Tag Archives: FISC

Infamous ‘Kodi Box’ Case Sees Man Pay Back Just £1 to the State

Post Syndicated from Andy original https://torrentfreak.com/infamous-kodi-box-case-sees-man-pay-back-just-1-to-the-state-180507/

In 2015, Middlesbrough-based shopkeeper Brian ‘Tomo’ Thompson shot into the headlines after being raided by police and Trading Standards in the UK.

Thompson had been selling “fully-loaded” piracy-configured Kodi boxes from his shop but didn’t think he’d done anything wrong.

“All I want to know is whether I am doing anything illegal. I know it’s a gray area but I want it in black and white,” he said.

Thompson started out with a particularly brave tone. He insisted he’d take the case to Crown Court and even to the European Court. His mission was show what was legal and what wasn’t, he said.

Very quickly, Thompson’s case took on great importance, with observers everywhere reporting on a potential David versus Goliath copyright battle for the ages. But Thompson’s case wasn’t straightforward.

The shopkeeper wasn’t charged with basic “making available” under the Copyrights, Designs and Patents Acts that would have found him guilty under the earlier BREIN v Filmspeler case. Instead, he stood accused of two offenses under section 296ZB of the Copyright, Designs and Patents Act, which deals with devices and services designed to “circumvent technological measures”.

In the end it was all moot. After entering his official ‘not guilty’ plea, last year Thompson suddenly changed his tune. He accepted the prosecution’s version of events, throwing himself at the mercy of the court with a guilty plea.

In October 2017, Teeside Crown Court heard that Thompson cost Sky around £200,000 in lost subscriptions while the shopkeeper made around £38,500 from selling the devices. But despite the fairly big numbers, Judge Peter Armstrong decided to go reasonably light on the 55-year-old, handing him an 18-month prison term, suspended for two years.

“I’ve come to the conclusion that in all the circumstances an immediate custodial sentence is not called for. But as a warning to others in future, they may not be so lucky,” the Judge said.

But things wouldn’t end there for Thompson.

In the UK, people who make money or obtain assets from criminal activity can be forced to pay back their profits, which are then confiscated by the state under the Proceeds of Crime Act (pdf). Almost anything can be taken, from straight cash to cars, jewellery and houses.

However, it appears that whatever cash Thompson earned from Kodi Box activities has long since gone.

During a Proceeds of Crime hearing reported on by Gazette Live, the Court heard that Thompson has no assets whatsoever so any confiscation order would have to be a small one.

In the end, Judge Simon Hickey decided that Thompson should forfeit a single pound, an amount that could increase if the businessman got lucky moving forward.

“If anything changes in the future, for instance if you win the lottery, it might come back,” the Judge said.

With that seeming particularly unlikely, perhaps this will be the end for Thompson. Considering the gravity and importance placed on his case, zero jail time and just a £1 to pay back will probably be acceptable to the 55-year-old and also a lesson to the authorities, who have gotten very little out of this expensive case.

Who knows, perhaps they might sum up the outcome using the same eight-letter word that Thompson can be seen half-covering in this photograph.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Friday Squid Blogging: The Symbiotic Relationship Between the Bobtail Squid and a Particular Microbe

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/02/the_symbiotic_r.html

This is the story of the Hawaiian bobtail squid and Vibrio fischeri.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Combine Transactional and Analytical Data Using Amazon Aurora and Amazon Redshift

Post Syndicated from Re Alvarez-Parmar original https://aws.amazon.com/blogs/big-data/combine-transactional-and-analytical-data-using-amazon-aurora-and-amazon-redshift/

A few months ago, we published a blog post about capturing data changes in an Amazon Aurora database and sending it to Amazon Athena and Amazon QuickSight for fast analysis and visualization. In this post, I want to demonstrate how easy it can be to take the data in Aurora and combine it with data in Amazon Redshift using Amazon Redshift Spectrum.

With Amazon Redshift, you can build petabyte-scale data warehouses that unify data from a variety of internal and external sources. Because Amazon Redshift is optimized for complex queries (often involving multiple joins) across large tables, it can handle large volumes of retail, inventory, and financial data without breaking a sweat.

In this post, we describe how to combine data in Aurora in Amazon Redshift. Here’s an overview of the solution:

  • Use AWS Lambda functions with Amazon Aurora to capture data changes in a table.
  • Save data in an Amazon S3
  • Query data using Amazon Redshift Spectrum.

We use the following services:

Serverless architecture for capturing and analyzing Aurora data changes

Consider a scenario in which an e-commerce web application uses Amazon Aurora for a transactional database layer. The company has a sales table that captures every single sale, along with a few corresponding data items. This information is stored as immutable data in a table. Business users want to monitor the sales data and then analyze and visualize it.

In this example, you take the changes in data in an Aurora database table and save it in Amazon S3. After the data is captured in Amazon S3, you combine it with data in your existing Amazon Redshift cluster for analysis.

By the end of this post, you will understand how to capture data events in an Aurora table and push them out to other AWS services using AWS Lambda.

The following diagram shows the flow of data as it occurs in this tutorial:

The starting point in this architecture is a database insert operation in Amazon Aurora. When the insert statement is executed, a custom trigger calls a Lambda function and forwards the inserted data. Lambda writes the data that it received from Amazon Aurora to a Kinesis data delivery stream. Kinesis Data Firehose writes the data to an Amazon S3 bucket. Once the data is in an Amazon S3 bucket, it is queried in place using Amazon Redshift Spectrum.

Creating an Aurora database

First, create a database by following these steps in the Amazon RDS console:

  1. Sign in to the AWS Management Console, and open the Amazon RDS console.
  2. Choose Launch a DB instance, and choose Next.
  3. For Engine, choose Amazon Aurora.
  4. Choose a DB instance class. This example uses a small, since this is not a production database.
  5. In Multi-AZ deployment, choose No.
  6. Configure DB instance identifier, Master username, and Master password.
  7. Launch the DB instance.

After you create the database, use MySQL Workbench to connect to the database using the CNAME from the console. For information about connecting to an Aurora database, see Connecting to an Amazon Aurora DB Cluster.

The following screenshot shows the MySQL Workbench configuration:

Next, create a table in the database by running the following SQL statement:

Create Table
CREATE TABLE Sales (
InvoiceID int NOT NULL AUTO_INCREMENT,
ItemID int NOT NULL,
Category varchar(255),
Price double(10,2), 
Quantity int not NULL,
OrderDate timestamp,
DestinationState varchar(2),
ShippingType varchar(255),
Referral varchar(255),
PRIMARY KEY (InvoiceID)
)

You can now populate the table with some sample data. To generate sample data in your table, copy and run the following script. Ensure that the highlighted (bold) variables are replaced with appropriate values.

#!/usr/bin/python
import MySQLdb
import random
import datetime

db = MySQLdb.connect(host="AURORA_CNAME",
                     user="DBUSER",
                     passwd="DBPASSWORD",
                     db="DB")

states = ("AL","AK","AZ","AR","CA","CO","CT","DE","FL","GA","HI","ID","IL","IN",
"IA","KS","KY","LA","ME","MD","MA","MI","MN","MS","MO","MT","NE","NV","NH","NJ",
"NM","NY","NC","ND","OH","OK","OR","PA","RI","SC","SD","TN","TX","UT","VT","VA",
"WA","WV","WI","WY")

shipping_types = ("Free", "3-Day", "2-Day")

product_categories = ("Garden", "Kitchen", "Office", "Household")
referrals = ("Other", "Friend/Colleague", "Repeat Customer", "Online Ad")

for i in range(0,10):
    item_id = random.randint(1,100)
    state = states[random.randint(0,len(states)-1)]
    shipping_type = shipping_types[random.randint(0,len(shipping_types)-1)]
    product_category = product_categories[random.randint(0,len(product_categories)-1)]
    quantity = random.randint(1,4)
    referral = referrals[random.randint(0,len(referrals)-1)]
    price = random.randint(1,100)
    order_date = datetime.date(2016,random.randint(1,12),random.randint(1,30)).isoformat()

    data_order = (item_id, product_category, price, quantity, order_date, state,
    shipping_type, referral)

    add_order = ("INSERT INTO Sales "
                   "(ItemID, Category, Price, Quantity, OrderDate, DestinationState, \
                   ShippingType, Referral) "
                   "VALUES (%s, %s, %s, %s, %s, %s, %s, %s)")

    cursor = db.cursor()
    cursor.execute(add_order, data_order)

    db.commit()

cursor.close()
db.close() 

The following screenshot shows how the table appears with the sample data:

Sending data from Amazon Aurora to Amazon S3

There are two methods available to send data from Amazon Aurora to Amazon S3:

  • Using a Lambda function
  • Using SELECT INTO OUTFILE S3

To demonstrate the ease of setting up integration between multiple AWS services, we use a Lambda function to send data to Amazon S3 using Amazon Kinesis Data Firehose.

Alternatively, you can use a SELECT INTO OUTFILE S3 statement to query data from an Amazon Aurora DB cluster and save it directly in text files that are stored in an Amazon S3 bucket. However, with this method, there is a delay between the time that the database transaction occurs and the time that the data is exported to Amazon S3 because the default file size threshold is 6 GB.

Creating a Kinesis data delivery stream

The next step is to create a Kinesis data delivery stream, since it’s a dependency of the Lambda function.

To create a delivery stream:

  1. Open the Kinesis Data Firehose console
  2. Choose Create delivery stream.
  3. For Delivery stream name, type AuroraChangesToS3.
  4. For Source, choose Direct PUT.
  5. For Record transformation, choose Disabled.
  6. For Destination, choose Amazon S3.
  7. In the S3 bucket drop-down list, choose an existing bucket, or create a new one.
  8. Enter a prefix if needed, and choose Next.
  9. For Data compression, choose GZIP.
  10. In IAM role, choose either an existing role that has access to write to Amazon S3, or choose to generate one automatically. Choose Next.
  11. Review all the details on the screen, and choose Create delivery stream when you’re finished.

 

Creating a Lambda function

Now you can create a Lambda function that is called every time there is a change that needs to be tracked in the database table. This Lambda function passes the data to the Kinesis data delivery stream that you created earlier.

To create the Lambda function:

  1. Open the AWS Lambda console.
  2. Ensure that you are in the AWS Region where your Amazon Aurora database is located.
  3. If you have no Lambda functions yet, choose Get started now. Otherwise, choose Create function.
  4. Choose Author from scratch.
  5. Give your function a name and select Python 3.6 for Runtime
  6. Choose and existing or create a new Role, the role would need to have access to call firehose:PutRecord
  7. Choose Next on the trigger selection screen.
  8. Paste the following code in the code window. Change the stream_name variable to the Kinesis data delivery stream that you created in the previous step.
  9. Choose File -> Save in the code editor and then choose Save.
import boto3
import json

firehose = boto3.client('firehose')
stream_name = ‘AuroraChangesToS3’


def Kinesis_publish_message(event, context):
    
    firehose_data = (("%s,%s,%s,%s,%s,%s,%s,%s\n") %(event['ItemID'], 
    event['Category'], event['Price'], event['Quantity'],
    event['OrderDate'], event['DestinationState'], event['ShippingType'], 
    event['Referral']))
    
    firehose_data = {'Data': str(firehose_data)}
    print(firehose_data)
    
    firehose.put_record(DeliveryStreamName=stream_name,
    Record=firehose_data)

Note the Amazon Resource Name (ARN) of this Lambda function.

