Just in time for the election, CNN has some coverage of the voting hacks mentioned previously on Six Lines.
(hat tip: Tim Lee)
-
Archives
-
Policy
-
Privacy
-
Security
More Proposals for Wiretapping the Internet
Oct 19, ’10
10:48 AM
Last month I pointed out an article in the NY Times that described a government plan to allow surveillance of communications on the Internet. Basically, the government wants to be able to wiretap things like Facebook, Gmail, Hushmail, and Skype. However, to do this requires adding backdoors to encryption algorithms, and backdoors are just another attack surface that can be used by anyone to break encryption. This may all seem like déjà vu to anyone who was involved in the Clipper chip debates in the 1990s.
This month the story continues as government officials attempt to determine the best way to get access to Internet communications:
The Obama administration is circulating several ideas for legislation that would increase the government’s leverage over carriers, officials familiar with the deliberations say.
One proposal is to increase the likelihood that a firm pays a financial penalty over wiretapping lapses — like imposing retroactive fines after problems are fixed, or billing companies for the cost of government technicians that were brought in to help.
Another proposal would create an incentive for companies to show new systems to the F.B.I. before deployment. Under the plan, an agreement with the bureau certifying that the system is acceptable would be an alternative “safe harbor,” ensuring the firm could not be fined.
These proposals fail to recognize the radically different structure of Internet communications. Even something as simple as video chatting with someone on Skype could involve three or four networks, not to mention the Skype software itself, which is partially owned by eBay. Furthermore, there are numerous open source encryption and communications programs available that could be used by any serious bad actors to avoid any sort of surveillance.
Lower Merion Webcam Privacy Case Resolved
Oct 18, ’10
1:25 PM
Last February, a the Lower Merion school district in Pennsylvania became embroiled in an almost unbelievable privacy debacle. Basically, the district gave laptops to students, required the students to use them for school work, and then activated the webcams on the laptops surreptitiously to spy on the students. As you might imagine, this did not go over well when the parents found out about it.
This case has recently been settled, and the Guardian has the best article on the outcome:
So what happened to the school administrators, to McGinley, Matsko and the others who spied on teens at home, then lied about the extent of it?
Nothing. No jobs lost and no financial consequences, either – they’re not responsible for the $610,000 payout. The municipal insurer will cover it, then charge higher premiums to Lower Merion taxpayers. The same people whose rights were violated will foot the bill for those very violations.
Surreal.
I know it’s tough to find a way to compensate people for privacy violations. There’s often simply no way to put that toothpaste back in the tube, so to speak. However, this does happen in other legal matters, and the punishments for those crimes are meant to deter future crimes of this nature. What exactly does fining the school $610,000 deter? The best I can figure is that it deters parents from bringing the case in the first place. There should have been some professional discipline for all the teachers and administrators who cooked up this plan and executed it.
LMSD is a public school district. Their teachers and administrators are government employees. Students in that county are required to attend school by law. The vast majority of these students don’t have a realistic choice in what school they want to attend. And now they are stuck attending a school where the administrators feel it’s perfectly acceptable behavior to spy on them surreptitiously at home? The Guardian article concludes on the right note:
Is anyone reading this a student in Lower Merion? If so, remember: you are still obligated to show respectful deference to Principal Matsko, Superintendent McGinley and all the other grownups at your school – even the ones who got their jollies peeping at you while you slept. You teenagers might be justified in thinking, “I don’t feel safe around middle-aged people who think it’s OK to spy on me and my friends. Why is this allowed?”. But don’t say that where administrators can hear you, or you’ll get detention for defying their authority.
Problems with Internet Voting
Oct 6, ’10
2:48 PM
Many non-technical people struggle to understand why voting over the Internet isn’t a good idea. They bank online. They conduct auctions online. They network online. They buy things online. Why can’t they vote online? If you’ve ever been forced to explain why Internet-based voting for public office is a bad idea, you now have a single, clear-cut example to highlight.
The District of Columbia is conducting an on-going pilot test for voting over the Internet. Despite just three days notice, a team of researchers from the University of Michigan hacked the system within 36 hours of it going live. Here’s a snippet from a detailed analysis of the hack by J. Alex Halderman:
The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure. We’ve found a number of other problems in the system, and everything we’ve seen suggests that the design is brittle: one small mistake can completely compromise its security. I described above how a small error in file-extension handling left the system open to exploitation. If this particular problem had not existed, I’m confident that we would have found another way to attack the system.
