Engineers have invented a wave energy converter that works in the same way that squid propel themselves through the water.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
New Research: Rebecca Lipman, "Online Privacy and the Invisible Market for Our Data." The paper argues that notice and consent doesn't work, and suggests how it could be made to work.
Abstract: Consumers constantly enter into blind bargains online. We trade our personal information for free websites and apps, without knowing exactly what will be done with our data. There is nominally a notice and choice regime in place via lengthy privacy policies. However, virtually no one reads them. In this ill-informed environment, companies can gather and exploit as much data as technologically possible, with very few legal boundaries. The consequences for consumers are often far-removed from their actions, or entirely invisible to them. Americans deserve a rigorous notice and choice regime. Such a regime would allow consumers to make informed decisions and regain some measure of control over their personal information. This article explores the problems with the current marketplace for our digital data, and explains how we can make a robust notice and choice regime work for consumers.
Law Professor Karen Levy writes about the rise of surveillance in our most intimate activities -- love, sex, romance -- and how it affects those activities.
This article examines the rise of the surveillant paradigm within some of our most intimate relationships and behaviors -- those relating to love, romance, and sexual activity -- and considers what challenges this sort of data collection raises for privacy and the foundations of intimate life.
Data-gathering about intimate behavior was, not long ago, more commonly the purview of state public health authorities, which have routinely gathered personally identifiable information in the course of their efforts to (among other things) fight infectious disease. But new technical capabilities, social norms, and cultural frameworks are beginning to change the nature of intimate monitoring practices. Intimate surveillance is emerging and becoming normalized as primarily an interpersonal phenomenon, one in which all sorts of people engage, for all sorts of reasons. The goal is not top-down management of populations, but establishing knowledge about (and, ostensibly, concomitant control over) one's own intimate relations and activities.
After briefly describing some scope conditions on this inquiry, I survey several types of monitoring technologies used across the "life course" of an intimate relationship -- from dating to sex and romance, from fertility to fidelity, to abuse. I then examine the relationship between data collection, values, and privacy, and close with a few words about the uncertain role of law and policy in the sphere of intimate surveillance.
In the conversation about zero-day vulnerabilities and whether "good" governments should disclose or hoard vulnerabilities, one of the critical variables is independent discovery. That is, if it is unlikely that someone else will independently discover an NSA-discovered vulnerability -- the NSA calls this "NOBUS," for "nobody but us" -- then it is not unreasonable for the NSA to keep that vulnerability secret and use it for attack. If, on the other hand, it is likely that someone else will discover and use it, then they should probably disclose it to the vendor and get it patched.
The likelihood partly depends on whether vulnerabilities are sparse or dense. But that assumes that vulnerability discovery is random. And there's a lot of evidence that it's not.
For example, there's a new new GNU C vulnerability that lay dormant for years and was independently discovered by multiple researchers, all around the same time.
It remains unclear why or how glibc maintainers allowed a bug of this magnitude to be introduced into their code, remain undiscovered for seven years, and then go unfixed for seven months following its report. By Google's account, the bug was independently uncovered by at least two and possibly three separate groups who all worked to have it fixed. It wouldn't be surprising if over the years the vulnerability was uncovered by additional people and possibly exploited against unsuspecting targets.
Similarly, Heartbleed lay dormant for years before it was independently discovered by both Codenomicon and Google.
This is not uncommon. It's almost like there's something in the air that makes a particular vulnerability shallow and easy to discover. This implies that NOBUS is not a useful concept.
Encryption keeps you safe. Encryption protects your financial details and passwords when you bank online. It protects your cell phone conversations from eavesdroppers. If you encrypt your laptop -- and I hope you do -- it protects your data if your computer is stolen. It protects our money and our privacy.
Encryption protects the identity of dissidents all over the world. It's a vital tool to allow journalists to communicate securely with their sources, NG0Os to protect their work in repressive countries, and lawyers to communicate privately with their clients. It protects our vital infrastructure: our communications network, the power grid and everything else. And as we move to the Internet of Things with its cars and thermostats and medical devices, all of which can destroy life and property if hacked and misused, encryption will become even more critical to our security.
Security is more than encryption, of course. But encryption is a critical component of security. You use strong encryption every day, and our Internet-laced world would be a far riskier place if you didn't.
Strong encryption means unbreakable encryption. Any weakness in encryption will be exploited -- by hackers, by criminals and by foreign governments. Many of the hacks that make the news can be attributed to weak or -- even worse -- nonexistent encryption.
The FBI wants the ability to bypass encryption in the course of criminal investigations. This is known as a "backdoor," because it's a way at the encrypted information that bypasses the normal encryption mechanisms. I am sympathetic to such claims, but as a technologist I can tell you that there is no way to give the FBI that capability without weakening the encryption against all adversaries. This is crucial to understand. I can't build an access technology that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality. The technology just doesn't work that way.
