Images

Some essential additions to our Internet glossary

1390397_79061953_330Times are changing and we have to learn new things all the time. People interested in privacy on the Internet have been faced with a flood of new acronyms and terms lately. Here comes a brief list of terminology that has remained fairly unknown for a long time, but suddenly become very central to how our cyber society is developing. Keep these in mind if you want to be privacy-savvy.

Echelon
The best know signal intelligence system of the cold war era. Operated by the NSA and capable to store and analyze both data and telephone traffic globally. Today a legacy system.

FISA, Foreign Intelligence Surveillance Act
A US law that, together with other related laws and amendments, controls usage of non-US citizens’ communications for the benefit of US interests. Controls is however a misleading word as it pretty much boils down to carte blanche to spy on foreigners. This is of paramount importance for the whole Internet as most of the cloud services are run by American companies, and most users are foreigners.

FISC, FISA-Court, United States Foreign Intelligence Surveillance Court
A secret US court that is supposed to review and approve data gathering efforts under the FISA and related laws. Evil tongues call it a rubber stamp, but it has actually denied 11 requests out of a total of 33 949 during 1979-2012. (Some of those 11 were approved after modification.)

Gag Order
A court order to shut up about something.

GCHQ, Government Communications Headquarters
UK’s own NSA. Responsible for gathering info from Internet traffic for the needs of the UK government and military.

Lavabit
A former encrypted mail service run by Ladar Levinson. Became iconic in the fight for Internet privacy when closed down in August 2013. According to Ladar: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.” This smells NSL (see below) to high heaven.

NSA, National Security Agency
USA’s main signals intelligence agency. Operates globally to intercept and decode information. Recent reports indicate that NSA’s strategy largely seems to be to store as much information as possibly for further use, rather than picking targets and eavesdropping selectively. NSA is also a leader in cryptography and cryptanalysis, and is believed to have more supercomputer capacity than anyone else on this planet.

NSL, National security letter
An order from a US agency to hand over information or implement information gathering systems. These letters come with strict gag orders that even prevents the subject from revealing the existence of a NSL or seeking legal advice about it. Their legal status is controversial because of the broad gag orders that are in conflict with the 1st amendment. Anyone should keep the NSLs in mind when listening to top executives of Google, Facebook, Apple etc. who denies that NSA can tap into their systems.

PRISM
Currently the best known of all the data gathering programs run by NSA. PRISM is apparently a database application that stores data from many sources.

SIGINT, Signals intelligence
Operations aiming to gather information by eavesdropping on communications and other signals or stored data. Involves the art of decoding or decrypting messages as well as gathering information by analyzing traffic patterns.

Tempora
A system run by UK’s GCHQ that collects data in real time from internet and telephone communications.

Utah data center
A data center located in Bluffdale, Utah and operated by the NSA. The center is about to be finalized and believed to provide 3 – 12 Exabyte of storage data right now, more in the future as storage technology evolves. It has been said that five Exabyte is equivalent to all words ever spoken by humans since the dawn of time. This is outdated, but still interesting when trying to imagine how much an Exabyte really is. So what exactly is NSA going to do with all this storage?

XKeyscore
A NSA system that gives analysts powerful tools to query for information about identified targets or suspicious patterns in larger datasets.

Whistleblower
A person who makes crimes or other unethical activities known to a larger public, often by violating agreements or the law. A significant portion of what we know about SIGINT on the Internet has been revealed by whistleblowers.

This list of secret NSA programs and codenames is far from complete. Security guru Bruce Schneier puts it very well in a TED interview together with our Mikko Hyppönen.

Bruce Schneier: “First, be careful with names. PRISM is a specific NSA database, just a part of the overall NSA surveillance effort. The agency has been playing all sorts of games with names, dividing their efforts up and using many different code names in an attempt to disguise what they’re doing. It allows them to deny that a specific program is doing something, while conveniently omitting the fact that another program is doing the thing and the two programs are talking to each other. So I am less interested in what is in the specific PRISM database, and more what the NSA is doing overall with domestic surveillance.”

Very well said! Here you can find a more comprehensive list of NSA programs and codenames.

Safe surfing,
Micke

More posts from this topic

Charlie

I really miss Benjamin Franklin!

