According to Andrew Chaikivsky, in an article published in the Washington Post last week, the Department of Homeland Security is considering extending a ban on laptops and tablets in carry-on luggage to all U.S.-bound flights from Europe. This means that business travelers and vacationers would have to check their laptops at the airport. This raises concern for many people. One man stated that he does not let his laptop leave his sight at all during a flight; he is even uneasy with placing it in an overhead bin. He explains that a former colleague’s laptop disappeared from her checked luggage, which contained Social Security numbers and complete work and salary history of an entire Fortune 100 company, all of which was lost. Because of this, the colleague was fired, restitution had to be paid to the client, and nearly 100,000 employees were notified that their data was breached. The reason for the ban is because the agency says that intelligence reports suggest that terrorists may try to conceal a bomb in such a device. Individuals are more concerned on how they can prevent sensitive data from getting accessed by a hacker if a laptop is lost or stolen. I think this is an interesting reason to put such a ban. If you think about it, if a terrorist really wanted to conceal a bomb on a flight, they can probably find a way no matter what. If people are worried about them concealing it in a laptop, why is there no concern about phones? Ipods? Instead they want to put a ban that could really affect the individuals, especially if they have work to catch up on and need their laptop to do so on the flight or for families whose kids need their tablet to keep them occupied on a long flight. The article gives different ways to keep your information safe, including, buying a cheap second laptop. An individual can store the data that they need in the cloud and access it once they reach their destination; with the second laptop, they can simply wipe the data before getting back on the plane for the return flight. Another option the article gives is encrypting your laptop’s hard drive, which would render all of the device’s software and data unreadable unless you enter a passphrase. Full-disk encryption works automatically, so any new data that you save on your laptop will also be protected. The article gives directions for encrypting both MacBook and Windows laptops at the end.
http://www.consumerreports.org/privacy/flying-to-europe-might-want-to-encrypt-laptop/
2 Comments
“The shadow created by the problem we call going dark continues to fall across more of our work”.
Facebook just recently updated their Messenger app to a version that now allows users to communicate privately across multiple devices. Last year, Facebook began letting its users chat over Messenger using end-to-end encryption. Until this newest update, the end-to-end encryption only worked on one device per user. This newest update changes that. It allows users to use their messenger app on their smartphone or tablet, then carry-on their conversations from different devices using the encrypted chat. This new update makes it more difficult for eavesdroppers, hackers, and authorized third-parties to intercept conversations. Before his termination, FBI director, James Comey, claimed that an increasing number of federal investigations are becoming hindered as companies like Google and Apple continue to incorporate strong encryption into their widely-sold smartphones in addition to the availability of free chat application such as Facebook’s Messenger and WhatsApp. The quote above was by Comey who state that he was not sure how the new administration intended to approach this, but that it is something that needs to be discussed. With all the news about the FBI vs. Apple debate on encryption and all the encryption related discussions, I think it is interesting that as everyone waits to see how Trump’s administration plans to acknowledge any of it, technology is only continuing to advance and encryption is being put included in many more things. So we are continuing to “go dark” and it will only continue even more as Facebook claims that sending videos will soon be supported too. Everyone cares about privacy; many care about public safety as well. As the encryption issue continues, these two different things are continuing to collide. I can’t wait to see what ends up happening when someone really steps in to try to do something about it. “The real threat to our government is tech illiteracy”. This title alone convinced me to click on the article and read it. Like many other articles regarding encryption, this article begins discussing the encryption debate. Specifically, it begins my talking about the San Bernardino shooting and how the Apple vs. FBI debate began; it also discusses how it resulted. It explains why Clinton and her team, as well as, Colin Powell and Vice President Mike Pence frequently used personal emails themselves, even though it was against government protocol. This is a way to get a look at how government leaders’ “digital illiteracy can be”. The article brings up other examples to prove this. In 2016, a law was introduced by senators Dianne Feinstein and Richard Burr that would require tech companies to provide unencrypted data to law enforcement when asked, or give law enforcement the ability to get it themselves. It failed because encryption is hard to get right. Director of the New America Foundation’s Open Technology Institute, Kevin Bankston, stated, “I gotta say, in my nearly 20 years of work in tech policy, this is easily the most ludicrous, dangerous, technically illiterate proposal I’ve ever seen”. Granted, this is mostly an opinion piece, but it does bring up some good points. Information security and privacy in general are hard to get right; encryption is no easier. The fact that last April, Congress killed off the Office of Technology Assessment (the one office that was devoted to making policy recommendations about science and technology) and the existing Office of Science and Technology Policy is reportedly being sidelined within the new administration, does not help.
https://www.wired.com/2017/05/real-threat-government-tech-illiteracy/ Pennsylvania currently does not require state employees to use encryption. This means that when state employees are transmitting Social Security numbers, driver’s license numbers, financial informations and other sensitive data, that information is not being protected. Many encryption-related news is in regards to the encryption debate, Apple vs. the FBI. A lot of the news has to do with the government being able to gain access to devices that are encrypted. However, there is not much news about encryption when it comes to much of anything else. I do not know about anybody else, but I would not be happy living in Pennsylvania, knowing that there are people out there that could possibly gain access to my informations because state employees are not required to use encryption. Everyone wants to stay focused on the “going dark” part of encryption and all the negative results of it, but not really on other ways encryption is very useful. Republican Rob Matzie offered a bill that would require state employees in Pennsylvania to use encryption to guard work material containing sensitive data under legislation. This House Bill 1325, “would protect Pennsylvanians by requiring that state employees use encryption when transmitting Social Security numbers, driver’s license numbers, financial informations, and other sensitive data”. This is not the first time that Matzie has introduced a legislation like this. He introduced a similar one in 2014, however, it was unanimously moved out of the House of Consumer Affairs Committee. Matzie argues that there have been hacking cases that involved government bodies, including the state Senate, making it clear the Pennsylvania must take measures to protect consumers’ privacy. I just think it is interesting that this is an issue. Not only that, but that a similar legislation failed to receive a House floor vote in 2014.
http://www.govtech.com/policy/Lawmaker-Pushes-Bill-That-Requires-Encryption-by-Pennsylvania-State-Employees.html An article published on May 4, 2017 discusses that nearly half of all smartphones and other digital devices that the FBI lawfully seizes are useless to federal investigators because they are protected with encryption. This means that between October 1 and March 31, more than 6,000 devices were obtained by the FBI, however, 46% were safeguarded by strong encryption, leaving them unreadable to authorities. In the article, the “going dark” term came back up. I feel like this is where the whole encryption debate gets tricky. On one hand, people should have the right to privacy, then again, in certain situations, it becomes problematic. For example, in the San Bernardino case, the shooter’s iPhone was hacked by the FBI, but they paid $900,000 in order to do this. There is no such thing as absolute privacy, yes. But if the government is able to get complete access to these things, what makes us believe that other countries will not start demanding the same thing from us? Privacy is a huge issue and probably will always continue to be. When the whole San Bernardino situation took place last year, Trump encouraged a boycott against Apple last year. I think it will be interesting to see how he plans to approach this. The article also states that everyone has finally realized that they all care about the same thing; they all love privacy and all care about public safety. It discusses how they want to find ways to accommodate both interests in a way that makes sense. I think this is a good idea. I feel like encryption and privacy is important, but it is also important to understand that maybe the FBI should be allowed to gain access to certain phones in situation such as terrorism, child pornography, etc. I think it could be possible for everyone to find a middle that they can all meet at that makes sense. The government should not have full access to everything, but if they can find a solution that allows them to gain some access in situations that it would benefit them, then I think that they should.
