Tag Archives: privacy

Security Tradeoffs

Posted on by
2

Here’s one.

A federal judge has ordered Apple Inc to provide software to the Justice Department to help it unlock a phone used by one of the suspects in the San Bernardino, CA, terror attack because investigators suspect the device may hold critical details of the plotting behind the mass murder.

The government’s justification is this:

Law-enforcement agencies say companies such as Apple make it harder to solve crimes including terrorist attacks, child abuse and murder by putting security measures on phones that make it difficult or impossible for investigators to open them and examine data inside.

That’s an entirely valid concern.

The problem, though, is that forcing a back door into citizens’ communications encryption utterly destroys citizens’ privacy and security. There’s nothing to prevent Government from abusing that back door to engage in snooping on general principles and then actively and maliciously snooping in order to preserve the power of the men then in Government. The lawlessness of the present administration demonstrates that progression.

Of immediate effect, though, is that a backdoor for Government is a backdoor for hackers, whether these be script kiddies, terrorist hackers, financial or identity theft hackers, or any other sort.

The privacy and the security of our private identities, of our finances, of our health records, of any aspect of our lives we find useful to protect from prying eyes are critical to our ability to engage with our neighbors and our businesses and our government free from threats or attack.

The privacy of our communications, the security of our speech, must absolutely be preserved. There is no security at all without our individual liberties, of which speech is one, held secure.

“Law-enforcement agencies” and this Federal judge know this full well. And they know full well the truth of Apple CEO Tim Cook’s statement in his letter posted to Apple’s Web site:

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack.

Gross Incompetence?

Posted on by
Reply

As if we didn’t need another reason to disband the Department of Education (see its Dear Colleague letter for an example of its gross dishonesty), here’s another, of utter failure to perform. DoE isn’t taking care of its digital data.

The Education Department doesn’t hold nuclear launch codes. But its vast data trove on student-loan borrowers and their parents—and the nearly $100 billion it disburses in new loans every year—are reason enough to want the bureaucrats to prevent digital intrusions. ….
The stakes go well beyond personal privacy. Federal student loans outstanding exceed $1 trillion, and Team Obama is trying to forgive those debts. It would add injury to injury if cyber-fraudsters were able to pile on for a taxpayer plundering.

It isn’t a matter of an isolated error, even a serious one, which can happen in any large enterprise, either.

Department of Education Inspector General Kathleen Tighe reported in November that her team has been “finding the same deficiencies over and over again” regarding information security. Since 2009 independent auditors “have found persistent IT control deficiencies in key financial systems,” she said.

For six years, auditors have found persistent DoE IT failure. This is not an inability to achieve perfection in personal digital data handling; this is a conscious and deliberate refusal to bother.

We don’t need a Federal government Department of this sort. Not at all.

Personal Secrecy vs National Security

Posted on by
Reply

The latest batch of 3,105 emails includes 275 documents upgraded to “classified” since they landed in the former Secretary’s personal inbox. That brings the total number of classified docs found in the emails to 1,274. A State Department official told Fox News on Thursday that two of those emails were upgraded to “secret,” while most of the others were upgraded to “confidential.”

Because Democratic Party Presidential candidate and then-Secretary of State Hillary Clinton’s desire to keep her doings in our name as a Cabinet Secretary were more important than our national security.

We don’t need four more years of this from within the White House.

Another Thought on Encryption

Posted on by
1

Apple’s Tim Cook had one [emphasis added].

On your iPhone, there’s likely health information, there’s financial information. There are intimate conversations with your family or your co-workers. There’s probably business secrets, and you should have the ability to protect it. And the only way we know how to do that is to encrypt it. Why is that? It’s because, if there’s a way to get in, then somebody will find the way in. There have been people that suggest that we should have a back door. But the reality is, if you put a back door in, that back door’s for everybody, for good guys and bad guys.

The Democrat District Attorney for Manhattan Cyrus Vance thinks Government should be in our pockets; he thinks Apple, et al., are undermining Government power.

IPhones are now the first consumer products in American history that are beyond the reach of lawful warrants. The result is crimes go unsolved and victims are left beyond the protection of law. Because Apple is unwilling to help solve this problem, the time for a national, legislative solution is now.

Here’s what our Constitution’s 3rd Amendment says:

No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner….

Vance just wants to skirt this by quartering virtual policemen in our cell phones. No. Government just needs to go back to doing actual police work, and not rely on such quartering.

Undermining? If anyone is undermining anything, it’s the New York Democrat, who’s undermining individual liberty. This is a clear and present demonstration of why Government cannot be trusted with such a weapon.

Maybe It’s Time

Posted on by
Reply

Banks fear a growing number of employees are unwittingly exposing valuable information to hackers or in some cases leaving digital clues that make a breach possible.

And

Several banks are also increasingly testing whether their employees unintentionally leave them susceptible to hackers by falling prey to “spear-phishing” attempts, in which criminals lure recipients to click on links.

And

Weeks after JP Morgan Chase & Co was hit with a massive data breach that exposed information from 76 million households, the country’s biggest bank by assets sent a fake phishing email as a test to its more than 250,000 employees. Roughly 20% of them clicked on it, according to people familiar with the email.

There’s no excuse for employees, in this day and age, being so gullible or so careless.

If employees are going to continue to be willfully irresponsible, maybe it’s time for employers to get hard-nosed in the workplace: company equipment is for company business exclusively, including during lunch or other breaks. With firing being the default sanction for misuse.

Full stop.