Entries Tagged "databases"

Page 4 of 14

Office of Personnel Management Data Hack

I don’t have much to say about the recent hack of the US Office of Personnel Management, which has been attributed to China (and seems to be getting worse all the time). We know that government networks aren’t any more secure than corporate networks, and might even be less secure.

I agree with Ben Wittes here (although not the imaginary double standard he talks about in the rest of the essay):

For the record, I have no problem with the Chinese going after this kind of data. Espionage is a rough business and the Chinese owe as little to the privacy rights of our citizens as our intelligence services do to the employees of the Chinese government. It’s our government’s job to protect this material, knowing it could be used to compromise, threaten, or injure its people­—not the job of the People’s Liberation Army to forebear collection of material that may have real utility.

Former NSA Director Michael Hayden says much the same thing:

If Hayden had had the ability to get the equivalent Chinese records when running CIA or NSA, he says, “I would not have thought twice. I would not have asked permission. I’d have launched the star fleet. And we’d have brought those suckers home at the speed of light.” The episode, he says, “is not shame on China. This is shame on us for not protecting that kind of information.” The episode is “a tremendously big deal, and my deepest emotion is embarrassment.”

My question is this: Has anyone thought about the possibility of the attackers manipulating data in the database? What are the potential attacks that could stem from adding, deleting, and changing data? I don’t think they can add a person with a security clearance, but I’d like someone who knows more than I do to understand the risks.

Posted on July 1, 2015 at 6:32 AMView Comments

Research on The Trade-off Between Free Services and Personal Data

New report: “The Tradeoff Fallacy: How marketers are misrepresenting American consumers and opening them up to exploitation.”

New Annenberg survey results indicate that marketers are misrepresenting a large majority of Americans by claiming that Americas give out information about themselves as a tradeoff for benefits they receive. To the contrary, the survey reveals most Americans do not believe that ‘data for discounts’ is a square deal.

The findings also suggest, in contrast to other academics’ claims, that Americans’ willingness to provide personal information to marketers cannot be explained by the public’s poor knowledge of the ins and outs of digital commerce. In fact, people who know more about ways marketers can use their personal information are more likely rather than less likely to accept discounts in exchange for data when presented with a real-life scenario.

Our findings, instead, support a new explanation: a majority of Americans are resigned to giving up their data­—and that is why many appear to be engaging in tradeoffs. Resignation occurs when a person believes an undesirable outcome is inevitable and feels powerless to stop it. Rather than feeling able to make choices, Americans believe it is futile to manage what companies can learn about them. Our study reveals that more than half do not want to lose control over their information but also believe this loss of control has already happened.

By misrepresenting the American people and championing the tradeoff argument, marketers give policymakers false justifications for allowing the collection and use of all kinds of consumer data often in ways that the public find objectionable. Moreover, the futility we found, combined with a broad public fear about what companies can do with the data, portends serious difficulties not just for individuals but also—over time—for the institution of consumer commerce.

Some news articles.

Posted on June 17, 2015 at 6:44 AMView Comments

Why the Current Section 215 Reform Debate Doesn't Matter Much

The ACLU’s Chris Soghoian explains (time 25:52-30:55) why the current debate over Section 215 of the Patriot Act is just a minor facet of a large and complex bulk collection program by the FBI and the NSA.

There were 180 orders authorized last year by the FISA Court under Section 215—180 orders issued by this court. Only five of those orders relate to the telephony metadata program. There are 175 orders about completely separate things. In six weeks, Congress will either reauthorize this statute or let it expire, and we’re having a debate—to the extent we’re even having a debate—but the debate that’s taking place is focused on five of the 180, and there’s no debate at all about the other 175 orders.

Now, Senator Wyden has said there are other bulk collection programs targeted at Americans that the public would be shocked to learn about. We don’t know, for example, how the government collects records from Internet providers. We don’t know how they get bulk metadata from tech companies about Americans. We don’t know how the American government gets calling card records.

If we take General Hayden at face value—and I think you’re an honest guy—if the purpose of the 215 program is to identify people who are calling Yemen and Pakistan and Somalia, where one end is in the United States, your average Somali-American is not calling Somalia from their land line phone or their cell phone for the simple reason that AT&T will charge them $7.00 a minute in long distance fees. The way that people in the diaspora call home—the way that people in the Somali or Yemeni community call their family and friends back home—they walk into convenience stores and they buy prepaid calling cards. That is how regular people make international long distance calls.

