Warrant Used To Track Users Through Tor Invalidated

When it was revealed that an NIT (network investigative technique) had been used to track people across Tor, people were worried about just how they had got permission to deploy such a far sweeping piece of computer malware. It would now seem that the warrant issued didn’t give as much power as they wanted as a federal judge has now stated that the warrant should be invalidated because of its reach.

The federal judge in question sits in Massachusetts and stated that a magistrate issuing a warrant in Virginia cannot “authorize the search of a defendant’s computer located in Massachusetts”. This was noted in a 39-page opinion in which William Young stated that while it cannot be done, the Department of Justice and Congress could change the law in future. The end result of the opinion is the conclusion stating:

Based on the foregoing analysis, the Court concludes that the NIT Warrant was issued without jurisdiction and thus was void ab initio. It follows that the resulting search was conducted as though there were no warrant at all. Since warrantless searches are presumptively unreasonable, and the good-faith exception is inapplicable, the evidence must be excluded.

So ultimately the warrant for the NIT over stretched the bounds, something that has now led to a bunch of evidence being made null and void in a case where even Ahmed Ghappour, a law professor at the University of California, realized that the ” DOJ knew full well that the magistrate lacked authority to issue an out-of-district warrant”.

Microsoft Is Suing The US Government Over Cloud Data Searches

Microsoft is but one of many technology firms that have recently moved their focus from internal hard drives to the cloud, allowing people to access their data from anywhere in the world given the right details. The problem is other people also have access to this information, both legally and illegally and Microsoft is suing the US government over their attempts to force companies to remain quiet on the matter.

Microsoft has now filed a lawsuit against the Justice Department stating that it’s not just wrong but it’s “unconstitutional” that companies should be forced to remain silent when they are asked to hand over any data you might store in the cloud. In their complaint, Microsoft says that section 2705(b) of the Electronics Communications Privacy Act “sweeps too broadly” and effectively gives the government the power to gag companies, regardless of the reasons they are investigating someone. Microsoft even went so far as to name the number of secrecy orders they’d received in the past 18 months, a huge number sitting at almost 2,600.

The best part of almost 2.6 thousand secrecy orders, was that over two-thirds would never run out thanks to them containing “no fixed end date”. The end result is clear, Microsoft wants section 2705(b) ruled as unconstitutional and removed, a judgment that would affect every technology company based on the internet these days thanks to the broad range of uses that the cloud is utilized for.

Recently Reddit removed their Warrant canary, giving users a legal warning that the government had requested access to at least some of their information (possibly). While other companies, such as Apple has been arguing with the FBI over who and where the line should be drawn for gaining access to devices and the steps they can make companies provide to open the door for them.

FBI Says Hackers Have Had Access to Government Systems Since 2011

While trying to gain access to iPhones and emails, the FBI are having to deal with a wholly different threat. Their own systems have been compromised and a group of hackers has had access to governments systems since 2011.

The report that has been raised shows that a group that security experts believe to be APT6 has managed to hack and steal government secrets for years without being noticed. The alert lists a range of websites used in order to launch phishing attacks against the networks and dates the activities as far back as 2011.

APT6 (Advanced Persistent Threat 6) is a codename that has been given to a group of hackers believed to work for the Chinese government and are known for their consistently advanced techniques and the results they provide.

While the controlled by the hackers were “suspended” in December last year, this doesn’t mean that the hackers have been removed from the network, or that they don’t have other ways to access the system after 5 years of unauthorised activity within it.

Michael Adams, an information security expert, spoke with Motherboard and seemed less than impressed with the latest report, going on to say that it “looks like they were in for years before they were caught, god knows where they are. Anyone who’s been in that network all this long, they could be anywhere and everywhere”. Adams showed disbelief that this could happen, even asking the question “how many times can this keep happening before finally realize we’re screwed?”

State sponsored or not, hackers in a secure network is a bad thing, unknown hackers in a secure network is beyond worrying about because of the kinds of systems that rely on and act as if the network should be secure.

UK May Have Hit Broadband Targets

When it comes to the internet the coalition government made a pledge that by 2015, they would have the “best superfast broadband in Europe”. The UK may have hit broadband targets, but still fears remain over the future and if the targets are good enough.

The problem with setting targets with technology, they look great but they have to change as technology does. The original target for 90% of properties having superfast broadband by 2015 was changed in light of the difficulty and processes involved, eventually changing to 95% of properties by 2017. We may have hit the 90% marker now, but that last 5% needed to meet the goal posts next year may come at difficulty.

The difficulty comes from the properties located in rural areas, with fibre optic speeds slowly reaching those areas (although not as the speeds users want to gain access to the internet). The second problem though is the big one, what is super fast internet these days?

Back in 2010, the definition was 24 Mbps, but these days you can grab 100 or even 200 Mbps internet. With the kind of fibre optic cables needed to reach 24 Mbps used in its current roll out the question is being raised that if we compare ourselves on “superfast broadband” in a few years time, will we need to roll out new options all over again.

