The Doxing Trend

If the director of the CIA can't keep his e-mail secure, what hope do the rest of us have -- for our e-mail or any of our digital information?

None, and that's why the companies that we entrust with our digital lives need to be required to secure it for us, and held accountable when they fail. It's not just a personal or business issue; it's a matter of public safety.

The details of the story are worth repeating. Someone, reportedly a teenager, hacked into CIA Director John O. Brennan's AOL account. He says he did so by posing as a Verizon employee to Verizon to get personal information about Brennan's account, as well as his bank card number and his AOL e-mail address. Then he called AOL and pretended to be Brennan. Armed with the information he got from Verizon, he convinced AOL customer service to reset his password.

The CIA director did nothing wrong. He didn't choose a lousy password. He didn't leave a copy of it lying around. He didn't even send it in e-mail to the wrong person. The security failure, according to this account, was entirely with Verizon and AOL. Yet still Brennan's e-mail was leaked to the press and posted on WikiLeaks.

This kind of attack is not new. In 2012, the Gmail and Twitter accounts of Wired writer Mat Honan were taken over by a hacker who first persuaded Amazon to give him Honan's credit card details, then used that information to hack into his Apple ID account, and finally used that information to get into his Gmail account.

For most of us, our primary e-mail account is the "master key" to every one of our other accounts. If we click on a site's "forgot your password?" link, that site will helpfully e-mail us a special URL that allows us to reset our password. That's how Honan's hacker got into his Twitter account, and presumably Brennan's hacker could have done the same thing to any of Brennan's accounts.

Internet e-mail providers are trying to beef up their authentication systems. Yahoo recently announced it would do away with passwords, instead sending a one-time authentication code to the user's smartphone. Google has long had an optional two-step authentication system that involves sending a one-time code to the user via phone call or SMS.

You might think cell phone authentication would thwart these attacks. Even if a hacker persuaded your e-mail provider to change your password, he wouldn't have your phone and couldn't obtain the one-time code. But there's a way to beat this, too. Indie developer Grant Blakeman's Gmail account was hacked last year, even though he had that extra-secure two-step system turned on. The hackers persuaded his cell phone company to forward his calls to another number, one controlled by the hackers, so they were able to get the necessary one-time code. And from Google, they were able to reset his Instagram password.

Brennan was lucky. He didn't have anything classified on his AOL account. There were no personal scandals exposed in his email. Yes, his 47-page top-secret clearance form was sensitive, but not embarrassing. Honan was less lucky, and lost irreplaceable photographs of his daughter.

Neither of them should have been put through this. None of us should have to worry about this.

The problem is a system that makes this possible, and companies that don't care because they don't suffer the losses. It's a classic market failure, and government intervention is how we have to fix the problem.

It's only when the costs of insecurity exceed the costs of doing it right that companies will invest properly in our security. Companies need to be responsible for the personal information they store about us. They need to secure it better, and they need to suffer penalties if they improperly release it. This means regulatory security standards.

The government should not mandate how a company secures our data; that will move the responsibility to the government and stifle innovation. Instead, government should establish minimum standards for results, and let the market figure out how to do it most effectively. It should allow individuals whose information has been exposed sue for damages. This is a model that has worked in all other aspects of public safety, and it needs to be applied here as well.

We have a role to play in this, too. One of the reasons security measures are so easy to bypass is that we as consumers demand they be easy to use, and easy for us to bypass if we lose or forget our passwords. We need to recognize that good security will be less convenient. Again, regulations mandating this will make it more common, and eventually more acceptable.

Information security is complicated, and hard to get right. I'm an expert in the field, and it's hard for me. It's hard for the director of the CIA. And it's hard for you. Security settings on websites are complicated and confusing. Security products are no different. As long as it's solely the user's responsibility to get right, and solely the user's loss if it goes wrong, we're never going to solve it.

It doesn't have to be this way. We should demand better and more usable security from the companies we do business with and whose services we use online. But because we don't have any real visibility into those companies' security, we should demand our government start regulating the security of these companies as a matter of public safety.

This essay previously appeared on CNN.com.

Posted on October 28, 2015 at 6:24 AM • 73 Comments

Comments

Inside Threat ModelOctober 28, 2015 6:40 AM

With the greatest respect Mr Schneier, Brennan did do something wrong.
He used a personal email account to exfiltrate classified material in violation of good practice and trade craft and this wrongdoing has resulted in significant exposure for his and the Agency.

Inside Threat ModelOctober 28, 2015 6:45 AM

Woops, first time poster is surprised at the lack of edit options.
Edit the above to read:
With the greatest respect Mr Schneier, Brennan did do something wrong.
He used a personal email account to exfiltrate sensitive material in violation of good practice and trade craft and this wrongdoing has resulted in significant exposure for him and the Agency.

mike~ackerOctober 28, 2015 6:55 AM

liability and responsibility need to be assigned to those who have the ability to apply effective control. in terms of the operating software -- which is the necessary starting point -- that will be MSFT or AAPL; if you are you are using open source software then you assume the responsibility.

ever since kevin mitnick communication companies have been scammed by pretenders; some better means of identifying authorized service calls is needed. probably related to work orders as supporting documentation . HB Gary Federal was hacked by pretenders also, as I recall.

if we are going to use cell phones as repositories for our credentials we will need secure operating software such that problems in application programs -- whether intentional or otherwise -- are unable to compromise the phone . phones are not now built for that purpose, rather they are built as information gathering systems -- which they do very effectively . note today's scandal sheet on whatsapp and the ongoing stuff on FB.

how can we convince a system that has been built to compromise information to change course and focus on protecting information ?

not everyone is interested in the data collection stuff; there are parties in the open software area that are focused on information privacy. but interested parties will need to do their own homework -- for now.

and that is exactly what this essay laments as incorrect.

it is incorrect -- unless the industry gets itself honest about its actual activities instead of waiting for researchers to "dig up dirt"

end

WmOctober 28, 2015 6:59 AM

The only real key to keeping oneself secure is to secure yourself. I have forced all my relatives, some kicking and screaming, into encrypting our messages. We use GentleGPG. No excuses to be found with it. Generates its own keys and simple explanation on how to use and exchange keys. Three additional symmetric encryption methods including Bruce's Twofish, as well as GPG symmetric and One Time Pad.

mike~ackerOctober 28, 2015 7:00 AM

the reset password problem

use secure mail for this: recommendation ENIGMAIL and PGP or GnuPG.

if the vendor sends the password reset via secure mail the receiver will not be able to decrypt the message -- unless he has the corresponding secret key and pass phrase

which the user will be able to protect,-- *provided* that he has secure endpoint operating software

and there it is again: *secure endpoint operating software* is the *mandatory* starting point. if you don't start with a secure endpoint operating system not other discussion is meaningful.

mike~ackerOctober 28, 2015 7:09 AM

one of the Big Hurdles to getting general use of PGP/GnuPG is in getting individual Public Keys authenticated

this is a very simple matter,-- technically,--- all we need is for DMVs, Credit Unions, and County Records Offices, and Notary Publics to have the authority to validate person's ID ( they all have to do this now already ) -- end then to sign and upload corresponding Public Keys

once this is done companies can send secure messages to persons with reasonable assurance the message will only be available to the intended recipient

just a little something we need to get done as a part of our shift to digital technology. this should have been done about 15 years ago .

note: we should all swith to EC keys about now. these are supported in GnuPG 2.1 and later .

