Tag Archives: NSA

January 27, 2014 · 04:45

The danger ahead

It was the BBC that gave me an insight I had not been aware of. It is easy to miss an item, even though I have been involved in IT on many levels for over 3 decades. It is just not possible to keep it all in focus all the time.

It is kind of fun to consider the words of my late grandmother. It was the only issue we could never see eye to eye on. She had an expression ‘Johnny of all, master of none‘. It was not a positive expression! I always went the other way in that regard. Whilst most went to some ‘temporary’ master as they mastered a certain niche skill. I went into the width of IT. I got exposure to such a wide field that my knowledge covered the entire foundation of IT (yes, in the time of the mainframe). After that I started to grow the base of this knowledge trying to evenly grown my knowledge of all IT fields (to some degree). My knowledge grew from programming, to consulting, to training and so on.

So where is this going?

I wrote at an earlier date about IT and the iteration approach to IT (at ‘Year of the last Euro?‘). The entire field goes a lot further. In an age of the similar devices, last week as I was prohibited from moving for 4 hours, I decided to let my mind wander and I came up with an entirely new Notebook. I categorise it as a fat notebook and I call it the ‘True Mobile System’. In an age where Sony, Asus, IBM et all seem to come up with a different names for the same flavour, my mind designed a new approach to a mobile business system.

Was it clever? Not sure! The issue is that many could have come up with it and either they are limited to what their boss dictates or they are just not thinking in a user based forward motion. Here lies the crux of many issues we have seen lately. Their way of thinking is not user based. It is often revenue based, there is a HUGE difference!

If you have read my previous blogs (especially ‘Fifth in a trilogy!‘) then you might notice a trend. In my mind most corporate IT is now all about what is in charge, not who! So as marketing decides on deadlines and evolutions, many learn the hard way that marketing is basically the extension of the CFO (and/or the stakeholders) and as such it is all about the money. If development is the science, then marketing should be seen as the ‘tainted’ picture. The problem is that too many CEO’s and others are all about this tainted picture (and as such the perception of what comes next), the science/engineering side gets too often ignored, or just briefly listened to and after that they get shut down and pushed forward to meet the deadline.

In that regard I still see the game ‘Assassins Creed 4’ (yes that pirate game), which could have been truly great and ended up being less than that (at least in my personal view)! The same can be said for business based ideas. If we consider this message (at http://www.bbc.co.uk/news/technology-25859360), where Google Chrome might be considered an eavesdropping risk, then what is safe to users?

The quote “The malicious site you visited can continue listening in on you long after you have left it said Mr Ater. As long as Chrome is still running nothing said next to your computer is private.” gives ample reason for worry. The danger from our side is that this could be a topic for conspiracy theory. Was this really ‘accidental’? I am not saying it was not or was not. It is however interesting how we as computer users have been exposed to a massive amount of security flaws in the last year alone.

In my mind, is this due to shoddy programming, or is their local marketing so set on certain deadlines and as such proper testing is no longer done? I personally think it is a combination of the latter two. As additional ‘evidence’ in my train of thought, my recent Yahoo experience comes to mind.

I have been a faithful Yahoo user since the early 90’s, for me it always sufficed. The e-mail was robust, it gave me the space I needed and as such I never regretted it. Yet, since the ‘remake’ of Yahoo it changed by a lot. The amount of failures I viewed are on a new low level of customer experience and as such, at present I am seriously considering leaving Yahoo mail and move to Google permanently.

The feedback does not have any options for filing bugs or complaints. It is all about ‘submit an idea‘ and ‘send public feedback‘. To me this all seems like the marketing image left by someone who should be lobotomised and left somewhere far away from any IT endeavour (preferably forever). Yahoo mail now exposes us to additional dangers as we no longer see a status bar in certain places. So, we no longer see ‘the’ link, which I consider a bad thing. The new system also ‘assumes’ spam, so I now have to scan my spam even more often. I can no longer sort by sender, which means that organising my inbox take a massive amount of time longer. The list goes on and on. Is it marketing at the expense of functionality?  To be honest, I would need a little more evidence before I can state that as a fact to some level, but the deadline push has been visible with too many corporations and for far too long.

These issues go a lot further when you consider the article called ‘Android’s biggest security flaws‘ at ZDNet (at http://www.zdnet.com/androids-biggest-security-flaws-1339338283/). As they mention the dangers of inexperienced and malicious developers, they actually forgot about the third group, the ‘callous developer’. These firms (not the individual programmer), who are all driven to meet certain deadlines and as such might not properly test or secure their application.

It is important to note that I do not see the inexperienced developer as a real threat. Yes, they offer the same level of danger, but they are not out to harm you. You, the user, who wants applications for free (as many do) should not blame that new person for trying to get a foothold. If that developer is to be held for one thing, then in my mind it would be that too many of these freebies should bare the mark ‘Beta’ or ‘Trial’, to add an extra warning level for user downloading their new endeavour.

The big issue becomes: ‘What to do about Android?’

As the influence of android increases and interacts with all manner of devices in other ways (like with a person’s Sony-id account, so that a gamer keeps online with friends and achievements when they are not at home), gives way that security flaws become more and more harmful. More important, as we become more and more oblivious of the interaction, we might be spreading all our personal details all over the internet and that danger could grow exponentially with every additional application.

These events also shine an interesting light on an article that was in the Guardian last Friday (at http://www.theguardian.com/uk-news/2014/jan/24/justify-gchq-mass-surveillance-european-court-human-rights). When we consider the issues I listed on application security, we should take a second look at the quote in the article “Nick Pickles of Big Brother Watch said: ‘This legal challenge is an essential part of getting to the bottom of why the public and parliament have not been properly informed about the scale of surveillance and why our privacy has been subverted on an industrial scale.’

Perhaps the quote could also be read as “Speed and disregard of proper development has allowed for open access to many computers and devices, which allows for almost complete collection and stored and such storage can only be done by just a few. This open level of availability allows the NSA and GCHQ (amongst others) to collect open source intelligence, hoping to gain the upper hand in the war on terror.

I am not stating this is the case, but it could be seen as such. In that regard I call for the issue I mentioned in a previous blog called ‘Internet Privacy?‘ on December 27th, where we see the dangers of some applications (at http://www.theguardian.com/media/2013/dec/27/snapchat-may-be-exposed-hackers). If we consider the dangers consumes are exposed to for whatever reason, it seems odd that Big Brother watch is not more outspoken on the industrial subversion of privacy by software designers.

So here we get back to the beginning of this blog where I wrote “I designed a new way for a mobile business system.” As Microsoft has moved into a field of computers utilising an approach in the air of “With our computers you do not need to use the brain you never had in the first place“. An automated system that assumes all the time to cover 95% of its users, loaded with gaps and security flaws.

People need to get licensed to get a gun, drive a car, a boat or a plane. Yet, the dangers that computers expose us to are currently not dealt with in any serious way. I reckon that in the next two years identity theft and identity fraud will be regularly in the back of our minds, as it grows into the very visible danger it already is. If we look at some of the numbers then I could speculate that 90% of the people will directly know one victim of identity fraud or identity theft. Lexis Nexis, in their paper ‘2013 LexisNexis® True Cost of Fraud Study‘ state numbers that should scare us all. In 2013, 58% of the merchants were confronted with credit card fraud and 36% of the 2013 population was confronted with lost or stolen merchandise. These numbers by themselves are not that useful as such (at http://www.lexisnexis.com/risk/downloads/assets/true-cost-fraud-2013.pdf). Yet consider that 12.6 million U.S. adult victims of identity fraud had to deal on average with $1,653 of damage per fraud victim. The total amount becomes a staggering one and this is just the US! As technology is not properly attuned to a better level of security, but to set to please a growing marketable population these dangers will only increase. This is the true danger ahead, not what the government can see. In that regard Foreign Secretary William Hague is quite correct when he states “law-biding members of the public have nothing to fear“.

 

Leave a comment

Filed under Gaming, IT, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , ,

January 18, 2014 · 19:17

Diary for a wimpy President

It’s Saturday and the news is hitting the Guardian. The news of NSA reforms to end government storage of call data. For those who are stupid enough to think that this is a good thing, I reckon they should think again. The article asks a few questions. Questions I had voiced for some time and the people behind the screens have been very careful to play a game where they are not just in the place to set conditions, they will determine what will be stored, where it will be stored and how it will be sold. It was the one fear that people needed to have. If you are over 40, it does not matter where on the planet you live. Ask yourself the one question. ‘What if the insurer knew your actual health status?’ How scared are you now? Be afraid! This was on the table for a long time.
Quite literally, the structural discontinue of choice.