The standard option  for many European countries is now FTTH (Fiber to the house), an option that is only reaching 1.56% of British homes. The city of Hull has one of the lowest superfast broadband availability, listed at 37.6% because Hull’s independent telecoms provider, KCOM, has already opted to deploy the FTTH strategy, resulting in 37.6% of houses now getting fibre optic speed straight to the house.

New Bill Prevents Federal Agencies Purchasing Apple Products

Apple is currently in congress talking to and explaining the impact that removing or bypassing protection on their iPhones would have if they followed a court order to do so for the FBI. In what may seem like a childish move a congressman has now introduced a bill that would forbid federal agencies from purchasing Apple products.

In the statement, Representative David Jolly stated the following:

“Taxpayers should not be subsidizing a company that refuses to cooperate in a terror investigation that left 14 Americans dead on American soil,” he said. “Who did the terrorist talk to? Who did he message with? Did he go to a safe house? Is there information on the phone that might prevent a future attack on US soil? Following the horrific events of September 11, 2001, every citizen and every company was willing to do whatever it took to side with law enforcement and defeat terror. It’s time Apple shows that same conviction to further protect our nation today.”

Currently, though the bill may not get passed with America split down the middle on the issue and, even more, people coming out in support of both sides, although Apple seems to have the majority rule with large companies and even ex-agency heads coming forward in their support.

With a man whose wife was lost in the attacks stating his support for Apple, the discussions seem to change with every passing minute as people go from supporting the company to stating that the phone could have infected (and be used to fix) virus’s that it may or may not have on it.

Former Heads of NSA & Homeland Support Apple In Encryption Battle

In its recent arguments against the FBI, Apple has found companies rallying behind its arguments that you can’t force a company to break its own protection without risking others. Even Microsoft have come out saying that forcing Apple to do so would set a dangerous precedent for technology companies everywhere. Their latest support is a little bit different, with the former heads of the NSA and Homeland supporting encryption in this case.

Michael Chertoff was the head of Homeland Security and is one of the people who helped author the Patriot Act. Mike McConnell is the former head of the NSA and both of these people, former professionals within governments security sector, have come forward expressing support for encryption technologies.

In a panel, Chertoff stated that “if we [the people and governments] ask private sector to be in control of security, then we have to allow them to have tools to carry out that mission”. Chertoff then continued to say that trust is the fundamental basis of the “internet economic engine” and that “if we don’t come to an agreement with the majority of the world [around privacy] we could end up with multiple internets and lose the value of an interconnected world”.

McConnell on the other hand, suggested that a reasonable method to address the problem wouldn’t be the public flinging match that the FBI are keen to use to their advantage but instead to form “a legislatively direction commission of leading experts to have an informed dialog with all clearances to make reasonable recommendations”. He suggests that the public and even Congress don’t have the knowledge regarding cyber security matters to make an informed decision and that public opinions and fear could lead to decisions which will do nothing but harm companies government and people alike.

Researcher Finds New Way to Hijack Drones Mid-Flight

It is often easy to forget that while the majority of drones making the news are operated by hobbyists and amateurs, the US government is rolling out a number of more expensive UAVs for use by first responders and the police. Now, security researcher at IBM, Nils Rodday has potentially thrown a spanner in the works of this, by demonstrating that at least one model of these government standard drones has security vulnerabilities that allow it to be hacked from as far away as a mile, allowing an attacker to seize control of the craft for their own ends or simply cause it to drop from the sky.

The full extent of the vulnerability will be demonstrated by Rodday at the RSA conference this week where he will show how a $30,000 to $35,000 drone can be taken over or knocked out of the sky by a security flaw in its radio connection using just a laptop and a cheap radio chip connected via USB. Due to the fact that the connection between the operator and the drone are left unencrypted to allow commands to be processed more quickly, an attacker who can send the correct sequence of signals to the drone’s telemetry box can impersonate the true operator, locking them out of control of the drone. “You can inject packets and alter waypoints, change data on the flight computer, set a different coming home position,” Rodday says. “Everything the original operator can do, you can do as well.”

With the ongoing fear of irresponsible drone use by hobbyists, it is even more concerning that the expensive drones operated by official bodies are so vulnerable to attack. Should an attacker wish to cause serious harm, it would appear it could be done using a hacked police drone with surprising ease. “If you think as an attacker, someone could do this only for fun, or also to cause harm or to make a mess out of a daily surveillance procedure,” says Rodday.

UK Culture Secretary Compares Ad Blocking to Music Piracy

Ad blocking plugins have become a topic which polarized opinions and causes some friction between content creators and their readership. Websites like eTeknix rely on advertising revenue to pay staff wages, and help produce detailed content. On the other hand, we always want to make sure that the experience is user-friendly and display ads in a non-intrusive manner. This is why we don’t use adverts which take over your entire screen and become an instant annoyance. It’s a difficult balancing act though because websites are struggling to make money, and there’s various instances of major publications being closed due to financial problems. This includes CVG, Joystiq and more. Recently, Wired announced a new plan to block users with Ad blocking software and offer an ad-free website for a subscription fee.

