A few days ago we published an article that covered a leaked batch of emails that showed Kaspersky has worked with the Russian Government. We also covered that the pieces of the emails that were published were completely out of context, and also are nothing out of the ordinary for a company that has a contract with a Government body. Kaspersky's denial of cooperation is also nothing new, so why the big deal in the media? Well we might have found a few pieces to that puzzle which would certainly explain the big push to discredit Kaspersky.
Law Enforcement surveillance is a necessary thing. It really is, but what is not necessary is when the agencies in question decide to get lazy or feel their powers extend to a larger group of people than their intended targets. This is when things get messy and from a legal stand point ugly. Over the last ten or so years law enforcement in general has made the decision to extend their surveillance programs into mass collection of data.
In the post-Snowden era the idea that government agencies are spying on us is no longer the real of Movies/TV or conspiracy theorists. It is fairly well documented that this is happening every day. The question has moved from what if this happens, to what we are going to do to change it. Well one of the biggest hurdles has been trying to find people in power that even want this to change. When you consider the fact that the people with the power to stop the mass spying are likely to be the ones that voted to put it in place. This has meant that the average person must try to prove their case in the courts.
Cybersecurity is a fairly common buzz word used in Washington these days. It is tossed around to scare people that are ignorant of the way computer systems work so that legislation that is exceptionally pro-corporate friendly and anti-consumer can be pushed through. The latest of these is the Cybersecurity Information Sharing Act. This handy little bit of law just passed through the US senate on the 28th (74 to 21) and allow corporations to share customer data with the US government and other companies without any consequences for doing so. This effectively removes any recourse customers or users have about the sharing of their personal information.
The term privacy has come to mean a great many things in the last few years. To some the idea of privacy is being able to do or say certain things without the fear of anyone finding out. Most people like to know that what they do on their own time is their business. Where things get a little muddy is when people liken the desire for privacy with a desire to hide wrongdoing. This belief couldn’t be farther from the truth . It is not just that it is wrong, but it is also dangerous. To imply that anyone that wants to have privacy is somehow hiding something illegal sets a dangerous precedent. Keeping this mentality alive will allow for a further erosion of peoples’ rights and grants very worrying powers to agencies that are there to protect, not to oppress.
Edward Snowden is the gift that keeps on giving. After walking out on the NSA with a ton of secret documents detailing the extent that the agency and their partners were digging into ordinary people’s lives he started to release them. Even after the first and very damaging release of documents Snowden promised that there was more and worse to come. We have seen some pretty bad things coming from the classified document stash including a report that was recently published by Der Speigel.
It would seem that some in the judicial branch of the US government feel that privacy is not really about protecting citizens from unjustified surveillance. They also do not seem to have any fear of the US becoming a place where the government has powers that extend beyond the ones granted by the US constitution. At least this is the opinion of one US Judge; Judge Richard Posner. The interesting thing is that Posner has made more than a few statements in favor of individuals including condemning the existing copyright system and the way that the copyright lobby is trying to enforce it.
The world lives in fear of zero-day exploits although the average person does not even know it. A zero-day exploit is a bug or a flaw that has not been discovered by the developers yet, but is known to someone outside. This can be good guys, bad guys or other, but it is still a flaw that can be used to do harm to a computer system and no one has a patch for it yet. When the good guys (security researchers) know about them they work with companies to patch them. When the bad guys know about these things get very ugly indeed. But what happens if someone knows about one (or a bunch of them) and does not tell anyone at all?
Encryption is an interesting thing. On the surface it offers protection from prying eyes and sense of security in protecting your communication and files. At least that is what you should feel when talking about encryption. The problem is that encryption is only as secure as the protocol and API that is in use. Even if you have a rock solid certificate the protocol and APIs that you use to connect can be compromised to by-pass this. This is what has happened to almost every major SSL/TLS stack. So far in 2014 we have watched them fall one at a time to the dismay of security experts.
Apple is truly ramping up the PR machine and has even managed to get a few people in government to make some rather outrageous statements on the new phone and iOS 8. One of the new stories going around is about how the new iPhone and iOS8 are suddenly “NSA Proof” because they have added data encryption. The fallacy of this claim is almost beyond belief and shows once again that most in the technical press have absolutely no memory.