So, how do I get from one piece of information to the other one?

Consider the article as it is today (at http://www.theguardian.com/world/2014/jan/17/obama-nsa-reforms-end-storage-americans-call-data)

The first point is “The government will no longer store the phone call information of millions of Americans. But he did not say who should maintain the information, instead giving the intelligence community 60 days to come up with options.

The next one is “The US government had to be held to a ‘higher standard’ than private corporations that store user data or foreign governments that undertake their own surveillance.” This implies that the higher standard is a hindrance. This is the part that had to be shed. So, like the private contractors in the past as the intelligence industry ended up with invoices in access of 175%, whilst employing the services of the same people (who all went into business for themselves). We now face a similar change. So, was Edward Snowden a traitor? If the view as I see it is correct, then this implies that he did exactly what was required of him. The question is, was this what the NSA had in mind from the very beginning?

This is where the third quote comes into play “‘What I did not do is stop these programs wholesale, not only because I felt that they made us more secure, but also because nothing in that initial review, and nothing that I have learned since, indicated that our intelligence community has sought to violate the law or is cavalier about the civil liberties of their fellow citizens,’ Obama said.

Yes, he did not stop them wholesale, they are about to become corporate controlled and accessible for all who have the access ticket and the money to pay for the invoice.

There is another part to this. Did anyone consider how nervous certain people in Wall Street were; if their mobile information was known? What if certain links were proven? The accountability of certain people would mean that they could actually end up in jail. Yes, the Wimpy kid in the Oval Office is making certain that certain connections will never end up there (always blame the man at the very top).

Again another notch in the thought patterns and evidence that I call ‘the plan’ that was conceived some time ago. So, where is the evidence? If there is no sustainable thought, then this is just conjecture and conspiracy theory. There is already plenty of that on the internet. So, let me take you back and go over the points.

It started last year when I first wrote ‘The Hunchback of the NSA’ on June 11th. It shows the career of Edward Snowden as it has been told by several media outlets. The first part of the evidence was clear for all to see. He claims to be disillusioned with the CIA and joins the NSA. There he gets into the data program at some stage (and no one thought it was good idea to keep their eyes on him).

On the 23rd of June I write ‘Who are the watchers?’ the one linked element here is the quote “Snowden told the Guardian, ‘They [GCHQ] are worse than the US’“. This is part of the issue. You see, whatever the USA decides, once the issues are truly revealed the cyber units of the allies will be the dangers. The ‘evidence’ seems to be all about how worse others are. The parade that the Guardian starts pays off and soon thereafter Sir Iain Robert Lobban as well as his peers at five and six end up in a public interview seat. Considering the article he wrote ‘Countering the cyber threat to business‘ (at http://www.gchq.gov.uk/press_and_media/news_and_features/Documents/directors_IoD_article.pdf), might be seen as an actual indicator that he has been ahead of the pack by miles for some time, it could just be seen by itself as a good manifesto to start keeping yourself safe.

There is one quote at the centre of all this “GCHQ is aware of theft of IP on a massive scale. The volume of attacks on industry continues to be disturbing.” I will get back to this later on, what is important are the three points the director sets out and more important, how they could also be seen.

• Have you identified your organisation’s key information assets and the impact it would have on your organisation if they were compromised or your online services were disrupted?
[Alternative: what data is bankable?]

• Have you clearly identified the key threats to your organisation’s information assets and set an appetite for the associated risks?
[Alternative: what data is accessible?]

• Are you confident that your organisation’s most important information is being properly managed and is safe from cyber threats?
[Alternative: the value management of data you think you own]

The alternative are not just views I opt for, consider that the data collection field goes into open commercial hands as it could be presented by March 31st, what are your options to purchase certain buckets of data (which will be shown down later on in this article)?

On the 1st of July I wrote ‘Classes of classification
The two issues here are “So if we consider the digital version, and consider that most intelligence organisations use Security Enhanced Unix servers, then just accessing these documents are pretty much a nono. EVEN if he had access, there would be a log, and as such there is also a mention if that document was copied in any way. It is not impossible to get a hold of this, but with each document, his chance of getting caught grows quicker and quicker. He did not get caught.
And
It does not matter whether he is the IT guy. The NSA has dozens upon dozens of them, and as such, the fact that he was able to syphon off such a wide area of information (and get it out of the building) is more than just questionable.

It comes back to getting data out of the NSA. The fact that this was done considering their security, can we even allow data in commercial hands, a place where it is all about saving cost? It is opening a field where data is no longer safe in any shape or form, more important, the multi-billion dollar of extra costs as they would be presented down the line will be far beyond out imagination.

Most of the issues as I set them out were also discussed on October 29th in ‘The Wrong questions’. There my train of thought was “What if Snowden is not the person he claims to be. I still think he is a joke at best, a patsy at worst. What if the leak is NOT a person?

The issues at play, I got to this point before, but until now I did not consider that this all might have been about commercialisation of a multi-billion dollar industry. The reason is that it could cost America well over 20% more to get someone else to do it, so selling data would be an implied consequence to keep the cost down for the US treasury.

Now we get to the last part of the equation from my article on November 22nd called ‘Ignoring corporate dangers

There I reported “2009 National Intelligence A Consumer’s Guide”, where at page 52 it states “The Act specifies that OIA shall be responsible for the receipt, analysis, collation, and dissemination of foreign intelligence and foreign counterintelligence information related to the operation and responsibilities of the Department of the Treasury.

The article shows more and it shows the direct link between the treasury and the need for a commercial future through data. I mentioned earlier about buying a bucket of data? Well, here you have it. The issue as it is shown with links in the articles to official government documents. They all have one thing in common, when it all changes into non-government hands, their mandates would not change. However, those who will be able to get access to the data, that list will change by a lot. They only need to pay the invoice, which might end up being like buying data files from a chamber of commerce or a statistical data bureau; it will however have a lot more data.

Here we get to the question I promised to answer earlier. The issue of IP theft on a massive scale! I am not stating that someone’s server is getting emptied from the outside, but consider knowing who is where and how their situation is. There is an interesting read at http://www.mcgrathnicol.com/news/Documents/011211_Inhouse Counsel_Unearthing the Electronic Evidence.pdf. It does not just show how relative easy it often is to get IP valued information, the data collection once commercialised could give competitors information on the players are at the centre of new intellectual property.

So, now we get to that question I asked in the beginning: ‘What if the insurer knew your actual health status?’ that is no longer a question. The information could be buried in the mega amounts of data that has been collected in so many ways. When the data is no longer in government hands, they could become available. So, when your premium goes up by +20%, be sure to thank those people claiming that the government could not be trusted; they opened the door ending many of our freedoms of choice.

 

3 Comments

Filed under Finance, IT, Law, Media, Politics

Tagged as , , , , ,

January 15, 2014 · 02:44

My £13,000,000 invoice!

I got a ‘nice’ wakeup call just now, as I was reading an article in the guardian. It is at www.theguardian.com/uk-news/2014/jan/14/ministry-of-defence-failed-computer-system. The title “Ministry of Defence ‘wasted millions on failed computer system’” got my attention. The UK is riddled with IT people trying to get a decent job. This article implied with quotes like “The recruitment partnering project, a £1.3bn scheme intended to enable the army to recruit online, is almost two years behind schedule and will not be fully operational until April 2015 at the earliest, the Times said.

Now, I understand that the MoD does things a little different and that this online approach takes a little time and money, but the fact that the cost of this system is more than the personnel costs of an entire regiment for 50 years (take into account that most IT solutions are usually set for a lifetime span of no more than 10 years) gives weight to the issue that it is time to go public. The additional quote “the problems are so serious that defence secretary Philip Hammond is considering spending nearly £50m on a new solution.” gives weight to my response “You pay me 10% of that and I will assist in getting the issue sorted

You see, any IT project is basically simple.

  1. What must be done and by what date?
  2. What must it cover?
  3. What are you willing to spend?
  4. Document the agreement and sign it by all parties!

The rest is usually political manoeuvring. (I apologise for oversimplifying the problem)

The fact that the article implied that the costs were a billion plus, gives the impression that the entire military network system got overhauled. This leaves us with the thought that there is a decent chance that Sir Iain Lobban of GCHQ is laughing himself to death reading about these events, so perhaps the loud honing laughter will move Defence to take a harsh look at themselves in the cold light of these events.

