6 posts

Are Only Jerks Wearing Google Glass?

There’s really no way to stop the evolution of technology. The more we desire access to things at the touch of a button, or hell, through our eyeballs, the more a means to supply what we demand will materialize. With Google Glass that day has arrived. Yet, as many are finding out, the world around the Google Glass wearer isn’t so open or appreciative of having its midst invaded by a walking cyborg-person wearing a face-computer gawping at the world and everyone in it as if monkeys in a zoo cage. In short: “Hey! You! Your robo-face is making me feel uncomfortable, jerk!” Continue reading

Happy Stop Watching Me Day!

swm2Today thousands of Americans will gather in Washington, DC and many other cities across America to protest the mass surveillance by the United States government on millions of people who are not suspected of any crime and have broken no laws. As a fellow citizen of the internet, I am asking for your help. Continue reading

A View of the NSA’s Online Monitoring from an Information Security Professional

Since the NSA’s extensive domestic and international monitoring was revealed by Edward Snowden via The Guardian’s Glenn Greenwald in June 2013, much ink (or many pixels, as the case may be) has been spilled discussing whether or not the NSA has gone too far, whether the programs are unconstitutional, and a variety of other issues.

One view that I have not yet seen is that of someone on the front lines of information security, who deals with many of the threats that the NSA has been monitoring on a fairly regular basis.

Someone like me. Continue reading

Will Your ISP Be Forced to Spy On You?

While we’ve all been watching the Tea Party squeeze the government by the balls, a measure was passed by the House Judiciary Committee that could have a profound impact on our privacy should it be passed into law. Internet providers would be required to maintain records of customer activity for 12 months in the event it’s needed for legal investigations.

Data retention has been high on the Republican wish-list for a decade. It’s ostensibly intended to help law enforcement build cases against child pornography and internet predators. If that’s the case, they are throwing an awfully wide net: Continue reading

Why the Feds Don’t Need a New Social Media Wiretap Law

Are web 2.0 services like GMail, Facebook, and bit-torrent really making it harder for the FBI to wiretap people doing illegal things? Do they need congress to pass a set of laws to aid them in capturing someone who uses Facebook? As someone who works computer forensics with law enforcement agencies, I’d say no. Its not enough for them to get your data after a wiretap, they want it now!

Sure, if data lies on Facebook’s servers and not your local hard drive, the feds will have to get a separate warrant/subpoena for those locations. The government already can wiretap your e-mail using the Communications Assistance for Law Enforcement Act (CALEA).

CALEA requires telcos and ISPs to turn over real-time monitoring to the feds if they are presented with a wiretap order. If the FBI had it their way, when those providers get the wiretap order authorities would not only have access to your real-time data, but also everything stored remotely.

So you might not be updating your pics on Facebook, but since you logged in anyway, they’d have access. Its a scary thought that everything online would be this accessible. Compound that with the risk of warrantless wiretaps and it’s enough for normal people to be concerned about their privacy online.

The feds know how much they can push, though. They’ve decided that the best way for them to address real-time wiretaps is through a shady program known as “Going Dark.” It’s shady enough that the Electronic Frontier Foundation had to file a freedom of information act request to find out any info on it.

This program aims to offer “incentives” to software developers to join their program. What incentives they’re offering, they don’t say. This week a software security company was hacked and it was revealed that the government was paying them to write backdoors into software for them. Microsoft has long been accused of having a backdoor in all of their products for the NSA.

I’m guessing that the FBI is asking, politely, for similar things. I don’t know what incentives the feds could offer a company, but since the “Going Dark” program is multi-agency and spans defense, law enforcement, and the Department of Justice, they could offer all kinds of under-the-table deals that we’d never hear about.

One of the problems we’re going to face in the future is that the government has no real standards in terms of computing. One agency will run one piece of software, another will run a completely different piece, on a different platform. The government also gets bilked by IT companies. I’ve seen broke school districts paying $2,000 for a Dell workstation because that’s what their contract says they’ll do.

I’m sure the different federal agencies work in a similar fashion. I’ve given presentations at law enforcement seminars where the previous speakers were standing up and teaching computer crime units on how to use Google. (As in, “put what you want to search for in the text box, click “search!”) And while I’ve given presentations where people actually know what they’re doing, the majority however have no clue. The people who are dreaming up these projects are trying to win support from people who have absolutely no clue when it comes to technology.

Privacy might not be a major concern for you now, but if programs like “Going Dark” get slipped under the radar its going to be too late for any of us to have privacy online ever again.