Sandra Finley

Jun 012023

April 8 – 14, 2023  |  No. 444


Jo Dyer
The political persecution of Julian Assange

Even as Stephen Smith paid a concerned visit to Julian Assange in Belmarsh prison this week, the new high commissioner to Britain said firmly that Australia was not “lobbying for a particular outcome”. Concerned Australians might ask, “Why the hell not?”

Assange is now entering his fifth year of incarceration in London, and Labor’s bland mantra, “It is time for this matter to be brought to a conclusion”, is wearing thin. Greens senator David Shoebridge late last month asked Foreign Affairs Minister Penny Wong point blank if the prime minister had used the March 14 AUKUS meeting to push for Assange’s release. Wong retreated behind the tired excuse of timid governments, citing ongoing legal processes in which executive governments can’t interfere. The Albanese government’s lack of interference is striking. Despite the prime minister’s assertions that “enough is enough”, former independent senator Rex Patrick’s freedom of information requests reveal that no official correspondence relating to the WikiLeaks founder has been exchanged between the Department of Foreign Affairs and Trade and the Australian embassy in Washington.

Assange is involved in “very many legal processes”, Wong has said, and “we are not able to alter the judicial processes of another country”. But no need to worry – in all the relevant countries, she assures us, “the rule of law applies”.

The supposedly sacrosanct rule of law in these “very many legal processes” warrants further investigation. While Wong may be confident about the rule of law in the relevant countries, meticulous research in award-winning Italian investigative journalist Stefania Maurizi’s Secret Power: WikiLeaks and its Enemies and former United Nations special rapporteur against torture Nils Melzer’s The Trial of Julian Assange: A Story of Persecution suggests that the rule of law in Sweden, Ecuador, Britain and the United States has been contorted to meet the political agendas of these countries’ authorities in relation to Assange: an unwavering commitment to assist the US in prosecuting him for the crime of journalism. At every stage of these “many legal processes”, perplexing decisions have been taken.

First, it is worth noting the singular success of Assange’s enemies in making the story all about him. Rather than the war crimes of major powers and the impunity with which they commit them, it is allegations about Assange’s sexual behaviour that have attracted headlines. The media has alternated between outraged insistence that WikiLeaks’ disclosures recklessly endangered the lives of the innocent, and distasteful reporting on Assange’s personal hygiene. Within a few months of WikiLeaks’ release in 2010 of Collateral Murder, footage taken from a US Apache helicopter of an attack on civilians in Baghdad leaked by US soldier Chelsea Manning, Assange was being transformed from a courageous if eccentric anti-authoritarian freedom fighter, to a capricious, shifty, potential rapist on the run.

For more than a decade, carefully cultivated narratives have been determining his fate.

“The persecution of Julian Assange is and always has been political, the law just a tool to enact it. The US government pressed their spurious charges against Assange to exact revenge on him for revealing their darkest secrets, and as a lesson to anyone else inclined to do the same.”

Assange’s legal peril begins with a Swedish investigation into accusations of rape and sexual misconduct, proceeded against the wishes of the alleged victims. Two young women who had sex with Assange when he visited Stockholm sought advice from the police on August 20, 2010, on how to require him to take an HIV test after disputes about condom use left them anxious about STDs. Before their initial interviews were completed, an arrest warrant was issued for Assange for raping one of them and molesting the other. The issuing of the warrant was immediately leaked to the press, where Assange first learnt of it. It was soon revoked. Sweden’s chief prosecutor closed the rape investigation as soon as she’d read the police reports summarising the women’s statements.

The reopening of the investigation into rape days later is the first of many oddities in Sweden’s legal response. The European arrest warrant (EAW) that became the basis for the Swedish extradition process was issued while the investigation was still at a preliminary stage. And Sweden simultaneously activated Interpol, which issued a red notice for Assange’s arrest even though charges had not been laid.

Assange swiftly grew suspicious of these anomalies and sought assurances that he would not be extradited to the US if he returned for questioning. Swedish authorities would provide no guarantees. They also repeatedly refused to interview him remotely by video conference or onsite in London under applicable European mutual legal assistance agreements. As Melzer notes, this dual refusal enabled Sweden to maintain an artificial impasse over the next six years.

The British Commonwealth Prosecution Service has a role in this stalemate. The CPS, which was then headed by the current Labour Party leader Keir Starmer, advised the Swedish Prosecution Authority as early as January 2011 that Assange’s case was “not … being dealt with as just another extradition request”. It was CPS’s advice that “it would not be prudent” for Swedish authorities to interview Assange in Britain, and the organisation displayed throughout an unusual and inordinate interest in how the Swedish authorities chose to handle a Swedish case that involved no British nationals.

The British judge assigned to the Swedish extradition case is married to a Conservative lord and former chairman of the Defence select committee responsible for overseeing the British military, with ties to organisations and individuals exposed by WikiLeaks. Justice Emma Arbuthnot quickly affirmed Assange’s extradition to Sweden despite the EAW having been issued by a prosecutor rather than the required “judicial authority”.

When Assange sought asylum in the Ecuadorian embassy, British officials responded with fury. Then foreign secretary William Hague threatened to storm the embassy to seize Assange, writing to the Ecuadorians, “We very much hope not to get to this point.” The response from his counterpart, Ricardo Patiño, was unequivocal: “The colonial times are over.” Retreating from an unprecedented violation of diplomatic immunity, the British instead began a siege of the embassy, surrounding it with Metropolitan Police officers who kept a close and expensive eye on outgoing cars and bulging bags.

Money was no object, the CPS explained to the Swedes when, as years elapsed, they floated revoking the EAW. Later the CPS would misrepresent the extent of their interaction with the Swedes and unlawfully destroy their correspondence.

Despite the challenges of the modest embassy suddenly having a permanent, high-profile and extremely controversial house guest, Ecuador officials managed Assange’s stay well for the first five years. A change in government in May 2017 was Assange’s undoing. The new president, Lenín Moreno, made rapprochement with the US a primary aim, and he was instructed in an open letter from US congress to “first resolve a significant challenge created by your predecessor, Rafael Correa – the status of Julian Assange”.

Moreno moved to resolve it quickly. After isolating Assange within the embassy by depriving him of internet usage and severely restricting his visitors, a “special protocol” was developed to govern the rules of his asylum, a document of such complexity that it was nigh impossible to avoid transgressing.

Without any due process under any rule of law – no right to be heard, no right to legal counsel, no right to appeal to a judicial body – the Ecuadorian ambassador informed Assange on the morning of April 11, 2019, that his citizenship and asylum had been revoked and he was to leave within the hour. British police dragged him out in handcuffs and the US submitted an arrest warrant on the same day.

Three months prior to this, the embassy had confiscated Assange’s shaving kit, leaving him looking wild and unkempt for his perp walk. A more consequential humiliation was the illegal surveillance to which he was permanently subjected, first by the Spanish private security company employed by the embassy, UC Global – whose alleged spying on Assange spawned a criminal case in Spain and a civil suit in the US – and then by an Ecuadorian security company, Promsecurity, who allegedly recorded his meetings with lawyers and photographed the documents they brought with them.

From a legal perspective, Melzer notes that the permanent surveillance of Assange’s conversations with his lawyers and doctors renders any proceedings based on information gathered in this manner arbitrary. “If UC Global co-operated with an American intelligence service, this would fatally affect not only the Anglo-American extradition proceedings, but also the espionage charges of the US Department of Justice on which the extradition request is based,” he writes. The trial of Daniel Ellsberg failed because his psychiatrist’s records were stolen by investigators. How much more egregious is the behaviour of the Americans and Ecuadorians here?

Convicted of no crime, Assange is now approaching the fourth anniversary of his incarceration in Belmarsh, “England’s Guantanamo”. He’s often held in solitary confinement, ostensibly for health reasons, but where his health suffers terribly. His computer and the internet are withheld so he can’t liaise appropriately with lawyers. He wasn’t allowed out for the birth of his child or the funeral of his close friend. He remained locked up throughout the pandemic and following a stroke. Doctors say the conditions are killing him.


Wading through the details of Assange’s persecution can leave one feeling like an unhinged conspiracy theorist. What was it with the paralysis of the Swedish investigation? Why didn’t the British courts deal with an obvious perception of bias in Justice Arbuthnot? Was UC Global really spying for the CIA without Ecuadorian knowledge and, if so, why did the ubiquitous surveillance continue under their new team? What value should we give the Americans’ carefully qualified assurance they won’t subject Assange to “special administrative measures”?

Dismissed at the time as narcissistic paranoia, many of Assange’s fears have proved founded. The vast array of legal anomalies, oddities and outrages perpetrated by democratic governments in their pursuit of one man is jaw-dropping, leaving us to conclude that these four countries conspired to deliver Julian Assange to the Americans, with Australia a sometimes meek, sometimes gleeful, but generally disinterested bystander.

The persecution of Julian Assange has always been political, and the law just a tool to enact it. The US government pressed their spurious charges against Assange to exact revenge on him for revealing their darkest secrets, and as a lesson to anyone else inclined to do the same. It was former US secretary of state and CIA director Mike Pompeo who decided to aggressively pursue the case against Assange; President Joe Biden must drop it.

