Monday, May 19, 2008
Privacy discussion (US vs EU)
Thursday, May 8, 2008
Tell the world you're made in America
Monday, May 5, 2008
Aren't you glad your government listens to you?
Sunday, May 4, 2008
Chip hacking; ain't just for ninjas at the Lays factory
What is of concern is that someone would put these chips into the commercial stream (or even target it at specific customers). If that sounds outlandish; you may be in for a surprise that some of the computer communications routers (the devices that send messages around the net) have already been hit by counterfeit chips. Indeed; in this case the routers that were purchased went to the US military. Although there is no proof at the moment that these chips were compromised (in terms of having a back door installed) no-one really knows. This has sent the Department of Defense scrambling to inspect all of it's routers for these phony chips (for those who think this sounds like overkill; it may be given that the US (and Chinese) governments have already insisted that communications equipment makers design their equipment to be able to allow transmission monitoring (Cisco documentation).
The interesting part here is that this is forcing government agencies to flip the usual "privacy for security" trade-off" discussion on its head. In this case, the way they can ensure the security of their populations, is though increased privacy (this is the same argument that people make about anonymity being important to avoid governmental tyranny). Although governments are likely to do a two-step about how what's good for them is bad for you; the real danger here is that chips coming from unidentified sources (say Fabs (fabrications facilities) outside of the US) and then put in products to be resold could have back doors waiting to be unlocked (or have the machines disabled at a critical time). The fear for governments here is obvious but the impact to business and users is also important. I'd love to see a solution for how to protect against malicious hardware (somewhat akin to the challenge of sending secret messages across monitored channels that encryption faced until public key encryption was discovered).
Monday, April 21, 2008
Why Didn't I Think of That; Research in Thought Crime
Last week there was a really interesting article by Nita Farahany in the Washington Post. The article talks about DARPA research into remote brainwave analysis and it's applicability for crime prevention. The article spends most of it's time talking about the technology but there are a few short references made to the civil liberty issues that this research raises. Of particular privacy concern is the 4th amendment protections from unreasonable search and seizure as scanning someone's brain certainly falls into the area most of us would consider private. There is also the possibility that there are 5th amendment issues of self-incrimination from asking questions and then looking at the brain scans of the suspect to define guilt (or perhaps just reasonable suspicion for more questions or a more invasive search). An argument can also be made that there is a lack of due process in such actions. as guilt could be decided based upon nothing more than a machines output. These are definitely some interesting things to question, and ones we should answer before we introduce such technologies; but I don't think that it's quite time to call for tinfoil hats.
The best analogy I can think of is the polygraph (Lie detector) machine. Such machines are banned for compulsory use in prosecutions and have questionable use in defense or civil proceedings. Employers are also banned from using them though that came about via federal law (Employee Polygraph Protection Act of 1988 (EPPA)). The danger in such a thing might come from its "illegal" use in pointing law enforcement in the right direction or if covered up by gag rule legislations (like that which accompanies NSLs).
Perhaps the part of this article that bothers me most is the scenarios that are presented. For some reason the "ticking timebomb" example gets evoked with alarming frequency these days. Forgive my naive nature but how frequent an occurrence is someone in custody who knows about a time bomb that we are so willing to curtail our rights for it? I would think it would be much more common for people with anxiety disorders to be detained and questioned because their condition might create a "false positive" reading. Is this the balance of liberty we want?
Of course this is also assuming that those in power only ever use their power for the good of the society. If someone with such a device were much more unscrupulous (#2). In such a situation authority figures could use such tools to detect which people would pay a bribe; or even worse who might not report an illegal action like a beating or rape by that official.
The real danger is that in such a society, it’s not the though reading that is the end result; it's just the start. Thought reading necessarily leads people to thought control where people are afraid to even think certain thoughts (and in this it sounds quite Orwellian). Just think if everyone around you could read your mind, you would probably think very different thoughts. Such coerced thought control is antithetical to a society that believes in liberty.
If the best reasons for such a technology is to catch a person with knowledge of a "ticking timebomb" then I think it's time we really evaluated the risk/benefit trade off. We debate the safety of Mercury in fish, BPA in bottles and alcohol in drivers; each of these impacts many more people a year than "ticking timebombs". Still; people get angry when police set up "sobriety checkpoints"; why would we want something that stops far less crime and is far more invasive?
Thursday, March 20, 2008
Why RFID Should Never be Taken to Mean Private or Secure
I came across two interesting videos this week showing just how insecure RFID can be. I’ve linked them below. You should note that the first uses a system called Oyster that is used in many cases (including entry cards (as the video shows). The second shows an American Express card. Caveat emptor.
Note: the second video is done with a $0.99 reader off eBay (plus $7.99 in shipping). In general these cost around $50 but the prices are dropping and $50 is not much of a barrier. Tracking based on these things we carry (in this case an id or credit card) has the potential to be cheap and ubiquitous.
Sunday, March 16, 2008
Power Corrupts; Absolute Power Corrupts; Absolutely
Hidden between the salacious headlines about a prostitute patronizing governor, the release of a report by the Department of Justice seeped out. Apparently the government we have entrusted with our security, and with the legal, and moral, requirement to protect our privacy has been playing fast and loose with the second of those obligations. According to the report, the FBI was using National Security Letters (authorized under the USA PATRIOT Act for surveillance outside of usual 4th amendment protections and requirements) to spy on subject who they were not allowed to, forbidden by courts from monitoring or simply casting their net much wider than they had approval to do.
For those wondering how this ties to our current debate about providing telecoms with immunity for prosecution (the telecoms are who the FBI delivered these NSLs to and were then given people’s private records or access to wiretaps), The Senate has already approved such immunity while the House voted this week to pass surveillance legislation without telecom immunity. Bush has threatened a veto without this clause and there has been much discussion about this issue. What is interesting here is that our government, entrusted to protect us, has asked for powers to monitor us out side of its abilities and in violation of the constitution. As in the past (think Hoover administration, Files that showed up on the Clinton White House, etc.) we see that those given the ability to secretly monitor are abusing that privilege. When we discuss the concepts of domestic spying and why that must be done out the oversight, we should also ask who watches the watchers?