http://www.washingtontimes.com/news/2017/may/4/encryption-devices-comey-senate-judiciary-iphones-/ http://indianexpress.com/article/technology/tech-news-technology/apple-encryption-row-fbi-paid-900k-to-hack-into-san-bernardino-shooters-iphone-4642958/ ‘Going Dark’ Versus a ‘Golden Age for Surveillance’ New technology has caused law enforcement and national security agencies to worry that they are “going dark”. This is because they are losing their ability to engage in surveillance. In an article by Peter Swire and Kenesa Ahmad (2011), they argue that this is the wrong image. Instead of looking at it like ‘going dark’, it should be looked at as a ‘golden age of surveillance’; this is because surveillance capabilities have expanded. Because of strong encryption in electronic communications, law enforcement and national security agencies are unable to decipher the encrypted forms of secure emails or mobile phone calls that they gain access to. Although the advancement of new technology is creating new obstacles to lawful interception, it is because of these advancements that powerful new surveillance capabilities are provided to law enforcement and national security agencies. So is it really ‘going dark’ or are we just living in a ‘golden age for surveillance’? Yes law enforcement and national security agencies are losing access to information because of encryption, but they are still making surveillance gains from computing and communications technology. The term ‘going dark’ gives off such a negative image; it makes it seem as though law enforcement and national security agencies are completely blind because of encryption. Instead of just focusing on the negative, they should realize that what they are losing in access to information, they are gaining that plus more in new surveillance. They have access to location information because most people carry a tracking device, the mobile phone. They also have access to potential witness confederates, which is just as important because who a suspect is talking to is just as what is being said during the call. Calls for encryption policy could be avoided if people understood that there are pros and cons to everything; in this case, the pros of new technology and better surveillance outweighs the cons of new technology and encryption. https://fpf.org/wp-content/uploads/Going-Dark-Versus-a-Golden-Age-for-Surveillance-Peter-Swire-and-Kenesa-A.pdf In a journal written by Richard M. Thompson II (legislative attorney) and Chris Jaikaran (analyst in cybersecurity policy) encryption and the legal issues that come with it are discussed. By default, Apple, Google, and Facebook, three of the biggest technology companies in the United States, began encrypting their devices and communication platforms in 2014. This worried government officials because it prevents law enforcement access to vital data. The FBI suggests that they do not want to ban encryption technology, but instead they want Silicon Valley companies to provide a technological way to obtain the content stored on a device for which it has legal authority to access. Apple, Google, and Facebook, along with many others in the technology community have argued that it is not technologically possible to permit access to the government while still continuing to secure user data from cyber threats. The journal discusses the 5th Amendment and the All Writs Act. In February of 2016, Apple was ordered to provide the FBI with three forms of technical assistance, in order to help the San Bernardino case. The three forms were: allow the government to enter more than 10 passcodes without the risk of the data being wiped after the 10th incorrect try, automate the entry of those passcode combination rather than have to enter them manually, and try back-to-back passcode attempts without the gradually increasing delays between attempts that are currently programmed in the system. So basically, the government was asking Apple to insert a weakness into the implementation of encryption for the iPhone they had, not all iPhones. They wanted unlimited passcode attempts with no danger of the phone being wiped because of incorrect guesses. The 5th Amendment ties in because it states that no one “shall be compelled in any criminal case to be a witness against himself”. In the San Bernardino case, the phone that the FBI wanted access to, belonged to the shooter. So even if Apple allowed them access, anything found on the phone could (or at least should) not be used.
Since the iPhone 5 came out, iPhones are encrypted as a default. iPhones and Androids used to have encryption as an option in earlier versions of the phones, however, users had to actively choose for it to be turned on. The purpose of the encryption is to protect the user’s information on it. In case the phone is stolen or left somewhere, no one except the owner will be able to access the information without the code.
