsing history.

Why did the House make this move?  You don’t benefit, the government doesn’t either, so why?  So that a few Too-Big-To-Fail corporations can make a few more rubles and so that politicians – who have received millions in campaign contributions from the ISPs for decades – can continue to sell us out.

How did this happen?

The Congressional Review Act (CRA) was passed in 1996 to allow Congress to overrule regulations created by government agencies.

Prior to 2017, Congress had only successfully used the CRA once. But since the new administration took over in January, it’s been successfully used 3 times — for things like overturning environmental regulations.

“Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.” — John Perry Barlow

All that’s left is for the President to sign the resolution, which he most certainly will do.

So what kind of shady things can ISPs now legally do with our data?

According to the Electronic Frontier Foundation, there are at least five creepy things the FCC regulations would have made illegal. But thanks to the Senate, ISPs can now continue doing these things as much as they want, and it will probably be years before we can do anything to stop them.

  1. Sell your browsing history to basically any corporation or government that wants to buy it
  2. Hijack your searches and share them with third parties
  3. Monitor all your traffic by injecting their own malware-filled ads into the websites you visit
  4. Stuff undetectable, un-deletable tracking cookies into all of your non-encrypted traffic
  5. Pre-install software on phones that will monitor all traffic — even HTTPS traffic — before it gets encrypted. AT&T, Sprint, and T-Mobile have already done this with some Android phones.

We will be updating this article as our research on wrap-around solutions is completed.  In the meantime, contact your Senator and Congressional representative and tell them, “Hell, no – they have no need to know!”

BNI Operatives: Situationally aware.

As always, stay safe.

Update On An Old Scam – eGreeting Cards.

Virtually every scam out there is one that has existed since the beginning of social use of the Internet; it’s simply been re-purposed in an updated digital format. In this Bulletin, we will focus on the greeting card scam – a perversion of the e-greeting card that you receive in your email inbox and seems to be coming from a friend.

If you open this email and click on the card, you will probably wind up with malicious software that will be downloaded and installed on your operating system.

The malware may be just an annoying program that will launch pop-ups with ads, resulting in unexpected windows all over the screen. However, it can also be ransomware or one of the worst financial malware that’s been around, part of the infamous Zeus family.

If your system becomes infected with such dangerous malware, you will become one of the bots which are part of a larger network of affected computers. In this unfortunate event, your computer will start sending private data and financial information to a fraudulent server controlled by IT criminals.

To keep yourself safe from identity theft and data breach, we recommend that you treat unexpected email greetings with caution and ensure that your computer is using a security program against this type of danger.

BNI Operatives: Situationally aware.

As always, stay safe.

 

Is It Possible To Create A Person Online?

Very often. those who professionally investigate human beings have to determine if she is dealing with a real person or an invented identity.

In social discussion, countless times I’ve heard people refer to “the fake me” – a conjured identity that the user employs for his own reasons, which can range from the benign (isolating marketers) to the dangerous (a criminal seeking new prey).  More often than not, the braggart is not an IT person – or a detective – and believes that by cobbling together a few “borrowed” digital photos and planting them as profile pics on social media, he can tweet away under his fake identity with no one the wiser.  Professional investigators look for this rather lazy pattern (same pics across various platforms) as one of the first clues that they are dealing with a manufactured identity rather than an actual person.

Few people really know how to create an alternative identity and one of those rare people is Aaron Brown.  His story, in his own words, is as fascinating as it is correct.

(Reprinted with permission.)

HOW TO INVENT A PERSON ONLINE

by Curtis Wallen, (07/23/2014), The Atlantic

It’s not an exaggeration to say everything you do online is being followed. And the more precisely a company can tailor your online experience, the more money it can make from advertisers. As a result, the Internet you see is different from the Internet anyone else might see. It’s seamlessly assembled each millisecond, designed specifically to influence you. I began to wonder what it would be like to evade this constant digital surveillance—to disappear online.

From that question, Aaron Brown was born.

My project started at a small coffee shop in Bed-Stuy, Brooklyn. With the help of Tor—a software program that uses layers of encryption to anonymize online activity—I searched Craigslist and tracked down a handful of affordable laptop computers for sale in New York City. I registered a new email address with the (now-defunct) Tormail anonymous email provider and arranged to buy a used Chromebook.

xxxxxxxxxxxxxx@xxxxxxx.com (1/27/13 – 11:23):

I’m punctual, I will be there on time at 1. Theres an atrium at citi center, will let you know when I’m there.

clcrb@tormail.org (1/27/13 – 11:25):

Perfect. See you there.

xxxxxxxxxxxxxx@xxxxxxx.com (1/27/13 – 12:59):

Im here in the atrium at 53rd and lex… Gray jacket, blonde hair. Sitting at a table

The meeting was quick. I wore a hat. I kept my head down. The man at the table in a gray jacket was a real person—in a busy public place full of cameras—who could later potentially connect me to the computer. These face-to-face moments left me the most vulnerable. If I was going to evade online surveillance, I had to avoid any ties between my digital footprint and the physical world.

