For
my Ethical Hackers, a challenge: I don't think anyone liked the
conclusions we reached at yesterday's Privacy Foundation seminar. As
the world fills (and I mean that literally) with sensors connected to
the Internet, it will be increasingly difficult to avoid, evade or
escape being “sensed” as you move through the world.
Marriott
found a way to force your wifi devices to use their wifi so they
could charge you for that “service.” The FBI can force your cell
phone to connect via their “simulated” cell phone towers, so they
can collect metadata (and perhaps intercept your conversation).
If
we can collect similar technologies to override all the sensors we
might contact and make it small enough to carry in your pocket, we
could become a “roach motel” for sensor data. Data enters but
never leaves.
Our
task then is to replace the actual sensor data with simulated data
that properly reports that it has “nothing to report.” This is
significantly more difficult than using a certain law school
professor's name on your King Sooper's loyalty card. We will need to
identify each unique type of device (and there will be thousands upon
thousands) and then generate an accurate “false signal.”
Merely
blocking all sensor data turns us into a “Black Hole” which flags
us as “highly suspicious, probably terrorists” and may
automatically summon the black helicopters or even a drone-launched
smart bomb.
I'm
not sure that even IBM's Watson could do this. (But it might be fun
to try.)
(Related)
Knowing the tools used to surveil you, allows you to take
anti-surveillance measures.
Hackers
Show the NSA's Capabilities Are Not Magic
A
group of security researchers, hardware hackers, hardware developers
and hobbyists have set out to demonstrate that many of the tools
similar to those used by the United States National Security Agency
(NSA) for surveillance operations can be reproduced on a low budget
with open source software and hardware components. The
project, called the "NSA
Playset," came out of a collaboration between security
researcher Dean Pierce and Michael Ossmann, founder of Great Scott
Gadgets. Shortly after the NSA's ANT catalog was leaked online, they
recruited several others who had already implemented or were working
on implementing capabilities that were similar to the ANT tools.
The
ANT catalog
is a 48-page classified document containing information on the
technologies used by the NSA's Tailored Access Operations (TAO) unit
for cyber surveillance. The document is one of the many files
obtained by the former NSA contractor Edward Snowden.
Local.
See how easy it is to “breach” privacy? If they had put the
survey in an envelope, there would have been no breach.
Colorado
health officials announce privacy breach
Colorado
health officials say they accidentally violated the medical privacy
of about 15,000 people in a recent postcard
mailing.
…
Whether someone receives behavioral health care services is
considered protected private medical information.
Soon
it will be easier to list the retailers who have not been breached.
Kmart
Stores Hit by Data Breach
Sears
Holdings Corp. said the payment systems at its Kmart stores were
breached by malicious software, the latest in a string of major
retailers that have been successfully attacked by hackers.
The
breach, believed to have started
in early September, was discovered Thursday, Sears said,
noting some debit and credit-card numbers of customers who shopped at
Kmart were compromised.
…
Chris Brathwaite, a Sears spokesman, declined to say how many
credit and debit cards were affected. [They
don't know? Bob]
Not
the most compelling argument, but still worth watching this 20 minute
video.
Why
Privacy matters
Glenn
Greenwald was one of the first reporters to see — and write about —
the Edward Snowden files, with their revelations about the United
States' extensive surveillance of private citizens. In this searing
talk, Greenwald makes the case for why you need to care about
privacy, even if you’re “not doing anything you need to hide."
I
could use this in my classroom. Smile and nod, your grade goes up.
Frown and shake your head, your grade goes down.
Joe
Cadillic sends along this eyebrow-elevating news from BBC:
A comedy club in Barcelona is experimenting with charging users per
laugh, using facial-recognition technology to track how much they
enjoyed the show.
The software is installed on tablets attached to the back of each
seat at the Teatreneu club.
Each laugh is charged at 0.30 euros (23p) with a cap of 24 euros
(£18). Takings are up so far.
The project was developed to combat falling audience numbers.
Partnering with advertising agency The Cyranos McCann, the experiment
was a reaction to increased government taxes on theatre tickets,
which in turn led to drastic drops in audience numbers.
Read
more on BBC.
