Tag: security

Thanks to the Internet of Things

HershbloggerLeave a comment

Your trash disposal habits might now require a small EMP generator before you can safely throw away a lightbulb.

Recycling is definitely contraindicated without that EMP.  Or a 2 pound sledge (wear eye-protection).

The people scanning the conveyor belt to sort actual trash out of the recycling stream could quickly “monetize” burned out lightbulbs without even the bother of diving into a dumpster, and without any computer skills whatever.

Discarded smart lightbulbs reveal your wifi passwords, stored in the clear

I am quite sure this does not apply only to IoT lightbulbs.

The future is stupid, but not stupider than LIFX management. They sell you electronic security breachers so you can implant them yourself. Which would make you the stupidest.

The engineers at LIFX did not encrypt the RSA key on their “smart” lightbulbs, so an enterprising garbage collector who’d ‘learned to code’ could have root access to your home WiFi because you threw one away.

It isn’t believable that the engineers at LIFX failed to understand this problem.

Therefore, it wasn’t the engineers who decided to ship these Trojan Horses.

Therefore, protestation from LIFX that they’ve cleaned up their act is incredible.

That is, it is as credible as Google and Facebook when they claim they protect your privacy – even though selling it is how they prosper.

This is not to say LIFX planned to harvest your WiFi passwords.  It is to say they just didn’t give a shit.

I can’t wait until lightbulbs speak like HAL… I wonder if you can get HAL’s voice on Alexa or Google Home?

“Light?… Off.”
“Sorry, I can’t do that _your name here_.”

Sadly, most Millennials wouldn’t get the reference, not having seen 2001: A Space Odyessy. I’m sure they are installing these bulbs in their parent’s basements.

Google’s new motto…

HershbloggerLeave a comment

Don’t be Facebook.
At Google, of course, that would not mean “respect user’s privacy.” It would mean “don’t get caught.”

I see Facebook CEO Mark Zuckerberg is reacting to his company’s poor user-data stewardship by inviting regulation. Not regulation of his company; he’s asking for political advertising to be regulated.

“Actually, I’m not sure we shouldn’t be regulated,” Zuckerberg said in an interview with CNN that represented some of his first public remarks since the Cambridge Analytica controversy plunged his company into crisis and led to calls for his testimony before Congress.

“I actually think the question is more ‘What is the right regulation?’ rather than ‘Yes or no, should it be regulated?’” Zuckerberg told CNN.

The Facebook CEO said that “he would love to see” new transparency regulations for political advertisements. Facebook has been criticized for a lack of transparency.

OK, Mr. Zuckerberg, I’ll take a shot at “What is the right regulation?”

First, it’s not about political advertising. You’re looking to make government regulation a CYA for Facebook: “Look, we followed the regulations!” You’re asking to “consult” with government on how political advertising should be constrained. Foxes. Henhouse. Plus a helping of partisanship and financial self-interest.

Advertising isn’t the problem. The problem is your business model and its intentional lack of honesty.

The regulation of Facebook, Google, Amazon, Twitter, Apple, etc. should start from the premise that users own their identity data, including when it’s aggregated. This enables micro-payments to those whose data is aggregated, each time it is accessed or updated. Basically, an identity copyright law. You’re using my identity, you have to pay me.

Defining ownership of the data as the individual’s would require absolute positive opt-in – data can’t be sold without payment and unless specific permission is given. Big Data like their interminable click-through contracts; they love changing the terms of service at will; they love hiding the opt-out buttons. We need these contracts re-written. One thing would happen for sure; the mandatory opt-in buttons would be prominent and they would list the payment to be gained.

Granting ownership of users’ data to users also encourages companies who gather and store it to be careful with it as a fiduciary duty. CEO Zuckerberg appears to agree that that is a good idea.

On Wednesday afternoon, Zuckerberg published a post promising to audit and restrict developer access to user data, “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”

He’s right, Facebook doesn’t deserve to serve you for exactly the reason he gave. The word “serve” in that sentence can be interpreted in two very different ways. Zuckerberg is only too happy to “serve” you to advertisers. This attitude is long standing, as noted by the New Yorker in 2010

In [an] exchange leaked to Silicon Alley Insider, Zuckerberg explained to a friend that his control of Facebook gave him access to any information he wanted on any Harvard student:

Zuck: yea so if you ever need info about anyone at harvard

Zuck: just ask

Zuck: i have over 4000 emails, pictures, addresses, sns

Friend: what!? how’d you manage that one?

Zuck: people just submitted it

Zuck: i don’t know why

Zuck: they “trust me”

Zuck: dumb f*cks

Indeed.

While Zuckerberg claims he’s matured since that exchange, “if you ever need any information” nonetheless remains the raison d’être of Facebook. Zuckerberg went on to say, “I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again.” Well, since privacy violations and sleazy ethical conduct just keep happening, he must be a slow learner.

