Policy wonk. Torontonian. Photographer. Not necessarily in that order.
An oil spill recovery vessel ran aground en route to a federal announcement on oil tanker safety in Vancouver on Monday, officials have confirmed.
The vessel was making a 12-hour trip from its base in Esquimalt to Vancouver for a tanker safety announcement by Federal Transport Minister Denis Lebel and Natural Resources Minister Joe Oliver when it struck an uncharted sandbar near Sandheads at the mouth of the Fraser River near Steveston.
Just so it remains clear just how much surveillance can happen in Commonwealth countries when authorities enjoy broad lawful access to communications data without needing warrants:
Law enforcement and government departments are accessing vast quantities of phone and internet usage data without warrants, prompting warnings from the Greens of a growing “surveillance state” and calls by privacy groups for tighter controls.
Figures released by the federal Attorney-General’s Department show that federal and state government agencies accessed telecommunications data and internet logs more than 250,000 times during criminal and revenue investigations in 2010-11.
(…)
Access is authorised by senior police officers or officials rather than by judicial warrant.
Federal agencies making use of telecommunications data include the Australian Federal Police, Australian Crime Commission and Australian Taxation Office, departments including Defence, Immigration and Citizenship, and Health and Ageing, and Medicare and Australia Post.
Data is also accessed by state police and anti-corruption bodies, government departments and revenue offices, and many other official bodies.
Needless to say, that’s an awful lot of parties accessing an awful lot of information about Australian citizens. Not included: statistics on telecommunications data access by the Australian Security Intelligence Organisation.
Though a little over a year old, this post concerning the security of smartmeters is particularly valuable considering the rapid adoption of the technologies throughout Canada. Particularly pertinent:
Citing confidential sources, the FBI said it believes former employees of the meter manufacturer and employees of the utility were altering the meters in exchange for cash and training others to do so. “These individuals are charging $300 to $1,000 to reprogram residential meters, and about $3,000 to reprogram commercial meters,” the alert states.
The FBI believes that miscreants hacked into the smart meters using an optical converter device — such as an infrared light — connected to a laptop that allows the smart meter to communicate with the computer. After making that connection, the thieves changed the settings for recording power consumption using software that can be downloaded from the Internet.
“The optical converter used in this scheme can be obtained on the Internet for about $400,” the alert reads. “The optical port on each meter is intended to allow technicians to diagnose problems in the field. This method does not require removal, alteration, or disassembly of the meter, and leaves the meter physically intact.”
The bureau also said another method of attacking the meters involves placing a strong magnet on the devices, which causes it to stop measuring usage, while still providing electricity to the customer.
So, this suggests that insider threats and poor shielding enable significant fraud. Can’t say it’s surprising given how often these meters have been compromised when deployed in other jurisdictions.
No. Orin Kerr did a good analysis of this (see: http://www.volokh.com/2013/01/16/the-criminal-charges-against-aaron-swartz-part-2-prosecutorial-discretion/) which would have had significantly reduced time in jail, if any. Also, prospective millions in harm was similarly overwrought. This is normal for prosecutors to announce, and the media usually fails to dig into the press release to tease reality from PR.
Now, the charges against Aaron were reported …poorly…insofar as individuals don’t tend to get all the charges piled onto one another when it comes time to sentencing. But still, he was looking at upwards to ½ the time the rapists are facing.
He was facing up to 35-years in prison. What are you talking about?
Orin Kerr walks through (see: http://www.volokh.com/2013/01/16/the-criminal-charges-against-aaron-swartz-part-2-prosecutorial-discretion/) how the charges likely would have unfolding had Aaron’s defense…and appeals…failed. My comment on sentence was a reference to the plea that was on the table (3 months, then 6 months).
(As a note: my comment isn’t meant as either supporting the prosecution of Aaron or the sentencing of the rapists.)
There are a lot of issues related to ‘wiretapping the Internet.’ A post from Privacy International, from 2012, nicely details the amount of metadata and data fields linked with just a Facebook message and the challenges in ‘just’ picking out certain fields from large lists.
As the organization notes:
Fundamentally, the whole of the request to the Facebook page must be read, at which point the type of message is known, and only then can the technology pretend it didn’t see the earlier parts. Whether this information is kept is often dismissed as “technical detail”, but in fact it is the fundamental point.
We should be vary of government harvesting large amounts of data and then promising to dispose of it; while such actions could be performed, initially, once the data is potentially accessible the laws to legitimize its capture, retention, storage, and processing will almost certainly follow.
Chatterjee has a good, quick, article on the significance of ‘big data.’. Note experts warning that, as a result of massive data aggregation, almost all individuals will have secret or sensitive information about themselves stored, traded, or used in the course of companies’ daily activities. This information isn’t necessarily about anything illegal, but legality is not the sole benchmark for whether humans want others to know things about them: embarrassing, shameful, or similar information that may not break the law could be financially, personally, or emotionally damaging should it be provided to third-parties.
Also, take note of Ohm’s warning that we should slow down and think about what is happening with regard to massive data aggregation and mining; we shouldn’t just commit ourselves to pushing the ‘privacy envelope.’ Headlong rushes and acceptance of novel technical structures that invisibly affect billions, with little clear accountability for corporate data mining practices, is a recipe for constructing futural harms.
So even in the worst cases, free products don’t usually end too badly. Well, unless you’re a user, or one of the alternatives that gets crushed along the way. But everyone who funds and builds a free product usually comes out of it pretty well, especially if they don’t care what happens to their users.
Free is so prevalent in our industry not because everyone’s irresponsible, but because it works.
In other industries, this is called predatory pricing, and many forms of it are illegal because they’re so destructive to healthy businesses and the welfare of an economy. But the tech industry is far less regulated, younger, and faster-moving than most industries. We celebrate our ability to do things that are illegal or economically infeasible in other markets with productive-sounding words like “disruption”.
Marco Arment, “Free Works”
While playing around with the Nmap Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. We used these devices to build a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage.
Super interesting research, though incredibly illegal and borderline ethical (at absolute best, and most charitable).
Excited Pixels