Category Archives: Privacy

Protecting the web and user through a Internet Bill of Rights

Posted on by

The guy who helped invent the internet, no not Al Gore, Tim Berners-Lee wants a new Magna Carta for the internet. If he was American it’d be a bill of rights or declaration of independence, if he was an anarchist, it’d be a manifesto. This call for a clear set of rules for the online/cyberspace is nothing new. The first article was written in 1986 – 3 years before the internet was created. This was when kids were using phones and a few other systems to hack things. The most recent was only a few years ago from an internet website.

Creating these documents is an effort in futility. We already have a bill of rights in the US that SHOULD be protecting us from the NSA, GCHQ, CIA, and other organizations. These organizations, at least the US ones, should be forbidden from given information they “accidentally” collect on US citizens to other governments. They do though. We have secret courts with secret interpretations of laws that we as citizens have no idea what they are. How is ANOTHER Magna Carta going to help?

There’s absolutely no reason to expect our governments to abide by these new laws when they are flouting the current laws – attempting to undermine existing laws through intentionally narrower interpretations of rulings – in many cases getting slapped on the wrist later for infractions that have been going on for years.

Creating a new bill of rights, Magna Carter, or whatever will not solve the problem. The problem is not the current set of laws, though that doesn’t help, the root cause of the problem is corruption and arrogance.

Now that it’s been uncovered that the CIA hacked Congress’s Intelligence Committee, one that had been defending the NSA, there’s all sorts of kerfuffle. Congress didn’t care, excepting Ron Wyden (and a few others), until they realized that they were just as likely targets any the average Joe.

Most members of Congress are funded through companies and special interest groups. These include companies that support the NSA and other intelligence organizations. If any of those orgs funded any member of Congress on a committee that oversees anything related to intelligence gathering there’s going to be corruption. Regardless of if it’s quid pro quo or not.

We will never pass a bill of rights for the internet as long as there’s potential conflicts of interest (funded by companies that bills are trying to regulate). We must address corruption before we can hope to have an effective set of rights for the internet or anywhere else.

Risk of downloading apps

Posted on by

The NSA has been collecting information through our emails, our “metadata”, our cell phone calls, and now we can add to the list “Leaky Apps.” In a recently released article on The Guardian, it’s been revealed that the NSA was using Angry Birds, on both iOS and Android, to collect information directly from the cell phone of a user. This completely changes the type of information the NSA knows about you. It’s not just who you recently talked to (in the past five years) but for many smart phones it could be significantly longer than that. For example, if the App is leaky enough to allow access to other applications on the phone, then it’s possible for the NSA to access the full all of their email, my Gmail account has emails from 2005 or earlier on it still. I archive things – probably going to go delete all of these emails.

According to the NSA, access to the full collection of social networks is even more valuable than access to phone records. With apps like Facebook, Instagram, Twitter/Vine, Google+ and SnapChat, we are uploading and sending real time pictures and video of our lives. For a group of people interested in knowing everything about everyone, seeing real pictures is really valuable – especially since those same pictures will likely be associated with a GPS signal and at least one or two cell towers. In the case of an ongoing criminal investigation that will be invaluable.

This is infinitely more intrusive than only collecting the bulk information that we knew of before. In cases of snapchat and Vine it’s likely that the government is capturing our very private, personal, and nude images. There’s no reason the NSA needs to be capturing this data on everyone that has downloaded Angry Birds. The App has been downloaded approximately 1.7billion times – that’s a lot of phones and tablets that are effectively compromised. If the NSA figured out that these apps are leaky, it’s likely someone else did too.

Ethics and Values; Military and Espionage

Posted on by

We didn’t get to have a national conversation about government espionage until Snowden released all those documents and now we’re having a pretty vocal one in 2/3 branches of our government (well all three since Obama seems to contradict himself fairly often). Today on Vice’s Motherboard I read an article claiming the military is going cyberpunk. As the article notes, the military has used flight simulators for years, because crashing in one of those is a lot cheaper than crashing a real plane. The Stealth Bombers cost close to 2 Billion each, so learning how to fly one of those is best done in a simulator than in a real plane, plus it reduces the risk of death in the event of a crash.

