Asset Protection BLOG - Mark Nestmann

From the UK comes news that more than half of PC users have knowingly used someone else's Internet connection, without the owner's permission.

That's not at all surprising.  Indeed, the actual number of Internet service thieves may be even higher.

That's because wireless or "wi-fi" Internet connections make stealing someone else's connection easy.  Indeed, from where I'm typing, right now, I have access to four unprotected Internet connections via the wi-fi card on my laptop. 

I suspect that these individuals are my neighbors, or perhaps a business down the street, although I'm not sure.  What I am sure of, though, is that these unprotected connections pose an immense security risk. 

If someone hijacks your wi-fi connection and then uses it for any illegal purpose—to download child pornography, for instance—this can be traced back to your PC.  This activity, if detected by police, can provide sufficient probable cause for your arrest and possible prosecution.  You might be able to prove that you're innocent if it turns out that your PC doesn't contain any child porn, you might get off with a warning to beef up your Internet security. 

However, as I described in a previous blog entry, it's relatively easy for a child porn aficionado to plant a few select images on your PC to throw police off the trail.  If he succeeds in doing so, it will be your job to persuade the police that you're innocent.

The problem, in a nutshell, is that virtually all PCs—especially laptops—now come equipped with a wi-fi card.  However, many wi-fi connections aren't encrypted, giving other users the ability to use your connection for whatever purpose they wish. 

Here's what you need to do to prevent outsiders from using your wireless connection and potentially engaging or illegal conduct online or monitoring your online activities:

• Change the name of your network (the Service Set Identifier or SSID) from its default name to a name you assign. 
• Set up some form of encryption—the most common forms are called WEP and WPA.  WEP isn't as strong as WPA but is better than nothing and will deter most eavesdroppers. 
• Turn off SSID broadcast.  This feature is useful in wireless hot spots, such as a coffee shop or airport, but not in a home or office environment.
• Avoid unsecured wireless networks.  At coffee shops, Internet cafes, airports, etc., it's often easy to tap into a wireless network.  But many public access points aren't secure, and the traffic they carry isn't encrypted.  Malicious users can use "sniffing" tools to obtain sensitive information such as passwords, bank account numbers, and credit card numbers in such locations.  Protect yourself by subscribing to a virtual private networking (VPN) service through your Internet Service Provider or an outside vendor.  VPNs encrypt connections at the sending and receiving ends, and keep out traffic that's not encrypted.  If a VPN is available to you, log onto it whenever you use a public wireless access point.

These precautions should deter nearly all unauthorized access to your wi-fi connection.  But just to make sure, keep your anti-virus and firewall software up-to-date, and regularly "sweep" your PC for viruses and other "malware" that might have surreptitiously planted illegal images or other unwanted material on your hard disk.

Copyright © 2007 by Mark Nestmann

Just imagine: One morning, you answer a knock at your door.  The person standing there introduces himself as a federal investigator.  He assures you that you're not under arrest.  You're not even under suspicion.  Nonetheless, the agent tells you, he's been appointed to move into your home.  His mission: to listen in to all your telephone calls, read all your e-mails, review all your Web browsing, and report all "suspicious activity" to the FBI. 

"What's suspicious?" you ask.  ”You have no right to know," he replies.  "Am I being singled out for some reason?" you ask.  "No, every person in the United States is subject to this surveillance."

Of course, there's no way that the U.S. government could appoint a full-time investigator to eavesdrop on everything you say on the telephone, or every activity you conduct on your PC.  But, in effect, the National Security Agency, the super-secret intelligence arm of the Department of Defense, is doing something quite similar in its electronic eavesdropping programs.

For instance, to deter narcotics trafficking, the NSA collects and analyzes the phone records of Americans who call people in Latin America.  There's no warrant or other due process involved.  The NSA simply approaches a phone carrier, asks for the records, and analyzes them.

More recently, the NSA has eliminated the requirement to request the records at all.  It simply builds in access to the phone carrier switches—even those that carry domestic calls.  Again, no warrant or due process is required.

According to court documents, in February 2001—months before the events of Sept. 11, 2001—the NSA asked AT&T to give it permission to give the agency access to all the global phone and e-mail traffic that ran through a huge network center in New Jersey. 

The idea was apparently to give the NSA the ability to listen in without restrictions to communications that it believed had intelligence value and store them for later review.  While federal law at the time required the NSA to have court approval to listen in on purely domestic communications, there was apparently no discussion of limiting the monitoring to international communications.

Congress is now debating permanent changes to the Foreign Intelligence Surveillance Act (FISA), which regulates the NSA's data collection practices.  The primary controversy within the proposed amendments is whether private parties who assist the NSA in conducting illegal monitoring can do so without legal liability.  (More than 40 lawsuits are pending against major telecommunications providers for facilitating NSA eavesdropping alleged to have violated the FISA.) 

When Congress adjourned last week, it looked as if the Bush administration had succeeded in building a coalition that would have immunized telecom providers from being sued for violations of FISA.  Congress returns in January, and is expected to vote the proposed amendments—including telecom immunity—into law. 

There are numerous problems to this approach.  Besides the obvious one—abuse of eavesdropping authority to pursue political ends—there's a less obvious problem: security. 

Building back doors and surveillance conduits into communication systems means than anyone who can find the back doors, or the surveillance conduits, has unfettered access to the U.S. telecommunications system.  And, as I've pointed out in a previous blog entry, there's ample evidence to suggest that this is already occurring on a large scale, both inside and outside the United States.  Even the White House telecom system has been compromised, although this vulnerability has supposedly been patched.

What can you do to protect yourself?  I've long advocated using pre-paid, anonymous cellular phones to conduct any conversation you wish to keep private.  Encrypted e-mails are another way to maintain some semblance of privacy.  Another suggestion is to use an encrypted channel for your Web browsing, such as the one provided by www.diclave.net. 

For more suggestions on protecting your telephone and Internet privacy, click here.

Copyright © 2007 by Mark Nestmann

Thanks to volunteer firefighters, wealthy Americans who give up their U.S. citizenship or long-term residence won't be subject to an exit tax—at least not this year.

In a blog entry earlier this week, I wrote that it seemed virtually certain that Congress would impose an exit tax on the unrealized gains of U.S. citizens and long-term permanent residents who expatriate.  Although both houses of Congress have approved the measure, it's part of a larger bill for military tax relief (H.R. 3997).  And, the Senate objected to the House version of that bill because it contains a US$565 million outlay for volunteer firefighters.

The happy result for prospective expatriates: the two chambers will now have to wait until next year to resolve their differences.

Despite the delay, it appears certain that 2008 will bring about an "exit tax" on expatriating Americans.  If you're considering expatriation, you should start your planning immediately to avoid the impact of this tax.

Copyright © 2007 by Mark Nestmann

If you live in the United States, it's reassuring to know that police are constantly on the job protecting you from crime.  With murderers, rapists, and armed robbers roaming the streets, you can rest assured that the authorities are vigilantly protecting you from bodily harm.

That's why I was delighted to hear of the recent arrest of a 10-year-old girl in Florida on a felony weapons charge. The fifth-grader apparently brought a piece of steak to school for her lunch, along with a four-inch steak knife to cut it with.

Alert teachers immediately seized the "weapon" and notified authorities. When police arrived, they arrested the girl and took her to the county's juvenile assessment center. She was suspended from school for 10 days, and now faces a felony charge for possessing a weapon on school property.

According to a spokesman for the school district, the girl was arrested pursuant to a "zero-tolerance" weapons policy in public schools. "She did not use [the knife] inappropriately. She did not threaten anyone with it. She didn't pull it out and brandish it."

That may be true, but don't you feel more secure knowing that a potentially violent criminal has been taken out of the public schools? And that for the next 10 days, her fellow students won't need to fear for their safety?

If that's not enough, I recently learned of another incident in which an alert off-duty policeman arrested a woman for swearing at a toilet. The disorderly conduct charge could have led to up to 90 days in jail and a US$300 fine. However, a bleeding-heart judge dismissed the disorderly conduct charge.

This is an unfortunate example of judicial activism. It's important that the "toilet police" be vigilant to threats made against these proud porcelain receptacles. After all, if Americans aren't called to account for swearing at toilets, they might start swearing at cars that won't start, furnaces that don't heat, or even presidential candidates that don't deliver on their promises.

Fortunately, alert legislators in numerous states have identified many other serious threats to our American way of life:

• If you live in Alabama, you can be arrested for selling a sex toy.
• In Georgia, you can be fined for keeping a donkey in a bathtub. In Arkansas, donkeys in bathtubs are OK, but you can't keep an alligator in one.
• Also in Arkansas, it's illegal for the Arkansas River to rise higher than the Main Street bridge in Little Rock.
• In Texas, it's illegal to take more than three sips of beer at a time while standing.

In any event, I hope that authorities in these states are vigilantly protecting the public from sex toys, donkeys in bathtubs, and standing beer tipplers. And, that police in Arkansas are prepared to incarcerate the entire Arkansas River if it rises too high.

After all, today's sex toy seller could be tomorrow's serial killer. Not only that, but if the Arkansas River is allowed to overflow, who knows what heinous crimes it might commit?

Copyright © 2007 by Mark Nestmann

Should you have to pay an "exit tax" if you want to permanently depart your country?

Nazi Germany and the Soviet Union are two examples of countries that imposed crushing exit taxes.  And now, the United States is about to join them.

On December 12, the U.S. Senate unanimously approved a military tax relief bill (H.R. 3997) that would impose an exit tax on U.S. citizens and long-term residents who expatriate (permanently depart) from the United States. 

The House of Representatives approved similar provisions earlier this year in bills to amend the alternative minimum tax relief (H.R. 3996) and to end the IRS’s private debt collection program (H.R. 3056).

The exit tax therefore appears to be a "done deal" unless the House fails to insert it in its version of the military tax relief bill, or President Bush vetoes the measure.  Neither appears likely.

In most countries, all that's necessary to "expatriate" is to permanently depart.  After a prolonged period of non-residence (generally one year or more), you're no longer subject to tax in your former country.  And once you establish a domicile (a permanent home) outside your former country, you can avoid whatever inheritance tax to which you might otherwise be subjected. 

It's much more difficult for Americans, because Congress, in its infinite wisdom, imposes tax liability based not only on U.S. residence, but also on U.S. citizenship.  To permanently disconnect from the U.S. tax system, you must not only leave the United States, but also give up U.S. citizenship.

It is this type of departure that the exit tax bill targets.  The provision will require anyone who gives up U.S. citizenship or long-term residence (eight of the preceding 15 years) to pay a tax on all unrealized gains of their worldwide estate.  The gains will be assessed based on the fair market value of the assets and the tax due within 90 days of expatriation.

Gains smaller than US$600,000, adjusted for inflation annually, would be exempt.

The proposal would also create an onerous tax regime for most pensions and deferred compensation plans, as well as penalize gifts and bequests made by expatriates to U.S. persons.

The image of a former "fat cat" American living tax-free in some tropical paradise is an irresistible populist target.  And while only a few hundred people, many of whom are not wealthy, permanently give up their U.S. citizenship annually, I've long warned that some form of exit tax is inevitable.

And now, it appears to be fait accompli. 

The most obvious way to deal with the exit tax is to sell appreciated property and pay the 15% tax on long-term capital gains before you expatriate.  Other strategies may also be possible, as discussed in a report I've prepared on this draconian proposal.  Click here to learn more.

You'll also need to obtain a passport from another country, if you don't already have one.  Click here to learn how you can obtain "instant" citizenship in exchange for an investment or contribution.

Copyright © 2007 by Mark Nestmann

Suppose that you want to send a message to someone that only that person can read.  A mathematical process called encryption makes this possible. 

Encryption scrambles the message using mathematical formulas that make the message unreadable to anyone except for someone possessing the key to "decrypt" it.  Even the super-computers used by national intelligence agencies can't decipher messages created with numerous encryption programs, at least not without an exhaustive effort.

This development deeply concerns law enforcement officials around the world.  And it's not surprising why: a technology now exists by which you can keep information secret, even from the government.  In this age of warrantless wiretapping, ubiquitous video surveillance, and terrorist profiling, there are limits (albeit imposed by technology, not law) beyond which government cannot go.

