Archive for 2012/02/19
As things are playing out we’re getting the worst of both: pervasive government and corporate dictatorships controlling huge sections of our lives. Whether we call it fascism or totalitarianism or neo-feudalism, the end result will be indistinguishable on the groundPosted: 2012/02/19 in Education / Awareness
Details of every phone call and text message, email traffic and websites visited online are to be stored in a series of vast databases under UK Government new anti-terror plansPosted: 2012/02/19 in Education / Awareness, Enforcement, New Business Models, Privacy / Data Protection, Public Policy
Landline and mobile phone companies and broadband providers will be ordered to store the data for a year and make it available to the security services under the scheme.
The databases would not record the contents of calls, texts or emails but the numbers or email addresses of who they are sent and received by.
For the first time, the security services will have widespread access to information about who has been communicating with each other on social networking sites such as Facebook.
Direct messages between subscribers to websites such as Twitter would also be stored, as well as communications between players in online video games.
The Home Office is understood to have begun negotiations with internet companies in the last two months over the plan, which could be officially announced as early as May.
Professor of Software Security and Correctness, Bart Jacobs: “Governments need to invest in people with true IT knowledge, not merely managers”Posted: 2012/02/19 in Cybercrime, Education / Awareness, Network Security, Public Policy
Jacobs also states that the state of security at government level almost makes him cry.
Dutch language news article:
About Bart Jacobs: http://www.cs.ru.nl/~bart/
Based on what has been demonstrated thus far, ongoing research efforts, and the continuing advancements of computing and networking technology, we believe that cloud computing is poised to have a major impact on our societys data-central commercial and scientific endeavors.
SIDN currently has access agreements with the following investigative and enforcement authorities:
- Autoriteit Financiële Markten (the Dutch independent supervisory authority for the savings, lending, investment and insurance markets)
- Consumentenautoriteit (The Dutch Consumer Authority promotes fair trade between businesses and consumers)
- (New) Food and Consumer Product Safety Authority
- The city of Apeldoorn (social security fraud investigators)
- The city of Helmond (social security fraud investigators)
- National Cyber Security Centre (NCSC)
- OPTA (Independent Post and Telecommunications Authority)
- Radiocommunications Agency
- The Dutch Healthcare Authority
- The Dutch Tax Authority
Some of the possible uses of DPI at present include:
- Limited or Tailored Service – For some specialist cases, such as cell phone contracts that are intended to only allow the user access to Facebook or other services, DPI can ensure that this is enforced.
- Policy Control– Broadband providers can ensure that their service-level agreements and acceptable use policies are enforced.
- Bandwidth Management – In addition to monitoring acceptable use and throttling excessive users, DPI can also managed on-the-fly bandwidth management to redistribute traffic loads during busy times.
- Network Security – the ability to detect and intercept viruses, spyware and DDoS attacks before they reach their destination provides the potential for a massive improvement in network security, denying malicious traffic from reaching, and exploiting, vulnerable individual systems.
- Law Enforcement Compliance – DPI technology provides networks with the means for complying with specific law-enforcement requirements in different regions, such as CALEA.
- Quality of Service – The traffic control and bandwidth management abilities of DPI allows service providers to intelligently shape network traffic to prevent heavy users of streaming or P2P services from slowing down the network for other users.
So Where’s the Rub?
The main purpose of Deep Packet Inspection technology is to give users a better experience and to make intelligent delivery of service more manageable for network providers. All of the above applications are primarily aimed at stopping users or software from reducing the quality of service for other users, delivering the expected service or complying with legal requirements, so why is DPI at the centre of so many debates concerning issues as fundamental as free speech, civil liberties and privacy? To understand this it’s worth looking at some high-profile debates, campaigns and recent events to see how DPI fits in.
Network operators lack confidence in Law Enforcement Agency’s ability and willingness to investigate online attacks, and “evince strong dissatisfaction with current governmental efforts to protect critical infrastructure”Posted: 2012/02/19 in Cybercrime, Education / Awareness, Stats / reports
A federal judge says the Louisiana law meant to keep registered sex offenders from networking with minors online includes too many types of Web sites in its restrictionsPosted: 2012/02/19 in Education / Awareness, Jurisprudence
A new deal with China will enable U.S. film companies to distribute more movies in that country, and studio execs hope this will lead to a drop in Web piracyPosted: 2012/02/19 in Education / Awareness, New Business Models
The hacking of the websites of the Federal Trade Commission’s Bureau of Consumer Protection on February 17 was the second attack on the agency’s web presence in less than a month. Both of the attacked servers were set up for the FTC by the public relations firm Fleishman-Hilliard under the same contract, and ran on servers the firm provisioned from web hosting and cloud services provider Media Temple.
But even after the server for the FTC’s OnGuardOnline.gov site (ironically, a site intended to share tips from the government on computer security and privacy for consumers) was hacked on January 24 using an exploit of security weaknesses in the applications running on it, Fleishman declined to update the software running its other sites, an executive of Media Temple told Ars.
The Canadian public safety minister Vic Toews has called in the police to investigate threats made against him and his family in response to his internet privacy bill, which has also provoked a storm of online protest.
The Dutch judge argues that a name of a foundation does not equal “personal details” as defined in the current Dutch data privacy laws. Even though the name of the foundation contains the names of the complainants and Google Maps is also displaying the address information – the location where the complainants actually live – as well as pictures of the premises.
The judge then switches to an interesting philosophy, moving away from the situation at hand by arguing that:
- names of foundations typically do not match names of the people working for it
- addresses of foundations typically do not match names of the people working for it, AND Google is not making known that the addresses of the complainants and the addresses of the foundation are one and the same
- Google has rightfully requested the address information at the Dutch Chamber of Commerce
- potential use of Google Maps by burglars is only “speculative”
One wonders how this judge would feel about any presumed link between IP addresses and personal details…
Dutch language news article:
Private detectives or police and government agents who don’t want to obtain a court order can also use the technique to confirm whether a person they’re tracking is attending a particular demonstration or meeting