The US seeks to keep from the public the way they really play their politics, and fight their wars, and we have recently upended our foreign policy to throw our lot in with them. We’ve committed to paying incomprehensibly large sums to buy their submarines to bolster their own military strategy. They owe us and now is the time to call in the favour.  Assange needs to be released immediately, through negotiation by an Albanese administration currently in possession of a lot of political capital.

Let him come quietly home. The Australian people are sickened at the extended maltreatment of a man of courage, who is dying in jail for the crime of promoting transparency, accountability and truth.

This article was first published in the print edition of The Saturday Paper on April 8, 2023 as “The Assange outrages”.

Thanks for reading this free article.

For almost a decade, The Saturday Paper has published Australia’s leading writers and thinkers. We have pursued stories that are ignored elsewhere, covering them with sensitivity and depth. We have done this on refugee policy, on government integrity, on robo-debt, on aged care, on climate change, on the pandemic.

All our journalism is fiercely independent. It relies on the support of readers. By subscribing to The Saturday Paper, you are ensuring that we can continue to produce essential, issue-defining coverage, to dig out stories that take time, to doggedly hold to account politicians and the political class.

There are very few titles that have the freedom and the space to produce journalism like this. In a country with a concentration of media ownership unlike anything else in the world, it is vitally important.


Jun 012023
The Pentagon, the U.S. military headquarters in Washington, is being asked to fund civilian projects to build more reliable supply chains of critical minerals that are vital in everything from products like electronics, cars and batteries, to weapons. Canadian companies are entitled to apply. (Jason Reed/Reuters)

The United States military has been quietly soliciting applications for Canadian mining projects that want American public funding through a major national security initiative.

It’s part of an increasingly urgent priority of the U.S. government: lessening dependence on China for critical minerals that are vital in everything from civilian goods such as electronics, cars and batteries, to weapons.

It illustrates how Canadian mining is becoming the nexus of a colossal geopolitical struggle. Ottawa just pushed Chinese state-owned companies out of the sector, and the U.S. is now considering moving public funding in.

The American military has a new pot of money at its disposal to help private companies inaugurate new mining projects; it’s for funding feasibility studies, plant renovations, battery-recycling and worker training.

President Joe Biden invoked the 1950 Defense Production Act to expand the domestic mining sector, and the military received hundreds of millions of dollars to implement it.

This whirlwind of activity was prompted by a White House study last year warning that dependence on certain foreign-made products represents a national security risk to the U.S., and it cited semiconductors, batteries, medicines and 53 types of minerals.

U.S. President Joe Biden, shown speaking at a virtual roundtable in Washington in February, invoked the U.S. Defense Production Act in March to fund critical minerals projects needed for such technologies as electric vehicles. (Kevin Lamarque/Reuters)

An official from the U.S. Department of Defence this week provided a briefing on the program at a cross-border conference, and he made one thing clear about the funding: Canadians qualify.

That’s because Canada has, for decades, belonged to the U.S. military industrial base and is every bit as entitled to the cash as American mining projects.

“It’s really quite simple. It’s a matter of law,” said Matthew Zolnowski, a portfolio manager for the Defense Production Act program, speaking to a gathering of the Canada-United States Law Institute in Washington, D.C.

“So an investment in Alberta or Quebec or Nova Scotia would be no different than if it was in Nebraska or anywhere else in the United States. As a matter of law.”

Canadian government provides list of 70 projects

Zolnowski said the U.S. is actively reaching out to companies to explain the process, as many have no relationship with the U.S. government and might not realize how it works.

“We are actively engaging those firms,” he said, describing a flurry of recent activity by quoting an old movie line: “It’s a duck on a pond. It looks quiet on the surface, but there’s a lot happening.”

The Canadian government has been active, too. Canadian officials say they’ve already provided the U.S. with a list of 70 projects that could warrant U.S. funding.

Both countries describe this as a generational initiative still in its early stages: Canada, for now, is still a bit player in producing these minerals, which include lithium, cobalt and manganese.

But one Canadian official said this can change. Jeff Labonté, assistant deputy minister at Natural Resources Canada, told the conference that Western democracies are now engaged in industrial policy in a way they haven’t been for decades.

“We have this resource potential…. We also have a huge capacity,” he said, touting 200 mines and 10,000 potential products in the exploration phase.

“We have a skill set in this area. We have capital markets, we have engineering expertise, we have companies that operate around the country and around the world.”

Canada is also providing billions of dollars in public funds to the sector over the coming years through federal and provincial programs.

If it opens on time next March, the mine in La Corne, Que., will be one of the only functional lithium mines in North America. Electric vehicles are hugely reliant on minerals like lithium. (Sayona Québec )

What’s driving this sudden minerals rush?

The transition to electric cars is a key driver of this challenge. They’re hugely reliant on minerals like lithium, and current production is not close to meeting projected demands.

Making matters more complicated is China’s dominance of the market; it controls two-thirds of the world’s lithium processing capacity, for example.

Beijing has already revealed a willingness to cut off rivals from mineral exports, as it did a few years ago amid a fishing dispute with Japan.

The U.S. has, more recently, suspended semiconductor exports to China in an emerging digital cold war in which Canada is increasingly involved.

A worker in Inner Mongolia stokes pots of lanthanum in 2010, the year China cut off exports to Japan in a dispute over sea access. China dominates the critical minerals sector. (David Gray/Reuters)

In his talk, Zolnowski said countries spent decades leaving themselves in this vulnerable position; resolving it won’t happen overnight.

He said the U.S. government has a four-part strategy for this.

Part 1 is to stimulate domestic demand for these goods by designing new sustainability initiatives around these materials.

Part 2 is stimulating supply by funding new production and recycling, while Part 3 is building stockpiles. The final component involves working with allies.

Zolnowski noted that back in 1984, Robert Gates, at the time a U.S. intelligence official who went on to become secretary of defence to two presidents, articulated his fear in a speech that foreign government-funded companies would come to dominate the industry.

This worries the Pentagon for security reasons, both economic and military. Zolnowski called these minerals the building blocks of a thriving economy.

Two men talking
Prime Minister Justin Trudeau, left, speaks with a worker during a tour of Motrec International, a heavy-duty electric vehicle production facility in Sherbrooke, Que., in July. (Graham Hughes/The Canadian Press)

And in times of war, he said, industrialized nations that lack secure and reliable access to these materials have suffered mightily: “[They] have suffered significant performance tradeoffs, which contributed to their defeat.”

He said civilian goods will dominate the market, as well as receiving the lion’s share of Pentagon funding. Indeed, the language of the Defense Production Act stipulates that funds can be used for non-military purposes, including the U.S.’s general economic well-being.

Pentagon’s main role: Building market confidence?

Zolnowski said the U.S. is looking primarily at offering grants, not loans, and it’s willing to fund projects at various phases of implementation, as it views this as a long-term project.

One partner at an investment firm present at the conference said the Pentagon’s role is not to become a major investor.

What the private sector wants, he said, is help with confidence-building: Once you demonstrate that a project has the Pentagon’s imprimatur, he said, it’s easier to reassure investors this is a safe bet.

One attendee said there are still flaws to iron out in the program design of Canada’s own critical minerals strategy, including its 30 per cent tax credit.

Jonathan Garbutt, a Calgary-based tax lawyer, cited industry estimates that lithium extracts from brine deposits in Western Canada could produce hundreds of thousands of tonnes per year, but, under the current language of the Income Tax Act, the credit wouldn’t apply to those extracts.

Another speaker at the conference noted that this new conversation about cross-border co-operation carries historical echoes.

Franklin D. Roosevelt, second from left, Winston Churchill and William Lyon Mackenzie King — leaders of the United States, Britain and Canada, respectively — are shown at the Quebec Conference in September 1944. Back then, Canada-U.S. military co-operation was built around aluminum. (The Canadian Press)

International trade lawyer Lawrence Herman, who is based in Toronto, noted that the precursor to the countries’ current military-industrial partnership was a 1940 agreement between the U.S. and Canadian leaders.

Back then, American funding discreetly helped turn Quebec aluminum into a global powerhouse.

Since then, Quebec aluminum has had mostly civilian uses. It also helped the U.S. build its arsenal for the Second World War.

Canada was heavily involved enough in that effort that Quebec became the site of the wartime allied leaders’ conference.


Alexander Panetta is a Washington-based correspondent for CBC News who has covered American politics and Canada-U.S. issues since 2013. He previously worked in Ottawa, Quebec City and internationally, reporting on politics, conflict, disaster and the Montreal Expos.

May 312023

You may wish to sign up for CRYPTO-GRAM from Bruce Schneier? (copy of recent one below)

Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of over one dozen books — including his latest, A Hacker’s Mind — as well as hundreds of articles, essays, and academic papers. His newsletter and blog are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an Advisory Board Member of the Electronic Privacy Information Center and He is the Chief of Security Architecture at Inrupt, Inc.

“Schneier” entered into the search button on my blog:  first reference:

2011-09-03 Election fraud in the U.S., “Murder, Spies & Voting Lies”.  E-voting in Canada.