Do not get me wrong. I know that IT solutions tend to cost, and things get delayed, but this is about recruiting people, the price is implied to be set at thirteen hundred million pounds and it is already 2 years late. So, why was any amount paid in regards to a failed system? It is of course likely that those who delivered had a quality ironclad contract in place, yet the mentioned amount is extremely out of proportion compared to the non-working delivery.

The next quote is also one that opens debate “If the ICT hosting solution is not put in place then the MoD risks not gaining the appropriate number of recruits needed. Given recent criticism of army recruitment … and the use of reserves, this would lead to further negative media reporting and reputational damage for MoD.” So, the 2 year delay was not a clear indication of issues? I reckon that the spending of well over a billion on a non-working system is more than enough for laughter, ridicule and reputation damage for the MoD for a long time to come.

To put this all in perspective take a look at this quote from the Guardian made in August 2013 (at http://www.theguardian.com/world/interactive/2013/aug/01/gchq-spy-agency-nsa-edward-snowden). The quote is “GCHQ now has liaison officers working inside MI5, MI6 and the Soca, the serious and organised crime agency. It takes the lion’s share of the £1.9bn budget for Britain’s intelligence services” so basically, the MoD blew on a non-working recruitment option, the amount that GCHQ needs to keep it completely operational (for a year).

Seems a little out of whack, does it not?

Now for some other fun facts! Recruitment is all about creating interest. Now consider that the cost to make a multiplatform next-gen video game is £15-£25 million pound. So, the youthful player could get introduced to all kinds of positions, challenges, military functions and so on. The development is when compared to what is wasted less than 2% of those costs. More interesting, it could be sold at the newsagent for £5. The MoD could break even, or even make some money too (which would definitely be a nice change). It is a game and it might not have all of the information, but together with an information website loaded with PDF’s, application information and a registration bank should never have exceeded £80 million, from what I envision at present (including the game development). Why was this solution not hosted via GCHQ? The people at the MoD might know of the place, it is in Cheltenham and it looks like a massive donut (Yummy!). It has better security and more options for facilitation than most secure banks can dream of (GCHQ is not to be confused with the NSA, where you can copy all data to a USB stick at your own convenience).

So, do I have a case here? Actually, it was not me, but The Times, who started it, and the Guardian for giving it the visibility that goes far beyond the UK borders.

I must try to be neutral in these matters and very likely the article is missing key elements considering the amount involved, but seeing how 1 in 7 in the UK lives below poverty on one side, whilst on the other side a billion plus is wasted to this degree is extremely upsetting. I have proudly worked in IT since 1981 and seeing events like these, just do not cut it with me and it should not cut it with you, the reader either.

There is however a little more. “This leaked report points to the latest series of catastrophic failures at the Ministry of Defence on David Cameron’s watch.” is a quote I have an issue with. The fact that it is 2 years late means that this was supposed to be finished late 2011. When was the project started? Who were the people starting this, who was involved? It is of course possible that this was all on the conservative watch, yet, that must still be verified. The mention in the article of “after failing in 2011 to challenge a MoD policy” on the article gives rise to the thought that this has for a large part been an internal MoD failing. In addition “The project management team was inexperienced and under-resourced and the army failed to take charge when delays started and put in a suitable contingency plan.” gives way to my four step issue. The first two steps, as I mentioned it, also cover resources, the fact that this was not met means that the failing was on more than one level. Who at the MoD was involved? Was this person aware of the required skillset?

All questions that should have risen with any senior decision maker before the project was accepted and the checklists should have tripped several ‘alarms’ as the project was going forward. The fact that the large amount had been ‘lost’ indicates that none of these issues were factually dealt with.

The article raises a few more questions, but the horror should be clear. It will keep on costing more for now and before Labour starts ‘calling’ for botched jobs, they should take a look at the issues we saw in 2010 (at http://www.independent.co.uk/news/uk/politics/labours-computer-blunders-cost-16326bn-1871967.html). From that part we get the clear idea that infrastructure and policies alone are not getting IT choices done. Knowledge is likely to fix that; you just need to make sure the right person is on the job.

With the amount that has been spent, I feel comfortable sending them with my 13 million pound invoice.
(Payment within 30 days for this consult would be appreciated, as I have to pay my bar bill).

Leave a comment

Filed under Finance, IT, Military, Politics

Tagged as , , , , , , , , , ,

December 19, 2013 · 05:12

Buying cheap intelligence goods

Well, another week, another story about the world’s favourite traitor Mr Edward Snowden. The latest information as shown by Sky news is that he offers Brazil to defeat US spying, but it starts with a permanent political asylum. So, Brazil would end up spending way too much on a person who is likely not fluent in any way in the Portuguese ways.

So, after he ‘walks away’ from China and as Russia seems to be a non-option, Brazil now gets a shot at buying that diamond in the rough for only $2.99. Is no one picking up on this?

My advice to the Brazil government is that if you want to secure your systems in a proper way, get someone with a decent University degree with additional papers and knowledge of Cisco systems. Both will allow for the implementation of Common Cyber Sense. Now, this might not stop US spying, but it will make it a lot harder for them. In the end, if a Brazilian official opens a mail with a ‘personalised’ letter from some sexy ‘Miss X’, hoping for a dinner date, then the worm that opens their security would already be installed again. So, your system might not remain that secure for long. Still, getting the proper professionals will help.

I just do not get it, a person that is regarded as ‘non-valuable’ in both China and Russia, is now hoping for some future in Brazil? I reckon that Brazil might not want these complications in any way or form. Do you think that IF Snowden was such an asset that there was not some ‘loophole’ in place where he would have been able to spend a permanent comfortable time in either Russia or China? America had been playing that game for decades (even for non-intelligence and zero economic value holding trained ballerinas). I see it in a more simple way. Snowden walked away with a treasure chest, there are plenty of issues on the validity of the bulk of what he had, but now that he is on the outside, that one chest will have to last him a life time. The strongest issue that seems to be ignored by EVERYONE in the press is on how the NSA failed to the extent that he was able to walk away with this amount of data, more important, who is he selling it to?

I am not talking about governments and their intelligence groups, but the commercial branch of many corporations who might want to take a deep look at all this data.

So here we are reading another iteration of the Snowden joke and at present the press seems to ignore many of the most common sides that we should worry about. Some might have read the statement that General Alexander gave. Funny enough, the issues he stated and the acts he described were close to identical to the issues that I mentioned no less than 5 months ago. Many of them were the paces that any IT professional would have seen. No, it is just so much sexier to just take over the issues the Guardian took to heart. I am not stating that what they wrote were not based upon ‘facts’, but the source is already proving to be extremely unreliable and even less bothered by the integrity he proclaimed to have. Also, when people compare him to Julian Assange, then consider that I still have my doubts about Assange, but at least he always remained on his horse of idealism, not one I truly support, but I get to some extent the windmill he believes that he had been fighting. It makes the two worlds apart and in case of Snowden in a very negative way.

So back to Snowden, what to do about him?

Although I am all for the ‘drastical’ solution we reserve for certain types, it is important to get him into the US (alive) and into the interrogation room. You see, he got a boatload of data out of a building that should not have allowed the opportunity for this to happen. Even though the American alphabet groups have their own issues as they used private contractors like Booz Allen Hamilton, certain security matters are now at the forefront of whatever they will try to do next. This is not an accusation against BAH, I am convinced that the bulk of these people are devoted nationalists and American patriots. I reckon 99.1% would never consider doing what Snowden did, this makes for a case that there are a few still walking around contemplating what Snowden did. We need to learn what weaknesses the NSA had. Not because we truly care that much (Americans definitely might), but if it happens there where they have an overwhelming budget of many billions, what issues can we expect to find when a light is brought on both the DSD and GCHQ? Let’s not forget that they get a combined budget less than 1% of what the NSA has at its disposal. I feel that direct treason is not likely to happen, but overall, there is the danger of intrusions and even the danger of data heists to some degree. It is that degree that will bear scrutiny. So the open question ‘How easy is it to get data out of the agency?’ is a question that needs to be addressed by several governmental parties.

