Thursday, March 24, 2016

Should there be some small office somewhere in the vast government bureaucracy that reviews these half-vast security schemes before they fail spectacularly and embarrass every department or agency that tries to implement them?
From the we-should-have-expected-this dept., Adam Winer reports:
An IRS program that was supposed to help protect vulnerable taxpayers has been partially suspended, because it turns out the program wasn’t all that secure.
An “IP pin code” program is supposed to add another layer of security to those filing tax return forms, but in March, the IRS announced the “tool is unavailable until further notice.”
Tax experts say the IRS program was hacked.
Read more on ABC News.
[From the article:
Either way, it's down, and it's causing problems for people who were relying on the program.
"[If[ a client never receives a letter or maybe a client just misplaced the letter, they can't retrieve [the pin number] online because the system now has been suspended," explains tax specialist and certified fraud examiner Elina Linderman of La Rusa.
Linderman estimates about 5 to 6 percent of her client base has an IP PIN code from the IRS. Filing taxes for those people has become a nightmare for some, and many fear those PIN codes have been stolen altogether.

How strong will the backlash be?
DOJ knew of possible iPhone-cracking method before Apple case
Weeks before the FBI sought a court order forcing Apple to help it break into an iPhone used by one of the San Bernardino gunmen, a sister agency was already using an Israeli security firm's technology to attempt to crack a similar device.
… more than two weeks before a judge ordered Apple to assist the FBI, the Drug Enforcement Administration, also a division of the DOJ, filed a warrant request in a Maryland court asking to use technology from security firm Cellebrite to defeat the password protections on a suspected drug dealer's iPhone.
… A Maryland judge approved the search warrant on Feb. 16, the same day California Magistrate Judge Sheri Pym ordered Apple to provide technical assistance to the FBI in the San Bernardino case.
… In the Maryland drug case, the warrant application describes how Cellebrite would be used to defeat password protections on a suspect's iPhone 6 and other smartphones.
"The device and all readable and searchable contents will be attempted to be downloaded to a 'CellBrite' [sic] device," the Maryland warrant application says. "The 'CellBrite' device allows the user to bypass any password protected utility on the phone."
The iPhone contents "will then be copied to a readable computer disc" and reviewed by the court, the warrant application says.
… Critics of the FBI's case against Apple are now questioning whether the agency should have moved forward with its case without disclosing the possibility of using Cellebrite to hack Farook's phone.
The FBI and DOJ now appear to be backing down in the Apple case because of public opinion and a possibility they won't get the court precedent they seek, said Evan Greer, campaign director for digital rights group Fight for the Future.
"The FBI’s last minute excuse is about as believable as an undergrad who comes down with the flu the night before their paper is due," Greer said via email. "They should come clean immediately."

I don't think they have given Privacy much thought.
Driverless-Car Makers on Privacy: Just Trust Us
… This topic came up last week at a Congressional hearing on driverless cars, and the companies potentially doing the data-collecting were, and this is putting it gently, evasive.
“Do you think there should be a mandatory minimum for privacy protection?” asked Senator Ed Markey, a Democrat from Massachusetts.
The witnesses, representing car makers and the ride-sharing company Lyft, had well-rehearsed platitudes—privacy is important, we look forward to cooperating with the federal government, that kind of thing—but none agreed that mandatory privacy standards should apply to them.

Think this one through for a minute. The NSA is regularly tapping the phone of an ISIS commander who calls a number in the US he never called before. During the conversation it become obvious that the person on the US end is about to walk a suicide bomb into a school/airport/sporting event. Should the NSA remain silent? Do the rules change if the call originates in the US?
Lawmakers warn of 'radical' move by NSA to share information
“If media accounts are true, this radical policy shift by the NSA would be unconstitutional, and dangerous,” Reps. Ted Lieu (D-Calif.) and Blake Farenthold (R-Texas) wrote in a letter to the spy agency this week. “The proposed shift in the relationship between our intelligence agencies and the American people should not be done in secret.
… The NSA has yet to publicly announce the change, but the New York Times reported last month that the administration was poised to expand the agency's ability to share information that it picks up about people’s communications with other intelligence agencies.
The modification would open the door for the NSA to give the FBI and other federal agencies uncensored communications of foreigners and Americans picked up incidentally — but without a warrant — during sweeps.
Robert Litt, the general counsel at the Office of the Director of National Intelligence, told the Times that it was finalizing a 21-page draft of procedures to allow the expanded sharing.
Separately, the Guardian reported earlier this month that the FBI had quietly changed its internal privacy rules to allow direct access to the NSA’s massive storehouse of communication data picked up on Internet service providers and websites.

I'd like to report that my Data Management students predicted this strategy. Unfortunately, this isn't one of our successes. I wonder how things were managed before?
White House Puts Clamps on Data Center Development
The federal program for improving the operation of thousands of government data centers has entered a new phase that will impact significantly how electronic information is stored and managed. Proposed updates to data center operations will affect providers of data management products and could spur the use of cloud technology.
… Federal CIO Tony Scott recently released proposals for major changes in government policy regarding federal data centers. The proposals include prohibiting government agencies from developing new data centers – or significantly expanding existing centers – unless such efforts are approved by the CIO and the Office of Management and Budget. The office of the federal CIO operates as a unit within OMB.

For some reason, this industry is an early adopter of new technologies. I must study them closely. (I'm just doing it for the free Google Cardboard thingies.)
… The world’s biggest adult site partnered with established VR porn store BaDoink to offer free 360-degree content. It is obviously NFSW.
If you’ve never tried VR porn, let me tell you: It is a weird, wild ride. I tested out the new site using both iOS and Android setups and a couple different headsets. The video I saw was not exactly virtual reality as the footage wasn’t entirely 3D. Pornhub does say that the new channel will have lots of full 360-degree content, so you really feel like you’re in some San Bernardino McMansion having sex with a stranger.
… The VR site just went live on Pornhub, so click through if you dare. Pornhub is also giving away 10,000 free Google Cardboard-like devices if you sign up.

No comments: