Presidential Cybersecurity and Pelotons

President Biden wants his Peloton in the White House. For those who have missed the hype, it’s an Internet-connected stationary bicycle. It has a screen, a camera, and a microphone. You can take live classes online, work out with your friends, or join the exercise social network. And all of that is a security risk, especially if you are the president of the United States.

Any computer brings with it the risk of hacking. This is true of our computers and phones, and it’s also true about all of the Internet-of-Things devices that are increasingly part of our lives. These large and small appliances, cars, medical devices, toys and — yes — exercise machines are all computers at their core, and they’re all just as vulnerable. Presidents face special risks when it comes to the IoT, but Biden has the NSA to help him handle them.

Not everyone is so lucky, and the rest of us need something more structural.

US presidents have long tussled with their security advisers over tech. The NSA often customizes devices, but that means eliminating features. In 2010, President Barack Obama complained that his presidential BlackBerry device was “no fun” because only ten people were allowed to contact him on it. In 2013, security prevented him from getting an iPhone. When he finally got an upgrade to his BlackBerry in 2016, he complained that his new “secure” phone couldn’t take pictures, send texts, or play music. His “hardened” iPad to read daily intelligence briefings was presumably similarly handicapped. We don’t know what the NSA did to these devices, but they certainly modified the software and physically removed the cameras and microphones — and possibly the wireless Internet connection.

President Donald Trump resisted efforts to secure his phones. We don’t know the details, only that they were regularly replaced, with the government effectively treating them as burner phones.

The risks are serious. We know that the Russians and the Chinese were eavesdropping on Trump’s phones. Hackers can remotely turn on microphones and cameras, listening in on conversations. They can grab copies of any documents on the device. They can also use those devices to further infiltrate government networks, maybe even jumping onto classified networks that the devices connect to. If the devices have physical capabilities, those can be hacked as well. In 2007, the wireless features of Vice President Richard B. Cheney’s pacemaker were disabled out of fears that it could be hacked to assassinate him. In 1999, the NSA banned Furbies from its offices, mistakenly believing that they could listen and learn.

Physically removing features and components works, but the results are increasingly unacceptable. The NSA could take Biden’s Peloton and rip out the camera, microphone, and Internet connection, and that would make it secure — but then it would just be a normal (albeit expensive) stationary bike. Maybe Biden wouldn’t accept that, and he’d demand that the NSA do even more work to customize and secure the Peloton part of the bicycle. Maybe Biden’s security agents could isolate his Peloton in a specially shielded room where it couldn’t infect other computers, and warn him not to discuss national security in its presence.

This might work, but it certainly doesn’t scale. As president, Biden can direct substantial resources to solving his cybersecurity problems. The real issue is what everyone else should do. The president of the United States is a singular espionage target, but so are members of his staff and other administration officials.

Members of Congress are targets, as are governors and mayors, police officers and judges, CEOs and directors of human rights organizations, nuclear power plant operators, and election officials. All of these people have smartphones, tablets, and laptops. Many have Internet-connected cars and appliances, vacuums, bikes, and doorbells. Every one of those devices is a potential security risk, and all of those people are potential national security targets. But none of those people will get their Internet-connected devices customized by the NSA.

That is the real cybersecurity issue. Internet connectivity brings with it features we like. In our cars, it means real-time navigation, entertainment options, automatic diagnostics, and more. In a Peloton, it means everything that makes it more than a stationary bike. In a pacemaker, it means continuous monitoring by your doctor — and possibly your life saved as a result. In an iPhone or iPad, it means…well, everything. We can search for older, non-networked versions of some of these devices, or the NSA can disable connectivity for the privileged few of us. But the result is the same: in Obama’s words, “no fun.”

And unconnected options are increasingly hard to find. In 2016, I tried to find a new car that didn’t come with Internet connectivity, but I had to give up: there were no options to omit that in the class of car I wanted. Similarly, it’s getting harder to find major appliances without a wireless connection. As the price of connectivity continues to drop, more and more things will only be available Internet-enabled.

Internet security is national security — not because the president is personally vulnerable but because we are all part of a single network. Depending on who we are and what we do, we will make different trade-offs between security and fun. But we all deserve better options.

Regulations that force manufacturers to provide better security for all of us are the only way to do that. We need minimum security standards for computers of all kinds. We need transparency laws that give all of us, from the president on down, sufficient information to make our own security trade-offs. And we need liability laws that hold companies liable when they misrepresent the security of their products and services.