So back to this Snowden fellow, when we see the LA Times (at http://www.latimes.com/opinion/commentary/la-oe-mcmanus-column-metadata-snowden-20131218,0,4977259.column#axzz2nqe1wbKe) we see other parts of this discussion. There are two quotes in this piece “Congress is debating several proposals to rein in the program, including a bill that would effectively end it.” This is of course a valid option, for one, the US is still a nation governed by laws, and Congress can put in place a policy to change it. Let us not forget now that the bad guys know (thanks to the Guardian amongst others) what is being done; only the stupid terrorists will get caught and they would have gotten caught anyway. The second one is a little harder to discuss “I cannot imagine a more indiscriminate and arbitrary invasion of citizens’ rights”, District Judge Richard J. Leon wrote in a blistering opinion. “The author of our Constitution, James Madison would be aghast.” I feel uncertain to agree with his honour Justice Leon. In the end citizens’ rights were never in danger, we could state that only terrorists were in danger, all were collected to see whether they were a terrorist or not. It could have been stated that if Senator McCarthy had access to these systems, would innocent people ever have been targeted? That is at the centre of this. There people SUSPECTED of communism were destroyed, here they are trying to find the real terrorists. In the end the McCarthy issue went a lot deeper, but at the core we have this notion, is it un-American to object to these methods (if you are an American)? There was never a case for innocent people. There is even the notion that criminals, drug dealers and others could never be gotten at through this way, it is a method to find the hidden dangers of terrorism. In addition, his honour should not forget that it was the legal branch that enacted the Patriot Act the way it was. It was for the most, the legal branch that ‘wallowed’ in ambiguity, which allowed for most of these far fetching ‘freedoms’.

It gets a lot more fun if we consider the article the Guardian published a month ago (at http://www.theguardian.com/world/2013/nov/01/nsa-keith-alexander-blames-diplomats-surveillance-foreign-leaders)

So as General Alexander answered: “the NSA collected information when it was asked by policy officials to discover the ‘leadership intentions’ of foreign countries. If you want to know leadership intentions, these are the issues,” the NSA director said. So basically, the NSA responded to questions by the policy makers. (perhaps the same policymakers who are now proposing a bill to end all this?)

So, who exactly is this pot which is calling the kettle monitored?

It is the Australian that gives us the final part (at http://www.theaustralian.com.au/news/world/us-nsa-spy-agency-is-split-on-snowden-leaks-deal/story-e6frg6so-1226783316594), which discussed a few parts last Monday. The issue of making any kind of a deal with Snowden should not be considered. “General Alexander said an amnesty deal would set a dangerous precedent for any future leakers.” The other quote, which came from Rick Ledgett who stated “Mr Snowden would have to provide firm assurances that the remaining documents would be secured“. This is an assurance that has no holding whatsoever. After the Chinese and the Russians were done with him as well as the Guardian, any ‘security’ to these documents is nothing more than a hollow promise. I personally find it disgusting that treason to this degree could end up being non-prosecuted in any way, shape or form. It is more than a dangerous precedent. It is an almost assured way for fake ideologists to take a roll at the casino for a few million and an optional new passport. It is a dangerous game that will hold long term consequences for all involved.

Leave a comment

Filed under Uncategorized

Tagged as , , , , , , , , , , ,

November 8, 2013 · 20:00

Is SIGINT a joke?

The news has been rampant on several levels these last few days. Whether it is revelation 16 (roughly) by the traitor Snowden, whether it is the historic event that the top three in British intelligence were in one line, as requested by British parliament, or the fact of revelations we read in the press, whilst (former) press members find themselves prosecuted for blatant and indiscriminate invasion of privacy. The list goes on and on and on.

There is a lot more, but let us confine ourselves to these three events.

For the Commonwealth the event in Parliament was likely the ‘important’ one. Was it truly about the events there? Some might want to question the questions, the answers and what follows. I, with my sense of perspective wondered about the choice of the green tie that Sir John Sawers was wearing. Does it matter? It is all as trivial as choosing pancakes for breakfast!

Yes, we all think we know it, we all think we have an inkling of an idea. I did have an idea, but that was almost 29 years ago. Now, I still have an idea from my specialised view of data, data technologies as well as data collection techniques and none of that falls with MI-6 (only a small part of it). The gem of the event was with Sir Iain Lobban, director of GCHQ, which gave us the part we need to care about. You see, as the press was so willing to give out the details as the people had a right to know, as we have allowed our wrists to get cut because the press is all about advertising profits, gang bang sensation and visibility, it was willing to sacrifice safety and progress for PR and visibility. To go deep and give both criminals and terrorists the information on how to avoid certain paths of detection we see the limits of their use. These same reporters that are part of a group listening in on voice mails to get the scoop, who will sanctimoniously proclaim freedom of the press, will not hesitate to sell their neighbour down the drain for the commission of another column of text, paid per letter.

From my point, if I had the option of making the killing shot ending Edward Snowden’s life I would, even if that gets me 20 years in prison, because traitors do not deserve consideration of any kind. The entire situation of laughable as an American ran to their Communist opponent and almost 50% of the American population considered it a good thing. In addition, if in light of the revealed information a child of Guardian editor in chief Alan Rusbridger would get molested, then he would blame the system on the front page of his newspaper immediately. I do not wish anything bad on him or his family ever! He is not likely to be worried as his four hundred thousand pound a year job allows for secure private schools, but what about the other children? Those children who are not that safe environment, possibly in danger to be at the mercy of predators, whom now with knowledge of longer avoidance and as such pose even more danger to innocent victims. What about them?

It is a level of what I see as utter short-sightedness. An assault on three groups that have lived in a world of ambiguity to get their work done, now that world is in turmoil, especially as some traitor comes with information that is for the most non confirmable, too much goes from the air of ‘Snowden told us, so it must be true’. Several questions are not dealt with on many levels, especially by the press. It just drains the gravy train as it sells more and more news (papers).

The second part is directly linked to all this. Two news messages:

1. Snowden persuaded other NSA workers to give up passwords (at http://mobile.reuters.com/article/idUSBRE9A703020131108)
2. Snowden has stolen 50,000 to 200,000 Classified Items from NSA.

The second had no verifiable source and as such there is no way to tell how correct that is, the first one is more of an issue. How stupid are Americans? That is of course if there is any truth in that part.

YOU NEVER GIVE OUT THAT INFO!

You can leave your partner/spouse/lover at some university frat party to have all the sex he/she needs, you give your credit card to your kids to buy all the toys they want, giving out login information is beyond utterly stupid. Snowden would not have needed it. As an IT person he either has rights to make changes, or he does not. If he did not, then giving out login info is the worst anyone could do. If this ever went to court then he could blame the original account holder. It is a level of non-repudiation!

So were the people at the NSA born stupid and stopped evolving after birth? That remains to be seen! The point is that the press is not that trustworthy either! The second part in regards to the classified items was from a non-disclosed, but also non verifiable source. There is no way for me to know. The question from this part is the one you do not see discussed openly on the news. How did all this info leave the building? Who was in charge? Issues that are also in play for Sir Iain Lobban! How vulnerable is GCHQ? What is in play to prevent this to happen in the UK? Even though Booz Allen Hamilton was cleared as they are the official boss of Edward Snowden, yet how was the clearing process? What are the checks in place for civilian contractors? The Washington Post published a large article questioning civilian contractor issues, from this part we wonder if it was deep enough. Even more, why were these issues not looked at more than a YEAR before the Snowden issues started?

If it was up to me (Sir Iain Lobban is likely secure in the knowledge that this is the last option that should ever happen), then I would like to make a small change at GCHQ. I would add a new inner circle, consisting of a Law Lord and two members from both MI-5 and MI-6 to watch the watchers. My only worry is that whoever oversees GCHQ internally is part of the ‘problem’ (no illegal or negative inclination implied). It does not harm for a set of cleared fresh eyes to look at the system to see if there is a danger. Something similar would need to happen at the NSA, but with their systems and such it might be a different source of people (like members of cyber command FBI and cyber command military).

There is too much info out there supporting the idea that US intelligence (and other governmental departments) seems to be oblivious to the need for Common Cyber Sense (at present with the amount of published info, it is unlikely that my thought on this is wrong).

Here is the third part, the PRESS part!

Their phone hacking was all about exploitation, revenue, profit and personal gain. The Intelligence community is about keeping people safe. There is a massive difference. If you wonder about these events, then consider the fact that because of greed and revenue, no steps have been taken on a global scale to see who buys your personal details and who has them. It could influence your insurance premium, your credit rating and your financial options. No one seems to be on par to get that properly regulated, because in America, Cash is king and the president to the United States is simply a number with a possible temporary status elevation, the rest is data cattle, sold at a moment’s notice. This risk is very real in the UK and Europe too. A consumer is nothing more than a customer number with an address and with a possible shipment of goods under way, that is their value and only for as long as they need products. To some extent the Washington Post covered this a week ago at http://www.washingtonpost.com/opinions/michael-chertoff-what-the-nsa-and-social-media-have-in-common/2013/10/31/b286260e-4167-11e3-8b74-d89d714ca4dd_story.html

what is less known is that they are one of the few who took a decent look at it (the Washington post), the rest remains on the Snowden gravy train, not informing anyone, they simply re-quote a Reuters line. Seems a little wrong doesn’t it? The article by Michael Chertoff sees the gem no one properly questions half way through where he wrote “there is no assurance that what is disseminated has context or news value“.

