***************************************************************
Security-news <security-news@resist.ca>
A security bulletin for autonomous resistance movements
Produced by the folks who bring you http://security.tao.ca
***************************************************************

August 21, 2002

You know, it's been a bad couple of weeks for crypto - first the SSL
problem, followed by the PGP flaw uncovered by the counterpane folks
(link to that below).... fantastic reminders really that good sense
rather than good technology is indeed the foundation of all activist
security. We're a bit late with the bulletin this week - and apologies
for that - hope you find these collected articles relevant to your
struggles and campaigns.


**********************************
Security-news: Issue #5 - Contents
**********************************
* Security tip of the week: Peer to Peer Networks
* News & Analysis: War on Terror Being Used as a Fig Leaf
* News & Analysis: Camps for Citizens: Ashcroft's Hellish Vision
* News & Analysis: PGP Flaw Leaves E-mails Vulnerable
* How-to: Recognize and Counter Police Harassment in your Community

*****
Security Tip of the Week: Peer to Peer networks offer no identity security
*****
Peer to Peer (P2P) networking and filesharing systems such as KaZaa,
Morpheus and Gnutella offer *no* security at all. Any other user on the
internet connected to the P2P network that you are on has the ability to
see your ip address and all sorts of other information about your
computer. Activists should be wary of using any of the current P2P
networksfor group filesharing, and also recognize that even though you
may choose an alias while using those systems, you actually have very
little identity protection.

*****
News & Analysis: War on Terror being used as a fig leaf
August 20, 2002 - Toronto Star
*****

Thomas Walkom - THE SO-CALLED war on terrorism continues to spill into
other areas. In the wake of Sept. 11, critics warned that police and
government would use tough new powers to settle old scores.

The critics appear to be correct.

The latest case comes from Courtenay, B.C.

On July 30, members of the RCMP's spanking new Integrated National
Security Enforcement Team broke down the door of a man named David
Barbarash. When he returned home, he found his house ransacked, his cat
gone and his computers and files missing. A copy of the search warrant
had been left on his kitchen table.

Barbarash has long been a thorn in the side of authority.

An animal rights activist, he was convicted in 1988 for vandalizing
Kentucky Fried Chicken outlets in Toronto. Later, as a member of the
Animal Liberation Front, he did jail time after freeing cats from a
University of Edmonton research lab.

In 1997, he and another animal activist were charged with sending
letters containing razor blades to an odd assortment of neo-Nazis and
hunting industry executives.

Testimony at the subsequent Vancouver trial revealed that neither the
RCMP's National Security Investigations Service nor the Canadian
Security Intelligence Service had covered themselves in glory during the
razor blade investigation.

To read the rest of this story - go to http://www.torontostar.com and
search for the title (the url is too long to post here)

Security-news note: Like it's been said - If it can happen in Canada it
can happen anywhere.... Stories of RCMP and CSIS investigations of
activists, that have transgressed civil rights and overstepped all legal
bounds, are numerous. It appears from this case that the RCMP's new
anti-terrorist team "INSET" is little more than a puppet for US control
in their war against civil liberties and freedoms worldwide.

*****
News & Analysis: Camps for Citizens: Ashcroft's Hellish Vision
LATimes Headlines  
*****
       
By JONATHAN TURLEY, Jonathan Turley is a professor of constitutional law
at George Washington University.

Atty. Gen. John Ashcroft's announced desire for camps for U.S. citizens
he deems to be "enemy combatants" has moved him from merely being a
political embarrassment to being a constitutional menace.

Ashcroft's plan, disclosed last week but little publicized, would allow
him to order the indefinite incarceration of U.S. citizens and summarily
strip them of their constitutional rights and access to the courts by
declaring them enemy combatants.

