Quotulatiousness

May 28, 2023

Thanks to geography, Canada has “been able to neglect national security for decades”

Filed under: Cancon, Government, Military, Politics — Tags: , , , — Nicholas @ 05:00

In the weekly Dispatch post from The Line‘s editors, an almost unremarkable comment comes into close focus:

Continuing with the Johnston report fallout, The Line has been pondering a tweet by Thomas Juneau, one of the country’s relatively few genuine experts in Canadian intelligence and national security. Let’s state this up front: The Line likes Thomas Juneau. He’s written for us before, we hope he’ll write for us again. Nothing that follows should be seen as disagreeing with or nitpicking the professor, because The Line broadly agrees with the point he was making, and found his entire thread on Twitter worth the read. But let’s zoom on this particular comment:

What specifically caught us was this part: “We have been able to neglect national security for decades”.

Again, no disagreement here. Both your Line editors would have made that literal exact argument countless times before in their careers, because it’s true, and likely with essentially identical language. But we read Juneau’s tweet when the Johnston report, and the POEC report before it, were much on our minds. And we’ve been unable to shake the feeling ever since that perhaps “neglect” isn’t the right word for how Canadians approach security. Maybe, we’re wondering, it’s something closer to “disdain”.

Canada has “neglected” a lot of things, after all. And we don’t even mean that in the sense of a lament or criticism. There’s a ton of policy areas or even simply fields of knowledge and expertise that Canada hasn’t paid any particular attention to or made a priority. As Line editor Gurney cracked on the podcast this week, we’ve also neglected botany as a national endeavour. But if some strange international development or social change required Canada to up its botany game, we suspect we’d just … do that. We’d recruit botanists from abroad, schools would open botany colleges, we’d create a Progressive Feminist Botanical Middle-Class Tax Credit (though you’d probably need to attest that you are pro-choice to apply for it). Pivoting to botany wouldn’t be a problem. We’d just emphasize botany, and let a thousand flowers bloom. As it were.

Whenever the issue is anything even remotely proximate to national defence and security, though, the mere suggestion that we should maybe do better, spend more money, allot greater resources, pay more attention, and build up current and future capabilities, is met with something that goes beyond neglect. Neglect implies a degree of apathy. The default Canadian response to any push for a greater emphasis on national defence and security is something closer to hostility.

“Like, why would we care about that weird stuff,” the default Canadian response goes. “That’s dumb. What, do you think Russia is going to invade us or something? What does Canada even need an army or spies for? Why would we even want to have experts on this stuff? This is Canada. We don’t need that stuff. Are you just some kind of weirdo or just some wannabe American?”

Your Line editors agree it’s a problem, but we aren’t sure exactly the root of it. Gerson thinks it might be more just an aversion to thinking about unpleasant things; we quipped on our podcast that talking about defence and security in Canada results in the kind of aghast stares a first-class passenger during the last dinner on the Titanic would have received from his dining companions if he’d casually mentioned he’d been counting the number of lifeboats and had noticed something interesting.

Whoa, dude, we’re having a lovely dinner here. Why you gotta be bringing that up? You think the ship is gonna sink or something?

Gurney thinks there’s truth to that, and would add that if that’s the problem, it goes beyond what we would think of as defence and security, and go all the way into emergency preparedness. Canada and Canadians are chronic under-investors on emergency preparedness and underpreparers because Bad Things Don’t Happen Here, They Happen Somewhere Else, Thank You Very Much. Our typical emergency response plan is “Don’t worry, that won’t happen.” Gurney also thinks this all might be related to how Canadians continually define themselves in opposition to Americans: since the Americans do invest heavily in national defence and security, there’s probably some Canadians out there who have concluded, even subconsciously, that that is an American thing to do, and we don’t do American things.

The above is all a bit theoretical, we grant, but we can’t stop thinking about it all the same. What if the problem isn’t that we neglect security so much as actively dislike thinking and talking about it? If so, that’s a bad habit that may prove difficult, and ultimately expensive, to break free from.

April 11, 2023

QotD: Being the target of a death threat

Filed under: Law, Liberty, Quotations, USA, Weapons — Tags: , , , , — Nicholas @ 01:00

It is now about fourteen months since, after receiving my second death threat, I started carrying a firearm almost constantly. This experience has taught me a few truths, some merely amusing but others with larger implications.