I’m not worried about Biden. He and his staff will figure out how to balance his exercise needs with the national security needs of the country. Sometimes the solutions are weirdly customized, such as the anti-eavesdropping tent that Obama used while traveling. I am much more worried about the political activists, journalists, human rights workers, and oppressed minorities around the world who don’t have the money or expertise to secure their technology, or the information that would give them the ability to make informed decisions on which technologies to choose.

This essay previously appeared in the Washington Post.

Posted on February 5, 2021 at 5:58 AM35 Comments

Comments

D February 5, 2021 9:55 AM

And unconnected options are increasingly hard to find. In 2016, I tried to find a new
car that didn’t come with Internet connectivity, but I had to give up: there were no
options to omit that in the class of car I wanted.

So, did you contribute to the problem of lack of choice by buying a car that will spy on you for the manufacturer?

wiredog February 5, 2021 10:14 AM

@ uh,Mike

The clearance process has been bad for years and has gotten worse since Snowden. It takes a year to get someone cleared TS/SCI these days unless you put a lot of effort into it.

Making the bike reasonably safe is a helluva lot cheaper and faster.

denny February 5, 2021 10:30 AM

In 2016, I tried to find a new car that didn’t come with Internet connectivity, but I had to give up: there were no options to omit that in the class of car I wanted.

One didn’t need NSA-level skills to disable that feature in 2016. It’s probably still true: people have figured out how to disable the system on a lot of cars. Evidently, OnStar can be disabled by pulling one fuse, with the main side-effect being that the in-car microphone also gets disabled—not necessarily a bad thing. Unlike the Peloton exercise bike, no desirable features would be lost here (on some other cars, disabling such systems may also disable multimedia systems).

The main point stands: ordinary people shouldn’t have to do things like this to secure their systems. And more generally, I think informed consent is important. How can these privacy-invasive systems, that one can only “opt out” of by making unsanctioned hardware mods (if one is aware of the risks at all), possibly be GDPR-compliant?

Peter February 5, 2021 10:47 AM

@D

What would you propose that he does?

There aren’t enough security conscious people around that car manufacturers would notice if they started boycotting certain models, and there are plenty of people who want a car that can get Google maps and better music.

I recently purchased a car, and literally every new car has some form of internet connectivity. You can’t just pick a brand or model without them, even if that is the only thing you care about in your purchase.

I suppose you could avoid buying a car completely, but that isn’t an option for most people. You could also buy an old used car without these features, but that has serious drawbacks and won’t even be possible in a few years.

Version2.3 February 5, 2021 10:53 AM

Interesting.
The bike presumably communicates on port 443 to Peloton server range.
The NSA should create a man-in-the-middle to monitor that traffic.
Additionaly, the bike should be rotated to different locations, so as not to know the Presidents GPS coordinates.
Can Peloton bike be hooked up to an ethernet cable?

If the data is encrypted from the bike, how is the NSA going to get that data decrypted?
The MitM will only see encrypted traffic.

George O. Well February 5, 2021 11:14 AM

“No Fun”, “No Convenience” Oh boo hoo hoo

Convenience and fun are lures for marks. No need to mandate security when people voluntarily opt into it because they’re bored and lazy.

What’s odd is that Bruce Schneier is well aware of this. Playing silicon valley’s game? The lie that you can have your cake and eat it too?

Those who would yield essential liberty on behalf of convenience deserve neither liberty nor convenience.

lurker February 5, 2021 11:36 AM

@denny

Evidently, OnStar can be disabled by pulling one fuse…

After you pull the fuse, what does the ToS say about your warranty and other obligations to the vendor?

AL February 5, 2021 12:58 PM

One thing I do is disable voice activation, such as hey Siri, hey Google, or hey Alexa. If those things are enabled, it results in an open microphone. With them off, if something gets picked up because of an open mike, my lawsuit would have more strength.

throw away February 5, 2021 1:48 PM

on phones and computers it is now more difficult if its not already impossible to use settings to disable microphones

fajensen February 5, 2021 2:45 PM

I recently hired a large Mercedes-Benz Van for a family holiday.

While sitting at a Mac Donald we tried to turn the interior lights on, except the button that “obviously” should do that instead dials a call centre that deals with various vehicular emergencies – but, at least they could tell us where the proper button was.

I actually thought it was kinda neat – having a car with an inbuilt concierge service.

And I think will probably be okay with the inbuilt surveillance if it somehow makes my life easier.

Clive Robinson February 5, 2021 3:42 PM

@ Peter, Bruce, ALL,

You can’t just pick a brand or model without them, even if that is the only thing you care about in your purchase.