As an internet user, I can understand why people use Adblock because many sites and services really make such an awful user-experience. If possible, it’s so important to white list those websites you want to support, because collectively it makes such a difference! The UK culture secretary, John Whittingdale recently weighed in on this very important debate during a speech at the Oxford Media Convention and said ad blocking software:

“..is depriving many websites and platforms of legitimate revenue,”

“It is having an impact across the value chain, and it presents a challenge that has to be overcome. Because, quite simply, if people don’t pay in some way for content, then that content will eventually no longer exist.”

“And that’s as true for the latest piece of journalism as it is for the new album from Muse.”

“If we can avoid the intrusive ads that consumers dislike, then I believe there should be a decrease in the use of ad-blockers,”

“My natural political instinct is that self-regulation and co-operation is the key to resolving these challenges, and I know the digital sector prides itself on doing just that. But government stands ready to help in any way we can.”

Whittingdale even went onto compare ad blocking with illegal file sharing of films and music during the last decade. This is a very strong statement to make, and I believe it’s a little bit sensationalist. I personally see both sides of the arguments, and believe educating users about the importance of ads to help content creators is essential. At least Whittingdale did acknowledge that banning ad blocking software would be the incorrect approach.

Do you use ad blocking software?

Image courtesy of The Huffington Post.

UK Needs Faster Internet Says Business Leaders Group

Buffering, downloading, pausing, even trying to make out the shapes on a low-resolution video have become common place for so many people as their internet speed caps out, normally before they are anywhere near their advertised (and purchased) speeds. It seems that we aren’t the only ones annoyed by this though as a group of business leaders have spoken out now, accusing the UK government of creating a “poverty of ambition” for internet speeds.

The Institute of Directors (IoD) is formed from business leaders within the UK, and in their report titled Ultrafast Britain, they state that the UK is lagging behind when it comes to enabling faster broadband connections. The government states that 90% of UK properties have access to superfast speeds, with that reaching 95% by next year.

The IoD don’t think this is good enough, with them calling for speeds of 10 gigabits per second (Gbps) by 2030. Currently, the government wants just 10 megabits per second by 2020, a speed which many are already getting.

This isn’t the first time that the internet as a structured provision has been discussed this week, with Ofcom telling BT that its cable network should be opened up to other companies. Currently, BT contains two parts, the core company and Openreach, the part of the company responsible for the cable, fibre and network infrastructure that the UK relies on for its internet.

What is your internet speed? Is it ever what you were actually advertised to be getting? Do you know anyone with super fast/slow internet and does it have a big impact on them?

Trial by Combat – As Outdated As You Think?

We’ve all seen the dramas, times when people are insulted by another person or they’ve had some disagreement over actions someone has done. In modern days, this normally involves a few choice words and maybe a small brawl outside, but these can even end up in court, with people claiming financial revenge for their actions. One that is very rarely used, but is seen a lot on TV is trial by combat, but the tradition is all but dead.

Trial by combat was originally created in germanic law, with two people fighting in single combat, the winner being proven right in the eyes of the law and the witnesses. The tradition died off as legal systems relied more on facts and evidence, with it rarely ever invoked because of the “barbaric” nature of it.

Back in 2002, Leon Humphreys challenged the DVLA (Driver and Vehicle Licensing Agency) to trial by combat. His original charge was to pay a £25 motoring fine for not informing the DVLA about his motorcycle being off the road. The magistrates saw this as a waste of time though and fined him £200 with another £100 in costs; it didn’t quite work out for him.

In 2015, this came before the Staten Island Supreme Court when a layer cited the right in the case where he is being accused of helping a client commit fraud. Richard Luthmann states that trial by combat was never outlawed in New York state or even the United states. Luthmann, a Game of Thrones fan, stated that “They want to be absurd about what they’re trying to do, then I’ll give them back ridiculousness in kind”.

So while an old tradition, you never know who would invoke the right to single combat in order to defend their actions in the eyes of the law and their makers. Something work keeping in mind next time you’re stuck with an odd fine, just be ready to fight if they agree!

Judge Confirms CMU Was Hired to Break Tor by Government

The government is in the news a lot when it comes to technology, especially with Apple going toe to toe with the FBI over gaining access to secure systems. With every country in the world trying to catch up with the constantly changing world of technology, sometimes governments sometimes can try to catch up by trying to break what’s been created. Such was the rumours regarding the FBI hiring Carnegie Mellon University (CMU) to break Tor.