[…]

And about that security plan: carrying a firearm is nearly useless without very specific kinds of mental preparation. It’s not just that you have to think through large ethical issues about when to draw and when to fire (equivalently, when to threaten lethal force and when to use it). You also need good defensive habits of mind. Carrying a firearm is no good if an adversary wins the engagement before you have time to draw.

The most basic good habit of mind is maintaining awareness of your tactical environment. From what directions could you be attacked? Is there a way for an assailant to come up behind you for a hand-to-hand assault, or to line up a shooting position from beyond hand-to-hand range where you couldn’t see it? Are you exposed through nearby windows?

One advantage I had going in was reading Robert Heinlein as a child. This meant I soaked up some basic tactical doctrine through my pores. Like: when you go to a restaurant, sit with your back to a wall, preferably in a corner, in a place with good sightlines but not near a window. When you sit down, think about possible threat axes and which direction to bail out in if you have to.

Advice I’ve gotten from people with counterterrorism training includes this lesson: watch your environment and trust your instincts. Terrorists, criminals, and crazies don’t tend to blend in well even when they’re trying. If someone nearby looks or feels out of place in your surroundings, or behaves in a way not appropriate to the setting, pay attention to that; check your escape routes and make sure you can reach your weapons quickly.

How careful you have to be depends on the threat model you’re planning against. I’m not going to talk about mine in detail, because that might compromise my security by telling bad guys what expectations to game against. But I will say that it assigns a vanishingly small probability to professionals with scoped rifles; the background culture of both Iranian terrorists and their Arab proxies makes it extremely difficult for them to train or recruit snipers, and I am reliably informed that the Iranians couldn’t run professional hit teams in the U.S. anyway – too difficult to exfiltrate them, among other problems.

This, along with some other aspects of the threat model I won’t discuss, narrows the range of plausible threats to something an armed and trained individual with good backup from law enforcement has a reasonable hope to be able to counter. And the good backup from law enforcement is not a trivial detail; real life is not a Soldier of Fortune story or a running-man thriller, and a sane security plan uses all the resources available from your connections to the society around you.

Eric S. Raymond, “Fourteen months of carrying”, Armed and Dangerous, 2010-09-21.

November 17, 2022

TikTok (aka “Digital Fentanyl”)

Filed under: China, Media, Politics, USA — Tags: , , , , , — Nicholas @ 05:00

Geoffrey Cain at Common Sense on the malign influence of the massively popular Chinese social media platform on US politics and culture:

The midterm elections of 2022 were many things — a shocker for Republicans, the possible end of Donald Trump, a win for centrist Democrats. Overlooked is the fact that they were also a big turning point for TikTok, the Chinese social-media platform.

TikTok is not only the most trafficked news app for Americans under 30. It was also a major political force this year. Exhibit A: the Senate race in Pennsylvania, in which both Democrat John Fetterman and his Republican rival, Mehmet Oz, deployed TikTok, with Oz railing against the cost of vegetables in one video, and Fetterman slamming Oz for saying “crudité” in a highly effective response. Other candidates who took to TikTok this cycle include Tim Ryan, who ran for Senate in Ohio, and Val Demmings, who ran for Senate in Florida. (Both are Democrats.) The Democratic National Committee, early this year, launched its own TikTok channel.

Now, there are calls to shut it down. Just yesterday, FBI Director Christopher Wray said the bureau has “national-security concerns” about TikTok. Last Friday, the top Republican on the Federal Communications Commission, Brendan Carr, called TikTok “China’s digital fentanyl”. The day before, Senator Marco Rubio and Rep. Mike Gallagher, both Republicans, introduced legislation banning the social-media platform, noting that the data of millions of Americans is “effectively controlled” by the Chinese Communist Party. Earlier in the month, Carr also said the U.S. government should ban TikTok.

It’s about time.

Ever since TikTok began expanding into the United States, more than four years ago, we’ve known that it was a disaster waiting to happen. What’s shocking is that it’s taken this long to get serious political attention.

I know all about this. I used to be an investigative reporter in China. In December 2017, I first heard from friends on social media that a Chinese tech unicorn called ByteDance was planning on entering the American market with a new app. It was called TikTok.

Alongside its sibling app, Douyin, which operates only in China, TikTok was poised to sweep up the Gen Z audience in America, with its preference for video snippets of dancing celebrities, DIY projects, cooking demonstrations, skincare routines and other Gen Z’ers singing and dancing in their parents’ kitchens. As the fastest growing social media app ever, it rankled American competitors Facebook and YouTube, which were banned in China.

