Brad Ideas - Privacy - Comments

To contact me

brad — Fri, 16 May 2008 20:03:25 -0700

Send me an email!

We Should Talk

Allan Sabo — Fri, 16 May 2008 18:02:02 -0700

Brad,

Read your post at Scoble's blog after posting my own - your must have come in about the same time.

I had to read (ok, quickly scanned) your post here, and find you and I are very much on the same page.

I am working with a group that wants to develop what it believes is the answer - perhaps we should talk.

Please contact me at your convenience,

Allan Sabo
Alti Success Strategies
Experts at Integrating Social Media and Internet Marketing

Repurposing Sigint

Anonymous — Fri, 16 May 2008 14:05:12 -0700

I guess, this revolves around whether you're really interested in economic, social, or military issues. Former Home Secretary David Blunkett observed that corporate collections of personal data were bigger and less well regulated than the governments. Private companies are fuzzier and less lethal than terrorists but they still have a potential to damage people and society. Sometimes, you could argue, big transnational companies are the cause of terrorism. I'll admit that's going way off topic but it sparked another thought. Instead of sending a cruise missile through someone's letterbox, how might the same intelligence be used to flag people and places where better or more sensitive trade and industry could take off?

Takings are rare

brad — Thu, 15 May 2008 23:20:30 -0700

Right now, attempts to seize laptops without cause are quite rare. But they should be zero. However, I enter the USA (I am not a US citizen) several times per year and for most people it’s not a bad process. That doesn’t mean we should not try to stop the excesses but I wouldn’t give up work in the USA because of it, not even close yet.

I just would like to see a disk encryption system to protect you from both laptop thieves and customs seizures that is so easy to use that there is no reason not to use it. The downside is you might forget to lock it a few of the times you need to, but that’s better than one so hard you never use it at all.

The problem is getting through customs if you do this

Moz — Thu, 15 May 2008 18:55:00 -0700

I think ST's comment above sums it up: any obvious protection or encryption will in itself attract the attention of customs, and in some places Customs can detain you indefinitely until they're satisfied you've handed over all the goods.

The problem is not hiding the goods, the problem is getting through customs. That means being a sufficiently good smuggler that Customs don't know and are extremely unlikely to discover that there are hidden things. It's not enough to simply hide them and say "ha ha I win". So work-arounds like hidden partitions and the internet remain the most effective way for data that you really do want to get through.

AFAIK Customs always have the option of simply saying "no, you can't bring that in". At which point you can turn round or sometimes they let you dispose of the objectionable item. It's extremely unlikely that they will let you through after failing to obtain decrypted data that they've asked for.

My solution is simply not to travel to states with poor politics, like China and the US. That's cost me one possible job so far but I'd rather lose a job than my life. Unfortunately both the US and UK have demonstrated that China and Burma etc really have nothing to worry about when freeing up their media, torture and disappearance still work just fine in a "free" country. This is just another example...

Pharm

brad — Thu, 15 May 2008 17:57:00 -0700

Oh, I don’t need to go beyond commercial motives to find a reason for Pharm. But more to the point, Pharm is domestic.

The hallmark of a signals intelligence espionage program would be intrusion into foreign computers, ideally non-allied computers or targeted computers, which is within the balliwick of most of these organizations.

Indeed, there might be a desire to simply scan lots of hard drives in rural Pakistan and Afghanistan. And North Korea (the few that are on the internet) and other places, staying away from spying on computers belonging to allies and domestic parties. They could write code to examine machines and determine if they are domestic, or owned by domestic companies. Or even code to say, “Does this computer look like it might be owned by a jihadi?” — and then start spying on just those computers.

The recent trend in intelligence has been to look for ways to do blanket basic surveillance and then isolate the few actual targets they want to put human beings on. Of course, in the domestic case, such as AT&T, the law says they can’t do this. But they want to do it, and in fact we allege in our lawsuit that they did do this — put in a splitter to divert all data into NSA systems. If they are doing that in the domestic arena, seems likely they are doing it overseas where there is less control.

Fedex too much

brad — Thu, 15 May 2008 17:52:00 -0700

If you’re ready to think about doing the fedex, you’re already in the highly prepared minority. The real solution is something that takes minimal thought. The cell phone approach is good because it’s also a great anti-theft. If you turn on the laptop in the presence of your enabled bluetooth device, it just works like now. If you turn it on without that device on and nearby, it can’t access your encrypted data.