When I got home I immediately reformatted the computer’s hard drive and installed a Linux partition. This meant I could encrypt and cosmetically “hide” the part of my computer that was using Linux. My new laptop would boot up Chrome OS like any other Chromebook, unless I gave it the command to boot up Linux instead. I never connected to anything using  Chrome OS. And on the Linux side, I never accessed the Internet without Tor, and I never logged into anything that had any connection to Curtis Wallen.

Up to that point, I had been largely operating on instinct and common sense. Now that my project was expanding, I figured it’d probably be a good time to reach out to someone who actually knew what she or he was doing.

I created a new Tormail account, the first evidence of my new person—aaronbrown@tormail.org––and sent an encrypted email to the enigmatic researcher Gwern Branwen, asking what advice he’d give to someone “new to this whole anonymity thing.” Branwen replied with a simple but crucial piece of advice:

“Don’t get too attached to any one identity. Once a pseudonym has been linked to others or to your real identity, it’s always linked.”

Taking Branwen’s advice to heart, I put a sticky note next to my keyboard.

When most people think of Internet surveillance, they imagine government bureaucrats monitoring their emails and Google searches. In a March 2014 study, MIT professor Catherine Tucker and privacy advocate Alex Marthews analyzed data from Google Trends across 282 search terms rated for their “privacy-sensitivity.” The terms included “Islam”, “national security”, “Occupy”, “police brutality”, “protest”, and “revolution.” After Edward Snowden’s leaks about NSA surveillance, Tucker and Marthews found, the frequency of these sensitive search terms declined—suggesting that Internet users have become less likely to explore “search terms that they [believe] might get them in trouble with the U.S. government.” The study also found that people have become less likely to search “embarrassing” topics such as “AIDS”, “alcoholics anonymous,” “coming out,” “depression,” “feminism,” “gender reassignment,” “herpes,” and “suicide”—while concerns over these more personal terms could have as much to do with startling Google ads, the notable decrease observed in the study suggests the increased awareness of surveillance led to a degree of self-censorship.

In other words, people are doing their best to blend in with the crowd.

The challenge of achieving true anonymity, though, is that evading surveillance makes your behavior anomalous—and anomalies stick out. As the Japanese proverb says, “A nail that sticks out gets hammered down.” Glenn Greenwald explained recently that simply using encryption can make you a target. For me, this was all the more motivation to disappear.

Aaron had a face, but lacked “pocket litter”—an espionage term that refers to physical items that add authenticity to a spy’s cover. In order to produce this pocket litter, I needed money—the kind of currency that the counterfeit professionals of the darkweb would accept as payment. I needed bitcoin, a virtual currency that allows users to exchange goods and services without involving banks. At that time, one of the few services that exchanged cash for bitcoin was a company called Bitinstant. I made my way to a small computer shop in the Chinatown neighborhood of Manhattan to make the transfer.

At a small, teller-like window, I filled out the paperwork using fake information. Unwisely, I wrote down my name as Aaron Brown— thus creating one of the links to my real identity I should have been avoiding. As a result, my receipt had “Aarow Brown” printed on it. It seemed fitting that the first physical evidence of Aaron’s existence was a misspelled name on a receipt from a computer shop.

When I got home, 10 bitcoin were there waiting for me in my virtual wallet, stored on an encrypted flash drive. I made the necessary contacts and ordered a counterfeit driver’s license, a student ID, a boating license, car insurance, an American Indian tribal citizenship card, a social security card scan (real social security cards were a bit out of my budget), and a cable bill for proof of residency. The final bill came out to just over 7 bitcoin, roughly $400 at the time.

As I waited for my pile of documents, I began crafting Aaron’s online presence. While exploring message boards on the darknet, I came across the contact information for a self-proclaimed hacker called v1ct0r who was accepting applications to host hidden services on a server he managed. I messaged him with a request to host Aaron’s website. He was happy to offer a little space, under two conditions: “no child porn nor racism; Respects the rules or i could block/delete your account.”

I also set up a simple web proxy so that anyone could contribute to Aaron’s online presence. The proxy serves as a middleman for browsing the Internet, meaning any website you visit is first routed through the proxy server. Anyone who browses using the proxy is funneling traffic through that one node—which means those web pages look like they’re being visited by Aaron Brown.