OK,
but apart from the obvious surveillance/privacy issues, wouldn’t
this encourage the audience not to laugh too much – so they save
money?
Would
this money be better spent ensuring that all students have
digital tools? That they are trained to use them? That they work
better than non-digital tools?
Benjamin
Herold reports:
The National Science Foundation earlier this month awarded
a $4.8 million grant to a coalition of prominent research
universities aiming to build a massive repository for storing,
sharing, and analyzing the information students generate when
using digital learning tools.
The project, dubbed “LearnSphere,” highlights the continued
optimism that “big” educational data might be used to
dramatically transform K-12 schooling.
It also raises new questions in the highly charged debate over
student-data privacy.
Read
more on Education
Week (reg. Required).
I
suppose it's always a matter of interpretation. I look at this as
proof that there was no plan for dealing with “too big to fail”
bank failures, and that they are scrambling to come up with one.
Eventually, they will need to through someone off the troika to
appease the wolves.
US
and UK to play financial ‘war game’
Britain
and the US will stage the first transatlantic simulation of a crisis
in a large bank on Monday. It is a sign of growing confidence
that the authorities can now deal with the failure
of large institutions.
All
of the main players who would need to be involved in a failure of a
company such as Bank
of America, Goldman
Sachs, Barclays
or HSBC
will gather in Washington DC to make sure they would know what to
do, who to call and how to inform the public.
The
move reflects the authorities’ view that they are getting close to
solving the
“too big to fail” problem, even for cross-border banks,
outside a full-blown system-wide crisis.
Biometrics:
Be sure to bring your (someone's) finger!
Check
in with your finger: Alaska Airlines testing ‘e-thumb’ technology
Physical
boarding passes — and even mobile ticketing — may be a thing of
the past if the new “e-thumb” technology that Alaska Airlines is
currently testing catches on.
Bloomberg
reports that the Seattle-based airliner has installed fingerprint
readers in four of its airport lounges as a way for fliers to
check-in without having to show an employee a boarding pass and
physical identification.
Logic
like this is what convinces me I'd never make it as a lawyer.
Andy
Greenberg reports:
Lawyers for Ross Ulbricht have spent the last two months shifting the
focus from their client, charged with creating the billion-dollar
drug market the Silk Road, and putting it onto the potential
illegality of the FBI’s investigation. Now the judge in that case
has spoken, and it’s clear she intends to put Ulbricht on trial,
not the FBI.
In a 38-page ruling Friday, Judge Katherine Forrest dismissed
the defense’s motion to suppress evidence that hinged on the
argument that law enforcement had violated Ulbricht’s Fourth
Amendment right to privacy from unreasonable searches.
Read
more on Wired.
[From
the article:
But
the Judge’s rejection of that argument comes down to what may be
seen as a fateful technicality: she argues that even if the FBI did
hack the Silk Road server, Ulbricht hadn’t sufficiently
demonstrated that the server belonged to him, and thus can’t claim
that his privacy rights were violated by its search.
Definitely,
positively, absolutely something for my students! Can we find one
that does this on other phones?
–
is an Android application, which offers a solution to those who wish
to keep their mobile phones on silent mode for specific geographical
locations, time, occasions and for specific contacts. You simply
need to provide the desired conditions – occasions, times and
geographical locations when you would like to keep your mobile
silent.
I
probably shouldn't laugh at these...
…
For-profit giant Kaplan
University launches
“Open College,”
which “will include free online services and personalized mentoring
to help people identify and organize prior experience and skills that
could count toward a degree or move them closer to a new career.
…
The Academy
of Art University
used to grant students permanent licenses for the Adobe
CS6 Master Collection as part of their tuition. But apparently Adobe
has deactivated
these licenses, without any warning, demanding students now pay a
$60/month subscription fee to continue access.
…
Hackers have released
a cache of 13GB of Snapchat
users’ photos. Although users believe Snapchats disappear after
viewing, a third-party app
has apparently been collecting these images for several years.
About half of Snapchats’ users are between
age 13 and 17. “4chan users say the collection of photos has a
large amount of child pornography, including many videos sent between
teenagers who believed the files would be immediately deleted after
viewing.”