In 2006 Facebook’s introduction of “News Feed” made information public that users had intended to keep private. In 2009, Facebook made posts public by default, when they had been private, again by simply changing its ToS. That attracted the attention of the U.S. Federal Trade Commission. In 2011, Facebook was caught tracking you with its cookies even after you had logged out. Zuckerberg is worried about regulating advertising, but Facebook had no problem in 2013 with the posting of beheading videos. In 2014, the company was forced to acknowledge that it had conducted a psychology experiment intended to manipulate users’ emotions.

The current angst over Cambridge Analytics should be directed at Facebook business practices. The same thing happened in 2012 with the Obama campaign – except with Facebook’s active participation. At the time this was considered a clever advertising use of social media by the Democrats.

So, suddenly, 6 years later, Zuckerberg wants political advertising regulated? You know he made the offer because his lobbyists would write the legislation. It’ll turn into a barrier to competition while likely eroding freedom of speech.

Facebook has repeatedly violated agreements with users, changed ToS without warning, hidden privacy controls deep within users’ profiles, made and allowed unethical use of its data, and directly participated in targeting election advertising. Maybe they’d be more careful, ethical and transparent if you owned the data.

A final word from Zuckerberg:

The real question for me is, do people have the tools that they need in order to make those decisions well? And I think that it’s actually really important that Facebook continually makes it easier and easier to make those decisions… If people feel like they don’t have control over how they’re sharing things, then we’re failing them.

Only one way to fix that. Give them control.

Further reading on owning your own identity:
Who owns your identity?
Google’s Alphabet, “A” is for amoral

Copyright 2005-2019

Advantage Sanders

HershbloggerLeave a comment

Dem sen: Sanders has no ‘interest in foreign policy’

Democratic senator and top Clinton surrogate Claire McCaskill bashed rival Bernie Sanders on the day of the Iowa caucus as lacking the foreign policy chops needed to serve as commander-in-chief…

“He doesn’t have experience and hasn’t shown a great deal of interest in foreign policy, hasn’t really demonstrated the breadth and depth of knowledge you need to lead this country at a dangerous time.”

McCaskill has a point. Mrs. Bill’s interest in sharing state secrets with foreign intelligence agencies is well documented, and we are in a dangerous time.

Thanks, in no small part, to Mrs. Bill.

If only she’d shown a lack of interest in foreign policy, our national security wouldn’t be compromised, Libya wouldn’t be breeding ISIS, four Americans might not have died in Benghazi and she wouldn’t be on the verge of indictment.

Copyright 2005-2019

At this point

HershbloggerLeave a comment

Official: Some Clinton emails ‘too damaging’ to release

The intelligence community has deemed some of Hillary Clinton’s emails “too damaging” to national security to release under any circumstances, according to a U.S. government official close to the ongoing review. A second source, who was not authorized to speak on the record, backed up the finding.

I find it hard to believe that emails intelligence experts declare ““too damaging” to national security to release under any circumstances” can possibly be evidence of mere internecine bureaucratic catfights.

Mrs. Bill says I’m mistaken: Hillary Campaign: Withholding of Emails Just ‘Over-Classification Run Amok’

Hillary Clinton’s campaign insisted today that the former secretary of State wants the release of more than 20 emails determined to have contained top-secret information, calling the withholding “over-classification run amok.”

Indeed: What difference, at this point, does it make? Any interested foreign intelligence services already read them.

It’s a vast intelligence agency conspiracy.

Copyright 2005-2019

Immigration Policy is national security

HershbloggerLeave a comment

The Weekly Standard notes that

Marco Rubio, the Florida senator who is running for president, was among those who voted against the USA Freedom Act. “Just four days before the terrorist attack in California this week, the USA Freedom Act limited our access to critical information about potential threats,” said Rubio’s campaign in a statement provided to THE WEEKLY STANDARD. “Because too many in Washington have failed to grasp the nature of this enemy, we have less access to intelligence information now than we did just days ago. In the wake of Wednesday’s attack on innocent Americans doing nothing more than going about their daily lives, we must act swiftly to reverse the limitations imposed on these critical intelligence programs. Radical jihadists are trying to kill as many Americans as they can. Our law enforcement and intelligence professionals need access to this information. Failing to give them the tools they need to keep Americans safe is dangerous and irresponsible.”

It’s just a bit odd to connect an attack your policy didn’t detect with the efficacy of that policy in preventing such an attack.

Rubio is better spoken than Josh Earnest, but the Senator sounds just like the Press Secretary when the latter was asked for an example of a mass shooting “more gun control” would have prevented.

Our law enforcement and intelligence professionals had the authority Senator Rubio is complaining they lost before the San Bernadino attack. Were they not using it, was it overwhelmingly vast or just useless? Or all three?

Of course, there was intelligence which could have stopped the attack, but law enforcement and intelligence professionals were prevented from using it by the Obama Administration’s exquisite tribalist sensitivities, not by Senators who voted in favor of the Fourth Amendment.