God bless Bruce Schneier for his longtime dedication to public education and activism.  I see that I haven’t really told him how much I appreciate and have used his contributions.   2016-04-02 Sent to Bruce Schneier, thwarting activists by intrusion into WordPress.


A monthly newsletter about cybersecurity and related topics.

April 15, 2023

by Bruce Schneier
Fellow and Lecturer, Harvard Kennedy School

A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit Crypto-Gram’s web page.

Read this issue on the web

These same essays and news items appear in the Schneier on Security blog, along with a lively and intelligent comment section. An RSS feed is available.

** *** ***** ******* *********** *************

In this issue:

If these links don’t work in your email client, try reading this issue of Crypto-Gram on the web.

  1. NetWire Remote Access Trojan Maker Arrested
  2. How AI Could Write Our Laws
  3. Upcoming Speaking Engagements
  4. US Citizen Hacked by Spyware
  5. ChatGPT Privacy Flaw
  6. Mass Ransomware Attack
  7. Exploding USB Sticks
  8. A Hacker’s Mind News
  9. Hacks at Pwn2Own Vancouver 2023
  10. Security Vulnerabilities in Snipping Tools
  11. The Security Vulnerabilities of Message Interoperability
  12. Russian Cyberwarfare Documents Leaked
  13. UK Runs Fake DDoS-for-Hire Sites
  14. North Korea Hacking Cryptocurrency Sites with 3CX Exploit
  15. FBI (and Others) Shut Down Genesis Market
  16. Research on AI in Adversarial Settings
  17. LLMs and Phishing
  18. Car Thieves Hacking the CAN Bus
  19. FBI Advising People to Avoid Public Charging Stations
  20. Bypassing a Theft Threat Model
  21. Gaining an Advantage in Roulette
  22. Hacking Suicide
  23. Upcoming Speaking Engagements

** *** ***** ******* *********** *************

NetWire Remote Access Trojan Maker Arrested

[2023.03.14] From Brian Krebs:

A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.

The article details the mistakes that led to the person’s address.

** *** ***** ******* *********** *************

How AI Could Write Our Laws

[2023.03.14] Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there is a move to end drilling leases for federal lands, in exchange for the tens of millions they contribute to congressional reelection campaigns.

But lobbying strategies are not always so blunt, and the interests involved are not always so obvious. Consider, for example, a 2013 Massachusetts bill that tried to restrict the commercial use of data collected from K-12 students using services accessed via the internet. The bill appealed to many privacy-conscious education advocates, and appropriately so. But behind the justification of protecting students lay a market-altering policy: the bill was introduced at the behest of Microsoft lobbyists, in an effort to exclude Google Docs from classrooms.

What would happen if such legal-but-sneaky strategies for tilting the rules in favor of one group over another become more widespread and effective? We can see hints of an answer in the remarkable pace at which artificial-intelligence tools for everything from writing to graphic design are being developed and improved. And the unavoidable conclusion is that AI will make lobbying more guileful, and perhaps more successful.

It turns out there is a natural opening for this technology: microlegislation.

“Microlegislation” is a term for small pieces of proposed law that cater — sometimes unexpectedly — to narrow interests. Political scientist Amy McKay coined the term. She studied the 564 amendments to the Affordable Care Act (“Obamacare”) considered by the Senate Finance Committee in 2009, as well as the positions of 866 lobbying groups and their campaign contributions. She documented instances where lobbyist comments — on health-care research, vaccine services, and other provisions — were translated directly into microlegislation in the form of amendments. And she found that those groups’ financial contributions to specific senators on the committee increased the amendments’ chances of passing.

Her finding that lobbying works was no surprise. More important, McKay’s work demonstrated that computer models can predict the likely fate of proposed legislative amendments, as well as the paths by which lobbyists can most effectively secure their desired outcomes. And that turns out to be a critical piece of creating an AI lobbyist.

Lobbying has long been part of the give-and-take among human policymakers and advocates working to balance their competing interests. The danger of microlegislation — a danger greatly exacerbated by AI — is that it can be used in a way that makes it difficult to figure out who the legislation truly benefits.

Another word for a strategy like this is a “hack.” Hacks follow the rules of a system but subvert their intent. Hacking is often associated with computer systems, but the concept is also applicable to social systems like financial markets, tax codes, and legislative processes.

While the idea of monied interests incorporating AI assistive technologies into their lobbying remains hypothetical, specific machine-learning technologies exist today that would enable them to do so. We should expect these techniques to get better and their utilization to grow, just as we’ve seen in so many other domains.

Here’s how it might work.

Crafting an AI microlegislator

To make microlegislation, machine-learning systems must be able to uncover the smallest modification that could be made to a bill or existing law that would make the biggest impact on a narrow interest.

There are three basic challenges involved. First, you must create a policy proposal — small suggested changes to legal text — and anticipate whether or not a human reader would recognize the alteration as substantive. This is important; a change that isn’t detectable is more likely to pass without controversy. Second, you need to do an impact assessment to project the implications of that change for the short- or long-range financial interests of companies. Third, you need a lobbying strategizer to identify what levers of power to pull to get the best proposal into law.

Existing AI tools can tackle all three of these.

The first step, the policy proposal, leverages the core function of generative AI. Large language models, the sort that have been used for general-purpose chatbots such as ChatGPT, can easily be adapted to write like a native in different specialized domains after seeing a relatively small number of examples. This process is called fine-tuning. For example, a model “pre-trained” on a large library of generic text samples from books and the internet can be “fine-tuned” to work effectively on medical literature, computer science papers, and product reviews.

Given this flexibility and capacity for adaptation, a large language model could be fine-tuned to produce draft legislative texts, given a data set of previously offered amendments and the bills they were associated with. Training data is available. At the federal level, it’s provided by the US Government Publishing Office, and there are already tools for downloading and interacting with it. Most other jurisdictions provide similar data feeds, and there are even convenient assemblages of that data.

Meanwhile, large language models like the one underlying ChatGPT are routinely used for summarizing long, complex documents (even laws and computer code) to capture the essential points, and they are optimized to match human expectations. This capability could allow an AI assistant to automatically predict how detectable the true effect of a policy insertion may be to a human reader.

Today, it can take a highly paid team of human lobbyists days or weeks to generate and analyze alternative pieces of microlegislation on behalf of a client. With AI assistance, that could be done instantaneously and cheaply. This opens the door to dramatic increases in the scope of this kind of microlegislating, with a potential to scale across any number of bills in any jurisdiction.

Teaching machines to assess impact

Impact assessment is more complicated. There is a rich series of methods for quantifying the predicted outcome of a decision or policy, and then also optimizing the return under that model. This kind of approach goes by different names in different circles — mathematical programming in management science, utility maximization in economics, and rational design in the life sciences.

To train an AI to do this, we would need to specify some way to calculate the benefit to different parties as a result of a policy choice. That could mean estimating the financial return to different companies under a few different scenarios of taxation or regulation. Economists are skilled at building risk models like this, and companies are already required to formulate and disclose regulatory compliance risk factors to investors. Such a mathematical model could translate directly into a reward function, a grading system that could provide feedback for the model used to create policy proposals and direct the process of training it.

The real challenge in impact assessment for generative AI models would be to parse the textual output of a model like ChatGPT in terms that an economic model could readily use. Automating this would require extracting structured financial information from the draft amendment or any legalese surrounding it. This kind of information extraction, too, is an area where AI has a long history; for example, AI systems have been trained to recognize clinical details in doctors’ notes. Early indications are that large language models are fairly good at recognizing financial information in texts such as investor call transcripts. While it remains an open challenge in the field, they may even be capable of writing out multi-step plans based on descriptions in free text.

Machines as strategists

The last piece of the puzzle is a lobbying strategizer to figure out what actions to take to convince lawmakers to adopt the amendment.

Passing legislation requires a keen understanding of the complex interrelated networks of legislative offices, outside groups, executive agencies, and other stakeholders vying to serve their own interests. Each actor in this network has a baseline perspective and different factors that influence that point of view. For example, a legislator may be moved by seeing an allied stakeholder take a firm position, or by a negative news story, or by a campaign contribution.

It turns out that AI developers are very experienced at modeling these kinds of networks. Machine-learning models for network graphs have been built, refined, improved, and iterated by hundreds of researchers working on incredibly diverse problems: lidar scans used to guide self-driving cars, the chemical functions of molecular structures, the capture of motion in actors’ joints for computer graphics, behaviors in social networks, and more.

In the context of AI-assisted lobbying, political actors like legislators and lobbyists are nodes on a graph, just like users in a social network. Relations between them are graph edges, like social connections. Information can be passed along those edges, like messages sent to a friend or campaign contributions made to a member. AI models can use past examples to learn to estimate how that information changes the network. Calculating the likelihood that a campaign contribution of a given size will flip a legislator’s vote on an amendment is one application.

McKay’s work has already shown us that there are significant, predictable relationships between these actions and the outcomes of legislation, and that the work of discovering those can be automated. Others have shown that graphs of neural network models like those described above can be applied to political systems. The full-scale use of these technologies to guide lobbying strategy is theoretical, but plausible.

Put together, these three components could create an automatic system for generating profitable microlegislation. The policy proposal system would create millions, even billions, of possible amendments. The impact assessor would identify the few that promise to be most profitable to the client. And the lobbying strategy tool would produce a blueprint for getting them passed.

What remains is for human lobbyists to walk the floors of the Capitol or state house, and perhaps supply some cash to grease the wheels. These final two aspects of lobbying — access and financing — cannot be supplied by the AI tools we envision. This suggests that lobbying will continue to primarily benefit those who are already influential and wealthy, and AI assistance will amplify their existing advantages.

The transformative benefit that AI offers to lobbyists and their clients is scale. While individual lobbyists tend to focus on the federal level or a single state, with AI assistance they could more easily infiltrate a large number of state-level (or even local-level) law-making bodies and elections. At that level, where the average cost of a seat is measured in the tens of thousands of dollars instead of millions, a single donor can wield a lot of influence — if automation makes it possible to coordinate lobbying across districts.

How to stop them

When it comes to combating the potentially adverse effects of assistive AI, the first response always seems to be to try to detect whether or not content was AI-generated. We could imagine a defensive AI that detects anomalous lobbyist spending associated with amendments that benefit the contributing group. But by then, the damage might already be done.

In general, methods for detecting the work of AI tend not to keep pace with its ability to generate convincing content. And these strategies won’t be implemented by AIs alone. The lobbyists will still be humans who take the results of an AI microlegislator and further refine the computer’s strategies. These hybrid human-AI systems will not be detectable from their output.

But the good news is: the same strategies that have long been used to combat misbehavior by human lobbyists can still be effective when those lobbyists get an AI assist. We don’t need to reinvent our democracy to stave off the worst risks of AI; we just need to more fully implement long-standing ideals.

First, we should reduce the dependence of legislatures on monolithic, multi-thousand-page omnibus bills voted on under deadline. This style of legislating exploded in the 1980s and 1990s and continues through to the most recent federal budget bill. Notwithstanding their legitimate benefits to the political system, omnibus bills present an obvious and proven vehicle for inserting unnoticed provisions that may later surprise the same legislators who approved them.

The issue is not that individual legislators need more time to read and understand each bill (that isn’t realistic or even necessary). It’s that omnibus bills must pass. There is an imperative to pass a federal budget bill, and so the capacity to push back on individual provisions that may seem deleterious (or just impertinent) to any particular group is small. Bills that are too big to fail are ripe for hacking by microlegislation.

Moreover, the incentive for legislators to introduce microlegislation catering to a narrow interest is greater if the threat of exposure is lower. To strengthen the threat of exposure for misbehaving legislative sponsors, bills should focus more tightly on individual substantive areas and, after the introduction of amendments, allow more time before the committee and floor votes. During this time, we should encourage public review and testimony to provide greater oversight.

Second, we should strengthen disclosure requirements on lobbyists, whether they’re entirely human or AI-assisted. State laws regarding lobbying disclosure are a hodgepodge. North Dakota, for example, only requires lobbying reports to be filed annually, so that by the time a disclosure is made, the policy is likely already decided. A lobbying disclosure scorecard created by Open Secrets, a group researching the influence of money in US politics, tracks nine states that do not even require lobbyists to report their compensation.

Ideally, it would be great for the public to see all communication between lobbyists and legislators, whether it takes the form of a proposed amendment or not. Absent that, let’s give the public the benefit of reviewing what lobbyists are lobbying for — and why. Lobbying is traditionally an activity that happens behind closed doors. Right now, many states reinforce that: they actually exempt testimony delivered publicly to a legislature from being reported as lobbying.

In those jurisdictions, if you reveal your position to the public, you’re no longer lobbying. Let’s do the inverse: require lobbyists to reveal their positions on issues. Some jurisdictions already require a statement of position (a ‘yea’ or ‘nay’) from registered lobbyists. And in most (but not all) states, you could make a public records request regarding meetings held with a state legislator and hope to get something substantive back. But we can expect more — lobbyists could be required to proactively publish, within a few days, a brief summary of what they demanded of policymakers during meetings and why they believe it’s in the general interest.

We can’t rely on corporations to be forthcoming and wholly honest about the reasons behind their lobbying positions. But having them on the record about their intentions would at least provide a baseline for accountability.

Finally, consider the role AI assistive technologies may have on lobbying firms themselves and the labor market for lobbyists. Many observers are rightfully concerned about the possibility of AI replacing or devaluing the human labor it automates. If the automating potential of AI ends up commodifying the work of political strategizing and message development, it may indeed put some professionals on K Street out of work.

But don’t expect that to disrupt the careers of the most astronomically compensated lobbyists: former members Congress and other insiders who have passed through the revolving door. There is no shortage of reform ideas for limiting the ability of government officials turned lobbyists to sell access to their colleagues still in government, and they should be adopted and — equally important — maintained and enforced in successive Congresses and administrations.

None of these solutions are really original, specific to the threats posed by AI, or even predominantly focused on microlegislation — and that’s the point. Good governance should and can be robust to threats from a variety of techniques and actors.

But what makes the risks posed by AI especially pressing now is how fast the field is developing. We expect the scale, strategies, and effectiveness of humans engaged in lobbying to evolve over years and decades. Advancements in AI, meanwhile, seem to be making impressive breakthroughs at a much faster pace — and it’s still accelerating.

The legislative process is a constant struggle between parties trying to control the rules of our society as they are updated, rewritten, and expanded at the federal, state, and local levels. Lobbying is an important tool for balancing various interests through our system. If it’s well-regulated, perhaps lobbying can support policymakers in making equitable decisions on behalf of us all.

This article was co-written with Nathan E. Sanders and originally appeared in MIT Technology Review.

** *** ***** ******* *********** *************

Upcoming Speaking Engagements

[2023.03.14] This is a current list of where and when I am scheduled to speak:

  • I’m speaking on “How to Reclaim Power in the Digital World” at EPFL in Lausanne, Switzerland, on Thursday, March 16, 2023, at 5:30 PM CET.
  • I’ll be discussing my new book A Hacker’s Mind: How the Powerful Bend Society’s Rules at Harvard Science Center in Cambridge, Massachusetts, USA, on Friday, March 31, 2023, at 6:00 PM EDT.
  • I’ll be discussing my book A Hacker’s Mind with Julia Angwin at the Ford Foundation Center for Social Justice in New York City, on Thursday, April 6, 2023, at 6:30 PM EDT. Register here
  • I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023, at 8:30 AM CEST.

The list is maintained on this page.

** *** ***** ******* *********** *************

US Citizen Hacked by Spyware

[2023.03.21] The New York Times is reporting that a US citizen’s phone was hacked by Predator spyware.

A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.

The disclosure is the first known case of an American citizen being targeted in a European Union country by the advanced snooping technology, the use of which has been the subject of a widening scandal in Greece. It demonstrates that the illicit use of spyware is spreading beyond use by authoritarian governments against opposition figures and journalists, and has begun to creep into European democracies, even ensnaring a foreign national working for a major global corporation.

The simultaneous tapping of the target’s phone by the national intelligence service and the way she was hacked indicate that the spy service and whoever implanted the spyware, known as Predator, were working hand in hand.

** *** ***** ******* *********** *************

ChatGPT Privacy Flaw

[2023.03.22] OpenAI has disabled ChatGPT’s privacy history, almost certainly because it had a security flaw where users were seeing each others’ histories.

** *** ***** ******* *********** *************

Mass Ransomware Attack

[2023.03.23] A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack:

TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward.

However, while the number of victims of the mass-hack is widening, the known impact is murky at best.

Since the attack in late January or early February — the exact date is not known — Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization’s network that allows companies to securely transfer huge sets of data and other large files.

** *** ***** ******* *********** *************

Exploding USB Sticks

[2023.03.24] In case you don’t have enough to worry about, people are hiding explosives — actual ones — in USB sticks:

In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said.

Artieda sustained slight injuries to one hand and his face, said police official Xavier Chango. No one else was hurt.

Chango said the USB drive sent to Artieda could have been loaded with RDX, a military-type explosive.


According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (PDF), militaries, including the US’s, use RDX, which “can be used alone as a base charge for detonators or mixed with other explosives, such as TNT.” Chango said it comes in capsules measuring about 1 cm, but only half of it was activated in the drive that Artieda plugged in, which likely saved him some harm.

Reminds me of assassination by cell phone.

** *** ***** ******* *********** *************

A Hacker’s Mind News

[2023.03.24] My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It’s been spied in airports.

Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now.

You can order a signed book from me here.

** *** ***** ******* *********** *************

Hacks at Pwn2Own Vancouver 2023

[2023.03.27] An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver:

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.

The first to fall was Adobe Reader in the enterprise applications category after Haboob SA’s Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000.

The STAR Labs team (@starlabs_sg) demoed a zero-day exploit chain targeting Microsoft’s SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

Synacktiv (@Synacktiv) took home $100,000 and a Tesla Model 3 after successfully executing a TOCTOU (time-of-check to time-of-use) attack against the Tesla-Gateway in the Automotive category. They also used a TOCTOU zero-day vulnerability to escalate privileges on Apple macOS and earned $40,000.

