Times are changing and we have to learn new things all the time. People interested in privacy on the Internet have been faced with a flood of new acronyms and terms lately. Here comes a brief list of terminology that has remained fairly unknown for a long time, but suddenly become very central to how our cyber society is developing. Keep these in mind if you want to be privacy-savvy.
The best know signal intelligence system of the cold war era. Operated by the NSA and capable to store and analyze both data and telephone traffic globally. Today a legacy system.
FISA, Foreign Intelligence Surveillance Act
A US law that, together with other related laws and amendments, controls usage of non-US citizens’ communications for the benefit of US interests. Controls is however a misleading word as it pretty much boils down to carte blanche to spy on foreigners. This is of paramount importance for the whole Internet as most of the cloud services are run by American companies, and most users are foreigners.
FISC, FISA-Court, United States Foreign Intelligence Surveillance Court
A secret US court that is supposed to review and approve data gathering efforts under the FISA and related laws. Evil tongues call it a rubber stamp, but it has actually denied 11 requests out of a total of 33 949 during 1979-2012. (Some of those 11 were approved after modification.)
A court order to shut up about something.
GCHQ, Government Communications Headquarters
UK’s own NSA. Responsible for gathering info from Internet traffic for the needs of the UK government and military.
A former encrypted mail service run by Ladar Levinson. Became iconic in the fight for Internet privacy when closed down in August 2013. According to Ladar: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.” This smells NSL (see below) to high heaven.
NSA, National Security Agency
USA’s main signals intelligence agency. Operates globally to intercept and decode information. Recent reports indicate that NSA’s strategy largely seems to be to store as much information as possibly for further use, rather than picking targets and eavesdropping selectively. NSA is also a leader in cryptography and cryptanalysis, and is believed to have more supercomputer capacity than anyone else on this planet.
NSL, National security letter
An order from a US agency to hand over information or implement information gathering systems. These letters come with strict gag orders that even prevents the subject from revealing the existence of a NSL or seeking legal advice about it. Their legal status is controversial because of the broad gag orders that are in conflict with the 1st amendment. Anyone should keep the NSLs in mind when listening to top executives of Google, Facebook, Apple etc. who denies that NSA can tap into their systems.
Currently the best known of all the data gathering programs run by NSA. PRISM is apparently a database application that stores data from many sources.
SIGINT, Signals intelligence
Operations aiming to gather information by eavesdropping on communications and other signals or stored data. Involves the art of decoding or decrypting messages as well as gathering information by analyzing traffic patterns.
A system run by UK’s GCHQ that collects data in real time from internet and telephone communications.
Utah data center
A data center located in Bluffdale, Utah and operated by the NSA. The center is about to be finalized and believed to provide 3 – 12 Exabyte of storage data right now, more in the future as storage technology evolves. It has been said that five Exabyte is equivalent to all words ever spoken by humans since the dawn of time. This is outdated, but still interesting when trying to imagine how much an Exabyte really is. So what exactly is NSA going to do with all this storage?
A NSA system that gives analysts powerful tools to query for information about identified targets or suspicious patterns in larger datasets.
A person who makes crimes or other unethical activities known to a larger public, often by violating agreements or the law. A significant portion of what we know about SIGINT on the Internet has been revealed by whistleblowers.
Bruce Schneier: “First, be careful with names. PRISM is a specific NSA database, just a part of the overall NSA surveillance effort. The agency has been playing all sorts of games with names, dividing their efforts up and using many different code names in an attempt to disguise what they’re doing. It allows them to deny that a specific program is doing something, while conveniently omitting the fact that another program is doing the thing and the two programs are talking to each other. So I am less interested in what is in the specific PRISM database, and more what the NSA is doing overall with domestic surveillance.”
Very well said! Here you can find a more comprehensive list of NSA programs and codenames.