The true part, the real smart and the questionable art! The intelligence world is ALL about disseminating information and giving proper weight to the information acquired. It is about finding the bad guys, without that weight it is all media gossip used by the press and as we saw, the disciples of Rupert Murdoch have truly dented that group’s reliability, perhaps for a long time.

So is today’s SIGINT a joke? I hope not, because if so, the questions had been phrased at the wrong people. At some point parliament gets to answer the questions asked by the innocent and the victims on how parliament asked all about data and left corporations to do whatever they liked with our personal details. How many UK companies have had a backup data server in the US?

Consider this quote by Salesquest “The Siebel Customer Intelligence List consists of 265 Fortune 1000 or Global 500 companies that have deployed Siebel in their enterprise application environment. The first tab in the spread sheet lists the 265 Siebel customers, industries, corporate headquarter addresses, phone numbers, and web site addresses.” (At http://www.salesquest.com/resources/siebel-customer-list/)

How many of those are backing up their data to some server park in San Antonio? Consider those places, all their customer data, their financial data and forecast information. In some cases, the data will come from over a dozen nations. It is nice to ask where their data is, but what about the data dumps, the logs and the backups, where were they kept?

Let the intelligence community do what it needs to do, if not, then neither we nor the press gets to point fingers at them when things truly go very wrong.

Leave a comment

Filed under IT, Media, Military, Politics

Tagged as , , , , , , , , , , , , , , , , , , ,

October 29, 2013 · 23:03

The Wrong questions!

Another day and another day we see escalations into the direction that was once called ‘No Such Agency’ and now regarded as the only server in the US that allows anonymous and the People’s Republic of China to get port 8080 access. Go figure!

As we see another article in the Guardian, this time the limelight shines on Dianne Feinstein, chairperson for the Senate Intelligence Committee. It seems that she wants to a complete review of the NSA (at http://www.theguardian.com/world/2013/oct/28/nsa-surveillance-dianne-feinstein-opposed-allies)The article leaves the doctors check on the pulse that listening in on several leaders of the allied nations is taking a dip for the worst. All this is shown against another reference towards Snowden’s disclosures. This picture is wrong in many ways. You see, the first two events might have had some work by Snowden, yet overall, when we consider the amount of data that Snowden has walked away with is beyond strange.

We could come to the following conclusions.

1. The NSA is completely oblivious to a silly little thing called Common Cyber Sense.
2. The NSA is completely oblivious to standard network security and logging.

Consider that SE-Linux is a NSA invention (OK, that was a strong word, but they were the driving force of SE-Linux). The first two issues show that the NSA either lost the plot, or they decided to hire a multitude of Americans with IT skills that seems limited to the connection that their child has a Nintendo!

Now feel free to laugh out loud, but consider the information. Allegedly listening in on conversations of the leader of a sovereign nation is not something one would admit to. This is not a bulk thing, this is specific. The fact that only a chosen few had that information would be the way to go. Consider any firm having a ‘second’ bookkeeping system. What are the chances that anyone but the CEO, CFO and the head of IT knew about that? That is just a ‘little’ tax evasion and commission increase. In case of the NSA they are alleged to keep phone records on most of their European allies. You think that this is NSA lunchroom conversation material? Snowden should never have had any access to it. So either the NSA system is completely broken, or we are dealing with something completely different.

3. The NSA has decided staff monitoring was not an issue?

That point is actually less correct, however when reading “Intelligence Authorization Legislation: Status and Challenges” at http://www.fas.org/sgp/crs/intel/R40240.pdf you will see on page 15 “the Intelligence Authorization Act for FY2013, passing the legislation by a vote of 14-1, and the bill was reported to the Senate on July 30, 2012. Among other things, S. 3454 as passed by the committee:” linked to this it states: “Requires the intelligence community to develop a comprehensive insider threat program management plan.” So after the Brits showed you in the 60’s that someone could be working for MI-6 and Russia at the same time, this was not clearly in place? (actually, such systems have been in place for a long time, yet the document seems to refer to ‘developing’ and not ‘upgrading’, which makes me wonder why the tax payer is paying for all these internal security officers.

Also, this was at least 6 months BEFORE there was Snowden, and all the members of the Alphabet Soup have their own Internal Security Officers. How come the NSA missed so many alert events? I can understand some leakage with the CIA. Those people are all over the place, hundreds of locations, thousands of involved people. So statistically, if only one person slips up a day, it would be a really good day for the CIA. If we compare it to the restricted, bundled and compact NSA, they seemed to have ‘loosened’ up its standards twice each 10 minutes. This does not add up!

If you question some of this (you should always do that, never take things at face value).

Then consider that the US Intelligence Community consists of:

  • Air Force Intelligence
  • Army Intelligence
  • Central Intelligence Agency
  • Coast Guard Intelligence
  • Defense Intelligence Agency
  • Department of Energy
  • Department of Homeland Security
  • Department of State
  • Department of the Treasury
  • Drug Enforcement Administration
  • Federal Bureau of Investigation
  • Marine Corps Intelligence
  • National Geospatial-Intelligence Agency
  • National Reconnaissance Office
  • National Security Agency (<- free data access here)
  • Navy Intelligence

And the massive amount of leaked information comes from just one of these groups. Now let me make a jump out of the box. Consider the picture I have shown you and consider that the NSA was mostly invisible before the 90’s. Now, nothing remains invisible forever, yet, the step from unknown to open source is a mighty leap. Is it so weird that we should look into other directions?

What if Snowden is not the person he claims to be? I personally still believe he is a joke at best, a patsy at worst. What if the leak is NOT a person? Consider the amount of data that SIGINT parses. What if the Echelon system was compromised? Is someone having a backdoor into the SIGINT satellite system not a lot more likely than one person walking out with Gigabytes of data, through the front door of one of what used to be regarded as one of the most secure locations on the planet? Yes, these satellites are supposed to have top level encryption, yet in 2004 two Chinese academics wrote a paper on how such levels of encryption could be broken. That was 8 years ago!

This would mean that Director James Clapper has another issue on his plate. Getting into an intelligence satellite is supposed to be really hard, so was there an ‘open information supporter’ when it was build? Is there a security flaw in its logical system? Is this option so much more unlikely then a person, who was according to several magazines seen as “The CIA believed Snowden had tried to access classified data that he wasn’t authorized to view. Based on this suspicion, the agency decided to send Snowden packing.

So that person made it into the NSA? Even if that was the case (which it was), would this person be allowed to remain unmonitored and get his hands on the amount of data that is now all over the Guardian editorial?

Not even the US could ever get to be THAT dim! Now consider what I said at the beginning, the CIA flagged him accessing data he was not cleared for. Do you think a mere technician had access to the phone data collection of not one, but a host of national leaders. Top Secret information that would have been limited to an absolute minimum number of people.

The numbers do not add up and it seems that nobody is asking the right questions.

 

Leave a comment

Filed under IT, Military, Politics

Tagged as , , , , , , , , , ,

October 22, 2013 · 22:28

Patrons of Al-Qaeda

Many people have some form of religion, which is fine. To have a personal believe in something that is bigger than yourself or bigger then that what you see is not a bad thing. Many Christians have their father, their son and their holy ghost. Some go the other way and give credence to Satan, the anti-Christ and the false prophet. I cannot vouch for any of that. I agree that there is more than this in the universe, but what?

No matter how that part falls, it is likely that Al-Qaeda believes in their personal ‘information’ trinity.

They would be Edward Snowden, Bradley Manning and Julian Assange. These three people have done more to support Al-Qaeda then Osama Bin Laden ever could.

Assange, who is still hiding in an embassy, is the lowest transgressor of the three. First of all, as an Australian he did not really break any laws (although some debate should be had over hindering the actions of an ally under war time conditions). The public view is that on one side he should be nailed to a cross and on the other side he should be heralded. Information is often a lot more complex than many consider. If you want an example, you only need to look at this week’s situation where Assad is now blocking peace talks. Should there be any surprise?