Nicolas GeorgeOctober 28, 2015 7:16 AM

I think this issue goes beyond the realm of security. For example, if a company overcharges you due to some mistake from them, it may cause your bank account to go to red, other payments to fail, causing all kinds of catastrophes (not receiving phone calls, not being able to buy fuel and missing work, etc.) in cascade.

When companies make mistakes, they should be liable for all the direct and indirect consequences, including the wasted time of calling numerous hotlines to get the problem fixed. That applies to all mistakes, those relating to security included but not only.

(And it needs to be automatic, not require a judicial procedure that would only divert resources towards lawyers. The example of the aunt that had to sue her nephew for a broken wrist to get the insurances to cough up the money is symptomatic.)

parrotOctober 28, 2015 7:18 AM

@Bruce,

The government should not mandate how a company secures our data; that will move the responsibility to the government and stifle innovation. Instead, government should establish minimum standards for results, and let the market figure out how to do it most effectively. It should allow individuals whose information has been exposed sue for damages.

This. If it were up to me, you'd be the winner of the Internet for the day. I'm sad this isn't how we approach all of our problems in society.

This is a model that has worked in all other aspects of public safety, and it needs to be applied here as well.

(My emphasis). This makes me cringe because this isn't my perception at all. Maybe it's just that what I hear in political rhetoric is all about setting controls on behavior and laws about victimless crimes. For instance, there are code violations on properties rather than empowering individuals to recover damages in court. What if I have solar panels on my house so I don't need to be on the power grid, but the city condemns and seizes my house for not being powered which is against code?

mrs_helmOctober 28, 2015 7:29 AM

Agree with ITM. While providers do need to provide better security for end users, that topic is a distraction from the real issue here. Brennan did something very wrong, for which he should be fired at the very least. I am a long time reader of yours, but I also work for a defense contractor, work as an email admin, and as an Info Assurance Officer. Our military personnel, and the contractors who work with them, sign agreements that they will not use personal systems to conduct business. Many commercial businesses have the same rule. Millions of ordinary people follow these rules every day...even when it is inconvenient... Even when it means using a corporate-supplied phone, or carrying two phones or even two separate laptops.

Our leaders need to be held accountable when they break the rules that we are ALL required to follow. They need to have the same consequences. This is especially true when those rules are for the security of our country. It doesn't matter what content was found... It matters that he seemed himself above following the rules when, if anything, the rules are most definitely more important for those with access to more important information.

scruffyOctober 28, 2015 8:41 AM

I would not put much faith in governments because they tend to give priority to surveillance over our security and privacy.

An alternate approach is to have a respected organization (ACM, IEEE, EFF?) provide security/privacy ratings of software and web services.

paulOctober 28, 2015 8:41 AM

As Nicholas George points out, this kind of risk-shifting is pervasive, and even with an ostensible right of private action most people have neither the money nor the time to pursue redress. Sure, there are class actions (when judges are willing to certify them), but those so often end up settling to the benefit of lawyers and few others.

I wonder what a system would be like with defaults set the other way: a bank or other large data holder screws up, and anyone who is a verified customer at the time gets an automatic compensation award of, say $10,000, and a fine of similar amount. If the company thinks it shouldn't be liable for that much, it can go to court, post a bond and petition to have the award and fine reduced, with automatic payment of the other side's legal fees unless the award is reduced by more than 90%. (Pick your own numbers if you don't like these.) Because documenting every last minute spent as the result of a security breach -- and assigning it unambiguously to a particular breach -- could eat most of an average person's working day (which would then have to be meticulously documented in turn).

65535October 28, 2015 9:10 AM

“If …[the head of] the CIA can't keep his e-mail secure, what hope do the rest of us have -- for our e-mail or any of our digital information? None… that's why the companies that we entrust with our digital lives need to be required to secure it for us, and held accountable when they fail.” -Bruce S.

https://www.schneier.com/blog/archives/2015/10/the_doxing_tren.html

You can toss “accountability” out the window with CISA [Big Data Companies are basically immune from lawsuits].

As it stands, Big Data Corporation’s just have to share customer’s data with the Government and they are shielded for liability thanks to CISA.

It’s double loss for consumers and privacy advocates – if I am reading the bill correctly Big Data is legally not Responsible [or Accountable] and can freely traffic in customer’s data to boot – to add insult to injuy.

[CISA Text #2 section 106(a)]:

“SEC. 106. Protection from liability [For Big Companies].

“(a) Monitoring of information systems. —No cause of action shall lie or be maintained in any court against any private entity, and such action shall be promptly dismissed, for the monitoring of information systems and information under section 104(a) that is conducted in accordance with this title.
“(b) Sharing or receipt of cyber threat indicators.—No cause of action shall lie or be maintained in any court against any entity, and such action shall be promptly dismissed, for the sharing or receipt of cyber threat indicators or defensive measures under section 104(c) if—
“(1) such sharing or receipt is conducted in accordance with this title; and
“(2) in a case in which a cyber threat indicator or defensive measure is shared with the Federal Government, the cyber threat indicator or defensive measure is shared in a manner that is consistent with section 105(c)(1)(B) and the sharing or receipt, as the case may be, occurs after the earlier of—
“(A) the date on which the interim policies and procedures are submitted to Congress under section 105(a)(1) and guidelines are submitted to Congress under section 105(b)(1); or
“(B) the date that is 60 days after the date of the enactment of this Act.”

