Fourth Amendment as a Service - Workshop - 2-21-17

PRIVACY IN THE
DIGITAL AGE
A Fourth Amendment as a Service Workshop
www.FourthAmendmentAsAService.org - @4thAsAService

2
LEGAL DISCLAIMER
• We are not lawyers
• We are not your lawyers
• None of the presented or provided content
constitutes legal advice.
• This is general security & privacy advice from
security & privacy advocates.
• Consult with a lawyer before making your
decisions.

About Us, About the Course, and Agenda
INTRODUCTIONS

4
ABOUT THE PRESENTER(S)
@eanmeyer
ean@eanmeyer.com
Ean Meyer
•Security Professional working with Fortune 500
Companies
•Focused on compliance, risk management, and
security programs
•Bsides Speaker
•Tripwire State of Security Guest Blogger
•Course Director for Full Sail University
•Security Mentor
•Privacy Advocate
Hobbies – Lockpicking, Makerscene, Writing

5www.FourthAmendmentAsAService.org - @4thAsAService
How did we get here?

6
ABOUT THE COURSE
• Topics we will cover
– Your Right to Privacy
– Secure Communications
– Online Privacy
– Help installing and configuring privacy tools
• Things we won’t cover
– Illegal or unethical use
– If you are here to learn how to avoid the law… leave
– Law enforcement has a hard enough job as is
– In-depth discussions of technology
– In-depth State and Local Law
– Legality as it applies to your specific situation

7
ABOUT THE PRESENTERS
@infosecanon
hlawrence@hackucf.org
Heather Lawrence
•Naval Nuclear Veteran
•MS Computer Engineering (in May)
•President Hack@UCF
•B-Sides Orlando Organizer
• SunshineCTF
Hobbies – Research, Crafting, Photography,
CTFing

8
@GaelanAdams
Gadams@hackucf.org
Gaelan Adams
•Professional Cat Herder
•Senior Engineer Hack All The Things
•Privacy Advocate
Hobbies – Technology, Education, Batman

9
@jcknrmn
jack@jacknorman.com
Jack Norman
• MS, IA and Cyber Security, FIT
• EM and Homeland Security Certificate, UCF
• Executive MBA, UCF
• BS Electrical Engineering, UB
• Board Member - OWASP Orlando
• Sr. Information Security Engineer
Hobbies – Outdoors, firearms, swinging a hammer, anything not
involving a computer.

10
@sk4ld
owen@hackallthethings.com
Owen Redwood
• PhD dissertation on Cyber Physical Systems Vulnerability
Research, FSU
• CEO Hack All The Things, LLC
• Senior Lead Cyber Researcher of the Nebraska Applied
Research Institute
• DoD Advisor on Critical Infrastructure
Hobbies – DnD, Video Games, Firearms, Breaking the Grid,
Exploiting the World

11
@corq
corq@corq.co
Corq
•Sysadmin turned Threat Analyst
•Subject of numerous 3rd party breaches
•Subject of one (very weak) doxing campaign
•Cold War History Buff
•Privacy Advocate
Hobbies – Shortwave Radio, Raspberry Pi/ARM
computer hobbyist, Crazy Cat Lady

12
@willasaywhat
willa@willasaywhat.com
Willa
•Senior Penetration Tester @ Veracode
•DEF CON 24 Speaker
•B.S. Computer Science @ UCF ℅ 2007
•M.P.S. Information Science @ Penn State
Hobbies – Hardware hacking, micro drone racing,
PC gaming, and chasing my toddler.

