Category: Aside

Categories
Aside Links

Imagine if Donald Trump Controlled the NSA

Wired:

And exactly what could a President Trump do with the NSA? First, Hennessey says, there’s the question of what he could undo: He could, for instance, rescind the executive actions of President Obama aimed at reforming the NSA after Snowden’s revelations. Presidential Policy Directive 28, for example, issued in 2014, was designed to ensure that the NSA’s signals intelligence branch wouldn’t use its powers to promote American business interests or suppress political dissent abroad, and that it would minimize its invasion of the privacy of not just Americans but also non-Americans whenever possible. Trump could also defang or coopt the executive branch’s Privacy and Civil Liberties Oversight Board, which opposed and helped to end the NSA’s mass collection of Americans’ cell phone records last year.

More fundamentally, Hennessey and other former NSA staffers worry that Trump could redefine the priorities of the NSA’s foreign intelligence mission. He could, for instance, refocus American spying efforts to take the agency’s eyes off Russia and instead target that country’s adversaries, like Georgia, Ukraine, or even the European Union. Given Trump’s murky financial ties to Russia, it’s still not clear how he would approach its authoritarian government if he were to take power. “Trump has indicated he has unusual views about Vladimir Putin as an individual and Russian activity around the world that’s very problematic for the security interests of the US,” Hennessey says. “We shouldn’t underestimate the importance of the intelligence community’s high level priorities and the ability of the president to shift them.”

Despite what people believe, the NSA is significantly restrained in some of its activities as compared to its compatriots. As an example, there is still no evidence that the NSA conducts economic espionage for the purpose of enhancing specific American business’ interests. The United States does conduct economic espionage for trading and global threat assessments, but not to share the collected information with domestic businesses. A Trump presidency could change that and, in the course, truly blend best-of-class government surveillance with nationalist economic policies. While that might sound appealing to Americans it could also initiate a full-scale trade war…and one where the people of the world would likely come out far poorer.

Categories
Aside Links

Google’s latest IM client, Allo, isn’t ready for prime time

Ars Technica:

It’s no secret that Hangouts was poorly supported inside Google, so will Allo be any different? I’ve heard that Google Hangouts was never given resources because Google felt it would never be a money-maker. In instant messaging, you talk to your friends and send pictures back and forth, and an ad-powered Google service is never involved. With Allo, that changes because the Assistant is a gateway to search. Every question to the Assistant is a Google Search, with in-app answers coming for questions and links to generic Web searches for everything else. With search comes the possibility for ads, both from the generic search links and in the carousels that answers often provide. I’ve yet to see an advertisement inside Allo, but since it seems possible for Allo to make money, maybe it will receive more support than Hangouts did.

Setting aside the basic privacy issues of Google having access to unencrypted, plaintext, chats you have with friends and colleagues, the fact that Google is apparently unwilling to support its own products if they can’t be used to empower Google advertising is just gross. Google has impressively wasted the skills and talents of a generation of developers: imagine what might exist, today, if people were empowered to write software absent the need to data mine everything that is said for advertising purposes?

Categories
Aside Links

France’s Emergency Powers: The New Normal

Just Security:

The new, six-month extension of emergency powers creates France’s longest state of emergency since the Algerian War in the 1950s. The new law restores or extends previous emergency provisions, such as empowering police to carry out raids and local authorities to place suspects under house arrest without prior judicial approval. It also expands those powers, for example allowing the police to search luggage and vehicles without judicial warrants. In addition it reinstates warrantless seizures of computer and cellphone data that France’s highest legal authority had struck down as unconstitutional, adding a few restrictions that still fall short of judicial oversight.

In separate reports in February, Human Rights Watch and Amnesty International documented more than three dozen cases in which the use of these emergency powers violated universal rights to liberty, privacy, or freedoms of movement, association and expression. The two groups also found that the emergency acts lost suspects jobs, traumatized children, and damaged homes. The vast majority of those targeted were Muslims. Those interviewed said the actions left them feeling stigmatized and eroded their trust in the French authorities. The latest version of the emergency law risks compounding these effects.

The decisions to advance unconstitutional and discriminatory ‘security’ laws and policies following serious crimes threaten to undermine democracies while potentially strengthening states. But worryingly there are fewer and fewer loud voices for the rough and tumble consequences of maintaining a democratic form of governance as opposed to those who assert that a powerful state apparatus is needed if normalcy is to exist. The result may be the sleepwalking from governments for and by the people, to those that protect citizen-serfs and harshly discriminate against difference.