Aaron’s Twitter account worked much the same way. There was a pre-authenticated form on the project website, allowing anyone to post a tweet to Aaron’s feed. As Aaron’s creator, it was fascinating to see what happened once strangers started interacting with it regularly. People would tweet at their friends, and then Aaron would received confused replies. Under the guise of Aaron, people tweeted out, jokes, love messages, political messages, and meta-commentaries on existence. I even saw a few advertisements. Ultimately, the account was suspended after Spanish political activists used it to spam news outlets and politicians.

In a sense, I was doing the opposite of astroturfing, a practice that uses fake social media profiles to spread the illusion of grassroots support or dissent. In 2011, the Daily Kos reported on a leaked document from defense contractor HBGary which explained how one person could pretend to be many different people:

Using the assigned social media accounts we can automate the posting of content that is relevant to the persona. … In fact using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise … There are a variety of social media tricks we can use to add a level of realness to all fictitious personas.

Aaron Brown turned that concept inside out. With a multitude of voices and interests filtering through one point, any endeavor to monitor his behavior or serve him targeted ads became a wash. None of the information was representative of any discrete interests. The surveillance had no value. I’d created a false human being, but instead of a carefully coordinated deception, the result was simply babble.

“The Internet is what we make it,” wrote security researcher Bruce Schneier in January 2013, “and is constantly being recreated by organizations, companies, and countries with specific interests and agendas. Either we fight for a seat at the table, or the future of the Internet becomes something that is done to us.”

For those of us who feel confident that we have nothing to hide, the future of Internet security might not seem like a major concern. But we underestimate the many ways in which our online identities can be manipulated. A recent study used Facebook as a testing ground to determine if the company could influence a user’s emotional disposition by altering the content of her or his News Feed. For a week in January 2012, reseachers subjected 689,003 unknowing users to this psychological experiment, showing happier-than-usual messages to some people and sadder-than-usual messages to others. They concluded that they had “experimental evidence for massive-scale contagion via social networks” because users responded by publishing more positive or negative posts of their own, depending on what they saw in their own feeds.

The U.S. Department of Defense has also figured out how influential Facebook and Twitter can be. In 2011, it announced a new “Social Media in Strategic Communication” (SMISC) program to detect and counter information the U.S. government deemed dangerous. “Since everyone is potentially an influencer on social media and is capable of spreading information,” one researcher involved in a SMISC study told The Guardian, “our work aims to identify and engage the right people at the right time on social media to help propagate information when needed.”

Private companies are also using personal information in hidden ways. They don’t simply learn our tastes and habits, offering us more of what want and less of what we don’t. As Michael Fertik wrote in a 2013 Scientific American article titled “The Rich See a Different Internet Than the Poor,” credit lenders have the ability to hide their offers from people who may need loans the most. And Google now has a patent to change its prices based on who’s buying.

Is it even possible to hide from corporate and government feelers online? While my attempt to do so was an intensely interesting challenge, it ultimately left me a bit disappointed. It is essentially impossible to achieve anonymity online. It requires a complete operational posture that extends from the digital to the physical. Downloading a secure messaging app and using Tor won’t all of a sudden make you “NSA-proof.” And doing it right is really, really hard.

Weighing these trade-offs in my day-to-day life led to a few behavioral changes, but I have a mostly normal relationship with the Internet—I deleted my Facebook account, I encrypt my emails whenever I can, and I use a handful of privacy minded browser extensions. But even those are steps many people are unwilling, or unable, to take. And therein lies the major disappointment for me: privacy shouldn’t require elaborate precautions.

No one likes being subliminally influenced, discriminated against, or taken advantage of, yet these are all legitimate concerns that come with surveillance. These concerns are heightened as we increasingly live online. Digital surveillance is pervasive and relatively cheap. It is fundamentally different than anything we’ve faced before, and we’re still figuring out what what the boundaries should be.

For now, Aaron’s IDs and documents are still sitting inside my desk. Aaron himself actually went missing a little while ago. I used Amazon’s Mechanical Turk marketplace to solicit descriptions from strangers, and then hired a forensic artist to draw a sketch. He resurfaced on Twitter. (You can go here to try tweeting as Aaron Brown.) But other than that, no word. I have a feeling he’ll probably pop up in Cleveland at some point.

Everyone always seems to get sucked back home.

******

One thing we seem to forget as we go through our daily online lives is to trust our gut instincts.  If something feels off, your primal brain is sensing it before the logical side can identify the issue.  Trust your instincts – after all, we are – literally and virtually – all strangers online.

BNI Operatives: Situationally aware.

As always, stay safe.

%d bloggers like this: