Don’t Listen to Google and Facebook: The Public-Private Surveillance Partnership Is Still Going Strong - Bruce Schneier. And real corporate security is still impossible. A surveillance camera outside Google's China headquarters in 2010 (Jason Lee / Reuters) If you’ve been reading the news recently, you might think that corporate America is doing its best to thwart NSA surveillance. Google just announced that it is encrypting Gmail when you access it from your computer or phone, and between data centers. Last week, Mark Zuckerberg personally called President Obama to complain about the NSA using Facebook as a means to hack computers, and Facebook's Chief Security Officer explained to reporters that the attack technique has not worked since last summer. On the government side, last week the NSA's General Counsel Rajesh De seemed to have thrown those companies under a bus by stating that—despite their denials—they knew all about the NSA's collection of data under both the PRISM program and some unnamed "upstream" collections on the communications links.
Two Surveillance Regimes, Still in Force It doesn’t. Schneier on Security. Surveillance as a Business Model. Google recently announced that it would start including individual users' names and photos in some ads. This means that if you rate some product positively, your friends may see ads for that product with your name and photo attached—without your knowledge or consent. Meanwhile, Facebook is eliminating a feature that allowed people to retain some portions of their anonymity on its website. These changes come on the heels of Google's move to explore replacing tracking cookies with something that users have even less control over. Microsoft is doing something similar by developing its own tracking technology. More generally, lots of companies are evading the "Do Not Track" rules, meant to give users a say in whether companies track them.
It shouldn't come as a surprise that big technology companies are tracking us on the Internet even more aggressively than before. If these features don't sound particularly beneficial to you, it's because you're not the customer of any of these companies. NSA surveillance: how to stay secure | Bruce Schneier | World news. Now that we have enough details about how the NSA eavesdrops on the internet, including today's disclosures of the NSA's deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves.
For the past two weeks, I have been working with the Guardian on NSA stories, and have read hundreds of top-secret NSA documents provided by whistleblower Edward Snowden. I wasn't part of today's story – it was in process well before I showed up – but everything I read confirms what the Guardian is reporting. At this point, I feel I can provide some advice for keeping secure against such an adversary. The primary way the NSA eavesdrops on internet communications is in the network. That's where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. The NSA collects much more metadata about internet traffic: who is talking to whom, when, how much, and by what mode of communication. Bruce Schneier: Prosecuting Snowden -- "I believe that history will hail Snowden as a hero -- his whistle-blowing exposed a surveillance state and a secrecy machine run amok. I'm less optimistic of how the present day will treat him" via reddit.com.
Surveillance and the Internet of Things. A blog covering security and security technology. « Security Risks of Too Much Security | Main Surveillance and the Internet of Things The Internet has turned into a massive surveillance tool . We're constantly monitored on the Internet by hundreds of companies -- both familiar and unfamiliar. Everything we do there is recorded, collected, and collated -- sometimes by corporations wanting to sell us stuff and sometimes by governments wanting to keep an eye on us. Ephemeral conversation is over . Wholesale surveillance is the norm .
It's about to get worse, though. The Internet of Things refers to a world where much more than our computers and cell phones is Internet-enabled. Lots has been written about the " Internet of Things " and how it will change society for the better. Soon everything we do, both online and offline, will be recorded and stored forever. We're seeing an initial glimmer of this from how location sensors on your mobile phone are being used to track you. Cyber-espionage and the Growing New Internet Nationalism.
For something that was supposed to ignore borders and bring the world closer, the Internet is fostering an awful lot of nationalism right now. We’re seeing increased concern about where IT products and services come from: U.S. companies are worried about hardware from China, European companies are worried about cloud services in the U.S., and Russia and China might each be building their own operating systems to avoid using foreign ones. I see this as an effect of the saber-rattling that has been going on. The major nations of the world are in a cyberwar arms race, and we’re all being hurt by the collateral damage. Our nationalist worries have recently been fueled by reports of attacks from China. These attacks aren’t new—cyber-security experts have been writing about them for at least a decade, and the most recent allegations aren’t very different.
At the same time, many nations are demanding more control over the Internet within their borders. But remember: this is not cyberwar. To Profile or Not to Profile? A Debate between Sam Harris and Bruce Schneier Sam Harris's BlogMay 25, 2012 Introduction by Sam Harris I recently wrote two articles in defense of "profiling" in the context of airline security (1 & 2), arguing that the TSA should stop doing secondary screenings of people who stand no reasonable chance of being Muslim jihadists. I knew this proposal would be controversial, but I seriously underestimated how inflamed the response would be.
Had I worked for a newspaper or a university, I could well have lost my job over it. One thing that united many of my critics was their admiration for Bruce Schneier. Bruce is an expert on security who has written for The New York Times, The Economist, The Guardian, Forbes, Wired, Nature, The Bulletin of the Atomic Scientists, The Boston Globe, The San Francisco Chronicle, The Washington Post, and other major publications. This debate was conducted entirely by email, without a moderator. So, to begin, I just want us to agree about this initial focus. Privacy and the Fourth Amendment. In the United States, the concept of "expectation of privacy" matters because it's the constitutional test, based on the Fourth Amendment, that governs when and how the government can invade your privacy. Based on the 1967 Katz v.
United States Supreme Court decision, this test actually has two parts. First, the government's action can't contravene an individual's subjective expectation of privacy; and second, that expectation of privacy must be one that society in general recognizes as reasonable. That second part isn't based on anything like polling data; it is more of a normative idea of what level of privacy people should be allowed to expect, given the competing importance of personal privacy on one hand and the government's interest in public safety on the other.
The problem is, in today's information society, that definition test will rapidly leave us with no privacy at all. Clearly, something has to change if we are to be left with any privacy at all. Using a File Erasure Tool Considered Suspicious. By a California court: The designer, Carter Bryant, has been accused by Mattel of using Evidence Eliminator on his laptop computer just two days before investigators were due to copy its hard drive. Carter hasn't denied that the program was run on his computer, but he said it wasn't to destroy evidence. He said he had legitimate reasons to use the software. [...] But the wiper programs don't ensure a clean getaway. They leave behind a kind of digital calling card. "Not only do these programs leave a trace that they were used, they each have a distinctive fingerprint," Kessler said. "Evidence Eliminator leaves one that's different from Window Washer, and so on. " I have often recommended that people use file erasure tools regularly, especially when crossing international borders with their computers.
Tags: borders, courts, data destruction, deniability, forensics. The Psychology of Security. By Bruce Schneier January 18, 2008 PDF versionItalian translation by Agatino Grillo French translation by Véronique Rabuteau Introduction Security is both a feeling and a reality. And they're not the same. The reality of security is mathematical, based on the probability of different risks and the effectiveness of different countermeasures.
We can calculate how secure your home is from burglary, based on such factors as the crime rate in the neighborhood you live in and your door-locking habits. We can also calculate how much more secure a burglar alarm will make your home, or how well a credit freeze will protect you from identity theft. But security is also a feeling, based not on probabilities and mathematical calculations, but on your psychological reactions to both risks and countermeasures. Or, more generally, you can be secure even though you don't feel secure. Four fields of research--two very closely related--can help illuminate this issue. The Trade-Off of Security.