Saturday, October 11, 2014

For my Ethical Hackers, a challenge: I don't think anyone liked the conclusions we reached at yesterday's Privacy Foundation seminar. As the world fills (and I mean that literally) with sensors connected to the Internet, it will be increasingly difficult to avoid, evade or escape being “sensed” as you move through the world.
Marriott found a way to force your wifi devices to use their wifi so they could charge you for that “service.” The FBI can force your cell phone to connect via their “simulated” cell phone towers, so they can collect metadata (and perhaps intercept your conversation).
If we can collect similar technologies to override all the sensors we might contact and make it small enough to carry in your pocket, we could become a “roach motel” for sensor data. Data enters but never leaves.
Our task then is to replace the actual sensor data with simulated data that properly reports that it has “nothing to report.” This is significantly more difficult than using a certain law school professor's name on your King Sooper's loyalty card. We will need to identify each unique type of device (and there will be thousands upon thousands) and then generate an accurate “false signal.”
Merely blocking all sensor data turns us into a “Black Hole” which flags us as “highly suspicious, probably terrorists” and may automatically summon the black helicopters or even a drone-launched smart bomb.
I'm not sure that even IBM's Watson could do this. (But it might be fun to try.)

(Related) Knowing the tools used to surveil you, allows you to take anti-surveillance measures.
Hackers Show the NSA's Capabilities Are Not Magic
A group of security researchers, hardware hackers, hardware developers and hobbyists have set out to demonstrate that many of the tools similar to those used by the United States National Security Agency (NSA) for surveillance operations can be reproduced on a low budget with open source software and hardware components. The project, called the "NSA Playset," came out of a collaboration between security researcher Dean Pierce and Michael Ossmann, founder of Great Scott Gadgets. Shortly after the NSA's ANT catalog was leaked online, they recruited several others who had already implemented or were working on implementing capabilities that were similar to the ANT tools.
The ANT catalog is a 48-page classified document containing information on the technologies used by the NSA's Tailored Access Operations (TAO) unit for cyber surveillance. The document is one of the many files obtained by the former NSA contractor Edward Snowden.

Local. See how easy it is to “breach” privacy? If they had put the survey in an envelope, there would have been no breach.
Colorado health officials announce privacy breach
Colorado health officials say they accidentally violated the medical privacy of about 15,000 people in a recent postcard mailing.
… Whether someone receives behavioral health care services is considered protected private medical information.

Soon it will be easier to list the retailers who have not been breached.
Kmart Stores Hit by Data Breach
Sears Holdings Corp. said the payment systems at its Kmart stores were breached by malicious software, the latest in a string of major retailers that have been successfully attacked by hackers.
The breach, believed to have started in early September, was discovered Thursday, Sears said, noting some debit and credit-card numbers of customers who shopped at Kmart were compromised.
… Chris Brathwaite, a Sears spokesman, declined to say how many credit and debit cards were affected. [They don't know? Bob]

Not the most compelling argument, but still worth watching this 20 minute video.
Why Privacy matters
Glenn Greenwald was one of the first reporters to see — and write about — the Edward Snowden files, with their revelations about the United States' extensive surveillance of private citizens. In this searing talk, Greenwald makes the case for why you need to care about privacy, even if you’re “not doing anything you need to hide."

I could use this in my classroom. Smile and nod, your grade goes up. Frown and shake your head, your grade goes down.
Joe Cadillic sends along this eyebrow-elevating news from BBC:
A comedy club in Barcelona is experimenting with charging users per laugh, using facial-recognition technology to track how much they enjoyed the show.
The software is installed on tablets attached to the back of each seat at the Teatreneu club.
Each laugh is charged at 0.30 euros (23p) with a cap of 24 euros (£18). Takings are up so far.
The project was developed to combat falling audience numbers.
Partnering with advertising agency The Cyranos McCann, the experiment was a reaction to increased government taxes on theatre tickets, which in turn led to drastic drops in audience numbers.
Read more on BBC.
OK, but apart from the obvious surveillance/privacy issues, wouldn’t this encourage the audience not to laugh too much – so they save money?

