Skip to main content

Home/ Future of the Web/ Group items tagged critics

Rss Feed Group items tagged

Gonzalo San Gil, PhD.

ISP Boss Criticizes Calls to Criminalize File-Sharers - TorrentFreak - 0 views

  •  
    " By Andy on May 7, 2016 C: 27 News The boss of a prominent ISP in Sweden has criticized moves by the government which could criminalize hundreds of thousands of Internet users. Bahnhof CEO Jon Karlung says the country is stuck in the past when it calls for harsher punishments for file-sharing and should instead concentrate on developing better legal options."
  •  
    " By Andy on May 7, 2016 C: 27 News The boss of a prominent ISP in Sweden has criticized moves by the government which could criminalize hundreds of thousands of Internet users. Bahnhof CEO Jon Karlung says the country is stuck in the past when it calls for harsher punishments for file-sharing and should instead concentrate on developing better legal options."
Gonzalo San Gil, PhD.

Company Uses DMCA to Censor and Expose Critical Blogger - TorrentFreak - 0 views

  •  
    " By Ernesto on June 17, 2016 C: 25 News Marketing and sales company Smart Circle is using the DMCA to uncover the identity of a critical blogger. The company obtained a subpoena directed at WordPress, stating that the blogger in question violates their copyrights by publishing modified images of its key employees."
Gonzalo San Gil, PhD.

Threat filtering: Strategizing serious threat detection | ZDNet - 0 views

  •  
    - Violet Blue "Analyze the threat. Identify the target. What's the payload? Analyze your systems. Can the threat impact your enterprise? Does this impact a critical function, or a critical part of your infrastructure? Take immediate action on the serious threats, prioritize and monitor the rest. (Mitigation; remediation.)"
Gonzalo San Gil, PhD.

Most Top Films Are Not Available on Netflix, Research Finds | TorrentFreak - 0 views

    • Gonzalo San Gil, PhD.
       
      # Anotheer sample of the cultural market manipulation...
  •  
    [ Ernesto on September 26, 2014 C: 0 [Breaking A new study published by research firm KPMG reveals that only 16% of the most popular and critically acclaimed films are available via Netflix and other on-demand subscription services. ] [# ! ...The '#Magnificent' #Entertainment #Industry #Strategy: # ! A new envelopment for '#Their' #censorship. # ! Wanna #Thrive? #monetize (fairly and proportionally) #Free # ! #FileSharing (through ISPs, non-invasive advertising and, of # ! course, a little help from #governments, that already collect a lot # ! of Aficionados/consumers'/taxpayers'/citizens' #Money... )]
  •  
    [ Ernesto on September 26, 2014 C: 0 [Breaking A new study published by research firm KPMG reveals that only 16% of the most popular and critically acclaimed films are available via Netflix and other on-demand subscription services. ]
Gonzalo San Gil, PhD.

Linux Foundation's SPDX Workgroup Announces New Open Compliance Standard | The Linux Fo... - 0 views

  •  
    "By Linux_Foundation - May 12, 2015 - 5:35am SPDX 2.0 provides companies with three-dimensional view of critical license dependencies, ensuring ease with open source license compliance"
  •  
    "By Linux_Foundation - May 12, 2015 - 5:35am SPDX 2.0 provides companies with three-dimensional view of critical license dependencies, ensuring ease with open source license compliance"
Gonzalo San Gil, PhD.

Registry fires back at ICANN over .SUCKS domain pricing criticism | Ars Technica - 0 views

  •  
    "Vox Populi says comments "defamatory," call for government scrutiny "wrong-headed." by Lee Hutchinson - May 12, 2015 8:03 pm UTC"
  •  
    "Vox Populi says comments "defamatory," call for government scrutiny "wrong-headed." by Lee Hutchinson - May 12, 2015 8:03 pm UTC"
Gonzalo San Gil, PhD.