The proposed camp plan should trigger immediate congressional hearings
and reconsideration of Ashcroft's fitness for this important office.
Whereas Al Qaeda is a threat to the lives of our citizens, Ashcroft has
become a clear and present threat to our liberties

To read the rest of this article go to:
http://www.infoshop.org/inews/stories.php?story=02/08/14/2716921

Security-news note: not to be alarmist - but we think this is about the
scariest thing we've heard in a long time. now, it could turn out that
Ashcroft is just the next Ollie North, and will end his political career
in crackpot disgrace - but given the political climate today (as opposed
to that of the 80s), there's no telling how serious this could be. since
9-11 hundreds of people have been illegally detained in the US, and
Ashcroft's plan just seems to be an extension of what is already
working. resistance is imperative.

*****
PGP Flaw Leaves E-mails Vulnerable
By Ryan Naraine - esecurityplanet.com
*****

Security researchers have unearthed a flaw within the popular PGP
encryption tool that could allow snoopers to decode sensitive e-mails.

PGP , or Pretty Good Privacy, is the defacto standard for encryption on
the Internet and is widely thought of as invincible but researchers at
Counterpane Internet Security Inc and Columbia University say they have
found a way to modify a PGP-encrypted e-mail without having to
descrambling it.

In an advisory, Counterpane said an attacker could repackage the message
and pass the modified message on to the intended recipient of the
original message.

It said the text within the message would appear as gibberish and could
lead to a request for a resent. If the original text is included in the
resend request, the adversary may be able to determine the original
message.

Read the rest of this article at
http://www.esecurityplanet.com/trends/article/0,,10751_1444351,00.html
and check out the advisory on this
http://www.counterpane.com/pgp-attack.pdf

Security-news note: It is easy enough not to fall victim to this sort of
attack. You must remember two things: 1) do not turn off data
compression in your PGP or GPG client - they are defaulted on and should
be left that way, as these attacks are unsuccessful against compressed
data, and 2) If you receive a message from someone that appears
encrypted, but you can't open it - when you email the person back to ask
them for more info - do *not* include the original apparently encrypted
message, as you may be  unwittingly assisting someone in a
person-in-the-middle attack.

*****
How-to: Recognize and Counter Police Harassment in the Community
by kendra@resist.ca
*****

INTIMIDATION AND HARASSMENT

Police harassment and intimidation of activist communities is on the
increase and has been marked with a demonstrated rise in the level of
aggression that law enforcement agencies have been enacting on
protesters. Recent examples of harassment and intimidation include:

* raids on activist houses and shared spaces with little pretense (bogus
drug warrants and fire inspections being the two favorite reasons to
search/shut down a space) * neighbours being notified that "terrorists"
live in the neighbourhood police showing up unannounced at the homes of
activists and threatening them with physical or legal repercussions *
(if the activist is under the age of majority) police showing up to warn
parents that their child is involved with dangerous groups * police
spreading lies, rumours and mistrust in the community (telling activists
lies about other activists - in some cases very extreme lies) * mass
arrests of organizers prior to actions

There is a much longer list than this - and all of these situations must
be dealt with very differently, but below are a few general tips on how
to deal with police harassment and situations of intimidation.

General Police Hassles

***In your home: If the police, csis or the fbi come to your door -
unless they have a warrant to search your home, or a warrant for your
arrest, they have no reason to be there (in normal circumstances). You
are not even legally obligated to give a police officer your name. Do
not act suspiciously or aggressively (these things may give an officer a
legal right to enter your home under grounds of "suspicion"), but do act
firmly and let them know that you are not interested in talking to them
(see the rest of the section on Interrogation for more info).

If for some reason, you do talk to them for a moment - DO NOT let them
in your house. Once you have invited them in it is next to impossible to
get them to leave - and they are looking for anything that may give them
insight into you or your housemates (to use against you later).

***In your vehicle: If the police pull you over in your vehicle you do
have to give them your name, address, licence and registration. Again,
being polite and efficient is the key here to keep yourself from being
searched. You do not have to tell the police where you are coming from
or where you are going to, or any other information that does not
pertain to your vehicle and its safety on the road. DO answer any and
all questions about your vehicle that the officer might ask.