By October 2018, ByteDance was the world’s most valuable startup, with a valuation of $75 billion.

Four years later, ByteDance is worth $300 billion. TikTok is expected to reach 1.8 billion users globally by the end of the year. And a quarter of American adults under 30 get their news from the social-media app.

There’s a good reason for this success. TikTok has developed one of the most powerful machine-learning algorithms ever — one that is able to reveal people’s unknown desires to themselves.

Every day, every hour, every waking minute, TikTok is hoovering up seemingly infinite bits of information about its users — their tastes, hobbies, political views, sexual preferences, their facial structure, the sound of their voice. Ostensibly, all this is meant to provide a better product. It should also be noted that this information can be used for spying, influencing millions of users — even waging war. Every time we swipe for the next video, every time we post videos of our own, we are helping the world’s most sophisticated police state learn more about us.

May 25, 2022

“What is a reasonable general concern?”

Filed under: Bureaucracy, Cancon, Government, Law, Liberty — Tags: , , , — Nicholas @ 05:00

In The Line, Paula Simons has a concern that I think is quite reasonable:

What is a reasonable general concern?

That’s not a rhetorical question. I really don’t know the answer. I’m not sure anyone else does, either.

And that’s exactly the problem with Bill S-7, a new piece of government legislation, which amends both the Customs Act and the Preclearance Act.

Bill S-7 set a new standard to allow border services officers to search through our cellphones, laptops, tablets, Apple Watches and other personal computers. If the bill passes, it will allow officers who feel a “reasonable general concern” to search through the emails, documents, texts, instant messages, photos or videos stored on our digital devices, to look for evidence that we may have violated customs regulations.

Reasonable general concern. Or, as it says in the French-language draft of the bill, “des préoccupations générales raisonnables“.

It’s an absolutely novel legal threshold. That phrase, be it in English or French, doesn’t appear anywhere else in Canadian criminal or civil law. It’s not a standard borrowed from any other country. It’s a brand new legal test to authorize an invasive search of your most private personal records and correspondence.

A reasonable concern, one might intuit, is a lower standard than a reasonable suspicion, because a concern is less grave, less specific, than a suspicion.

But a general concern? A general preoccupation?

That sounds even more vague, more subjective, than a good old-fashioned hunch or inkling.

It seems counter-intuitive, to put it mildly, to create a lower, broader standard to search our private data on our private devices than to search our conventional mail, or our suitcases, or our car trunks. Yet that is exactly what Bill S-7 does.

How did we get here? The answer is an ironic one.

Back in 2020, the Alberta Court of Appeal ruled unanimously that portions of the Customs Act were unconstitutional.

The court found the act violated the protection against unreasonable search and seizure, because it allowed for what the court called “suspicion-less and unlimited” searches of our personal digital devices.

That violation, held the court, could not be saved by section 1 of the Charter, because it allowed unfettered and unrestricted access to people’s most personal and intimate information, and because it allowed the state almost unlimited latitude to dig around in the what the court called our “biographical core of identity”.

November 13, 2021

The unrealistic expectations society has of minimum-wage security guards

Filed under: Business, Cancon, Law, USA — Tags: , , — Nicholas @ 03:00

As a teenager, I worked several months as a security guard. In the 1970s in Ontario, to work as a security guard you basically needed to be physically fit (to a not-very-high standard), to pass a police background check and to be 18 or over. The jobs I worked were usually overnight shifts at upscale apartment buildings, industrial facilities and fill-in shifts at retail malls to cover for regular security staff vacations (plus one really interesting midnight shift on a ship docked in Toronto harbour). I think I was paid $3 per hour, and 99% of the time the work wasn’t worth any more than that. It’s that 1% of situations where the company hiring security guards might wish they’d invested in better-trained staff. According to Joshua Hind‘s article in The Line, the standards for security guards have been improved in the many years since my time, but that 1% is still a big issue:

While some of the best minds in the field of crowd management and event safety weigh in on the probable causes of the crowd surge, a new article in Rolling Stone has turned a spotlight on the security guards, and the culpability of private security in general, a high turnover, low-wage business focused on filling orders with warm bodies, seemingly regardless of their actual experience or competency. In Canada, security work is one of the easiest routes to employment for young people and particularly recent immigrants with little Canadian work experience, but, when it comes to live events, it’s also an often impossible mix of customer support, crowd management, law enforcement, and emergency medical services that requires years of training and on-the-ground experience to do well.

