http://www.smh.com.au/technology/technology-news/data-retention-and-the-end-of-australians-digital-privacy-20150827-gj96kq.html > ASIO (Australian Security Intelligence Organisation)
---------------------- ꕤ ----------------------
ꕤ
|
TOKYO MASTER BANNER
MINISTRY OF TOKYO
|
Showing posts with label Privacy. Show all posts
Showing posts with label Privacy. Show all posts
August 31, 2015
Australia - Digital Privacy Ends 13 Oct
August 13, 2015
ANDREA VANCE - 'NZ spies want greater powers'
SOURCE
---------------------- ꕤ ----------------------
Foreign intel - GCSB - here Internal intel - NZSIS - here Hon Christopher Finlayson, Attorney-General- here
Assume from the article that the minister responsible for both agencies is the attorney-general, Christopher Finlayson. Did Key handball it to the attorney-general, or is Key ultimately responsible and overseeing the attorney-general? Alternatively, is this really attorney-general territory in practice? It looks like Finlayson's minister in charge of SIS (Security Intelligence Services), going by his profile. Don't see anything re the foreign intel agency, GCSB.
Edit: GCSB - also caught spying illegally / see Kitteridge Report.
---
Hey, New Zealand
This Is What Happens When Intel Agencies Have
Unchecked Power
spying and monitoring of pipeline critics was illegal and had a "chilling" effect on Canadians' freedom of expression and freedom of association
+ MORE ELSEWHERE
PS Same deal, whether it's speech or privacy issue, so it all stands.
ꕤ
|
August 04, 2015
HORNET Onion Routing - Tor Rival?
--------------------- COMMENT Potential vulnerability points mean nothing to me. Tor anonymity network - here. |
August 03, 2015
SINGAPORE - SURVEILLANCE STATE
'PacketShape' {Blue Coat Systems Inc, USA-based provider} |
WikiLeaks - Hacking Team Leak - Release Verified as Legitimate / Singapore Surveillance
Singapore is using spyware, and its citizens can’t complain By Gabey GohAug 03, 2015 Behind the surveillance curtain Meanwhile, Goh Su Gim (pic), the security advisor at cybersecurity firm F-Secure in Asia, has examined the Hacking Team documents that have been leaked online, and said he believes them to be legitimate. “Especially the source code and their Galileo product architecture – it is exactly how security researchers have expected it to be,” he told DNA. “Many have compiled the source code and replicated what products Hacking Team has been selling to the [Singapore] Government,” he added. The leaked Hacking Team information also includes email threads that point to other Singaporean agencies showing an interest in the Italian company’s spyware, according to Goh. These agencies include the Centre for Strategic Infocomm Technologies (CSIT), part of the Ministry of Defence; and the Infocomm Technology Division (ICTD) of the Ministry of Home Affairs (MHA) back in 2013. Goh noted that an Israeli company, Nice Systems which specialises in telephone voice recording, data security and surveillance, serves as a partner working with Hacking Team to sell to CSIT and MHA. “Interestingly, the MHA was interested in its IPA device (Injection Proxy Appliance),” he said. “This is a networking device, typically installed alongside an Internet service provider’s servers, that can hijack targets’ Internet traffic without their knowing, and surreptitiously deliver malware to their device or computer. “Tricking a target into opening a file or going to a phishing site may be not be as easy, and this is the perfect appliance to intercept Internet activity on the fly – for example, if a target wants to watch a video or download a new app, the IPA could intercept and prompt the target to install a booby-trapped version of Adobe Flash with the spyware. “It is also interesting to note at the end of the [leaked] email, [there is the statement]: ‘(As always, but especially in this country, confidentiality is a must. Thanks.)’,” he added. Why the IDA? There were no further documents available to show whether discussions with the CSIT and MHA panned out and were converted to sales, Goh conceded. He said that the F-Secure team was also unable to independently confirm whether the IDA and other agencies in South-East Asia, besides the publicly published list of clients available on the Internet, were or are Hacking Team customers. However, Goh noted that given what Hacking Team offers, it may seem more relevant for CSIT and MHA to purchase such tools in the name of homeland security. “But the IDA is a statutory board of the Singapore Government, under the Ministry of Communications and Information, whose mission is to develop information technology and telecommunications within Singapore – with a view to servicing citizens of all ages and companies of all sizes. “With that said, since it is not an enforcement agency – there is no use for a surveillance tool, unless it is used for research purposes,” he said. The IDA did not respond to DNA’s repeated requests for comment. https://www.digitalnewsasia.com/digital-economy/singapore-is-using-spyware-and-its-citizens-cant-complain?page=0%2C1 -------- -------- -------- COMMENT Thought this a cool article, as the WikiLeaks publication of the Hacking Team data has been independently verified as legitimate. |
July 31, 2015
Google Compute Engine - Cloud Computing & Customer Held Encryption Keys / Red Herrings
Google has just done something that’s going to annoy the US and UK governments Business Insider Alastair Stevenson, Business Insider Jul. 29, 2015, 11:15 AM 2
UK Prime Minister David Cameron is not going to like this.