How will this trend continue? Apparently the military is investing in virtual reality battle grounds. This will help train soldiers in different combat situations without having to build extremely expensive facilities, use blank rounds, damage guns, and any other types of explosive that would be used in those situations. Never mind the logistics to get the equipment there and all that.

It’s likely that these battle grounds will incorporate things like the Oculus Rift and omnidirectional treadmills. This will allow soldiers to move crouch and actually feel like they are in direct combat. For people at home, it’s not going to be as useful, but it could work well in this type of situation. If they add in the ability to make the environment cold or hot and wet or dry they could simulate a great deal of the virtual environment to build skills of soldiers.

The military is also working on robotics as a way to reduce the number of men we have on a battle field. This of course could be extendable beyond simply having robots like the Boston Dynamics Dog, but we could eventually mix the VR environment with a “robot” to have a remote soldier that is bullet proof, never tires (as you could replace the driver), and moves around like a person. This opens up an entirely new type of warfare. It takes the idea of drone combat and moves it to the next level – foot soldier drones that truly make the battle field imbalanced. Of course the final step would be fully autonomous robotic soldiers – but I think most people wouldn’t accept those.

In any of these cases we need to have a serious national conversation about the application of these technologies. Looking from an ethical standpoint there are conflicting views. First, it’s ethical to protect our soldiers as much as possible when we’re in a justifiable defensible conflict. Second, it’s unethical to enter combat as an aggressor where your military cannot be stopped from the position of the defender. Furthermore, if we’re talking about completely robotic military force it’s even less defensible to be using these forces as we don’t have any human control in the case of a software failure – or a hack and remote theft of the system.

As a society we need to have a conversation about if we think we should allow our military to do this. As it is we already routinely have operations that the citizens aren’t really aware of in countries like Yemen and god knows where else. These put our men and women at risk which no one wants for arguable benefit in taking out terrorists – it’s unclear if it’s working or we’re just making more enemies. If we are able to replace real live Seals with a team robotic bodies controlled by a Seal team remotely, how many more of these missions could we run? How much more of this sort of activity would we believe is an acceptable level?

I believe that this goes back to what we value as a society. If we value privacy, safety, freedom, and true constitutional control over the military then we need to make sure that we control this before the military just morphs without really any thought. The NSA morphed into a data sponge pulling in everything that moves on the internet. As a society, based on the outrage, we do value our privacy and we’re trying to pull back control from the NSA – some people disagree with that, which is fine that’s why we need a conversation.

I believe that having robotic avatar’s will lead to a higher likelihood of abuse – similar to what we’ve seen with the NSA. I think this is what’s happened with the Drone Program, where Obama has a kill list that they are proud of having. Having more humanoid drones that can shoot sniper rifles will reduce the amount of collateral damage, but will be abused. It’s also very debatable if the kill list is even constitutional.

I think that the innovation for reducing our military expenditure is a good thing. However, I think we need to have a conversation around what the end goal of these programs.

Sponsored data and YOU!

Posted on by

This could be your lucky day, your cellular provider is going to start offering packages where certain content doesn’t cost you anything in your data cap. This is awesome. You can start streaming more and more video/music/whatever it is that you stream from your favorite services. However, not all of your favorite services will be free of data charge! So make sure that you tell your favorite service that YOU want THEM to sign up and make their content data cap free to you! All those service providers have to do is pay your cellular provider money to stop the data caps! No, seriously, AT&T wants to do this.

Is this a problem? I think it depends on who you are. For a consumer in some cases this is pretty awesome. Let’s say you love to watch video games being streamed on Twitch.tv by your buddies over at KBMOD and Twitch decides to pay money to prevent your data from being charged against your data cap. But you’re also a huge fan of MLG and MLG just decided to start their own Twitch competitor but they can’t afford to pay those same fees. Well, guess you’ll be only watching MLG from your PC or on wifi. Too bad your favorite shows are on while you’re not able to use Wifi though! O well, Twitch is there for you though!