Encryption is useful in many situations.  You can encrypt an email message you send to someone to insure that only the intended recipient can read it.  You can also send someone a confidential message on a CD or USB stick that only that person can decipher.  You can also insure that confidential files on your personal computer can't be read by prying eyes.

This latter capability is particularly important if you travel internationally.  For instance, U.S. Customs officials can seize and copy the contents of any laptop carried across a U.S. border.  There's no arrest, warrant or probable cause required.  (Click here to read an earlier blog entry I wrote on this development).

What happens, though, if you've taken the precaution of encrypting the contents of your laptop that Customs officials want to examine?  Can they force you to reveal your "passphrase" that converts unreadable gibberish into intelligible—and potentially incriminating—text or images?

Recently, a federal judge in Vermont recently said that Customs officials don't have this right.  The judge ruled that a man charged with transporting child pornography on his laptop across the Canadian border could legally refuse to disclose his encryption passphrase to prosecutors.  To force him to do so, the judge ruled, would amount to forced self-incrimination.  This is prohibited by the Fifth Amendment to the U.S. Constitution.

While prosecutors are appealing the decision, it sends a very important pro-privacy message.  Simply encrypting the contents of your personal computer—a process made simple using programs such as Pretty Good Privacy (http://www.pgp.com) can provide a legally unassailable barrier to privacy invasion. 

Incidentally, in other countries, this protection may not apply.  For instance, in the United Kingdom, if police or Customs officials demand access to your laptop files, you must provide them with the passphrase.  Failure to comply can result in up to a five-year prison sentence.  (See this blog entry for more information.) 

The message should be crystal clear.  Encrypt your files.  Better yet, use a program such as PGP Desktop that encrypts your entire hard disk.  That way, not only will your confidential files be protected, but other data on your hard disk—e.g., not-quite-deleted files, Internet surfing logs, etc.—won't be visible, either. 
Copyright © 2007 by Mark Nestmann

After the events of Sept. 11, 2001, the U.S. government quickly imposed economic sanctions against its "enemies" throughout the world.

The most important law it used for this purpose is a little-known statute called the International Emergency Economic Powers Act (IEEPA).  President Bush has used it on numerous occasions; in particular, to add names to a "terrorist watchlist" maintained by an obscure Treasury Department bureaucracy called the Office of Foreign Assets Control (OFAC).  The watchlist is over 250 pages long and includes more than 6,000 names.

If you live or do business in the United States, you're supposed to check this watchlist before you conduct any type of business with anyone.  If you fail to do so, you become subject to the civil and criminal provisions of the IEEPA.   There is no minimum threshold.  If you sell a glass of lemonade to someone on this watchlist, you've violated the law.

And the penalties for such violations just increased—substantially.  On October 16, 2007, President Bush signed into law the International Emergency Economic Powers Enhancement Act.  This law increases civil penalties for IEEPA violations from US$50,000 to US$250,000 per violation, or up to twice the amount of the violating transaction.  It also increases criminal penalties to US$1 million per violation.  The maximum prison term of 20 years per IEEPA violation remains unchanged.

The law applies retroactively, which means that alleged violations that occurred prior to Oct. 16, 2007 are subject to the higher penalties. 

IEEPA also contains draconian civil forfeiture provisions. 

"Ordinary" civil forfeiture is bad enough.  Based on the flimsiest imaginable evidence (perhaps provided by a "confidential informant"), police can seize your bank accounts, security accounts, your vehicle—even your home—if your property is allegedly purchased with, connected to, or "facilitates" any one of more than 300 crimes.

In an ordinary civil forfeiture, the government—eventually—is supposed to prove its case before a judge.  But in an IEEPA civil forfeiture, the government seizes your assets administratively, without a court hearing.  If you want it back, you must prove that your property isn't subject to confiscation.  And you don't make your case before a court, but an OFAC tribunal.

OFAC's decision is final.  You have no right to appeal its decision in court.  After all, it's a "national emergency," so the government's determination must be correct…right?