Tor is an open network that looks to fight against tracking analysis, just one way of monitoring and identifying people online. Using systems like Tor you are able to hide your identity online, a feature that some governments seem less than keen on letting happen due to the risks that people may use it for less than noble intentions. CMU previously responded saying, well not much at all to be honest, regarding the rumours it would now appear a judge has revealed it all; sorry FBI, looks like it wasn’t you.

It has now been revealed that it was in fact the Department of Defence (DOD) that funded the project. The information comes out as part of a court case against Brian Farrell, one of Silk Road 2.0’s administrators. Once again online privacy is being raised, with the argument that if you are looking to hide your activity you are attempting to create a sense of privacy, something which online tracking would then breach.

With technology and the law going head to head in the court on a daily basis, will the laws and governments of the world ever be in step with the ways that we work every day or will we always be hearing about the constant game of catch up that the law seems to follow currently?

Apple Would Have Given Government Data But Someone Changed The Passcode

It seems like every time I look at the news another company has put in their chips on the Apple vs FBI discussion. From being told to allow the FBI access, to finding a way to give them access, Apple made it clear that they want to avoid removing protection on a phone as it could set a “dangerous precedent” for the industry. Even the White house has stepped forward to try to clarify that it didn’t want a “backdoor”, but Apple wants to help the government without risking their iPhones. That help may have come a little too late, though.

The Department of Justice filed a motion stating that Apple has to comply with the FBI’s request to access the phone, even if that means bypassing the phone’s passcode. The problem being is that Apple offered them an alternative, that they now can’t make use of. Apple offered suggestions including triggering an automatic backup by plugging the phone in and connecting to known wifi, meaning it would then back up to the iCloud, a place where Apple can provide them with the data they are so keen to gain access to.

When the government stated that the automatic backups weren’t working, it was discovered, as listed in the motion, that a county employee in San Bernardino changed the ID passcode online after the shooting incident. San Bernardino county are the owners of the iPhone in question, having given it to Farook as one of their employees. The problem being that the reset occurred hours after the attack Farook was responsible for, raising the question of whom reset the passcode.

With Apple looking to help the government they are definitely appearing as the good guys, and with the news that the Government is already looking at ways to bypass encryption the fact that they are requesting the modification of the iOS to gain access seems to ring more than a few warning bells for companies and users alike.

U.S. Agencies Told to Find Ways Through Encryption

Security is one of this year’s biggest buzzwords when it comes to technology, with cases like Apple vs the FBI. With everyone wanting to protect their data, from you and me to companies like VTech and TalkTalk looking to protect you from the hacks that left their reputation damaged and open to large fines and bad press. It has now come to light though that government agencies may have been ordered to do just that, to find ways through encryption.

The problem the FBI are having now is that they are requesting for a way to remove the protection put onto a phone, which in a single case may not be bad, but if used in other cases could be seen as a “master key” to access information whenever they want, something people are against since the government was found to already have been illegally spying on people (both in their country and abroad).

The memo in question is said to have been created at a meeting around Thanksgiving, with senior national security officials ordering agencies to find ways to bypass or counter the encryption software that is used to protect everything from your bank account to the pictures of your cat on your phone.

The reason people object to giving even law enforcement agencies having access to their information, except wanting to hide things from them, is that if they’ve already abused and misused their power, what is to stop them from continuing to do so? People are often the weakest part of systems, such as if the FBI agent bribed by a Judge had said yes.

With everyone from Google to John McAffee expressing their views on the Apple Vs FBI case, the conversation is likely to only heat up before it cools down. What are you opinions? Are there any circumstances where Apple could give the FBI to the phone without risking their phones and people’s information?

UN Rules Julian Assange is Being ‘Arbitrarily Held’ And Deserves Compensation

Julian Assange, founder of Wikileaks caused a media frenzy by publishing classified documents about Iraq, Afghanistan and Guantánamo. By 2015, Wikileaks has published more than 10 million documents and associated analyses, and has been described by Assange himself as “a giant library of the world’s most persecuted documents” As a result, Assange was treated as a fugitive and subject to a prosecution by the Espionage Act of 1917. There’s also been a slur on Assange’s character which stems from allegations of a sexual assault against two women in Sweden. To properly hear the case, Assange has to leave his safe haven at the Ecuadorian embassy. Many argue this is simply the workings of a corrupt government trying to capture Assange by any means possible.

Today, the United Nations Working Group on Arbitrary Detention made a landmark ruling and claimed Assange’s decision to reside in the Ecuadorian embassy was “arbitrary detention” and breached international law. Furthermore the UN suggested that Mr Assange’s detention “should be brought to an end, that his physical integrity and freedom of movement be respected”. Apparently, the Wikileaks founder was subject to “different forms of deprivation of liberty” and “… afforded the right to compensation”. It’s important to note that this isn’t a legally binding arrangement, and doesn’t alter Assange’s current plight. However, this should apply some pressure on the UK and USA governments to give Assange freedom of movement without any arrests occurring.