Oracle VirtualBox was hacked using an OOB Read and a stacked-based buffer overflow exploit chain (worth $40,000) by Qrious Security’s Bien Pham (@bienpnn).

Last but not least, Marcin Wiązowski elevated privileges on Windows 11 using an improper input validation zero-day that came with a $30,000 prize.

The con’s second and third days were equally impressive.

** *** ***** ******* *********** *************

Security Vulnerabilities in Snipping Tools

[2023.03.28] Both Google’s Pixel’s Markup Tool and the Windows Snipping Tool have vulnerabilities that allow people to partially recover content that was edited out of images.

EDITED TO ADD (4/14): Steven Murdoch has a good explanation as to why this happened — and to two very different snipping tools.

** *** ***** ******* *********** *************

The Security Vulnerabilities of Message Interoperability

[2023.03.29] Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other:

The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage keys, authenticate users, and moderate content? How much metadata will have to be shared, and how?

In our latest paper, One Protocol to Rule Them All? On Securing Interoperable Messaging, we explore the security tensions, the conflicts of interest, the usability traps, and the likely consequences for individual and institutional behaviour.

Interoperability will vastly increase the attack surface at every level in the stack from the cryptography up through usability to commercial incentives and the opportunities for government interference.

It’s a good idea in theory, but will likely result in the overall security being the worst of each platform’s security.

** *** ***** ******* *********** *************

Russian Cyberwarfare Documents Leaked

[2023.03.30] Now this is interesting:

Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.

The company’s work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU; and the SVR, Russia’s foreign intelligence organisation.

Lots more at the link.

The documents are in Russian, so it will be a while before we get translations.

EDITED TO ADD (4/1): More information.

** *** ***** ******* *********** *************

UK Runs Fake DDoS-for-Hire Sites

[2023.04.03] Brian Krebs is reporting that the UK’s National Crime Agency is setting up fake DDoS-for-hire sites as part of a sting operation:

The NCA says all of its fake so-called “booter” or “stresser” sites – which have so far been accessed by several thousand people — have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks.

“However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators,” reads an NCA advisory on the program. “Users based in the UK will be contacted by the National Crime Agency or police and warned about engaging in cyber crime. Information relating to those based overseas is being passed to international law enforcement.”

The NCA declined to say how many phony booter sites it had set up, or for how long they have been running. The NCA says hiring or launching attacks designed to knock websites or users offline is punishable in the UK under the Computer Misuse Act 1990.

“Going forward, people who wish to use these services can’t be sure who is actually behind them, so why take the risk?” the NCA announcement continues.

** *** ***** ******* *********** *************

North Korea Hacking Cryptocurrency Sites with 3CX Exploit

[2023.04.04] News:

Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.”

Security firms CrowdStrike and SentinelOne last week pinned the operation on North Korean hackers, who compromised 3CX installer software that’s used by 600,000 organizations worldwide, according to the vendor. Despite the potentially massive breadth of that attack, which SentinelOne dubbed “Smooth Operator,” Kaspersky has now found that the hackers combed through the victims infected with its corrupted software to ultimately target fewer than 10 machines — at least as far as Kaspersky could observe so far — and that they seemed to be focusing on cryptocurrency firms with “surgical precision.”

** *** ***** ******* *********** *************

FBI (and Others) Shut Down Genesis Market

[2023.04.05] Genesis Market is shut down:

Active since 2018, Genesis Market’s slogan was, “Our store sells bots with logs, cookies, and their real fingerprints.” Customers could search for infected systems with a variety of options, including by Internet address or by specific domain names associated with stolen credentials.

But earlier today, multiple domains associated with Genesis had their homepages replaced with a seizure notice from the FBI, which said the domains were seized pursuant to a warrant issued by the U.S. District Court for the Eastern District of Wisconsin.

The U.S. Attorney’s Office for the Eastern District of Wisconsin did not respond to requests for comment. The FBI declined to comment.

But sources close to the investigation tell KrebsOnSecurity that law enforcement agencies in the United States, Canada and across Europe are currently serving arrest warrants on dozens of individuals thought to support Genesis, either by maintaining the site or selling the service bot logs from infected systems.

The seizure notice includes the seals of law enforcement entities from several countries, including Australia, Canada, Denmark, Germany, the Netherlands, Spain, Sweden and the United Kingdom.

Slashdot story.

** *** ***** ******* *********** *************

Research on AI in Adversarial Settings

[2023.04.06] New research: “Achilles Heels for AGI/ASI via Decision Theoretic Adversaries”:

As progress in AI continues to advance, it is important to know how advanced systems will make choices and in what ways they may fail. Machines can already outsmart humans in some domains, and understanding how to safely build ones which may have capabilities at or above the human level is of particular concern. One might suspect that artificially generally intelligent (AGI) and artificially superintelligent (ASI) will be systems that humans cannot reliably outsmart. As a challenge to this assumption, this paper presents the Achilles Heel hypothesis which states that even a potentially superintelligent system may nonetheless have stable decision-theoretic delusions which cause them to make irrational decisions in adversarial settings. In a survey of key dilemmas and paradoxes from the decision theory literature, a number of these potential Achilles Heels are discussed in context of this hypothesis. Several novel contributions are made toward understanding the ways in which these weaknesses might be implanted into a system.

** *** ***** ******* *********** *************

LLMs and Phishing

[2023.04.10] Here’s an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. It’s an interesting experiment, and the results are likely to vary wildly based on the details of the experiment.

But while it’s an easy experiment to run, it misses the real risk of large language models (LLMs) writing scam emails. Today’s human-run scams aren’t limited by the number of people who respond to the initial email contact. They’re limited by the labor-intensive process of persuading those people to send the scammer money. LLMs are about to change that. A decade ago, one type of spam email had become a punchline on every late-night show: “I am the son of the late king of Nigeria in need of your assistance….” Nearly everyone had gotten one or a thousand of those emails, to the point that it seemed everyone must have known they were scams.

So why were scammers still sending such obviously dubious emails? In 2012, researcher Cormac Herley offered an answer: It weeded out all but the most gullible. A smart scammer doesn’t want to waste their time with people who reply and then realize it’s a scam when asked to wire money. By using an obvious scam email, the scammer can focus on the most potentially profitable people. It takes time and effort to engage in the back-and-forth communications that nudge marks, step by step, from interlocutor to trusted acquaintance to pauper.

Long-running financial scams are now known as pig butchering, growing the potential mark up until their ultimate and sudden demise. Such scams, which require gaining trust and infiltrating a target’s personal finances, take weeks or even months of personal time and repeated interactions. It’s a high stakes and low probability game that the scammer is playing.

Here is where LLMs will make a difference. Much has been written about the unreliability of OpenAI’s GPT models and those like them: They “hallucinate” frequently, making up things about the world and confidently spouting nonsense. For entertainment, this is fine, but for most practical uses it’s a problem. It is, however, not a bug but a feature when it comes to scams: LLMs’ ability to confidently roll with the punches, no matter what a user throws at them, will prove useful to scammers as they navigate hostile, bemused, and gullible scam targets by the billions. AI chatbot scams can ensnare more people, because the pool of victims who will fall for a more subtle and flexible scammer — one that has been trained on everything ever written online — is much larger than the pool of those who believe the king of Nigeria wants to give them a billion dollars.

Personal computers are powerful enough today that they can run compact LLMs. After Facebook’s new model, LLaMA, was leaked online, developers tuned it to run fast and cheaply on powerful laptops. Numerous other open-source LLMs are under development, with a community of thousands of engineers and scientists.

A single scammer, from their laptop anywhere in the world, can now run hundreds or thousands of scams in parallel, night and day, with marks all over the world, in every language under the sun. The AI chatbots will never sleep and will always be adapting along their path to their objectives. And new mechanisms, from ChatGPT plugins to LangChain, will enable composition of AI with thousands of API-based cloud services and open source tools, allowing LLMs to interact with the internet as humans do. The impersonations in such scams are no longer just princes offering their country’s riches. They are forlorn strangers looking for romance, hot new cryptocurrencies that are soon to skyrocket in value, and seemingly-sound new financial websites offering amazing returns on deposits. And people are already falling in love with LLMs.

This is a change in both scope and scale. LLMs will change the scam pipeline, making them more profitable than ever. We don’t know how to live in a world with a billion, or 10 billion, scammers that never sleep.

There will also be a change in the sophistication of these attacks. This is due not only to AI advances, but to the business model of the internet — surveillance capitalism — which produces troves of data about all of us, available for purchase from data brokers. Targeted attacks against individuals, whether for phishing or data collection or scams, were once only within the reach of nation-states. Combine the digital dossiers that data brokers have on all of us with LLMs, and you have a tool tailor-made for personalized scams.

Companies like OpenAI attempt to prevent their models from doing bad things. But with the release of each new LLM, social media sites buzz with new AI jailbreaks that evade the new restrictions put in place by the AI’s designers. ChatGPT, and then Bing Chat, and then GPT-4 were all jailbroken within minutes of their release, and in dozens of different ways. Most protections against bad uses and harmful output are only skin-deep, easily evaded by determined users. Once a jailbreak is discovered, it usually can be generalized, and the community of users pulls the LLM open through the chinks in its armor. And the technology is advancing too fast for anyone to fully understand how they work, even the designers.