Well, it may be right…or not.  Numerous examples exist of the United States accusing someone of being a terrorist or terrorist sympathizer, and then changing its mind.  And don't forget that the definition of an "enemy" can change at the drop of a hat.  Saddam Hussein was an important American ally until 1991, when he instantly became an "enemy of the state." 

IEEPA's provisions cut through any asset protection device in existence, whether it's an offshore trust, offshore LLC, etc.  However, numerous countries have been reluctant to enforce IEEPA forders due to the perceived lack of due process. 

I hope that no one reading this blog ever come face-to-face with an IEEPA prosecution or forfeiture.  But if you do, any assets you have in the United States will be subject to the unreviewable discretion of unaccountable bureaucrats at the U.S. Treasury Department. 

I can't think of a better argument to relocate whatever assets you can offshore—the sooner, the better.

Copyright © 2007 by Mark Nestmann

Want to get rich quick?  Forget the lottery or Las Vegas.  Just file a lawsuit in the United States, and you might hit the jackpot.

On November 28, a jury in Miami awarded a former waiter aboard a cruise ship US$102.7 million.  The defendant: the owner of a parking lot.

Here's the story.  Sami Barrak was in Miami on his day off in July 2002.  Barrak and a friend decided to visit Tootsie's Cabaret, a strip club located in a now-defunct mall.

After a few hours of entertainment, the men departed.  When Barrak 's friend returned to Tootsie's to retrieve cigarettes he had left there, a man approached Barrak's vehicle.  After shooting Barrak in the neck in an apparent robbery attempt, the man fled. 

Barrak survived the shooting, but was left a quadriplegic.  He can breathe only with the assistance of a ventilator. 

Whose fault was the shooting?  Did Barrak have any responsibility for sitting alone in a parking lot in an area with a reputation for being unsafe?  Of course not.  The fault, he alleged, lay with the owner of the parking lot, which he alleged had the responsibility of keeping it safe.

A Miami jury agreed.  It ordered the owner to pay Barrak US$1.4 million for past medical expenses, US$164,000 for past lost earnings, US$28 million for future medical expenses, US$650,000 for lost earning ability, US$2.5 million for past pain and suffering and a whopping US$70 million for future pain and suffering.  The grand total: US$102.7 million.

A judgment of US$102.7 million is enough to bankrupt just about anyone, even a person with very deep pockets and extremely comprehensive liability insurance.  Let's hope the owners of the parking lot had a comprehensive asset protection plan in place before the unfortunate Mr. Barrak was assaulted.  And let's further hope that a substantial portion of the owner's assets are held outside the United States, in a jurisdiction less friendly to litigation than Florida.

Learn how you can protect your assets from litigation run amok—click here.

Copyright © 2007 by Mark Nestmann

One of the best ways to protect yourself against identity theft is to shred sensitive documents with a crosscut shredder before you dispose of them.

Such shredding is probably sufficient to protect you against a dumpster-diving identity thief.  But, it won't necessarily avoid scrutiny if it's your own government wants to read them.

Researchers in Germany have developed software that can re-assemble shredded documents.  The software will be used to reassemble 16,000 bags of documents shredded by the Stasi, the secret police in the former East Germany.

In the United States, law enforcement and intelligence agencies have long sought tools to allow them to reassemble shredded documents.  "It's been an area of interest for a very long time," says William Daly, a former FBI investigator.  "The government is always trying to keep ahead of the curve."

The lesson is clear.  Don't assume that using a shredder is the "final word" in document destruction.  If you really want to make sure that a document is unreadable, burn it, then stir the ashes. 

That way, you'll avoid being "burned" by having supposedly unreadable shredded documents recovered and possibly used against you.

Copyright © 2007 by Mark Nestmann

As I described in yesterday's blog entry, police in the United Kingdom now have the power to demand that PC users turn over their encryption keys.  If you don't comply, you can be jailed. 

Now this power has been used, perhaps for the first time--not against a terrorist, but an animal rights activist.

The activist claims she didn't realize there were any encrypted files on her PC, and that she has no idea how they got there, much less how to decrypt them.

This is a more plausible claim that it might appear at first glance.  It's quite common for encrypted files to be present on your PC without your knowledge.  For instance, music, movies, and other media you download from the Internet may be encrypted.  Often the files are locked after a certain number of viewings or after a certain date.  Might you be imprisoned for not being able to decrypt an episode of Bambi you downloaded long ago?