So the 215 program that has been disclosed publicly, the 215 program that is being debated publicly, is about records to major carriers like AT&T and Verizon. We have not had a debate about surveillance requests, bulk orders to calling card companies, to Skype, to voice over Internet protocol companies. Now, if NSA isn’t collecting those records, they’re not doing their job. I actually think that that’s where the most useful data is. But why are we having this debate about these records that don’t contain a lot of calls to Somalia when we should be having a debate about the records that do contain calls to Somalia and do contain records of e-mails and instant messages and searches and people posting inflammatory videos to YouTube?

Certainly the government is collecting that data, but we don’t know how they’re doing it, we don’t know at what scale they’re doing it, and we don’t know with which authority they’re doing it. And I think it is a farce to say that we’re having a debate about the surveillance authority when really, we’re just debating this very narrow usage of the statute.

Further underscoring this point, yesterday the Department of Justice’s Office of the Inspector General released a redacted version of its internal audit of the FBI’s use of Section 215: “A Review of the FBI’s Use of Section 215 Orders: Assessment of Progress in Implementing Recommendations and Examination of Use in 2007 through 2009,” following the reports of the statute’s use from 2002-2005 and 2006. (Remember that the FBI and the NSA are inexorably connected here. The order to Verizon was from the FBI, requiring it to turn data over to the NSA.)

Details about legal justifications are all in the report (see here for an important point about minimization), but detailed data on exactly what the FBI is collecting—whether targeted or bulk—is left out. We read that the FBI demanded “customer information” (p. 36), “medical and educational records” (p. 39) “account information and electronic communications transactional records” (p. 41), “information regarding other cyber activity” (p. 42). Some of this was undoubtedly targeted against individuals; some of it was undoubtedly bulk.

I believe bulk collection is discussed in detail in Chapter VI. The chapter title is redacted, as well as the introduction (p. 46). Section A is “Bulk Telephony Metadata.” Section B (pp. 59-63) is completely redacted, including the section title. There’s a summary in the Introduction (p. 3): “In Section VI, we update the information about the uses of Section 215 authority described [redacted word] Classified Appendices to our last report. These appendices described the FBI’s use of Section 215 authority on behalf of the NSA to obtain bulk collections of telephony metadata [long redacted clause].” Sounds like a comprehensive discussion of bulk collection under Section 215.

What’s in there? As Soghoian says, certainly other communications systems like prepaid calling cards, Skype, text messaging systems, and e-mails. Search history and browser logs? Financial transactions? The “medical and educational records” mentioned above? Probably all of them—and the data is in the report, redacted (p. 29)—but there’s nothing public.

The problem is that those are the pages Congress should be debating, and not the telephony metadata program exposed by Snowden.

EDITED TO ADD: Marcy Wheeler is going through the document line by line.

Posted on May 22, 2015 at 5:45 AMView Comments

New Pew Research Report on Americans' Attitudes on Privacy, Security, and Surveillance

This is interesting:

The surveys find that Americans feel privacy is important in their daily lives in a number of essential ways. Yet, they have a pervasive sense that they are under surveillance when in public and very few feel they have a great deal of control over the data that is collected about them and how it is used. Adding to earlier Pew Research reports that have documented low levels of trust in sectors that Americans associate with data collection and monitoring, the new findings show Americans also have exceedingly low levels of confidence in the privacy and security of the records that are maintained by a variety of institutions in the digital age.

While some Americans have taken modest steps to stem the tide of data collection, few have adopted advanced privacy-enhancing measures. However, majorities of Americans expect that a wide array of organizations should have limits on the length of time that they can retain records of their activities and communications. At the same time, Americans continue to express the belief that there should be greater limits on government surveillance programs. Additionally, they say it is important to preserve the ability to be anonymous for certain online activities.

Lots of detail in the reports.

Posted on May 21, 2015 at 1:05 PMView Comments

NSA/GCHQ Hacks SIM Card Database and Steals Billions of Keys

The Intercept has an extraordinary story: the NSA and/or GCHQ hacked into the Dutch SIM card manufacturer Gemalto, stealing the encryption keys for billions of cell phones. People are still trying to figure out exactly what this means, but it seems to mean that the intelligence agencies have access to both voice and data from all phones using those cards.