Giving Aurora permissions to invoke a Lambda function

To give Amazon Aurora permissions to invoke a Lambda function, you must attach an IAM role with appropriate permissions to the cluster. For more information, see Invoking a Lambda Function from an Amazon Aurora DB Cluster.

Once you are finished, the Amazon Aurora database has access to invoke a Lambda function.

Creating a stored procedure and a trigger in Amazon Aurora

Now, go back to MySQL Workbench, and run the following command to create a new stored procedure. When this stored procedure is called, it invokes the Lambda function you created. Change the ARN in the following code to your Lambda function’s ARN.

DROP PROCEDURE IF EXISTS CDC_TO_FIREHOSE;
DELIMITER ;;
CREATE PROCEDURE CDC_TO_FIREHOSE (IN ItemID VARCHAR(255), 
									IN Category varchar(255), 
									IN Price double(10,2),
                                    IN Quantity int(11),
                                    IN OrderDate timestamp,
                                    IN DestinationState varchar(2),
                                    IN ShippingType varchar(255),
                                    IN Referral  varchar(255)) LANGUAGE SQL 
BEGIN
  CALL mysql.lambda_async('arn:aws:lambda:us-east-1:XXXXXXXXXXXXX:function:CDCFromAuroraToKinesis', 
     CONCAT('{ "ItemID" : "', ItemID, 
            '", "Category" : "', Category,
            '", "Price" : "', Price,
            '", "Quantity" : "', Quantity, 
            '", "OrderDate" : "', OrderDate, 
            '", "DestinationState" : "', DestinationState, 
            '", "ShippingType" : "', ShippingType, 
            '", "Referral" : "', Referral, '"}')
     );
END
;;
DELIMITER ;

Create a trigger TR_Sales_CDC on the Sales table. When a new record is inserted, this trigger calls the CDC_TO_FIREHOSE stored procedure.

DROP TRIGGER IF EXISTS TR_Sales_CDC;
 
DELIMITER ;;
CREATE TRIGGER TR_Sales_CDC
  AFTER INSERT ON Sales
  FOR EACH ROW
BEGIN
  SELECT  NEW.ItemID , NEW.Category, New.Price, New.Quantity, New.OrderDate
  , New.DestinationState, New.ShippingType, New.Referral
  INTO @ItemID , @Category, @Price, @Quantity, @OrderDate
  , @DestinationState, @ShippingType, @Referral;
  CALL  CDC_TO_FIREHOSE(@ItemID , @Category, @Price, @Quantity, @OrderDate
  , @DestinationState, @ShippingType, @Referral);
END
;;
DELIMITER ;

If a new row is inserted in the Sales table, the Lambda function that is mentioned in the stored procedure is invoked.

Verify that data is being sent from the Lambda function to Kinesis Data Firehose to Amazon S3 successfully. You might have to insert a few records, depending on the size of your data, before new records appear in Amazon S3. This is due to Kinesis Data Firehose buffering. To learn more about Kinesis Data Firehose buffering, see the “Amazon S3” section in Amazon Kinesis Data Firehose Data Delivery.

Every time a new record is inserted in the sales table, a stored procedure is called, and it updates data in Amazon S3.

Querying data in Amazon Redshift

In this section, you use the data you produced from Amazon Aurora and consume it as-is in Amazon Redshift. In order to allow you to process your data as-is, where it is, while taking advantage of the power and flexibility of Amazon Redshift, you use Amazon Redshift Spectrum. You can use Redshift Spectrum to run complex queries on data stored in Amazon S3, with no need for loading or other data prep.

Just create a data source and issue your queries to your Amazon Redshift cluster as usual. Behind the scenes, Redshift Spectrum scales to thousands of instances on a per-query basis, ensuring that you get fast, consistent performance even as your dataset grows to beyond an exabyte! Being able to query data that is stored in Amazon S3 means that you can scale your compute and your storage independently. You have the full power of the Amazon Redshift query model and all the reporting and business intelligence tools at your disposal. Your queries can reference any combination of data stored in Amazon Redshift tables and in Amazon S3.

Redshift Spectrum supports open, common data types, including CSV/TSV, Apache Parquet, SequenceFile, and RCFile. Files can be compressed using gzip or Snappy, with other data types and compression methods in the works.

First, create an Amazon Redshift cluster. Follow the steps in Launch a Sample Amazon Redshift Cluster.

Next, create an IAM role that has access to Amazon S3 and Athena. By default, Amazon Redshift Spectrum uses the Amazon Athena data catalog. Your cluster needs authorization to access your external data catalog in AWS Glue or Athena and your data files in Amazon S3.

In the demo setup, I attached AmazonS3FullAccess and AmazonAthenaFullAccess. In a production environment, the IAM roles should follow the standard security of granting least privilege. For more information, see IAM Policies for Amazon Redshift Spectrum.

Attach the newly created role to the Amazon Redshift cluster. For more information, see Associate the IAM Role with Your Cluster.

Next, connect to the Amazon Redshift cluster, and create an external schema and database:

create external schema if not exists spectrum_schema
from data catalog 
database 'spectrum_db' 
region 'us-east-1'
IAM_ROLE 'arn:aws:iam::XXXXXXXXXXXX:role/RedshiftSpectrumRole'
create external database if not exists;

Don’t forget to replace the IAM role in the statement.

Then create an external table within the database:

 CREATE EXTERNAL TABLE IF NOT EXISTS spectrum_schema.ecommerce_sales(
  ItemID int,
  Category varchar,
  Price DOUBLE PRECISION,
  Quantity int,
  OrderDate TIMESTAMP,
  DestinationState varchar,
  ShippingType varchar,
  Referral varchar)
ROW FORMAT DELIMITED
      FIELDS TERMINATED BY ','
LINES TERMINATED BY '\n'
LOCATION 's3://{BUCKET_NAME}/CDC/'

Query the table, and it should contain data. This is a fact table.

select top 10 * from spectrum_schema.ecommerce_sales

 

Next, create a dimension table. For this example, we create a date/time dimension table. Create the table:

CREATE TABLE date_dimension (
  d_datekey           integer       not null sortkey,
  d_dayofmonth        integer       not null,
  d_monthnum          integer       not null,
  d_dayofweek                varchar(10)   not null,
  d_prettydate        date       not null,
  d_quarter           integer       not null,
  d_half              integer       not null,
  d_year              integer       not null,
  d_season            varchar(10)   not null,
  d_fiscalyear        integer       not null)
diststyle all;

Populate the table with data:

copy date_dimension from 's3://reparmar-lab/2016dates' 
iam_role 'arn:aws:iam::XXXXXXXXXXXX:role/redshiftspectrum'
DELIMITER ','
dateformat 'auto';

The date dimension table should look like the following:

Querying data in local and external tables using Amazon Redshift

Now that you have the fact and dimension table populated with data, you can combine the two and run analysis. For example, if you want to query the total sales amount by weekday, you can run the following:

select sum(quantity*price) as total_sales, date_dimension.d_season
from spectrum_schema.ecommerce_sales 
join date_dimension on spectrum_schema.ecommerce_sales.orderdate = date_dimension.d_prettydate 
group by date_dimension.d_season

You get the following results:

Similarly, you can replace d_season with d_dayofweek to get sales figures by weekday:

With Amazon Redshift Spectrum, you pay only for the queries you run against the data that you actually scan. We encourage you to use file partitioning, columnar data formats, and data compression to significantly minimize the amount of data scanned in Amazon S3. This is important for data warehousing because it dramatically improves query performance and reduces cost.

Partitioning your data in Amazon S3 by date, time, or any other custom keys enables Amazon Redshift Spectrum to dynamically prune nonrelevant partitions to minimize the amount of data processed. If you store data in a columnar format, such as Parquet, Amazon Redshift Spectrum scans only the columns needed by your query, rather than processing entire rows. Similarly, if you compress your data using one of the supported compression algorithms in Amazon Redshift Spectrum, less data is scanned.

Analyzing and visualizing Amazon Redshift data in Amazon QuickSight

Modify the Amazon Redshift security group to allow an Amazon QuickSight connection. For more information, see Authorizing Connections from Amazon QuickSight to Amazon Redshift Clusters.

After modifying the Amazon Redshift security group, go to Amazon QuickSight. Create a new analysis, and choose Amazon Redshift as the data source.

Enter the database connection details, validate the connection, and create the data source.

Choose the schema to be analyzed. In this case, choose spectrum_schema, and then choose the ecommerce_sales table.

Next, we add a custom field for Total Sales = Price*Quantity. In the drop-down list for the ecommerce_sales table, choose Edit analysis data sets.

On the next screen, choose Edit.

In the data prep screen, choose New Field. Add a new calculated field Total Sales $, which is the product of the Price*Quantity fields. Then choose Create. Save and visualize it.

Next, to visualize total sales figures by month, create a graph with Total Sales on the x-axis and Order Data formatted as month on the y-axis.

After you’ve finished, you can use Amazon QuickSight to add different columns from your Amazon Redshift tables and perform different types of visualizations. You can build operational dashboards that continuously monitor your transactional and analytical data. You can publish these dashboards and share them with others.

Final notes

Amazon QuickSight can also read data in Amazon S3 directly. However, with the method demonstrated in this post, you have the option to manipulate, filter, and combine data from multiple sources or Amazon Redshift tables before visualizing it in Amazon QuickSight.

In this example, we dealt with data being inserted, but triggers can be activated in response to an INSERT, UPDATE, or DELETE trigger.

Keep the following in mind:

  • Be careful when invoking a Lambda function from triggers on tables that experience high write traffic. This would result in a large number of calls to your Lambda function. Although calls to the lambda_async procedure are asynchronous, triggers are synchronous.
  • A statement that results in a large number of trigger activations does not wait for the call to the AWS Lambda function to complete. But it does wait for the triggers to complete before returning control to the client.
  • Similarly, you must account for Amazon Kinesis Data Firehose limits. By default, Kinesis Data Firehose is limited to a maximum of 5,000 records/second. For more information, see Monitoring Amazon Kinesis Data Firehose.

In certain cases, it may be optimal to use AWS Database Migration Service (AWS DMS) to capture data changes in Aurora and use Amazon S3 as a target. For example, AWS DMS might be a good option if you don’t need to transform data from Amazon Aurora. The method used in this post gives you the flexibility to transform data from Aurora using Lambda before sending it to Amazon S3. Additionally, the architecture has the benefits of being serverless, whereas AWS DMS requires an Amazon EC2 instance for replication.

For design considerations while using Redshift Spectrum, see Using Amazon Redshift Spectrum to Query External Data.

If you have questions or suggestions, please comment below.


Additional Reading

If you found this post useful, be sure to check out Capturing Data Changes in Amazon Aurora Using AWS Lambda and 10 Best Practices for Amazon Redshift Spectrum


About the Authors

Re Alvarez-Parmar is a solutions architect for Amazon Web Services. He helps enterprises achieve success through technical guidance and thought leadership. In his spare time, he enjoys spending time with his two kids and exploring outdoors.