We’ve had warning of this for a quater of a century…

You can find many a conversation on this blog where such problems have been mentioned.

As I’ve indicated a number of the computers I use predate 1995 with good Security reason… @Nick P thought you could still find new computers upto 2005 that were not “wireless” or other form of device to device capable.

I’ve even started building computers from microcontroller chips upwards, but even chips of suitable power these days have wireless capabilities built in.

The same issue applies to domestic appliances… I was looking for a flat screen TV, not to use for “Broadcast television”[1] but to replace a monitor I use in my CCTV system. Some flat screens will not even start up unless they can talk to the Internet…

Whilst you can still get radios that are not Internet connected in the UK, those for “Digital Audio Broadcast”(DAB) are increasongly WiFi or Bluetooth enabled so you can have multiple wireless speakers / headphone options…

Take a walk around the “white goods” isle for kitchen appliances, an increasing number of those are not just computerized beyond the point you can strip the nonsense out, those computer chips all have WiFi, Bluetooth and heaven alone knows what into them.

That is the chips are made for IoT and as the chip manufactures supply software that is in effect a compleate network and audio enabled Operating System for effectively nothing you get all these little features for free even if you do not want them and might pay good money not to have them… Oh and many are getting “Voice assistance” technology that works through “the mother ship” in some far distant place beyond the reach of the legislators and judiciary of where you live.

For various reasons the most obvious being the US “you collect it you own it” legislation just about every thing will be vampiring out your Private Personal Information and if you do not alow it to do so will refuse to work… Some even check the likes of microphones are working by emiting beeps in the high frequency audio range from the speaker that if it is not picked up by the microphone will disable the device functionality. It won’t tell you that is what is happening it just displays an error code and advise you to read the service manual for the repair technicians details. Where you will find out that the repair cost is more than the item is worth.

For somethings legaly you are stuck, take “gas boilers” the law requires you to use a “registered technician” who has to pay a fat fee every year to some official registration organisation, the same for electrical wiring and in the UK even builders are supposed to register with the local council (government) and inform against a property owner who might have done something like rebuild their door step for such things the council require one or more “paper filling” fees that can soon double the price of minor work…

Eventually as I’ve indicated a number of times before, this “surveilance” will be coopted into “fee gathering” as companies nolonger pay tax. Because governments need both tax to bribe voters and low taxes to bribe other voters and they can not squeeze it out of corporations these days.

But such fee gathering will actually be lucrative “fine led”[2] which is easily sold to the public as stopping “criminal activity”.

Put simply it works like this, the Council or appointed authority requires a fat fee of Y but deliberately makes it difficult for individuals to pay as well as making the process very very lengthy. If you fail to pay the fee for various good and proper reasons then fines of 10-100Y get levied almost immediately[2]. The size of the fine is generally such that it will be slightly cheaper to pay it than court fees would be if you contested them…

So if they have not already arived by illegal fines issued on CCTV only evidence, then expect them very soon, and they will just get worse as long as people do not fight them.

Just one of the joys of a “rent seeking economy” where you are forced to pay by private “guard labour” unless you can fight through the “public system” which is increasingly being made unavailable to you…

[1] In the UK we have “The British Broadcasting Corporation” which is a “political football” these days. In return for it’s Government charter it has to endure all sorts of politicians whims, which is a downside. However the upside for most people is that it is “advert free” and generally has better television programs in the more traditional programing areas. However like any company it requires resources and these have to be paid for. So rather than derive it’s income from “advertising” it allegedly geys “licence fees”. Thus you have to buy a “Television Licence” in the UK to watch any kind of “Broadcast Television” for which the definition for “Television” and “Broadcast” hwve bern stretched legally quite a way… It is in other words effrctivly a tax… But The BBC have been forced to “out source” this tax collection to one of the dread UK big four outsourcing companies currently it’s Capita and it has a very very dark reputation, needless to say it’s “running costs” are so large people have their doubts as to just “how bigger fist it has in the till”. Because in the UK the annual licence now costs as much if not more than a small flat screen TV…