See:

https://www.congress.gov/bill/114th-congress/senate-bill/754/text#toc-idc6842ed051194cfda77e2d250867c1f7

or see sec. 106(a)

https://www.congress.gov/bill/114th-congress/senate-bill/754/text

[EFF]:

‘EFF Disappointed as CISA Passes Senate'

“CISA passed the Senate today in a 74-21 vote. The bill is fundamentally flawed due to its broad immunity clauses, vague definitions, and aggressive spying authorities. The bill now moves to a conference committee despite its inability to address problems that caused recent highly publicized computer data breaches, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links." EFF

https://www.eff.org/deeplinks/2015/10/eff-disappointed-cisa-passes-senate

[Excuse the formatting of the bill. Adding carriage returns and tabs would inflate this post]

EricOctober 28, 2015 9:13 AM

I agree that companies should be held responsible for this type of thing, but consumers need to use a little common sense as well. If they give their stuff to a third party to store, they should consider the risks and trust involved. Nobody deserves to have their privacy compromised or their data deleted, but they should at least take some ownership over protecting it.

There are many things that I do that are good practices that can help prevent these situations. I use a separate email address for my important account resets. I use 2fa everywhere possible. I don't allow remote deletion. I keep encrypted local backups of everything. I don't send personal information in unencrypted emails. It sometimes even means forgoing convenient features. Of course I'm still at risk, but these decisions have significantly reduced my vulnerability.

Yes, some of this stuff may not be intuitive to the average user, but I'd argue that it's irresponsible to use such dangerous technology beyond the limits of understanding. Few would argue that people should drive cars without training. Convenience isn't a counter-argument in this case. So why do so many people use convenience as a counter-argument when they ask me to send my passport or birth certificate via plaintext email (this is really common here in France)?

PhilipOctober 28, 2015 9:13 AM

Wouldn't Steve Gibson's SQRL essentially wipe out any need for passwords and thusly, any need for password resets? Adoption is the only thing required

Grc.com/sqrl/sqrl.htm

HankOctober 28, 2015 9:29 AM

@ 65535
"As it stands, Big Data Corporation’s just have to share customer’s data with the Government and they are shielded for liability thanks to CISA."

Like a well-rehersed play, the course of action has been flung. Don't expect it to end here either. Hope you're better prepared when the next shoe drops.

wumpusOctober 28, 2015 9:33 AM

[...[goverment] mandates standards, market responds...]

"This is a model that has worked in all other aspects of public safety, and it needs to be applied here as well."

Isn't this how we get VW TDI software? Government mandates x, market demands reporting increased quarterly profits. Corporations do whatever is easiest to report increased quarterly profits (increasing safety is likely least easiest/fashionable).

It works even less well for security. For this type of thing, burying your head in the sand is a remarkably effective means of denying failure. As long as you can reasonably claim that you didn't lose the data, who can argue (of course, here we can trust the hacker far more than verizon and aol)? Given that US corporations were just given a blank check to hand all their data over to HSA, they can now pass the buck of security over and claim that HSA lost the data.

blakeOctober 28, 2015 9:41 AM

@Nicholas George

> When companies make mistakes, they should be liable for all the direct and indirect consequences

Liable for all *indirect* consequences? Yeah, there's no way that would end up open to abuse, even if it could be well defined.

@Philip

> Wouldn't (measure) essentially wipe out any need for passwords and thusly, any need for password resets? Adoption is the only thing required

Bill and Ted's moral code ("be excellent to each other!") would wipe out any need for any security at all. Adoption is the only thing required.

Adoption can be the *hardest* thing, especially across countries, cultures and timezones.

parrotOctober 28, 2015 9:46 AM

@wumpus

The government could make laws such that civil suits are very much in favor of the plaintiffs. They might only have to demonstrate that their PII was breached. Then the defendant--the custodian of their PII--has to prove that they didn't loose it, or otherwise pay the plaintiff damages.

The market resets around solutions like auditing or end-to-end cryptography to avoid the enormous amounts of law suits that happen. The custodian could then say "Here are all our logs and we can show they're complete," or "We may have disclosed the ciphertext, but it is inaccessible to the public because its encrypted and we don't own the key."

However, I agree that lukewarm feel-good reforms that make the government look like they're doing something for the individual but in reality allow parties to push blame around is worthless.

ChrisOctober 28, 2015 10:13 AM

>It's a classic market failure, and government intervention is how we have to fix the problem.

Great article up until this line. If the supposed solution is government mandating minimum standards and results, then that supposes that companies are capable of fixing the problem. If a company is capable of fixing the problem, then there's really nothing stopping a company from doing exactly that right now, without government help. I suspect the real problem is such a solution would be burdensome or onerous to the end user, and people would rather live with the risk than switch to that solution.

We're not all CIA directors. Not all of us have personal files that would end up on wikileaks.

wiredogOctober 28, 2015 10:38 AM

The reason his sf-86 was in his email account was probably that he used e-QIP to do his SF-86, and then emailed himself a copy, using AOL as "cloud" storage. Which many of us do. I did the e-QIP from home, over a weekend, and saved several copies. Plus the one in China.

"Honan was less lucky, and lost irreplaceable photographs of his daughter."
Why didn't he have the irreplaceable pictures on local storage at home? Every time someone I know loses data because they fat-fingered something interacting with the cloud, or even on their hard drive, I ask about backups. My backup is, first, Time Machine (Apple only, and why hasn't it been cloned for Windows and Linux yet?), then a second hard drive on my desk that I use SilverKeeper to back up to weekly, and a third drive (two, actually, rotated) in the safe deposit box at the bank backed up to every month or so.

LeftyAceOctober 28, 2015 11:20 AM

@wiredog

Read the article on Honan. The attacker impersonated him to gain access to his apple accounts, and used that access to remotely wipe Honan's laptop (using a feature meant for data destruction if your laptop gets stolen).

Honan was an idiot regarding data safety and had no backups (which he readily admits in the article).

Anura-October 28, 2015 11:50 AM

@Philip

No, the problem is not passwords, it's identity verification. What we need is a way to be able to prove our identity online. This is more than just for getting passwords reset, but also signing up for credit cards, banking, etc. Without some standardized, secure way to prove our identity, then we are prone to identity attacks and impersonation with tech support reps who are concerned with getting you off the phone as quickly as possible.

DanielOctober 28, 2015 11:56 AM

This is an unfortunate article Bruce because a person can agree with your definition of the problem but not with your solution.

The problem with suing for damages is it assumes that damages can be adequate recompense for the harm. In some cases that way be true but not in many cases. A good example of this is medical information. Imagine that a person has AIDS and the medical database gets hacked and dumped. How does one put a value on that violation? The whole idea of damages is restitution and the whole point of restitution is to make a person whole. But how can a person whose privacy has been violated be made whole again? Once the data is public knowledge, it's public knowledge--there is no going back, there is no wholeness possible.