 

 

 

The Dangers of Secret Law

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/06/the_dangers_of_.html

Last week, the Department of Justice released 18 new FISC opinions related to Section 702 as part of an EFF FOIA lawsuit. (Of course, they don’t mention EFF or the lawsuit. They make it sound as if it was their idea.)

There’s probably a lot in these opinions. In one Kafkaesque ruling, a defendant was denied access to the previous court rulings that were used by the court to decide against it:

…in 2014, the Foreign Intelligence Surveillance Court (FISC) rejected a service provider’s request to obtain other FISC opinions that government attorneys had cited and relied on in court filings seeking to compel the provider’s cooperation.

[…]

The provider’s request came up amid legal briefing by both it and the DOJ concerning its challenge to a 702 order. After the DOJ cited two earlier FISC opinions that were not public at the time — one from 2014 and another from 2008­ — the provider asked the court for access to those rulings.

The provider argued that without being able to review the previous FISC rulings, it could not fully understand the court’s earlier decisions, much less effectively respond to DOJ’s argument. The provider also argued that because attorneys with Top Secret security clearances represented it, they could review the rulings without posing a risk to national security.

The court disagreed in several respects. It found that the court’s rules and Section 702 prohibited the documents release. It also rejected the provider’s claim that the Constitution’s Due Process Clause entitled it to the documents.

This kind of government secrecy is toxic to democracy. National security is important, but we will not survive if we become a country of secret court orders based on secret interpretations of secret law.

NSA Abandons "About" Searches

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/05/nsa_abandons_ab.html

Earlier this month, the NSA said that it would no longer conduct “about” searches of bulk communications data. This was the practice of collecting the communications of Americans based on keywords and phrases in the contents of the messages, not based on who they were from or to.

The NSA’s own words:

After considerable evaluation of the program and available technology, NSA has decided that its Section 702 foreign intelligence surveillance activities will no longer include any upstream internet communications that are solely “about” a foreign intelligence target. Instead, this surveillance will now be limited to only those communications that are directly “to” or “from” a foreign intelligence target. These changes are designed to retain the upstream collection that provides the greatest value to national security while reducing the likelihood that NSA will acquire communications of U.S. persons or others who are not in direct contact with one of the Agency’s foreign intelligence targets.

In addition, as part of this curtailment, NSA will delete the vast majority of previously acquired upstream internet communications as soon as practicable.

[…]

After reviewing amended Section 702 certifications and NSA procedures that implement these changes, the FISC recently issued an opinion and order, approving the renewal certifications and use of procedures, which authorize this narrowed form of Section 702 upstream internet collection. A declassification review of the FISC’s opinion and order, and the related targeting and minimization procedures, is underway.

A quick review: under Section 702 of the Patriot Act, the NSA seizes a copy of all communications moving through a telco — think e-mail and such — and searches it for particular senders, receivers, and — until recently — key words. This pretty clearly violates the Fourth Amendment, and groups like the EFF have been fighting the NSA in court about this for years. The NSA has also had problems in the FISA court about these searches, and cites “inadvertent compliance incidents” related to this.

We might learn more about this change. Again, from the NSA’s statement:

After reviewing amended Section 702 certifications and NSA procedures that implement these changes, the FISC recently issued an opinion and order, approving the renewal certifications and use of procedures, which authorize this narrowed form of Section 702 upstream internet collection. A declassification review of the FISC’s opinion and order, and the related targeting and minimization procedures, is underway.

And the EFF is still fighting for more NSA surveillance reforms.

New – USASpending.gov on an Amazon RDS Snapshot

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/new-usaspending-gov-on-an-amazon-rds-snapshot/

My colleague Jed Sundwall runs the AWS Public Datasets program. He wrote the guest post below to tell you about an important new dataset that is available as an Amazon RDS Snapshot. In the post, Jed introduces the dataset and shows you how to create an Amazon RDS DB Instance from the snapshot.

Jeff;


I am very excited to announce that, starting today, the entire public USAspending.gov database is available for anyone to copy via Amazon Relational Database Service (RDS). USAspending.gov data includes data on all spending by the federal government, including contracts, grants, loans, employee salaries, and more. The data is available via a PostgreSQL snapshot, which provides bulk access to the entire USAspending.gov database, and is updated nightly. At this time, the database includes all USAspending.gov for the second quarter of fiscal year 2017, and data going back to the year 2000 will be added over the summer. You can learn more about the database and how to access it on its AWS Public Dataset landing page.

Through the AWS Public Datasets program, we work with AWS customers to experiment with ways that the cloud can make data more accessible to more people. Most of our AWS Public Datasets are made available through Amazon S3 because of its tremendous flexibility and ability to scale to serve any volume of any kind of data files. What’s exciting about the USAspending.gov database is that it provides a great example of how Amazon RDS can be used to share an entire relational database quickly and easily. Typically, sharing a relational database requires extract, transfer, and load (ETL) processes that require redundant storage capacity, time for data transfer, and often scripts to migrate your database schema from one database engine to another. ETL processes can be so intimidating and cumbersome that they’re effectively impossible for many people to carry out.

By making their data available as a public Amazon RDS snapshot, the team at USASPending.gov has made it easy for anyone to get a copy of their entire production database for their own use within minutes. This will be useful for researchers and businesses who want to work with real data about all US Government spending and quickly combine it with their own data or other data resources.

Deploying the USASpending.gov Database Using the AWS Management Console
Let’s go through the steps involved in deploying the database in your AWS account using the AWS Management Console.

  1. Sign in to the AWS Management Console and select the US East (N. Virginia) region in the menu bar.
  2. Open the Amazon RDS Console and choose Snapshots in the navigation pane.
  3. In the filter for the search bar, select All Public Snapshots and search for 515495268755:
  4. Select the snapshot named arn:aws:rds:us-east-1:515495268755:snapshot:usaspending-db.
  5. Select Snapshot Actions -> Restore Snapshot. Select an instance size, and enter the other details, then click on Restore DB Instance.
  6. You will see that a DB Instance is being created from the snapshot, within your AWS account.
  7. After a few minutes, the status of the instance will change to Available.
  8. You can see the endpoint for your database on the main page along with other useful info:

Deploying the USASpending.gov Database Using the AWS CLI
You can also install the AWS Command Line Interface (CLI) and use it to create a DB Instance from the snapshot. Here’s a sample command:

$ aws rds restore-db-instance-from-db-snapshot --db-instance-identifier my-test-db-cli \
  --db-snapshot-identifier arn:aws:rds:us-east-1:515495268755:snapshot:usaspending-db \
  --region us-east-1

This will give you an ARN (Amazon Resource Name) that you can use to reference the DB Instance. For example:

$ aws rds describe-db-instances \
  --db-instance-identifier arn:aws:rds:us-east-1:917192695859:db:my-test-db-cli

This command will display the Endpoint.Address that you use to connect to the database.

Connecting to the DB Instance
After following the AWS Management Console or AWS CLI instructions above, you will have access to the full USAspending.gov database within this Amazon RDS DB instance, and you can connect to it using any PostgreSQL client using the following credentials:

  • Username: root
  • Password: password
  • Database: data_store_api

If you use psql, you can access the database using this command:

$ psql -h my-endpoint.rds.amazonaws.com -U root -d data_store_api

You should change the database password after you log in:

ALTER USER "root" WITH ENCRYPTED PASSWORD '{new password}';

If you can’t connect to your instance but think you should be able to, you may need to check your VPC Security Groups and make sure inbound and outbound traffic on the port (usually 5432) is allowed from your IP address.

Exploring the Data
The USAspending.gov data is very rich, so it will be hard to do it justice in this blog post, but hopefully these queries will give you an idea of what’s possible. To learn about the contents of the database, please review the USAspending.gov Data Dictionary.

The following query will return the total amount of money the government is obligated to pay for contracts awarded by NASA that include “Mars” or “Martian” in the description of the award:

select sum(total_obligation) from awards, subtier_agency 
  where (awards.description like '% MARTIAN %' OR awards.description like '% MARS %') 
  AND subtier_agency.name = 'National Aeronautics and Space Administration';

As I write this, the result I get for this query is $55,411,025.42. Note that the database is updated nightly and will include more historical data in the coming months, so you may get a different result if you run this query.

Now, here’s the same query, but looking for awards with “Jupiter” or “Jovian” in the description:

select sum(total_obligation) from awards, subtier_agency
  where (awards.description like '%JUPITER%' OR awards.description like '%JOVIAN%') 
  AND subtier_agency.name = 'National Aeronautics and Space Administration';

The result I get is $14,766,392.96.

Questions & Comments
I’m looking forward to seeing what people can do with this data. If you have any questions about the data, please create an issue on the USAspending.gov API’s issue tracker on GitHub.

— Jed

The TSA’s Selective Laptop Ban

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/03/the_tsas_select.html

Last Monday, the TSA announced a peculiar new security measure to take effect within 96 hours. Passengers flying into the US on foreign airlines from eight Muslim countries would be prohibited from carrying aboard any electronics larger than a smartphone. They would have to be checked and put into the cargo hold. And now the UK is following suit.

It’s difficult to make sense of this as a security measure, particularly at a time when many people question the veracity of government orders, but other explanations are either unsatisfying or damning.

So let’s look at the security aspects of this first. Laptop computers aren’t inherently dangerous, but they’re convenient carrying boxes. This is why, in the past, TSA officials have demanded passengers turn their laptops on: to confirm that they’re actually laptops and not laptop cases emptied of their electronics and then filled with explosives.

Forcing a would-be bomber to put larger laptops in the plane’s hold is a reasonable defense against this threat, because it increases the complexity of the plot. Both the shoe-bomber Richard Reid and the underwear bomber Umar Farouk Abdulmutallab carried crude bombs aboard their planes with the plan to set them off manually once aloft. Setting off a bomb in checked baggage is more work, which is why we don’t see more midair explosions like Pan Am Flight 103 over Lockerbie, Scotland, in 1988.

Security measures that restrict what passengers can carry onto planes are not unprecedented either. Airport security regularly responds to both actual attacks and intelligence regarding future attacks. After the liquid bombers were captured in 2006, the British banned all carry-on luggage except passports and wallets. I remember talking with a friend who traveled home from London with his daughters in those early weeks of the ban. They reported that airport security officials confiscated every tube of lip balm they tried to hide.

Similarly, the US started checking shoes after Reid, installed full-body scanners after Abdulmutallab and restricted liquids in 2006. But all of those measure were global, and most lessened in severity as the threat diminished.

This current restriction implies some specific intelligence of a laptop-based plot and a temporary ban to address it. However, if that’s the case, why only certain non-US carriers? And why only certain airports? Terrorists are smart enough to put a laptop bomb in checked baggage from the Middle East to Europe and then carry it on from Europe to the US.

Why not require passengers to turn their laptops on as they go through security? That would be a more effective security measure than forcing them to check them in their luggage. And lastly, why is there a delay between the ban being announced and it taking effect?

Even more confusing, the New York Times reported that “officials called the directive an attempt to address gaps in foreign airport security, and said it was not based on any specific or credible threat of an imminent attack.” The Department of Homeland Security FAQ page makes this general statement, “Yes, intelligence is one aspect of every security-related decision,” but doesn’t provide a specific security threat. And yet a report from the UK states the ban “follows the receipt of specific intelligence reports.”

Of course, the details are all classified, which leaves all of us security experts scratching our heads. On the face of it, the ban makes little sense.

