Category: Aside

Categories
Aside Links

The Security of Our Election Systems

The Security of Our Election Systems:

Government interference with foreign elections isn’t new, and in fact, that’s something the United States itself has repeatedly donein recent history. Using cyberattacks to influence elections is newer but has been done before, too ­ most notably in Latin America. Hacking of voting machines isn’t new, either. But what is new is a foreign government interfering with a U.S. national election on a large scale. Our democracy cannot tolerate it, and we as citizens cannot accept it.

Last April, the Obama administration issued an executive orderoutlining how we as a nation respond to cyberattacks against our critical infrastructure. While our election technology was not explicitly mentioned, our political process is certainly critical. And while they’re a hodgepodge of separate state-run systems, together their security affects every one of us. After everyone has voted, it is essential that both sides believe the election was fair and the results accurate. Otherwise, the election has no legitimacy.

Election security is now a national security issue; federal officials need to take the lead, and they need to do it quickly.

The effects of a decade of focusing on attack capabilities at the expense of defence is now becoming apparent. And I’d bet that we’ll see democratic governments call for heightened national ‘defence’ capabilities that entail fully inspecting packets. Which will require laws that water down communicative privacy rights. Which will themselves damage the democratic characters of our political systems.

Categories
Aside Links

Can we design sociotechnical systems that don’t suck?

Can we design sociotechnical systems that don’t suck?:

Many hard problems require you to step back and consider whether you’re solving the right problem. If your solution only mitigates the symptoms of a deeper problem, you may be calcifying that problem and making it harder to change.

Ethan’s essay is a long response to Shane Snow’s proposals for prison reform. In short, Snow is aiming to adjust conditions inside of prisons without considering whether there is a broader series of social issues that are responsible for actually leading to incarcaration. And, worse, he’s making his proposals without lived experiences of what prison itself is like.

The crux of Ethan’s argument, really, doesn’t concern the kinds of prison reform which are(n’t) appropriate so much as this: is it appropriate for a given person, or group, to solve the problem(s) in the first place? Are they capable of even identifying what are the problem(s)?

I think that this kind of attitude – of humbleness and appreciation for one’s limited perspective on the world – is something that should be taken up by more technologists, policy makers, and law makers. Too often we assume we know how to help without even knowing whether, and if so why and under what conditions, help is needed in the first place.

Categories
Aside Links

On weaponized transparency

On weaponized transparency:

Over the longer term, it’s likely that personal or sensitive data will continue to be hacked and released, and often for political purposes. This in turn raises a set of questions that we should all consider, related to all the traditional questions of openness and accountability. Weaponized transparency of private data of people in democratic institutions by unaccountable entities is destructive to our political norms, and to an open, discursive politics.

Weaponized transparency, especially when it affects the lives of ordinary persons who take an interest in the political process, is dangerous for a range of reasons. And responsible journalists – to say nothing of publishers such as Wikileaks – ought to be condemned when they fail to adequately protect the private interests of such ordinary persons.

Categories
Aside Links

From file-sharing to prison: A Megaupload programmer tells his story

The Megaupload saga has a new chapter, as the only person convicted by the US in relation to Mega’s file sharing system has broken his silence. Tänavsuu’s article is an in-depth interview with Andrew Nõmm, who did programming for the site and service. Nõmm takes strong issue with Kim Dotcom — he asserts regularly the Kim did nothing to assist Nõmm in his legal efforts — as well as with the Estonian government for their lack of support.

This is a relatively unique piece, insofar as it discusses the experiences of people within the Kim Dotcom empire, and from the perspective of someone who has directly suffered as a result of their association with the project and company. It’s worth the read, if only to understand how the US system deals with persons found guilty of significant copyright violation and some of the inner workings of the Mega projects.

Categories
Aside Links

Canada has a rape kit problem | VICE News

This piece is excellent if incredibly depressing: for funding reasons (or, more cynically, failure of predominant male politicians to raise this issue on the political agenda…) women who are assaulted are often unable to access rape kits. These kits are used to collect evidence for potential criminal investigations pertaining to the assault.

But the end of the (very long, and detailed) article ends with an important reminder for readers who have gotten to the end:

Rape kits, ultimately, are only a small piece of a bigger problem with the justice system, says Hilla Kerner, a front-line worker at Vancouver’s Rape Relief Shelter.

