Coffee Break // Cyber News 007
For my coffee this morning I pour myself a Red Eye… caffeine is the name of the game today.
I want to talk about the s-word:
Surveillance.
Anyone whose had the (dis)pleasure of speaking to me for more than a handful of minutes has probably heard me wax eloquent on the matter of state surveillance.
It would be tempting to think, then, that I’m opposed to concept en bloc.
Not at all—surveillance is an incredibly useful tool, it also just so happens to be one that is incredibly easy to abuse.
One doesn’t have to go far to find examples of useful surveillance. But as easy to find are examples of governmental overreach.
The UK Home Office has frequently pushed Apple (an industry leader in message privacy and encryption) to backdoor their data and provide data to them from users of any national origin.
And while the freedom loving patriot inside of all of us no doubt rebels at this attempted offense, we need to acknowledge the utility of these tools.
Consider the graph above… it seems pretty subjective, right? One of the hardest part of this debate is finding where to draw the line.
Everyone is ok with a bank having a security camera to safeguard their money, no one is ok with being videotaped in the shower.
I’m not qualified enough to create exact measurements for this hypothetical formula, but I can recommend a guideline for judging how “good” a tool may be.
How severely could a Nazi abuse it?
I’m thoroughly opposed to watering down the political discourse by name-calling members of either party, so if you think I’m implying anything about a particular faction at this time, you are mistaken.
No, what I want to do with this cartoonish example is remove the “it’s ok we’re the good guys” from your mind.
Forget how upstanding a person your local LE and Sheriff’s dept. might be, forget how patriotic and noble your friends and family in the military might seem.
When you are evaluating a technology or methodology, you need to imagine a devil at the helm, not an angel.
Picture a literal Nazi, a goose stepping SS member from 1939 with the skull on his hat and everything, and imagine what he would do with a given technology.
How about Flock cameras? A hugely popular pick among townships and cities across the US, Flock cameras and license plate readers have come under fire for being made widely available to all manner of agencies not originally contracted with them. (e.g. ICE, FBI, and more.)
My own neighborhood went to the trouble of installing cameras at the entrances to the development.
Flock provides some very real utility to LE. Last year I rode along with a local Sheriff’s deputy and saw firsthand how the deputies would get notifications if a license plate registered to a stolen car passed a given camera.
That’s pretty useful!
But let’s not forget our mental exercise. What if, instead of a honest, community focused sheriff’s deputy looking at that data, it was someone evil?
All of a sudden, I’m not so game to have free access to camera’s right by my house at every hour of the day.
Neither you nor I can pick who in government is going to have access to those systems. If we want to protect our 4th amendment rights, we have to limit the powers of the organizations that we fund through our tax dollars.
Every government and enforcement agency on Earth is pushing to equip themselves with the most advanced, AI-empowered surveillance systems in the world. It is in their interest to do so.
At the voting booth, it is your duty to tell them to restrain themselves for the good of our Republic and the morality of our culture.
//
In other news.
Security Week reports on an amusingly named attack procedure, the Battering RAM. The attack involves putting a piece of hardware, here called an interloper, between a computers CPU and DRAM memory. The device than can bypass protected memory addresses and encryption.
The good news? Someone would need to physically install the device for the attack to work. The bad news? It’s relatively cheap and easy to do so. Be careful leaving your computer with that shady computer repair shop!
China is tightening regulations for its service providers. Starting in November service providers will have only 60 minutes to report security incidents involving critical networks.
Reporting time limits are important for good response time in any jurisdiction, but 60 minutes is an insanely small window to hit. Fascinating.
Finally, an update on the NYC SIM farm. Jeffrey Burt of Security Boulevard reports that LE has found another 200,000 SIM cards and servers. Does this increased capacity lend greater credence to the Secret Service’s previous descriptions of the scale of the operation?