The apparent failures of this type of security, which is often referred to as “contract security” (not be confused with “private security”, which usually means expensive bodyguards), are not unique to Houston. I’ve been working in large public events for more than 20 years and contract security has always been one of the great planning dilemmas. If you want to get insured, you need lots of security, but every one of those guards must be treated as part asset and part liability.

Event sites, especially festivals with multiple stages, are expansive (the site in Houston was over 1,000,000 square feet in total space), and a well-designed event site, just like a well-designed building, needs plenty of entrances and exits, each of which must be adequately staffed. Guards are needed in front of the stage, in the crowd, at backstage access points, and around critical infrastructure. On top of all that you also need a team of roving guards to patrol the site looking for issues. Add it up and a large event site could have dozens or hundreds of security guards doing a variety of jobs, all of which fall under the catch-all description of “security”. On a big summer weekend at the height of event season, a large city like Toronto might have thousands of guards working dozens of sites. How do you find that many good people who can bear the responsibility of preserving public safety? Generally, you don’t.

It only requires a two-week commitment and a little patience to become a security guard in Ontario. So long as you have a clean criminal record, you can sign up for the required training: 40 hours on law and security, plus another 30-40 hours of first aid. This training is often performed by the very companies that do the hiring, which can greatly affect priorities in accurate skills testing. Hit all those marks and mere weeks after deciding to become a security guard you could be faced with a horde of concertgoers busting through the fence you’ve just been ordered to protect.

When I started in live events, it was all on the technical side, setting up lighting, sound and stages, and I didn’t pay much attention to what happened on the other side of the crowd barrier. About 15 years ago I started working on Nuit Blanche, Toronto’s overnight outdoor art event, and it was during those long nights watching hundreds of thousands and then millions of people that I developed a sense of how they act in large groups and how unpredictable they can be. This isn’t meant to sound like a superpower, it’s just a honed instinct. It took me well over a decade of steady work and constant observation to develop some ability to sense when a crowd might turn ugly. That experience can’t be replicated with two weeks of training, but that’s exactly what’s often expected of security guards.

December 28, 2020

Another aircraft that’s about to become a political football in Canada

Filed under: Cancon, Government, Military — Tags: , , , — Nicholas @ 03:00

Ted Campbell discusses the need to replace the Royal Canadian Air Force long-haul VIP transport aircraft (the current CC-150 Polaris planes were built and first operated by Wardair in 1987 and obtained by the government in 1993). It’s traditional for the government to be assailed by the opposition and the media (at least when it’s a Conservative government in office) for wanting to spend far too many dollars for unnecessarily luxurious planes (Jean Chretien in opposition called the Polaris a “flying Taj Mahal”)*. The Polaris and its eventual replacement do a lot more than just fly junketing politicians around:

RCAF CC-150 Polaris at Zurich, Switzerland on 25 January, 2012.
Photo by Kambui via Wikimedia Commons

… let’s all remember please that the primary roles of this fleet of aircraft are to transport Canadian troops to wherever in the world they might need to go, for operations, and to refuel our jet fighters when they are deployed overseas, and to carry cargo, but smaller loads that do not require a big CC-130 Hercules or the mighty CC-177 Globemaster III. The Royal Canadian Air Force needs a fleet of specially modified aircraft for those roles. There are several more modern “tankers” available including the Boeing KC-46 which is used by the USA and Israel and the Airbus A330 Multi Role Tanker Transport (MRTT) which is used by several nations including Australia and the United Kingdom. […] Some commercial aircraft can be converted, easily and quickly, from carrying passengers in seats to carrying cargo in containers to carrying aircraft fuel in giant bladders with refuelling hoses attached. They are true multi-role aircraft. They can also be converted to VIP aircraft with special suites for sleeping, with showers, work spaces, secure telecommunications and regular conventional passenger seats for support staff and journalists.

The key bit of a real VIP aircraft is a secure (high-grade encryption) communications and information suite. The prime minister, ministers and senior officials, when en route to a meeting in a foreign capital may need to have discussions that are SECRET-CANADIAN EYES ONLY with senior staff back in Ottawa and they may then need to have a video conference call with, say, the Prime Ministers of e.g. Australia and the United Kingdom using a different security system that allows them to discuss SECRET-FIVE EYES ONLY materiel. You’re talking a reliable satellite communications system (with a back-up, too) and various cryptographic terminals and the people to operate and maintain them. The comm/IT suite is complex and expensive. Everything else is optional and, even in the case of a VIP shower stall, pretty cheap, too.