Google has rolled out a security service for its business customers that could put a serious downer on the UK government’s plans to increase law enforcement’s surveillance powers.
The service was revealed by Google product manager Leonard Law in a blog post and is currently in beta form.
It will let businesses running the company's Google Compute Engine create their own encryption keys.
Encryption is a security technology that scrambles digital information using specialist mathematics.
It makes it so only people in possession of a specific unlock key or password can read the encrypted information.
Google’s move may not sound like a big deal to people outside the technology community, but the implications for the move are pretty massive.
What the Google Compute Engine is
Google’s Compute Engine is the basis of the company's cloud computing platform.
Cloud computing is a special type of technology that uses a network of remote servers hosted on the internet to run computer processes traditionally done on a device’s internal hardware.
In theory, this means cloud computing customers can get high-powered computer performance, or run complex tasks beyond normal hardware’s capabilities without having to buy lots of equipment.
As well as Google, which uses the tech to power many of its own services, such as YouTube, numerous big-name companies including Coca Cola, Best Buy, Rovio, Avaya and Ocado also use the Compute Engine.
How it links to government surveillance
The widespread use of Google’s cloud tech means it handles vast amounts of user data. Data running through the platform can include things like customer records, account information and, at times, the user's geographic location.
PRISM documents leaked by Edward Snowden in 2013 revealed intelligence agencies, such as the NSA and GCHQ, have been siphoning vast amounts of web user information from Google's cloud platform – as well as many other cloud service providers.
The move makes sense, as the Compute Engine’s large customer base lets the agencies collect data from multiple companies and services from one central source.
A game of cat and mouse
Google already encrypts services running through its Compute Engine by default. This partially protects customers as it means agencies like the NSA or GCHQ cannot read the data without knowing which encryption key was used.
However, the tactic is not foolproof, as the NSA and GCHQ can use legal requests, such as letters sent under the US Foreign Intelligence Surveillance Act (FISA), to force Google to unlock or hand over unencrypted copies of the data.
This issue was set to get even worse in the UK and US as both governments have hinted at plans to make it easier for law enforcement and intelligence agencies.
Law enforcement agencies within the US have been lobbying for the US government to control business use of encryption since the PRISM leaks emerged. FBI director of counter-terrorism Michael Steinbach warned lawmakers that strong encryption technology allows terrorists "a free zone by which to recruit, radicalize, plot and plan," in June.
UK prime minister David Cameron has hinted at plans to hamper the use of encryption. Cameron told Parliament he wants to "ensure that terrorists do not have a safe space in which to communicate," on June 6.
How companies having their own keys will hamper surveillance
Experts within the security community have argued that Google’s move will cause problems for the UK government’s plans.
FireEye global technical lead Simon Mullis explained to Business Insider this is because it will make it so Google won’t be able to decrypt the data, even if ordered to.
“Essentially the access to, ownership and management of the keys used to encrypt all data within Google Cloud is now handled by the end-customer," he said.
"[This will] make it harder for any external agencies such as law enforcement or intelligence services to gain access to the decrypted data as there are fewer parties [people able to unlock the data] involved.”
As a result, if law enforcement wanted access to the encrypted Compute Engine data, they would have to mount individual requests to each customer, a practice that would slow their surveillance operations.
Business Insider has reached out to the UK Prime Minister's press team for comment on how custom encryption keys will impact Cameron's plans.