Would this money be better spent ensuring that all students have digital tools? That they are trained to use them? That they work better than non-digital tools?
Benjamin Herold reports:
The National Science Foundation earlier this month awarded a $4.8 million grant to a coalition of prominent research universities aiming to build a massive repository for storing, sharing, and analyzing the information students generate when using digital learning tools.
The project, dubbed “LearnSphere,” highlights the continued optimism that “big” educational data might be used to dramatically transform K-12 schooling.
It also raises new questions in the highly charged debate over student-data privacy.
Read more on Education Week (reg. Required).

I suppose it's always a matter of interpretation. I look at this as proof that there was no plan for dealing with “too big to fail” bank failures, and that they are scrambling to come up with one. Eventually, they will need to through someone off the troika to appease the wolves.
US and UK to play financial ‘war game’
Britain and the US will stage the first transatlantic simulation of a crisis in a large bank on Monday. It is a sign of growing confidence that the authorities can now deal with the failure of large institutions.
All of the main players who would need to be involved in a failure of a company such as Bank of America, Goldman Sachs, Barclays or HSBC will gather in Washington DC to make sure they would know what to do, who to call and how to inform the public.
The move reflects the authorities’ view that they are getting close to solving the “too big to fail” problem, even for cross-border banks, outside a full-blown system-wide crisis.

Biometrics: Be sure to bring your (someone's) finger!
Check in with your finger: Alaska Airlines testing ‘e-thumb’ technology
Physical boarding passes — and even mobile ticketing — may be a thing of the past if the new “e-thumb” technology that Alaska Airlines is currently testing catches on.
Bloomberg reports that the Seattle-based airliner has installed fingerprint readers in four of its airport lounges as a way for fliers to check-in without having to show an employee a boarding pass and physical identification.

Logic like this is what convinces me I'd never make it as a lawyer.
Andy Greenberg reports:
Lawyers for Ross Ulbricht have spent the last two months shifting the focus from their client, charged with creating the billion-dollar drug market the Silk Road, and putting it onto the potential illegality of the FBI’s investigation. Now the judge in that case has spoken, and it’s clear she intends to put Ulbricht on trial, not the FBI.
In a 38-page ruling Friday, Judge Katherine Forrest dismissed the defense’s motion to suppress evidence that hinged on the argument that law enforcement had violated Ulbricht’s Fourth Amendment right to privacy from unreasonable searches.
Read more on Wired.
[From the article:
But the Judge’s rejection of that argument comes down to what may be seen as a fateful technicality: she argues that even if the FBI did hack the Silk Road server, Ulbricht hadn’t sufficiently demonstrated that the server belonged to him, and thus can’t claim that his privacy rights were violated by its search.

Definitely, positively, absolutely something for my students! Can we find one that does this on other phones?
– is an Android application, which offers a solution to those who wish to keep their mobile phones on silent mode for specific geographical locations, time, occasions and for specific contacts. You simply need to provide the desired conditions – occasions, times and geographical locations when you would like to keep your mobile silent.

I probably shouldn't laugh at these...
… For-profit giant Kaplan University launchesOpen College,” which “will include free online services and personalized mentoring to help people identify and organize prior experience and skills that could count toward a degree or move them closer to a new career.
The Academy of Art University used to grant students permanent licenses for the Adobe CS6 Master Collection as part of their tuition. But apparently Adobe has deactivated these licenses, without any warning, demanding students now pay a $60/month subscription fee to continue access.
… Hackers have released a cache of 13GB of Snapchat users’ photos. Although users believe Snapchats disappear after viewing, a third-party app has apparently been collecting these images for several years. About half of Snapchats’ users are between age 13 and 17. “4chan users say the collection of photos has a large amount of child pornography, including many videos sent between teenagers who believed the files would be immediately deleted after viewing.”

No comments: