Category: Links

Links

Naqvi: Solution to Court Delays – Call off your Crowns

Post author By Christopher Parsons
Post date January 2, 2017

There can be no debate — delays in our justice system are a very bad thing. With every week, month and year of delay, memories fade, the quality of evidence degrades and victims are denied legal closure.

And, often intentionally overlooked is the reality that court delays mean that accused persons who are presumed (and often are) innocent suffer ongoing stigma, stress, loss of employment, oppressive bail conditions and incarceration waiting for their trial dates.

Let’s get one thing straight — there is not one accused person being held in our Dicken-sian provincial jails who is intentionally delaying their day in court. There is simply no benefit to do so. Ontario’s remand centres are violent, overcrowded, humanity-destroying hellscapes, which are completely devoid of any rehabilitation programming or basic human comforts.

Canadians only realize how broken the legal system is when they, or someone they know, is sucked into it.

Tags Canada, Justice

Links

150 Filmmakers Want Nikon and Canon to Sell Encrypted Cameras. Here’s Why

Post author By Christopher Parsons
Post date December 17, 2016

From Wired:

Implementing that feature wouldn’t be simple—particularly in high-definition cameras that have to write large files to an SD card at a high frequency, says Jonathan Zdziarski, an encryption and forensics expert who also works a semi-professional photographer. Integrating encryption without slowing down a camera would likely require not just new software, but new microprocessors dedicated to encrypting files with maximum efficiency, as well as security engineering talent that camera companies likely don’t yet have. He describes the process as “feasible,” but potentially expensive. “I don’t expect Nikon or Canon to know how to do this the way computer companies do. It’s a significant undertaking,” says Zdziarski. “Their first question is going to be, ‘how do we pay for that?‘”

Adding in encryption is a non-trivial undertaking. It’s one that is often done badly. And strong encryption – such that no party can access the content absent a passphrase – also has drawbacks because it you forget that phrase then you’re permanently locked out of the data. As someone who has suffered data loss for exactly that reason I’m incredibly sympathetic that the level of security proposed – opt-in strong security – is not necessarily something that most users want, nor something that most companies want to field support calls over.

Tags Cameras, Encryption, Security

Links

The Perfect Weapon: How Russian Cyberpower Invaded the U.S.

Post author By Christopher Parsons
Post date December 16, 2016

As the year draws to a close, it now seems possible that there will be multiple investigations of the Russian hacking — the intelligence review Mr. Obama has ordered completed by Jan. 20, the day he leaves office, and one or more congressional inquiries. They will wrestle with, among other things, Mr. Putin’s motive.

Did he seek to mar the brand of American democracy, to forestall anti-Russian activism for both Russians and their neighbors? Or to weaken the next American president, since presumably Mr. Putin had no reason to doubt American forecasts that Mrs. Clinton would win easily? Or was it, as the C.I.A. concluded last month, a deliberate attempt to elect Mr. Trump?

In fact, the Russian hack-and-dox scheme accomplished all three goals.

This is an absolutely brilliant piece of journalism by Harris, Singer, and Shane. It unpacks the publicly available information about the intrusions into the Democratic National Committee’s systems and how information was subsequently mobilized and weaponized. These sorts of attacks will continue to be effective because all it takes is a single failure on the part of defenders, often in the face of hundreds or thousands of discrete attacks. As a result the remediation process is, today, arguably the most important of a cyber-security event because a dedicated and resourced attacker will eventually penetrate even the best secured networking infrastructure. And the Democratic National Committee, and Democratic Party more generally, still lacks a remediation policy months after the attacks.

Tags Politics, Russia, Security, United States

Links

Privacy and Policing in a Digital World

Post author By Christopher Parsons
Post date December 15, 2016

As the federal government holds public consultations on what changes should be made to Bill C-51, the controversial anti-terrorism legislation passed by the Conservative government, various police agencies such as the RCMP and the Canadian Association of Chiefs of Police have petitioned to gain new powers to access telephone and internet data. Meanwhile nearly half of Canadians believe they should have the right to complete digital privacy. The Agenda examines the question of how to balance privacy rights with effective policing in the digital realm.

I was part of a panel that discussed some of the powers that the Government of Canada is opening for discussion as part of its National Security consultation, which ends on December 15, 2016. If you want to provide comments to the government, see: https://www.canada.ca/en/services/defence/nationalsecurity/consultation-national-security.html

Tags Canada, Encryption, Politics, Privacy

Links

Donald Trump Is Gaslighting America

Post author By Christopher Parsons
Post date December 14, 2016

As a candidate, Trump’s gas lighting was manipulative, as President-elect it is a deliberate attempt to destabilize journalism as a check on the power of government.

To be clear, the “us” here is everyone living under Trump. It’s radical progressives, hardline Republicans, and Jill Stein’s weird cousin. The President of the United States cannot be lying to the American electorate with zero accountability. The threat of deception is not a partisan issue. Trump took advantage of the things that divide this country, pitting us against one another, while lying his way to the Oval Office. Yes, everything is painfully clear in hindsight, but let’s make sure Trump’s win was the Lasik eye surgery we all so desperately needed.