Just-released WordPress 0day makes it easy to hijack millions of websites [Updated] | A... - 0 views

  •  
    "Update: About two hours after this post went live, WordPress released a critical security update that fixes the 0day vulnerability described below. The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet."
  •  
    "Update: About two hours after this post went live, WordPress released a critical security update that fixes the 0day vulnerability described below. The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. Attack code has been released that targets one of the latest versions of WordPress, making it a zero-day exploit that could touch off a series of site hijackings throughout the Internet."
Gonzalo San Gil, PhD.

InterCommunity 2015 | InterCommunity 2015 | 7-8 July 2015 - 0 views

  •  
    "7-8 July 2015 A global meeting of the Internet Society, on the Internet, for the Internet. This one-of-a-kind community event will give you the opportunity to share your unique perspectives on key Internet topics and issues. Connect with the Internet Society Board of Trustees Exchange ideas with Members around the globe Join lively discussions about Collaborative Governance, Collaborative Security, and Access & Development Hear insights from the 2nd annual Global Internet Report Share your views on critical issues facing the Internet How do I participate?"
  •  
    "7-8 July 2015 A global meeting of the Internet Society, on the Internet, for the Internet. This one-of-a-kind community event will give you the opportunity to share your unique perspectives on key Internet topics and issues. Connect with the Internet Society Board of Trustees Exchange ideas with Members around the globe Join lively discussions about Collaborative Governance, Collaborative Security, and Access & Development Hear insights from the 2nd annual Global Internet Report Share your views on critical issues facing the Internet How do I participate?"
Gonzalo San Gil, PhD.

Heartbleed a Year Later: How the Security Conversation Changed - 0 views

  •  
    "NEWS ANALYSIS: In the year since Heartbleed's discovery, there is more scrutiny than ever on OpenSSL and critical infrastructure overall."
  •  
    "NEWS ANALYSIS: In the year since Heartbleed's discovery, there is more scrutiny than ever on OpenSSL and critical infrastructure overall."
Gonzalo San Gil, PhD.

Make Firefox Look Native in Fedora - Fedora Magazine - 0 views

  •  
    "Firefox has been criticized by users for not fitting well in Fedora Workstation. Although it improved with the new interface called Australis, it still doesn't feel as native as GNOME Web (Epiphany). It's not likely it will close the gap any time soon for two reasons:"
Paul Merrell

Beijing Strikes Back in US-China Tech Wars | The Diplomat - 0 views

  • China’s new draft anti-terror legislation has sent waves across the U.S. tech community. If there is a brewing tech war between U.S. and China over government surveillance backdoors and a preference for indigenous software, China’s new draft terror law makes it clear that Beijing is happy to give the United States a taste of its own medicine. The law has already drawn considerable criticism from international human rights groups, including Amnesty International and Human Rights Watch for its purported attempts to legitimize wanton human rights violations in the name of counter-terrorism. Additionally, China has opted to implement its own definition of terrorism, placing  “any thought, speech, or activity that, by means of violence, sabotage, or threat, aims to generate social panic, influence national policy-making, create ethnic hatred, subvert state power, or split the state” under the umbrella of the overused T-word. The problematic human rights issues aside, the draft anti-terror law will have important implications for foreign tech firms within China. According to Reuters’ reporting on the draft anti-terror law, counter-terrorism precautions by the Chinese government would essentially require foreign firms to “hand over encryption keys and install security ‘backdoors’” into their software. Additionally, these firms would have to store critical data — certainly data on Chinese citizens and residents — on Chinese soil. The onerous implications of this law could have lead to an immediate freeze to the activities of several Western tech companies in China, the world’s second largest economy and a booming emerging market for new technologies.
  • On the surface, the most troublesome implication of this law is that in order to comply with this law, Western firms, including non-technical ventures such as financial institutions and manufacturers, will be forced to give up a great deal of security. In essence, corporate secrets, financial data — all critical data — would be insecure and available for access by Chinese regulators. The new law would also prohibit the use of secure virtual private networks (VPNs) to get around these requirements.
  • The U.S. diplomatic response to Beijing’s new draft law is perhaps best captured in the fact that a whopping four cabinet members in the Obama administration, including Secretary of State John Kerry and U.S. Trade Representative Michael Froman, wrote the Chinese government expressing “serious concern.” China, for its part, seemed unfazed by U.S. concerns. Foreign Ministry spokesperson Hua Chunying told the press that she hoped the United States would view the new anti-terror precautions in “in a calm and objective way.” Indeed, following Edward Snowden’s revelations regarding the extent of the United States’ surveillance of private firms both within and outside the United States, Beijing likely views U.S. concerns as hypocritical. One U.S. industry source told Reuters that the new law was ”the equivalent of the Patriot Act on really, really strong steroids.”
Paul Merrell