One analysis painted this as a protectionist measure targeted at the heavily subsidized Middle Eastern airlines by hitting them where it hurts the most: high-paying business class travelers who need their laptops with them on planes to get work done. That reasoning makes more sense than any security-related explanation, but doesn’t explain why the British extended the ban to UK carriers as well. Or why this measure won’t backfire when those Middle Eastern countries turn around and ban laptops on American carriers in retaliation. And one aviation official told CNN that an intelligence official informed him it was not a “political move.”

In the end, national security measures based on secret information require us to trust the government. That trust is at historic low levels right now, so people both in the US and other countries are rightly skeptical of the official unsatisfying explanations. The new laptop ban highlights this mistrust.

This essay previously appeared on CNN.com.

EDITED TO ADD: Here are two essays that look at the possible political motivations, and fallout, of this ban. And the EFF rightly points out that letting a laptop out of your hands and sight is itself a security risk — for the passenger.

Ready-to-Run Solutions: Open Source Software in AWS Marketplace

Post Syndicated from Ana Visneski original https://aws.amazon.com/blogs/aws/ready-to-run-solutions-open-source-software-in-aws-marketplace/

There are lot’s of exciting things going on in the AWS Marketplace. Here to tell you more about open source software in the marketplace are Matthew Freeman and Luis Daniel Soto.

– Ana


According to industry research, enterprise use of open source software (OSS) is on the rise. More and more corporate-based developers are asking to use available OSS libraries as part of ongoing development efforts at work. These individuals may be using OSS in their own projects (i.e. evenings and weekends), and naturally want to bring to work the tools and techniques that help them elsewhere.

Consequently, development organizations in all sectors are examining the case for using open source software for applications within their own IT infrastructures as well as in the software they sell. In this Overview, we’ll show you why obtaining your open source software through AWS makes sense from a development and fiscal perspective.

Open Source Development Process
Because open source software is generally developed in independent communities of participants, acquiring and managing software versions is usually done through online code repositories. With code coming from disparate sources, it can be challenging to get the code libraries and development tools to work well together. But AWS Marketplace lets you skip this process and directly launch EC2 instances with the OSS you want. AWS Marketplace also has distributions of Linux that you can use as the foundation for your OSS solution.

Preconfigured Stacks Give You an Advantage
While we may take this 1-Click launch ability for granted with commercial software, for OSS, having preconfigured AMIs is a huge advantage. AWS Marketplace gives software companies that produce combinations or “stacks” of the most popular open source software a location from which these stacks can be launched into the AWS cloud. Companies such as TurnKey and Bitnami use their OSS experts to configure and optimize these code stacks so that the software works well together. These companies stay current with new releases of the OSS, and update their stacks accordingly as soon as new versions are available. Some of these companies also offer cloud hosting infrastructures as a paid service to make it even easier to launch and manage cloud-based servers.

As an example, one of the most popular combinations of open source software is the LAMP stack, which consists of a Linux distribution, Apache Web Server, a MySQL database, and the PHP programming library. You can select a generic LAMP stack based on the Linux distribution you prefer, then install your favorite development tools and libraries.

You would then add to it any adjustments to the underlying software that you need or want to make for your application to run as expected. For example, you may want to change the memory allocations for the application, or change the maximum file upload size in the PHP settings.

You could select an OSS application stack that contains the LAMP elements plus a single application such as WordPress, Moodle, or Joomla!®. These stacks would be configured by the vendor with optimal settings for that individual application so that it runs smoothly, with sufficient memory and disk allocations based on the application requirements. This is where stack vendors excel in providing added value to the basic software provisioning.

You might instead choose a generic LAMP stack because you need to combine multiple applications on a single server that use common components. For example, WordPress has plugins that allow it to interoperate with Moodle directly. Both applications use Apache Web Server, PHP, and MySQL. You save time by starting with the LAMP stack, and configuring the components individually as needed for WordPress and Moodle to work well together.

These are just 2 real-world examples of how you could use a preconfigured solution from AWS Marketplace and adapt it to your own needs.

OSS in AWS Marketplace
AWS Marketplace is one of the largest sites for obtaining and deploying OSS tools, applications, and servers. Here are some of the other categories in which OSS is available.

  • Application Development and Test Tools. You can find on AWS Marketplace solutions and CloudFormation templates for EC2 servers configured with application frameworks such as Zend, ColdFusion, Ruby on Rails, and Node.js. You’ll also find popular OSS choices for development and testing tools, supporting agile software development with key product such as Jenkins for test automation, Bugzilla for issue tracking, Subversion for source code management and configuration management tools. Learn more »
  • Infrastructure Software. The successful maintenance and protection of your network is critical to your business success. OSS libraries such as OpenLDAP and OpenVPN make it possible to launch a cloud infrastructure to accompany or entirely replace an on-premises network. From offerings dedicated to handling networking and security processing to security-hardened individual servers, AWS Marketplace has numerous security solutions available to assist you in meeting the security requirements for different workloads. Learn more »
  • Database and Business Intelligence. Including OSS database, data management and open data catalog solutions. Business Intelligence and advanced analytics software can help you make sense of the data coming from transactional systems, sensors, cell phones, and a whole range of Internet-connected devices. Learn more »
  • Business Software. Availability, agility, and flexibility are key to running business applications in the cloud. Companies of all sizes want to simplify infrastructure management, deploy more quickly, lower cost, and increase revenue. Business Software running on Linux provides these key metrics. Learn more »
  • Operating Systems. AWS Marketplace has a wide variety of operating systems from FreeBSD, minimal and security hardened Linux installations to specialized distributions for security and scientific work. Learn more »

How to Get Started with OSS on AWS Marketplace
Begin by identifying the combination of software you want, and enter keywords in the Search box at the top of the AWS Marketplace home screen to find suitable offerings.

Or if you want to browse by category, just click “Shop All Categories” and select from the list.

Once you’ve made your initial search or selection, there are nearly a dozen ways to filter the results until the best candidates remain. For example, you can select your preferred Linux distribution by expanding the All Linux filter to help you find the solutions that run on that distribution. You can also filter for Free Trials, Software Pricing Plans, EC2 Instance Types, AWS Region, Average Rating, and so on.

Click on the title of the listing to see the details of that offering, including pricing, regions, product support, and links to the seller’s website. When you’ve made your selections, and you’re ready to launch the instance, click Continue, and log into your account.

Because you log in, AWS Marketplace can detect the presence of existing security groups, key pairs, and VPC settings. Make adjustments on the Launch on EC2 page, then click Accept Software Terms & Launch with 1-Click, and your instance will launch immediately.

If you prefer you can do a Manual Launch using the AWS Console with the selection you’ve made, or start the instance using the API or command line interface (CLI). Either way, your EC2 instance is up and running within minutes.

Flexibility with Pay-As-You-Go Pricing
You pay Amazon EC2 usage costs plus per hour (or per month or annual) and, if applicable, commercial open source software fees directly through your AWS account. As a result, using AWS Marketplace is one of the fastest and easiest ways to get your OSS software up and running.

Visit http://aws.amazon.com/mp/oss to learn more about open source software on AWS Marketplace.

Matthew Freeman, Category Development Lead, AWS Marketplace
Luis Daniel Soto, Sr. Category GTM Leader, AWS Marketplace

Frequently Asked Questions About Compliance in the AWS Cloud

Post Syndicated from Chad Woolf original https://blogs.aws.amazon.com/security/post/Tx2M9XYV2FNQ483/Frequently-Asked-Questions-About-Compliance-in-the-AWS-Cloud

Every month, AWS Compliance fields thousands of questions about how to achieve and maintain compliance in the cloud. Among other things, customers are eager to take advantage of the cost savings and security at scale that AWS offers while still maintaining robust security and regulatory compliance. Because regulations across industries and geographies can be complex, we thought it might be helpful to share answers to some of the frequently asked questions we hear about compliance in the AWS cloud, as well as to clear up potential misconceptions about how operating in the cloud might affect compliance.

Is AWS compliant with [Program X]?

Context is required to answer this question. In all cases, customers operating in the cloud remain responsible for complying with applicable laws and regulations, and it is up to you to determine whether AWS services meet applicable requirements for your business. To help you make this determination, we have enacted assurance programs across multiple industries and jurisdictions to inform and support AWS customers. We think about these assurance programs across the following three broad categories.

1. Certifications and attestations

Compliance certifications and attestations (evidence showing that something is true) are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance.

Assurance programs in this category include:

2. Laws and regulations

AWS customers remain responsible for complying with applicable compliance laws and regulations. In some cases, AWS offers functionality (such as security features), enablers, and legal agreements (such as the AWS Data Processing Agreement and Business Associate Agreement) to support customer compliance. Requirements under applicable laws and regulations may not be subject to certification or attestation.

Assurance programs in this category include:

3. Alignments and frameworks

Compliance alignments and frameworks include published security or compliance requirements for a specific purpose, such as a specific industry or function. AWS provides functionality (such as security features) and enablers (including compliance playbooks, mapping documents, and whitepapers) for these types of programs.

Requirements under specific alignments and frameworks may not be subject to certification or attestation; however, some alignments and frameworks are covered by other compliance programs. (for instance, NIST guidelines can be mapped to applicable FedRAMP security baselines).

Assurance programs in this category include:

How does AWS separate the responsibilities that they cover from the ones I still need to maintain around my compliance program?

AWS operates on the AWS Shared Responsibility Model. While AWS manages security of the cloud, customers remain responsible for compliance and security in the cloud. You retain control of the security you choose to implement to protect your content, platform, applications, systems, and networks, and you are responsible for meeting specific compliance and regulatory requirements.

Learn more about the AWS Shared Responsibility Model by watching the following video.

What’s an example of an AWS community focused on compliance?

AWS recently released a publicly available GitHub repository for AWS Config Rules. All members of the AWS community can contribute to this repository to help make effective and useful Config Rules. You can tap into the collective ingenuity and expertise of the entire AWS community to automate your compliance checks. For more information, see Announcing the AWS Config Rules Repository: A New Community-Based Source of Custom Rules for AWS Config.

What is AWS’s formal security incident response plan?

AWS’s formally documented incident response plan addresses purpose, scope, roles, responsibilities, and management commitment. It has been developed in alignment with ISO 27001 and NIST 800-53 standards. AWS has implemented the following three-phased approach to incident management:

  1. AWS detects an incident.  
  2. Specialized teams address the incident.
  3. AWS conducts a postmortem and deep root-cause analysis of the incident.

Mechanisms are in place to allow the customer support team to be notified of operational issues that impact the customer experience. A Service Health Dashboard is available and maintained by the customer support team to alert customers to any issues that may be of broad impact. The AWS incident management program is reviewed by independent external auditors during audits of AWS’s SOC, PCI DSS, ISO 27001, and FedRAMP compliance.

How often does AWS issue SOC reports and when does the next one become available?

AWS issues two SOC 1 and SOC 2 reports covering 6-month periods each year (the first report covers October 1 through March 31, and the other covers April 1 through September 30). There are many factors that play into the release date of the report, but we target early May and early November each year to release new reports. Our downloadable AWS SOC 3 Report is issued annually and is released along with the May SOC 1 and SOC 2 reports.