So it seems to me that to start to address this reality we need to have government intervention that severely limits what type of data can be collected and how long the data can be held. Without that, the rest is meaningless.

nohaircareploxOctober 28, 2015 12:13 PM

Just relax, become a clown and let whatever skills (except playing a fool) which you may have go to waste. Rich people suit themselves, they had it coming for doing such stupid things as to build surveillance when they should have figured out the social implications of it for the individuals whose skills they may need.

AJWMOctober 28, 2015 12:17 PM

This is why my primary email server is hosted on a server behind a firewall in my basement, and only port 25 is open to the outside world. (Inconvenient at times, sure.) I assume that anything hosted anywhere else is visible to everybody and his dog. (I also assume that if the NSA were interested, they could intercept my feed from my ISP. Others could, theoretically, do that too, but it's likely that keeping that ability secret would outweigh anything to be gained by spilling my personal info or hijacking my accounts elsewhere.)

It's also why I won't use an ISP who won't let me host an email server in my basement (not for spam - I receive far more email (mostly junk) than I send).

Not that I have anything in particular to hide, I just hate having to clean up after other people's stupidity/mistakes.

worriedmonitorOctober 28, 2015 12:22 PM

Dear mr. Hairy, the idea is to use the info for socially pressure you to get good and follow the rules. If you are not susceptible to that kind of social pressure then you will be useless to the rich guys anyways as if there is no way to steer your skills and talents, then they can't trust you to not ruin them.

Jack SparrowOctober 28, 2015 12:33 PM

On doxing, in general, just made a sort of related response to that... in regards to it as a trend we are seeing these days: https://www.schneier.com/blog/archives/2015/10/the_need_for_tr.html#c6709296

Doxing is certainly not going away, anymore then the trend we are seeing evolve in information and society will be reducing. It is evolving. It is becoming stronger.

It is, however, related to an enormous shift in society, in general. And it spans everything from how we share and relate information in the sciences and arts, to how we socialize. We socialize globally. We also convict globally and nationally.

An excellent article actually on this, by an unusual, but entertaining source:
http://www.cracked.com/blog/5-destructive-sides-celebrity-culture-no-one-talks-about/

Of course, these trends are pivotal to the overal change in how society is managed and formed, and how it operates. And the discussions there range from the arcane to the lightest.

In terms of security, it is very important to note that both politics and justice, however, are being radically transformed. This runs the gamut from seeing - as that cracked article well points out - the waves of "outrage" on minor misstatements made by nobodies... to such critical issues as the leaks of Edward Snowden and the ensuing investigations.

Secrets, that whispered in secret, is increasingly being shouted from the rooftops.

In the case of Brennan, it is not that he had any shameful secrets hidden shouted from the rooftops necessarily in terms of *content*, but in terms of the "medium is the message". What is shameful is his SF86 form from years ago was remaining in his AOL account. That is very shameful especially in light that SF86 forms were the very forms taken in the numbers of 22+ million in the extremely shameful OPM hack.

Unlike Patraeus, there was no shameful affair exposed. Unlike many hacks, the flaw was not in his password or secret questions. Not even necessarily in his usage of AOL per se. Unlike Clinton, his SF86 form was not entirely improper to be there, nor even a draft paper he was composing.

But he certainly should have cleared out the contents of his home email account. And he certainly has done and did do very little in regards to the enormous mistake of the OPM hack. Which certainly does involve and should involve all leaders in intelligence. CIA included, even though it is noted their undercover were not in that database, they certainly had many who were that work for them.

The hack also continued to raise the ire of really one of the true governmental scandals of the past few years, at the very least. One which we do not see extensive, meaningful committees called over, nor do we see extensive meaningful action taken.

For any nation to lose such an enormous trove of data is deeply shameful. For the US who is taking on a leadership role in intelligence is especially most shameful.

How can the US continue to or even maintain attempting such feats, with such an immense failure? Losing the clearance forms of all Americans for so many years? And was that all which happened? Were not forms added in there? If the hackers could take the data, could no one have been adding data?

The entire clearance and so secret system of much of the US has been compromised.

And, so that shame is very much raised again by this hack.


Clive RobinsonOctober 28, 2015 12:34 PM

@ Bruce,

The problem is a system that makes this possible, and companies that don't care because they don't suffer the losses.

The problem starts as with all defence spending "You get what you pay for".

When you pay little or nothing, you are not earning the company any kind of income, thus they want to minimise any impact you have on them in the way of costs, hence the "Three security questions" and "email password to a nominated account", they are automatic and have minimal cost.

More security involves more expense which does not generate direct profit. So any increase in security could in fact end up costing more than all the companies other revenue streams.

This is because it is a "free market" that has, as all free markets tend to do when not regulated, entered into that downward spiral of a "race to the bottom". Where profit is derived more from being cheaper than the opposition rather than offering inovation value to attract customers.

Thus as we have seen we are nolonger customers but product as far as the companies are concerned. However there are now to few alternative revenue streams for the number of companies selling us as product. Thus we have entered the "sharks and minnows in a shrinking pool" stage, where large companies have to swallow their competitors to remain in existance rather than use inovation to pull ahead of them.

The latest entrant in this is MicroSoft with Win 10, which as far as we can tell tries to ET every keypress and mouse click the user makes along with information about what application the user has done it in. In effect Microsoft has "shimed" it's own operating system to commoditize every "free Win 10" user.

Thus as noted by an earlier commenter there is in effect "no end point security" for the common user.

The alternative OS option is due to many compatability issues not an option for most users. Likewise the development of your own bespoke applications.

But even if it were information that has come forward about the underlying Intel hardware indicates, that it is riddled with problems that would make getting the bespoke applications relatively trivial for those who wished to do so.

Thus the new reality appears to be that the masses are now owned as a commodity. And those that through their own abilities are not, are in effect so few in number and raised so far above the parapet as to be easy targets to find.

That is we are now well beyond the tipping point where legislation would help the masses, by forcing inovation to be the major profit source.

In fact it raises the possibility that things have been allowed to spiral to the bottom so fast that any kind of regulation would cause the existing infrastructure to implode.

Who?October 28, 2015 1:02 PM

I feel reasonably secure with my OpenBSD's based OpenSMTPD mail server and PGP. Not perfect, but much better than large corporations ones.

On the blog entry itself:

Someone, reportedly a teenager, hacked into CIA Director John O. Brennan's AOL account. He says he did so by posing as a Verizon employee to Verizon to get personal information about Brennan's account, as well as his bank card number and his AOL e-mail address. Then he called AOL and pretended to be Brennan. Armed with the information he got from Verizon, he convinced AOL customer service to reset his password.