None of this will come as a surprise to Internet security experts, who are familiar with the many kinds of attacks that major web sites suffer from on a daily basis. It may someday be possible to build a secure method for submitting ballots over the Internet, but in the meantime, such systems should be presumed to be vulnerable based on the limitations of today’s security technology.
It’s not surprising, but it is a fantastic example of the difficulties involved in electronic voting over the Internet. If you’re interested in more on this topic, I would recommend starting with a piece I wrote a couple of years ago about Ed Felten’s CERIAS talk on electronic voting. Ed Felten was Alex Halderman’s PhD advisor at Princeton, and both of them are experts in electronic voting and computer security.
U.S. Customs and Border Protection
Oct 4, ’10
1:58 PM
I’m not sure how I missed this earlier, but here’s a fascinating write-up from Paul Karl Lukacs, who exercised his rights as a U.S. Citizen attempting to re-enter the United States:
I was detained last night by federal authorities at San Francisco International Airport for refusing to answer questions about why I had travelled outside the United States.
The end result is that, after waiting for about half an hour and refusing to answer further questions, I was released – because U.S. citizens who have produced proof of citizenship and a written customs declaration are not obligated to answer questions.
This post generated hundreds of comments on multiple sites. Don’t miss his follow-up post, which addresses ten of the most common comments on the first post. He even cites the Cardinal Richelieu quote that inspired this blog:
The only way to immunize yourself against a false statements charge is to refuse to speak to federal officers.
“Wait,” you ask, “what about telling the truth?” Doesn’t work. If, in the course of your conversation, you mis-remember something or speak inarticulately, you can now be arrested. Innocent mistake? Prove it in court after being jailed, charged, tried and paying for a lawyer.
Cardinal Richelieu is alleged to have said, “If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.” That’s also how the false statement charge works. Any cop or prosecutor can concoct a “lie” from your statements.
(via Daring Fireball)
Wiretapping the Internet
Sep 27, ’10
5:24 PM
The discussion on how to handle surveillance of communications on the Internet is going to get much bigger the closer we get to ECPA reform. Some of the proposals discussed are dangerous and damaging. Consider the following:
To counter such problems, officials are coalescing around several of the proposal’s likely requirements:
- Communications services that encrypt messages must have a way to unscramble them.
- Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.
- Developers of software that enables peer-to-peer communication must redesign their service to allow interception.
These requirements would be ineffective at catching bad actors who could simply use other communications services, and they would also impose onerous costs on companies attempting to comply.
Perhaps it is time to recognize that communicating over the Internet is fundamentally different than communication over more traditional telecommunications networks, such as the telephone network. “Wiretapping” just isn’t as technically feasible in this new environment as it was in the past.
Cyberwar Rhetoric
Jul 21, ’10
4:29 PM
I find it somewhat amusing just how disparate the reported views of our national security are in the mainstream press. Here’s the byline of WaPo’s Top Secrect America project:
The government has built a national security and intelligence system so big, so complex and so hard to manage, no one really knows if it’s fulfilling its most important purpose: keeping its citizens safe.
And here’s an NPR story that was released on the same day:
There may be no country on the planet more vulnerable to a massive cyberattack than the United States, where financial, transportation, telecommunications and even military operations are now deeply dependent on data networking.
What’s worse: U.S. security officials say the country’s cyberdefenses are not up to the challenge. In part, it’s due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries. The protection of U.S. computer systems essentially requires an army of cyberwarriors, but the recruitment of that force is suffering.
Which is it? Do we have ponderously many “cyberwarriors” or are we experiencing some apocalyptic shortage? Ok, I’m not being entirely fair. I’m skipping over the fact that the WaPo article wasn’t just about “cyber” defenses (though that is a part of their analysis). Still, how can these stories possibly be reconciled when their core theses are so far apart?
Fear-based rhetoric continues to drown out reason in the collective discussion on national security. It seems that we must either be terrified because we have too many people protecting us for anyone to effectively manage them or because we have so few people working to defend us (and so few people qualified to defend us) that we’re critically vulnerable. Either way, we must be terrified. How does that help?
Disclosure: I am working as a 2010 summer intern for one of the organizations mentioned in the WaPo article.
