Policy wonk. Torontonian. Photographer. Not necessarily in that order.
The issue here is that data reduced to paper form loses much of its usefulness. The effect is to take power away from the recipient of the data (and by extension in this case from you as a citizen) and conserve it in a government institution as much as possible. Unless the user is bloody-minded enough to re-enter it manually, which of course is only possible at a certain scale.
Bruce Schneier has a clever piece discussing the contemporary model of ‘feudal security’, where user have committed themselves to differing lords of the Internet. As a taste:
Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether … for Facebook.
These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them – or to a particular one we don’t like. Or we can spread our allegiance around. But either way, it’s becoming increasingly difficult to not pledge allegiance to at least one of them.
Feudalism provides security. Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. There were oaths and obligations: a series of rights and privileges. A critical aspect of this system was protection: vassals would pledge their allegiance to a lord, and in return, that lord would protect them from harm.
Of course, I’m romanticizing here; European history was never this simple, and the description is based on stories of that time, but that’s the general model.
And it’s this model that’s starting to permeate computer security today.
The rest of the piece is clever; highly recommend taking a read.
… sacrifices often involve the rights and liberties of minorities and dissidents, so the costs aren’t born equally by all in society. When people say they’re willing to give up rights and liberties in the name of security, they’re often sacrificing the rights and liberties of others rather than their own.
Dan Solove, Nothing to Hide: The False Tradeoff between Privacy and Security
Kudos to the mayor of Saanich for, you know, obeying BC law with regards to ubiquitous license plate surveillance technologies that have been found to violate BC law. As the mayer says,
“Certainly [Saanich police] are finding it a useful tool, but because this thing is hosted by the RCMP, who isn’t subject to this oversight, there’s a glitch there,” Leonard said.
“Until it gets sorted out, we just voluntarily suspended use.”
It’s good to see ‘voluntary’ decisions to not violate BC law. Guess now we wait and see whether the other mayors of BC take similarly strong stances.
WPA2-PSK is recognized as a pretty reasonable way for most consumer to secure their wifi access point. That said, this mechanism falls pretty flat on its face when router manufacturers screw up, and it looks like Belkin has screwed up badly. From a Register article we see that:
Each of the eight characters of the default passphrase are created by substituting a corresponding hex-digit of the WAN MAC address using a static substitution table. Since the WAN MAC address is the WLAN MAC address + one or two (depending on the model), a wireless attacker can easily guess the wan mac address of the device and thus calculate the default WPA2 passphrase.
This is just really poor mechanism to calculate the password. At least the manufacturer has been totally silent on the issue, and unwilling to disclose how they intend to defray potential attacks; this gives the possibility that Belkin’ll fix things instead of just abandoning consumers (which seems to be, sadly, a pretty default vendor response when their errors undermine users’ privacy and security). Here’s hoping that Belkin decides to not be like most router vendors…
As Denham points out, though, the RCMP is not under her jurisdiction, so she can’t bring them into line. But the RCMP simply shouldn’t be running a surveillance system on people who haven’t broken any law, and they shouldn’t be able to take advantage of the federal-provincial jurisdictional split to do so either.
This means Canada’s Privacy Commissioner Jennifer Stoddart is going to have to school the Mounties on what privacy rights really mean, and why setting up a massive “just in case” database is not only a bad idea, it’s against the law.
Vincent Gogolek, “It Takes Two To Kill Illegal Police Licence Surveillance”
Alec Muffett has a terrific piece that clearly articulates why, exactly, passwords are beneficial elements of a broader security apparatus. He also notes core ‘risks’ associated with passwords, and how many of these risks can be defrayed (spoiler alert: just use a strong password management system).
Wired has a terrific piece that details how a secret order in the 18th century used a combination of cryptography, obfuscation, and operational secrecy to either spy on the Masons, or keep the Masonic traditions and rituals alive during a time of persecution. It’s a longer read, but worth your time. Wired’s article also demonstrates the value of academic freedom: it gives scholars the ability to explore and solve intriguing problems. Their work may never provide a monetary ‘return on investment’ but it will likely enrich society and culture nevertheless .
The issue here is not whether Anonymous activists can be rightfully prosecuted: acts of civil disobedience, by definition, are violations of the law designed to protest or create a cost for injustices. The issue is how selectively these cyber-attack laws are enforced: massive cyber-attacks aimed at a group critical of US policy (WikiLeaks) were either perpetrated by the US government or retroactively sanctioned by it, while relatively trivial, largely symbolic attacks in defense of the group were punished with the harshest possible application of law enforcement resources and threats of criminal punishment.
That the US government largely succeeded in using extra-legal and extra-judicial means to cripple an adverse journalistic outlet is a truly consequential episode: nobody, regardless of one’s views on WikiLeaks, should want any government to have that power. But the manifestly overzealous prosecutions of Anonymous activists, in stark contrast to the (at best) indifference to the attacks on WikiLeaks, makes all of that even worse. In line with its unprecedented persecution of whistleblowers generally, this is yet another case of the US government exploiting the force of law to entrench its own power and shield its actions from scrutiny.
Glenn Greenwald, “Prosecution of Anonymous activists highlights war for Internet control”
The Times Colonist has a particularly good opinion piece concerning authorities’ use of automatic license plate recognition. This technology was recently subject of an investigation in British Columbia, with the provincial information and privacy commissioner asserting that many of the current uses of the technology must stop. For more information, you can read the decision (.pdf) or some press coverage about the decision.
When speaking about authorities’ interests in retaining locational information about people who aren’t immediately of interest to police, the author of the opinion piece writes:
And the concept [of collecting such information] goes against the golden thread that winds its way throughout our justice system – the presumption of innocence unless proven otherwise. A person shouldn’t become the focus of an investigation just because he or she happened to drive along a certain street at a certain time.
But a person who hasn’t done anything wrong shouldn’t worry, right? Ask that to people whose lives have been ruined when they have been investigated or charged for a crime and later exonerated. That stigma of being the target of a police investigation is not easily erased, even when a person is cleared of all wrongdoing.
This latter paragraph – that the stigma of a false investigation can significantly alter a person’s life possibilities for an extensive period of time – is often forgotten about or glossed over when reporting on new policing surveillance practices. In an era where information is in abundance, and the attention span to monitor stories and issues is at a premium, a false charge may be legally overturned without the population more generally ever correcting their false impressions. This can create a long-standing disadvantage for falsely accused person as they try to carry on with their lives.
Moreover, the very potential that information could be used against you turns the (popular) understanding of guilt on its head: instead of authorities clearly linking a person’s presence at a location with a crime, it becomes the responsibility of each individual to demonstrate the innocence of being in place X at time Y. Given that these license plate scanners can capture where people are, at any time of the day, there isn’t a necessary reason that a person will know why they were at X at Y. While such oversights ought to be understood as the reasonable failings of a reasonable human’s mind, the danger is that an inability to justify one’s presence at a particular place could be taken as an indication of potential guilt. As a result of such ‘suspicious’ behaviour an individual who was just driving at the ‘wrong place’ at the ‘wrong time’ could be subjected to more intrusive police surveillance, simply because a scanner identified a person at a particular place at a particular time.
Fortunately, the privacy commissioner has significantly come out against this ubiquitous form of surveillance. Her stance should limit these dystopian risks of license plate scanners in her jurisdiction. Now it’s up to the authorities to respect the decision and mediate how and why they use the technology.
Excited Pixels