In the last week the world saw what appeared to be another attempt to violate privacy by government law enforcement. In this case the FBI opened a “pilot” program to capture iris imprints for a searchable database. To date they have captured more than 400,000 of these imprints. The major concern here is that there was (and remains) no public debate, or oversight on the program. The program stands on its own outside the many restrictions that protect privacy and also other rights that people have. Well at least that is how things look on the surface. We took a little bit of a deeper look and tried to peel away some of the FUD and hype over the collection.
The term privacy has come to mean a great many things in the last few years. To some the idea of privacy is being able to do or say certain things without the fear of anyone finding out. Most people like to know that what they do on their own time is their business. Where things get a little muddy is when people liken the desire for privacy with a desire to hide wrongdoing. This belief couldn’t be farther from the truth . It is not just that it is wrong, but it is also dangerous. To imply that anyone that wants to have privacy is somehow hiding something illegal sets a dangerous precedent. Keeping this mentality alive will allow for a further erosion of peoples’ rights and grants very worrying powers to agencies that are there to protect, not to oppress.
So the big Sony Hack that everyone was talking about and that the US government blamed on Korea might not have been state sponsored after all. Despite the FBI’s initial (and way too fast) conclusion that the source of the attacks were from North Korea there was ample evidence that this was not the case from the start. Anyone familiar with the way an attack happens knows that the majority are going to be pushed through multiple proxies and will have some sort of obfuscation to hide who is doing what including using code that might have been used before.
The organization Electronic Frontier Foundation (EFF) announced their concern that the U.S. Federal Bureau of Investigation (FBI) is planning in the near future to have a visual database with photographs of people's faces.
The news is all abuzz with the compromise of the Tor (Originally The Onion Router) Network. This network has been used by a wide variety of people who are looking for a degree of anonymity. It relies on the use of different entry and exit point to prevent someone from identifying your exact IP Address or MAC address. In-between these point there are different hops that further confuse the trail. In basic terms your system is masked by the exit point which is selected randomly by the system. Now in addition the anonymity services for individual users there are also servers that host websites and even anonymous email services. Some have called this the “dark net” or “deep web” although that is not actually the case (the dark net is something else entirely). Many of these sites are legitimate sites that need to protect their readers from less than understanding authorities, but there are a larger number that are not above board at all including many sites that host child pornography.
There is a rumor going around (from “sources wishing to remain anonymous”) that claims that US Law Enforcement and the NSA have been asking internet companies for user passwords. The article originally posted by cNet has made the rounds this morning across a few sites; all of them pointing back at the single cNet source. Now on top of everything else that is going on many people are ready to jump on board with this and further denounce the NSA, the FBI, DHS, IRS, and anyone else in the US government with initials. But outside of the claims from a single blogger at cNet are there any other indications that this is a common practice?
Microsoft is taking great exception to the reports of their cooperation with the NSA. It seems they do not feel the reports that they have given encryption keys, created backdoors or unrestricted access to their servers is fair. Instead they are releasing some information in the hopes that they can prove they did not do anything wrong. Sadly, as is always the case, what they leave out of their statements is as important as what is in them and there is some fairly eye opening information in their actual statement.
Remember the news we brought you about the FBI and other law enforcement agencies wanting more power to dig into your electronic communication? Well we have been forwarded an interesting follow on article today that looks like an opening shot in the campaign to get laws passed to extend these powers. The article was published on cnet and raises concerns about what our government is willing to do to get their way and require ISPs to put in real-time monitoring hardware and systems. These systems could potentially allow for broad harvesting of electronic communication without the need for a warrant (if CISPA and other bills are passed as well).
When I was a little kid I used to watch the cop and spy shows on TV. They were always full of exciting exploits where the good guys always triumphed over the bad buys without ever impugning on their morals. As I grew older the shows started turning more and more dark. The good guy still won, but they were more in the mold of anti-heroes than the white hats I watched a few years ago. The idea of doing morally questionable things in the name of good became more and more popular. Even in books this theme was growing, two one of my favorite fictional characters were very much unethical (yet in some ways moral), one was a criminal, The Stainless Steel Rat, and the other was Elric of Melnibone’ who helped sack his own kingdom to get his Fiancé (there is more to the stories if you want to read them). Now TV and movies are full of this type of “hero” we see them in real life, people who break the law in the name of good. One of the biggest examples of this is the collective known as Anonymous.
Fingerprints have been used as a form of identification for a long time now. In more modern applications, we have recently seen print scanners come into the mainstream in everything from PCs to USB flash drives to mice and other peripherals. As amazing and useful as those security devices are, a team at Disney Research in Pittsburgh PA is trying to take the method one step further and identify you not by your fingerprint, but by your touch itself.