If a backdoor exists, then anyone can exploit it. All it takes is knowledge of the backdoor and the capability to exploit it. And while it might temporarily be a secret, it's a fragile secret. Backdoors are how everyone attacks computer systems.
This means that if the FBI can eavesdrop on your conversations or get into your computers without your consent, so can cybercriminals. So can the Chinese. So can terrorists. You might not care if the Chinese government is inside your computer, but lots of dissidents do. As do the many Americans who use computers to administer our critical infrastructure. Backdoors weaken us against all sorts of threats.
Either we build encryption systems to keep everyone secure, or we build them to leave everybody vulnerable.
Even a highly sophisticated backdoor that could only be exploited by nations like the United States and China today will leave us vulnerable to cybercriminals tomorrow. That's just the way technology works: things become easier, cheaper, more widely accessible. Give the FBI the ability to hack into a cell phone today, and tomorrow you'll hear reports that a criminal group used that same ability to hack into our power grid.
The FBI paints this as a trade-off between security and privacy. It's not. It's a trade-off between more security and less security. Our national security needs strong encryption. I wish I could give the good guys the access they want without also giving the bad guys access, but I can't. If the FBI gets its way and forces companies to weaken encryption, all of us -- our data, our networks, our infrastructure, our society -- will be at risk.
This essay previously appeared in the New York Times "Room for Debate" blog. It's something I seem to need to say again and again.
Brian Krebs has a really weird story about the build-in eavesdropping by the Chinese-made Foscam security camera:
Imagine buying an internet-enabled surveillance camera, network attached storage device, or home automation gizmo, only to find that it secretly and constantly phones home to a vast peer-to-peer (P2P) network run by the Chinese manufacturer of the hardware. Now imagine that the geek gear you bought doesn't actually let you block this P2P communication without some serious networking expertise or hardware surgery that few users would attempt.
Interesting research: Michael Kearns, Aaron Roth, Zhiwei Steven Wu, and Grigory Yaroslavtsev, "Private algorithms for the protected in social network search," PNAS, Jan 2016:
Abstract: Motivated by tensions between data privacy for individual citizens and societal priorities such as counterterrorism and the containment of infectious disease, we introduce a computational model that distinguishes between parties for whom privacy is explicitly protected, and those for whom it is not (the targeted subpopulation). The goal is the development of algorithms that can effectively identify and take action upon members of the targeted subpopulation in a way that minimally compromises the privacy of the protected, while simultaneously limiting the expense of distinguishing members of the two groups via costly mechanisms such as surveillance, background checks, or medical testing. Within this framework, we provide provably privacy-preserving algorithms for targeted search in social networks. These algorithms are natural variants of common graph search methods, and ensure privacy for the protected by the careful injection of noise in the prioritization of potential targets. We validate the utility of our algorithms with extensive computational experiments on two large-scale social network datasets.
For the past month or so, Forbes has been blocking browsers with ad blockers. Today, I tried to access a Wired article and the site blocked me for the same reason.
I see this as another battle in this continuing arms race, and hope/expect that the ad blockers will update themselves to fool the ad blocker detectors.
But in a fine example of irony, the Forbes site has been serving malware in its ads.
And it seems that Forbes is inconsistently using its ad blocker blocker. At least, I was able to get to that linked article last week. But then I couldn't get to another article a few days later.
Four researchers have demonstrated a TEMPEST attack against a laptop, recovering its keys by listening to its electrical emanations. The cost for the attack hardware was about $3,000.
News article:
To test the hack, the researchers first sent the target a specific ciphertext -- in other words, an encrypted message.
"During the decryption of the chosen ciphertext, we measure the EM leakage of the target laptop, focusing on a narrow frequency band," the paper reads. The signal is then processed, and "a clean trace is produced which reveals information about the operands used in the elliptic curve cryptography," it continues, which in turn "is used in order to reveal the secret key."
The equipment used included an antenna, amplifiers, a software-defined radio, and a laptop. This process was being carried out through a 15cm thick wall, reinforced with metal studs, according to the paper.
The researchers obtained the secret key after observing 66 decryption processes, each lasting around 0.05 seconds. "This yields a total measurement time of about 3.3 sec," the paper reads. It's important to note that when the researchers say that the secret key was obtained in "seconds," that's the total measurement time, and not necessarily how long it would take for the attack to actually be carried out. A real world attacker would still need to factor in other things, such as the target reliably decrypting the sent ciphertext, because observing that process is naturally required for the attack to be successful.
For half a century this has been a nation-state-level espionage technique. The cost is continually falling.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.