The goal here is that this isn’t very common, so customs doesn’t know to demand your laptop and your phone, or your laptop and your bluetooth key fob. Which gives you a short time in which to execute the command on your phone or fob to erase the key.

Indeed, you could even get to the point where, if the laptop is running, the command from the phone via bluetooth tells it to erase the key and shut down. However, it is an open question if this is obstruction of justice or not.

The main point is most people — this is for innocent people after all — will not remember to follow any special procedures before they get into customs. If they can legally follow a procedure after they get into customs, or after their laptop is taken, that’s what works. The same applies to theft.

Note that this requires a phone that is always on and ready for bluetooth whenever you turn on your PC. Not all phones are that way, but many are.

Targetted Advertisers?

Anonymous — Thu, 15 May 2008 17:08:01 -0700

Who is behind the so-called targetted advertising systems companies like Phorm are trying to get installed on ISP internal networks? Being able to snoop 70% of the UK's clickstream is an intelligence tool worth billions. Putting aside the fact that Phorm's system breaks a dozen laws, who quality assures or positive vets companies like this? I would've thought allowing a known spyware company that games the legal system and employs foreign nationals to code its software would be a red flag for someone.

Send a key ahead

Shivering Timbers — Thu, 15 May 2008 15:31:57 -0700

Nice article, and I'm glad someone is taking a serious look at the problem. I have an idea, and some additional analysis.

The idea: Use a physical key, and send a duplicate key ahead via FedEx or some other delivery service rather than trying to travel with a key. That won't protect you if you've been specifically targeted by the authorities (since the key could be intercepted enroute), but it will frustrate fishing expeditions.

The analysis: In many developed countries, the threat is unique to the short time after you've physically crossed the border but before you've cleared customs. Once you clear customs, if the authorities want to compel access to your laptop, they need a warrant or some other specific legal authority (under normal circumstances--I'm considering the case of a businessperson or lawyer who has sensitive documents, not the case of someone who might attract scrutiny from agencies more accustomed to operating outside the law). So for many travelers, a sufficient level of protection needs only to deflect the customs agent's attention enough to get cleared. Customs can't go back and demand access once a traveler has passed into the country (in many countries).

The catch is that any obvious protection or encryption will, in itself, attract the attention of customs, and in some backward places (like the United States), Customs can detain you indefinitely until they're satisfied you've handed over all the goods. Any scheme which is visible to a customs agent is likely to cause great problems to the traveler: it's like trying to clear customs while carrying a welded-shut steel box. They will be intensely curious as to the contents of the box, and don't expect to go anywhere until someone fires up a cutting torch.

So what you really need is a combination of encryption plus the electronic equivalent of a cloaking device.

Ideally, the computer should function perfectly normally if booted or accessed without the special key, but sensitive files simply won't appear in the filesystem. Unless customs is specifically targeting you, this should get you safely through (and even if they make you leave a disk image behind, the encryption should protect the secrets against a more detailed analysis).

Well thought out, Brad

Ken Kennedy — Thu, 15 May 2008 14:18:24 -0700

As usual, great analysis and consideration of options. I do use a TrueCrypt partition for some data, but I agree...it's not simple enough to breach most people's activation threshold. Very interesting ideas here.

I'm starting to REALLY get concerned about some of the "privacy vs. security" tradeoffs that people now just shrug and accept. I wonder when we reach the point of "very difficult to return from". I do actually believe/hope that we will swing back from this, but I expect it will take a crisis, Watergate-style, to highlight the abuses and potential problems sufficiently.

It gets worse, what if it

fnord — Thu, 15 May 2008 02:26:16 -0700

It gets worse, what if it was organized crime, instead of or in addition to spy agencies, engaging in such activities, which of course they are. Spy agencies are normally engaged in criminal activity too, so that's not what makes it worse.

What makes it worse is that ICANN has allowed itself on various levels including registrars and the DNS itself to be increasingly co-opted by organized crime. ICANN's insatiable hunger for money is largely to blame, and criminals have long known how to exploit such a weakness. Read this current article on ICANNWatch.org and follow the link in Fergie's subsequent comment, or my more accurate link to RBNBlog which follows.

The US Government has always been ICANN's overseer, have they just been asleep at the switch? Isn't it ironic that the organized crime Russian Business Network, with likely ties to the Russian government (and they have recently moved some of their activities to mainland China), is co-opting various critical levels of the internet? This is going to turn out badly. -g

data can go both ways

Anon Y. Mouse — Tue, 13 May 2008 23:48:44 -0700

First, I think it's much more likely the NSA has already
compromised one or more existing botnets, as opposed to
screwing up Windows. That's Microsoft's job!