The good news about this boiling frog scenario is that we’re not boiling yet. Trump is not going to stop playing with the burner until America realizes that the temperature is too high. It’s on every single one of us to stop pretending it’s always been so hot in here.

Teen Vogue has one of the more biting analyses of Trump’s activities in the US media. Teen. Vogue.

Tags Politics, Trump

Aside Links

The Subtle Ways Your Digital Assistant Might Manipulate You

Post author By Christopher Parsons
Post date December 13, 2016

From Wired:

Amazon’s Echo and Alphabet’s Home cost less than $200 today, and that price will likely drop. So who will pay our butler’s salary, especially as it offers additional services? Advertisers, most likely. Our butler may recommend services and products that further the super-platform’s financial interests, rather than our own interests. By serving its true masters—the platforms—it may distort our view of the market and lead us to services and products that its masters wish to promote.

But the potential harm transcends the search bias issue, which Google is currently defending in Europe. The increase in the super-platform’s economic power can translate into political power. As we increasingly rely on one or two head butlers, the super-platform will learn about our political beliefs and have the power to affect our views and the public debate.

The discussions about algorithmic bias often have an almost science fiction feel to them. But as personal assistant platforms are monetized by platforms by inking deals with advertisers and designing secretive business practices designed to extract value from users, the threat of attitude shaping will become even more important. Why did your assistant recommend a particular route? (Answer: because it took you past businesses the platform owner believes you are predisposed to spend money at.) Why did your assistant present a particular piece of news? (Answer: because the piece in question conformed with your existing views and thus increased time you spent on the site, during which you were exposed to the platform’s associated advertising partners’ content.)

We are shifting to a world where algorithms are functionally what we call magic. A type of magic that can be used to exploit us while we think that algorithmically-designed digital assistants are markedly changing our lives for the better.

Tags Amazon, Google, Privacy

Links

US-CERT: Stop using your remotely exploitable Netgear routers

Post author By Christopher Parsons
Post date December 12, 2016

From Network World:

In case you are wondering, that firmware for the R7000 – Nighthawk AC1900 smart router – is the newest firmware available by Netgear. Here are Netgear’s links to the R8000 – Nighthawk AC3200 tri-band gigabit router and the R6400. Hopefully those – and any other vulnerable models – will soon be updated with less insecure firmware.

Hopefully less insecure firmware will be provided to turn a burning dumpster fire into a merely-smouldering-mess. Hurray for (possible, but don’t bet on it) progress.

Tags Internet, Security, Vulnerability

Aside Links

Twenty-four pedestrians were hit on Toronto’s roads on Tuesday — including an 87-year-old who died

Post author By Christopher Parsons
Post date December 9, 2016

“Do we recognize that weather plays a part in it? Yes, that’s a contributing factor. But what do you do when you can’t see where you’re going? You slow down, you look around. Unfortunately, drivers, let’s be quite frank, are somewhat lazy. They don’t adjust for the driving conditions they face. They’re still trying to push the envelope.”

It’s always a bit shocking to have the Toronto police holding drivers to account for, you know, killing people with their vehicles. It’s a nice change from just blaming pedestrians.

But, at the same time, I don’t think that drivers being “somewhat lazy” is a legitimate comment when talking about people being killed. People get lazy and don’t wash the dishes. Or don’t take the dog out. When they get lazy and kill someone we tend to use another word when we’re not referring to drivers killing pedestrians.

That word? Manslaughter.

Tags Pedestrian, Police, Toronto

Links

Millions exposed to malvertising that hid attack code in banner pixels

Post author By Christopher Parsons
Post date December 8, 2016

From Ars Technica:

Despite targeting only people using IE and unpatched versions of Flash, Stegano is noteworthy for its concealment of exploit code in the pixels of the banner ads. There’s no reason future campaigns—or possibly ongoing ones that have yet to be discovered—couldn’t exploit zero-day vulnerabilities that infected a much larger base of people. Until ad networks get much better at detecting malvertising campaigns, the scourge is likely to continue.

The lesson, again, is that the advertising that is scattered throughout the web should be generally regarded as hostile and that ad blockers aren’t just a privacy tool but a security tool as well.

Tags Advertising, Malvertising, Malware, Security

Links

I’m giving up on PGP

Post author By Christopher Parsons
Post date December 7, 2016

This is one of the clearest (and bluntest) critiques of PGP/GPG I’ve read in a long time. It very, very clearly establishes PGP’s inability to successfully protect people facing diverse threat models, the failure of the Web of Trust to secure identities and communities of trust, and challenges of key security and rotation. I’d consider it assigned reading in a university class if the students were ever forced to learn about PGP itself.

Tags Encryption, PGP, Security