13
AGENDA
• Sections and Breaks
– 08:30 - 09:00 Check-in
– 09:00 - 09:15 Opening remarks
– 09:15 - 10:00 Your Rights (45 min lecture)
– QA and or Break optional
– 10:00 - 10:30 Secure Communications
– 10:30 - 11:00 Configuring tools from Secure Communications
– 11:30 - 12:00 Online Privacy
– 12:00 - 12:30 Configuring tools from Online Privacy
• House Keeping Notes
– Bathroom Locations
– Food and Drink
– Cell phones
– Leaving and Entering the Room
– We are recording the talks to be placed online

14
BEFORE WE START
ARE THEIR ANY
QUESTIONS?

15
YOUR RIGHTS
Heather Lawrence and Gaelan Adams

16
AGENDA
•Political Climate
•Why should I care?
•The Law and Your Rights
•What should I do when…
•Your data (and what it says)

Some history and our current political state
Political Climate

"Big Brother in the form of an increasingly
powerful government and in an
increasingly powerful private sector will
pile the records high with reasons why
privacy should give way to national
security, to law and order, to efficiency of
operation, to scientific advancement and
the like.”
William O. Douglas (1898-1980),
U. S. Supreme Court Justice

“There is nothing new in the
realization that the Constitution
sometimes insulates the
criminality of a few in order to
protect the privacy of us all.”
Antonin Scalia(1936-2016),
U. S. Supreme Court Justice

Mario M. Cuomo
The New Republic (4 April 1985)
“You campaign in poetry.
You govern in prose.”

From important figures in politics and government
Campaign and Political Statements

22
Obama signs CISA
http://www.cnbc.com/2015/12/22/the-
controversial-surveillance-act-obama-just-
signed.html
• The Cybersecurity Information
Sharing Act (CISA) was signed
into law as part of a budget
package
• The bill permits private companies
to handover information to federal
agencies
• This creates significant privacy
issues around private user data
moving into government hands

23
On Surveillance
"I want surveillance of certain
mosques if that's OK," Trump told
the often-raucous and approving
crowd.
"We've had it before.”
- Donald Trump
September 21st, 2015
https://www.youtube.com/watch?v=1SzrhYKya00
http://www.cnn.com/2015/11/21/politics/trump-muslims-
surveillance/

24
Obama Expands Surveillance Access
https://www.nytimes.com/2017/01/12/us/politics/n
a-gets-more-latitude-to-share-intercepted-
communications.html
• An expansion of Executive Order
12333 Relax longstanding limits
on N.S.A. data sharing
• Data was collected via means
unregulated by American
wiretapping laws
• Increases the risk private
information about innocent people
will be shared without court
oversight

25
On Free Speech and Freedom of Press
“I'm going to open up our
libel laws so when they
write purposely negative
and horrible and false
articles, we can sue them
and win lots of money.”
–Donald Trump
February 26, 2016
https://www.washingtonpost.com/news/volokh-
conspiracy/wp/2016/02/26/donald-trump-says-hell-
open-up-libel-laws/

26
On Free Speech
“We have to talk to them about, maybe
in certain areas, closing that Internet up
in some way. Somebody will say,
'Oh freedom of speech, freedom of
speech.'
These are foolish people. We have a
lot of foolish people."
- Donald Trump
December 8, 2016
http://money.cnn.com/2015/12/08/technology/don
ald-trump-internet/

27
On Encryption
“I think security, overall,
we have to open it up
and we have to use our
heads. We have to use
common sense”
-Donald Trump
February 17, 2016
https://www.cnet.com/news/trump-apple-iphone-san-
bernardino-encryption-fbi-terrorist/

28
On Encryption Backdoors
Compliance with Court Orders Act of
2016
– Initial attempt to require backdoors into
encryption
– Bill would require companies to create a
mechanism that would allow for encrypted
data to be retrieved without consent
– Proposed by Sen. Richard Burr –
Chairman of the Senate Intelligence
Committee and Sen. Diane Feinstein https://www.wired.com/2016/04/senates-draft-
encryption-bill-privacy-nightmare/

If it’s a legal request, shouldn’t there be a back door for law enforcement?
What’s wrong with backdoors?

30
Encryption Backdoors
Tools created to leverage backdoor vulnerabilities in
code to listen in to encrypted conversations.
Although authorized organizations could use this
backdoor there was nothing stopping anyone who
knew it existed from using it.
Juniper is the second largest network equipment
manufacturer behind Cisco
https://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-
backdoors/

31
Encryption Backdoors
A report from the Encryption Working group put
together by two House committees found:
- There is no way to stop bad actors from
adopting encryption.
- The Committees should explore other
strategies to address the needs of the law
enforcement community
https://judiciary.house.gov/wp-
content/uploads/2016/12/20161220
EWGFINALReport.pdf
Page 5
Encryption Working Group Year End Report - 2016

There will be a quiz later
News Story

I have nothing to hide.
Why should I care?