I still am not completely convinced he was directly involved with the Sarin attacks; the issue here is that too much intelligence is questionable. If the USA had shown ALL OF IT publicly, the doubt might not have been there. Yet, the reality is whether they actually had hard evidence on who did it. Let us not forget that the evidence collected in the investigation was all about whether it had happened, not who did it. And guess what, Al-Qaeda was an element in Syria too, so what exactly did happen? Watching Secretary of State John Kerry go on a plane with his briefcase, shown on the news like he is some kind of rock star is not helping anyone either. It seemed as empty to me as a PowerPoint on some concept that no one wants to spend money on.

It shows two possible sides, either they have actual evidence that needs to remain a secret (which no one seemed to be accepting), or they actually didn’t have any and we were watching some version of the Punch and Judy show!

The other side is one that Assange was not into, the acts of terrorism by Al-Qaeda and the Taliban were not shown, we saw through WikiLeaks just one side of it and it changed the overall balance.

Then WikiLeaks released thousands of diplomatic cables, which I consider to be an act of utter stupidity, the information was one-sided, so the US opposition (all of them) get several free punches into play and as such, US recovery is still being hindered. This is the ‘bad’ side of Julian Assange. Their one sided act destabilised many events. Yes, there is a case to be made, but by not exposing the other side, we get a one-sided situation. In the end, the damage is done and even as there might not be any criminal activity by Julian Assange, we should ask questions.

In case the reader thinks that ‘actions’ against Julian Assange should be made, then consider that many in the financial industry did nothing ‘criminals’ either, even though thousands became homeless because of their ‘non-criminal’ actions.

By the way, remember the quote by CNBC (and many others), somewhere in 2010: “WikiLeaks honcho Julian Assange told Andy Greenberg at Forbes that he was in possession of a trove of documents that ‘could take down a bank or two.’ The documents wouldn’t necessarily show illegality but they would reveal an ‘ecosystem of corruption’ at one of the biggest banks in the United States. WikiLeaks would release it ‘early next year.’

They never came! So was this about intelligence, or about positioning banks in an even stronger place? Is it not interesting that Al-Qaeda’s patron number three and number one patron are all about neutering governments, whilst the banks stay out of play? Is it such a far fetching thought that these two idealists get played by those who believe greed is all?

In the middle we see Bradley Manning. This is not some ‘foreigner’; this was a member of the US military. In my view, he is a traitor plain and simple. A private, without any in depth education thought he had it all figured out, decides on US military policy. Which is interesting as many military members above the rank of Colonel are still trying to figure out what the best course of action is, even those with Ivy League degrees. The only positive thing from all this is that the military needs to seriously start to address its mental health issues, but beyond that small sparkle of recognition, this person was more than a small danger.

That part is not addressed even as the news still discusses the winner of this unholy threesome. Three days ago USA today published information on the fact that anti-leak software had still not been installed. I think it is even worse than many think it is. Some of these applications have (as any good application would) powerful log files. Even when we look at non-military solutions we see the following:

“The client’s log file is located at <user_directory>/Palantir/<version>/logs/client.log”

We can see at Palantir’s wiki what it logs, and depending on the settings it can give a lot (at https://wiki.palantir.com/pgkb/does-the-palantir-product-do-any-logging.html)

By the way, one needed only to change three settings to really log a lot:

# log4j.logger.com.palantir.services=error # package level
# log4j.logger.com.palantir.serveres.Nexus=warn # class level
# log4j.logger.MyLabeledLogger=info # specific logger

Removing ‘# ‘ on each line was all it would take.

This one warning gives a final view “Note that we do NOT recommend enabling logging below the warn level for production scenarios.” which means that all logging is possible mapping out the active military network in real time as the user muddles along.

This is not about Palantir, or even anti-Palantir. It is a software solution that part of the Intelligence community is currently using. IBM Modeler and SAS Miner are both data mining tools with similar abilities (and there are more). They all have these options as it is needed to make their products go smoothly. So when Bradley Manning gave it all away, he really gave it all away! The consequence might have (or could be resulting) in deep targeted attacks against a military server system. The question becomes how good is the anti-leak software? As many logging is set at higher levels (read administrator), many of them would be able to log events unhindered by many prying eyes (it is not realistic to monitor all logs on even 1 server). Even if it is all covered, who else has access to just read these log files? It is not uncommon to negate log files, as their users are usually vetted for use of the application. LOG files can however show more than many bargain for.

Unless the server architecture has been re-arranged, there is plenty of worry whether these servers are safe at this time, because log files are inherently their and needed, they are not linked to a password change and often, they do not get reconfigured away from their standard configuration as the case has been with plenty of application that it would hinder smooth operations.

Last on the list of the Patron Threesome is Edward Snowden. I have mentioned him often enough, so I will not go through it all again. He is in my view a traitor and not some ‘holier than thou’ protector. He is not some idealist, too much pointed to him making a getaway with the eye on some quick bucks (and many of them), I might be wrong, but that is how I see him. As he showed us how ‘naughty’ the NSA was, did he show us how unscrupulous Microsoft seems to be?

That view can be seen through an article in Techbeat just 4 days ago. The first quote is “Microsoft is developing a new technology to replace cookies. This work is similar to projects being undertaken by Amazon, Apple, Facebook and Google. Tracking cookies have come under scrutiny recently from regulators by many concerned about privacy; certain types of cookies (Third party tracking cookies) are now easily blocked through built-in functions and extensions/add-ons within main web browsers.

The second one from the same article is “This technology should also include Microsoft services including their search engine Bing. Tracking in mobile devices remains a key point. The big advantage of Microsoft’s emerging technology is that it could track a user across a platform.

So basically, this reads like: ‘we the consumer used to have a little privacy, but soon, thanks to Microsoft, that privacy might be gone forever, allowing for non-stop online harassment wherever we are‘ So, That Snowden fellow never gave us anything on that, did he? Even though the NSA should have been aware of such plans long before Techbeat had a clue. Does the reader still think he is such an idealist?

Yet, on the other side, he has shown one important weakness. The US intelligence branch is on that same low level as the organisation that in the 50’s used to be laughingly referred to as ‘British Intelligence’. The question is not just how weak is the NSA seems to be; it links to questions regarding the weakness that GCHQ and its current Commonwealth peers might have. There are in addition issues with the personal digital safety of people on a global scale. Not because the NSA is scanning to identify terrorist networks, but if one person (Snowden) could get away, is there anyone else who just wanted money and gave their data download to cyber criminals? There is absolute 0% guarantee that this did not happen, so in how much danger are our details?

So, why this blog today? Many do this at the start, but in certain light this had to be done at the very end. It is not just about their acts, but also about the acts you and I undertake. We willingly give out our details to Facebook (including a beheading, but excluding exposed breasts), LinkedIn and Google+, yet many scream about ‘some government‘ seeing what we are doing and who we are doing it with (or without).

The twisted world we allowed to be created is likely to throw us at least two more curve balls before Christmas. Enjoy!

 

 

1 Comment

Filed under IT, Law, Military

Tagged as , , , , , , , , , , , , , , , , , , , ,

October 15, 2013 · 19:10

In Media, we distrust!

Is it not a lovely day when you wake up, you go downstairs and if it is warm enough, likely in nothing more than a simple bathrobe you sit down. At this point, whether it is inside, or outside, you get the first start of the day with coffee and the newspaper. For most people, that part had been for a long time a slice of heaven.

We would go through the news whilst sipping tea or coffee (in my case the latter). What if I told you that these times are now forever a thing of the past?

My reasoning? For this I will go over each case in three parts. First the point I make, then the reasoning for that point and lastly the motive I personally think is behind that. I would like to add sources, but at times there are little to none and it is all based on common sense.

First there is no need to rehash the entire Leveson history. That reports was made and filed and suddenly the press was all uppity uppity on ‘the freedom of speech’ and how their rights are now no more.

Let us take a look at this part.

1. How often does the press report on privacy violations by large companies like Microsoft?

Answer: almost never. I found one article by the guardian, and a few by what we would normally all less reliable sources. (at http://www.theguardian.com/world/2013/sep/30/microsoft-privacy-chief-nsa)

Motive: The publications rely on big business (advertisements). It relies less on governments as their form of income and in addition, government is always seeking visibility, big business brings in money. In this situation I personally think that the press seems to be willing to ‘ignore‘ or whisper very softly certain events.

How about Microsoft HealthVault?

They state: “Privacy, It’s your HealthVault account. You decide who can see, use, add, and share info, and which health apps have access to it. HealthVault won’t provide your health information to any other app or service without your permission.

Venturebeat had the following interesting quotes “For instance, Microsoft reserves the right to store your medical data offshore, in countries that may not have the same privacy protections as the U.S.