Mr. Assange reacted to the decision via a direct video link and said it was a “really significant victory that has brought a smile to my face”. However, the UK Foreign Secretary Philip Hammond dismissed these recent comments and claimed he was a “fugitive from justice” Not only that, Hammond said Assange could “come out any time he chooses” but would still have to face a trial.

Do you think Julian Assange is a hero or villain?

87% of World Governments Have a Facebook Presence

Facebook has rapidly become an invaluable communication tool which many people rely on to keep in contact with relatives and forge key business relationships. It’s difficult to imagine the platform was originally set up to organize meetings between students at Harvard University. We live in an age where social media is arguably just as important as traditional news outlets which makes governments across the world try to engage with people on various platforms including Twitter, Facebook and more! Obviously, lots of this discourse between politicians and the electorate is heated as people vent their frustrations.

According to a new report released today by PR firm, Burson-Marsteller, 87 percent of 193 United Nation member countries have an official presence on Facebook. An excerpt from the study reads:

“Over the past eight years, Facebook has become the channel of choice for community engagement with world leaders,”

“Since then, a Facebook presence has become part and parcel of any social media political campaign and one of the best ways to engage with potential voters and citizens.”

This is an interesting development and showcases the influential nature of social media. Although, from my initial observations, Twitter’s more direct form of communication might become a new focus for governments to spread their campaign message. The way we all use media is changing, and reports from the public often provide a quicker indication of what’s transpiring. This doesn’t necessarily mean traditional news broadcasts will become obsolete, but there’s certainly a rise in community media. Typically, governments struggle to stay up to date with the latest technology and produce legislation based on outdated notions.

It seems they are hoping having a Facebook presence shows their understanding of the modern world and how ordinary people communicate. Overall, I’m not surprised by the findings, and I cannot help being suspicious of any official government presence on social media platforms.

‘Snooper Charter’ Causes Issues With Google, Microsoft, Twitter And Others

The Investigatory Powers Bill (IP Bill for short) goes by another name, the Snooper Charter. The bill is aimed to help extend and update the government’s legislation surrounding their surveillance powers, this extension though is gaining more than a little public notice with more than a few people expressing how worried they are about these new powers. Google, Microsoft, Facebook, Yahoo and Twitter can now be added to this list of people that have issues with the current bill.

Listing their concerns, they state they understand the responsibilities of Governments to protect people and privacy, they continue by saying that they believe a legal framework can protect people, companies and the Government. They cite their membership to the “Reform Government Surveillance” (RGS) coalition before continuing in saying that any surveillance must be lawful, necessary, transparent and proportionate.

Current proposals look to force ISP’s to retain at least a years worth of data about sites you visit, an action that has raised concerns by ex-NSA director Bill Binney. The primary areas that they wished to bring into notice are the conflicting laws between the proposal and international law. Continuing on to state that an international framework, as suggested by Sir Nigel Sheinwald, should be established to help with issues and prevent the use of warrants on people based within the UK to attempt to extract information from a branch of the company in a different country.

One of the main issues is encryption with digital data and the bill states that companies will have “obligations relating to the removal of electronic protection applied by a relevant operator to any communication or data”, basically saying that any protection you have on your devices companies will need to be able to remove. This didn’t go down well in America when the government ordered Apple to unencrypt a phone while China’s new law forces companies to provide them with encryption keys.

I recommend reading through their concerns if you are interested and keep listening out for more information as it develops on the “Snooper Charter”, as no matter how you use technology, this law will impact everyone.

Obama Orders Study Into Smart Gun Technology

Smart guns are nothing new, they are the concept of using technology to not enhance guns but to make them easier to track and ensure they are used by the correct people for the correct reason. It would seem though that President Barak Obama hopes that smart gun technology can be used to stem gun violence in the U.S.

In a memorandum, the departments of Defence, Justice and Homeland security were told to look into smart gun technology. Obama is rumoured to be using his authority to push forward extra gun control measures in his last year, within the statement he stated that “developing and promoting technology that would help prevent these tragedies is an urgent priority”.

Smart guns would allow guns to be outfitted with radio frequency trackers, or even fingerprint scanners, which would allow lost or stolen weapons to be traced more easily and then require authorisation to use the weapon in the way of a fingerprint scan respectively. Alternatives include having a small watch device on your wrist, with the gun only discharging when the watch and the weapon are within a certain range, thereby limiting the number of people that can pick up and use the weapons with ease.

With 90 days to report their findings on the study, the concept has already come under fire from the national rifle association with a spokeswoman Jennifer Baker saying that “there is nothing in this set of proposals that would improve public safety“.

With these requirements and the idea to licence anyone selling firearms, not just in store but also at events or online, the idea of limiting or tracking firearms more effectively seems to be at the core of the new proposals.

It will be interesting to see the results of the studies and the subsequent comments from the NRA and government authorities regarding Smart weapons as upgrading anything with technology is often seen with sceptical eyes from everyone.