“First they came for the Socialists, and I did not speak out— Because I
was not a Socialist.
Then they came for the Trade Unionists, and I did not speak out—
Because I was not a Trade Unionist.
Then they came for the Jews, and I did not speak out—
Because I was not a Jew.
Then they came for me—and there was no one left to speak for me.”
Martin Niemöller
(1892–1984)

35
This Couldn’t Happen to Me
• Reddit investigations gone wrong – Sunil
Tripathi
• Find my Phone leads to wrong home and
threats
• Farm in Kansas becomes site of threats as
online tracking goes wrong
• #PizzaGate leads armed man to “investigate”
pizza parlor
• Three Felonies a Day

36
This Couldn’t Happen to Me
•Central Park Five
http://www.pbs.org/kenburns/centralparkfive/
•Earl Washington, Jr.
http://www.innocenceproject.org/cases/earl-washington/
•Nga Truong
http://www.pbs.org/wgbh/frontline/article/a-rare-look-at-the-
police-tactics-that-can-lead-to-false-confessions/
All had coerced, forced, or fabricated confessions after interrogation that lead
them to incarceration.

Aren’t we safer by giving up some information?
But, don’t the ends justify the means?

“If you want to control someone,
all you have to do is to make
them feel afraid.”
― Paulo Coelho

39
Being Black in Public
•Collegiate Cyber Defense Club @ UCF
Secretary
–Detained and vehicle searched while sitting in
his car, in a UCF parking garage.

40
Being Black in Public
Alabama police officers
detain a black man for
jogging at night
• Reason for stop was an unidentified
man running
• Officer stated “Burglaries were
reported
• Alabama is a Stop and Identify State
• Maintaining your rights can be difficult
(Credit: The Free Thought Project)
https://www.salon.com/2015/10/15/where_you_been_run
ning_from_watch_officers_try_to_detain_alabama_man_f
or_jogging_at_night_while_black/

41
Marginalized Groups
•#BlackLivesMatter
•People of Color
•LGBTQ+
•Occupy Wall street
•Foreigners
•Non-Christians
•Dissenting Political Voices

“To learn who rules over you, simply find out who you are not allowed to criticize.”
- Voltaire
Censorship

43
How it starts
•Think of the children!
•Stop the pedophiles!
•The terrorists will win!
•This is un-American, ban it!
•We can’t give you that
information and keep you safe!

44
Taking a stand
•No one wants to stand up and say:
“I like pornography.”
“I have an unusual legal sexual fetish.”
“I have genital herpes.”

45
But How Bad Could It Be, Really?
•“Snoopers Charter” UK
•N. Korea
•Great Firewall of China
•Arab Spring
•Dictatorships
•Egypt shuts down the Internet
http://big-digital.de/360socialmedia

46
But How Bad Could It Be, Really?
•Snapchat Revenge Sites
•The Fappening
•Ashley Madison
•Adult Friend Finder
•Office of Personnel
Management Jennifer Lawrence | by Gage Skidmore

I just won’t use the Internet
Perfect Security

48
Perfect Security
•It doesn’t exist
•Going off the grid is near impossible
•No protection is unbreakable
•It’s about reducing your attack surface

The amendments are here for you
Your rights

50
Fourth Amendment
The right of the people to be secure in their persons,
houses, papers, and effects, against unreasonable
searches and seizures, shall not be violated, and no
Warrants shall issue, but upon probable cause,
supported by Oath or affirmation, and particularly
describing the place to be searched, and the persons
or things to be seized.
https://www.law.cornell.edu/constitution/fourth_amendment

51
Fourth Amendment
How does it protect me?
•Unreasonable searches and seizures
•Arbitrary arrests
•Basis
–Search Warrants
–Stop-and-frisk / Safety inspections
•Wiretaps

52
Other Constitutional Amendments
These also help define privacy:
•1st – “Freedoms”
•5th – “Self Incrimination”
•14th – “Equal Protections” (“Personal
Autonomy”)

