by UOIT
Now picture what happens when your firewall fails to stop the ‘friendly’ lioness
Author: Christopher Parsons
Policy wonk. Torontonian. Photographer. Not necessarily in that order.
Categories
2013.2.17
You’ve had a busy play day – You’ve wiretapped Mom’s cell phone and e-mail without a warrant, you’ve indefinitely detained your little brother Timmy in the linen closet without trial, and you’ve confiscated all the Super-Soakers from the neighborhood children (after all, why does any kid – besides you, of course – even NEED a Super-Soaker for self-defense? A regular water pistol should be enough). What do you do for an encore?
That’s where the US Air Force Medium Altitude, Long Endurance, Unmanned Aerial Vehicle (UAV) RQ-1 Predator from Maisto comes in. Let’s say that Dad has been labeled a terrorist in secret through your disposition matrix. Rather than just arrest him and go through the hassle of trying and convicting him in a court of law, and having to fool with all those terrorist-loving Constitutional protections, you can just use one of these flying death robots to assassinate him! Remember, due process and oversight are for sissies. Plus, you get the added bonus of taking out potential terrorists before they’ve even done anything – estimates have determined that you can kill up to 49 potential future terrorists of any age for every confirmed terrorist you kill, and with the innovative ‘double-tap’ option, you can even kill a few terrorist first responders, preventing them from committing terrorist acts like helping the wounded and rescuing survivors trapped in the rubble. Don’t let Dad get away with anti-American activities! Show him who’s boss, whether he’s at a wedding, a funeral, or just having his morning coffee. Sow fear and carnage in your wake! Win a Nobel Peace Prize and be declared Time Magazine’s Person of the Year – Twice!
This goes well with the Maisto Extraordinary Rendition playset, by the way – which gives you all the tools you need to kidnap the family pet and take him for interrogation at a neighbor’s house, where the rules of the Geneva Convention may not apply. Loads of fun!
Review of a Diecast Predator Drone
Facebook and a few other large corporations understand just how serious contemporary data intrusions and exfiltrations are. They spend a lot of money preparing for attacks. Why, if private companies, are taking collected data so seriously do our governments seem to remain so cavalier with their data collection, retention, and security practices?
Categories
Policy Matters Too
Nadim Kobeissi recently wrote about Do Not Track, and effectively restated the engineering-based reasons why the proposed standard will fail. The standard, generally, would let users set their web browser to ask websites not to deposit tracking cookies on their computers. Specifically, Nadim wrote:
Do Not Track is not only ineffective: it’s dangerous, both to the users it lulls into a false belief of privacy, and towards the implementation of proper privacy engineering practice. Privacy isn’t achieved by asking those who have the power to violate your privacy to politely not do so — and thus sacrifice advertising revenue — it’s achieved by implementing client-side preventative measures. For browsers, these are available in examples such as EFF’s HTTPS Everywhere, Abine’s DoNotTrackMe, AdBlock, and so on. Those are proper measures from an engineering perspective, since they attempt to guard your privacy whether the website you’re visiting likes it or not.
He is writing as an engineer and, from that perspective, he’s not wrong. Unfortunately, as an engineer he’s entirely missing the broader implications of DNT: specifically, it lets users proactively inform a site that they do not give consent to being tracked. This proactive declaration can suddenly activate a whole host of privacy protections that are established under law; individuals don’t necessarily have to have their declarations respected for them to be legally actionable.
Now, will most users have any clue if their positions are being upheld? No, of course not. This is generally true of any number of laws. However, advocates, activists, academic researchers, and lawyers smelling class-action lawsuits will monitor to see if websites are intentionally dismissing users’ choice to refuse being tracked. As successful regulatory/legal challenges are mounted website owners will have to engage in a rational calculus: is the intelligence or monies gained from tracking worth the potential regulatory or legal risk? If initial punishments are high enough then major players may decide that it is economically rational to abide by DNT headers, whereas smaller sites (perhaps with less to lose/less knowledge of DNT) may continue to track regardless of what a browser declares to the web server. If we’re lucky, these large players will include analytics engine providers as well as advertiser networks.
Now, does this mean that DNT will necessarily succeed? No, not at all. The process is absolutely mired in confusion and problems – advertisers are trying to water down what DNT ‘means’, and some browser manufacturers are making things harder by trying to be ‘pro-privacy’ and designing DNT as a default setting for their browsers. Moreover, past efforts to technically demonstrate users’ privacy have failed (e.g. P3P), and chances are good that DNT will fail as well. However, simply because there are technical weaknesses associated with the standard does not mean that the protocol, more broadly, will fail: what is coded into standards can facilitate subsequent legal and regulatory defences of users’ privacy, and these defences may significantly improve users’ privacy online.
Categories
StopSpying.ca Timeline
StopSpying.ca Timeline
Categories
Slashdotted!
It’s always nice to see my writing highlighted amongst my peers 🙂
While the technology that the IT World article discusses isn’t terribly novel – I was given a paper conducted by grad students on this topic a few years ago, and they had a working prototype of similar systems – I find it incredibly worrying that ambient information that smartphones expel is being used for purposes in excess of why the information is transmitted in the first place. We don’t live in a (Western) world where lacking a cell phone is common; for many people a mobile phone is critical to their business or livelihood. Indeed, when you go to other areas of the world where mobile penetration is even higher because of exorbitant costs associated with laying down fibre, mobiles are even more important on a daily basis.
As such, and any suggestion like “if you don’t want to be tracked, don’t own a phone” misses the point around privacy concerns related to mobile phone tracking. In effect, it shouldn’t be up to the individual to unilaterally defend themselves from further expansions of private surveillance capabilities. Instead, those capabilities should be limited by law, by regulation, and by a minimalistic sense of ethics. Tracking where people are walking, and giving them an option to opt-out of tracking by visiting a website they’ve never heard of and digging into its depths is not a sufficient way to ‘empower’ individuals.
So, the takeaway from this post is that Industry Canada’s proposed modifications significantly expand the volume and types of communications that ISPs must be able to intercept and preserve. Further, the Department is considering expanding interception requirements across all wireless spectrum holders; it needn’t just affect the LTE spectrum. We also know that Public Safety is modifying how ISPs have to preserve information related to geolocational, communications content, or transmission data. Together, these Departments’ actions are expanding government surveillance capacities in the absence of the lawful access legislation.
Industry Canada’s and Public Safety’s changes to how communications are intercepted should be put on hold until the government can convince Canadians about the need for these powers, and pass legislation authorizing the expansion of government surveillance. Decisions that are made surrounding interception capabilities are not easily reversed because once the technology is in place it is challenging to remove; as such, the government’s proposed modifications to intercept capabilities should be democratically legitimated before they are instantiated in practice.
Categories
2013.2.11
Reality turned out to be much more complicated. What we forgot is that technology magnifies power in both directions. When the powerless found the Internet, suddenly they had power. But while the unorganized and nimble were the first to make use of the new technologies, eventually the powerful behemoths woke up to the potential – and they have more power to magnify. And not only does the Internet change power balances, but the powerful can also change the Internet. Does anyone else remember how incompetent the FBI was at investigating Internet crimes in the early 1990s? Or how Internet users ran rings around China’s censors and Middle Eastern secret police? Or how digital cash was going to make government currencies obsolete, and Internet organizing was going to make political parties obsolete? Now all that feels like ancient history.
Bruce Schneier, “Power and the Internet”
Excited Pixels 