So... a teenager poses as a Verizon employee to get information about the director of the CIA and gets not only this information but his bank card number too? Is this information freely shared between Verizon employees? He poses then as Brennan himself and convince AOL to reset his password? Does a teenager pose as the CIA director and he is believed? Really?

This is not social engineering, it is social foolishness engineering.

name.withheld.for.obvious.reasonsOctober 28, 2015 1:12 PM

@ Clive Robinson
You seem to be getting closer to the truth than you know. We must be on a collision course, your tenor and outlook have changed as of late. For myself and this "new" reality I have moved, further from the feudal caste system that has taken hold. It is a caste system with a granularity of one...

My answer, the "Disappearing Economy". I have all but ceased to exist on paper, electronic storage, or any other form of "Mad Hatter" ecosystem. How will the queen move when all her subjects are gone, red and black will fail to be meaningful.

Since our institutions, intelligentsia, press, and public have all failed us. I don't see any clear answers to the problems that are certain to greet us in the not too distant future.

Hate to sound so grim; the number of positive things that could keep someone such as myself in the game, so to speak, are not near or on the horizon.

worriedautistOctober 28, 2015 1:17 PM

Maybe privacy is not dead. Maybe shame is. Then what weapon would surveillance be if more and more people are immune to it like autists or sociopaths? What will be the drives to work and do good in such a society? There wouldn't be any. We would need armies of behavioural scientists and psychologists to get anywhere.

Sancho_POctober 28, 2015 1:41 PM

(1)
”The CIA director did nothing wrong.”
@Bruce, are you kidding?
Otherwise it would be a straight lie to please that incompetent + artless old man.
To clarify: The CIA director did nothing wrong regarding his password only.

”It's hard for the director of the CIA.”
Absolutely not. Even before Snowden at least middle management at the CIA should have avoided to mix private and business life and accounts.
Ever heard about VPN access to business email?

(2)
I understand the audience for that article.
But to ignore that gov IT professionals didn’t realize official and sensitive mail accounts sending also attachments to an unprotected mail host, in the clear, is also a significant negligence [1].

There has to be a protection of privacy, also for official gov (or company) accounts, but I can’t accept such a carelessness at the White House.

Ten years ago, briefly working in a multinational company, I had to sign monthly reports from ITSEC with my department’s top 100 “suspicious” connections, including timeframe, volume and email counts (not content, just metadata).
So I learned about an unexpected connection to a competitor and, btw, first time heard about youporn.
However, I think at that time it was merely meant to identify idlers.

@mrs_helm

Thanks for mentioning, brings back my hope for some reasonable conduct.

[1]
The whole story will vanish without any reasonable effect because nearly everybody falls for that damned SF-86 eye candy.
He, that stupid guy, lost it - on his own, no problem. OPM lost more.
Looking the other way nobody will learn from the past.

rgaffOctober 28, 2015 2:03 PM

"companies that don't care because they don't suffer the losses... government intervention is how we have to fix the problem."

Right... except this can't EVER happen as long as GREATLY OVERWHELMING MAJORITY of all government legislators' solutions to such problems is utter garbage like CISA!

JesseOctober 28, 2015 2:07 PM

@Wm

So what's so special about GentleGPG that isn't already a feature in GPG4usb?

Neither require you to install dependencies

It's not hard to create a new key in GPG4usb, though it allows you to *password protect* your key, which I'm not seeing in Gentle.

Gentle has this "send/retrieve" drag and drop feature. Um.. most OS let you select text and then just drag it anywhere you like anyway, and everyone I know (even the newbs) understand how copy and paste work. Like, even on their *smartphones*. I do not see that this send/retrieve hookum is even half a percent simpler to understand or to do than constant copy/pasting.

VetchOctober 28, 2015 2:07 PM

@worriedautist
Are you implying autistic people have no sense of shame, or am I misunderstanding you?

worriedautistOctober 28, 2015 2:33 PM

I am no psychologist, so I can't tell what would be the correct label to put on them under the current paradigm. But there exist many highly skilled people without a sense of shame.

Lex SpoonOctober 28, 2015 3:07 PM

Bruce, what do you think Google should do differently, given the extra pressure from the American government that you envisage?

From what you describe, they strike me as already doing things to the highest possible standard. It was the phone company that fell through in letting the SMS message get intercepted.

AnonOctober 28, 2015 3:22 PM

Is this article a joke?

"If the director of the CIA can't keep his e-mail secure, what hope do the rest of us have -- for our e-mail or any of our digital information? None, and that's why the companies that we entrust with our digital lives need to be required to secure it for us, and held accountable when they fail."

Are you seriously suggesting that cleartext email sent to and received from an AOL account is expected to be "secure"? How does Bruce Schneier not know how email works?

AnuraOctober 28, 2015 3:30 PM

@Anon

All your online accounts are ultimately tied to your email. Getting ahold of that account allows anyone to get access to your banking details, credit card details, social media accounts, etc.

AnonOctober 28, 2015 3:36 PM

@Anura

News flash: The vast majority of email is sent either unencrypted or only opportunistically encrypted. No one has to "hack" into your email account to read your emails for the same reason that no one has to break into your physical mailbox to read the postcards you send and receive.

AnuraOctober 28, 2015 3:56 PM

@Anon

It's not that simple. As it turns out, unencrypted does not actually mean publicly accessible by all. Most webmail interfaces are encrypted. Breaching major mail providers is a major effort, and potentially very risky. Eavesdropping on communications between mail exchange servers is also a pretty major effort. This is why the main routes of attacks these days are social engineering.

Dr. I. Needtob AtheOctober 28, 2015 4:07 PM

I wonder if that teenager saw Jaws and remembered these lines:

Mayor Vaughn: I don't think either of one you are familiar with our problems.

Hooper: I think that I am familiar with the fact that you are going to ignore this particular problem until it swims up and BITES YOU ON THE ASS!

If so, that may have been what inspired him to bite Mr. Brennan in the ass.

Read it againOctober 28, 2015 4:21 PM

@Anon

You can rest assured that Bruce will understand how email works far better than the majority of people out there. He was making a general point about the insecurity of online accounts.

As for your comments regarding opportunistic encryption vs. unencrypted messages I'd point out two things: there are such things as encrypted emails (which I'm sure you know) but in this case the Director had UPLOADED the email into his account - presumably as a draft; i.e. he was using his email account like a cloud drive.

Therefore the merits of encrypted emails are a red herring; they have nothing to do with the case in point as nothing was being externally emailed. Here Bruce was pointing out that an AOL account isn't a very secure choice and, secondly, if it had been secured with 2FA or similar I doubt we'd be hearing about this!