53
5th Amendment - Right to remain silent
“…Shall not be compelled in any criminal case
to be a witness against himself…”
–Protects you in Criminal Court
–Protects you in Civil Court
McCarthy v. Arndstein (1924)

54
5th Amendment
“Too many, even those who should be better
advised, view this privilege as a shelter for
wrongdoers. They too readily assume that
those invoke it are either guilty of crime or
commit perjury in claiming the privilege”
- Ullman v. United States (1956)

55
5th Amendment – Right to Remain Silent
“One of the Fifth Amendments basic functions is to
protect innocent men who otherwise might be
ensnared by ambiguous circumstances. Truthful
responses of an innocent witness, as well as those
of a wrongdoer, may provide the government
incriminating evidence from the speakers own mouth”
- U.S. Supreme Court – Ohio v. Reiner (2001)

56
5th Amendment - Right to Remain Silent
You must invoke your right to remain silent
–Supreme Court ruling that unless verbally invoked
(right to remain silent) all statements voluntary
provided could be used in court and police could
continue to interact with a suspect.
–Responding after being silent, can be interpreted as
a wavier of this right.
- Berghuis v. Thompkins (2010)

57
5th Amendment – Invoking your right
You can no longer remain silent as it can be
construed to imply guilt, you must verbally
invoke your right to the fifth amendment.
- Salinas v. Texas (2013)
–U.S. Supreme Court

58
6th Amendment - Right to Counsel
•Requires the “assistance of counsel” for the accused “in
all criminal prosecutions”
•You can be in jail without an attorney until arraignment
•You don’t have to be provided an attorney until
arraignment
•You don’t have to be provided an attorney until court
begins.

Complying with law does not mean waiving your rights
The Law of the Land

What should I do?
The police want to talk to me!

61
The police want to talk to me
While Walking While Driving While At Home
Warrant/Subpoena
• What are my
Rights?
• What do I
need to say?
• How do I
comply with
the law?
While Traveling While At Work

62
While Walking
DO
• Be polite, respect their authority
• Write down or record details of the encounter
• Ask – “Am I being detained, am I free to go?”
• State – “I am exercising my right to remain silent and will answer no
further questions.”
• State – If Arrested – “I am exercising my to speak to an attorney.”
DO NOT
• Do not interfere with or obstruct police
• Lie or give false documents
ADDITIONAL
• State laws may very – You may be required to present ID
• You are not required to give consent for a search of your persons
(Stop and Frisk, vehicle, or dwelling)

63
Stop and Frisk
•Terry v. Ohio (1968)
•Officers are allowed to temporarily detain you and
‘frisk’ (pat down) of you based upon reasonable
suspicion to ensure officer safety
•This does not mean police may reach in to pockets
or search a bag without permission
•You do not have to consent

64
While Driving
DO
• Slow down, pull into a safe well lit area, be polite, respect their authority
• Remain in your vehicle and write down or record details of the encounter
• Ask – “Why was I stopped?”
• State – “I am exercising my right to remain silent and will answer no further questions.”
DO NOT
ADDITIONAL
• State laws may very – You may be required to present ID
– (Stop and Frisk, vehicle, or dwelling)

65
Terry Stop
•Traffic Stop
•Drivers and passengers may be searched for weapons
upon reasonable suspicion they are armed and
dangerous
•Police may perform a protective search of the cabin if
they believe persons are armed and dangerous or can
access a weapon
•You do not have to consent to search of your vehicle

66
While at Home
DO
• State – “I am exercising my right to remain silent and will answer
no further questions?
DO NOT
ADDITIONAL
• State laws may vary – You may be required to present ID
(Stop and Frisk, vehicle, or dwelling

67
Home Searches
•Arrest and Bench Warrants do not always allow for the
search of a home.
•Exigent Circumstances – Police can bypass a warrant if
they feel evidence may be destroyed
•A warrant must contain:
–the judge’s name, your name and address, the date, place to be
searched, a description of any items being searched for, and the
name of the agency that is conducting the search or arrest.
•Without a warrant you may refuse entry to your home and
refuse to speak futher with the police