Please contact us with questions about using AWS products in a compliant manner, or if you’d like to learn more about compliance in the cloud, see the AWS Cloud Compliance website.

– Chad

Key Charities That Advance Software Freedom Are Worthy of Your Urgent Support

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2016/01/25/fsf-conservancy.html

[ This blog was crossposted
on Software Freedom Conservancy’s website
. ]

I’ve had the pleasure and the privilege, for the last 20 years, to be
either a volunteer or employee of the two most important organizations
for the advance of software freedom and users’ rights to copy, share,
modify and redistribute software. In 1996, I began volunteering for the
Free Software Foundation (FSF) and worked as its Executive Director from
2001–2005. I continued as a volunteer for the FSF since then, and
now serve as a volunteer on FSF’s Board of Directors. I was also one
of the first volunteers for Software Freedom Conservancy when we founded it
in 2006, and I was the primary person doing the work of the organization as
a volunteer from 2006–2010. I’ve enjoyed having a day job as a
Conservancy employee since 2011.

These two organizations have been the center of my life’s work. Between
them, I typically spend 50–80 hours every single week doing a mix of
paid and volunteer work. Both my hobby and my career
are advancing software freedom.

I choose to give my time and work to these organizations because they
provide the infrastructure that make my work possible. The Free Software
community has shown that the work of many individuals, who care deeply
about a cause but cooperate together toward a common goal, has an impact
greater than any individuals can ever have
working separately. The same is often true for cooperating organizations:
charities, like Conservancy and the FSF, that work together with each other
amplify their impact beyond the expected.

Both Conservancy and the FSF pursue specific and differing approaches and
methods to the advancement of software freedom. The FSF is an advocacy
organization that raises awareness about key issues that impact the future
of users’ freedoms and rights, and finds volunteers and pays staff to
advocate about these issues. Conservancy is a fiscal sponsor, which means
one of our key activities is operational work, meeting the logistical and
organizational needs of volunteers so they can focus on the production of
great Free Software and Free Documentation. Meanwhile, both Conservancy
and FSF dedicated themselves to sponsoring software projects: the FSF
through the GNU project, and Conservancy
through its member
projects
. And, most importantly, both charities stand up for the
rights of users by enforcing and defending copyleft licenses such as the
GNU GPL.

Conservancy and the FSF show in concrete terms that two charities can work
together to increase their impact. Last year, our organizations
collaborated on many projects, such as
the proposed
FCC rule changes for wireless devices
, jointly handled
a GPL
enforcement action against Canonical, Ltd.
,
published the
principles of community-oriented GPL enforcement
, and continued our
collaboration on copyleft.org. We’re
already discussing lots of ways that the two organizations can work
together in 2016!

Your browser does not support the video element. Perhaps you
can view the video on
Youtube
or download it directly?

I’m proud to give so much of my time and energy to both these excellent
organizations. But, I also give my money as well: I was the first person
in history to become an Associate Member
of the FSF
(back in November 2002), and have gladly paid my monthly
dues since then. Today, I also signed up as an
annual Supporter of
Conservancy
, because I’m want to ensure that Conservancy’s meets its
current pledge match — the next 215 Supporters who sign up before
January 31st will double their donation via the match.

For just US$20 each month, you make sure the excellent work of both these
organizations can continue. This is quite a deal: if you are employed,
University-educated professional living in the industrialized world,
US$20 is probably the same amount you’d easily spend on a meals at
restaurants or other luxuries. Isn’t it even a better luxury to know that
these two organizations can have employ a years’ worth of effort of
standing up for your software freedom in 2016? You can make the real
difference by making your charitable contribution to these two
organizations today:

Conservancy’s Supporter program
FSF’s Associate Membership program
Please don’t wait: both fundraising deadlines are just
six days away!

Subjective explainer: gun debate in the US

Post Syndicated from Michal Zalewski original http://lcamtuf.blogspot.com/2015/10/subjective-explainer-gun-debate-in-us.html

In the wake of the tragic events in Roseburg, I decided to briefly return to the topic of looking at the US culture from the perspective of a person born in Europe. In particular, I wanted to circle back to the topic of firearms.

Contrary to popular beliefs, the United States has witnessed a dramatic decline in violence over the past 20 years. In fact, when it comes to most types of violent crime – say, robbery, assault, or rape – the country now compares favorably to the UK and many other OECD nations. But as I explored in my earlier posts, one particular statistic – homicide – is still registering about three times as high as in many other places within the EU.

The homicide epidemic in the United States has a complex nature and overwhelmingly affects ethnic minorities and other disadvantaged social groups; perhaps because of this, the phenomenon sees very little honest, public scrutiny. It is propelled into the limelight only in the wake of spree shootings and other sickening, seemingly random acts of terror; such incidents, although statistically insignificant, take a profound mental toll on the American society. At the same time, the effects of high-profile violence seem strangely short-lived: they trigger a series of impassioned political speeches, invariably focusing on the connection between violence and guns – but the nation soon goes back to business as usual, knowing full well that another massacre will happen soon, perhaps the very same year.

On the face of it, this pattern defies all reason – angering my friends in Europe and upsetting many brilliant and well-educated progressives in the US. They utter frustrated remarks about the all-powerful gun lobby and the spineless politicians, blaming the partisan gridlock for the failure to pass even the most reasonable and toothless gun control laws. I used to be in the same camp; today, I think the reality is more complex than that.

To get to the bottom of this mystery, it helps to look at the spirit of radical individualism and classical liberalism that remains the national ethos of the United States – and in fact, is enjoying a degree of resurgence unseen for many decades prior. In Europe, it has long been settled that many individual liberties – be it the freedom of speech or the natural right to self-defense – can be constrained to advance even some fairly far-fetched communal goals. On the old continent, such sacrifices sometimes paid off, and sometimes led to atrocities; but the basic premise of European collectivism is not up for serious debate. In America, the same notion certainly cannot be taken for granted today.

When it comes to firearm ownership in particular, the country is facing a fundamental choice between two possible realities:

A largely disarmed society that depends on the state to protect it from almost all harm, and where citizens are generally not permitted to own guns without presenting a compelling cause. In this model, adopted by many European countries, firearms tend to be less available to common criminals – simply by the virtue of limited supply and comparatively high prices in black market trade. At the same time, it can be argued that any nation subscribing to this doctrine becomes more vulnerable to foreign invasion or domestic terror, should its government ever fail to provide adequate protection to all citizens. Disarmament can also limit civilian recourse against illegitimate, totalitarian governments – a seemingly outlandish concern, but also a very fresh memory for many European countries subjugated not long ago under the auspices of the Soviet Bloc.

A well-armed society where firearms are available to almost all competent adults, and where the natural right to self-defense is subject to few constraints. This is the model currently employed in the United States, where it arises from the straightfoward, originalist interpretation of the Second Amendment – as recognized by roughly 75% of all Americans and affirmed by the Supreme Court. When following such a doctrine, a country will likely witness greater resiliency in the face of calamities or totalitarian regimes. At the same time, its citizens might have to accept some inherent, non-trivial increase in violent crime due to the prospect of firearms more easily falling into the wrong hands.

It seems doubtful that a viable middle-ground approach can exist in the United States. With more than 300 million civilian firearms in circulation, most of them in unknown hands, the premise of reducing crime through gun control would inevitably and critically depend on some form of confiscation; without such drastic steps, the supply of firearms to the criminal underground or to unfit individuals would not be disrupted in any meaningful way. Because of this, intellectual integrity requires us to look at many of the legislative proposals not only through the prism of their immediate utility, but also to give consideration to the societal model they are likely to advance.

And herein lies the problem: many of the current “common-sense” gun control proposals have very little merit when considered in isolation. There is scant evidence that reinstating the ban on military-looking semi-automatic rifles (“assault weapons”), or rolling out the prohibition on private sales at gun shows, would deliver measurable results. There is also no compelling reason to believe that ammo taxes, firearm owner liability insurance, mandatory gun store cameras, firearm-free school zones, bans on open carry, or federal gun registration can have any impact on violent crime. And so, the debate often plays out like this:

At the same time, by the virtue of making weapons more difficult, expensive, and burdensome to own, many of the legislative proposals floated by progressives would probably gradually erode the US gun culture; intentionally or not, their long-term outcome would be a society less passionate about firearms and more willing to follow in the footsteps of Australia or the UK. Only as we cross that line and confiscate hundreds of millions of guns, it’s fathomable – yet still far from certain – that we would see a sharp drop in homicides.

This method of inquiry helps explain the visceral response from gun rights advocates: given the legislation’s dubious benefits and its predicted long-term consequences, many pro-gun folks are genuinely worried that making concessions would eventually mean giving up one of their cherished civil liberties – and on some level, they are right.

Some feel that this argument is a fallacy, a tell tale invented by a sinister corporate “gun lobby” to derail the political debate for personal gain. But the evidence of such a conspiracy is hard to find; in fact, it seems that the progressives themselves often fan the flames. In the wake of Roseburg, both Barack Obama and Hillary Clinton came out praising the confiscation-based gun control regimes employed in Australia and the UK – and said that they would like the US to follow suit. Depending on where you stand on the issue, it was either an accidental display of political naivete, or the final reveal of their sinister plan. For the latter camp, the ultimate proof of a progressive agenda came a bit later: in response to the terrorist attack in San Bernardino, several eminent Democratic-leaning newspapers published scathing editorials demanding civilian disarmament while downplaying the attackers’ connection to Islamic State.

Another factor that poisons the debate is that despite being highly educated and eloquent, the progressive proponents of gun control measures are often hopelessly unfamiliar with the very devices they are trying to outlaw:

I’m reminded of the widespread contempt faced by Senator Ted Stevens following his attempt to compare the Internet to a “series of tubes” as he was arguing against net neutrality. His analogy wasn’t very wrong – it just struck a nerve as simplistic and out-of-date. My progressive friends did not react the same way when Representative Carolyn McCarthy – one of the key proponents of the ban on assault weapons – showed no understanding of the supposedly lethal firearm features she was trying to eradicate. Such bloopers are not rare, too; not long ago, Mr. Bloomberg, one of the leading progressive voices on gun control in America, argued against semi-automatic rifles without understanding how they differ from the already-illegal machine guns:

Yet another example comes Representative Diana DeGette, the lead sponsor of a “common-sense” bill that sought to prohibit the manufacture of magazines with capacity over 15 rounds. She defended the merits of her legislation while clearly not understanding how a magazine differs from ammunition – or that the former can be reused:

“I will tell you these are ammunition, they’re bullets, so the people who have those know they’re going to shoot them, so if you ban them in the future, the number of these high capacity magazines is going to decrease dramatically over time because the bullets will have been shot and there won’t be any more available.”

Treating gun ownership with almost comical condescension has become vogue among a good number of progressive liberals. On a campaign stop in San Francisco, Mr. Obama sketched a caricature of bitter, rural voters who “cling to guns or religion or antipathy to people who aren’t like them”. Not much later, one Pulitzer Prize-winning columnist for The Washington Post spoke of the Second Amendment as “the refuge of bumpkins and yeehaws who like to think they are protecting their homes against imagined swarthy marauders desperate to steal their flea-bitten sofas from their rotting front porches”. Many of the newspaper’s readers probably had a good laugh – and then wondered why it has gotten so difficult to seek sensible compromise.