OK, I can already hear the objections, many from Conservatives: “Why doesn’t he fly commercial? He can even fly First Class,” some will say. Aside from some very real security concerns, suppose he has to attend a G-20 meeting in Brazil. There are no flights from Ottawa, there are no direct flights from Toronto. Even if there were he would need an entourage of security and telecommunications/cryptography specialists. I know the Pope charters an Alitalia jet when he travels but I’m afraid that even Air Canada, which has 400± aircraft and carries over 50,000,000 passengers a year, might find it too difficult to keep an aircraft on something close to “hot-standby,” as the RCAF does, for the prime minister. This problem was examined many times over the years and the range of factors ~ security, communications, availability ~ dictate that a dedicated VIP squadron in the Air Force is the best choice … maybe the only sensible choice.

* I rarely say much in favour of former PM Jean Chrétien, but in this particular case he was consistent in his opposition even after being elected: he refused to use the VIP transport during his time in office and attempted to find a buyer for that particular aircraft. Successor Paul Martin had no such aversion and used the aircraft during his premiership.

December 17, 2019

My Wife vs. Ben & Jerry’s Ice Cream Lock

Filed under: Food, Humour, Randomness — Tags: — Nicholas @ 02:00

LockPickingLawyer
Published 15 Dec 2018

From the comments:

Hacker Lord
4 months ago
He sounds so calm for someone who’s probably sleeping on the couch tonight lol

August 30, 2019

EFF sues Homeland Security over illegal GPS vehicle trackers

Filed under: Government, Law, Liberty, USA — Tags: , , , , — Nicholas @ 03:00

Kieren McCarthy on a recent lawsuit by the Electronic Frontiers Foundation:

The Electronic Frontier Foundation (EFF) has sued the US Department of Homeland Security to find out more about a program where, it is claimed, officers secretly stick GPS trackers on vehicles they are suspicious of as they come through the border.

The EFF has made repeated freedom of information act (FoIA) requests about the program’s policies but has been stonewalled, with Homeland Security’s responses claiming any information would contain “sensitive information” that could lead to “circumvention of the law.”

The foundation’s main concern is that Homeland Security is carrying out its secret tracking without a warrant, or even anything beyond a single officer’s suspicion. And it points to a recent US Supreme Court decision where it ruled that warrantless GPS tracking was unconstitutional under the Fourth Amendment.

Details of the program came to light last year when customs officers revealed in court filings that they had used GPS trackers without a warrant at the border. Since then the EFF has tried to find out what the policies and procedures are for deciding when a vehicle can be tagged. The relevant authorities have not been keen to go into any detail.

There’s another legal precedent too: a California court ruled that government officials’ use of GPS devices to track two suspected drug dealers without getting a warrant violated the Supreme Court decision, made in 2012, and was government misconduct.

June 8, 2019

Differentiating between actual security and security theatre

Filed under: Britain, Humour, Liberty, Technology — Tags: , — Nicholas @ 03:00

Alistair Dabbs has a security tale of woe:

“Keypad Entry”by Victor Frost is licensed under CC BY-NC-SA 2.0

Access denied. Enter Access Code.

That’s a good start. Just a few moments ago I was handed a card on which is written, in blue ballpoint, a newly compiled string of alphanumerics that is supposed to identify me as a unique user. Oh well, maybe I fumbled the buttons. Let’s try again.

Access denied. Enter Access Code.

I am standing in the driving rain – this is London in the summer – in front of a large electronically operated vehicle barrier that keeps the riff-raff from getting anywhere near the car park and loading bay behind the building where I am to be working this week.

The vertical stainless steel keypad into which I am pushing my access code is weather-resistant. I am not. You’d think they could have installed the keypad at car-window level but no, it’s at lorry level. And it’s not on the driver’s side anyway, so anyone not rolling up in an unmodified US or continental import vehicle is forced to exit and walk over to the access terminal.

Access denied. Enter Access Code.

As far as it is concerned, I am riff-raff. I look behind me to see a steel-grey car has pulled up behind mine. Steel-grey = bland, unimaginative, company car, must be management. As I trudge back towards the street entrance around the corner to ask the security desk for an alternative access code, remembering this time to express an explicit preference for one that actually provides access, I notice the driver in the grey car has started to harrumph.