An alternativeOctober 28, 2015 4:29 PM

Is this not a classic example of a security vs convenience trade-off? If employees of said service provider have access to reset his password, then that is convenient but insecure. If they do not, then that is inconvenient if you forget the password but more secure.

Personally I do not see any problem with letting the free market figure this problem out for itself, as companies who cannot provide security are simply shunned by users.

blakeOctober 28, 2015 4:58 PM

@Daniel

> The problem with suing for damages is it assumes that damages can be adequate recompense for the harm.

Not really. Big settlements are only *partly* about making up for the harm done by leaking your data, that's just from the perspective of the person who's data was leaked.

From the other perspective - that of the companies collecting & holding the private data - the possibility of a big fee is a material financial risk which makes security investments worthwhile and (hopefully) *prevents* a leak in the first place.


It's not just about making up for the leaks afterwards, it's also about preventing them. It's not that money will always be able to make up for the inconvenience, it's that the only thing a company will care about is their bottom line, so that's where they have to be engaged.

AnuraOctober 28, 2015 5:07 PM

@An Alternative

"as companies who cannot provide security are simply shunned by users."

That doesn't work very well in practice. With some exceptions (e.g. Ashley Madison), most companies that have breaches do just fine afterwards; Target was a very high profile breach, for example, but it didn't have a major effect on sales. This all, of course, assumes you hear about the breach. Sign up for a service, it gets breached, and the company either doesn't detect or doesn't report it, and all you know is that your credit card was stolen.

BoppingAroundOctober 28, 2015 5:15 PM

name.withheld,
What kind of economy is that? The kind J.J. Luna [A] talks about?

-------------------------------------------

[A] He is an author of some privacy books, one of them is called exactly How To
Disappear.

Nick POctober 28, 2015 6:09 PM

@ BoppingAround

JJ Luna is a good start. The Big Book of Hiding Places and car modifications are another. The reason is the civil forfeiture laws that agencies use to seize people's money without evidence of a crime. Anyone doing everything cash-based is at risk of this. Hence, that many keep using pre-paid cards and for different things. Of course, that comes with some tracking risk and lots of fees. Best to just live in a country without mass surveillance or at least civil forfeiture.

SlacksOctober 28, 2015 6:39 PM

@ Who?
"So... a teenager poses as a Verizon employee to get information about the director of the CIA and gets not only this information but his bank card number too?"

We only had to imagine what a real Verizon employee can do... ;)

tyrOctober 28, 2015 6:44 PM


This points up what Eben Moglen said in Snowden and
the future.

We have laws on the books that cover liabilities when
others are entrusted with your property. Just because
it is some mythical entity called cyberspace has made
the responsible decide they don't have to abide by
those laws through some sophisticated obfuscations.
What is needed is a few judges who will nail those
who evade their responsibility and explain that it is
not a valid excuse for evasions. For all the cant you
hear about property and copyright the ISPs and Net
has a remarkably cavalier attitude about your material
and claims the ability to steal your property with
impunity. Change that and you change the whole game.
Placing your email on the Net with a big steal me
sign on it isn't the way to do responsible business.
Deciding it belongs to them because you store it
with them is equally invalid. If pproperty is to be
sacred,then let it be sacred for everybody.

Google can fix its problems by using a new motto
Stop being Evil.

Alex S.October 28, 2015 7:09 PM

@ tyr,
"Google can fix its problems by using a new motto
Stop being Evil."

it's in the eula...

Sancho_POctober 28, 2015 7:30 PM


@Slacks

”what a real Verizon employee can do... ”

No problem, I guess most are outsourced.

Harry JohnstonOctober 28, 2015 7:35 PM

It should allow individuals whose information has been exposed sue for damages. This is a model that has worked in all other aspects of public safety, and it needs to be applied here as well.

Really?

REFLECTIONS FROM THE HALFWAY POINT

As far as I can tell, a lot of it is the medical equivalent of security theater. [...] Sending these people to a psychiatric hospital makes [it look like] we’re Making A Difference. There is no way we could leave this equilibrium now even if we wanted to, because if we didn’t keep these people for a week and they ever attempted suicide again, we would get sued to oblivion.

LIST OF PASSAGES I HIGHLIGHTED IN MY COPY OF “MACHINERY OF FREEDOM”

In other words, people kept winning so much money by suing the makers of pertussis vaccines that all of them except one just gave up and went out of business, and the only way the government saved that last one was by promising that the public purse would pay all of its losses. [...] This is not an isolated incident. The way malpractice works these days is that patients sue for things that are completely medically impossible, the malpractice insurances know that juries are too dumb to realize this, and they settle for more money than you will ever make honestly in your life.

NEFARIOUS NEFAZODONE AND FLASHY RARE SIDE EFFECTS

And the same facet of nefazodone that makes it exciting for the media makes it exciting for lawsuits. When someone dies of nefazodone toxicity, everyone knows. When someone dies of Seroquel, “oh, so sad, I guess his time has come”. That makes Seroquel a lot safer than nefazodone. Safer for the doctor, I mean. The important kind of safer.

E is for ErgonomicsOctober 29, 2015 1:28 AM

@ name.withheld.for.
"name.withheld.for.obvious.reasons • October 28, 2015 1:12 PM
@ Clive Robinson
You seem to be getting closer to the truth than you know. We must be on a collision course, your tenor and outlook have changed as of late. For myself and this "new" reality I have moved, further from the feudal caste system that has taken hold. It is a caste system with a granularity of one..."

Depends on the caste and the system, says the pen writer. There's the stage and the back stage, with granularity. When the curtain drops, what evil lurks in the hearts of men...

A disappearing economy that works off the same base unit, one in the same caste...

No Such AgencyOctober 29, 2015 3:19 AM

Whilst certain information must be revealed in certain contexts in order for certain services to be accessed (e.g. credit card data to buy things, e-mail address to receive order information), a simpler way to protect private/confidential information is to not supply it in the first place.

If people just decide that some company on the internet is trustworthy because they have a nice website, put all their personal data on that service, then complain later that their life was ruined because a hacker stole it all and posted it publicly, well IMHO those people don't have much to complain about; if they didn't accept the risk that it might happen at all, then they shouldn't have put their information in that position to begin with.

On the flip-side, if a company is going to offer to store any data at all, then they should be required to do it properly from the beginning.

Until people stop just putting everything online and assuming it will all be OK, it will be very difficult to improve this situation.

JdLOctober 29, 2015 9:14 AM

The problem is a system that makes this possible, and companies that don't care because they don't suffer the losses. It's a classic market failure, and government intervention is how we have to fix the problem.