Image courtesy of the Verge.

Companies Face Criminal Charges for Notifying You of Spying

The government is at the heart of a major debate regarding your information and their attempts to gain access to them. With everything from encryption to the latest in a long stream of bad ideas, making companies who inform you when people are attempting to read your information pay criminal charges.

The Snoopers Charter, or by its proper name the Investigatory Powers Bill, would not only require sites to keep up to twelve months worth of your details, including your visited sites, but would also give government agencies access to this information, all while government officials have been requesting backdoor access to encrypted data that could be easily accessed by the authorities (not to mention any hacker who finds the backdoor).

A small side note on the bill states that the bill “will ensure that a communications service provider does not notify the subject of an investigation that a request has been made for their data unless expressly permitted to do so”. This means that companies would have to be told they can tell you, rather than being told to keep it a secret.

With companies like Yahoo, Twitter, Facebook and Google already alerting you when they believe your account is being spied upon, making it illegal for companies to warn you that people are delving into your personal life could quickly come back and cause issues, both legally and morally.

Image courtesy of Beta news

Proposed “Online Safety Bill” Being Debated In the House Of Lords

Guess whose back? Indeed after a short hiatus I am back and raring to be creative concerning my written articles for eTeknix, although, in reality it has only been around 6 weeks since my last piece. So, what to write? I know, let’s delve into the proposed “Online Safety Bill” which is currently being debated in the UK courtesy of the House of Lords.

According to reports on the government’s own Parliament website, the bill is being debated at the “1st sitting committee stage” and proposes a law to compel “internet service providers and mobile phone operators to provide an internet service that excludes adult content” This includes provisions to offer strict and compulsory age verification checks to NSFW sites and also a role for Ofcom. There are also proposals to educate parents through digital on demand programme services and a licensing scheme for such websites.

It will be interesting to see how the debate develops and also the challenges of implementing such a law, after all, ISPs will first have to define what constitutes an “adult” website before blocking it to individuals who are under the age of 18. A further interesting angle is the proposal to “require electronic device manufacturers to provide a means of filtering internet content”.

Logically these proposals are unworkable and may in all probability be circumvented by various tech means; there is also the question of legitimate and educational sites that might fall under the banner of such a law. Another aspect which could cause concern is the proposed age verification checks, the only way this could be implemented is for a mechanism to be introduced to verify consumers through official identification without it being intercepted by hackers and a myriad of external cyber threats.

Image courtesy of echo

The National Crime Agency’s Anti-Cyber Crime Campaign is Embarrassing and Ignorant

The National Crime Agency embarked on an appalling advertising campaign yesterday “aimed at educating the parents of 12-15 year old boys” who might be proponents of cyber-crime. Already we can see the ignorance flowing here, as focusing on the male gender is incorrect, and targeting such a narrow age range seems completely ludicrous. Not only that, the organization created a checklist for parents to help investigate their own children and see if they are engaging in illegal activity. This is a prior warning, the compiled list is possibly the biggest pile of nonsense I’ve read in years.

“Warning signs of cyber crime

The following behaviours may indicate a young person is at risk of getting involved in cyber crime:

  • Is your child spending all of their time online?
  • Are they interested in coding? Do they have independent learning material on computing?
  • Do they have irregular sleeping patterns?
  • Do they get an income from their online activities, do you know why and how?
  • Are they resistant when asked what they do online?
  • Do they use the full data allowance on the home broadband?
  • Have they become more socially isolated?

If a young person is showing some of these signs try and have a conversation with them about their online activities. This will allow you to assess their computer knowledge proficiency so you can understand what they are doing, explain the consequences of cyber crime and help them make the right choices.”

There’s so much wrong with the questions above that I really don’t know where to start. The idea that children spending time online is a negative concept is unbelievably outdated, and laughable. The internet is an integral part of daily life from educational activities to keeping up with friends on various social media platforms. Additionally, human beings don’t all have to be brash, loudmouth extroverts, and social isolation isn’t anything to be suspicious off. In reality, many socially isolated people are very creative and struggle to communicate with people. Anxiety is a terrible condition to deal with its impossible for non-sufferers to understand the daily torment. That’s why it’s incredibly hurtful to judge people and be suspicious of them just because they want alone time.

On another note, the one key profession society will need in the future is programmers, and they are in short supply at the high skill level. We should be actively encouraging children to attain coding skills and make their interest in this field flourish. To insinuate this passion as a negative aspect is frankly, embarrassing.

Hilariously, the NCA contradicts themselves and goes onto say:

Ways to use cyber skills positively

Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to anyone with an interest in these areas.”

According to their impeccable logic (insert sarcasm here), coding is a suspicious trait but it’s a way to use skills in a positive manner. If anyone can explain what the marketing team has been drinking, I’d love to know. This entire campaign makes zero sense and is a complete farce. While some feel the need to ridicule it, I find it very worrying that people in power have such an idiotic and uneducated viewpoint on the subject matter. As previously mentioned, the government, the actors, and anyone else involved in this mess should feel ashamed.