Me in The Register: “We always knew that they would occasionally steal SIM keys. But all of them? The odds that they just attacked this one firm are extraordinarily low and we know the NSA does like to steal keys where it can.”

I think this is one of the most important Snowden stories we’ve read.

More news stories. Slashdot thread. Hacker News thread.

Posted on February 20, 2015 at 7:51 AMView Comments

National Academies Report on Bulk Intelligence Collection

In January, the National Academies of Science (NAS) released a report on the bulk collection of signals intelligence. Basically, a year previously President Obama tasked the Director of National Intelligence with assessing “the feasibility of creating software that would allow the Intelligence Community more easily to conduct target information acquisition rather than bulk collection.” The DNI asked the NAS to answer the question, and the result is this report.

The conclusion is about what you’d expect. From the NAS press release:

No software-based technique can fully replace the bulk collection of signals intelligence, but methods can be developed to more effectively conduct targeted collection and to control the usage of collected data, says a new report from the National Research Council. Automated systems for isolating collected data, restricting queries that can be made against those data, and auditing usage of the data can help to enforce privacy protections and allay some civil liberty concerns, the unclassified report says.

[…]

A key value of bulk collection is its record of past signals intelligence that may be relevant to subsequent investigations, the report notes. The committee was not asked to and did not consider whether the loss of effectiveness from reducing bulk collection would be too great, or whether the potential gain in privacy from adopting an alternative collection method is worth the potential loss of intelligence information. It did observe that other sources of information—for example, data held by third parties such as communications providers—might provide a partial substitute for bulk collection in some circumstances.

Right. The singular value of spying on everyone and saving all the data is that you can go back in time and use individual pieces of that data. There’s nothing that can substitute for that.

And what the report committee didn’t look at is very important. Here’s Herb Lin, cyber policy and security researcher and a staffer on this report:

…perhaps the most important point of the report is what it does not say. It concludes that giving up bulk surveillance entirely will entail some costs to national security, but it does not say that we should keep or abandon bulk surveillance. National security is an important national priority and so are civil liberties. We don’t do EVERYTHING we could do for national security—we accept some national security risks. And we don’t do everything we could do for civil liberties—we accept some reductions in civil liberties. Where, when, and under what circumstances we accept either—that’s the most important policy choice that the American people can make.

Just because something can be done does not mean that 1) it is effective, or 2) it should be done. There’s a lot of evidence that bulk collection is not valuable.

Here’s an overview of the report. And a news article. And the DNI press release.

Posted on February 9, 2015 at 6:16 AMView Comments

Corporations Misusing Our Data

In the Internet age, we have no choice but to entrust our data with private companies: e-mail providers, service providers, retailers, and so on.

We realize that this data is at risk from hackers. But there’s another risk as well: the employees of the companies who are holding our data for us.

In the early years of Facebook, employees had a master password that enabled them to view anything they wanted in any account. NSA employees occasionally snoop on their friends and partners. The agency even has a name for it: LOVEINT. And well before the Internet, people with access to police or medical records occasionally used that power to look up either famous people or people they knew.

The latest company accused of allowing this sort of thing is Uber, the Internet car-ride service. The company is under investigation for spying on riders without their permission. Called the “god view,” some Uber employees are able to see who is using the service and where they’re going—and used this at least once in 2011 as a party trick to show off the service. A senior executive also suggested the company should hire people to dig up dirt on their critics, making their database of people’s rides even more “useful.”

None of us wants to be stalked—whether it’s from looking at our location data, our medical data, our emails and texts, or anything else—by friends or strangers who have access due to their jobs. Unfortunately, there are few rules protecting us.

Government employees are prohibited from looking at our data, although none of the NSA LOVEINT creeps were ever prosecuted. The HIPAA law protects the privacy of our medical records, but we have nothing to protect most of our other information.

Your Facebook and Uber data are only protected by company culture. There’s nothing in their license agreements that you clicked “agree” to but didn’t read that prevents those companies from violating your privacy.

This needs to change. Corporate databases containing our data should be secured from everyone who doesn’t need access for their work. Voyeurs who peek at our data without a legitimate reason should be punished.

There are audit technologies that can detect this sort of thing, and they should be required. As long as we have to give our data to companies and government agencies, we need assurances that our privacy will be protected.

This essay previously appeared on CNN.com.

Posted on December 5, 2014 at 6:45 AMView Comments

1 2 3 4 5 6 14

Sidebar photo of Bruce Schneier by Joe MacInnis.