jump to navigation

“Another BRIC in the Wall”; 2012- The Year of Internet Regulation? February 27, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , ,
add a comment

The Internet started life in the 1960s as a project funded by DARPA known as ARPANET. ARPANET was decommissioned in 1990 and in 1995 NSFNET was decommissioned opening the network for commercial use.  The Internet was officially born.  The impact of the Internet on science, culture, and politics cannot be overstated.  The Internet is a wordwide network of interconnected computers.  It operates without a centralized governing body although ICANN and the DNS root changes are primarily governed by the US.  The fact that the Internet allows for the free flow of information and that it is not ‘regulated’ in a conventional sense is what makes the Internet such powerful tool for science, revolution, politics, medicine, education and about every other aspect you can image, as well as such a threat to some.

On December 8th, 2011 FCC Commissioner Robert McDowell stated: The communications public policy effort that may affect all of us the most in 2012, however, will take place far from our shores. As we sit here today, scores of countries, including China, Russia and India (*the RIC in BRIC), are pushing hard for international regulation of Internet governance.  While we have been focused on other important matters here in the U.S., the effort to radically reverse the long-standing international consensus to keep governments from regulating core functions of the Internet’s ecosystem has been gaining momentum. The reach, scope and seriousness of this effort are nothing short of massive. But don’t take my word for it. As Russian Prime Minister Vladimir Putin said last June, “the goal of this effort is to establish “international control over the Internet using the monitoring and supervisory capabilities of the International Telecommunications Union.” (more…)

“Caveat Emptor”- Facebook reading private text messages?! February 27, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.
Tags: , , , , , , ,
add a comment

UPDATE: According to Facebook, this story was incorrect.  To ensure the accuracy of my own reporting, here is their statement taken from MSNBC: “The Sunday Times has done some creative conspiracy theorizing but the suggestion that we’re secretly reading people’s texts is ridiculous. Instead, the permission is clearly disclosed on the app page in the Android marketplace and is in anticipation of new features that enable users to integrate Facebook features with their texts. However, other than some very limited testing, we haven’t launched anything so we’re not using the permission. If we do, it will be obvious to users what’s happening. We’ll keep you posted on our progress.” (more…)

GPS At Risk of Jamming… February 23, 2012

Posted by Chris Mark in InfoSec & Privacy, weapons and tactics.
Tags: , , , , ,
add a comment

There is a good article on Foxnews about the risk of the GPS network.  Our GPS network is a series of satellites that are geosynchronous orbit about 12,000 above Earth.  Basically your GPS receiver receives a time code from three or more satellites and calculates the position by simple triangulation.  The civilian satellites are ‘open’ and require not authentication and have no encryption although the military GPS can use encryption.  According to Todd Humphries of the University of Texas: “The civil GPS signal’s completely open and vulnerable to a spoofing attack, because they have no authentication and no encryption,” … “It’s almost trivial to mimic those signals to imitate them and fool a GPS receiver into tracking your signals instead of the authentic ones.”  If you consider how prevalent GPS has become it could clearly be a target for terrorists or others with bad intentions.    In doing some basic research I found a number of GPS jammers on sale over the Internet for between $100US and $500US.  It should be noted that GPS jammers are illegal in the US.

With Privacy the Sum May Be Greater than the Parts February 17, 2012

Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management.
Tags: , , , , ,
add a comment

Information Security can be described as the protection of data while privacy is defined as the appropriate use of data.  Volumes of data is collected on all of us every day.  Some of the data we voluntarily provide in exchange for additional benefits and services (airline mile programs, loyalty shopper programs, for example).  Other data we unknowingly provide such as shopping history. Regardless, we expect the custodians of the data to use it appropriately and maintain privacy.  Unfortunately, sometimes company’s pursuit of profits causes them to walk a very fine line as far as privacy is concerned.  The following is an example of where a company arguably violated the tenets of privacy while possibly not violating any laws.

According to a story reported recently, Target figured out a teenage girl was pregnant from her shopping history and inadvertently told her family.  The end result is that 1) Target knew (statistically they are right 90% of the time), and 2) Target, by sending pregnancy related coupons to the girl, informed her family that she was pregnant, without her knowledge or consent.  Here is how it happened. (more…)

A Rant about Risk- Rock Climbing with a 2 year old January 31, 2012

Posted by Chris Mark in Risk & Risk Management.
Tags: , , , , ,
add a comment

Today on NBC Sports there was an article about  woman rock climbing with her 2 year old strapped to her back.  The toddler is not wearing a helmet.  When asked she explained: “I can appreciate if you didn’t realize how safe the environment I was in, it could be worrying, but I was top-roping which means if you fall you don’t fall any further than where you came off.”  She further opined: “It is the safest form of climbing you can do…Health and safety legislation and the sue and blame culture mean so many people are nervous, so afraid of getting into trouble, and taking small risks. Life is all about risks, whether that’s something as simple as getting in your car every day or climbing up a rock face.”  This reminded me of a debate I had several years ago.

I was talking with a company about protecting personally identifiable information (PII) as required by law.  The company’s response was: “It is too expensive to comply.  I will take the risk.”  The problem lies in that the data that they are required to protect is not their information.  While the data itself (bits and bytes) may belong to the company the information represented by the bits and bytes is the property of the person to which it refers.  In short, it is not the company’s risk to assume as it is not their property.  If I want to publish my own personal data on the Internet, I can do so and assume the risk…it is my data.  A third party cannot assume risk for me…without my permission.   This is why companies are required to protect PII, NPI, PHI, and other forms of personal data.

In much the same way this woman can free climb naked (alone) if she chooses.  It is her risk to assume.  Whether her style of climbing is the safest does not mean it is without risk.  It is a less risky than free climbing but any form of rock climbing is an inherently risky activity.  The 2 year old does not have the ability to state whether she wanted to climb or not.  Where I have issue with the woman is her attitude of: “life is all about risks…”  Granted but some peoples’ lives are about taking more risks than others.  As adults we can make the decision to base jump, free climb, skydive, or race motorcycles.  When we include others in our risky behavior without their consent, it becomes problematic.