This is all an old story, though: It reminds us that many of the bad uses of AI are a reflection of humanity more than they are a reflection of AI technology itself. Scams are nothing new — simply intent and then action of one person tricking another for personal gain. And the use of others as minions to accomplish scams is sadly nothing new or uncommon: For example, organized crime in Asia currently kidnaps or indentures thousands in scam sweatshops. Is it better that organized crime will no longer see the need to exploit and physically abuse people to run their scam operations, or worse that they and many others will be able to scale up scams to an unprecedented level?

Defense can and will catch up, but before it does, our signal-to-noise ratio is going to drop dramatically.

This essay was written with Barath Raghavan, and previously appeared on

** *** ***** ******* *********** *************

Car Thieves Hacking the CAN Bus

[2023.04.11] Car thieves are injecting malicious software into a car’s network through wires in the headlights (or taillights) that fool the car into believing that the electronic key is nearby.

News articles.

** *** ***** ******* *********** *************

FBI Advising People to Avoid Public Charging Stations

[2023.04.12] The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices:

Avoid using free charging stations in airports, hotels, or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices that access these ports. Carry your own charger and USB cord and use an electrical outlet instead.

How much of a risk is this, really? I am unconvinced, although I do carry a USB condom for charging stations I find suspicious.

News article.

** *** ***** ******* *********** *************

Bypassing a Theft Threat Model

[2023.04.13] Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the process.

I wrote about this kind of thing in 2000, in Secrets and Lies (page 318):

My favorite example is a band of California art thieves that would break into people’s houses by cutting a hole in their walls with a chainsaw. The attacker completely bypassed the threat model of the defender. The countermeasures that the homeowner put in place were door and window alarms; they didn’t make a difference to this attack.

The article says they took half a million dollars worth of iPhones. I don’t understand iPhone device security, but don’t they have a system of denying stolen phones access to the network?

EDITED TO ADD (4/13): A commenter says: “Locked idevices will still sell for 40-60% of their value on eBay and co, they will go to Chinese shops to be stripped for parts. A aftermarket ‘oem-quality’ iPhone 14 display is $400+ alone on ifixit.”

** *** ***** ******* *********** *************

Gaining an Advantage in Roulette

[2023.04.14] You can beat the game without a computer:

On a perfect [roulette] wheel, the ball would always fall in a random way. But over time, wheels develop flaws, which turn into patterns. A wheel that’s even marginally tilted could develop what Barnett called a ‘drop zone.’ When the tilt forces the ball to climb a slope, the ball decelerates and falls from the outer rim at the same spot on almost every spin. A similar thing can happen on equipment worn from repeated use, or if a croupier’s hand lotion has left residue, or for a dizzying number of other reasons. A drop zone is the Achilles’ heel of roulette. That morsel of predictability is enough for software to overcome the random skidding and bouncing that happens after the drop.”

** *** ***** ******* *********** *************

Hacking Suicide

[2023.04.14] Here’s a religious hack:

You want to commit suicide, but it’s a mortal sin: your soul goes straight to hell, forever. So what you do is murder someone. That will get you executed, but if you confess your sins to a priest beforehand you avoid hell. Problem solved.

This was actually a problem in the 17th and 18th centuries in Northern Europe, particularly Denmark. And it remained a problem until capital punishment was abolished for murder.

It’s a clever hack. I didn’t learn about it in time to put it in my book, A Hacker’s Mind, but I have several other good hacks of religious rules.

** *** ***** ******* *********** *************

Upcoming Speaking Engagements

[2023.04.14] This is a current list of where and when I am scheduled to speak:

  • I’m speaking on “Cybersecurity Thinking to Reinvent Democracy” at RSA Conference 2023 in San Francisco, California, on Tuesday, April 25, 2023, at 9:40 AM PT.
  • I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST.

The list is maintained on this page.

** *** ***** ******* *********** *************

Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security technology. To subscribe, or to read back issues, see Crypto-Gram’s web page.

You can also read these articles on my blog, Schneier on Security.

Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable. Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.

Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of over one dozen books — including his latest, A Hacker’s Mind — as well as hundreds of articles, essays, and academic papers. His newsletter and blog are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an Advisory Board Member of the Electronic Privacy Information Center and He is the Chief of Security Architecture at Inrupt, Inc.

Copyright © 2023 by Bruce Schneier.

** *** ***** ******* *********** *************

Mailing list hosting graciously provided by MailChimp. Sent without web bugs or link tracking.

This email was sent to:  (removed)
You are receiving this email because you subscribed to the Crypto-Gram newsletter.

Bruce Schneier · Harvard Kennedy School · 1 Brattle Square · Cambridge, MA 02138 · USA

May 312023


As part of the proposed Pandemic Treaty, the WHO has for the first time said that it’s going to prioritize restricting civil liberties. While we all know they’ve been pushing for this for some years, this is the first time they’ve openly admitted it directly.





WHO Group Co-Chair Calls For “Prioritizing Actions That May Restrict Individual Liberties”


During a meeting last week, a co-chair of a World Health Organization (WHO) working group that’s focused on international law amendments that would increase the WHO’s powers, took the power grab a step further by urging members to prioritize “actions that may restrict individual liberties.”

The co-chair of the WHO’s working group on amendments to the International Health Regulations (2005), Dr. Abdullah Assiri, made the comments during a strategic roundtable at the seventy-sixth World World Health Assembly (an annual meeting of the WHO’s decision-making body).

During the strategic roundtable, WHO members discussed the international pandemic treaty and amendments to the International Health Regulations — two instruments that will collectively expand the WHO’s powers to target “misinformation,” increase its surveillance powers, and push global vaccine passports.

Assiri provided an update on the WHO’s progress with the IHR amendments before suggesting that individual liberties should be curtailed by this unelected health agency.

“The world, however, requires different legal mandates, such as the pandemic treaty, to navigate through a particular pandemic, should one occur, and it will,” Assiri said. “Prioritizing actions that may restrict individual liberties, mandating and sharing of information, knowledge, and resources, and most importantly, providing fund for pandemic control efforts are all necessary during a pandemic. The means to carry out these actions are simply not…currently at hand.”

Watch the video here.

While the sweeping new powers contained within the pandemic treaty and amendments to the IHR do curb individual liberties, such as privacy and free speech, WHO officials have previously refrained from admitting this directly.

Assiri’s comments are the latest of many examples of the WHO continuing to demand more power, despite the unelected health agency already gaining significant influence during the pandemic.

Since 2020, the WHO has partnered with YouTube, Facebook, and Wikipedia and had a direct impact on the speech rules on these platforms. Google renewed its partnership with the WHO last month.

Yet despite already having major influence over online speech, the WHO pushed for even more power in 2021 (when work began on the international pandemic treaty) and 2022 (when the Biden administration proposed amendments to the IHR).

The WHO’s power grab has faced pushback from politicians in the US, Canada, UK, Australia, and Europe. However, it continues to move forward and the WHO is planning to finalize the pandemic treaty and IHR amendments by May 2024.

If adopted, the pandemic treaty will apply to the WHO’s 194 member states (which represent 98% of the world’s countries) and the IHR amendments will apply to 196 countries. Both instruments are legally binding under international law.





Lawmakers Want To Restrict AI To Licensed Companies


Politicians that plan to regulate AI have used the increase in AI memes as a call to justify the idea that AI companies need to be licensed by the government before they can operate.

We break down their plans today.

Watch our video report on YT here.

Watch our video report on Rumble h​​ere.





Microsoft President Wants It To Be Illegal To Remove AI Watermark Microsoft And Others Are Developing


Microsoft’s president and vice chairman Brad Smith has made some bold statements about how he expects the US government to regulate artificial intelligence in the next year. He made the remarks in an interview on CBS’ “Face the Nation.”

Smith wants it to be “unlawful” to remove the AI metadata that Microsoft and others are developing. Microsoft is also developing technology to be able to detect when the watermark is removed.

Watch the video here.

“We’ll need a system that we and so many others have been working to develop that protects content, that puts a watermark on it, so that if somebody alters it, if somebody removes the watermark, if they do that to try to deceive or defraud someone, first of all, they’re doing something that the law makes unlawful. We may need some new law to do that,” Smith said.

“But second, we can then use the power of AI to detect when that happens. So that means a news organization like CBS would have video that somehow could be identified. And I would guess and hope that CBS will be absolutely at the forefront of this.”

The president of the Big Tech behemoth explained that metadata within a file will identify when an image or video is AI generated and said that it should be illegal to remove it.

“You embed what we call metadata. It’s part of the file. If it’s removed, we’re able to detect it. If there’s an altered version, we in effect create a hash. Think of it like the fingerprint of something and then can look for that fingerprint across the internet.”

Smith said he wants the US to increase the pace of AI regulation.
“I was in Japan just three weeks ago, and they have a national A.I. strategy. The government has adopted it,” Smith said. “The world is moving forward. Let’s make sure that the United States at least keeps pace with the rest of the world.”





