Securing Your Subversive Communications

There's a lot in the news lately about encryption. If you're engaged in subversive activities, perhaps environmental activism or journalism for example, you know how important it can be to keep your communications secret.

Those of us of a certain age are familiar with the Nixon presidency and Watergate, and these days we have the Snowden revelations, but it's not just government we have to worry about. Howard Hughes, the famous aviator, aerospace engineer, movie producer and womanizer, provided financial support for right-wing spying on liberals in his day. The Koch brothers do the same today.

But keeping your communications secure is much more than encryption. Here are some of the things you need to consider:

• Finding secure services. Probably services like proton mail or tor instant messaging are secure, but how can you be sure? One of the Snowden revelations was that the NSA plants saboteurs among the developers of such software to weaken its security in subtle ways. And besides, to be secure, you need to be perfect, and no one's perfect. Still, this is probably not your biggest problem.
• Using a secure operating system. It does no good to use a secure service if your operating system is broken. Windows is hopeless and even Linux has myriad security problems, though it can be made better by using "hardening" procedures.
• Using a secure device. The hardware itself is subject to tampering. It's not paranoid to imagine that your home could be broken into and your motherboard replaced with one that is in some way more friendly to attackers. Smaller, simpler devices, such as Raspberry Pi, are easier to secure, so long as you keep them as "bare bones" as possible. And there are "hardening" practices recommended for these devices as well. To be safe, you need to epoxy the case closed and paint it with distinctive designs to prevent tampering with or swapping the device.
• Protecting meta information. Even if the content of your messages is secure, knowledge about who is communicating with whom, how much and when, can be a great help to your enemies. You have to assume that they know who you are and are targeting you. They can plant a hardware device in your internet connection or infiltrate your internet provider. So you need to use random internet connections, at cyber cafes and the like, rather than your home or work connections.
• Generating noise. One of the best ways to protect yourself is to create a lot of noisy but unimportant communications using insecure means. This will keep your watchers busy and they may be too lazy to look further. It's useless to try to hide from them. They know who you are. If you try to conceal all your activities, they will just keep looking that much harder.

Assuming you have achieved secure communication, you still have the problem of "social engineering" attacks. If you have much interest in spy stories, these will be familiar to you:

• Moles. Your enemies may plant people in your organization who are disloyal. They may be people who seem the most gung-ho and the most ideologically pure. They are likely to be newcomers to your organization, possibly with a fabricated history of support for your cause. You need to be suspicious of anyone who doesn't have verifiable history with people you know.
• Traitors. Your people can be bought, seduced or blackmailed. Look for changes in behavior, especially if they seem to be pressing for information. Their handlers will be impatient and push them to find out as much as possible as quickly as possible. This will give them away if you're looking out for it.
• Disruption. This is the flip side of the problem of moles and traitors. Your enemies can try to convince you that loyal people are actually disloyal and create confusion and conflict in your organization. There's no solution to this conundrum except to be smarter than your enemy.

With all the news that's focused on encryption lately, it's easy to forget all the other things you need consider to manage a successful subversive operation. Don't be seduced into thinking that encryption is the only thing you need. There's a lot more to the game than that.

Moral Hazard

The rescue of the financial giant AIG by the Federal Reserve during the financial crisis of 2008 probably prevented a global financial catastrophe and probably prevented the "Great Recession" from becoming another "Great Depression". As bad as it was, with the assets of the U.S. middle class being all but wiped out and millions of people losing their jobs, it could have been a lot worse and lasted a lot longer.

The financial crisis was caused by poor management of large international banks and other businesses that aren't technically banks but function like banks. They took huge risks. When the bubble burst, they were in danger of going bust and causing everyone else to go bust along with them.

The Dodd-Frank law that Congress passed after the financial crisis is supposed to fix that by prohibiting the banks from taking excessive risk. Large banks that are big enough to cause another financial crisis get increased attention from the Federal Reserve. But one part of the Dodd-Frank law prohibits the Federal Reserve from ever again rescuing large banks and financial institutions. The reason given for this change is the danger of "moral hazard", which means, if the banks think they will be rescued in a financial crisis, then they won't care how reckless they are.

The argument, however, ignores the fact that banks and bank-like companies are run by executives. It assumes that these executives care if the bank fails or is rescued by the Federal Reserve. They don't, not very much.

These executives are fairly wealthy. They are clever about money and keep some of their money in gold and other things that guarantee they and their families will be OK in any financial crisis. This leaves them free to gamble with the bank's money without much risk to themselves. If they are lucky, their gambling will pay off and they will make even more money. If they are unlucky, the bank will go broke, but they won't suffer much as a result. This is called "heads I win, tails you lose", and it's the real "moral hazard". Dodd-Frank does nothing to change this.

So we are doomed to endure another financial crisis sooner or later. The next time, though, the Federal Reserve will not have the power to rescue us and we will all end up beggars.