Smart objects, dumb ideas: your hyperconnected future (Pew/Elon 2016)

crestron-control-panel

We’re all going to hell in an IP-enabled handbasket.

The bland-looking control panel depicted above is the heart of a smart home – automated up the wazoo, so your fingers can play master of the universe with the lighting, audio system, appliances, heating and cooling, sprinklers, pool, spa, garage door – and your alleged security system.

Alleged because smart homes, cars and all the other items you’ll be connecting to the public automated-cat_feederInternet will offer unprecedented opportunites for hackers to infiltrate your life. Most personal devices like computers are already insecure enough. But so-called “smart” devices will be far more difficult for consumers to organize, update and secure than the familiar devices we can see and hold. (If you think any object in our lives will be spared, check out the automated cat feeder adjacent, courtesy Wikipedia.) Continue reading

Updating the Sony hack: FBI story not selling to crypto experts

sony-hacked-again

***

Here in a nutshell is how things stand a week after my original comments on the hack and Sony’s culpability:

  • Sony Pictures chair Michael Lynton has even more pointedly dodged any responsibility for the damage caused on November 24.
  • FBI director James Comey insists more than ever that North Korea engineered the hack.
  • A high-profile crypto expert, Marc Rogers, has just published a detailed critique of the claims made by the FBI and Sony.

Lynton’s lapses. In an interview last week for ABC News, Chairman Lynton said the following:

“We are the canary in the coal mine, that’s for sure. There’s no playbook for this, so you are in essence trying to look at the situation as it unfolds and make decisions without being able to refer to a lot of you’ve had in the past or other peoples’ experiences. You’re on completely new ground.”

Talk about revisionist history. In case you haven’t read my previous post, I lay out the michael-lynton-sony-2sordid 10-year history of Sony’s experiences in the so-called “coal mine.” Needless to say, Lynton has a vested interest in getting the audience to believe the November 24 attack came out of the blue. That makes him look less like a failed leader, and probably prevents him sinking even further into legal liability. Here are three highlights of the backstory he conveniently overlooks:

  • Sony Pictures itself (not the parent company) was hacked – with many of the same awful results – in the summer of 2011. No, November 24 didn’t happen without any “playbook.”
  • IT consultants hired by Sony Pictures in the summer of 2014 warned of numerous security vulnerabilities in their netwok, which management apparenty ignored.
  • Sony Corp’s fight with the hacker community began all the way back in 2005, with the Sony rootkit scandal, which produced years of conflict and plenty of guideposts to refer to, if the Lynton squad had been paying attention.

Continue reading

The GOP hack: making Kim answer for Sony’s 10-year online war

theinterview-rogen-franco

***

Sony Pictures, the White House and the FBI should get a medal for the greatest political marketing triumph of 2014.

kimjungununiformAfter the horror show following the November 24 hack of Sony Pictures by the Guardians of Peace (GOP), America rallied behind Washington’s theory that Sony was the hapless victim of a Cold War cyberattack. Kim is certainly an easy guy to dislike and no friend of the Americans – no friend of anybody but Kim for that matter. (He comes by it legitimately. His dad and predecessor once had an actor hired to play grandpa Kim Il-sung in a movie role, for which the actor underwent plastic surgery to more closely resemble a Kim; once the shoot was over, the actor was shipped off to a concentration camp.)

The triumph of Cold War marketing over any hint of Sony’s bad behavior is all the more remarkable given the nasty quarrels that have embroiled US stakeholders, press and critics of all stripes. Not to mention the fact that as recently as New Year’s Eve, cryptographer Bruce Schneier and others were still casting doubt on the official claim that the hack was carried out by the Kim regime.

_____________________________________________________________________________

Lining up for The Interview as an exercise in patriotism

“The fact that they’re showing this movie shows that America still has a backbone regardless of the critics,” said Jay Killion, a golf pro who caught a screening at Tower City Cinemas in Cleveland.

Continue reading

The NSA and an escalating battle over Internet privacy

post-beach

Beach at Brighton, UK, August 2013

~~~~

“I would rather have a rectal examination on live TV by a fellow with cold hands than have a Facebook page.” — George Clooney, Sept 2009

“To the engineers, I say this: we built the Internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it.” — Bruce Schneier, Sept 2013

~~~

Update (Sept 9). More evidence of the damage to online privacy politicians can cause without any help from spooks or decryption… TorrentFreak is running a story about British PM David Cameron and his alarming online content filter. Mobile carriers in the UK must have the filter turned on by default to block content that may be considered “harmful” to children. As the story points out: “The filter mainly targets adult-oriented content, but one provider now says that VPN services also fall into this category as they allow kids to bypass age restrictions.” In other words, the use of a VPN service like WiTopia, which I describe at the end of this post, may turn out to be illegal. Without the anonymity provided by tools like VPNs (virtual private networks), the public cannot expect to have any reasonable measure of privacy on the Internet.

Update 2 (Sept 9). ISOC has issued a statement strongly condemning the US government’s attack on the Internet’s core encryption technologies. An excerpt:

“The Internet Society believes that global interoperability and openness of the Internet are pre-requisites for confidence in online interaction; they unlock the Internet as a forum for economic and social progress; and they are founded on basic assumptions of trust. We are deeply concerned that these principles are being eroded and that users’ legitimate expectations of online security are being treated with contempt. … Security is a collective responsibility that involves multiple stakeholders. In this regard, we call on:

  • Those involved in technology research and development: use the openness of standards processes like the IETF to challenge assumptions about security specifications.
  • Those who implement the technology and standards for Internet security: uphold that responsibility in your work, and be mindful of the damage caused by loss of trust.
  • Those who develop products and services that depend on a trusted Internet: secure your own services, and be intolerant of insecurity in the infrastructure on which you depend.”

ssl-3

This summer, the Snowden NSA revelations greatly altered priorities in the battle for an otherwise enduring goal: keeping the Internet secure and open for use by us ordinary folk.

VerizonLogo1True, some things never change. Persistently the enemy of reason and fair play, Verizon will have its day in court on September 9, when it begins arguments before the D.C. Circuit as to why the FCC’s network neutrality rules should be torn up into little pieces, cremated and cast into the Chesapeake Bay. The carrier claims the FCC has no possible grounds for imposing such rules; is acting capriciously by trying to do so; and is threatening Verizon’s First Amendment rights into the bargain. As Harold Feld of Public Knowledge wrote in his policy blog:

“Just like Verizon FiOS decides whether or not to carry Al Jazeera America, and on what terms, Verizon argues it has the right to decide whether or not to go to AlJazeera.com, and on what terms.”

Abuse as a feature, privacy as a bug

fb-like-2Which brings us to Facebook and another unsettling story about risks to privacy. Facebook has once again given not just movie stars and world-renowned cryptographers like Bruce Schneier but a billion other people compelling reasons to worry about their privacy. Not that this is news. Abusing everyone’s privacy – in part by changing the abuse policy regularly – is a Facebook feature not a bug. This month it’s not even changing policy, just “clarifying” it. As the LA Times noted:

“The new language says users automatically give Facebook the right to use their information unless they specifically deny the company permission to do it. At the same time, Facebook made it more complicated to opt out.”

Continue reading