68
While at Work
DO
DO NOT
ADDITIONAL

69
Workplace Searches
•Your business may already have a policy regarding the
search of your belongings
•They cannot search your person without a warrant or
your consent
•As a general rule they cannot search your person
•Computers, Lockers, Desks, Company Cars, and other
company property can be searched with the companies
consent

70
While Traveling
DO
• Remember/write down the encounter – you may not be able to record
• Remember your rights do not apply in other countries
• Contact the Embassy or Ambassador – CIA World Factbook
• Familiarize yourself with local laws and customs
DO NOT
ADDITIONAL
• International laws may vary greatly from US law
• Police and law enforcement may not need consent to search your
person or belongs at borders

71
Border search exception
•It allows for search and seizures at
international borders and their functional
equivalent without a warrant or probable
cause.
•Laptops are considered “closed containers”
•No first amendment protections at a border

72
Warrants and Subpoenas
DO
• Be polite
DO NOT
ADDITIONAL

73
4th Amendment - Warrants
“… no Warrants shall issue, but upon probable
cause, supported by Oath or affirmation…”
–Arrest Warrants
–Bench Warrants
–Search Warrants

74
4th Amendment – Warrant Requirements
• Reasonable Suspicion –
–It most often requires that “…Officers have an objectively reasonable basis for suspecting
criminal activity before detaining someone…”
–“specific and articulable facts” and “taken together with rational inferences from those facts”
• Preponderance of evidence -
–More than 50% true
–“More probable than not”- Miller v. Minister of Pensions (1947)
• Probable Cause –
–“A reasonable amount of suspicion, supported by circumstances sufficiently strong to justify
a prudent and cautious person’s belief that certain facts are probably true”
•Handler, J. G. (1994). Ballentine's Law Dictionary (Legal Assistant ed.). Albany: Delmar. p. 431.

75
Search Warrants
•Based upon probable cause and sworn
testimony (Affidavit)
•Must specify what they are looking for
•Must specify where they are looking for it

76
Police are trained
•Police are trained to respect your rights
•Police are also trained in techniques to get you
to waive your rights
•In most cases they do this with good intentions
•“If you don’t cooperate now, it’ll be worse for
you later.”

77
Interfacing with Law Enforcement
•Turn off your phone to prevent a search without a
warrant or consent (Does not work with biometrics)
•“I am exercising my right to remain silent; I wish to
remain silent. I want to speak with a (or my) attorney.”
•If you are witnessing an interaction with the police it is
your right to record as long as you are not interfering
with their work

When should I talk to the police?

79
When should I talk to the police?
“[A]ny lawyer worth his (or her)
salt will tell the suspect in no
uncertain terms to make NO
statements to the police under
any circumstances.”
- Justice Robert Jackson
- U. S. Supreme Court Justice

80
Why not to talk to the police
•There is no way it can help.
–Everything you say can and will be used against
you, not for you.
•Admit nothing, confirm nothing
–It can be used against you if you confirm
anything

81
News Story Quiz
How many people did the police find shot to
death last night in the Pine Hills apartment?
A. One
B. Two
C. Three
D. Four

NEVER talk to the police
You are all wrong – No one was shot

83
Why not talk to the police
•White lies or misrepresentations of facts lead
to convictions
•Any information can lead to a conviction of
you
•The police can mistakenly recall your
statements or questions

84
Why not talk to the police
•Your answers can be used to crucify you
•“People are inherently honest or want to tell
their story”

My what stories they tell
Technology and Data

86
Data vs Information definitions
•Data is simply facts, figures or bits of
information.
•Information is structed data to provide a
context

87
Metadata
What is metadata?
- Data that provides information about other data
Remember library card catalogues?
- Metadata
- Cards contain information about the books

88
4chan ISIS Strike
•4chan used meta data analysis
to located ISIS fighters
•Utilizing data gleaned from social
media posts, photos, and other
information found online they
identified ISIS sites
•This information was used to call
in strikes on those sites. http://www.vocativ.com/326039/how-one-4chan-
board-is-trying-to-fight-isis-in-syria/

