The gaping security hole in a US Government website
A cyber bomb is being dropped on us by our government! As you read this Russians, Chinese, North Koreans, and others likely are intercepting potentially classifiable information. The USPTO (US Patent and Trademark Office) website is seriously compromised, which can easily result in a National Security problem. This also is a stark example of how liberal democratic regimes often are paralyzed in exerting authority in a sea of anarchy. Computer vulnerability is one reason the United States is losing valuable IP to foreign governments. Here's how, but first, you need to know the lay of the land.
The United States Patent and Trademark Office (USPTO – www.uspto.gov) has allowed those persons wanting to claim originality of a potentially patentable idea to upload documents as a provisional application for patent (also known as a "provisional patent application", or "PPA") or non-provisional application for patent. A fuller explanation of the rationale can be found by searching under "America Invents Act", where people claiming originality for an idea have to file appropriate documents with the USPTO. Yet, there is a major problem, and to understand the following discussion better, go to https://efs.uspto.gov/EFSWebUIUnregistered/EFSWebUnregistered you will see in Firefox:
The drop-down explanation results from clicking the "i" just to the left of the padlock having the orange triangle in its lower right-hand corner.
In Chrome the https will be gray, as the following image shows, clicking on the "I" displaying essentially the same information as does Firefox.
In normal cases, there will appear a green padlock in Firefox and the URL in green for Chrome, indicating that all information between the one accessing the site (you) and the site, itself, is encrypted. That is, no one should be able to intercept your communications. For the technical explanation, search under "secure socket layer (SSL)", "green padlock", and related ideas. I don't know what Internet Explorer shows, as I do not use it.
On 23 June 2019, I uploaded a PPA to the United States Patent and Trademark Office website for unregistered efilers. When I pressed the payment button, I noticed the lower half of the lettering not appearing, the following appeared:
Both Firefox and Chrome say that there may be a problem with the images. Bear in mind that anything on the computer is digitized, i.e., consisting of zeros and ones. This means that any code could be injected into any communication between you and the computer. If the images are compromised, so potentially is the whole website.
Being told that it might be my computer and the USPTO saying stock phrases like "clear your cache", I went to two Internet cafes and observed the same orange icon in Firefox and grayed URL in Chrome. I called my business partner in California and a client in Florida, and both reported the same. My operating system is Ubuntu Linux, and the others use Microsoft Windows. My concern was increasingly heightened by the USPTO merely wringing its hands and providing false information. For example, I was told by the USPTO that new software was being uploaded the night of 26 July 2019 and that by 29 July the site would be up and operating with the green padlock. When I did not see the green padlock that Monday, I called again and was told that the new software was going to be uploaded "soon". To my way of thinking "soon" has long since passed (9 August 2019), meanwhile thousands of uploads very likely being accessed by [fill in the blank]. My business partner and I were told by the USPTO that 40% of the time payments will not go through, and the only way to send payment is by a somewhat Byzantine way of faxing forms. Incredibly in this 21st century, the USPTO does not communicate on specific matters by email. This backwardness is a sidebar issue but evidencing deeper problems within that office.
In cybersecurity jargon, there are vulnerabilities, exploits, and payloads. The orange triangle is like one of those highways construction placards warning drivers to be careful. To the hacker, they are an open invitation to compromise the site, steal data, and otherwise harm. There are millions of sites explaining more than you'd ever want to know, but, in short, a vulnerability is a weakness of the system, the orange triangle telling the world there is one. An exploit is a way a person can take advantage of the weakness. Clicking on the "I" (“information" will say that the site is insecure, in the USPTO case possibly the images, more specifically at least the partially obscured payment button. The payload is the actual computer code telling the hacker what is to be done. Think of an unguarded airfield as vulnerability, the exploit being the bomber, and the payload the bomb.
Against this background of USPTO indifference and incompetence, I sent reports to the U.S. Computer Emergency Response Team of the Department of Homeland Security (DHS) (https://www.us-cert.gov/ ), Carnegie-Mellon's CERT of its Software Engineering Institute, SC Media Newswire
(https://www.scmagazine.com/), and the SANS Organization (www.sans.org). DHS and SANS said to me on the phone that if I were concerned about security not to use the website, the former quite plainly stating that no one at USPTO is monitoring the site and it may be understaffed. Indeed, my business partner and I were told by the USPTO they do not have enough help.
Two major aspects of this case stand out as a testament to the incompetence and impotence of the US liberal democratic regime. First, because of all the outsourcing in the sole consideration of obtaining cheap labor and maximizing profits for the bourgeoisie, the only thing left for the US to expert is invention and innovation. I had a rather lengthy conversation in 2008 with Norman Augustine (https://en.wikipedia.org/wiki/Norman_R._Augustine ), ex-CEO of Lockheed-Martin, Princeton University professor, and ex-Under Secretary of the US Army, and he said the same thing. The second aspect of the current problem is that there is no one in charge so as to plug the security hole. The DHS stands by, merely writing its hands, and it is evident that all the reporting in the world has failed to make the USPTO act.