[2] A friend almost fell foul of this little game. A tree was found after an accident to be internally rotten and dangerous that without doubt needed to be either cut back or removed compleatly. As it was in a position where it could cause harm to the public prompt action should have been taken. The mistake made was that the local council got informed via the private firm of CCTV operators… The council, who rather than act sensibly came out and blocked access to four houses by baricading the road way and their vehical access ways. As there was no “on street” or “any front of property” parking alowed this caused considerable problems. The council then sent out inspectors and private traffic wardens etc to start collecting fines. They also quietly put a “Tree Presevation Order” on the tree and after the appeal period sent out notification of this. When an application was submitted with two tree surgeon reports saying the tree should be felled immediatly the Council demanded hughe fees for it’s specialists to “examin and report” and they decided otherwise, they also slapped TPO’s on all the other trees in the road as they had been planted at a similar time… Because other residents found out that their trees had like wise been blighted by the same rot and should be felled and the council saw the opportunity for massive fines to be issued… When someone unknown cut back a tree the council sent out inspectors claiming all sorts of rights they actually did not have and they thretend people with legal action and court fees that would be tens of thousands of pounds. That got a stop put to it after a friend of my friend went around to many of thecresidents and advised them of their legal rights including sending legal documents and enforcable contracts to the council officers (served on their home addresses). The council ignored this they acted “jobs worth” and contrary to what they legaly were alowed to do, the police were called and legal action started. Strangly shortly there after an accident happened and the CCTV feed “cabinet” got reversed into by a large rough looking lorry and the CCTV failed… Apparently a similar looking lorry, according to eye witnesses, knocked down the bariers whilst trying to turn around and some how caused the dangerous rotten tree to mysteriously get it’s trunk broken at very near ground level… Apparently the council is still looking for the lorry that had according to the eye witnesses funny East European Registration, which is kind of a problem now Brexit has happened. Likewise the CCTV firm apparently their “cabinet” was not legaly sited and the land owner has issued proceadings against the firm, that could take years to get through the courts. By which time the CCTV contract will have expired… As the legal friend noted of the council, “If they want to play silly games they had better understand the rules of the game, otherwise they loose posession of the ball, and forfeit the match in disgrace, as well as pay compensation to the spectators.”

Internet Individual February 5, 2021 10:32 PM

Something has been on my mind for awhile that I cant put my finger on. Lack of Privacy being understood as a security issue. This has been known for awhile. I’ve watched interviews on youtube of directors of CIA and NSA along with employees, state that lack of privacy is a serious issue. Those agencies actively offer advice and instructions to the public about how to safeguard against data collection. Senators, and other lawmakers voice concerns against out of control data collection. Yet, for some reason it not only appears to continue but it keeps getting progressively worse. I just read china has DNA genetics of roughly 80% of Americans. Even state government agencies sell your data for extra money, like the DMV or SoS. We saw the fallout from cambridge analytica, yet during the last election period what changed? Why is this still happening? Who is pushing to keep this type of collection going? When everyone agrees its a serious issue at multiple levels and still continues, it really makes me wonder about how our government is ran. Either politicians and those agencies are pretending to appease the public and secretly pushing to keep collecting which in turn is causing insecurity and therefor a self defeating practice, or they simply have lost control of the government they are supposed to run. I mean, what is really going on? Are a few corporations really that powerful to do whatever they want even while putting everyone at risk?

That being the case, who run corporations? Shareholders right? And who can own shares of these influential corporations? Anyone in the world with the money to invest right? So, international investors run corporations which in turn control the government? Could an international shareholder also be an adversarial nation state? What am I missing here? Im just trying to get the full picture of whats happening so I can comprehend the full situation and figure out where to focus my efforts.

From my perspective its as if we are headed full speed towards a cliff, and everyone acknowledges it, knows the consequences, and decides to hit the accelerator and continue forward. Are we trying to jump the cliff or something? I mean, is there a threshold that is being pushed towards in which the country will be more secure if enough devices and personal information gets collected over the internet? Overload the enemy with so much personal information they have to shut down or something? Anyone?

Blain February 6, 2021 12:30 AM

@wiredog

They could use somebody who is already cleared. There should be somebody with suitably skills, personality and clearance somewhere in the Secret Service, military or intelligence community.

JonKnowsNothing February 6, 2021 1:06 AM

@Internet Individual

re: who run corporations? Shareholders right?

In the USA, shareholders have little or no control over corporations unless they are small businesses incorporated for tax and liability issues (aka Mom and Pop Stores).

Major corporations have the vast majority of their stocks held by large banks and investment funds. The corporations are controlled by the Board of Directors. The only thing an individual stock owner actually owns is: a certificate. Stories and Histories are legion about proxy wars. One of the bigger ones was HP + Deutsche Bank stock proxies that swayed the Compaq deal. Even large blocks of stock do not guarantee control.

Generally your proxy vote is pretty bland: Vote of What They Want. The rest hits the circular file because it’s not enough to make any difference.