89
Identifying People
•We can identify 87% of the population,
uniquely using only:
–Gender
–Date of Birth
–Zip Code
http://dataprivacylab.org/projects/identifiability/paper1.pdf

90
Advertising Networks
•You can be uniquely identified
by your browser with 97%
accuracy
•Information is shared, sold
and auctioned.
•Target determined a 16 year
old was pregnant before the
family knew based off of
search queries. http://www.forbes.com/sites/kashmirhill/2012/02/16/how-
target-figured-out-a-teen-girl-was-pregnant-before-her-
father-did/#7f93522d34c6

91
QUESTION
S

92
You let us know
Break or Start Lab?

93
LAB – OSINT and Records
•FL VOTER DB
•Removing Records
Time: 30 Minutes
Materials: Computer and Internet Connection
Cost: $0.00

94
You don’t have to be a spy to care about OpSec
- Corq
Secure Communications
Moscow Rules

95
Fundamentals (Rational Paranoia)
1. Assume nothing.
2. Never go against your gut.
3. Everyone is potentially under opposition control.
4. Do not look back; you are never completely alone.
5. Go with the flow, blend in.
Moscow Rules number anywhere from 10 to 40; we went with the fundamentals.
6. Vary your pattern and stay within your cover.
7. Lull them into a sense of complacency.
8. Do not harass the opposition.
9. Pick the time and place for action.
10. Keep your options open.

96
These seem silly, why would you do this?
Use cases:
• Domestic abuse situations where formerly shared accounts with abuser may be
compromised
• If you or peers are members of an at-risk demographic group
• Any situation concerning personal safety that requires alternate communications
with trusted partners
• Protecting activism communication channels, future-proofing against eventual
compromise, or where past activism has come under scrutiny
• General communication hygiene, any concern one might have for future breaches
or compromises, these are good practices

97
Practical Application of “The Rules”
Assume nothing. Privacy and private communications should always be considered fragile. Segregate
accounts. Review your security practices often, have fallback plans in place.
Never go against your gut. You won’t always be able to validate your instincts with real world evidence, but make
the effort, for your own assurances. Caveat: Irrational paranoia is NOT a product of
instinct. Remember: Fear is the Mind-Killer.
Everyone is potentially
under opposition control.
Plan for failure! Even tools we’ll suggest here today, could be breached tomorrow.
ISPs, free mail providers, any online service. See Also: “Warrant Canaries.”
Do not look back; you are
never completely alone.
Reinforcement of the mantra above. Digital comms should be avoided for truly critical
information matters. Meatspace meetups can be arranged in places difficult to monitor.
Go with the flow, blend in.
Continue to use your “Public”, or known accounts for inconsequential matters. Talk
sports, TMZ gossip, non-political matters. Make your conversations seem “boring.”

98
Practical Application of “The Rules”
Assume nothing. Privacy and private communications should always be considered fragile. Segregate
accounts. Review your security practices often, have fallback plans in place.
Never go against your gut. You won’t always be able to validate your instincts with real world evidence, but make
the effort, for your own assurances. Caveat: Irrational paranoia is NOT a product of
instinct. Remember: Fear is the Mind-Killer.
Everyone is potentially
under opposition control.
Plan for failure! Even tools we’ll suggest here today, could be breached tomorrow.
ISPs, free mail providers, any online service. See Also: “Warrant Canaries.”
Do not look back; you are
never completely alone.
Reinforcement of the mantra above. Digital comms should be avoided for truly critical
information matters. Meatspace meetups can be arranged in places difficult to monitor.
Go with the flow, blend in.
Continue to use your “Public”, or known accounts for inconsequential matters. Talk
sports, TMZ gossip, non-political matters. Make your conversations seem “boring.”