Try this on for size. Everybody's heard about the
secret room(s) at AT&T et. al. run by the NSA and supposedly
designed to slurp up all the internet packets, telco phone
meta-data, etc. Perhaps they are covertly working with
the backbone operators to provide peering points where
they can *inject* massive amounts of traffic generated
by their own custom dedicated servers. It's more reliable
if you have your own botnet.

This is possible

brad — Tue, 13 May 2008 21:02:42 -0700

But in fact it might be simpler to just assure there are security flaws, and then build the botnets, or have them built by your front organizations, which are of course not in the USA. Or just exploiting those that are already there.

Directly compromising Windows is a dangerous thing for the NSA to do. Aside from the fact it is still not supposed to operate inside the USA at all, this could hurt the security of Americans against foreign spies. In fact, the NSA is supposed to be helping to make U.S. computers more secure, it is part of their mission. To go directly against that mission is not beyond them but scandalous if discovered.

Of course this does not apply to foreign spy agencies, they could compromise Windows without breaking their rules. But since Windows is run in so many countries, again this has the risk of scandal.

On the other hand, paying botnet rings to run secret code on non-domestic computers to spy on the owners of those computers would not be the same sort of major scandal. (Creation of the botnets directly would be a scandal, but one they can hide much more easily.) They would mostly get an “attaboy” for spying on foreign computers. They might create a problem with allies if they spied on the computers of allied governments if they were caught, but frankly everybody knows that each spy agency spies on its allies. It’s part of the game, though still not something to be caught at.

To do this, they would want to build a system that can identify honeypots and make sure never to put spy code into them. That’s hard to do for a criminal hacker ring but easily within the abilities of a big spy agency. Ideally they would use other methods to determine the IP blocks or other attributes of “computers of interest” they wish to spy on, confirm that they really have these computers, and then briefly load spy code in them to rootkit the systems and look for interesting files.

Detection of this would require a very clever honeypot that knows how to look like a “computer of interest” — once we define what a computer of interest is. I would bet that computers in rural Pakistan, for example, and Iraq, are commonly computers of interest.

Spy agencies & software

Anonymous — Tue, 13 May 2008 19:58:11 -0700

There is one other thing that would be too easy for a spy agency to buy off that it is hard to fathom that it hasn't happened: adding some kind of hook to popular closed-source operating systems to leak confidential information into covert channels. The effort required to modify kernel source code so that e.g., passwords or something are encoded into the output of some pseudorandom number generator used for picking e.g., TCP sequence numbers is low enough that a competent coder involved in the process between when the source code is checked out to do the production build and executing the makefile could slip it in with very low probability of detection and nobody would be any the wiser. If spy agencies can spend billions on covert spy satellite programs, surely they can spend a couple million to buy off a programmer involved in production builds to slip in carefully chosen patches. The presence of spy agencies in the world today with these kind of budgets almost guarantees that closed source products (and pre-built open source products) have backdoors. They would be stupid not to.

It follows that if you don't compile your own stuff, you're stuff is probably backdoored. On the positive side, keeping this stuff secret is almost certainly enough of a priority that the spy agencies will probably be keeping your secrets (unless you are doing something they are directly interested in) and third party crackers will probably not be any the wiser.

Data Spaces in the Clouds

Kingsley Idehen — Thu, 08 May 2008 13:55:39 -0700

Brad,

What you describe is what I've referred to as Data Spaces in the Clouds (Fourth Platform) for a while :-)

Yes, there is some confusion about the literal interpretation of the phrase: Data Portability (free movement of data across platforms). We don't necessarily want free movement of data across realms (unless we explicity enable it in our space). Instead, I believe we seek Open Access to our Data Spaces with access control granularity.

To conclued, we do need Data Access by Reference facilitated by portable Data Containers (Data Spaces) in the Clouds. Of course, these containers can move themselves, or data from the clouds to other locations, wholesale or via replication and synchronixation. In all cases using standard protocols and existing infrastructure such as the Internet and Web.

Links:

1. OpenLink Data Space Wikipedia Page
2. OpenLink Data Spaces (Open Source Edition) Home Page
3. My Data Space Profile Page
4. EC2 installation Guide
5. How to get a Gateway into your Data Space (i.e a URI for Your Data Space) in 5 minutes or less
6. Recent WWW2008 Presentation about Data Portability and Data Accessibility (PPT)