By Allen Scott, managing director of F-Secure UK and Ireland The internet and the industry which surrounds it is at a tipping point. The scramble to dominate in emerging product and service markets has led many organisations to lose sight of what the Internet should be. If things continue on this downward moral trajectory, we run the risk of breaching the rights of every person who uses it. As a general rule of thumb, violating customers and prospects is not a wise sales strategy. This is why the Trusted Internet is so important now, in 2015, to stem the tide. Half the world away The internet has morphed from a military funded academic computer network into the World Wide Web into what we know today. It has created new industries and billionaire business owners. It has made the world smaller by connecting people who would never otherwise have interacted. It has helped every person by making their life a little easier – from keeping in touch with family to being the number one resource for research on any given subject. It is hard to imagine life without it. Of course, not everyone is online…yet. Figures vary, but it is generally accepted that approximately 3 billion people are now connected to the internet. That is 42% of the world’s population. By 2018, it is estimated that half of the world’s population will be online. That means that every other person could have their human right to privacy (Article 12 of the Declaration of Human Rights) violated. It is unacceptable because it is avoidable. Personal data – the ultimate renewable resource The internet is now an extension of mankind. It is our marvellous creation and we are growing more and more dependent on it. The problem is that it is turning into a Frankenstein’s monster. We are so consumed with whether something (such as tracking people’s movements online) is possible, that the industry has forgotten to ask themselves whether they should. Morality has been pushed aside in the race to gain more personal data, for knowledge is power. Don’t believe how valuable data is? Just take a look at Google. A giant of the internet, it made over £11 billion in profit last year. Not bad for a company which gives away its services for free. Google collects so much data on its users that it is the fourth largest manufacturer of servers in the world. It doesn’t even sell servers! Personal data is big business. Advertisers pay a lot of money for profiles on people. What people like, where they live, who they are likely to vote for, whether they are left-handed – some marketing companies claim to have up to 1,500 points of interest on each individual’s profile. Are all of these ‘interesting points’ something which those people are happy to have shared? I doubt it. What about the Internet of Things Next up is the Internet of Things (IoT). A concept whereby a vast number of objects, from toasters to bridges, will be connected to the internet where they will share the data they collect. The benefits of this emerging network is that analysis of the data will lead to efficiencies and will make life easier still for people. For example, I could combine the data collected from my smartphone pedometer, my diet app and my watch’s heart monitor to analyse my health and make informed improvements. So far, so good. The IoT waters get a little murkier when you start asking who else has access to that data about me. Maybe I don’t mind if my doctor sees it, but I’m not comfortable with marketing companies or health insurers seeing that data. It’s private. We are fortunate that we are still in the fledgling stage of the IoT and have the opportunity to shape how it impacts our private lives. This is a relatively small window in which to act though, so we must be outspoken in order to protect people’s civil liberties. The ethical solution The next stage of internet development needs to be the Trusted Internet. People have the right to privacy online and it is entirely possible. Not every business and organisation online is part of the data-collecting frenzy. Some, like F-Secure, simply don’t care what you want to look up in a search engine or which websites you visit (unless they are malicious, of course!). We believe that your data is exactly that – yours. Until now, the internet has developed a taste for the free in people. Users have been reluctant to pay for services which they could get for free elsewhere. But now people are realising that when they don’t pay for the product, they are the product. With F-Secure, our customers are just that – customers. Being the customer, their data is their own. Our job is to protect them and their data. We believe that the internet should be a place for people to learn and interact. There shouldn’t be a price on this in the form of our privacy. If there should be a price, it should be monetary, so that people have the chance to buy the services they wish to use, rather than gaining access to services in exchange for personal information. I would happily pay to use Google, Facebook, LinkedIn or one of the many other sites which stakes claim to me when I sign up. We are the generation which created the internet. Let’s not be the generation which disposed of decency, respect and privacy too. [Image by Timo Arnall | Flickr]