99
Practical Application of “The Rules” 2
Vary your pattern and stay
within your cover.
If practical, use specific burner accounts only for specific purposes, sparingly. Change
providers in between messages if comms are critical and IRL meetings are not
possible. Have alts. Have alts of your alts. Simple phrases, “I’ll be in touch” can be
used to alert your friend that you’ll be changing accounts for next communication.
Lull them into a sense of
complacency.
As mentioned, continue to use compromised accounts, very carefully. Where possible:
inject noise. Look active, unassuming.
Do not harass the
opposition.
TL;DR: No trollin’. Don’t be goaded into “proving” anything online. Don’t let emotional
dialogue with adversary trip you up. Especially true if domestic situation.
Pick the time and place for
action.
Plan for failure! Set threshold for anything suspicious, know when to abandon a used
account, when to carefully arrange or abort a meeting, set a fallback plan with trusted
partners.
Keep your options open. Be fluid and ready to change tactics as needed, i.e. did your mail provider just remove
their canary? Was your stealth account shared by accident? Have backup options
ready.

100
QUESTION
S

101
Keep your conversations private, and your selfies too.
- Willa
Secure Communications – Tools and Tech

It’s not just for watching Netflix overseas anymore.
Using a Virtual Private Network (VPN)

103
• It’s like virtually plugging into another
network in another state, country, continent.
• Your traffic can be viewed after it comes out
of the virtual network.
• A great stop-gap for public WiFi privacy.
What is a VPN anyways?

104
PIA: Private Internet Access
• Easy to use
• Anonymous sign up with gift cards
• Works on almost all devices
• Plenty of tutorials and informational guides

Onions are like politicians. They have layers, and they’re awful.
Why not TOR?

106
• It doesn’t protect your traffic from being
seen; only makes it anonymous.
• It’s slower, and unreliable for things like
video streaming or downloading files.
• Often blocked by major services and sites.
• Governments are actively targeting it.
Why not use TOR?

Broadcasting your every move while you sip your latte.
Open WiFi

108
• Any traffic that isn’t encrypted can be sniffed
• Malicious attacker could inject code into the
page to gather information or exploit you
• VPN can help alleviate these concerns
Open WiFi

If you’re going to say it, make it a Whisper (System).
Messaging

110110
Facebook Messenger
Pros:
• Most people have it.
• It’s easy to use.
• It provides end to end
encryption via the Signal
system.
• Ability to delete message
after time like Snapchat.
Cons:
• You have to turn it on for
each conversation.
• It only works in the
Messenger app.
• Facebook is a high value
target.

111111
WhatsApp
Pros:
• It uses the Signal
encryption system.
• There’s an app and a
web version.
• End to end encryption is
on by default.
Cons:
• Facebook data sharing.
• Unencrypted backups by
default.
• Key changes aren’t
obvious by default.

112112
Pretty Good Privacy / GPG
Pros:
• Great email, file, and
other messaging
encryption method.
Cons:
• Very difficult to setup
and configure.
• Key trust is hard to
establish.
• Key changes aren’t easy
either.
• Basically it’s a pain.

113
QUESTION
S

114
LAB – Signal and PIA
•Setup Signal
•Setup PIA
Time: 30 Minutes
Cost: $0.00

If you don’t protect your personal privacy, who will?
Owen and Jack
Online Privacy

116
What the Pros Do
Reference: http://arstechnica.com/security/2015/07/what-amateurs-can-learn-from-security-pros-about-staying-safe-online/

117
In the News - Sarah Palin’s Email Hack
• Hacker obtains access to Sarah
Palin’s personal Yahoo account.
• Hacker leverages simple ”Security
Questions” to reset Palin’s password.
• If your email account gets owned, you
are owned!
“What would you do?”
“How could this have been prevented?”
https://www.wired.com/2008/09/palin-e-mail-ha/

118
Best Practices - Email
DO…
1. Use a strong and unique password
2. Use two-factor authentication
3. Confirm suspicious attachments/links from known contacts
4. Look closely at the sender’s email address
5. Unsubscribe from mailing lists
6. Delete emails older than 180 days!
DO NOT…
1. Use a simple password
2. Click on suspicious attachments/links
3. Enter any personal information into a pop-up screen
4. Use real information for “Security Questions”
“A password is like a toothbrush. Choose a good one. Don’t share it with anyone. Change it
frequently.”