Google is one of many technology companies working to fight the UK and US government’s surveillance plans. A group of 140 companies, including Google, Microsoft, Apple and Facebook, sent an open letter to President Obama in May urging him to reject the encryption proposals, fearing they would damage the US economy. Apple CEO Tim Cook claimed law enforcement’s hostility towards encryption is dangerous in June.
SOURCE http://www.techinsider.io/google-has-offered-compute-engine-customers-advanced-encryption-powers-2015-7 --------------------- COMMENT
'Terrorists' is the big stick / leverage go-to for governments to demand access.
If I were a company, I would prefer complete control of my own data. Relying on cloud computing doesn't appeal, even though it may be cheaper. And why would you trust any company that can unencrypt your data? But I guess the advantage might be in passing the buck. As in, if data is compromised, you can maybe blame it on the third party cloud host & they get lumped with compensation payouts?
This is a good companion article regarding encryption offerings:
The Red Herring of Digital Backdoors and Key Escrow EncryptionBill Blunden EXTRACTS By concentrating on key escrow the CEOs of Silicon Valley are able to conjure up the perception of an adversarial relationship with federal agencies. This is absolutely crucial because tech companies need to face the public wearing a white hat. In the aftermath of the PRISM scandal, where C-suite types were caught colluding with the government on a first-name basis, American executives are frantically trying to convince people on behalf of quarterly revenue that they’re siding with consumers against spying. An interesting but fundamentally flawed narrative, given how much economic espionage the government conducts and how much spying corporate America does. Who do you think benefits from this sort of mass surveillance? I really like this guy's articles. |
Tor Vulnerability - Traffic Analysis Identifies Guard Servers
SOURCE http://fusion.net/story/175068/sorry-the-way-you-type-is-exposing-your-identity-online-even-if-youre-browsing-anonymously/--------------------- COMMENT
So:
Imagine the Tor people are adapting to the fake packet fix, whatever that is.My reference to 'server' should probably read 'node' in the Tor network, I would think.
------- ------- -------
Data transferred by computer is sent via 'packets'. Due to size constraints, data sent out is broken up and reassembled at the destination.These are just notes for my benefit. Hoping I have the info. straight. LOL --------------------- MORE MIT researchers figure out how to break Tor anonymity without cracking encryption |
April 07, 2015
UK - Privacy International - Surveillance Industry - Surveillance General
Meet the privacy activists who spy on the surveillance industry http://fusion.net/story/112390/unveiling-secrets-of-the-international-surveillance-trade-one-fake-company-at-a-time/ LONDON– On the second floor of a narrow brick building [...] Highlights are for me. Link to source article for an easier read. Prior advocacy work: More investigations coming:
Egypt, Tunisia & Bahrain - used European surveillance technology (crackdown protesters). Expansive surveillance set down by:
|
Labels:
Chicago PD,
Cybersecurity,
Edward Snowden,
European Commission,
Five Eyes,
GCHQ,
Intelligence,
NSA,
Privacy,
Privacy International,
Software,
Stingrays,
Surveillance
April 01, 2015
Don't Get Angry: Encrypt
AUSTRALIAN DIGITAL RAPE BY BRADIS & CO Why people ignore data retentions many perils REMEDY
Encryption https://www.gnupg.org/ http://en.wikipedia.org/wiki/GNU_Privacy_Guard
Anonymising https://www.torproject.org/ Tor - Explained
..........................................................................
...........................................................................
Photo: Alex Ellinghausen COPYRIGHT DISCLAIMER Regarding the SMH article, 'rape by Bradis & Co' is my take rather than SMH's ... just so there's no confusion. ;) The snail-mail version of this would have been going on back in the 50s and 60s, when the Australian govt was in full surveillance and political suppression and sabotage mode, to blot out the 'evil' of communism. But it isn't Russians and communists looking evil now; it's the totalitarian West. Instead of getting angry but then just accepting the inevitable prison population living conditions: Intend to keep at it until I get some kind of feel and overview for privacy tech basics, from a consumer perspective. Only I'm rather lazy ... VIDEO GPG for Journalists - Windows edition | Encryption for Journalists | Anonymous 2013 from anon108 on Vimeo. |
Subscribe to:
Posts (Atom)