EU Threatens Twitter Over “Disinformation” – “You Can Run But You Can’t Hide”


On Friday, the European Union’s Internal Markets Commissioner, Thierry Breton, confirmed that Twitter had ditched the EU’s code of practice on disinformation. He warned that the platform cannot “hide” from obligations to censor content.

“You can run but you can’t hide,” Breton threatened in a tweet.

“Beyond voluntary commitments, fighting disinformation will be a legal obligation under DSA as of August 25,” Breton continued. “Our teams will be ready for enforcement.”

Breton was referring to the censorship law, the controversial Digital Services Act (DSA), a new set of rules for social media platforms operating in Europe, which require them to actively police content or risk fines of up to 6% of global turnover.



The current code of practice, which is voluntary, includes obligations for social media to stop the monetization of “disinformation,” monitor political advertising, and allow third-parties to access their algorithms.

In February, Twitter did not submit a report on its implementation of the code. It was the only major platform to fail to do so.

Unlike the code of practice, the DSA is legally binding, and large platforms, Twitter, Facebook, Instagram, YouTube, TikTok, Pinterest, Snapchat, and LinkedIn, will have to comply with it if they want to operate in Europe.

In previous tweets, Breton has indicated that he will hold Twitter owner Elon Musk to account for the platform’s failures to comply with the content rules in the EU.





News Corp CEO Says Political Prejudices At Advertising Agencies Affect Demonetization Of Some News Outlets


CEO of global media organization News Corp, Robert Thomson, said that he had discovered that staff at advertising agencies were allowing personal “political prejudices” to guide their work. He made the remarks at the International News Media Association (INMA) World Congress of News Media in New York.

“I asked the chief executive of one of the world largest companies why he had an ad ban against the New York Post … (with around 158 million monthly uniques),” he said, according to The Australian.

“The chief exec said he was completely unaware of any such ban – so he checked, and to his genuine and annoyed surprise, a hyper-politicized agency flunkey had a Post prohibition.

“The medium may be the message but unless we are more assertive and there is more transparency, certain advertising agencies will indulge their worst instincts, ad nauseam.”

Thomson said that the frustration with the Global Disinformation Index, a firm funded by the US and UK that provides blacklists of conservative websites to advertisers, was justifiable.

“These arrogant armchair amateurs have undue influence on ad spend by agencies and companies,” he said.

“No masthead is immune to sudden, capricious changes in algorithmic ranking that can affect your ad revenue.”





“Pre Crime”-Style AI That Monitors Kids Hits Dallas Schools


The Dallas Independent School District is rolling out AI-equipped cameras to spy on students, violating privacy under the pretense of keeping them safe.

The school district partnered with a company called Davista to use AI to monitor each student and notify the administration if a student deviates from their “baseline” behavior.

The press release announcing the technology stated: “This initiative will utilize Davista’s Heimdall platform, a breakthrough technology that empowers organizations to identify risk and take action before the projected risk becomes a consequential event or incident.

“Davista’s student safety and support platform enables comprehensive analysis and review of student data through software, minimizing inherent human biases and disparities by objectively assessing data points and reducing assumptions and cognitive fatigue. Leveraging existing data within the school, the technology pays attention to students’ participation, performance, and behavioral patterns. This process establishes a baseline for each student, derived from their past information, allowing real-time analysis of any deviations from their personal baseline.”


Donate To Reclaim The Net


Thanks for reading,

Reclaim The Net

86-90 Paul Street
United Kingdom
May 172023

Hi Everyone,

A SET of   7  postings allows me to construct a broader picture of where we stand today.  (Make that 8 Postings) and in case you missed it,  Robert F Kennedy Jr is seeking the Democratic Nomination in the U.S..  Do not expect to hear it on the CBC.  On April 25th their pundits discussed who was in the running for the presidency of the USA.  They concluded Biden and Trump, no serious other contenders.  There was zero mention of Robert F Kennedy Jr.  So I guess it will be us who make it known to each other.

Updates on the National Citizen Inquiry are at the very bottom.  Worrisome.

1.                   2023-03-22 Government Report on Vaccine Injuries, deaths: $$ Paid Out  (Canada)

2.2023-03-14  Swift Current SK  Video  StatsCan, Govt Trailers: Harassing Folks For Blood, Saliva & Urine Testing. Personal Information Banks (PIB’s). History, Lockheed Martin partnered with StatsCan.     (The Swift Current video is the first I have heard mention of PIB’s.  The next posting breaks the PIB information out into its own posting.)

3.2023-04-03   PERSONAL INFORMATION BANK (PIB) – – information includes   (This is Your Personal information, in Government-owned “data Banks”.)  Familiarize yourself with what is in their Bank about You.)   Source:  Govt website.

4.    2023-03-02   Maria Ressa on facing down dictators, disinformation and standing up for democracy, Author “How to Stand Up to a Dictator”, Nobel Laureate. CBC Radio interview.  


5.     2023-03-  Maria Ressa, author of “How to Stand Up to Dictators”, interviewed by Stephen Colbert

6.     2023-03-21 Manitoba family files lawsuit against AstraZeneca  (21 year-old son, healthy, working at Whistler (2021).  6 days after the AstraZeneca vaccine, devastation hits.  Today,  Jordan Reimer is blind, will never again live on his own, will never fully recover;  brain injury (hemorrhage). Problems with the vaccine were KNOWN.  They rolled it out anyway.  The family of Jordan Reimer isn’t the only casualty.  The defendants in the lawsuit are AstraZeneca Canada Inc., Verity Pharmaceuticals Inc., Vail Resorts Inc., Vancouver Coastal Health Authority and the Attorney General of Canada.


7.2022-10-28 Covid protests, Vocabulary and Context.   WE WILL DO BETTER . . .  NEXT TIME!   say the Police.

Please find your voice.  Talking with other people is most effective.  Become strong at the local level.  Form a group or whatever.   I believe Maria Ressa.  She speaks from first-hand experience of corrupt, authoritarian regimes (the Philippines).

She tells Canadians:  you are at the precipice.  You must become the citizens that your country needs, before it is too late.

This set of postings is meant to make our situation clear.  Do not be afraid to talk.  It is the way we will win.   (I read Ressa’s book,  “How to Stand Up to a Dictator”.)

Also,  there are very good aids on the internet telling what people in other communities are doing to build their strength.  Deliberate and effective steps.

An update, May 2nd:   Rebel news has started a lawsuit against the Government,  challenging Bill C-11.


  1. I have to spend some time with Maya Angelou!   I only know her superficially.

Here she is in a video series done by Oprah.




The Inquiry has wrapped up in Winnipeg, in Saskatoon, and in Red Deer.

Today (April 28),  Epoch News is carrying the headline below.

I checked the NCI website;  did not find the announcement,  but they are very under-resourced.

The continuing schedule for the NCI Meetings is at  

UPDATE:   May 5th

National Citizens Inquiry

@citizensinquiry4.19K subscribers 24 videos

Our account has been restricted for 7 days – we will be live streaming the Toronto hearings on our other social media platforms, and at



National Citizen’s Inquiry Suspended by YouTube


Carry on!  It’s a sunshine day.



Apr 182023

re Government Report on Vaccine Injuries & Pay-outs

The info is Government-supplied.

My intention is to get conversations going.


People cannot protect themselves and their families if they don’t have the information.

The vaccine injuries are a serious matter.

Information on the FIRST and SECOND INJURY & DEATHS REPORTS (Canada) are below.

= = = = = =  =

March 19, 2023

Regarding Propaganda,  information can be controlled through A LACK of information.

I am giving you the information.

News of the federal money paid out to people who took a beating from the covid vaccinations is starting to trickle out.   Western Standard News has the recent story of a woman from Lethbridge (below). 

Dec 22, 2022,  the Government’s FIRST REPORT on vaccine injuries, CTV News. 

More than $2.7M paid to 50 claimants of serious injury connected to a vaccine in Canada

The next public reporting will reflect the statistics up to June 1, 2023.


So, a TOTAL $2.7 million paid out.  The average paid to 50 injured (or dead) was therefore $55,585.

 . . . with roughly one report of a serious reaction for every 10,000  doses administered, (corrected from

. . .      one report for every 10,000 people.)


. . .  The Lethbridge woman (below, is not in last year’s statistics, I don’t think.  She received “less than $100,000”).

When you read what the vaccination did to that woman and her family, God! it’s not a lot of money for going forward.  See what you think.


Reports of deaths are deliberately NORMALIZED, or MINIMIZED, I would say.


Canada:  (VISP).  VACCINE INJURY SUPPORT PROGRAM started in June 2021.


(If I am estimating what a Canadian population figure would be, I take One-Tenth of the American number.  (The U.S. population is approximately Ten Times the Canadian population – –  close enough).


Americans are under no illusion:  a fraction of the vaccine adverse events are reported to VAERS.   The same is likely true of Canada.

U.S. Reporting:

The Centers for Disease Control and Prevention (CDC) today released new data showing a total of 1,418,220 reports of adverse events following COVID-19 vaccines were submitted between Dec. 14, 2020, and Sept. 16, 2022, to the Vaccine Adverse Event Reporting System (VAERS). That’s an increase of 10,811 adverse events over the previous week.

