Reckless Exploit: Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware is another fine bit of investigative reporting by Citizenlab.org (a group that is worth following.) Read at this link the use of spyware to target journalists and advocates of views that are inconvenient to what some might view are corrupt officials.
Bloomberg reports on Baltimore Secret Cameras, which constantly record in the city. It’s a good article on how much surveillance really goes on … and in a city that has just been issued a scathing report from the Department of Justice on persistent and long-term civil rights violations in its police department. Yes, it does seem like these things go together, doesn’t it?
We continue to promote the practice of not just following headlines (though you should do at least that!) but also looking past them to understand relevant technologies. Two articles are thus very much on point for this practice today. One is an inventory of technical considerations on FBI hacking of the iPhone, which of course has our attention because of the legal battle between Apple and FBI, and the other is a very nice recounting of the first widely known cyber attack on power grid and infrastructure which occurred in the Ukraine.
At least that is the conclusion one would reach from John McAfee’s latest commentary, The NSA’s back door has given every US secret to our enemies.
A colorful individual, to be sure but … at least in this case, he is probably right.
Researchers deconstructed some of the workings of the Baidu browser, and report back with an inventory of serious privacy and security flaws … some would say unsurprisingly so. The linked article is to commentary from the same site, and that in turn can bring you to the detail of their work, which is a very credible bit of research.
Students and alumni at UC Berkeley have filed a lawsuit against Google for its practices of data mining and profiling their email traffic through Google’s “Apps for Education” services which it promotes widely – including on this campus. The suit claims this is a violation of the Electronic Communications Privacy Act.
Google appears to confirm the practice but asserts that while profiles are created for everyone who uses these tools, it does not target individuals for advertising based directly on the user’s information. However the company has so far been silent on how it uses these data for its other purposes, and presumably at some point will need to argue that those uses, while profitable and exploitative, are technically not a violation.
There is no such thing as a free lunch, so for users who obtain services at no direct charge from Google, it is not clear what they think is the business value to Google if not to train fairly elaborate models to recognize someone having exactly the individual’s features, and then sell use of that model to companies or government officials who want people identified. Those uses are surely good for Google, corporations and officials, but for consumers, not so much.
Google’s practices have been the open elephant in a room that few involved have an interest in acknowledging. School officials in particular have strong motivation to pay for their digital infrastructure out of their students’ liberty and pockets, and interests of those students be damned. (At UM, the message is also employee interests be damned, as we convert faculty and staff services to Google over the course of this year.)
What brings the present case forward is an assertion by the students that an earlier Google representation (that they would stop direct advertising based on the student data) was an admission that the were violating the Act in contrast to promises made at the time. Those promises are not unlike those made to students on this campus when we directed all traffic through Google servers.
Literally so, as you’ll see in the linked article, Xfinity’s Security System Flaws Open Homes to Thieves. At issue is wireless technology that is easily jammed, and Xfinity software which ‘fails positive’, meaning, if it doesn’t hear from a sensor in the house then it presumes all is well instead of alerting the homeowner in a text or email about the condition.
Xfinity so far has not responded to either the authors of the report or CERT. Maybe something is jamming their radar to consumer concerns too.
Rolling Stone carries a nice capsule summary of Tor, or ‘the onion router’, and its history. What is its future? Probably its security has been cracked already in pretty fundamental ways, but the cost of doing so for any one or another individual target remains higher than would commonly be paid by any but nation states having serious ‘national assets’ to deploy in the process.
But don’t expect to have it remain your little secret if you did so on the internet.
Where is science taking cybersecurity? Dan Geer, a long-time technologist in the field, takes his shot at capturing where the field is going — and tells a lot about where we are now along the way.