HealthVault appears to open the door to a potentially unlimited line of people, entities or programs that can obtain permission to read and alter your health information, since it’s possible to delegate the ability to grant those permissions to others.” If did find a few mentions by CBS and ZDNET, yet the papers (the big ones) did not show up in any search. Even though this issue is not that recent, it is still interesting that the big ones aren’t anywhere near this place.

If we consider that this means that if an insurer gets access to this, then the smallest visit to the hospital could result in an increase to your premium. This is all linked to the Health Insurance Portability and Accountability Act 1996. There we find that the HIPAA Privacy Rule regulates the disclosure of Protected Health Information held by what we would call “covered entities” (employer sponsored health plans, health insurers, and medical service providers that engage in certain health transactions.) By regulation, the Department of Health and Human Services extended the HIPAA privacy rule to independent contractors of covered entities who fit within the definition of “business partners”.

So, if these contractors are outside of the national borders, your health data goes into several other directions too.

Consider that we volunteer this and other personal data to Microsoft (your Skype, your software, your Microsoft devices and your browser). How long until you represent a Z-Value? Not before too long, you are diminished to several Z-Values, and as your value depletes to below the norm, what options will remain for you?

Yet, the press seems to banter again and again on NSA and GCHQ. The question becomes, whether the press is nothing more than a simple tool to make us look the wrong way, whilst big business has a free go at us and our personal details.

I do not claim to know what the actual truth is here, but I do know that the press has not been focusing on the wider truth and reality too much lately. That is something that becomes slightly more visible when we read Claire Fox in her smug article (at http://www.independent.co.uk/voices/comment/leveson-has-done-his-damnedest-to-encourage-press-regulation-despite-his-protestations-8874676.html)

When you hear the actual response by his Lordship in regards to WHY he felt it was inappropriate to answer, Claire just trivialises it in the air of “that he would not play ball“. Let us not forget that it is her right to see things in the way she did, I will not attack that, but this situation left me with question marks on how far ‘misrepresentation‘ goes at present.

So if big business is protected through non-visibility, then why don’t we just get rid of all journalists and rely on bloggers? The digital world is ready for it all, journalists no longer seem to be truly ‘story‘ driven, when the bulk hang on the usual GCHQ drab anyone can get from Reuters and the bulk of the big business transgressions remain on blogs, I wonder where the journalistic pride and ethics remained as they claim their part in their need for ‘freedom‘.

2. How will many protect their children and finances if visibility remains low on issues that have an impact? Many PC’s and tablets get linked to games that are ‘proclaimed’ to be free. Yet, when you want to move forward, you can pay for additional options.

The BBC covered this on September 25th (at http://www.bbc.co.uk/news/technology-24272010). The Guardian seemed to have covered the same story and that is pretty much it. So why is there not a lot more visibility?

I had a look at a program called ‘Dragon Story‘. It looks nice, it is a little non-adult, but it has a few original sides. You can breed two dragons together and they leave an egg. You can hatch that egg and get a new different dragon. You can buy many of them, or if you take the time breed your collection. This is all pretty original. The dragons in their habitats collect money and that money can be used to grow your area. Yet, the part not shown is that some dragons are rare, some habitats (larger ones) are expensive. Smaller habitats can be bought with coins, but the larger ones must be bought with gold. That costs actual money. A child can without realising it spend $20 per habitat, some dragons; the really rare ones cost $50. So in 30 seconds a child can spend more money than a full version of Grand Theft Auto costs. It is clear that actions can be taken to prevent some damage, but the visibility is not there. Why?

In reflection upon ‘Dragon Story’, an addictive game named ‘Blockheads’ (a 2-d version of Minecraft) can also be downloaded for free, and you can buy an upgrade so that all actions go twice as fast. The price, $5! Now an additional option can be bought for $3, so that the player can play in higher resolution, a total of $8 for something that need not be bought, the choice is up to the player. THAT is what I call an excellent approach!

So where is the press here?

It cannot be for the lack of ‘public’ interest, as the tablet market in the UK alone is soaring towards 190 million owners this year. That is more than the total global owner base of the PlayStation 2 used to be (which was 150 million). So, one could say that tablet issues should be at the top of every newspaper. The Google search seemed to contradict this (I had to start somewhere).

So when we look at these heated arguments on the freedom of the press, we should be asking ourselves what they are complaining about. Freedom is nice, but when they relate it to the limits of their cubicle we get to miss a lot of information, the press and especially their editors should realise that.

In my view, to the extent I had read the Leveson report, I saw it not as an attack on the freedom of the press, but on the ‘enforcement’ of ethics and accountability. Those two are elements in any form of Journalism. For I am never against the freedom of the press, I do think that some acts require accountability. The hollow phrase ‘the people have a right to know’ lost its value when some used it to tabloid away all levels of privacy. Crashing a funeral less than two weeks ago by the Daily Mail is an excellent example of that. I do wonder whether all this is just about the journalists, or was the Leveson escalation due to a failing by the editors to keep a proper pulse of the journo’s they are supposed to mentor. To that I have no honest answer; there are too many murky facts in the open.

The PRESS fallout has been a long one and we are not there yet!

 

Leave a comment

Filed under Finance, Gaming, IT, Media

Tagged as , , , , , , , , , , , , , , ,

September 22, 2013 · 19:04

NSA linked to corporate dangers?

The Netherlands are facing a new issue, one that they had not bargained for. It is my personal view that the matter at hand seems to be getting misrepresented, so I need to do something about it.

First let us take a look at the reported facts.

On Saturday 21st September the Dutch NOS reported on TV and on their website on how the Dutch are opening their doors to the NSA (at http://nos.nl/artikel/553680-nederland-opent-deur-voor-nsa.html) The issue is that on business grounds the Amsterdam Internet Exchange is considering opening an office in the US, which would under the FISA all their servers open to investigation by the NSA. In that scenario all of the Dutch internet traffic can at that point be monitored by the NSA.

The first question that comes to mind is what the exact benefit is to open an American office. I wonder why that step is so essential. That reason might be very valid, I just do not know.

The danger is not ‘privacy‘ as such. So many people keep on blabbing on how their privacy is so much in danger. I think that remains to be grossly exaggerated. The additional issue raised by the NOS on their Saturday broadcast (which was not on their website) is a different matter. In there the mention was made by Nico van Eijk from the University of Amsterdam, where British executives from an online gambling site, something that is perfectly legal in England, is not legal in the US and when these executives were in the US on business for other ventures, they got themselves arrested. This info can be found at http://www.cato.org/blog/uk-gambling-ceo-arrested-us-airport. The important quote here is “the U.S. has exploited those treaties to effectively kidnap British citizens who broke no British laws, and extradite them to the U.S. for trial on charges of violating U.S. law“. There is of course another legal side to this. Did David Carruthers actually enable these transgressions of law? Connected to this is the Mark Emery case, which involved a Canadian ‘evangelist’ for medical Marijuana. Did either enable US business?

A quote from the UK’s Daily Mail gave us “Investment bankers Goldman Sachs says that the clampdown by the American authorities could mean ‘that the US could cease to be a viable market for online gaming companies.’ That would be tantamount to destroying the earnings of the main firms since 70% of them originate from the United States.

The two sides here are that in the first degree these companies do rely on their American market. Knowing that the events were illegal, going to the place looking out for you was not really that bright was it? The second was that the statement came from Goldman Sachs. Bringers of the popular gambling option ‘soon, because of our bad judgement, you no longer own a house‘. Seems a little warped doesn’t it?

We could of course come to the notion that the NSA executive is riddled with spineless paperbacks, not a hardcover amongst them! But the reality is not that clear. In actuality, the game they could end up playing is a lot less appealing for those outside of the US.

For that part we need to take a look at the NSA website (certain parts of it) and to start we need to look at a document that came from the Defense Technical Information Center in Fort Belvoir Virginia. This document called “2009 National Intelligence, A Consumer’s Guide“, where at page 52 it states “The Act specifies that OIA shall be responsible for the receipt, analysis, collation, and dissemination of foreign intelligence and foreign counter-intelligence information related to the operation and responsibilities of the Department of the Treasury.

Now add the information on the mission statement from the treasury as displayed by the white house. “Support the Department of the Treasury’s mission to promote economic prosperity and the financial security of the United States” this is only part of that mission statement, but by itself it is just as valid. The two now give them additional possibilities through the NSA.