CISA Security Bill: An F for Security But an A+ for Spying | WIRED - 0 views

  • When the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act by a vote of 14 to 1, committee chairman Senator Richard Burr argued that it successfully balanced security and privacy. Fifteen new amendments to the bill, he said, were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyberattacks. But critics within the security and privacy communities still have two fundamental problems with the legislation: First, they say, the proposed cybersecurity act won’t actually boost security. And second, the “information sharing” it describes sounds more than ever like a backchannel for surveillance.
  • On Tuesday the bill’s authors released the full, updated text of the CISA legislation passed last week, and critics say the changes have done little to assuage their fears about wanton sharing of Americans’ private data. In fact, legal analysts say the changes actually widen the backdoor leading from private firms to intelligence agencies. “It’s a complete failure to strengthen the privacy protections of the bill,” says Robyn Greene, a policy lawyer for the Open Technology Institute, which joined a coalition of dozens of non-profits and cybersecurity experts criticizing the bill in an open letter earlier this month. “None of the [privacy-related] points we raised in our coalition letter to the committee was effectively addressed.” The central concern of that letter was how the same data sharing meant to bolster cybersecurity for companies and the government opens massive surveillance loopholes. The bill, as worded, lets a private company share with the Department of Homeland Security any information construed as a cybersecurity threat “notwithstanding any other provision of law.” That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restrict eavesdropping and sharing of users’ communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence.
  • In a statement posted to his website yesterday, Senator Burr wrote that “Information sharing is purely voluntary and companies can only share cyber-threat information and the government may only use shared data for cybersecurity purposes.” But in fact, the bill’s data sharing isn’t limited to cybersecurity “threat indicators”—warnings of incoming hacker attacks, which is the central data CISA is meant to disseminate among companies and three-letter agencies. OTI’s Greene says it also gives companies a mandate to share with the government any data related to imminent terrorist attacks, weapons of mass destruction, or even other information related to violent crimes like robbery and carjacking. 
  • ...2 more annotations...
  • The latest update to the bill tacks on yet another kind of information, anything related to impending “serious economic harm.” All of those vague terms, Greene argues, widen the pipe of data that companies can send the government, expanding CISA into a surveillance system for the intelligence community and domestic law enforcement. If information-sharing legislation does not include adequate privacy protections, then...It’s a surveillance bill by another name. Senator Ron Wyden
  • “CISA goes far beyond [cybersecurity], and permits law enforcement to use information it receives for investigations and prosecutions of a wide range of crimes involving any level of physical force,” reads the letter from the coalition opposing CISA. “The lack of use limitations creates yet another loophole for law enforcement to conduct backdoor searches on Americans—including searches of digital communications that would otherwise require law enforcement to obtain a warrant based on probable cause. This undermines Fourth Amendment protections and constitutional principles.”
  •  
    I read the legislation. It's as bad for privacy as described in the aritcle. And its drafting is incredibly sloppy.
Gonzalo San Gil, PhD.