Internet Companies with savvy founders who have friends in Venture Capital and avoid the bloodbath that occurs on acquisition and funding rounds, manage to hold on to majority positions (Bezos and Co). It’s not that common really and most folks find out pretty fast that their Stock Options are Toilet Roll.

International Ownership both from outside the USA or from inside the USA owning foreign stocks, has legal requirements. If the stock is traded on a public stock exchange and there are no legal impediments people can buy it. You do have to disclose a lot more if you own foreign stocks or real estate. UK Prime Minister Boris Johnson found out that he owed USA Taxes because he was Born in the USA and sold a house in the UK and the US IRS sent him a nice Capital Gains Payment Demand. SURPRISE!!

All publicly traded stocks are registered and tracked and ownership is recorded.

Arbitrage is perhaps what you are concerned about? It happens. When it happens on a large scale it can shake the financial underpinnings of the Stock Markets (which have no legs to stand on anyway).

Most countries have some rules and limitations on foreign investments. Military and Defense companies cannot survive without them. One Battery of Laser Guided Strike Missiles coming right up.

ht tps://en.wikipedia.org/wiki/Compaq#Acquisition_by_Hewlett-Packard

The merger was approved by HP shareholders only after the narrowest of margins,and allegations of vote buying (primarily involving an alleged last-second back-room deal with Deutsche Bank) haunted the new company.

ht tps://en.wikipedia.org/wiki/Arbitrage

the practice of taking advantage of a price difference between two or more markets: striking a combination of matching deals that capitalize upon the imbalance, the profit being the difference between the market prices at which the unit is traded.

(url fractured to prevent autorun)

G February 6, 2021 3:47 AM

Re the internet connected car: can’t the connection be disabled in a nondestructive way (so as not to void the warranty)?

David February 6, 2021 7:02 AM

The police can already stop you for burned-out brake lights or license plate lights. Failure to emit required tracking signals may soon be defined as a similar safety violation.

1&1~=Umm February 6, 2021 7:29 AM

@David:

“Failure to emit required tracking signals may soon be defined as a similar safety violation.”

Only if enough people are stupid enough to drink the coolaid after it’s been stired with a big ladle…

The way to stop it is to use their tools against them.

Legislators are fond of using ‘knee jerk’ appeals to emotion such as ‘Think of the children’. If however you get in before they do then they not you have to go on the defensive.

Thus start a ‘Think of our children’ by invoking the idea that such signal emmissions will get the young and vulnerable kidnapped, sexually abused, stalked and murdered.

Then make directed emotion appeals, that anyone who disagrees is either pro kidnaping, sexual abuse, stalking or murder, or is in fact a kidnapper, sexual abuser, stalker or murderer or similar.

Most politicians and legislators have a sufficiently murky past that can be dug through and thus mud thrown, and it will stick in places.

As the nutty ideas behind QAnnon have shown you can build up a considerable ground swell against people and more importantly their ideas.

The other trick politicians and legislators do is talk up an idea that acts in your favour. Think terrorism and mobile phones being used to drive forward back doors and anti-encryption policy.

Thus every time an unfortunate event happens to a child, adolescent or vulnerable person is to talk up the fact that their car emitted signals that could be tracked. That way you start associating the idea with what people see is true evil.

But there is another technique which is to make people laugh at the politician every time they bring the subject up. Such ridicule reduces not just the persons credibility but the credibility of what they say thus making a joke of it in peoples minds.

denny February 6, 2021 9:52 AM

After you pull the fuse, what does the ToS say about your warranty and other obligations to the vendor?

You’re talking about the OnStar Terms of Service that a person inclined to pull the fuse probably never agreed to? Why would a purchaser have any obligations to the vendor after paying them?

In the USA, Magnuson–Moss Warranty Act somewhat restricts claims of warranty-voiding, and might help here. Plus, 14 states are working on right-to-repair laws, and car manufacturers have agreed to abide by the Massachusetts law thoughout the USA.

Realistically, it would be surprising to encounter such trouble. The sources I saw said OnStar will work as normal when the fuse is restored. Fuses are, after all, designed to be replaced. Maybe the dealer or manufacturer wouldn’t even notice. Regardless, let’s not give up important human rights (like privacy) because someone asks us to on a sticker or in a contract of adhesion.

Clive Robinson February 6, 2021 11:03 AM

@ kiwano, Denny, lurker,

nothing if you deliberately blow it and then put it back

You do not need to take the fuse out to blow it…

The fuse is connected to one side of the battery, the other side of the fuse is connected to the equipment, and the other side of the equipment connected to chasis / return to the battery.