January 7th was a sad day. The Charlie Hebdo shooting in Paris was both an attack on free speech and fuel for more aggression against Muslims. And controversially also fuel for even more attacks against free speech. The western society’s relation to free speech is very complicated nowadays. Officially it is still valued as a fundamental right. But it is also seen as a threat, even if politicians are very keen to masquerade free speech reductions as necessary security improvements. British PM Cameron’s recent debacle is an excellent example. In his opinion, there must not be any form of communication that the authorities can’t listen in to, which would mean restrictions on encryption. Non-digital metaphors are usually a good way to explain things like this. This is as smart as banning helmets because they make it harder to recognize criminals riding motorcycles. French president Francois Hollande wanted to join the party and proposed a law making internet providers responsible for users' content in their services. The idea was to make companies like Facebook and Twitter monitor all communication and call Paris as soon as someone talks terrorism. This goes even further than Cameron as it actually would force companies to do the police’s work. But should the phone company also be held responsible if it turns out that a terrorist has been allowed to place calls? And maybe even send mail delivered by the postal service? Hollande did of course not include those as they would help people understand how crazy the idea is. Anything can be misused for criminal purposes. But trying to make providers of things responsible is just madness and hurts the whole society and economy. The important point here is naturally that freedom of speech is a much broader concept than what Charlie Hebdo utilizes. The caricatures express our freedom to communicate publicly without censorship. But there is also another dimension of free speech. Everybody has the right to choose whom they communicate with and whom a message is intended for. This is not just about secrecy and privacy, it is really about being free to exchange opinions without worrying about them being used against you later by some third party. This dimension of free speech would of course not exist in Cameron’s ideal society. So no Cameron and Hollande, you are definitively not Charlie! It’s sad that the great “Je Suis Charlie” -movement has become a symbol for both freedom of speech and hypocrisy. Didn’t you really see anything wrong in first marching in support of Charlie Hebdo in Paris, and then immediately attack freedom of speech yourself? It takes courage to be a leader and balance between security and freedom. Today we really need leaders like Benjamin Franklin, who had guts and said things like “Freedom of speech is a principal pillar of a free government; when this support is taken away, the constitution of a free society is dissolved, and tyranny is erected on its ruins.” and “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”   Safe surfing, Micke   Image by Markus Winkler @ Flickr under CC BY-SA 2.0 via Wikimedia Commons Benjamin Franklin quotes from wikiquote.org

Jan 29, 2015
BY 
F-Secure shares tips to protect your data on Data Privacy Day

It’s Data Privacy Day, and Companies Know More About You Than Ever

Nowadays companies know more about you than ever. But do you know what they’re doing with all your data? Today's Data Privacy Day, and at F-Secure we usually talk a lot about defending your personal data from online criminals: the likes of hackers, scammers and WiFi snoops. But today we'd like to talk a little about how your privacy can be invaded completely legally - by private businesses who collect your data, and how you can protect yourself. We give companies unprecedented access to our personal info and shopping habits. We give knowingly, such as when we fill out a website form. We also give in ways we may not be aware of, in the case of online advertisers who track our clicks around the web and gain insight into our interests and preferences. These advertisers are building up detailed, extensive profiles about us so they can target us with online ads we'll be more likely to click on. The apps we install garner even more of our information. Not to mention what we give to social networks and our email providers. The result: a mass of digital data is spread around about each of us that's super difficult to control. An Adroit Digital study found that 58% of respondents aren't comfortable with the amount of information they have to give to get special offers or services from retailers, and 82% are uncomfortable with the amount of information online advertisers have about them. And according to a survey by SAS, more than 69% of respondents agree that recent news events have increased their concerns about their data in the hands of businesses. News events like all-too-common data breaches, no doubt. But there's also a skepticism of what businesses and organizations may do with the data they are entrusted with. Last week, for example, Americans were shocked to learn that their government’s healthcare website had been quietly funneling consumers’ personal details along to advertising and analytics companies. At F-Secure, we've always been extremely conscious about the responsibility we have to respect the privacy of our customers' data and content. We recently put our core privacy principles into a structured form and shared them with the world - and Micke delved into them in a recent 3-part series. We also are passionate about helping you protect your own privacy - which is why we've created privacy-centered products like Freedome, which keeps online advertisers out of your business by blocking tracking. At the very least, we hope to inspire you to be, if not already, a little more aware of your data trail. So in celebration of Data Privacy Day, here are a few tips for helping you keep from spreading your data too far: 6 Tips for Defending Your Personal Data Check before committing. If your relationship with a business means you’ll be giving up a lot of data to them, check for a privacy policy or principles that outline how they use customer data Choose privacy. Turn on Private or Incognito mode in your web browser so that websites can’t use cookies to identify you Check your settings. Use this handy list to check your privacy settings on all the most popular sites, from ecommerce to social media and more. Provided by the folks behind Data Privacy Day. Search carefree. Use F-Secure Search, our free search engine that makes sure your search history is not stored anywhere or linked to you Get informed. Use F-Secure App Permissions, our free app that lets you know what information you’re giving up to the apps you’ve installed on your phone Keep advertisers at arms' length. Use F-Secure Freedome, our privacy app that blocks third-party online advertisers from following you around the Web. Freedome is available for a free 14-day trial here.   Happy Data Privacy Day!   Image courtesy Philippe Teuwen, flickr.com  

Jan 28, 2015
BY