If you’re brave enough, here’s the cringe-worthy video in full:

EU Agree On Cybersecurity Rules

Security is a word that has appeared more and more online when it comes to the digital world in recent years. With more and more attention drawn by everyone from presidential candidates like Donald Trump to toy companies like VTech, governments are now pushing for stricter security on their systems. The EU have since agreed upon a set of rules regarding how their countries should approach the problem and where their responsibilities lie.

The proposed legislation would mean that essential services, such as electricity management and traffic control systems would have to be able to withstand online attacks while major marketplaces like Amazon or eBay would be included with cloud-based services (things like your apps which use online storage app) would be required to ensure that their infrastructure is secure and will be legally responsible for reporting any incidents.

While teams will be set up to help coordinate responses there will be a set of rules to exchange information and support one another in regards to their capability of handling cyber security issues.

While this seems like a positive step, you have to consider this is a world where people have been open about wanting to reduce, or even remove encryption, potentially even creating back doors for ‘government’ use, you have to worry about how a European-wide system would handle matters proposed by each countries governments.

 

Ripping CDs and DVDs Will Remain Illegal in The UK

The UK’s legal system has struggled to keep up to date with technological advancements and enact copyright laws designed for the digital age. For example, up until year last, it was illegal to rip content from optical media and create a backup. This is completely absurd when you consider how popular streaming devices are and the slow demise of physical media. Thankfully, the UK parliament repealed this ridiculous law in 2014 and made it legal to create digital backups. However, a few months ago, the High court made a ruling and deemed the repealed 2014 act act as illegal.

Earlier indications suggested this ruling could be overturned with an appeal from the government. Sadly, this isn’t the case and the UK government has accepted this particular decision. A spokesperson for the Intellectual Property Office (IPO) told Out-Law:

The government is currently focusing its resources on the upcoming European copyright reforms, and does not intend to take further action on private copying at this time.”

While it’s still illegal to rip content from optical media, this isn’t going to stop anyone from engaging in this activity. Furthermore, it does seem pointless due to the popularity of digital content and streaming. There are some individuals who prefer optical media but this is becoming more of a niche audience. On the other hand,  the notion you cannot make a digital backup of something you purchased legitimately is laughable.

Touch Screen Devices are ‘Eroding’ Digital Skills for Children

Hands up if you own a touch screen phone? How about a touch screen laptop/tablet? How many of your devices use a touch screen these days? It would seem that this may not be amazing news if you’re handing these devices to children as an Australian educational body noted that there was a ‘significant decline’ in what is classed as IT literacy among some students, in part due to the wide adoption of touch screens.

Think about how you open up a link or perform an action on your phone or your tablet compared to how you would do it on your computer, now think about how often do you use a touch screen for office work.

The report produced by Australia’s National Assessment Programme states that 16-year-olds have a lower than average IT proficiency than any other year. Among the tasks to complete were creating invitations using graphics software, setting up a tablet and installing apps and even promoting an event through social media.

The lower results could be due to the use of mobile technology, an area where skills are developed but are not commonly associated with ICT literacy. A new emphasis was put on teaching relevant knowledge and the skills and understanding to use this knowledge in both personal and professional environments.

Police Body Cameras Pre-Installed With Worm

Police are just one of many organisations that are using technology to help their everyday activities. One of these pieces of technology is body cameras, small devices which can record a policemen’s actions, allowing them to operate and display both their and others actions in court at a later date. With many police forces making these required pieces of technology and disciplining officers who turn them off it is a serious issue when these devices are exploited or misused. So what happens when they are installed with viruses?

Martel Body Cameras are supplied with GPS and are sold and marketed for use by official police departments. It would seem though that users who plug in these devices get more than they bargained for when iPower Technologies began testing the devices.

iPower Technologies are a network integrator looking at creating a cloud-based system for storing police and government videos, so during the course of their testing of products they quickly discovered something shocking. The Martel body camera came pre-installed with Win32/Conflicker.B!inf virus, a worm.

The worm in question, once unleashed, automatically spreads across the network and the internet attempting to spread it to other systems, a serious impact if the systems are meant to be secure, as government agencies expect of theirs. iPower have since contacted Martel but are yet to receive an official acknowledgement of the problem, as such they have released the information regarding this matter in a blog post. They state that the reason they have released the information is due to the severity of the security implications that these devices pose with their presence within government and police forces around the US.

Below you can find the video iPower posted showing that their anti-virus does in fact pick up and contain this worm.

Paris Attackers Allegedly Used PS4s and PSN to Communicate

In a development that is likely to place more pressure on the technology sector, reports are coming out that the perpetrators of the recent Paris attacks used Sony PS4s to communicate and coordinate their attack. This comes after authorities have taken away the PS4s from the attackers homes and Belgian home affairs minister has said that the PS4 was chosen due to its difficulty to track.