ECPA Reform Videos
Jul 20, ’10
9:50 PM
I wish I could post some videos showing people actually reforming the Electronic Communications Privacy Act, but instead all I can do is post videos showing why ECPA should be reformed. The first video is from dotRights. It’s a bit heavy on the promotional and light on the content.
The second is a section of a panel on digital privacy that shows Julian Sanchez‘s excellent comments on how outdated ECPA has become. In particular, I like his illustration of how the legal privacy status of an email changes starting at about the five minute mark.
▶ Rush Introduces Privacy Bill
Jul 20, ’10
4:45 PM
Illinois Rep. Bobby Rush introduced a privacy bill on Monday that is a must read for anyone interested in online privacy or technology policy. It is commonly called the “Best Practices Act.” You can find out more about the bill on WashingtonWatch.com or on OpenCongress.org. In addition, you can read a memo about the bill here (pdf). Finally, a hearing will be held Thursday afternoon about this bill.
The key take-aways are as follows: (1) This bill is unlikely to pass this term, but it’s likely that some privacy bill will be passed before the next Presidential election. Thus, this is an important part of that process. (2) The bill would setup an opt-in regime for some information and an opt-out regime for other information. The information that triggers the opt-in regime is intended to be more sensitive than the opt-out information, but there’s some debate about this. (3) This is essentially the same text as the draft released in May that privacy groups didn’t think went far enough and industry groups thought went too far.
I’m concerned that this bill fundamentally misses a key problem with online privacy. Consider this quote from the briefing memo:
Section 102 requires a covered entity to provide individuals with concise, meaningful, timely, prominent, and easy-to-understand notice or notices.
Basically, this assumes the same model we’ve had for quite some time. It sounds great in the ideal, but in reality it’s extremely hard to write a privacy policy that accurately describes complex technical practices while ensuring that everyone can read it. Organizations end up posting privacy notices written as clearly as possible and yet still almost completely incomprehensible to virtually everyone affected by them.
Consider what Rep. Barton said about Apple’s recent privacy policy update:
Added Barton: “While I applaud Apple for responding to our questions, I remain concerned about privacy policies that run on for pages and pages. I hope every business that uses information for advertising and marketing purposes will work toward more transparency and complete disclosure about their practices, as well as robust security for the information they hold.”
I just don’t think this is a route to future success. I know I’m not the only one.
Also, I agree with Jim Harper about this:
Jim Harper, an attorney at the free-market Cato Institute, points out that Rush’s bill explicitly does not apply to the government. “It’s unbelievable that they should so brazenly exempt the federal government,” he said. “The federal government should be covered, as should political parties and campaign committees. Congress should practice what it preaches.”
Disclosure: I worked with Jim Harper as a Google Policy Fellow at the Cato Institute during the summer of 2008.
Facebook and Protecting Children
Jul 16, ’10
1:27 PM
danah boyd posted recently about a Facebook app developed in the UK that allows children to report abusive or potentially abusive conduct:
The “Panic Button” is actually an App called “ClickCEOP”. Users must add the App and then they get a tab so that there’s a button there whenever they need to talk to the police’s Child Exploitation and Online Protection Centre. They’re encouraged to share the badge as a way of protecting their friends.
As danah points out, there are many questions:
[W]hat’s the likelihood that kids (or adults) will click on this as a joke or just to get attention? How is CEOP going to handle the joke clicks vs. the real ones? How will they discern? One thing you learn from dealing with helplines is that kids often call in to talk about their friends when they’re really looking for help for themselves. It’s easier to externalize first to test the waters. The CEOP may get prank messages that are real cries for help. What happens when those go unanswered?
Part of the reason that this is even news is that Facebook has been resistant to this effort. I agree with danah; Facebook didn’t resist because they don’t care about child safety. There’s a real misnomer in developing an application hyped to prevent all forms of child abuse with a single click of the mouse, which is why Facebook resisted. They understand that the underlying problems this application is meant to address are neither technical nor trivial. Child abuse and bullying preceded the Internet; a web app isn’t going to make them go away.
danah fears that Facebook’s (eventual) support of ClickCEOP will result in increased calls to create a similar save-the-children button in the US. Of course, this is already starting to happen. Any bets on how long it takes before this gets mindlessly deployed stateside?