VAERS is the primary government-funded system for reporting adverse vaccine reactions in the U.S.

The data included a total of 31,074 reports of deaths — an increase of 139 over the previous week — and 258,480 serious injuries, including deaths, during the same time period —  up 1,253 compared with the previous week.

There were a total of 563 reports of adverse events following the new bivalent booster COVID-19 vaccine as of Sept. 16, 2022. The data included a total of 5 deaths and 31 serious injuries.

– – – – – – – – – – – –

It is difficult to obtain financial compensation through VAERS (the American program).  Many don’t know of the existence of the program.  Also, same as in Canada, it is difficult to afford a lawyer which I understand to be important – – it’s a specialized area of health.  Self-representation is unlikely to be an option.

The damage done by Covid vaccinations is (on the U.S. side) more than the damage done by ALL vaccinations cumulatively since the beginning of VAERS in 1990; “damage” measured by the dollars awarded by VAERS; counting only American “adverse events” which includes deaths;  Lordy knows what the world-wide tally of the death and destruction from the Covid vaccinations amounts to.

– – – – – – – – – –



To me the devastation of this woman, her family, and the family finances was almost complete.  But people are amazing.  The lady went from full health to  minimal capabilities.  But!  she knows something that not many know:  how to access what help is available through the Federal Govt (Canada – – VISP).   She is determined to share that information, and to connect others like herself in whatever ways she is able to help.  (Keeping in mind that her ability to function has been permanently and severely compromised by the vaccinations.)  I wonder if I would do what she is doing, or would I cry in despair and isolation?)


NOTE:  I accessed the story a couple of times. You subscribe if you want more.  I can’t confirm that I correctly remembered the Lethbridge details, at the moment.  But I will.


Thank-you Western Standard!  I have not seen the Lethbridge story in mainstream news.


Speaking frankly, Lethbridge is a story of the Government destroying its own people, using propaganda and the jab.   It happens because you can’t defend yourself if you have no memory of what The Law is.  Or if you were never taught concepts protected by Our Laws (bodily autonomy for example).


But I am powerful.   So are you.


I consider it an humanitarian act to read the story of the woman from Lethbridge. Re-tell the story to others.  Guaranteed:  other people will be saved,  IF THEY KNOW the dangers.


The SECOND REPORT on pay-outs, injuries and deaths will be issued in

                  JUNE, 2023.  (The first Report was issued shortly before Christmas, 2022.)


Pay attention to the time spans.  The Second Report will cover a shorter time period.

The two Reports will be comparing apples and oranges, UNLESS correcting adjustments are made.

The FIRST REPORT was from inception of the Injury pay-outs (mid-2021) until the last month of 2022.

The SECOND REPORT will be the last month of 2022 until JUNE 1, 2023 – – roughly  6 months,  if nothing changes.


Reports that the Government would rather keep quiet are issued

  • On the Friday afternoon of a long weekend
  • And even better,  on Friday of the July 1st long weekend.

(For Canadians of long winter, ALL of July and August are holiday outdoor fun time, before September’s Back-to-school and Work.)

  • Shall we take bets?!   The Second Report will be issued ON Friday, June 30, 2023?!


We start NOW.   Our aim is to have as many people as we can,  alerted and watching for the SECOND REPORT.


We are the Counter-Propagandists!  




  • Do you know the JCCF?  They only take cases related to Covid wrongs.   The legal bills are all funded by citizen donations.  The recent news releases, updates on their court cases, are “charges dropped”, “charges stayed”, …   The plaintiffs in these cases would not have gotten to Court without the assistance of other Canadians.  People cannot afford to defend themselves.  What  a perfect recipe for tyranny!  (But not so when the citizen army starts to mobilize!)

– – –


  2. More than $2.7M paid to 50 claimants of serious injury connected to a vaccine in Canada (Reporter Alexandra Mae Jones.)
  3. Justice Centre for Constitutional Freedoms (JCCF),  


Cheers!  /Sandra

Apr 172023
March 13, 2018

Congress Receives Vaccine Safety Project Details Including Actions Needed for Sound Science and Transparency

Apr 042023

I heard about this thing that the Government has,  PIB’s (Personal Information Banks) for all of us, through “the Swift Current video” (

The video caused someone to input re  “PIB’s”.   I wanted to know:  WHAT information is in a PIB?  . . .    The information is Personal, but it is most certainly not Private.


Someone provided an overview of PIB’s, in response to the Swift Current video:   

          Dovetails with:

          The federal government has quietly begun the creation of Personal Information Banks (PIB) to collect and store data on Canadians.           We were not consulted nor informed about the creation or existence of these databases and they are being collected without our                     permission or knowledge. Categories of information include biometrics (DNA, blood type, eye/facial scan, fingerprints, etc), personal           biography, medical history, financial history, credit information, opinions or views of or about individuals, and much more.

          Here is a link to the government website describing the PIBs. Scroll to the last section for Categories of Information:

          The Canada Revenue Agency (CRA) has quietly added it to their Privacy Terms so that in order to submit an application for benefits,           such as the One-Time Housing Top Up they started offering in December, you must click that you agree to terms including “…being           described in Personal Information Bank (under development)” in order to submit your application. It is also a term in the Canada                Pension Plan (CPP) application. It quite likely will be a term for submitting your income tax return, so read those Privacy Terms                    when filing your taxes this year!

          The federal government is using the federal health transfers to bribe the premiers to adopt a Big Tech-style data-for-services health               care system. This means that your personal health records that used to be private and confidential between you and your doctor will           now be entered into the PIBs to be shared between the federal government, their stakeholders, and whoever else they decide can have           access […]

– – – – – – –

CLOSELY  RELATED    Please listen:

2023-03-02    Maria Ressa on facing down dictators, disinformation and standing up for democracy, Author “How to Stand Up to a Dictator”, Nobel Laureate.CBC Radio interview

– – – – – – –



copied on 2023-04-03,  11AM.  From near the bottom of the Government page: 

(INSERT, S:   And don’t forget What Edward Snowden confirmed:  the data collection includes everything.  Your phone calls, emails, and all social media communications.)

Categories of Personal Information

The Description section in a personal information bank (PIB) describes the personal information in the records to which the bank relates. Treasury Board Secretariat has established the following categories of personal information, which give examples of specific elements of personal information that fall under each category. The purpose of the categories is to reduce the number of personal information elements that need to be listed in the Description section. These categories are representative of the personal information collected by most institutions, and they now appear in many of the registered PIBs.

  • Biographical information (e.g. work history, curriculum vitae, family information, hobbies, interests, etc.)
  • Biometric information (e.g. blood type, eye or facial scan, DNA, finger / hand prints, etc.)
  • Contact information (e.g. work and / or home information, including postal and e-mail addresses, telephone, fax, cell phone numbers, etc.)
  • Citizenship status (e.g. citizen, landed immigrant, etc.)
  • Credit card information
  • Credit history (e.g. credit reports / scores, liens, bankruptcies, third-party collections, etc.)
  • Criminal checks / history (e.g. information related to criminal record checks, investigations, charges, conviction dates and locations, pardons, etc.)
  • Date of birth
  • Date of death
  • Employee identification number (e.g. Personal Record Identifier, RCMP regimental number, Canadian Forces service number, etc.)
  • Employment equity information (i.e. information about aboriginal peoples, members of visible minorities, persons with disabilities, and women)
  • Employee personnel information (e.g. records of attendance and leave, notices of disciplinary action, alternative work arrangements, decisions concerning compensation and fitness for work, official languages qualifications, salary, deductions, level of security clearance, performance reviews and appraisals, rating board assessments, including evaluation notes from staffing boards, training and development course applications and evaluations, etc.)
  • Financial information (e.g. income, investments, mortgages, loans, orders of garnishment, financial institution information for direct deposit and other banking purposes, including name and branch number of institution, account number(s) and name(s) on accounts, etc.)
  • Gender
  • Language (e.g. mother tongue, official and other languages, etc.)
  • Medical information (e.g. psychological assessments, physical disabilities, blood type, medical conditions, etc.)
  • Name (e.g. last name (surname/family name), given names (first, second or more), maiden name, nicknames, aliases, etc.)
  • Opinion or views of, or about, individuals   (I added the bold type.)
  • Other identification numbers (e.g. fishing license, driver’s license, etc.)
  • Photos
  • Physical attributes (e.g. height, weight, colour of hair and eyes, physical markings (scars, tattoos, body piercing), etc.)
  • Place of birth
  • Place of death
  • Signature
  • Social Insurance Number (SIN)


Apr 042023

Listen.  You will be rewarded!

Maria Ressa on facing down dictators, disinformation and standing up for democracy

Nobel Peace Prize-winning journalist Maria Ressa is a force to be reckoned with. She’s a celebrated investigative reporter whose recent memoir How To Stand Up to a Dictator outlines both her work exposing government corruption and misinformation in the Philippines, and the personal and legal attacks she’s faced as a result. She joins Chattopadhyay to talk about her latest legal victory, why we need to have more regulation of tech companies, how Canadians should think about threats to our country’s democratic process, and why she continues to warn the world about what she sees as very imminent threats posed by authoritarianism and disinformation.