Security systems like this exist to protect me and my possessions, whether physical or electronic. They keep out the nasties and foil the mischievous. They allow access to the honest and prevent it to the unauthorised.

They are a pain in the arse.

Security is essential, of course, but only for other people. Not me. I’m the nice guy here and this sodding keypad is stopping me from getting in.

But then security authentication is one of those functions whose philosophical concept is hampered by self-contradictory details of its own design. To pick a topical example, it is the right of European Union citizens to enjoy free movement between EU countries without being stopped by border controls. However, how can the border controls know whether you are an EU citizen or not unless they stop you to ask for your EU identification? So it’s only by presenting your passport or ID card that you can exercise your right not to have to present your passport or ID card.

The forces of law and order, from police to night club bouncers, face the same recursive logic. Why do they insist on frisking me? Why can’t they concentrate their stop and search efforts only on those who are carrying concealed weapons?

May 8, 2019

Your electronic devices and the Canadian Border Services Agency

Filed under: Cancon, Law, Liberty, Technology — Tags: , , , , , , — Nicholas @ 03:00

A few years ago, many civil libertarians were upset that the US government allowed warrantless searches of electronic devices at the border, but it was less well known that the Canadian Border Services Agency does the same at the Canadian border:

According to the CBSA, it has the right to search electronic devices at the border for evidence of customs-related offences — without a warrant — just as it does with luggage.

If travellers refuse to provide their passwords, officers can seize their devices.

The CBSA said that between November 2017 and March 2019, 19,515 travellers had their digital devices examined, which represents 0.015 per cent of all cross-border travellers during that period.

During 38 per cent of those searches, officers uncovered evidence of a customs-related offence — which can include possessing prohibited material or undeclared goods, and money laundering, said the agency.

While the laws governing CBSA searches have existed for decades, applying them to digital devices has sparked concern in an era where many travellers carry smartphones full of personal and sometimes very sensitive data.

A growing number of lawyers across Canada argue that warrantless digital device searches at the border are unconstitutional, and the practice should be stopped or at least limited.

“The policy of the CBSA of searching devices isn’t something that is justifiable in a free and democratic society,” said Wright who ran as a Green Party candidate in the 2015 federal election.

“It’s appalling, it’s shocking, and I hope that government, government agencies and the courts, and individual citizens will inform themselves and take action.”

January 4, 2019

SplashData’s Top 100 Worst Passwords of 2018

Filed under: Humour, Technology — Tags: , , — Nicholas @ 02:00

SplashData's Top 100 Worst Passwords of 2018 from John Hall on Vimeo.

December 7, 2018

Australian parliament votes to weaken encryption

Filed under: Australia, Government, Law, Liberty, Technology — Tags: , , — Nicholas @ 03:00

Scott Shackford reports on the latest bit of oddness from the southern hemisphere:

Pretty much every single person in the tech industry, human rights circles, and academia warned the Australian government that forcing online platforms to weaken encryption would lead to disastrous results. Nonetheless, lawmakers are pushing forward — and it’s not just Australians who will suffer as a result.

Last night, Australia’s parliament rushed through the Assistance and Access Bill of 2018 right as their session was coming to a close. The bill gives various government agencies the authority to demand that tech and communication platforms provide them secret bypass routes around encrypted messages.

This is what is known as an encryption “backdoor,” and it’s a bad idea. Governments insist such tools are needed to fight crime and terrorism. The problem is that an encryption backdoor doesn’t care who uses it: If there’s a mechanism to bypass privacy security on a communication system, it can be exploited by anybody who knows how. That includes hackers, thieves, officials from authoritarian governments, and all sorts of dangerous people (including, of course, the very government people who insist they’re trying to protect us). That’s why tech companies have spent years fighting against the idea.

Weak encryption is a threat to the health of any tech platform that involves transferring data, and governments know that. So they insist they’re not demanding encryption backdoors while attempting to enact policies that pretty much demand them.

The Assistance and Access Bill won’t just grant the Australian government the power to demand that everybody from Facebook to Whatsapp help them bypass security to access private communications. The bill will let officials order companies, through “technical capability notices,” to alter their programming to facilitate snooping. And it gives the government the authority to force the tech employees who implement the changes to keep them secret. Break that secrecy, and the employees can face up to five years in jail.