She said rape kits are only helpful in cases that the attacker denies any sexual contact and DNA evidence can contradict that claim. It’s rare that this is a line of defense, she said—but when it is, the evidence gathered with a rape kit is vital.

Basically, if the accused’s DNA is found on the complainant’s body, it removes the line of defence of: ‘I don’t know her, I’ve never seen her before.’

“We shouldn’t fool ourselves that a rape kit is the solution to getting more cases through the criminal justice system,” Kerner said. “There is a need for urgent reform in the criminal justice system, and rape kits are just one element of the whole transformation that needs to happen.”

In other words, though we need to improve access to forensic services, we shouldn’t imagine that such access alone will alleviate the incredibly hostile approach the criminal justic system takes towards the victims of rape and sexual assault.

Categories
Humour

‘Breakthrough’ NSA spyware shows deep grasp of makers’ hard drives

‘Breakthrough’ NSA spyware shows deep grasp of makers’ hard drives:

The espionage program appears to be fairly targeted, said Chris Parsons, an expert on state surveillance tools with the University of Toronto’s Citizen Lab.“This is what we can count,” a Kaserpsky spokesperson said. “Because of [the] self-destroying function of the malware, the number [of victims] could be much higher.”

“Realistically, that’s a comparatively small number when you look at the global population of computers that are sold,” Parsons said.

Canada was not identified as one of the nations that has been targeted by the tampered hard drives.

What is firmware?

Firmware is software that enables a computer to perform its basic functions, Parsons explained.

“It’s essentially the operating code that runs the devices in your computer,” he said. “Think of it as the base code that’s used to run the hardware. Once the firmware is running … all the pieces of your computer get activated and are able to function.”

Kaspersky’s analysis suggests the spyware could work on popular hard drives manufactured by Western Digital, Seagate Technology, Toshiba, IBM, Micron Technology and Samsung.

“The value of getting in before everything else loads is you can influence what loads, how it loads, when it loads, and the value is much higher than if you waited until the operating system booted up,” Parsons said.

That’s because most anti-virus programs tend to be designed to take action following the loading of firmware. This particular program, however, would be “masked” in the firmware.

Which users might be affected by this?

Parsons points out that so far all the malware collected has been designed to work with Microsoft Windows.

One of the characteristics of this malware was to modify the sensor instructions to make the changes to the firmware “almost impossible to detect,” Parsons explained.

“So by the time you go to boot into Windows, it’s already compromised, and this has been hidden for at least eight to 14 years,” he said.

Parsons anticipates hackers will be emboldened by the report’s findings.

“By now knowing the kinds of attacks possible, you can be certain that other actors will now try to emulate and copy what we’ve seen here,” he said. “The risk of copycats is now much more likely.”

Categories
Aside

2015.1.3

So…did GCHQ et al intercept and decrypt BBM messages, or were they just handed over?

Categories
Aside Links

U.S. Cyber Command investment ensures hackers targeting America face retribution

U.S. Cyber Command investment ensures hackers targeting America face retribution :

Later that summer, Marine Lt. Gen. Richard P. Mills bluntly told a conference in Baltimore that commanders under his control in Afghanistan routinely used cyberwarfare tactics to attack and disable al Qaeda and Taliban enemies.

“I can tell you that as a commander in Afghanistan in the year 2010, I was able to use my cyberoperations against my adversary with great impact,” Gen. Mills was quoted at the time as saying. “I was able to get inside his nets, infect his command and control, and in fact defend myself against his almost constant incursions to get inside my wire, to affect my operations.

While the military is developing the capability, the political and policy realm is struggling with the right parlance.

If that’s the language that US generals are using to explain what ‘cyber’ is then I think that the executive-class is clueless about the things that their ‘cyberwarriors’ are up to. And if they’re this clueless then how can they be relied on (or quoted in anything other than a mocking way?) to provide expert advice to policy makers, politicians, or the public?

Categories
Aside Links

Christopher Parsons weighs in on privacy concerns in Canada

A roundup of what I’ve said, to whom, and that was published this month.

Christopher Parsons weighs in on privacy concerns in Canada

Categories
Aside Humour

stopdataretention:

Who you email/txt, where you go, what sites you visit – stored by govt for 2 yrs under new laws.