Companies do suffer losses when they fail to satisfy potential buyers. Governments have no incentive to fix anything.

BoppingAroundOctober 29, 2015 10:26 AM

Nick P,
I have read that book [A] already actually. The BBoHP is on my pending
list. The main problem is, well, I don't live in US. So I will have to make some
extra effort and figure out what applies for the place I live, what doesn't,
what is different, what are some local quirks etc. Sadly no one writes privacy survival books here.

------------------------------------------------

[A] How To Disappear.

DanielOctober 29, 2015 12:58 PM

@blake

I hate it when people say they disagree with me and then go on to reaffrim my point.

The difference between you and me aren't the facts, the difference is that you think the system actually does and can do what it claims to do and I don't.

I don't give one single iota about the company's bottom line. I care about my privacy. The fact that the company is hurt in any degree is meaningless to any cogent analysis of MY privacy. It's irrelevant to me whether money damages prevent a future harm to another individual...money damages didn't prevent MY harm and they cannot compensate me for MY harm.

That's MY point.

renmihcsOctober 29, 2015 6:49 PM

"We need to recognize that good security will be less convenient."

At least for now, yes. Good line - thanks for the post Bruce.

ianfOctober 30, 2015 3:04 AM


@ BoppingAround, Nick P

J.J. Luna is an author of some privacy books, one of them is called exactly How To Disappear.

He is not, no such book is known to Google Ours That Art in Mountain View, Cafifornia. Be precise, ladies. Or are you talking of some earlier edition of what now is called (a title obviously compiled by an editor, if not by a marketing robot) “How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life?”

JJ Luna is a good start. The Big Book of Hiding Places and car modifications are another. The reason is the civil forfeiture laws that agencies use to seize people's money without evidence of a crime. […] Best to just live in a country without mass surveillance or at least civil forfeiture.

For that next to last Norway's inland seems ideal, as outside railway lines there's hardly any mobile coverage. Of course, it's a bit windy, hilly, and in summer overflowing with Israeli tourists in thrall of the fjords (beats me why, as if they didn't have refrigerators in Tel-aviv). Unless you are in the Made In China Keepsake Reindeer trade, you don't want to live anywhere near by when the Hurtigruten ferry heaves to.

Regarding the barbarian US "civil forfeiture laws," the only country in Europe that I read employs these (and then after a lengthy legal process) is the maffia-infested Italy, and court-empowered bailiffs everywhere else that are able to repossess property in arrears. By and large, however, it is mainly the tax authorities that, if they take a shine to your business & suspect you of fiddling the accounts, can put the assets in escrow until they've been legally resolved years later. Miscarriages of justice happen, I don't keep a tally, but they're not unheard of. The mitigating factor is that the taxmen usually target whole trade sectors: hair cutting salons one year, auto repair shops the next, now and then some high-level telecoms or web-advertising de-facto fraudsters. Ordinary people have little to fear from them as long as they file their yearly, and unremarkable tax returns (which here can now be done online, or even over an automagic response phone. [2 factor authenticated].)


BoppingAround […] “I will have to make some extra effort and figure out what applies for the place I live, what doesn't, what is different, what are some local quirks etc. Sadly no one writes privacy survival books here.

I'm not sure what kind of a survival/ disappearance you are talking about here. Fine, this is a public forum, so you don't want to advertise your intent. But give us a hint: are you talking of going under the radar of social media; out of sight of your nearest and formerly dearest; military duty-, traffic offenses-, or tax avoidance? Clearly, no two disappearance scenarios will be the same, and even if you had such a "How to…" book, you'd have to figure out key parts of the process THAT IS APPLICABLE TO YOU ALONE by yourself anyway.

Watch “The Next Three Days” not for clues to your imaginary future non-violent self-removal from society, but as an overview of what it may take to disappear a whole family from US jurisdiction (it's a movie, not a primer).

One of Jerzy Kosinski's books, Cockpit, or The Blind Date, centers around an unspecified secret agent hiding from his former paymasters in plain view. No usable info above the philosophical, but some tradecraft and a good read anyway.

Research missing people on the Internet, read up the M.O. of their disappearance. Keep an eye out especially for estranged siblings, or mothers abandoning children.

20-odd years ago I wrote an article about a missing person of my peripheral acquaintance. It was intended as a followup mainly, he's been missing for several years prior to that, and there were no traces to or clues of any violent outcomes. The text grew into a longer feature on people who for various reasons elected to leave everything behind to start a new life somewhere else unchained by family dependencies (may not have been this in his case). I learned a great deal on what's involved from the police investigator (who hoped I could bring something new to her cold case), but of course as it happened in mid 80s, well before the Internet, it was much easier to disappear then. But there are several dimensions of any such voluntary removal, that are of general nature:

• develop portable skills

• savings to tide you over until established in a new place

• ability to assume some new identity (increasingly hard these days, unless one goes the route of "buy a bona-fide passport valid for X years" off someone looky-like badly needing the cash, then never set foot in that country while staying clear of police checks—that includes driving cars, cycling's OK; repeat the cycle[sic!] after the passport expires)

• stay clear of the media, even the man-in-the-background street TV uptakes

• do not overexpose yourself in social media, do not reuse old favorite signature expressions – or you will be found in Google (as we're creatures of habit, this may be the hardest of all). I never saw AltaVista coming, and can uncover myself in this fashion from times well before that.

Give us a think as to the nature of your hinting, and I may have more to contribute… I never wrote that novel about going dark for unclear reasons ;-))

sitaramOctober 30, 2015 7:50 AM

As far as I remember, Honan lost the photos because Apple decided that when a user deletes the online copies of any files, it should helpfully reach out to the *local* disk and delete the local files also.

Anyone who uses a service like that deserves what happens.

BoppingAroundOctober 30, 2015 10:35 AM

ianf,
Whoops! Blimey. You are right — it's Ahearn's book that's called How To
Disappear. Interesting material too.

re: privacy 'survival'

I mean preservation. There is no criminal intent behind it (yet), I just wish to
remove as much uninvited attention as I can. As for the books, I mostly
research them out of curiosity. There's no need for me to actually disappear but who knows what the future holds?

In the Shadow ofOctober 30, 2015 12:29 PM

@No Such Agency

a simpler way to protect private/confidential information is to not supply it in the first place.
.. snipped ..
they shouldn't have put their information in that position to begin with.
.. snipped ..
Until people stop just putting everything online and assuming it will all be OK, it will be very difficult to improve this situation.

Thank you!

More people should be pushing this angle for security.