Don't Wreck The Net! Respond By January 6th - 0 views

  •  
    "The European Commission is asking the public critical questions about the future of our online world, but these questions are buried throughout a lengthy consultation survey that will probably make your eyes water. We need you to tackle the survey and make your voice heard. It's not easy, so we're here to help. Go ahead, take a look at the public consultation. It's got five pages of oblique questions and too much smallprint for anyone's taste. But it's really all asking one thing: what are the roles and responsibilities of service providers in the digital world? Our survey survival guide helps you overcome the bureaucratic barrier and answer that question, because it's at risk of being ignored."
  •  
    "The European Commission is asking the public critical questions about the future of our online world, but these questions are buried throughout a lengthy consultation survey that will probably make your eyes water. We need you to tackle the survey and make your voice heard. It's not easy, so we're here to help. Go ahead, take a look at the public consultation. It's got five pages of oblique questions and too much smallprint for anyone's taste. But it's really all asking one thing: what are the roles and responsibilities of service providers in the digital world? Our survey survival guide helps you overcome the bureaucratic barrier and answer that question, because it's at risk of being ignored."
Gonzalo San Gil, PhD.

You're Gonna Pay for All that Piracy, American ISPsDigital Music News [# ! Critical ;) ... - 0 views

  •  
    "Last month, US District Court judge Liam O'Grady dropped the bomb on Cox Communications by stripping the ISP of critical DMCA protections. This week, he's laying the groundwork for a potentially disastrous level of liability and damages, not just for Cox, but the entire class of US-based ISPs."
Paul Merrell

Cy Vance's Proposal to Backdoor Encrypted Devices Is Riddled With Vulnerabilities | Jus... - 0 views

  • Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.
  • Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.
  • Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.
  • ...8 more annotations...
  • Vance attempts to downplay this serious risk by asserting that anyone can use the “Find My Phone” or Android Device Manager services that allow owners to delete the data on their phones if stolen. However, this does not stand up to scrutiny. These services are effective only when an owner realizes their phone is missing and can take swift action on another computer or device. This delay ensures some period of vulnerability. Encryption, on the other hand, protects everyone immediately and always. Additionally, Vance argues that it is safer to build backdoors into encrypted devices than it is to do so for encrypted communications in transit. It is true that there is a difference in the threats posed by the two types of encryption backdoors that are being debated. However, some manner of widespread vulnerability will inevitably result from a backdoor to encrypted devices. Indeed, the NSA and GCHQ reportedly hacked into a database to obtain cell phone SIM card encryption keys in order defeat the security protecting users’ communications and activities and to conduct surveillance. Clearly, the reality is that the threat of such a breach, whether from a hacker or a nation state actor, is very real. Even if companies go the extra mile and create a different means of access for every phone, such as a separate access key for each phone, significant vulnerabilities will be created. It would still be possible for a malicious actor to gain access to the database containing those keys, which would enable them to defeat the encryption on any smartphone they took possession of. Additionally, the cost of implementation and maintenance of such a complex system could be high.
  • Privacy is another concern that Vance dismisses too easily. Despite Vance’s arguments otherwise, building backdoors into device encryption undermines privacy. Our government does not impose a similar requirement in any other context. Police can enter homes with warrants, but there is no requirement that people record their conversations and interactions just in case they someday become useful in an investigation. The conversations that we once had through disposable letters and in-person conversations now happen over the Internet and on phones. Just because the medium has changed does not mean our right to privacy has.
  • In addition to his weak reasoning for why it would be feasible to create backdoors to encrypted devices without creating undue security risks or harming privacy, Vance makes several flawed policy-based arguments in favor of his proposal. He argues that criminals benefit from devices that are protected by strong encryption. That may be true, but strong encryption is also a critical tool used by billions of average people around the world every day to protect their transactions, communications, and private information. Lawyers, doctors, and journalists rely on encryption to protect their clients, patients, and sources. Government officials, from the President to the directors of the NSA and FBI, and members of Congress, depend on strong encryption for cybersecurity and data security. There are far more innocent Americans who benefit from strong encryption than there are criminals who exploit it. Encryption is also essential to our economy. Device manufacturers could suffer major economic losses if they are prohibited from competing with foreign manufacturers who offer more secure devices. Encryption also protects major companies from corporate and nation-state espionage. As more daily business activities are done on smartphones and other devices, they may now hold highly proprietary or sensitive information. Those devices could be targeted even more than they are now if all that has to be done to access that information is to steal an employee’s smartphone and exploit a vulnerability the manufacturer was required to create.
  • Vance also suggests that the US would be justified in creating such a requirement since other Western nations are contemplating requiring encryption backdoors as well. Regardless of whether other countries are debating similar proposals, we cannot afford a race to the bottom on cybersecurity. Heads of the intelligence community regularly warn that cybersecurity is the top threat to our national security. Strong encryption is our best defense against cyber threats, and following in the footsteps of other countries by weakening that critical tool would do incalculable harm. Furthermore, even if the US or other countries did implement such a proposal, criminals could gain access to devices with strong encryption through the black market. Thus, only innocent people would be negatively affected, and some of those innocent people might even become criminals simply by trying to protect their privacy by securing their data and devices. Finally, Vance argues that David Kaye, UN Special Rapporteur for Freedom of Expression and Opinion, supported the idea that court-ordered decryption doesn’t violate human rights, provided certain criteria are met, in his report on the topic. However, in the context of Vance’s proposal, this seems to conflate the concepts of court-ordered decryption and of government-mandated encryption backdoors. The Kaye report was unequivocal about the importance of encryption for free speech and human rights. The report concluded that:
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online. … States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. Additionally, the group of intelligence experts that was hand-picked by the President to issue a report and recommendations on surveillance and technology, concluded that: [R]egarding encryption, the U.S. Government should: (1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
  • The clear consensus among human rights experts and several high-ranking intelligence experts, including the former directors of the NSA, Office of the Director of National Intelligence, and DHS, is that mandating encryption backdoors is dangerous. Unaddressed Concerns: Preventing Encrypted Devices from Entering the US and the Slippery Slope In addition to the significant faults in Vance’s arguments in favor of his proposal, he fails to address the question of how such a restriction would be effectively implemented. There is no effective mechanism for preventing code from becoming available for download online, even if it is illegal. One critical issue the Vance proposal fails to address is how the government would prevent, or even identify, encrypted smartphones when individuals bring them into the United States. DHS would have to train customs agents to search the contents of every person’s phone in order to identify whether it is encrypted, and then confiscate the phones that are. Legal and policy considerations aside, this kind of policy is, at the very least, impractical. Preventing strong encryption from entering the US is not like preventing guns or drugs from entering the country — encrypted phones aren’t immediately obvious as is contraband. Millions of people use encrypted devices, and tens of millions more devices are shipped to and sold in the US each year.
  • Finally, there is a real concern that if Vance’s proposal were accepted, it would be the first step down a slippery slope. Right now, his proposal only calls for access to smartphones and devices running mobile operating systems. While this policy in and of itself would cover a number of commonplace devices, it may eventually be expanded to cover laptop and desktop computers, as well as communications in transit. The expansion of this kind of policy is even more worrisome when taking into account the speed at which technology evolves and becomes widely adopted. Ten years ago, the iPhone did not even exist. Who is to say what technology will be commonplace in 10 or 20 years that is not even around today. There is a very real question about how far law enforcement will go to gain access to information. Things that once seemed like merely science fiction, such as wearable technology and artificial intelligence that could be implanted in and work with the human nervous system, are now available. If and when there comes a time when our “smart phone” is not really a device at all, but is rather an implant, surely we would not grant law enforcement access to our minds.
  • Policymakers should dismiss Vance’s proposal to prohibit the use of strong encryption to protect our smartphones and devices in order to ensure law enforcement access. Undermining encryption, regardless of whether it is protecting data in transit or at rest, would take us down a dangerous and harmful path. Instead, law enforcement and the intelligence community should be working to alter their skills and tactics in a fast-evolving technological world so that they are not so dependent on information that will increasingly be protected by encryption.
Paul Merrell