Categories
Aside Links

Turning security flaws into cyberweapons endangers Canadians, experts warn

Turning security flaws into cyberweapons endangers Canadians, experts warn:

“The Snowden docs demonstrate that CSE is active in identifying vulnerabilities,” Christopher Parsons, a post-doctoral fellow at Citizen Lab, told CBC.

“The fact that CSE identifies vulnerabilities and is not reporting them means users are not receiving patches in order to secure their networks.”

Parsons said this “creates a really dangerous scenario.”

“Canadians need to have a discussion about this. Do we want to live in a world in which we’re protecting our own citizens? Or should the priority of Canadian government organizations [like CSE] be first and foremost hacking foreign systems?”

Canadian politicians, judges, journalists and business leaders use smartphones vulnerable to the flaws now fixed by Apple — and to flaws still unknown. The country’s infrastructure is increasingly networked and vulnerable to sabotage by a foreign intelligence agency.

In such a world, Parsons wondered, does national security mean using security flaws against potential enemies? Or disclosing and fixing them?

“We haven’t had that debate in this country,” he said.

It’s increasingly looking like we are going to have the debate concerning whether the Canadian government should be stockpiling vulnerabiltiies or actively working to close identified vulnerabilties. Let’s hope that the debate tilts in favour of protecting the citizenry instead of leaving it vulnerable to domestic and foreign attackers.

Categories
Aside Links

This Mathematician Says Big Data Punishes Poor People

This Mathematician Says Big Data Punishes Poor People:

O’Neil sees plenty of parallels between the usage of Big Data today and the predatory lending practices of the subprime crisis. In both cases, the effects are hard to track, even for insiders. Like the dark financial arts employed in the run up to the 2008 financial crisis, the Big Data algorithms that sort us into piles of “worthy” and “unworthy” are mostly opaque and unregulated, not to mention generated (and used) by large multinational firms with huge lobbying power to keep it that way. “The discriminatory and even predatory way in which algorithms are being used in everything from our school system to the criminal justice system is really a silent financial crisis,” says O’Neil.

The effects are just as pernicious. Using her deep technical understanding of modeling, she shows how the algorithms used to, say, rank teacher performance are based on exactly the sort of shallow and volatile type of data sets that informed those faulty mortgage models in the run up to 2008. Her work makes particularly disturbing points about how being on the wrong side of an algorithmic decision can snowball in incredibly destructive ways—a young black man, for example, who lives in an area targeted by crime fighting algorithms that add more police to his neighborhood because of higher violent crime rates will necessarily be more likely to be targeted for any petty violation, which adds to a digital profile that could subsequently limit his credit, his job prospects, and so on. Yet neighborhoods more likely to commit white collar crime aren’t targeted in this way.

In higher education, the use of algorithmic models that rank colleges has led to an educational arms race where schools offer more and more merit rather than need based aid to students who’ll make their numbers (thus rankings) look better. At the same time, for-profit universities can troll for data on economically or socially vulnerable would be students and find their “pain points,” as a recruiting manual for one for-profit university, Vatterott, describes it, in any number of online questionnaires or surveys they may have unwittingly filled out. The schools can then use this info to funnel ads to welfare mothers, recently divorced and out of work people, those who’ve been incarcerated or even those who’ve suffered injury or a death in the family.

The usage of Big Data to inform all aspects of our lives, with and without our knowledge, matters not just because it dictates the life chances that are presented or denied to us. It also matters because the artificial intelligence systems that are being developed and deployed are learning from the data is collected. And those AI systems, themselves, can be biased and inaccessible to third-party audit.

Corporations are increasingly the substitutes for core state institutions. And as they collect and analyze data in bulk and hide away their methods of presenting data on behalf of states (or in lieu of past state institutions) the public is left vulnerable not just to corporate malice, but disinterest. Worse, this is a kind of disinterest that is difficult to challenge in the absence of laws compelling corporate transparency.

Categories
Aside Links

Meet USBee, the malware that uses USB drives to covertly jump airgaps

Meet USBee, the malware that uses USB drives to covertly jump airgaps:

The software works on just about any storage device that’s compliant with the USB 2.0 specification. Some USB devices such as certain types of cameras that don’t receive a stream of bits from the infected computer, aren’t suitable. USBee transmits data at about 80 bytes per second, fast enough to pilfer a 4096-bit decryption key in less than 10 seconds. USBee offers ranges of about nine feet when data is beamed over a small thumb drive to as much as 26 feet when the USB device has a short cable, which acts as an antenna that extends the signal. USBee transmits data through electromagnetic signals, which are read by a GNU-radio-powered receiver and demodulator. As a result, an already-compromised computer can leak sensitive data even when it has no Internet or network connectivity, no speakers, and when both Wi-Fi and Bluetooth have been disabled. The following video demonstrates USBee in the lab:

While this is still of limited value because you need to infect the airgapped computer in the first place, it’ll only take a while until this exfiltration method is weaponized. Airgaps have long been seen as a key way of keeping highly sensitive data secure but researchers working inside and outside of government keep revealing all the ways in which data can be quietly extracted from such systems. Their successes should give pause to anyone who is concerned about computer security, generally, to say nothing of those interested in the security of government and corporate systems.

