Should there be some small office somewhere in the
vast government bureaucracy that reviews these half-vast security
schemes before they fail spectacularly and embarrass every department
or agency that tries to implement them?
From the we-should-have-expected-this
dept., Adam Winer reports:
An IRS program that was supposed to help protect vulnerable taxpayers has been partially suspended, because it turns out the program wasn’t all that secure.
An “IP pin code” program is supposed to add another layer of security to those filing tax return forms, but in March, the IRS announced the “tool is unavailable until further notice.”
Tax experts say the IRS program was hacked.
Read more on ABC
News.
[From
the article:
Either way, it's down, and it's causing problems
for people who were relying on the program.
"[If[ a client never receives a letter or
maybe a client just misplaced the letter, they can't retrieve [the
pin number] online because the system now has been suspended,"
explains tax specialist and certified fraud examiner Elina Linderman
of La Rusa.
Linderman estimates about 5 to 6 percent of her
client base has an IP PIN code from the IRS. Filing taxes for those
people has become a nightmare for some, and many fear those PIN codes
have been stolen altogether.
How strong will the backlash be?
DOJ knew of
possible iPhone-cracking method before Apple case
Weeks
before the FBI sought a court order forcing Apple to help it break
into an iPhone used by one of the San Bernardino gunmen, a sister
agency was already using an Israeli security firm's technology to
attempt to crack a similar device.
… more than two weeks before a judge ordered
Apple to assist the FBI, the Drug Enforcement Administration, also a
division of the DOJ, filed a
warrant request in a Maryland court asking to use technology from
security firm Cellebrite to defeat the password protections on a
suspected drug dealer's iPhone.
… A Maryland judge approved the search warrant
on Feb. 16, the same day California Magistrate Judge Sheri Pym
ordered Apple to provide technical assistance to the FBI in the San
Bernardino case.
… In the Maryland drug case, the warrant
application describes how Cellebrite would be used to defeat password
protections on a suspect's iPhone 6 and other smartphones.
"The device and all readable and searchable
contents will be attempted to be downloaded to a 'CellBrite' [sic]
device," the Maryland warrant application says. "The
'CellBrite' device allows the user to bypass any password protected
utility on the phone."
The iPhone contents "will then be copied to a
readable computer disc" and reviewed by the court, the warrant
application says.
… Critics of the FBI's case against Apple are
now
questioning whether the agency should have moved forward with its
case without disclosing the possibility of using Cellebrite to hack
Farook's phone.
The FBI and DOJ now appear to be backing down in
the Apple case because of public opinion and a possibility they won't
get the court precedent they seek, said Evan Greer, campaign director
for digital rights group Fight for the Future.
"The FBI’s last minute excuse is about as
believable as an undergrad who comes down with the flu the night
before their paper is due," Greer said via email. "They
should come clean immediately."
I don't think they have given Privacy much
thought.
Driverless-Car
Makers on Privacy: Just Trust Us
… This topic came up last week at a
Congressional hearing on driverless cars, and the companies
potentially doing the data-collecting were, and this is putting it
gently, evasive.
“Do you think there should be a mandatory
minimum for privacy protection?” asked Senator Ed Markey, a
Democrat from Massachusetts.
The witnesses, representing car makers and the
ride-sharing company Lyft, had well-rehearsed platitudes—privacy is
important, we look forward to cooperating with the federal
government, that kind of thing—but none agreed that mandatory
privacy standards should apply to them.
Think this one through for a minute. The NSA is
regularly tapping the phone of an ISIS commander who calls a number
in the US he never called before. During the conversation it become
obvious that the person on the US end is about to walk a suicide bomb
into a school/airport/sporting event. Should the NSA remain silent?
Do the rules change if the call originates in the US?
Lawmakers
warn of 'radical' move by NSA to share information
“If media accounts are true, this radical policy
shift by the NSA would be unconstitutional, and dangerous,” Reps.
Ted Lieu (D-Calif.) and Blake
Farenthold (R-Texas) wrote
in a letter to the spy agency this week. “The proposed shift
in the relationship between our intelligence agencies and the
American people should not be done in secret.
… The NSA has yet to publicly announce the
change, but the New
York Times reported last month that the administration was poised
to expand the agency's ability to share information that it picks up
about people’s communications with other intelligence agencies.
The modification would open the door for the NSA
to give the FBI and other federal agencies uncensored communications
of foreigners and Americans picked up incidentally — but without a
warrant — during sweeps.
Robert Litt, the general counsel at the Office of
the Director of National Intelligence, told the Times that it was
finalizing a 21-page draft of procedures to allow the expanded
sharing.
Separately, the
Guardian reported earlier this month that the FBI had quietly
changed its internal privacy rules to allow direct access to the
NSA’s massive storehouse of communication data picked up on
Internet service providers and websites.
I'd like to
report that my Data Management students predicted this strategy.
Unfortunately, this isn't one of our successes. I wonder how things
were managed before?
White House
Puts Clamps on Data Center Development
The federal
program for improving the operation of thousands of government data
centers has entered a new phase that will impact significantly how
electronic information is stored and managed. Proposed updates to
data center operations will affect providers of data management
products and could spur the
use of cloud technology.
… Federal CIO Tony Scott recently released
proposals for major changes in government policy regarding federal
data centers. The proposals include prohibiting government agencies
from developing new data centers – or significantly expanding
existing centers – unless
such efforts are approved by the CIO and the Office
of Management and Budget. The office of the federal
CIO operates as a unit within OMB.
For some
reason, this industry is an early adopter of new technologies. I
must study them closely. (I'm just doing it for the free Google
Cardboard thingies.)
… The world’s biggest adult site partnered
with established VR porn store BaDoink to offer free 360-degree
content. It is obviously NFSW.
If you’ve never tried VR porn, let me tell you:
It is a weird, wild ride. I tested out the new site using both iOS
and Android setups and a couple different headsets. The video I saw
was not exactly virtual reality as the footage wasn’t entirely 3D.
Pornhub does say that the new channel will have lots of full
360-degree content, so you really feel like you’re in some San
Bernardino McMansion having sex with a stranger.
… The VR site just went live on Pornhub, so
click through if you dare. Pornhub is also giving away 10,000
free Google Cardboard-like devices if you sign up.
No comments:
Post a Comment