There are countless dubious and polarizing claims made by the supporters of gun rights, too; examples include a recent NRA-backed tirade by Dana Loesch denouncing the “godless left”, or the constant onslaught of conspiracy theories spewed by Alex Jones and Glenn Beck. But when introducing new legislation, the burden of making educated and thoughtful arguments should rest on its proponents, not other citizens. When folks such as Bloomberg prescribe sweeping changes to the American society while demonstrating striking ignorance about the topics they want to regulate, they come across as elitist and flippant – and deservedly so.

Given how controversial the topic is, I think it’s wise to start an open, national conversation about the European model of gun control and the risks and benefits of living in an unarmed society. But it’s also likely that such a debate wouldn’t last very long. Progressive politicians like to say that the dialogue is impossible because of the undue influence of the National Rifle Association – but as I discussed in my earlier blog posts, the organization’s financial resources and power are often overstated: it does not even make it onto the list of top 100 lobbyists in Washington, and its support comes mostly from member dues, not from shadowy business interests or wealthy oligarchs. In reality, disarmament just happens to be a very unpopular policy in America today: the support for gun ownership is very strong and has been growing over the past 20 years – even though hunting is on the decline.

Perhaps it would serve the progressive movement better to embrace the gun culture – and then think of ways to curb its unwanted costs. Addressing inner-city violence, especially among the disadvantaged youth, would quickly bring the US homicide rate much closer to the rest of the highly developed world. But admitting the staggering scale of this social problem can be an uncomfortable and politically charged position to hold. For Democrats, it would be tantamount to singling out minorities. For Republicans, it would be just another expansion of the nanny state.

PS. If you are interested in a more systematic evaluation of the scale, the impact, and the politics of gun ownership in the United States, you may enjoy an earlier entry on this blog. Or, if you prefer to read my entire series comparing the life in Europe and in the US, try this link.

Subjective explainer: gun debate in the US

Post Syndicated from Michal Zalewski original http://lcamtuf.blogspot.com/2015/10/subjective-explainer-gun-debate-in-us.html

In the wake of the tragic events in Roseburg, I decided to briefly return to the topic of looking at the US culture from the perspective of a person born in Europe. In particular, I wanted to circle back to the topic of firearms.

Contrary to popular beliefs, the United States has witnessed a dramatic decline in violence over the past 20 years. In fact, when it comes to most types of violent crime – say, robbery, assault, or rape – the country now compares favorably to the UK and many other OECD nations. But as I explored in my earlier posts, one particular statistic – homicide – is still registering about three times as high as in many other places within the EU.

The homicide epidemic in the United States has a complex nature and overwhelmingly affects ethnic minorities and other disadvantaged social groups; perhaps because of this, the phenomenon sees very little honest, public scrutiny. It is propelled into the limelight only in the wake of spree shootings and other sickening, seemingly random acts of terror; such incidents, although statistically insignificant, take a profound mental toll on the American society. At the same time, the effects of high-profile violence seem strangely short-lived: they trigger a series of impassioned political speeches, invariably focusing on the connection between violence and guns – but the nation soon goes back to business as usual, knowing full well that another massacre will happen soon, perhaps the very same year.

On the face of it, this pattern defies all reason – angering my friends in Europe and upsetting many brilliant and well-educated progressives in the US. They utter frustrated remarks about the all-powerful gun lobby and the spineless politicians, blaming the partisan gridlock for the failure to pass even the most reasonable and toothless gun control laws. I used to be in the same camp; today, I think the reality is more complex than that.

To get to the bottom of this mystery, it helps to look at the spirit of radical individualism and classical liberalism that remains the national ethos of the United States – and in fact, is enjoying a degree of resurgence unseen for many decades prior. In Europe, it has long been settled that many individual liberties – be it the freedom of speech or the natural right to self-defense – can be constrained to advance even some fairly far-fetched communal goals. On the old continent, such sacrifices sometimes paid off, and sometimes led to atrocities; but the basic premise of European collectivism is not up for serious debate. In America, the same notion certainly cannot be taken for granted today.

When it comes to firearm ownership in particular, the country is facing a fundamental choice between two possible realities:

A largely disarmed society that depends on the state to protect it from almost all harm, and where citizens are generally not permitted to own guns without presenting a compelling cause. In this model, adopted by many European countries, firearms tend to be less available to common criminals – simply by the virtue of limited supply and comparatively high prices in black market trade. At the same time, it can be argued that any nation subscribing to this doctrine becomes more vulnerable to foreign invasion or domestic terror, should its government ever fail to provide adequate protection to all citizens. Disarmament can also limit civilian recourse against illegitimate, totalitarian governments – a seemingly outlandish concern, but also a very fresh memory for many European countries subjugated not long ago under the auspices of the Soviet Bloc.

A well-armed society where firearms are available to almost all competent adults, and where the natural right to self-defense is subject to few constraints. This is the model currently employed in the United States, where it arises from the straightfoward, originalist interpretation of the Second Amendment – as recognized by roughly 75% of all Americans and affirmed by the Supreme Court. When following such a doctrine, a country will likely witness greater resiliency in the face of calamities or totalitarian regimes. At the same time, its citizens might have to accept some inherent, non-trivial increase in violent crime due to the prospect of firearms more easily falling into the wrong hands.

It seems doubtful that a viable middle-ground approach can exist in the United States. With more than 300 million civilian firearms in circulation, most of them in unknown hands, the premise of reducing crime through gun control would inevitably and critically depend on some form of confiscation; without such drastic steps, the supply of firearms to the criminal underground or to unfit individuals would not be disrupted in any meaningful way. Because of this, intellectual integrity requires us to look at many of the legislative proposals not only through the prism of their immediate utility, but also to give consideration to the societal model they are likely to advance.

And herein lies the problem: many of the current “common-sense” gun control proposals have very little merit when considered in isolation. There is scant evidence that reinstating the ban on military-looking semi-automatic rifles (“assault weapons”), or rolling out the prohibition on private sales at gun shows, would deliver measurable results. There is also no compelling reason to believe that ammo taxes, firearm owner liability insurance, mandatory gun store cameras, firearm-free school zones, bans on open carry, or federal gun registration can have any impact on violent crime. And so, the debate often plays out like this:

At the same time, by the virtue of making weapons more difficult, expensive, and burdensome to own, many of the legislative proposals floated by progressives would probably gradually erode the US gun culture; intentionally or not, their long-term outcome would be a society less passionate about firearms and more willing to follow in the footsteps of Australia or the UK. Only as we cross that line and confiscate hundreds of millions of guns, it’s fathomable – yet still far from certain – that we would see a sharp drop in homicides.

This method of inquiry helps explain the visceral response from gun rights advocates: given the legislation’s dubious benefits and its predicted long-term consequences, many pro-gun folks are genuinely worried that making concessions would eventually mean giving up one of their cherished civil liberties – and on some level, they are right.

Some feel that this argument is a fallacy, a tell tale invented by a sinister corporate “gun lobby” to derail the political debate for personal gain. But the evidence of such a conspiracy is hard to find; in fact, it seems that the progressives themselves often fan the flames. In the wake of Roseburg, both Barack Obama and Hillary Clinton came out praising the confiscation-based gun control regimes employed in Australia and the UK – and said that they would like the US to follow suit. Depending on where you stand on the issue, it was either an accidental display of political naivete, or the final reveal of their sinister plan. For the latter camp, the ultimate proof of a progressive agenda came a bit later: in response to the terrorist attack in San Bernardino, several eminent Democratic-leaning newspapers published scathing editorials demanding civilian disarmament while downplaying the attackers’ connection to Islamic State.

Another factor that poisons the debate is that despite being highly educated and eloquent, the progressive proponents of gun control measures are often hopelessly unfamiliar with the very devices they are trying to outlaw:

I’m reminded of the widespread contempt faced by Senator Ted Stevens following his attempt to compare the Internet to a “series of tubes” as he was arguing against net neutrality. His analogy wasn’t very wrong – it just struck a nerve as simplistic and out-of-date. My progressive friends did not react the same way when Representative Carolyn McCarthy – one of the key proponents of the ban on assault weapons – showed no understanding of the supposedly lethal firearm features she was trying to eradicate. Such bloopers are not rare, too; not long ago, Mr. Bloomberg, one of the leading progressive voices on gun control in America, argued against semi-automatic rifles without understanding how they differ from the already-illegal machine guns:

Yet another example comes Representative Diana DeGette, the lead sponsor of a “common-sense” bill that sought to prohibit the manufacture of magazines with capacity over 15 rounds. She defended the merits of her legislation while clearly not understanding how a magazine differs from ammunition – or that the former can be reused:

“I will tell you these are ammunition, they’re bullets, so the people who have those know they’re going to shoot them, so if you ban them in the future, the number of these high capacity magazines is going to decrease dramatically over time because the bullets will have been shot and there won’t be any more available.”

Treating gun ownership with almost comical condescension has become vogue among a good number of progressive liberals. On a campaign stop in San Francisco, Mr. Obama sketched a caricature of bitter, rural voters who “cling to guns or religion or antipathy to people who aren’t like them”. Not much later, one Pulitzer Prize-winning columnist for The Washington Post spoke of the Second Amendment as “the refuge of bumpkins and yeehaws who like to think they are protecting their homes against imagined swarthy marauders desperate to steal their flea-bitten sofas from their rotting front porches”. Many of the newspaper’s readers probably had a good laugh – and then wondered why it has gotten so difficult to seek sensible compromise.

There are countless dubious and polarizing claims made by the supporters of gun rights, too; examples include a recent NRA-backed tirade by Dana Loesch denouncing the “godless left”, or the constant onslaught of conspiracy theories spewed by Alex Jones and Glenn Beck. But when introducing new legislation, the burden of making educated and thoughtful arguments should rest on its proponents, not other citizens. When folks such as Bloomberg prescribe sweeping changes to the American society while demonstrating striking ignorance about the topics they want to regulate, they come across as elitist and flippant – and deservedly so.

Given how controversial the topic is, I think it’s wise to start an open, national conversation about the European model of gun control and the risks and benefits of living in an unarmed society. But it’s also likely that such a debate wouldn’t last very long. Progressive politicians like to say that the dialogue is impossible because of the undue influence of the National Rifle Association – but as I discussed in my earlier blog posts, the organization’s financial resources and power are often overstated: it does not even make it onto the list of top 100 lobbyists in Washington, and its support comes mostly from member dues, not from shadowy business interests or wealthy oligarchs. In reality, disarmament just happens to be a very unpopular policy in America today: the support for gun ownership is very strong and has been growing over the past 20 years – even though hunting is on the decline.

Perhaps it would serve the progressive movement better to embrace the gun culture – and then think of ways to curb its unwanted costs. Addressing inner-city violence, especially among the disadvantaged youth, would quickly bring the US homicide rate much closer to the rest of the highly developed world. But admitting the staggering scale of this social problem can be an uncomfortable and politically charged position to hold. For Democrats, it would be tantamount to singling out minorities. For Republicans, it would be just another expansion of the nanny state.

PS. If you are interested in a more systematic evaluation of the scale, the impact, and the politics of gun ownership in the United States, you may enjoy an earlier entry on this blog. Or, if you prefer to read my entire series comparing the life in Europe and in the US, try this link.