Categories
Aside Quotations

2016.8.10

We have never had absolute privacy in this country. Cars, safe deposit boxes, our apartments, our houses, even the contents of our minds—any one of us, in appropriate circumstances, can be compelled to say what we saw. We have never lived with large swaths of our life off limits, where judicial authority is ineffective. That is something we need to talk about. I don’t think the FBI should tell people what to do. I don’t think tech companies should tell people what to do. The American people need to decide.

James Comey, Director of the FBI

The problem is that Comey is simply wrong: the state has never held absolute power over citizens. The 5th Amendment in the United States guarantees a right to avoid testifying against oneself. Our devices are now so personalized with our communciations, thoughts, banking, business, and life that they are functionally a self-testamonial about our lives.

Moreover, even when some evidence is unavailable – be it because authorities don’t know to look for it, or cannot find it – that doesn’t immediately mean that a case is terminated. Instead, a range of powers as well as alternate charges can be brought to bear. And the price of a democracy is that, sometimes, authorities cannot bring charges against people they suspect but cannot prove may have broken the law. This restraint on state power is a core feature of liberal democratic governance and is a restraint that needs to be maintained so that we can all enjoy our freedoms.

Categories
Aside Links

With Remote Hacking, the Government’s Particularity Problem Isn’t Going Away

Crocker’s article is a defining summary of the legal problems associated with the U.S. Government’s attempts to use malware to conduct lawful surveillance of persons suspected of breaking the law. He explores how even after the law is shifted to authorize magistrates to issue warrants pertaining to persons outside of their jurisdictions, broader precedent concerning wiretaps may prevent the FBI or other actors from using currently-drafted warrants to deploy malware en masse. Specifically, the current framework adopted might violate basic constitutional guarantees that have been defined in caselaw over the past century, to the effect of rendering mass issuance of malware an unlawful means of surveillance.

Categories
Aside Links

How a file-sharing lawsuit against Rogers threatens your Internet privacy: Geist | Toronto Star

In the next stage of the copyright wars in Canada, Voltage is moving forward with its efforts to use a reverse class-action lawsuit to reveal the identities of thousands of people the company alleges have infringed on Voltage’s copyright. If the company is successful it will open up a new way for companies to access information about subscribers while simultaneously indicating the relative weakness of the privacy protections baked into Canada’s recent copyright legislation.

Categories
Aside Links

Meet Moxie Marlinspike, the Anarchist Bringing Encryption to All of Us

Meet Moxie Marlinspike, the Anarchist Bringing Encryption to All of Us:

In March, Brazilian police briefly jailed a Facebook exec after WhatsApp failed to comply with a surveillance order in a drug investigation. The same month, The New York Times revealed that WhatsApp had received a wiretap order from the US Justice Department. The company couldn’t have complied in either case, even if it wanted to. Marlin­spike’s crypto is designed to scramble communications in such a way that no one but the people on either end of the conversation can decrypt them (see sidebar). “Moxie has brought us a world-class, state-of-the-art, end-to-end encryption system,” WhatsApp cofounder Brian Acton says. “I want to emphasize: world-class.”

For Marlinspike, a failed wiretap can mean a small victory. A few days after Snowden’s first leaks, Marlin­spike posted an essay to his blog titled “We Should All Have Something to Hide,” emphasizing that privacy allows people to experi­ment with lawbreaking as a precursor for social progress. “Imagine if there were an alternate dystopian reality where law enforcement was 100 percent effective, such that any potential offenders knew they would be immediately identified, apprehended, and jailed,” he wrote. “How could people have decided that marijuana should be legal, if nobody had ever used it? How could states decide that same-sex marriage should be permitted?”

We live in a world where mass surveillance is a point of fact, not a fear linked with dystopic science fiction novels. Moxie’s work doesn’t blind the watchers but it has let massive portions of the world shield the content of their communications – if not the fact they are communicating in the first place – from third-parties seeking to access those communications. Now unauthorized parties such a government agencies are increasingly being forced to target specific devices, instead of the communications networks writ large, which may have the effects of shifting state surveillance from that which is mass to that which is targeted. Such a consequence would be a major victory for all persons, regardless of whether they live in a democratic state or not.