I have read and agree to the terms of service

NSA Seal

As revelations continue about the US Government capturing and monitoring online activities and communications, I'm glad (and, ok, only a little bit smug) to see that more conversations are happening about just what privacy expectations we should give up by using modern Internet tools and services.

Most of the mainstream conversation has been focused on what information "big data" companies like Google, Twitter, Facebook and Apple do or don't hand over to the government and under what circumstances, and debating where those lines should be.

The built-in assumption here is that it's inevitable that these are the companies that will continue to have access to our private information and communications. I grant that it's a pretty safe assumption - I don't foresee a mass exodus from Facebook or a global boycott on iPhones - but I do think it's important to note that this is a choice we are making as users and consumers of these services.  We are the ones who click through the "terms of service" and "privacy policy" documents without reading them so we can get our hands on cool free stuff, we are the ones who are glad to entrust our intimate exchanges to technology we don't understand.

A certain amount of naiveté about the security and privacy implications of the tools we use is understandable here.  When I've given presentations on email privacy and security issues, some attendees are legitimately gasping at the new understanding that their e-mail messages are traversing the open internet as plain text messages that can potentially be read by any number of parties involved in the management of those servers and networks.  The average user probably assumes that the Internet was designed from the ground up to be a robust and secure way of conducting financial transactions and sending suggestive photos of themselves to amorous contacts.

Continue reading "I have read and agree to the terms of service"

On Wikileaks

The document leaking website Wikileaks has continued to make headlines in recent weeks as they distribute hundreds of thousands of leaked US diplomatic communications.  The story is somewhat irresistible: political intrigue, government cover-ups, a mysterious geek on the run - this will be on the big screen in 5 years or less, I'm sure.  But beyond the basic elements of narrative that make it so interesting, there's some really important and serious stuff going on here.

Wikileaks has brought to light a powerful and confusing kind of inner conflict for anyone who considers themselves a patriot, or at least a person who cares about the actions of the federal government taken on our behalf.

Continue reading "On Wikileaks"

Unhelpful responses to cyberwarfare

State of the art blender powerA number of mainstream magazines and newspapers have recently published reports on the increasing threat of "cyberwarfare," the significant resources being devoted to fighting that "war" and what we're doing to protect the critical national asset that is our digital infrastructure.

Unfortunately, most of the responses (and the ones favored by the Obama administration) are focused on paying insanely large amounts of money to private contractors to create and deploy complex technological solutions in hopes of addressing the threat.

What advocates of this approach fail to appreciate is that (A) most of the actual threat comes from uneducated human operators of the technology in question, and (B) deploying homogeneous, technologically complex solutions often makes us more vulnerable, not less.

Continue reading "Unhelpful responses to cyberwarfare"

Watching the watchers

IMG_2396.JPGSometimes people forget how much information is being collected about them when they visit a website. It's actually not all that much - what IP address you're visiting from, what kind of operating system and web browser you're running, and perhaps what other website you came from in your visit. The real fun starts when you learn how to interpret the trends in that information, and start to drill down to what it might mean about a visitor.

For example, earlier this week, a user visited my website without any referring URL information. This means they probably entered the address directly in their browser's location bar, but it could also mean they followed a bookmark, or are actively trying to hide where they came from. As soon as they got to my site, they started searching for the word "congress" in my content. When I traced the IP address, it went back to a location in McLean, Virginia, which is the home of the Central Intelligence Agency.

So what can we conclude from this? Obviously, a CIA operative was investigating my website because in my ramblings about politics and the government, I've clearly come too close to the truth about a cover-up related to U.S. energy policy and the War on Terra, and now they're coming to take me away, ha-ha.

Continue reading "Watching the watchers"

For national security reasons

IMG_1838.JPGIt's interesting to me that the phrase "for national security reasons," offered by the U.S. government and governments around the world to justify various uncomfortable activities (withholding information from or spying on its citizens, demanding cooperation from corporations in legal gray areas, etc.) is so commonly used and so consistently effective. It's effectiveness is based on an apparently safe assumption that the American people largely subscribe to at least one of two world-views: 1) The needs of the many outweigh the needs of the few, and 2) the government knows what's best for us as individual citizens better than we do ourselves.

How do these world-views work in the government's favor?

Continue reading "For national security reasons"

REAL ID a dangerous power grab

Bruce Schneier has saved future bureaucrats some time and written the core text of the 2015 US Congressional report on the impacts of the REAL ID Act. The report will find that the creation of this national ID card back in 2005 introduced unnecessary security risks, compounded existing data privacy issues, incurred extraordinary costs to implement and maintain, represented a troubling power grab by the federal government over state systems for issuing identification, and, perhaps worst of all, was passed without any serious debate in Congress or in public because of its attachment to a bill funding operations in Iraq. The report will also find that the ID card has not substantially met any of the goals its introduction was intended to achieve. Given the above, the report concludes that the REAL ID Act was a shining example of the quality and sensibility that characterizes much of the law-making that went on at the time.