***On the street: If you are under arrest - a police officer must tell
you so. Otherwise, you do not have to give the officer your name or
address and you have the right to walk away at any time. The only
exception to this is if you have committed a non-arrestable offence and
they want to serve a summons on you or give you a ticket. They must tell
you this is the case.

***In a public activist space: Spaces such as warehouses or offices are
in a different category than private residences and thus are open to
inspections by the city or the fire department. In many cases the police
request that the fire dept. do a safety inspection or that the city go
in to ensure that the building is safe etc. There is very little that
you can do in this case other than deal with the inspector(s) politely
and show them what they want to look at. A group should designate one or
two people to speak with the inspector and limit it to that. The people
speaking for the group should be very familiar with the space itself and
any renovations or work that have been done there since taking
occupancy. Necessary permits should be stored in one easy-to-reach
location in case they are required. Keep drugs and weapons out of
activist spaces as a general rule as they are prone to search.

Generally, to stop and search you, or your vehicle, a police officer
must give their grounds for having reasonable suspicion that drugs,
offensive weapons or stolen goods are on your person, or in your
vehicle, or that a Breach of the Peace is going to occur. You cannot be
searched on private land unless you are a trespasser. In public places
they can only search outer clothing, more thorough searches must be made
out of sight, in a police van or station. Reasonable minimum force may
be used to effect a search. In practise it can be hard to stop the
police searching you when there are few witnesses about but stay calm
and confident and they may back down.

Community Response

Overall community harassment, which includes the spreading of lies by
police officers and covert agents, the sowing of mistrust among
neighbours, threats and intimidation etc. can be fought by strengthening
our political communities considerably. Activists must learn that law
enforcement and the media are generally not telling the truth and that
unless they know information first-hand, it is not to be believed coming
out of a police officer's mouth. Practising good security culture is an
essential part of this.

Activists must resist the temptation to spread rumours or to speculate
on the actions or crimes of other activists no matter what the situation
as it only feeds mistrust in the community allowing police agents to
exploit these weaknesses and divide us from each other.

Inside our physical communities, it is important to interact with
neighbours when it makes sense to do so. Your next door neighbour is a
lot less likely to believe the police who say you're a terrorist if they
are coming to your monthly vegan potlucks (for example)! Activists must
work to be fully integrated in their communities so that if something
does happen, they are not isolated from where they live. Living in areas
that have good community support networks is essential to not only
building activism but protecting it from outside intervention.

Most of all, it is important for the political community to discuss
harassment when it is happening. Make sure that incidents of police
harassment are discussed in the wider community and that there are
strategies in place for verifying information and strengthening trusted
networks.

COPWATCH

COPWATCH organizations can be an excellent vehicle for having community
discussions and organizing neighbourhoods to stand up to police
harassment - esp. in areas where police bullying affects large numbers
of people. Following and documenting (with cameras and other witnesses)
officers conducting their "rounds" (such as community sweeps, and
routine harassment of street people) can be an extremely effective
strategy as it lets to police know that you are watching them as much as
they are watching you. In more than one case, COPWATCH campaigns and
spontaneous incidents have lead to police backing off of a targetted
neighbourhood (at least for a short period of time). Remember, if you
confront officers in these situations (or are acting as a witness to
harassment), make sure that you do not get in their way physically, or
touch them in any way - as this can lead to charges of obstruction and
assault. As well, you shouldn't go out and do COPWATCH activities on
your own, but with a group, to protect your own personal safety. For
more information on COPWATCH organizations, check out
http://www.copwatch.com/

Above all, be empowered and intentional in your actions and you will
find it much easier to stand-up against police harassment - Be conscious
about your resons for being an activist and use that consciousness to
stay strong in bad situations....

that's it for this week... as always, send how-to suggestions and other
relevant info for inclusion in this bulletin to secure@resist.ca.

***************************************************************
Security-news <security-news@resist.ca>
Good security is no substitute for good sense!
To unsub go to http://resist.ca/mailman/listinfo/security-news
***************************************************************