This was going to be the first year I donated money to a political candidate. The movement of this country’s national politics has become more frightening by the week, and I thought that adding campaign money to my advocacy might be another method for changing that. I was going to contribute to my national Congressional races and to that for the Presidency.

Today’s FISA capitulation, to be frank, knocked me on my tail and made me reconsider. Over the last several months I’ve called, written, and persuaded several friends to do the same. I watched politicians who had stated they would support blocking retroactive immunity for law-breaking companies turn tail and vote for this bill, a bill better for the Executive than the previous FISA bill. I’ve heard some say that voting for the bill was politically wise, a CYA move to show strength against “the terrorists” for the upcoming elections. I do not disagree; I do believe, though, that civil liberties and national security are not at odds with one another, and that true leadership should demonstrate this.

I’ve now spent much of the day reconsidering my upcoming donations. Where is the leadership standing up for constitutional protections? Where is the leadership standing in opposition to torture, kidnapping, and undermining our image worldwide? There were voices leading in the Senate and House, but they had too few friends to prevent this travesty of a bill from passing. So, I’ve decided that I’m still going to donate money, but not to whom I had planned. I’m going to see if I can get Dodd and his like some more friends.

To every Senator and Presidential candidate who failed to support the three amendments today, to every Representative who voted for H.R. 6304: you’ve made yourself an opponent. Here’s what I will do:

• I will not donate any money to your campaigns.
• I will donate money to your opponents in primaries and, if you generally vote in ways I don’t like, general elections.
• I will lobby my friends and associates to do the same; given that they generally have a limited budget, I’m willing to bet that means less money for you, too.
• Provided you’re an otherwise reasonable politician, I will not speak ill of you, but I will refrain from speaking of you. You’ve just lost a persuasive advocate.

Please call your representative right now and implore them to not pass the false-compromise FISA bill, H.R. 6304. The vote comes up this afternoon, so please hurry!

Passing H.R. 6304 would amount to a Congressional seal of approval on illegal surveillance. Even if the President and the telecoms knowingly and brazenly broke the law, the provision in the bill seeks to prevent the courts from holding them accountable. Yet, the suits against the telecoms may be our last hopes for a judicial ruling on whether the President can break the law with impunity.

We don’t know what a border patrol agent will do when confronted with an encrypted machine. One possibility is that the agent will simply give up and let the traveler pass with her belongings. Other possibilities are that the agent will turn the traveler and her machine away at the border, or that he will seize the laptop and allow the traveler to continue on.
[...]
If you don’t want to comply, CBP cannot force you to decrypt your data or give over your password.
[...]
If, however, you don’t respond to CBP’s demands, the agency does have the authority to search, detain, and even prohibit you from entering the county.

The article offers a few ways of dealing with this problem, such erasing your sensitive data and downloading it from a secure site once you’re safely across the border. Good idea, but a bit cumbersome and possibly prone to error (erased data may not really be gone). One great tool that makes the encryption process trivial (as well as free, as in speech) isn’t mentioned, though: TrueCrypt.

All disk encryption software makes it (at least somewhat) obvious that you’ve encrypted something. An agent may see that your email is stored an encrypted volume and ask for your password. TrueCrypt has a feature called hidden volumes which allow you to have two passwords for a single encrypted drive: each one will unlock (decrypt) different content, both hiding in the same file. You put all your sensitive data in one and some junk files in the other. So, the agent asks for your password, you type in the junk one, and they see an encrypted volume with a few family photos, maybe an old bank statement, etc. The wonderful part here is that, due to the random appearance of encrypted data, there is no way to tell if there is a second, hidden, volume. The agent cannot demand the “real” password, because there is no way to prove that the first one isn’t the only password (i.e., you’re just using TrueCrypt in the normal single-volume mode).

If you want the gory details of how it works, read the above link on the TrueCrypt site. Whether you understand it or not, it is worth knowing about if you need to secure your data against prying eyes.

The fact is, the reason I don’t think we should force the issue is very simple: copyright law is simply better off when you honor the admittedly gray issue of “derived work”. It’s gray. It’s not black-and-white. But being gray is good. Putting artificial black-and-white technical counter-measures is actually bad. It’s bad when the RIAA does it, it’s bad when anybody else does it.

Technical solutions to social problems don’t work and never will.

Long story short: if you’re trying to log in here (so you can post and such), your browser is probably warning you that my SSL certificate isn’t signed by a Certificate Authority that the browser knows. If you wish to solve this and help support a free community-based CA (CAcert.org), read on. If not, you can skip this.

To import the CAcert’s Root Certificate (allowing you to determine if CAcert’s customer certificates are valid or not), please visit their root certificate page.

In case you wish one more data point to verify the certificates, here are their fingerprints as I see them:

• Class 1 root certificate (the important one)
  • SHA1: 13:5C:EC:36:F4:9C: B8:E9:3B:1A:B2:70: CD:80:88:46:76:CE: 8F:33
  • MD5: A6:1B:37:5E:39:0D: 9C:36:54:EE:BD:20: 31:46:1F:6B
• Class 3 root certificate
  • SHA1: DB:4C:42:69:07:3F: E9:C2:A3:7D:89:0A: 5C:1B:18:C4:18:4E: 2A:2D
  • MD5: 73:3F:35:54:1D:44: C9:E9:5A:4A:EF:51: AD:03:06:B6