119
In the News – YouTube Hosts Infected Ads
• YouTube, Reuters, and Yahoo host
infected ads on their sites.
• Violates golden rule that “Only “shady”
sites can hurt you”.
• Research shows that hackers are seeing
1,425% ROI with these attacks.**
“How could this have been prevented?”
https://www.wired.com/insights/2014/11/ma
lvertising-is-cybercriminals-latest-sweet-
spot/

120
Best Practices - Browser
DO…
1. Use a modern browser
2. Use anti-virus software that scans all downloads
3. Use a pop-up blocker
4. Use HTTPS (The “S” stands for secure)
5. Use a Virtual Private Network (VPN)
DO NOT…
1. Use public or free WiFi
2. Let your browser store your passwords
3. Enter any personal information into an unexpected pop-up
“Think of the internet as a public place. Don’t leave your details lying around!”

121
In the News – Anthony Cumia Fired
• Opie and Anthony’s Anthony Cumia
is fired from Sirius radio after making
“racially charged” tweets.
• Details of the situation were not “cut
and dry”.
“How could this have been prevented?” http://www.cnn.com/2014/07/04/showbiz/ce
lebrity-news-gossip/anthony-fired-tweets-
opie-and-anthony/

122
Best Practices – Social Media
DO…
1. Use privacy settings
2. Understand the terms and conditions
3. Use false information strategically
4. Use caution before clicking links
5. Minimize third party applications
DO NOT…
1. Post, Tweet, or SnapChat ANYTHING that you would not want your employer to see!
2. Use your legal name as your profile name
3. Link your social media with your work email
“If you are not paying, you are the product!”

123
In the News – Beyonce’s “Unflattering” Photos
• Beyonce’s publicists and legal team
try to have “unflattering” photos from
the Super Bowl removed from the
internet.
• Memes around these photos go viral.
“How could this have been prevented?” http://www.sbnation.com/lookit/2015/2/1/75
47851/beyonce-super-bowl-photo-never-
forget

124
Best Practices – Mobile Device
DO…
1. Lock your device with a password or PIN
2. Back up your data
3. Keep your software up-to-date
4. Enable the ability to remotely wipe your device
DO NOT…
1. Send any image/video that you do not want to be public!
2. Use biometrics
3. Jailbreak/Root your device
4. Leave WiFi and Bluetooth on all the time!
“If Beyonce’s high powered legal team cannot get pictures removed from the internet
…NEITHER CAN YOU!!!”

125
Best Practices – Tools
Password Managers
• Lastpass, 1Password, Keypass
Remote Wipe Utilities
• iCloud, Android Device Manager
Browser Plugins
• Privacy Badger, uBlock Origin, HTTPS
everywhere
VPN Clients
• Private Internet Access, PrivateXPN, IP Vanish
AntiVirus Packages
• Windows Defender, Avast, AVG

126
LAB – Browser Plugins
•Setup Privacy Badger
•Setup uBlock Origin
Time: 30 Minutes
Cost: $0.00

127
QUESTION
S

128
THANKS!

129
QUESTIONS AND CONTACT
Contact Us at:
www.FourthAsAService.org
@4thAsAService
James.Madison@FourthAmendmentAsAService.org

130
RESOURCES & SOURCES
RESOURCES – Include any resources referenced in the presentation and any additional sources for later reading
Fourth Amendment As A Service – www.fourthamendmentasaservice.org
Fourth Amendment As A Service Twitter – www.twitter.com/4thAsAServce
Surveillance Self-Defense - https://ssd.eff.org/
SOURCES – Include ALL sources for content, images, and intellectual property
James Madison Portrait - John Vanderlyn (1775–1852) - Ths White House Historical Association- Ths White House
Historical Association. the painting is in the White House collection[1]
Flat Icon – Open Book - http://www.flaticon.com/authors/zlatko-najdenovski
Flat Icon – Map - http://www.flaticon.com/authors/madebyoliver
Flat Icon Clock - http://www.flaticon.com

Fourth Amendment as a Service - Workshop - 2-21-17

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Fourth Amendment as a Service - Workshop - 2-21-17

Similar to Fourth Amendment as a Service - Workshop - 2-21-17 (20)

Recently uploaded

Recently uploaded (20)

Fourth Amendment as a Service - Workshop - 2-21-17