On December 2, 2015, there was a mass shooting in San Bernardino, California. The FBI got ahold of the shooter’s iPhone, but without the passcode, they could not look for any leads or anything to help them. They then got a court order that demanded Apple to write special software to prevent security measures that threatened to erase the content on the phone if muscled through; Apple refused to help. Apple argued that this would encourage other countries to make similar demands for other iPhones. This began the encryption debate. In the article, FBI Director Re-Enters the Encryption Debate, James Comey discusses privacy and how there is no such thing as absolute privacy in America. He explains that between the months of October to December last year, 2,800 devices related to investigations from state and local law enforcement were received by the FBI. Of the 2,800 devices, the bureau could not access the information on 1,200 of them because they could not unlock them. So the question is, should they be allowed to demand companies to give them access to these phones? While I believe that Comey is right, that there is no such thing as absolute privacy in America, I do not believe that the government should be able to completely access the little privacy that people may feel they do have. Yes I think it could be beneficial in some cases, such as, the San Bernardino shooting, however, the fact that other countries could demand the same is a possibility. I read an article from The Daily Dot, titled, “Tor Project Addresses Servers Allegedly Used by Russian Hackers”. Two months ago, the Tor Project learned that hundreds of its gateways had been labeled as “suspicious” by the U.S. government in a recent report concerning malicious cyber activity attributed to the Russian government. Tor protects users against a common form of Internet surveillance (“traffic analysis”). It helps reduce the risks of both simple and sophisticated traffic analysis by distributing one’s transactions over several places on the Internet, so no single point can link one to their destination. A list of computer IP addresses supposedly used by the Russian-affiliated hackers was released by the U.S. Department of Homeland Security. These allegedly hacked Democratic emails were “consistent with the methods and motivations of Russian-directed efforts … intended to interfere with the U.S. election process”. Something I found interesting in this article was how Micah Lee, an Intercept reporter and Tor network volunteer, was the first to reveal the Tor nodes on the U.S. government’s list. He discovered them after checking his own internet traffic of his own blog against the list provided by the government. He found “over 80,000 web requests” from so-called “suspicious” IPs. He states that he has a lot of regular readers who are Tor users and is pretty sure that they are not all Russian hackers. It’s interesting because the government is saying the list of IP addresses are used by Russian-affiliated hackers, but they fail to prove it. Many of the users with the IP addresses have no ties to Moscow, the DNC hack, or any kind of malicious cyber activity, so why put the list out there? Maybe the government is just trying to be helpful, but how helpful is this really if this evidence of Russian hackers is not really evidence?
An article I read, “Tech Companies like Gmail, WhatsApp May be Asked to Store User Information”, discusses that rules are being formulated by the government that will require technology “intermediaries” to retain user information. Rules will become rules so that law-enforcement agencies can access information if they need it, some of the rules include; spelling out what type of data has to be stored, in which format, and for how long. I thought this was interesting. It was especially interesting to me how they have been drafting these rules since 2008. They’ve spoken about how it may be difficult to implement on certain apps, such as, WhatsApp and Snapchat. I think it’s interesting how they have argued about whether or not these rules should be the same for everyone, including foreign companies. How are they going to do this? How are they going to regulate every single app out there to abide by these rules. They want to enforce Section 67C of the Information Technology Act, but what’s to stop people from completely closing all their social accounts or shopping accounts in order to avoid becoming victims of this? Internet users had the right to determine what information was collected about them and how it’s used; they were able to access information held about them; they were able to have anonymity; and they were able to send and receive email messages without having them intercepted or read by others. Things have changed and are continuing to change in regards to this privacy. Other than collecting and storing user information in case law-enforcement agencies ever need access to it, what’s the point? It makes you wonder if the point of retaining user information is really for the reason they are giving, or if there’s something more to it. What else is being done with the information they are collecting.. There is a general lack of understanding of mobile apps and over the top service providers, according to a member of the community, however, they are still trying to share information between foreign firms and the Indian government. If they can’t even understand mobile apps and over the top service providers, how could they possibly try to implement this mandate. Do they not realize that many firms are not governed by Indian laws and therefore, have no reason to be in favor of the diktat? |
AuthorHAMM Archives |