Likewise, it's possible to have encrypted files on your PC you didn't place there yourself.  This is particularly true if you have file sharing enabled on your PC (not recommended, by the way).  If you do, others can download files (encrypted or otherwise) to your PC. 

This may also occur if hackers download a virus to your PC that automatically encrypts your files.  Sometimes, the hackers demand a ransom in order to decrypt your files.  But it's possible that someone could simply maliciously encrypt your files, then disappear. 

Using a good firewall and regularly updated anti-virus software can prevent most such attacks.  But there are no guarantees.

You could hardly be expected to have the encryption keys to files someone else maliciously locked, could you?   This is what the animal rights activist says happened to her.  She says she has no idea how the encrypted files got on her computer, and doesn't have the key or passphrase to decrypt them.

I suppose these are the issues that will be sorted out in the trial, if there is one, of the animal rights activist.

Incidentally, I'm not defending the abhorrent actions of sabotage and vandalism of a small number of animal rights activists.  That's not the point. 

The point is that the state can target anyone protesting the status quo for any reason it seems fit.  It's easy to construe you as a terrorist if you advocate a viewpoint you the majority disagrees.  That's especially true if some of the tactics others advocating your pet cause injure others or damage property. 

If you injure someone or damage property, you should be held accountable.  That's true regardless of your personal motives for committing the crime.  And police have every right to investigate your actions through the normal process—obtaining a search warrant based on probable cause, etc.

It crosses the line though, when police demand that you provide the means of incriminating yourself, under penalty of imprisonment.

That's what RIPA is all about.  That's why it's so dangerous.

And that's why this case is so important.  I can only hope the U.K. courts decline to enforce RIPA against activists in social protest groups.  Otherwise, we could all face the same dilemma as animal rights advocates, whether we agree with their tactics or not.

To learn more about how to protect your privacy, on and off the Internet, click here. 

Copyright © 2007 by Mark Nestmann

How would you respond if, after seizing your computer, police order you to give them the means to view any encrypted files you keep on it?

I suspect you'd feel it was an invasion of privacy.  But if you live in the United Kingdom, this is now the law.

Encryption is an essential privacy and security tool.  It allows you to convert plain-text files on your PC into unreadable gibberish.

I've long recommended encrypting all confidential files on your PC.  Programs like PGP Desktop that automatically encrypt your entire hard disk are even better. 

Unfortunately, government busybodies don't like it when ordinary people have the opportunity to take back a smidgen of the privacy rights they've been systematically stripped up in recent decades.   And so, we have legislation like the notorious Regulation of Investigatory Powers Act (RIPA), which allows U.K. police to demand encryption keys or provide a clear text transcript of encrypted text.

Failure to comply can result in up to two years imprisonment for cases not involving national security, or five years for terrorism offenses and the like.  Police can order you to turn over data months or even years old.

This authority came into force in October 2007, seven years after the U.K. Parliament enacted the original legislation.  We now know that this authority has already been used on at least one occasion.

Surely, police reserved this draconian sanction for a known associate of Osama bin Laden, someone reasonably suspected of planning a reprise of the horrific London bombings of 2005, or in an investigation of a similarly severe threat.

But that's not how it was used.  Instead, the first known use of this authority came against (drum roll, please) an animal rights activist.

Police seized this woman's computer last May.  On November 3, she received an "invitation" to disclose her encryption keys and passphrase to police.  If she declines the "invitation," she faces a two-year prison sentence.

(For her fascinating account of her experiences, click here. The comments to her posting are also very interesting.)

Now, quite apart from the total violation of one's right to be free from "unreasonable" searches and seizures, what happens if you didn't knowingly encrypt any files on your PC?  Obviously, if you did so, you would have no encryption keys or passphrase to disclose.   Or, alternatively, if you deliberately encrypted files and then lost, accidentally deleted, or misplaced your private key, or forgot your passphrase?

What would happen in this situation? Stay tuned for tomorrow's blog entry.

Copyright © 2007 by Mark Nestmann