That part is seen on the actual website of the NSA and specifically a department called the ‘Information Assurance Business Affairs Office‘ (at http://www.nsa.gov/ia/business_research/ia_bao/index.shtml), here we see the following parts:

1. The IA Business Affairs Office (BAO) is the focal point for IA partnerships with industry. It also provides guidance to vendors and the NSA workforce in establishing IA business relationships and cultivates partnerships with commercial industry through demonstrations and technical exchanges.

2. The benefits of working with the BAO are (two of them):

  • Increased product marketability
  • Assistance in the development of next generation solutions

These are only part of the mission. They do a lot more. So in the upcoming age where the world will revolve on big data and parsing information, US businesses might get the option to get access to Exabyte sized data, marketable, distributable and sell-able. The intelligence side of the US was never the problem. The corporate side, for which I have tried on several occasions to warn others about (like ‘the Google’ and ‘the Facebook’) will get access to information and innovation on a global scale.

When we consider the utter inability by the US government to get their own spending under control (not just them mind you). As they are now closer and closer on the edge of bankruptcy (17 trillion in national debt will do that to anyone), their own treasury will only need to receive just one mandate ‘to grow and assure the continuation of the United States and its economy‘, which is already part of the treasuries mission statement. In the age where the current president is so polarised against his opposition, where he is adamant that spending is the only option, he will not hesitate to speak these words (can’t really blame him, can I?). It is decently likely that this would give specifically assigned parts of corporate America the option to market Petabytes of data. Outside of the US, the industrial age would then collapse in a way you cannot even imagine. They could globally sell lists on scales no one can compete with. Consider the future to have one provider in data; the ripple effect in the industry would be devastating. However bad you think you have it is nothing compared to what happens if the thought I am having is a reality. Consider the data files people created. The issue I was confronted with yesterday is that someone saw a nice design on a 3d printer and he wanted to use it, but it was not his design. The help file contained the info I expected it to have. All files from that program were to be considered shareware/freeware and could be used and distributed freely. The software maker had done this to avoid liabilities. It made perfect sense. He made a program he wanted people to use, he did not charge anyone for it and to avoid people coming after him for being nice, he made it all freeware. But whoever designs in that program, those data files are freeware too. So anyone can use it. How many programs do you think are out there built on that principle? Now consider those artistic idea’s, traded freely and there is nothing you can do about it.

That was part of the fear I had and as almost EVERYONE gave away their rights on social media, who profits? It seems to me, not the creator!

But then those in social media opted for that, however those on corporate networks and business internet connections did not opt for such futures. The question is, how protected are they from misuse of their data?

So how long until it is no longer about finding terrorists?

 

Leave a comment

Filed under Finance, IT, Law, Media, Politics

Tagged as , , , , , , , , , , , ,

September 16, 2013 · 04:31

The marks of trade

Even as we look into an abyss of unsettling economic prospects, we notice that many of the gadgets providing entities are still playing the high game for now. The fact of the matter is that even though many places are in recession, some places seem to be getting through and only a few are on the path of former comfort, all of the people are looking at some light point in their life, whether it is for them personally, or for the entire family. However, in the US there are the upcoming Thanksgiving Day and Christmas. A large portion of the world relies on Christmas day with a few places having an added feast of Saint Nicholas. Basically three moments the retail industry relies on these days to stop them from turning into Lemmings and run of the nearest cliff (could be an excellent game).

The following players (some of them) are:

  • Sony is going for the Playstation 4
  • Microsoft is going for the Xbox One
  • Nokia (a Microsoft company) is aiming at the Lumia 1020
  • Apple has a league of ‘new’ options, with all kinds of letters (and/or numbers).

So if these places have trademarks, then are they about protecting their recognisable design or expression. Yet, is that true, or is that what they proclaim they do?

What if their recognisable design becomes:

  • Playstation 4 – An average renewed system where they forgot about harddrive space?
  • XBox One – The place where your privacy truly went lost forever
  • Lumia 1020 – Another model, now with 41Mp camera, but where to store all those pics?
  • iPhone – more of the same and additional ways to run out of battery power before lunch.

So whist the brand (Apple, Microsoft, Nokia, Sony) have the one story, their products are getting different labels, and it is likely that the junior marketeers as stated ‘Junior’ seem to be not on par with HQ as it goes for the mission of the brand, and drop the ball all over as it comes to the product. When I see the trade shows, as I saw the stories and the way they try to hype the concept, I do wonder whether some of these ‘soldiers’ are on proper par with the concepts of trademark and long term damage that they seem to invoke.

So let us go over these ‘Trademarks’ in that order.

Playstation 4 – This is the one system I have decent levels of faith in. It’s initially weaknesses has been dealt with. The too small hard drive can now be upgraded. Mind you the 500 Gb should last a while, however, as 500Gb to 1 Tb is a mere $25 extra, so I wonder why 500Gb was chosen. If you spend an additional $100, you can upgrade immediately to 2Tb. I agree it is overkill, however upgrading once at start could prevent a 1-2 day loss down the line. I did it with my PS3 and never regretted it. ‘Sony, where storage was left at Kennard’s!’

XBox One – There have been loads of messages about online all the time, or even once a day. This has now been ‘removed’ as an issue as Microsoft no longer requires it. You see, it is so much better to get these people connected with a carrot then with a shotgun, so now the console comes with a free digital copy of FIFA 14. Which still needs to be downloaded! Whether this is only once, or the start to get people online in a sneakier way is yours to debate or conclude. Gamers for the most (the multi-player group) need to be online; the rest could be if the game is good. Many of the issues are about digital privacy fears. Some are realistic, some are speculated rumours, but a large portion is just absurd conspiracy theory. There was a rumour that deliveries were down, but this was denied by two sources. So in case you heard the 1 million less consoles on launch day, be sure to check your sources. I personally believe that the invasion of privacy was the biggest blast this trademark took. The additional issue of online once a day did not help, especially knowing how irritating broadband has been in plenty of places outside of the US. It would be nice to just dump this on Don Mattrick, yet I feel that this was not just his call and those above him should start taking a long hard look at the population of gamers. Calling this an ‘entertainment system’ instead of a ‘gaming console’ might seem nice and claiming that it will make you win the war is also nice, but the reality is that this multi-billion dollar market is all about gamers, not knowing that population will turn out to be ultimately fatal to the Microsoft XB-1 brand, no matter what else it can do.

Lumia 1020 – This is a new contraption. It has two sides. One, it is really fun to use (I tried it) and the camera abilities blew me away. Yet, the other side is that it is linked to Microsoft and they will have a few issues to deal with down the line (not just that weird OS). The device itself is no longer a Nokia device, or not in the traditional sense. Nokia was always the number one brand for me and it lost appeal as it was too slow moving into the smart phone world. They are coming back strong, but a 2 Gb ram when you have a 41Mp camera? Seems a little short sighted. So, they added a free 7 Gb SkyDrive option. Oh, wait? Is that not the place from Microsoft who gave their access to the NSA? So what about your privacy, not to mention the data usage price?

As you see, we are getting more and more towards the new Microsoft Trademark ‘Microsoft, because privacy is just an illusion!’ Is that fair? Not sure! You see, in the end I do not care whether the NSA gets access to my data. My worry is that overall, cyber criminals have more resources and abilities then we see at federal places. You know those small, massively underfunded places where they try to stop cybercrime (read FBI). The fact that the NSA gets access means that there is external access, which means that criminals get to have a go too. To that part I do object.

iPhone – the device that truly revolutionised smartphone and mobile usage is now going towards mobile phones in the same way Russia showed diversity for the S-300 (22 letters added over 30 years). Apple seems to forget to truly move their battery forward and in other fields of smartphones the iPhone is no longer regarded as the heralded winner. The device wants to be too much of everything and ends up coming up short in many of the fields they are in. So will the new Apple Trademark read ‘Apple – Master of none, drowning in some?’

There are plenty more devices out and about for the expensive festive season, yet it seems to me that some of the players entered that field by using spokespeople with a golf handicap equalling their IQ, or is that the other way round? When the digital world is entering the field where more and more possible ‘new’ consumers are updated through the net, it seems that their marketing and party lines need to get a massive overhaul and it should all get a much better mentor system then it currently seems to have.

Trademarks!

They might be seen as great assets, yet when those trademarks get assigned by the audience (example: Vodafail, because Vodafone just doesn’t connect) and it gives your brand itself a twist moving its customers towards to competition, you know you have problems coming (and many of these from your own board of directors).

 

Leave a comment

Filed under IT, Media

Tagged as , , , , , , , , , , , , , , , , , , , , ,