Poland vs the United States: firearms

Post Syndicated from Michal Zalewski original http://lcamtuf.blogspot.com/2015/06/poland-vs-united-states-firearms.html

This is the fourth article in a short series about Poland, Europe, and the United States. To explore the entire series, click here.

I spent roughly half of my adult life in Poland; for the other half, we lived in the United States. Because of this, my Polish friends sometimes ask about the cultural differences between the two countries. I always struggle to answer on the spot, so I decided to explore some of the most striking dissimilarities in a series of short blog posts. It’s only fitting to start with guns.

Although you won’t see this brought up by any gun control advocate, Poland has long had some of the strictest firearms regimes in the world – surpassed only by a handful of countries such as Rwanda, Niger, Japan, and North Korea. The roots of this policy are difficult to pinpoint, but it may have had to do with the years of foreign partitions, followed by the Soviet-imposed communist rule; in those trying times, private militias must have been seen as a grave threat to the social order and to the personal safety of the ruling class. Whatever the original reasoning, the effects are plain to see: in today’s Poland, there is almost no tradition of gun ownership or hobby shooting sports; the country averages just around one firearm per 100 residents, compared to almost seven in the UK, fifteen in Australia, sixteen in the Czech Republic, or thirty in Austria, Iceland, Finland, and Germany. It’s likely that most Poles do not even know anyone who legally owns a gun.

In many ways, the United States may seem like the polar opposite: we have enough privately-owned firearms to equip every single man, woman, and child. In much of the country, there is no permitting process for new purchases and no registration requirements for handguns, rifles, or shotguns. The weapons can be bought at trade shows, given to family members, or loaned to friends. Long guns and ammo can be bought in sporting stores or at Walmart. And sure, if you want to have AR-15 just because it looks like fun, you can; indeed, many people get it for that reason alone.

In America, the right to bear arms is an ancient tradition going all the way back to the early days of the republic. Its constitutional standing is not very different from that of freedom of speech; there is ample evidence that the Founding Fathers envisioned the Second Amendment as the ultimate way to forever protect all other personal liberties, to resist feudal subjugation, and as to ensure the sovereignty of the fledgling country. Although several other, collectivist interpretations of the Second Amendment have been put forward by progressive thinkers, their efforts have not been successful; today, roughly 75% of all Americans believe that the Constitution gives them a well-defined, individual right to own a gun, and the Supreme Court has sided with their views.

In the minds of some citizens, the Second Amendment is still the only thing that stands between freedom and tyranny, be it at the hands of foreign powers or their own government run amok; but for many others, gun ownership is simply an empowering family hobby pursued at any of the tens of thousands shooting ranges all across the United States. In a country populated far less densely than Europe, there is also a clear utilitarian aspect to it all: especially for rural populations, rifles are seen as a necessity for defending one’s property against wild animals or scaring away criminals or drunken thugs. Across much of the US, the right to protect yourself with deadly force – without having to retreat or to submit to an assailant – is seen as a fundamental human right.

Of course, all this comes at a price: even though it is overall a very safe country, the US leads the highly developed world in homicides, the bulk of which are committed with guns. The causes of this phenomenon are complex, deeply intertwined with the American psyche and the unique structure of the society; the fashionable practice of placing the blame squarely on the easy availability of firearms does not hold up to closer scrutiny. Nevertheless, it would be dishonest to claim that broad gun ownership comes at no cost to the American public. Some of the most vivid pictures seared into people’s minds are the infrequent but soul-crushing school shootings. A more everyday occurrence are police encounters that end tragically because of the presumption that any suspects – even children – may be armed to their teeth.

Over the last century, the worries about gun violence – the bulk of which traces back to drug trade and gang activity – has led to increasing federal and state regulation of firearms. It is probable that some of these rules ended up saving lives with little practical harm to civil liberties; examples of this may include restrictions on fully-automatic weapons or the requirement for seamless background checks. But many other legislative efforts attempted to dismantle or substantially reinterpret the Second Amendment in an emotional response to individual tragedies – and without having an honest, national debate about the amendment’s lasting value to the American society. One can mention Chicago, Washington D.C., and San Francisco, all of which attempted to impose blanket bans on handgun ownership. Another good example is New Orleans, where the officials went as far as going door to door and forcibly confiscating firearms in the wake of hurricane Katrina; their intentions may have been pure, but in light of the case law and the prevailing libertarian sentiments that still resonate with many Americans, the wisdom of that gun grab seemed dubious at best.

In recent years, such zealous approaches inevitably meet their end in the courtroom – as noted earlier, judges, much to gun control advocates’ chagrin, see the awkwardly-worded Second Amendment as a proclamation of a very clear, individual right. If anything, the zeal of anti-gun activists has made it harder to have a reasonable discussion about gun rights, and enshrined the confusing and half-baked status quo. The constant onslaught of hastily-written legislation, coupled with erratic enforcement of the existing statutes, creates a toxic atmosphere where many firearms enthusiasts and interest groups feel that their freedom is under assault – and that the only way to avoid gradual erosion of constitutional rights is to fight each and every new proposal tooth and nail. One of the sticking points for the National Rifle Association is that federal gun registries would make it easy for the “baddies” to confiscate all firearms in the country. To many, this seemingly preposterous idea rings a lot less hollow after the New Orleans incident.

In Europe, and in Poland in particular, gun laws in the US are often seen as a deranged product of a powerful gun lobby that works against the will and to the detriment of normal citizens; some progressive politicians, scholars, and pundits in the US adopt the same view, demanding new gun restrictions without first winning the hearts and minds of fellow Americans. But when buying into this narrative, it is easy to overlook that the lobby in question is funded chiefly not by large corporations or the super-rich, but by ordinary citizens – and that it enjoys steady popular support, with approval ratings far higher than most politicians can claim.

In my younger years, I remember being entranced by “Bowling for Columbine”, viscerally hating the National Rifle Association, and shaking my head in disbelief at the stereotype of gun-totting, trigger-happy Americans. Today, I see the reality as far more nuanced – and if forced to take sides in this fascinating and emotional clash between collectivism and civil rights, I’m far less certain that collectivism would get my vote.

The article continues with a closer look at the costs and politics of gun ownership in the US; for the second part, click here.

Poland vs the United States: firearms

Post Syndicated from Michal Zalewski original http://lcamtuf.blogspot.com/2015/06/poland-vs-united-states-firearms.html

This is the fourth article in a short series about Poland, Europe, and the United States. To explore the entire series, click here.

I spent roughly half of my adult life in Poland; for the other half, we lived in the United States. Because of this, my Polish friends sometimes ask about the cultural differences between the two countries. I always struggle to answer on the spot, so I decided to explore some of the most striking dissimilarities in a series of short blog posts. It’s only fitting to start with guns.

Although you won’t see this brought up by any gun control advocate, Poland has long had some of the strictest firearms regimes in the world – surpassed only by a handful of countries such as Rwanda, Niger, Japan, and North Korea. The roots of this policy are difficult to pinpoint, but it may have had to do with the years of foreign partitions, followed by the Soviet-imposed communist rule; in those trying times, private militias must have been seen as a grave threat to the social order and to the personal safety of the ruling class. Whatever the original reasoning, the effects are plain to see: in today’s Poland, there is almost no tradition of gun ownership or hobby shooting sports; the country averages just around one firearm per 100 residents, compared to almost seven in the UK, fifteen in Australia, sixteen in the Czech Republic, or thirty in Austria, Iceland, Finland, and Germany. It’s likely that most Poles do not even know anyone who legally owns a gun.

In many ways, the United States may seem like the polar opposite: we have enough privately-owned firearms to equip every single man, woman, and child. In much of the country, there is no permitting process for new purchases and no registration requirements for handguns, rifles, or shotguns. The weapons can be bought at trade shows, given to family members, or loaned to friends. Long guns and ammo can be bought in sporting stores or at Walmart. And sure, if you want to have AR-15 just because it looks like fun, you can; indeed, many people get it for that reason alone.

In America, the right to bear arms is an ancient tradition going all the way back to the early days of the republic. Its constitutional standing is not very different from that of freedom of speech; there is ample evidence that the Founding Fathers envisioned the Second Amendment as the ultimate way to forever protect all other personal liberties, to resist feudal subjugation, and as to ensure the sovereignty of the fledgling country. Although several other, collectivist interpretations of the Second Amendment have been put forward by progressive thinkers, their efforts have not been successful; today, roughly 75% of all Americans believe that the Constitution gives them a well-defined, individual right to own a gun, and the Supreme Court has sided with their views.

In the minds of some citizens, the Second Amendment is still the only thing that stands between freedom and tyranny, be it at the hands of foreign powers or their own government run amok; but for many others, gun ownership is simply an empowering family hobby pursued at any of the tens of thousands shooting ranges all across the United States. In a country populated far less densely than Europe, there is also a clear utilitarian aspect to it all: especially for rural populations, rifles are seen as a necessity for defending one’s property against wild animals or scaring away criminals or drunken thugs. Across much of the US, the right to protect yourself with deadly force – without having to retreat or to submit to an assailant – is seen as a fundamental human right.

Of course, all this comes at a price: even though it is overall a very safe country, the US leads the highly developed world in homicides, the bulk of which are committed with guns. The causes of this phenomenon are complex, deeply intertwined with the American psyche and the unique structure of the society; the fashionable practice of placing the blame squarely on the easy availability of firearms does not hold up to closer scrutiny. Nevertheless, it would be dishonest to claim that broad gun ownership comes at no cost to the American public. Some of the most vivid pictures seared into people’s minds are the infrequent but soul-crushing school shootings. A more everyday occurrence are police encounters that end tragically because of the presumption that any suspects – even children – may be armed to their teeth.

Over the last century, the worries about gun violence – the bulk of which traces back to drug trade and gang activity – has led to increasing federal and state regulation of firearms. It is probable that some of these rules ended up saving lives with little practical harm to civil liberties; examples of this may include restrictions on fully-automatic weapons or the requirement for seamless background checks. But many other legislative efforts attempted to dismantle or substantially reinterpret the Second Amendment in an emotional response to individual tragedies – and without having an honest, national debate about the amendment’s lasting value to the American society. One can mention Chicago, Washington D.C., and San Francisco, all of which attempted to impose blanket bans on handgun ownership. Another good example is New Orleans, where the officials went as far as going door to door and forcibly confiscating firearms in the wake of hurricane Katrina; their intentions may have been pure, but in light of the case law and the prevailing libertarian sentiments that still resonate with many Americans, the wisdom of that gun grab seemed dubious at best.

In recent years, such zealous approaches inevitably meet their end in the courtroom – as noted earlier, judges, much to gun control advocates’ chagrin, see the awkwardly-worded Second Amendment as a proclamation of a very clear, individual right. If anything, the zeal of anti-gun activists has made it harder to have a reasonable discussion about gun rights, and enshrined the confusing and half-baked status quo. The constant onslaught of hastily-written legislation, coupled with erratic enforcement of the existing statutes, creates a toxic atmosphere where many firearms enthusiasts and interest groups feel that their freedom is under assault – and that the only way to avoid gradual erosion of constitutional rights is to fight each and every new proposal tooth and nail. One of the sticking points for the National Rifle Association is that federal gun registries would make it easy for the “baddies” to confiscate all firearms in the country. To many, this seemingly preposterous idea rings a lot less hollow after the New Orleans incident.