This is a niche market obviously. Not everyone cares about watching someone play streaming video games or even streaming video games to your phone so you can keep playing a game you were playing from home. A lot of people care about TV and movies though. We can look at this as something that’s really analogous to what Comcast was trying to do to Netflix close to two years ago. In April of 2012 Comcast announced that its Xfinity streaming service would not be charged against your Comcast data caps while Netflix streaming service would be. Netflix’s CEO argued that this violated Net Neutrality because it provided preferential treatment to one source of data over another.

What is Net Neutrality? Well, there are two different arguments, which I discuss in a blog here, where one is saying everything must be treated equally, while the other one argues that there are nuances and we can treat data differently because we need to “Groom” our networks. Internet and network purists believe that you shouldn’t even be able to determine what the data is or what the source of that data is if you’re a point along the network, just where it most recently was and where it needs to go next. The only application that can read the data in the package is the application that requested it.

AT&T’s plan, similar to Comcast’s, is in violation of Net Neutrality and the FCC will step in to regulate this type of “service” because it’s, in the end, bad for the consumer. Unfortunately, there are limitations to what the FCC can do and even potentially what AT&T can do.

There has been much more of a push for encryption and it’s likely that these pushes may actually enable more of a return to the true meaning of Net Neutrality. If all of our data is fully encrypted, deep packet inspection tools (which tell if the data you’re getting is video, music, or whatever), won’t work very well as that information will be encrypted. Furthermore, if your application’s data is all encrypted and AT&T won’t be able to tell if your data is your data then there’s no value in paying for “privileged” data status from AT&T.

It’s one of the reasons why I’ll likely support company’s like Wickr, an encrypted Snapchat competitor, which told the FBI to screw itself when they were asked to put a backdoor into their encryption. It’s important that we work to protect our data and support companies that do so in terms of Net Neutrality and encryption.

What companies do you support that encrypt and fight for net neutrality?

NSA Bulk Metadata ruled likely unconstitutional

Posted on by

Today was a pretty big day for privacy fans. The NSA’s bulk collection of metadata has been ruled likely unconstitutional. Why is this a big deal? It’s “Just” metadata. Well, as the CBS 60 Minutes report showed the NSA is able to convert that information into a network. Networks show everyone that you talked with and despite assurances otherwise that phone numbers weren’t used, it’s fairly easy to unmask a person in a network based on the network characteristics. I wrote a blog post about this a while back that talked about a paper showing the power of metadata. I think it’s important to reiterate here what that is.

In the article, titled Using Metadata to find Paul Revere, the author explains by using who talks who it is possible to construct a large network and that it was likely to determine the major players of the US revolutionary war. Just using club membership, it wasn’t even what they talked about, just what groups they were members of and how they were all associated. Based on the metadata Paul Revere is a pretty central figure and knows a lot of the other leaders of the revolution.

The NSA would take this view and say, “See it could have caught those terrorists back before the revolution!” However, the judge in this case says that the government did not do a sufficient job showing that this actually worked. It is, in fact, likely that the British had some of this membership information but wasn’t able to put it to good use. In this case, the judge ruled that the collection of Bulk metadata is a violation of the 4th amendment.

What can we expect next? Well, the ACLU has a very similar case that is being heard. If the judge rules differently the Supreme Court may need to weigh in to deal with the problem once and for all. Which depending on how these cases are dealt with could be a good or bad thing.

It is unclear at this point how this will change the conversation in DC, it will likely just lead to more denials from the NSA and White House. They will argue it’s still legal and that they will appeal to the highest court that they can. If they lose this case, it will likely lead to a lot of other questions being asked and possibly calls for impeachment and resignations. I would not be surprised if some of the more extreme on the right call for Obama’s arrest as well.

The other piece that is of interest to me is the question about the companies that have been complicit with sharing of our metadata. Are they going to be in the clear or not? In the case of AT&T there was a law that protected them retroactively. I am interested to know if that will also be ruled unconstitutional as it enabled the government to break the law farther than it could have before.

In general this is something really good, but I believe it opens many more questions than it answers about the long term repercussions of this program. I will continue to blog about this topic!