Saturday, April 02, 2016
British politicians are no more delusional that US politicians.
The Terrorist Justification for Mass Surveillance
The UK government's attempts to ease the passage of the hugely controversial Investigative Powers Bill continued this week with a Telegraph opinion piece from William Hague (former First UK Secretary of Sate and former leader of the Conservative Party): The Brussels attacks show the need to crack terrorist communications.
In this piece Hague continues the usual confused approach over encryption while concentrating on the need for bulk data collection and retention. Discussing the Brussels terrorists he comments, "the mobile phones they carried had evidently not been used before and showed no record of texts, chat or emails. Whatever means of co-ordination they used, it was sufficiently private or encrypted that the authorities do not seem to have been aware of it."
Nevertheless he continues on the standard theme that what amounts to mass surveillance will help the intelligence agencies discover what he has just admitted wasn't there, while simultaneously demonizing the Snowden whistleblowing. Lee Munson, a researcher with Comparitech suggests that Hague is 'sadly deluded'.
Security expert and commentator David Harley is more measured. Hague, he suggests is basing his arguments on at least two assumptions. Firstly, that "since intelligence agencies weren't aware of whatever messages may have been passed between the terrorists, they must have been been using super-private, super-encrypted technology. Actually it’s at least as likely that they were communicating by such lo-tech routes that they didn’t show up on the authority’s radar."
… The second concern is that Hague is trying to differentiate bulk collection from mass surveillance when it is effectively, if not semantically, the same thing. Even then, wonders Harley, "if bulk data interception didn’t pick up relevant traffic on this occasion, will spending more money on it help? Or will we have to lean further in the direction of mass surveillance?"
Perhaps they can try those “don't tell the judge” agreements they used for intercepting cellphones?
FBI weighs if it can share hacking tool with local law enforcement
The FBI and Justice Department are debating whether the hacking tool that helped the bureau unlock the iPhone of one of the San Bernardino, Calif., terrorists can be used to help state and local law enforcement, officials said Friday.
That will be a challenge because the bureau has classified the tool, making it difficult to use in state and local criminal prosecutions requiring disclosure of evidence to defendants, officials said.
… Moreover, the tool itself likely will have a shelf life of only a few months, as tech companies may find and fix the vulnerabilities that the tool exploits, and they periodically update the underlying software.
The firm that helped the bureau — not the Israeli company Cellebrite, as had been widely rumored — charged a one-time flat fee, officials said.
The bureau is not releasing the company’s name and has declined to discuss details of the solution.
… To referee the issue, the government has an interagency process headed by the attorney general to decide which capabilities should be classified. This is separate from the “vulnerabilities equities process” managed by the White House, which decides which software flaws should be disclosed to the software maker. [So if the White House says “share” the DoJ can say “Classified?” Bob]
My Data Management students were wondering about that.
Exclusive: Egypt blocked Facebook Internet service over surveillance - sources
Egypt blocked Facebook Inc's (FB.O) Free Basics Internet service at the end of last year after the U.S. company refused to give the Egyptian government the ability to spy on users, two people familiar with the matter said.
… The Egyptian government suspended the service on Dec. 30 and said at the time that the mobile carrier Etisalat had only been granted a temporary permit to offer the service for two months.
Two sources with direct knowledge of discussions between Facebook and the Egyptian government said Free Basics was blocked because the company would not allow the government to circumvent the service's security to conduct surveillance. They declined to say exactly what type of access the government had demanded or what practices it wanted Facebook to change.
Interesting. How would they make it work?
The Music Industry Has Had It With The Digital Millennium Copyright Act
The music industry is tired of playing whack-a-mole and is appealing to the U.S. Copyright Office and Congress to help. Hundreds of artists, managers and industry organizations signed petitions sent to the U.S. Copyright Office Thursday demanding reform of the Digital Millennium Copyright Act, a law they say has placed undue burdens on them to scour the internet for people and websites illegally sharing their work.
… “It’s impossible for tens of thousands of individual songwriters and artists to muster the resources necessary to comply with its application.”
… Rightsholders and other artists claim this growth is proof of a dizzying responsibility that they cannot be expected to handle while continuing to make art. Yet other stakeholders frame that growth as proof the system is working.
The Computer and Communications Industry Association, a trade group that counts Google, Amazon and Yahoo among its members, filed its own comments on the DMCA this week making that exact point, saying filing takedown requests has grown easier, cheaper and more efficient.
For my Computer Security students.
Survey: With all eyes on security, talent shortage sends salaries sky high
The industry that makes students smarter?
Hack Education Weekly News
… Via the Mail and Guardian Africa: “An Africa first! Liberia outsources entire education system to a private American firm. Why all should pay attention.” The United Nations Special Rapporteur on the right to education, Kishore Singh, has said that “Such arrangements are a blatant violation of Liberia’s international obligations under the right to education, and have no justification under Liberia’s constitution.” The company in question is Bridge International Academies, which has received funding from the Gates Foundation, Learn Capital, and Mark Zuckerberg’s investment company the Chan Zuckerberg Initiative (among others). [But, what if it works? Bob]
… From the Detroit Free Press: “In its latest crackdown on school corruption in Detroit, the federal government today dropped a legal bomb on 12 current and former principals, one administrator and a vendor – all of them charged with running a nearly $1-million bribery and kickback scheme involving school supplies that were rarely ever delivered.” [See above? Bob]
… Via The Wall Street Journal: “Judge Says Bankrupt Law Grads Can Cancel Bar Loans.” Federal student loans cannot be discharged by declaring bankruptcy, so this is an interesting ruling.
… “Getting banned from Facebook can have unexpected and professionally devastating consequences,” writes the EFF’s Jillian York.
… Via NPR: “Software Flags ‘Suicidal’ Students, Presenting Privacy Dilemma.”
… Via the Star Tribune: “Two faculty unions are up in arms over a new rule that would allow Minnesota’s state colleges and universities to inspect employee-owned cellphones and mobile devices if they’re used for work. The unions say the rule, which is set to take effect on Friday, would violate the privacy of thousands of faculty members, many of whom use their own cellphones and computers to do their jobs.”