The male shooter in San Bernadino was aligned with a Mosque known to promote radical Islam, but an investigation that would have raised that flag was shut down by Homeland Security on the request of the State Department’s Office of Civil Rights. Killing this investigation can only be viewed as a public relations exercise in political correctness. No profiling!

The female shooter had publicly indicated she supported ISIS long before she was Federally “vetted” on three separate occasions. Federal policy prevented a search of her Facebook account that would have revealed this. On the admittedly flimsy assumption that support for ISIS is disqualifying, she would have been denied the opportunity to shoot anyone in San Bernadino.

Fearing a civil liberties backlash and “bad public relations” for the Obama administration, Homeland Security Secretary Jeh Johnson refused in early 2014 to end the secret U.S. policy that prohibited immigration officials from reviewing the social media messages of all foreign citizens applying for U.S. visas, according to a former senior department official.

“During that time period immigration officials were not allowed to use or review social media as part of the screening process,” John Cohen, a former acting under-secretary at DHS for intelligence and analysis. Cohen is now a national security consultant for ABC News.

Since multiple sources for determinative information which would have put these two under surveillance was ignored – because the approbation of the American elite left was more important to the Obama Administration than protecting Americans – we’re supposed to bend the Fourth Amendment to Senator Rubio’s will? Over an incident where the program he’s pushing failed?

Senator Rubio, if he wants to prevent future terror attacks, might consider directing his fire at the people who failed us with their PC attitude to vetting immigrants. Of course, Rubio has demonstrated he shares a bit of that attitude. He seems not to realize that Immigration Policy is the intersection of Foreign Policy with Domestic Policy. Rubio advances the surveillance state in order to maintain the illusion the two sets of policy are unrelated.

His complaint about the USA Freedom Act boils down to this: We need this intrusion into your life to keep you safe from our incompetence in using the obvious intelligence sources we already have.

Related: Quite a long article, but with a good bit of explanatory power about Cruz and Rubio on foreign and immigration policy. And why they’re attacking each other in precisely the way they are. This addresses some very substantive issues.

YMMV, but I do recommend it. It may assist you in a choice we’ll face if we can ever get rid of the blowhard rug-head.

And let’s finish by examining the Weekly Standard’s intro to the piece in the first link:

Thanks to a law recently passed by Congress and signed into law, federal law enforcement are unable to access phone records of the terrorists who killed or injured dozens of people in San Bernardino this week.

Wrong. All that’s necessary is a subpoena to get the needed records. I’m sure they got one almost instantly. I call Marco Rubio shilling on the Standard.

Copyright 2005-2019

The database

HershbloggerLeave a comment

Donald Trump is taking flak for proposing a “Muslim database.” In fact, this was proposed by a reporter, Trump never said it. Trump’s mistake is that he didn’t address the idea. As if the content of a reporter’s question is his responsibility.

What he did say, however, is worse:

Well, we’re going to have to do things that we never did before. And some people are going to be upset about it, but I think that now everybody is feeling that security is going to rule. And certain things will be done that we never thought would happen in this country in terms of information and learning about the enemy.

The larger point that seems to have gone missing is that there already is a database of Muslims… and tea partiers and ACLU supporters and college protesters and gun owners and Bernie Sanders contributors and… well, what ever filters the NSA wishes to apply to the bulk data they’re collecting.

They already know where you’ve been, if an email had a keyword they’re looking for, your age, your race, your charitable contributions, where you were born, what you’ve purchased, what you read, what you eat and drink, the state of your health and who you’ve called and when. Do you really think they can’t already pretty precisely figure out your religion? A bit of information, moreover, some of you may have already directly declared on some government form or other.

Copyright 2005-2019

Promises

HershbloggerLeave a comment

File Says N.S.A. Found Way to Replace Email Program

So, NSA does not need to collect and store everyone’s email to provide security insights. They told a Clinton “Truth” when they said they shut the program down for “operational and resource reasons” – they meant they found another way to do it.

As far as phone records, all the bulk data is still available from the phone companies – it just requires observance of the 4th Amendment.

When we are asked to trade fundamental civil rights for security by a government that could find no wrongdoing at the IRS, blamed a minor film maker for its own deadly security lapse at Benghazi, runs an airport security agency which misses 95% of weapons it’s tasked with finding, prevaricates about the data it gathers on its own citizens, ignores precise warnings about bomb plots (the Tsarnaevs), refuses to use the words “Radical Islam” even while terrorists shouting “Allahu Akbar!” murder scores – calling the terrorists a lesser threat than climate change – why should we trust their promises regarding our civil rights?

Why, in fact, should we trust such power even to men and women with a good track record? Men and women in government change, sooner or later you get ones like we have now. A “good track record” means preserving and protecting the Bill of Rights.

Copyright 2005-2019