Whatever the excuse, the site is not secure. This is a Government site; it should be secure! A friend of mine who for many years created and maintained a website for a major Home Depot contractor said immediately after my relating this whole incident replied, "the Chinese are inside the site right now." With all the furor over hacking US elections, we may add the Russians, as well. And, do not forget the North Koreans, Iranians, and rogue organization or individual wanting to steal classified information, personal data, and so forth. Robert Abel of SC Media Newswire emailed me 1 August 2019, "I've reached out to a few researchers and they agree that there are fundamental problems with the site, but my understanding is that the Patent Office is aware of the problem but hasn't gotten around to fixing it yet", the emphasis also being on the plural of "problem".
My question would be if it is a simple fix, why not simply fix it to at least assure the public that their filings are secure? The problems (more than one) are fundamental. The green padlock is not a cosmetic feature. An experienced web developer of mine who for years created and maintained a Home Depot contractor's website said immediately right after I told him the story "the Chinese, North Koreans, and Russians are already in that site right now." I sent the information to an Alexandra Slocum, secretary for the U.S. Senate Committee on Commerce, Science, and Transportation, who emailed me 1 August 2019:
Thank you for contacting the Senate Committee on Commerce, Science, and Transportation. I will forward this along to our Chief of Investigations right away and we will reach out to you if more information is needed.
Follow-up calls to provide more information have failed to yield any replies.
We at the Inventors Assistance Center are somewhat flummoxed and do not see how in all consciousness we can upload intellectual property documents to the USPTO website. We did fax a PPA a few days ago, but because of the USPTO refusal to enter the 21st century, we will not know whether they will accept it until the snail mail notice comes some three weeks' hence. Needless to say, any time-sensitivity in filing a PPA is destroyed. At this stage, we are opening channels to Canada, who has a comparable intellectual property registration system.
How do responsibilities, trust, and just plain competence enter into the picture? With my three past security clearances, if I had uploaded potentially classifiable documents or even For Official Use Only (FOUO) information, I would at the minimum have had my knuckles rapped. If they were classified documents, I would have to expect my security clearance to be at least suspended. It is clear that the USPTO is just plain incompetent or indifferent or both. Given security concerns, though, it is not beyond reason for the US Attorney General to initiate a criminal complaint against USPTO personnel responsible for this website. Giving the Devil his due, though, if the fix is simple, and the website IS secure, just fix the problem, at least giving intellectual property filers the confidence that their intellectual property file uploads are secure. As a sidebar, the registered users' site may not be secure, as an attorney friend of mine – not a technical guru – said that he had a payment issue appear several times.
Perhaps you the reader have some ideas. We hear all this talk about how worried we should be about the Russians, Chinese, and everyone else hacking our computer systems. Yet, this gaping hole is a proverbial barn door allowing rogues just to traipse through looking at the prize racehorses and stealing a few along the way. The question is, "what are we going to do about it?"
Such raises a general issue for the American Blackshirts Party (ABP). ABP is very well grounded in the philosophical foundations of fascism, and as an ex-political philosophy professor the most well grounded I ever have seen in all my university travels and other academic undertakings. Yet, we need to be ready to catch the proverbial ball as it drops. He hallmark of liberal democratic regimes is their lack of cohesion, organicity, if you will. It may be a faulty power grid (as the British one failed today, 9 August 2019). The infrastructure could be coming apart, as the US one surely is. There may be a lack of a unilaterally-accessible health care system – INCLUDING MENTAL HEALTH – which contributes heavily to allowing deranged persons to commit terrible rampages, as in El Paso, Texas and elsewhere (https://en.wikipedia.org/wiki/List_of_mass_shootings_in_the_United_States_in_2019 ). Yes, the National Rifle Association (NRA) is correct: guns don't shoot people; people shoot people. What is missing in all these discussions, though – including from the NRA as well as the liberal democrats, is the WHY. This requires thinking about our values and asking why there is so much alienation. Clearly, the materialist ideals held in front of the masses by capitalist are insufficient. Then, too, a country with 22.5 trillion dollars in debt (https://usdebtclock.org/ ) - how do you even comprehend this – is headed for bankruptcy. On and on we can list the fatal vulnerabilities, and still, no one is in charge, the US political parties preferring to argue over identity politics and unable to go beyond "strategizing" over the mechanics of how to win elections. The US is hollow, bereft of any social philosophy, not even able to repair its roads, let alone provide basic Internet security for its government websites.
How do we catch the ball? I have laid all this out in my book We the State, and while I do not proclaim this as a be-all, end-all in policy direction, I think it is a lot more than we see out there in how structurally to catch that ball as it drops, as drop it surely will, if the past and present are any indication of the future. Suffice it to say, the details we may quibble about, but overall, there must be leadership – FIRM, philosophically-based, ethical, well organized, and one with an identifiable programme that people can look at and determine is a better future than the one now confronting them. The Casapound Italia Programme is an excellent start (to be tailored to the US). Set that forth as a programme for the voters, especially in contradistinction to what the Republicans and Democrats offer, and I'd be amazed if I did not win overwhelming approval in a New York second.
My supposition is not that fascism will be just another "option" on the political horizon but a necessary choice, not only for the survivability of the United States, but, without exaggeration, the existence of the species. Only an organic corporatism is viable, because now, all you have is bourgeois anarchy/liberal democracy as one vacuous whirlwind running headlong into the reality of historical and environmental circumstance, about which I will address in my next article..