Via the Ottawa Citizen:
Internet companies have hung up on a call by privacy advocates to reveal the extent to which they share subscriber information with police, security services and government.
Tag: Transparency
A Canadian privacy and security group isn’t impressed with the answers it got from Canadian Internet service providers about their policies on
Privacy advocates say they’re disappointed with vague responses from Canadian telecommunication companies about when and how they hand customer information to police and security agencies.
Via The Tyee:
Last September I filed FOIs that got me blacklisted for a time, depriving voters of facts they deserve.
You should read Bob’s article in case you’re curious about why the press, academics, and active citizens laugh at the ‘transparency’ into government operations made possible by access to information, or freedom of information and access, laws.
I would note: one of my colleagues has had a federal access request open for seven years at this point. Our work on license place recognition equipment, at the federal level, has been open almost two years, with no end in sight. There have been repeated ‘inappropriate’ (read: illegal, except it’s not illegal if the police do it, right?) closures of our file, and personal involvement by the federal information commissioner.
ATIP and FOI laws are a joke, and a bad ones at that.
Categories
Less Than Impressed With 1Password
First, the good news: 1Password has released a new version of their product on iOS. The company outlines a whole pile of reasons for supposedly delaying security upgrades – some of which include the updates will slow the speed at which users can access their encrypted data – but fail to identify what I suspect is a key motive behind the upgrade. If you recall, I wrote a while ago about key failures in mobile password managers. 1Password was amongst those who had flawed security implementations.
To be clear: security, especially good security, is damn hard to engineer. 1Password didn’t have the gaping flaw that others did – i.e. storing passwords in plaintext!! – but it was flawed. In the security community this (ideally) is resolved when someone critiques your secured infrastructure. In today’s world you should also credit the security researcher(s) who identified the flaw.
Unfortunately, this isn’t what 1Password has done. As far as I can tell, there is no formal recognition from the company that they have had flaws in their mobile security model pointed out by a third-party. This is a shame, given that a key factor that builds genuine trust in security is transparency. It seems like 1Password is willing to address problems – they’re not dwelling in a security by obscurity paradigm, to be sure! – but not credit others with finding those problems in the first place.
Update: My very, very bad. I missed an earlier piece from 1Password, where they note the research. That is available here. It would have been ideal to see a reference to this in their update but, admittedly, credit had previously been given.
Categories
2012.1.9
We must go further [than simply demanding transparency] and inject public values into development cycles while also intentionally hobbling surveillance technologies to rein in their most harmful potentialities.
Transparent Practices Don’t Stop Prejudicial Surveillance
Excited Pixels 