Some said it above, as well, but he certainly did make a mistake: he left that form in his email box. Yes, it is super convenient to archive everything. But, do not. Flush it all and regularly.

If you can say nothing online that is confidential for you.

Say nothing anywhere, for that matter, not writing it down even with a pen and paper or telling your spouse or very best friend.

Do use encryption, but do not fool your self. There is no golden gun or silver bullet. Use encryption and high security everywhere, yet still put in there nothing confidential.

Divide between useless data and important data, to be sure.

And sometimes you will have to share confidential data.

But be aware the only one hundred percent assurance for a secret to be kept is if no one else knows it.

Even if you have never been under 24/7 surveillance, it is very good practice to pretend you are as deeply as you can and look at everything that way. Method act. Believe it. Test yourself. What if there were bugs there or spyware? What if there is a hidden video camera in front of you and behind you?

Then you will understand never to say anything out loud.

The CIA director made a severe mistake keeping that confidential data on that account for all those years.

He did not think in this mindset.

Patraeus, I kind of could get not thinking that way. But, Brennan is a career CIA employee. Why did he not think in this way? Sad.

VIPs are the primary target for surveillance, not everyday nobodies.

Brennan could lose his job for this, just as Patreus lost his job because of the online evidence he left.


An AlternativeOctober 30, 2015 3:38 PM

@Anura

And it does not work because of protectionism!

If your credit card data was stolen, and bad people (sic) actually use your credit card without the bank blocking it then you are out of pocket. So you go sue (class action most likely) both the credit card company and the business. Only then will we see a change. At the moment the response is just "have some free identity theft protection and we will revoke your credit card and give you a new one". As others have pointed out this works fine for business but not so much for privacy.

Ideally you would not have a credit card anyway - you would have something that allows you to pay your bills but without anyone else being able to automatically take money from it. A blockchain could serve this purpose but again, privacy concerns...

AnuraOctober 30, 2015 4:24 PM

@An Alternative

If your credit card data was stolen, and bad people (sic) actually use your credit card without the bank blocking it then you are out of pocket. So you go sue (class action most likely) both the credit card company and the business

So instead of calling the company and disputing the charges, and having all the charges cleared like what happened both times my credit card was stolen, I would have to hire a lawyer, go to court against the bank's multi-million dollar team of lawyers, and if I win I get my $1000 back? And it only costs me $10,000 in legal fees!

Of course, we could just have loser-pays tort reform, so that way if I win, I am up $1000 and if I lose, I spend the rest of my life trying to dig out of my debt to the credit card company. Win-Win!

FREE MARKETS SOLVE EVERYTHING!

Ideally you would not have a credit card anyway - you would have something that allows you to pay your bills but without anyone else being able to automatically take money from it. A blockchain could serve this purpose but again, privacy concerns...

Yeah, because if you just use Bitcoin you are protected if your private key gets stolen.

ianfOctober 30, 2015 5:47 PM


@ BoppingAround

I don't recall the original context, but when I saw you & Nick P. mention getting disappeared, my self-education interest awakened. What you're now talking about is not that, however, but of minimizing the footprint… a commendable goal in itself, and fully within your one-foot-off-the-hamster-wheel rights.

Start with what I instinctively have been doing for some time without really having advance motivation for it: every time you are asked by non-state actors (except financial institutions) for granular details of your identity, question the need for that and then supply just the bare minimum. They want your date of birth? WHY? Put down correct year, month January the 1st. Or Day 0. Or February 30th (some web forms will let it through—lots of hilarity down the line!). When they insist on having a name attached to an email address (WTF for?), parrot the error prompt "Invalid Form"… or write "Moonlight Becomes Me" (because it does). Call it a digital monkey wrenching, mild version of. Etc.

But, frankly, all that must begin with analysis which bits of you is it that you'd want to keep most inaccessible. The best minimization strategy is to continue as normal, then gradually ease out of those formal dependencies that you find most invasive. In my case it was giving up an unlimited-amount "Gold" credit card, because I decided were I ever in line to impulse-buy that £200k Lambo, I'd have to clear it with the bank first anyway (besides, I am more of a Vespa person). Also, having that unlimited card on me was a needless threat vector in case of an extended robbery etc. So I cancelled it (and then discovered that in the meantime they raised the minimum earning threshold to a bank manager's level, so I couldn't get it back even if I wanted). Good riddance, haven't needed it since, my current MasterCard has enough of a limit to carry me through. Well aware of the electronic trail left by the use of a credit card, I decided nevertheless that the benefits of not having to carry cash out-weight the record—but also potential alibi of—my timed whereabouts.

Next, I will be writing to a Data Privacy Watchdog complaining of a major grocery chain requiring my particulars as were they the taxman, even though I pay them only with that pre-registered MasterCard, don't use any of their own, yet needed to register in order to speed up the check outs. Yeah, denouncing privacy cockroaches to the Man, sicking the state onto just-trying-to-make-a-buck grocers! ;-))

TRXOctober 31, 2015 6:09 PM

> Honan was less lucky, and lost irreplaceable photographs of his daughter.

"Honan, employed as an IT and security expert, failed to back up information he considered important."

...and it still employed as such. Good thing I don't depend on Wired for anything important.

fung0November 15, 2015 8:35 PM

> Yahoo recently announced it would do away with passwords, instead sending a one-time authentication code to the user's smartphone. Google has long had an optional two-step authentication system that involves sending a one-time code to the user via phone call or SMS.

I don't have a cell phone, don't want a cell phone, have no plans to get a cell phone. I actually enjoy being unreachable when I'm outside my domicile. (It's a sensation most of you reading this probably don't remember.)

But now we have a brilliant 'solution' to Internet security problems. A solution that would force people like me to get a cell phone. And then give away the number to every company doing business online.

Somewhere, George Orwell is laughing his ass off...

anonymousNovember 16, 2015 8:43 AM

Cell phone authentication, kill's anonymity and privacy. As Bruce mentioned our primary email account is our master key. However in reality (for most of us) it is our cell phone number or ultimately our SSN.

Most cell providers require a SSN. Your ssn is now a one to many relationship of phone numbers you own. Which are then a many to many relationship of email/social media accounts you own.

The same is true in respect to ip address's you use to access content on the web. Internet service providers required an SSN. Again, a one to many relationship of ip address's you have used. There is also a many to many relationship of ip addressess to websites visited, data transmitted, etc etc..

The same is true with sessions..

So if you put all of the above factors together, plus the ones I missed, and add the Utah data centers to the equation, your entire life is stored on a hard drive that the govt has full access to, whenever and however they please.

Just think about the relationships... starting with your SSN.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.