So all you need to do to blow the fuse, is connect the side away from the battey connected to the equipment to the ground chasis / return.

Then if the vendor has used UV “nail varnish” or similar to detect the pulling of the fuse the fuse never having been pulled will not have broken or disturbed physical security checks.

Any scratches can be written down to having used a multimeter to check for voltage.

internet individual February 6, 2021 11:56 AM

@JonKnowsNothin

Thanks for the explanation, legalities and technicalities of investments are not an area I have much knowledge in. A consequence of poverty im afraid. 1/1000th of a share of Tesla doesnt chew the same as a pack of Ramen Noodles.

For some reason I had it stuck in my head that share holders had voting power if they collectivly banned together which was what the whole fiduciary duty bit was about and why CEO’s were in a tough position of chosing between being more responsible or ethical and pure greed, because they would simply get voted out and someone else would be put in that would attempt to increase share value at all costs.

Regarding Boris Johnson being born in the US. I actually didnt know that until now. I knew his accent was fake!

JonKnowsNothing February 6, 2021 2:11 PM

@internet individual

re: For some reason I had it stuck in my head that share holders had voting power if they collectivly banned together

In theory block voting might have the power to install a member on the board of directors. Generally there are several categories of people on the boards of major corporations.

  • There are the Good PR members, former politicians, bankers, other ex-CEOs now out of work.
  • A group of semi-professional board members, who make a living by belonging to multiple company boards. These are often more ex-CEOs and bankers past their Sell By Date for employment.They make The Monthly Rounds of Meetings and collect a nice stipend for it (all expenses paid of course).
  • There are the Large Shareholders and Creditors of the company. These folks hold the most power and the most shares. Creditors aka Financial Institutions hold the purse strings.
  • The titular heads of the board and corporate management. They have some say so but they don’t get to range too far from the interests of Wall Street and Finance.
  • Some companies have a few token members representing other or non-aligned interests.

Group voting works on the other end: Collective Bargaining aka Unions, Guilds, Trade Unions and the like. They are well smeared groups that represent the interests of those who cannot compete with the Board of Directors and Wall Street. They work by threatening the source, material and supply chain and manufacturing systems relied on by the corporations. They shake the tree just a bit to provide better conditions or incomes to their members.

Of course, Unions are completely maligned as no resolvable oligarch would pay a living wage, provide health care, education credits, vacation time, sick time, over time, child care, and other items to their workers unless Someone Made Them Do It.

Providing any benefits fully depended on Tax Breaks in the pertinent laws. Corporations provide “Not 1 Cent More” than they can extract in Tax Breaks or Re-Directed Profits.

Unions do work but not very many Universities will teach you that. Certainly not many in the USA. Walmart and other companies that have lost to Union movements just “Close down the store as Not Profitable” effectively ending the union at that location. Amazon is facing a Union battle now. One can expect there will be the same reaction from Amazon.

ht tps://www.theguardian.com/technology/2021/feb/05/amazon-workers-nrlb-vote-union-drive
(url fractured to prevent autorun)

SpaceLifeForm February 6, 2021 2:48 PM

Paying attention is important

hx tps://www.buzzfeednews.com/article/jasonleopold/cia-torture-briefing-president-biden

It’s a start:

After BuzzFeed News contacted the Office of the Director of National Intelligence for comment, spokesperson Amanda Schoch said Wednesday that Muir’s responsibilities would not include being in the Oval Office “on a daily basis briefing the President.”

But, it is not enough:

His new role is to be in charge of mission integration, which means he will be responsible for coordinating intelligence collection and analysis across multiple agencies. That includes overseeing the contents of the President’s Daily Brief, which she said will probably be delivered by “a series of expert briefers.” She gave no explanation for the change.

xcv February 6, 2021 5:59 PM

@ internet individual

Thanks for the explanation, legalities and technicalities of investments are not an area I have much knowledge in. A consequence of poverty im afraid. 1/1000th of a share of Tesla doesnt chew the same as a pack of Ramen Noodles.

Thank you. Well said, as good as any expert.

For some reason I had it stuck in my head that share holders had voting power if they collectivly banned together which was what the whole fiduciary duty bit was about

Stockbrokers, advisors, “transfer agents” and other financial industry insiders and “stakeholders” no longer allow individual investors to vote their shares.

and why CEO’s were in a tough position of chosing between being more responsible or ethical and pure greed, because they would simply get voted out and someone else would be put in that would attempt to increase share value at all costs.