NSA Director Finally Admits Encryption Is Needed to Protect Public's Privacy - 0 views

  • NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress
  • Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
  • At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.
  • ...2 more annotations...
  • Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”
  • Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
Paul Merrell

Cyberstalking, pig masks, and cockroaches: Former eBay execs are sentenced - 0 views

  • The former Senior Director of Safety & Security at eBay, and the company’s former Director of Global Resiliency, have been sentenced to prison for their roles in a cyberstalking campaign. The targets of the campaign were the editor and publisher of a newsletter that eBay executives viewed as critical of the company.
  • For those that missed the reason for these sentences, we’ll need a quick rewind to 2019. Many see this letter by a hedge fund demanding better results from eBay as a direct cause for what followed. The letter caused some stress among eBay management, and for some reason they saw the negative reviews by EcommerceBytes as an obstacle that was holding their desired success back. EcommerceBytes was and is a resource for sellers on a number of platforms that enable users to sell items online. The website was set up by a couple that were both e-commerce bloggers. The eBay management team at the time was very unhappy with the criticism it got on the site. A third victim of their attention was the handler of a Twitter account named Fidomaster.
  • It was not that EcommerceBytes focused on ebay. Lots of similar companies featured in its e-commerce newsletter. Only the eBay employees felt the need to act and tried to silence them. A campaign was launched by eBay’s staff to harass and threaten the critics. This campaign featured packages being sent containing cockroaches, a bloody pig mask and pornography, death threats, physical surveillance, and late-night pizza deliveries. A full recount of what they had to go through makes for a gruesome read.
  • ...2 more annotations...
  • Together with five other employees, the two staff members and the chief communications officer were fired in 2020, after eBay hired a law firm to investigate the harassment. The US Department of Justice charged seven of the former ebay employees and contractors with conspiracy to commit cyberstalking and conspiracy to tamper with witnesses. They all pleaded guilty. The only two that were arrested at the time were the executives that have now been sentenced. One of their former co-conspirators was sentenced in July 2021 to 18 months in prison, while four others are awaiting sentencing.
  • The former senior director of safety and security was sentenced to 57 months in prison and two years of supervised release. He was also ordered to pay a fine of $40,000. The former director of global resiliency was sentenced to two years in prison and two years of supervised release. He was also ordered to pay a fine of $20,000.
Gonzalo San Gil, PhD.

It's privacy versus cybersecurity as CISPA bill arrives in Senate | ITworld - 2 views

  •  
    [ By Melissa Riofrio, PC World | Security, CISPA, privacy April 25, 2013, 12:16 PM - Cybersecurity and online privacy are two critical interests that seem destined never to get along. Sure, you want malicious hackers, spammers, and other Internet lowlifes brought to justice--but you also want to protect your online data. ...]
Gonzalo San Gil, PhD.

Stop letting Big Cable abuse our privacy! - 0 views

  •  
    "The FCC is about to vote on rules that make it harder for Comcast and other big cable companies to exploit and profit off our personal data-information about our location, what websites we have visited, and other critical info. "
Gonzalo San Gil, PhD.

The hidden cause of slow Internet and how to fix it | Network World - 2 views

  •  
    "... By experimenting with pings and various levels of load on his Internet connection, he discovered that latencies were often four to 10 times larger than what should have been expected. He termed the phenomenon, "bufferbloat." His conclusion was that critical data packets were trapped in buffers that were excessively large. ..."
1 - 20 of 150 Next › Last »
Showing 20 items per page