In Europe, and in Poland in particular, gun laws in the US are often seen as a deranged product of a powerful gun lobby that works against the will and to the detriment of normal citizens; some progressive politicians, scholars, and pundits in the US adopt the same view, demanding new gun restrictions without first winning the hearts and minds of fellow Americans. But when buying into this narrative, it is easy to overlook that the lobby in question is funded chiefly not by large corporations or the super-rich, but by ordinary citizens – and that it enjoys steady popular support, with approval ratings far higher than most politicians can claim.

In my younger years, I remember being entranced by “Bowling for Columbine”, viscerally hating the National Rifle Association, and shaking my head in disbelief at the stereotype of gun-totting, trigger-happy Americans. Today, I see the reality as far more nuanced – and if forced to take sides in this fascinating and emotional clash between collectivism and civil rights, I’m far less certain that collectivism would get my vote.

The article continues with a closer look at the costs and politics of gun ownership in the US; for the second part, click here.

The Change in My Role at Conservancy

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2014/03/31/karen-conservancy.html

Today, Conservancy
announced the addition of Karen Sandler to our management team
. This
addition to Conservancy’s staff will greatly improve Conservancy’s
ability to help Conservancy’s many member projects.

This outcome is one I’ve been working towards for a long time. I’ve
focused for at least a year on
fundraising for
Conservancy
in hopes that we could hire a third full-time staffer.
For the last few years, I’ve been doing basically two full-time jobs,
since I’ve needed to give my personal attention to virtually everything
Conservancy does. This obviously doesn’t scale, so my focus has been on
increasing capacity at Conservancy to serve more projects better.

I (and the entire Board of Directors of Conservancy) have often worried if
I were to disappear, leave Conservancy (or otherwise just drop dead),
Conservancy might not survive without me. Such heavy reliance on one
person is a bug, not a feature, in an organization. That’s why I worked so
hard to recruit Karen Sandler as Conservancy’s new Executive Director.
Admittedly, she helped create Conservancy and has been involved since its
inception. But, having her full-time on staff is a great step forward:
there’s no single point of failure anymore.

It’s somewhat difficult for me to relinquish some of my personal control
over Conservancy. I have been mostly responsible for building Conservancy
from a small unstaffed “thin” fiscal sponsor into a
“full-service” fiscal sponsor that provides virtually any work
that a Free Software project requests. Much of that has been thanks to my
work, and it’s tough to let someone else take that over.

However, handing off the Executive Director position to Karen specifically
made this transition easy. Put simply, I trust Karen, and I recruited her
personally to take over (one of) my job(s). She really believes in
software freedom in the way that I do, and she’s taught me at
least half the things I know about non-profit organizational management.
We’ve collaborated on so many projects and have been friends and colleagues
— through both rough and easy times — for nearly a decade.
While I think I’m justified in saying I did a pretty good job as
Conservancy’s Executive Director, Karen will do an even better job than I
did.

I’m not stepping aside completely from Conservancy management, though.
I’m continuing in the role of President and I remain on the Board of
Directors. I’ll be involved with all strategic decisions for the
organization, and I’ll be the primary manager for a few of Conservancy’s
program activities: including at least
the non-profit accounting
project

and Conservancy’s
license enforcement activities
. My primary staff role, however, will
now be under the title “Distinguished Technologist” — a
title we borrowed from HP. The basic idea behind this job at
Conservancy is that my day-to-day work helps the organization understand
the technology of Free Software and how it relates to Conservancy’s work.
As an initial matter, I suspect that my focus for the next few years is
going to be the
non-profit accounting
project
, since that’s the most urgent place where Free Software is
inadequately providing technological solutions for Conservancy’s work.
(Now, more than ever, I urge you
to donate to that
campaign
, since it will become a major component of funding my
day-to-day work. 🙂

I’m somewhat surprised that, even in the six hours since this
announcement, I’ve already received emails from Conservancy member project
representatives worded as if they expect they won’t hear from me anymore.
While, indeed, I’ll cease to be the front-line contact person for issues
related to Conservancy’s work, Conservancy and its operations will remain
my focus. Karen and I plan a collaborative management style for the
organization, so I suspect for many things, Karen will brief me about
what’s going on and will seek my input. That said, I’m looking forward to
a time very soon when most Conservancy management decisions won’t primarily
be mine anymore. I’m grateful for Karen, as I know that the two of us
running Conservancy together will make a great working environment for both
of us, and I really believe that she and I as a management team are greater
than the sum of our parts.

Related Links

Conservancy’s
announcement of Karen’s joining
.
Karen’s
blog post about joining Conservancy
.
GNOME
Foundation’s announce of Karen’s departure
.
thread
on GNOME’s foundation-list about Karen’s departure from GNOME Foundation
.

Conservancy Activity Summary, 2010-10-01 to 2010-12-31

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2011/01/02/conservancy-1.html

[ Crossposted
from Conservancy’s
blog
. ]

I had hoped to blog more regularly about my work at Conservancy, and
hopefully I’ll do better in the coming year. But now seems a good time
to summarize what has happened with Conservancy since I started my
full-time volunteer stint as Executive Director from 2010-10-01 until
2010-12-31.

New Members

We excitedly announced in the last few months two new Conservancy
member
projects, PyPy
and Git.
Thinking of PyPy connects me back to my roots in Computer Science: in
graduate school, I focused on research about programming language
infrastructure and, in particular, virtual machines and language
runtimes. PyPy is a project that connects Conservancy to lots of
exciting programming language research work of that nature, and I’m glad
they’ve joined.

For its part, Git rounds out a group of three DVCS projects that are
now Conservancy members; Conservancy is now the home of Darcs, Git, and
Mercurial. Amusingly, when I reminded the Git developers when they
applied that their “competition” were members, the Git
developers told me that they were inspired to apply because these other
DVCS’ had been happy in Conservancy. That’s a reminder that the
software freedom community remains a place where projects — even
that might seem on the surface as competitors — seek to get along
and work together whenever possible. I’m glad Conservancy now hosts all
these projects together.

Meanwhile, I remain in active discussions with five projects that have
been offered membership in Conservancy. As I always tell new projects,
joining Conservancy is a big step for a project, so it often takes time
for communities to discuss the details of Conservancy’s Fiscal
Sponsorship Agreement. It may be some time before these five projects
join, and perhaps they’ll ultimately decide not to join. However, I’ll
continue to help them make the right decision for their project, even if
joining a different fiscal sponsor (or not joining one at all) is the
ultimately right choice.

Also, about once every two weeks, another inquiry about joining
Conservancy comes in. We won’t be able to accept all the projects that
are interested, but hopefully many can become members of
Conservancy.

Annual Filings

In the late fall, I finished up Conservancy’s 2010 filings. Annual
filings for a non-profit can be an administrative rat-hole at times, but
the level of transparency they create for an organization makes them worth
it.
Conservancy’s FY
2009 Federal Form 990

and FY
2009 New York CHAR-500
are up
on Conservancy’s filing
page
. I always make the filings available on our own website; I wish
other non-profits would do this. It’s so annoying to have to go to a
third-party source to grab these documents. (Although New York State, to
its credit, makes all
the NY
NPO filings available on its website
.)

Conservancy filed a Form 990-EZ in FY 2009. If you take a look, I’d
encourage you to direct the most attention to Part III (which is on the
top of page 2) to see most of Conservancy’s program activities between
2008-03-01 to 2009-02-28.

In FY 2010, Conservancy will move from the New York State requirement
of “limited financial review” to “full audit“
(see page 4 of the CHAR-500 for the level requirements). Conservancy
had so little funds in FY 2007 that it wasn’t required to file a Form 990 at all.
Now, just three years later, there is enough revenue to warrant a full
audit. However, I’ve already begun preparing myself for all the
administrative work that will entail.

Project Growth and Funding

Those increases in revenue are related to growth in many of
Conservancy’s projects. 2010 marked the beginning of the first
full-time funding of a developer by Conservancy. Specifically, since
June, Matt
Mackall has been funded through directed donations to Conservancy to
work full-time on Mercurial
.
Matt blogs once a month (under
topic of Mercurial Fellowship Update)
about his work,
but, more directly,
the hundreds
of changesets that Matt’s committed really show
the advantages of
funding projects through Conservancy.

Conservancy is also collecting donations and managing funding for
various part-time development initiatives by many developers.
Developers of jQuery, Sugar Labs, and Twisted have all recently received
regular development funding through Conservancy. An important part of
my job is making sure these developers receive funding and report the
work clearly and fully to the community of donors (and the general
public) that fund this work.

But, as usual with Conservancy, it’s handling of the “many little
things” for projects that make a big difference and sometimes
takes the most time. In late 2010, Conservancy handled funding for Code
Sprints and conferences for
the Mercurial, Darcs,
and jQuery. In addition, jQuery
held a conference in
Boston in October
, for which Conservancy handled all the financial
details. I was fortunate to be able to attend the conference and meet
many of the jQuery developers in person for the first time. Wine also
held their annual conference in November 2010, and Conservancy handled
the venue details and reimbursements to many of travelers to the
conference.

Also, as always, Conservancy project contributors regularly attend
other conferences related to their projects. At least a few times a
month, Conservancy reimburses developers for travel to speak and attend
important conferences related to their projects.

Google Summer of Code

Since its inception, Google’s Summer of Code (SoC) program has been one
of the most important philanthropy programs for Open Source and Free
Software projects. In 2010, eight Conservancy projects (and 5% of the
entire SoC program) participated in SoC. The SoC program funds college
students for the summer to contribute to the projects, and an
experienced contributor to project mentors each student. A $500 stipend
is paid to the non-profit organization of the project for each project
contributor who mentors a student.

Furthermore, there’s an annual conference, in October, of all the
mentors, with travel funded by Google. This is a really valuable
conference, since it’s one of the few places where very disparate Free
Software projects that usually wouldn’t interact can meet up in one
place. I attended this year’s Soc Mentor Summit and hope to attend
again next year.

I’m really going to be urging all Conservancy’s projects to take
advantage of the SoC program in 2011. The level of funding given out by
Google for this program is higher than any other open-application
funding program for
FLOSS.
While Google’s selfish motives are clear (the program presumably helps
them recruit young programmers to hire), the benefit to Free Software
community of the program can nevertheless not be ignored.

GPL Enforcement

GPL Enforcement,
primarily for our BusyBox member
project, remains an active focus of Conservancy. Work regarding the
lawsuit continues. It’s been more than a year since Conservancy filed a
lawsuit against fourteen defendants who manufacture embedded devices
that included BusyBox without source nor an offer for source. Some of
those have come into compliance with the GPL and settled, but a number
remain and are out of compliance; our litigation efforts continue.
Usually, our lawyers encourage us not to comment on ongoing litigation,
but we did put up
a news
item in August when the Court granted Conservancy a default judgment
against one of the defendants, Westinghouse
.

Meanwhile, in the coming year, Conservancy hopes to expand efforts to
enforce the GPL. New violation reports on BusyBox arrive almost daily
that need attention.

More Frequent Blogging

As noted at the start of this post, my hope is to update Conservancy’s
blog more regularly with information about our activities.

This blog post was covered on
LWN
and
on lxnews.org.