This year’s Mobile World Congress (MWC) is coming up next week. The annual Barcelona-based tech expo features the latest news in mobile technologies. One of the biggest issues of the past year has enticed our own digital freedom fighter Mikko Hypponen to participate in the event. Hypponen, a well-known advocate of digital freedom, has been defending the Internet and its users from digital threats for almost 25 years. He’s appearing at this year’s MWC on Monday, March 2 for a conference session called “Ensuring User-Centred Privacy in a Connected World”. The panel will discuss and debate different ways to ensure privacy doesn’t become a thing of the past. While Hypponen sees today’s technologies as having immeasurable benefits for us all, he’s become an outspoken critic of what he sees as what’s “going wrong in the online world”. He’s spoken prominently about a range of these issues in the past year, and been interviewed on topics as diverse as new malware and cybersecurity threats, mass surveillance and digital privacy, and the potential abuses of emerging technologies (such as the Internet of Things). The session will feature Hypponen and five other panelists. But, since the event is open to public discussion on Twitter under the #MWC15PRIV hashtag, you can contribute to the conversation. Here’s three talking points to help you get started: Security in a mobile world A recent story broken by The Intercept describes how the American and British governments hacked Gemalto, the largest SIM card manufacturer in the world. In doing so, they obtained the encryption keys that secure mobile phone calls across the globe. You can read a recent blog post about it here if you’re interested in more information about how this event might shape the discussion. Keeping safe online It recently came to light that an adware program called “Superfish” contains a security flaw that allows hackers to impersonate shopping, banking, or other websites. These “man-in-the-middle” attacks can be quite serious and trick people into sharing personal data with criminals. The incident highlights the importance of making sure people can trust their devices. And the fact that Superfish comes pre-installed on notebooks from the world’s largest PC manufacturer makes it worth discussing sooner rather than later. Privacy and the Internet of Things Samsung recently warned people to be aware when discussing personal information in front of their Smart TVs. You can get the details from this blog post, but basically the Smart TVs voice activation technology can apparently listen to what people are saying and even share the information with third parties. As more devices become “smart”, will we have to become smarter about what we say and do around them? The session is scheduled to run from 16:00 – 17:30 (CET), so don’t miss this chance to join the fight for digital freedom at the MWC. [Image by Hubert Burda Media | Flickr]
No, you are almost certainly wrong if you tried to guess. A recent study shows that products from Apple actually are at the top when counting vulnerabilities, and that means at the bottom security-wise. Just counting vulnerabilities is not a very scientific way to measure security, and there is a debate over how to interpret the figures. But this is anyway a welcome eye-opener that helps kill old myths. Apple did for a long time stubbornly deny security problems and their marketing succeeded in building an image of security. Meanwhile Windows was the biggest and most malware-targeted system. Microsoft rolled up the sleeves and fought at the frontline against viruses and vulnerabilities. Their reputation suffered but Microsoft gradually improved in security and built an efficient process for patching security holes. Microsoft had what is most important in security, the right attitude. Apple didn’t and the recent vulnerability study shows the result. Here’s four points for people who want to select a secure operating system. Forget reputation when thinking security. Windows used to be bad and nobody really cared to attack Apple’s computers before they became popular. The old belief that Windows is unsafe and Apple is safe is just a myth nowadays. There is malware on almost all commonly used platforms. Windows Phone is the only exception with practically zero risk. Windows and Android are the most common systems and malware authors are targeting them most. So the need for an anti-malware product is naturally bigger on these systems. But the so called antivirus products of today are actually broad security suites. They protect against spam and harmful web sites too, just to mention some examples. So changes are that you want a security product anyway even if your system isn’t one of the main malware targets. So which system is most secure? It’s the one that is patched regularly. All the major systems, Windows, OS X and Linux have sufficient security for a normal private user. But they will also all become unsafe if the security updates are neglected. So security is not really a selection criteria for ordinary people. Mobile devices, phones and tablets, generally have a more modern systems architecture and a safer software distribution process. Do you have to use a desktop or laptop, or can you switch to a tablet? Dumping the big old-school devices is a way to improve security. Could it work for you? So all this really boils down to the fact that you can select any operating system you like and still be reasonable safe. There are some differences though, but it is more about old-school versus new-school devices. Not about Apple versus Microsoft versus Linux. Also remember that your own behavior affects security more than your choice of device, and that you never are 100% safe no matter what you do. Safe surfing, Micke Added February 27th. Yes, this controversy study has indeed stirred a heated debate, which isn’t surprising at all. Here’s an article defending Apple. It has flaws and represent a very limited view on security, but one of its important points still stands. If someone still thinks Apple is immortal and invincible, it’s time to wake up. And naturally that this whole debate is totally meaningless for ordinary users. Just keep patching what you have and you will be fine. :) Thanks to Jussi (and others) for feedback.