There’s a golden parachute, healthcare and other upper-management-only perks and benefits, poison pills, and all sorts of other booby traps to ensure they are never voted out or fired by activist shareholders.

Patriot February 7, 2021 12:59 AM

…but Biden has the NSA to help him…

Well, I certainly do feel better now!

The Chinese and Russians have robbed the cookie jar so many times that is must have started to get boring–the thrill is gone, like B.B. King sang–like stealing candy from children.

Convenience, the great enemy of security. My favorite example of the current carnival is when Hillary Clinton repeatedly sent Top Secret information from the U.S. Department of State over the Internet in Comic Sans Font. Oh, oh, oh… you could not make it up. Truth trumps, if you will, fiction.

If you have ever been involved with these kinds of people, you would know that apathy towards information security is endemic. It is all about me.

We are in a slow-motion train wreck.

More B.B. King:

You know you done me wrong baby
And you’ll be sorry someday
The thrill is gone.

Anonymous February 7, 2021 2:23 PM

‘ “secure” phone couldn’t take pictures, send texts, or play music ‘

That’s the general idea of a secure phone isn’t it?

Maybe I’m just a little fussy about things, but I prefer them like that.
You take all those unneeded bits out when you get them and they have much better battery life, and it’s all just crap anyway. The camera doesn’t work properly, the sound quality is rubbish, and texts are annoying and a security vulnerability.

Free “bitcoin” or anything else being pushed goes into the honeypot.

Can you imagine trying to discuss important matters with someone who keeps looking at their phone, and every 5 seconds, “bling”, “bling”, “bling”.
That is about as crazy as making Flynn the head of the FBI or giving him group 6 access.

Mike C February 7, 2021 6:10 PM

The problem is that we allow devices into our lives that communicate unknown stuff to unknown services.

Lets says that a peloton bike came with documentation on what it was communicating and to whom. Good start. Lets says that the documentation came in machine readable form, so that our firewalls could enforce it. And that the documentation was published so that independent auditors could audit it.

The first step is to take back our right to privacy. To make our home network our own and not just a network we share with google, facebook and all the IoT companies in the world.

Tatütata February 8, 2021 6:21 AM

Biden could probably rustle up a VHS VCR with 1980s aerobic tapes at a garage sale somewhere, there would only be a fire hazard from the old electronics.

In any case, I suppose that this thing is installed in the residence part of the WH, with the crib for the grandchildren, and not for the oval office, so the risk isn’t as acute, but potential intelligence could still be gathered from casual observation.

I haven’t seen a “Peloton” from close, but from what I understand of it, I find the idea terrifying: a screen watching and listening to you, and barking orders at you.

The obvious reference is Orwell’s telescreen, but Ray Bradbury had imagined something comparable. In Truffaut’s filmed version of Fahrenheit 451, there is a large wall TV in the living room with rather phony and stilted interaction capability.

I was in a car two years ago (yes, that’s about as often as I ride them), and was rather amused by the driver having to accept an EULA in order to use the rear view parking camera. I can’t quite wrap my mind around contact-less ignitions, and not having to insert a metal piece in the steering column.

TRX February 10, 2021 2:37 AM

Take a walk around the “white goods” isle for kitchen appliances,

When John Varley’s “Press Enter” came out in 1984 I thought it was borderline ridiculous. And now I’m more or less living it…

Jesse Thompson February 10, 2021 7:39 PM

What I’d really like to know is what’s so secure about ludditism?

Are the Amish really more secure than the Akihabarans?

“My car’s not old enough”, “who needs internet bikes when you have Jane Fonda on VHS”, preceded by “Who needs flickering video screens when you could read a book” and “who needs jumping jacks when you could build up your muscles plowing the field or carrying water from the nearest river”.

But we are entering into an era where information collection and dissemination are both inexorably growing easier, while controling who has access to said information grows inexorably harder. For all parties. Including your adversaries.

Refusing to purchase anything manufactured in the current millenium doesn’t influence that by a gnat’s whisker. Instead all it does is cede the home court advantage to your adversaries.

The secrets that we keep that give us advantage are social secrets to begin with. You can’t live in a faraday cage to keep your bank pin secure when you have to leave the cage to shop of visit a bank branch or ATM where you’d even be able to use that secret. Your political opinion isn’t very relevant when you’re too petrified to discuss it via channels anybody listens on, or to visit a voting booth where it’s all set up with diebold machines anyway.

Personal aeseticism means nothing in the face of concern for personal information security. This concern must be engaged with systemically.