Games and consoles have always been on the radar for authorities in monitoring suspects. After all, Edward Snowden revealed that the NSA and GCHQ had agents embedded into MMORPG World of Warcraft and Second Life in order to monitor suspects. XBox Live was monitored and part of the reason many were hesitant about the always on functions of the new consoles and the once mandatory Kinect.

At that time, PSN, the Sony’s Playstation Network was not mentioned as a target for monitoring. If it turns out the PS4 was used, authorities will likely start looking into PSN communications as well. Given the myriad number of ways players can communicate with each other in game, the large volume of communications and the importance of context, whether or not extra monitoring would help remains to be seen.

Apple CEO Predicts ‘Dire Consequences’ For Privacy if Snooper’s Charter is Passed

The UK government’s Investigatory Powers Bill allows the police, and officials to record each person’s web activity for a 12 month period. Additionally, internet service providers are required by law to assist the state and break through any encryption. Technically, this could make it illegal for Apple to sell their products in the UK due to their handset encryption methods. Apple’s CEO weighed in on the bill and told The Telegraph:

“We believe very strongly in end-to-end encryption and no back doors,”

“We don’t think people want us to read their messages. We don’t feel we have the right to read their emails.”

“Any back door is a back door for everyone. Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a back door can have very dire consequences.”

Tim Cook also discussed the latest TalkTalk data breach and proclaimed:

“It’s not the case that encryption is a rare thing that only two or three rich companies own and you can regulate them in some way. Encryption is widely available. It may make someone feel good for a moment but it’s not really of benefit. If you halt or weaken encryption, the people that you hurt are not the folks that want to do bad things. It’s the good people. The other people know where to go.”

Consumers rightfully do not trust huge corporations or governments to keep their data secure. History shows us that breaches are commonplace, and the huge amount of sensitive data from this bill could have catastrophic consequences. Furthermore, the voyeurism, and police state monitoring can only be described as disgraceful.

Full Scope of UK’s Worrying Surveillance Bill Revealed

The UK Home Secretary, Conservative MP Theresa May, has outlined the full scope of the proposed Investigatory Powers Bill. The bill, which has been teased by both May and UK Prime Minister David Cameron as a legal means by which police and intelligence services can bypass internet and telecommunication encryption and access the internet history of any UK citizen without judicial oversight, has confirmed the fears of many that the concept of privacy on the internet will become a thing of the past in the UK.

The new powers, as revealed by May in Parliament on Wednesday (4th November) and in draft form on the UK Government’s website [PDF], grant UK law enforcement agencies the ability to access and intercept a user’s internet data, which internet service providers will be required by law to store for up to 12 months, and place a legal obligation on companies to allow the UK Government backdoors by which to bypass encryption, but will be powerless to ban end-to-end encryption since such facilities being protected under European Union law.

The response to the bill outside the House of Commons has been almost uniformly negative, with many fearing that it marks an end to internet human rights in the UK, and that tech companies could pull out of the country over it:

https://twitter.com/jamesrbuk/status/661904968404873216

https://twitter.com/carlynyst/status/661895043490430976

A full summary of the Investigatory Powers Bill (via The Guardian):

  • Requires web and phone companies to store records of websites visited by every citizen for 12 months for access by police, security services and other public bodies.
  • Makes explicit in law for the first time security services’ powers for the “bulk collection” of large volumes of personal communications data.
  • Makes explicit in law for the first time the powers of the security services and police to hack into and bug computers and phones. Places new legal obligation on companies to assist in these operations to bypass encryption.
  • New “double-lock” on ministerial authorisation of intercept warrants with a panel of seven judicial commissioners given power of veto. But exemptions allowed in “urgent cases” of up to five days.
  • Existing system of three oversight commissioners replaced with single investigatory powers commissioner who will be a senior judge.
  • Prime minister to be consulted in all cases involving interception of MPs’ communications. Safeguards on requests for communications data in other “sensitive professions” such as journalists to be written into law.
  • New Home Office figures show there were 517,236 authorisations in 2014 of requests for communications data from the police and other public bodies as a result of 267,373 applications. There were 2,765 interception warrants authorised by ministers in 2014.
  • In the case of interception warrants involving confidential information relating to sensitive professions such as journalists, doctors and lawyers, the protections to be used for privileged information have to be spelled out when the minister approves the warrant.
  • Bill includes similar protections in the use of powers to hack or bug the computers and phones of those in sensitive professions as well.
  • Internet and phone companies will be required to maintain “permanent capabilities” to intercept and collect the personal data passing over their networks. They will also be under a wider power to assist the security services and the police in the interests of national security.
  • Enforcement of obligations on overseas web and phone companies, including the US internet giants, in the courts will be limited to interception and targeted communications data requests. Bulk communications data requests, including internet connection records, will not be enforceable.

Image courtesy of WikiMedia.