November 10, 2018

Don’t expect the “Internet-of-Things” to get better security without Uncle Sam’s pressure

Filed under: Business, Government, Technology — Tags: , — Nicholas @ 05:00

Bruce Schneier believes it will take government action (or as The Register phrased it, “Uncle Sam … putting boots to asses”) to get any significant improvement in Internet-of-Shit device security:

Any sort of lasting security standard in IoT devices may only happen if governments start doling out stiff penalties.

So said author and computer security guru Bruce Schneier, who argued during a panel discussion at the Aspen Cyber Summit this week that without regulation, there is little hope the companies hooking their products up to the internet will implement proper security protections.

“Looking at every other industry, we don’t get security unless it is done by the government,” Schneier said.

“I challenge you to find an industry in the last 100 years that has improved security without being told [to do so] by the government.”

Schneier went on to point out that, as it stands, companies have little reason to implement safeguards into their products, while consumers aren’t interested in reading up about appliance vendors’ security policies.

“I don’t think it is going to be the market,” Schneier argued. “I don’t think people are going to say I’m going to choose my refrigerator based on the number of unwanted features that are in the device.”

Schneier is not alone in his assessment either. Fellow panellist Johnson & Johnson CISO Marene Allison noted that manufacturers have nothing akin to a bill of materials for their IP stacks, so even if customers want to know how their products and data are secured, they’re left in the dark.

“Most of the stuff out there, even as a security professional, I have to ask myself, what do they mean?” Allison said.

September 20, 2018

Mind Your Business Ep. 3: Public Safety from Private Security

Filed under: Business, Law, Liberty, USA — Tags: , , — Nicholas @ 06:00

Foundation for Economic Education
Published on 18 Sep 2018

In Detroit, dependence on law enforcement has proved insufficient to keep people safe. Enter Dale Brown, a threat management professional who specializes in stopping violence and empowering individuals to protect themselves and their loved ones.

September 11, 2018

Fear the Internet-of-Things

Filed under: Business, Technology — Tags: , , , — Nicholas @ 05:00

Martin Giles talks to Bruce Schneier about his new book, Click Here to Kill Everybody:

The title of your book seems deliberately alarmist. Is that just an attempt to juice sales?

It may sound like publishing clickbait, but I’m trying to make the point that the internet now affects the world in a direct physical manner, and that changes everything. It’s no longer about risks to data, but about risks to life and property. And the title really points out that there’s physical danger here, and that things are different than they were just five years ago.

How’s this shift changing our notion of cybersecurity?

Our cars, our medical devices, our household appliances are all now computers with things attached to them. Your refrigerator is a computer that keeps things cold, and a microwave oven is a computer that makes things hot. And your car is a computer with four wheels and an engine. Computers are no longer just a screen we turn on and look at, and that’s the big change. What was computer security, its own separate realm, is now everything security.

You’ve come up with a new term, “Internet+,” to encapsulate this shift. But we already have the phrase “internet of things” to describe it, don’t we?

I hated having to create another buzzword, because there are already too many of them. But the internet of things is too narrow. It refers to the connected appliances, thermostats, and other gadgets. That’s just a part of what we’re talking about here. It’s really the internet of things plus the computers plus the services plus the large databases being built plus the internet companies plus us. I just shortened all this to “Internet+.”

Let’s focus on the “us” part of that equation. You say in the book that we’re becoming “virtual cyborgs.” What do you mean by that?

We’re already intimately tied to devices like our phones, which we look at many times a day, and search engines, which are kind of like our online brains. Our power system, our transportation network, our communications systems, are all on the internet. If it goes down, to a very real extent society grinds to a halt, because we’re so dependent on it at every level. Computers aren’t yet widely embedded in our bodies, but they’re deeply embedded in our lives.

Can’t we just unplug ourselves somewhat to limit the risks?

That’s getting harder and harder to do. I tried to buy a car that wasn’t connected to the internet, and I failed. It’s not that there were no cars available like this, but the ones in the range I wanted all came with an internet connection. Even if it could be turned off, there was no guarantee hackers couldn’t turn it back on remotely.

Hackers can also exploit security vulnerabilities in one kind of device to attack others, right?

There are lots of examples of this. The Mirai botnet exploited vulnerabilities in home devices like DVRs and webcams. These things were taken over by hackers and used to launch an attack on a domain-name server, which then knocked a bunch of popular websites offline. The hackers who attacked Target got into the retailer’s payment network through a vulnerability in the IT systems of a contractor working on some of its stores.

« Newer PostsOlder Posts »

Powered by WordPress