Also, the clock isn’t turning back so the solution is never going to be “force everyone else to go Amish as well”. It’s going to be learning what new strategies allow us to maintain advantage over our adversaries despite information inexorably growing easier to gather and to disseminate.

Maybe stop fighting the tide and see if you can trick them into wasting their time fighting the tide instead.

Clive Robinson February 10, 2021 9:08 PM

@ Jesse Thompson,

Refusing to purchase anything manufactured in the current millenium doesn’t influence that by a gnat’s whisker. Instead all it does is cede the home court advantage to your adversaries.

Not quite, you are making a couple of assumptions. The first is that there is not a secure solution from the past millennium you can use today. The second that you have to use the technology of today.

Actually there are many past millennium technologies that work today and importantly work better than the High Tech of today. Likewise you can in the main quite happily live without all the “High Tech” of this millennium that most have been conned into thinking they need to survive…

Some actually think that technology advancment will skow or stop as the result of COVID. That is it will surprisingly for many lead to the bankruptcy of much of the Silicon Valley mega Corps[1]. Only time will tell on that notion.

Also, the clock isn’t turning back so the solution is never going to be “force everyone else to go Amish as well”.

The fact a clock is not going to turn back, does in no way mean that society won’t turn back they have done before and will do again. The forward progress of society is based on having excess capacity especially in resources. If resources become limited then slowdown and contraction are inevitable and will cause scale down/back so society can live within the resources available to it. You only have to look at what sanctions do to countries and rheir citizens to see that. They are the new “Bomb them back to the stone age” policies.

It’s going to be learning what new strategies allow us to maintain advantage over our adversaries despite information inexorably growing easier to gather and to disseminate.

The best stratagy with out a doubt is “don’t play their game by their rules”. To many idiots put the latest surveilence in their homes, in their pockets and in some cases on their wrists… You should ask not about those you think are “ludites” but instead ask after the sanity of those who do things that are realy so very very stupid.

Maybe stop fighting the tide and see if you can trick them into wasting their time fighting the tide instead.

There is no real tide, it’s the stupidity of consumerism to have the latest gadget at the lowest possible price. It’s stupidity to think if you are not paying up front you will not pay many times over down the line. Such behaviour is “Sleepwalking into disaster”.

The one thing you can not do is “waste their time” without “wasting your own” unless you have some kind of exponential advantage over them. In the main people do not have an exponential advantage over others without significant resources. Thus generally it is they that have the exponential advantage over you, and it is you that has your life and other resources devalued or taken from you.

Yes in the “information universe” it is possible to get an exponential advantage at little or no cost other than to roll the dice, but in the “physical universe” you have a significant up front investment of resourses to get even a simple multiplicative advantage.

For most though they do not know it, those with advantage of rentable assets are making the lives of the majority who don’t a “Red Queens Race” as well as preventing them obtaining rentable assets.

Rentable assets not only hold value and do not suffer the privation of inflation on the price of food or the endless rents most have to pay, assets alow you to play the rent seeking game from the other side so can aquire more assets on which rent can be earned, hence you get an exponential benifit over the many.

[1] The argument is effectively as the economy has collapsed, and unemployment is high or insufficiently paid and stimulus debt so high that excess income is in effect not there. Therefore nothing but essential purchases will be made and the economy colapse further effectively a spiral will form. Without non essential spending advertising money will disappear, and as these Corps are based on the myth of advertising, they will collapse. I’m not going to argue it either way, because I suspect they have or can diversify to some extent, how much and what the cost will be I’ve no idea and in all probability it will require more stimulus debt and the Fed putting the printing presses into “over drive”. Thus only people with real assets not numbers in the bank, in funds or stockmarket will retain tangible wealth.

Maxie February 11, 2021 12:08 PM

Apparently the article takes for granted that US government “officials” are the good guys and the US is being “attacked” by the evil “actors”

“The risks are serious. We know that the Russians and the Chinese were eavesdropping on Trump’s phones.”

So what? The US government and its “private” accomplices are spying on the whole world. Why on earth would they complain about alleged spying against them?

Maxie February 11, 2021 1:06 PM

“we are entering into an era where information collection and dissemination are both inexorably growing easier, while controling who has access to said information grows inexorably harder.”

That’s complete nonsense. The so called internet (the arpanet) is heavily censored and information access is heavily manipulated by a few governments (like the US govt) and their “private” accomplices. What you call “collection of information” which is actually criminal spying done by government criminals is indeed growing easier…for said criminals.

And your anti “ludditism” comments are just more promotion of this wholly toxic state of affairs.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.