Images

Some essential additions to our Internet glossary

1390397_79061953_330Times are changing and we have to learn new things all the time. People interested in privacy on the Internet have been faced with a flood of new acronyms and terms lately. Here comes a brief list of terminology that has remained fairly unknown for a long time, but suddenly become very central to how our cyber society is developing. Keep these in mind if you want to be privacy-savvy.

Echelon
The best know signal intelligence system of the cold war era. Operated by the NSA and capable to store and analyze both data and telephone traffic globally. Today a legacy system.

FISA, Foreign Intelligence Surveillance Act
A US law that, together with other related laws and amendments, controls usage of non-US citizens’ communications for the benefit of US interests. Controls is however a misleading word as it pretty much boils down to carte blanche to spy on foreigners. This is of paramount importance for the whole Internet as most of the cloud services are run by American companies, and most users are foreigners.

FISC, FISA-Court, United States Foreign Intelligence Surveillance Court
A secret US court that is supposed to review and approve data gathering efforts under the FISA and related laws. Evil tongues call it a rubber stamp, but it has actually denied 11 requests out of a total of 33 949 during 1979-2012. (Some of those 11 were approved after modification.)

Gag Order
A court order to shut up about something.

GCHQ, Government Communications Headquarters
UK’s own NSA. Responsible for gathering info from Internet traffic for the needs of the UK government and military.

Lavabit
A former encrypted mail service run by Ladar Levinson. Became iconic in the fight for Internet privacy when closed down in August 2013. According to Ladar: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.” This smells NSL (see below) to high heaven.

NSA, National Security Agency
USA’s main signals intelligence agency. Operates globally to intercept and decode information. Recent reports indicate that NSA’s strategy largely seems to be to store as much information as possibly for further use, rather than picking targets and eavesdropping selectively. NSA is also a leader in cryptography and cryptanalysis, and is believed to have more supercomputer capacity than anyone else on this planet.

NSL, National security letter
An order from a US agency to hand over information or implement information gathering systems. These letters come with strict gag orders that even prevents the subject from revealing the existence of a NSL or seeking legal advice about it. Their legal status is controversial because of the broad gag orders that are in conflict with the 1st amendment. Anyone should keep the NSLs in mind when listening to top executives of Google, Facebook, Apple etc. who denies that NSA can tap into their systems.

PRISM
Currently the best known of all the data gathering programs run by NSA. PRISM is apparently a database application that stores data from many sources.

SIGINT, Signals intelligence
Operations aiming to gather information by eavesdropping on communications and other signals or stored data. Involves the art of decoding or decrypting messages as well as gathering information by analyzing traffic patterns.

Tempora
A system run by UK’s GCHQ that collects data in real time from internet and telephone communications.

Utah data center
A data center located in Bluffdale, Utah and operated by the NSA. The center is about to be finalized and believed to provide 3 – 12 Exabyte of storage data right now, more in the future as storage technology evolves. It has been said that five Exabyte is equivalent to all words ever spoken by humans since the dawn of time. This is outdated, but still interesting when trying to imagine how much an Exabyte really is. So what exactly is NSA going to do with all this storage?

XKeyscore
A NSA system that gives analysts powerful tools to query for information about identified targets or suspicious patterns in larger datasets.

Whistleblower
A person who makes crimes or other unethical activities known to a larger public, often by violating agreements or the law. A significant portion of what we know about SIGINT on the Internet has been revealed by whistleblowers.

This list of secret NSA programs and codenames is far from complete. Security guru Bruce Schneier puts it very well in a TED interview together with our Mikko Hyppönen.

Bruce Schneier: “First, be careful with names. PRISM is a specific NSA database, just a part of the overall NSA surveillance effort. The agency has been playing all sorts of games with names, dividing their efforts up and using many different code names in an attempt to disguise what they’re doing. It allows them to deny that a specific program is doing something, while conveniently omitting the fact that another program is doing the thing and the two programs are talking to each other. So I am less interested in what is in the specific PRISM database, and more what the NSA is doing overall with domestic surveillance.”

Very well said! Here you can find a more comprehensive list of NSA programs and codenames.

Safe surfing,
Micke

More posts from this topic

842710939_d8f092ed9f_b (1)
April 28, 2016
BY 
Why press freedom matters and how tech can help

World Press Freedom Day: Why it Matters and How Tech Can Help

Finland is home to the freest news media in the world, according to Reporters Without Borders. It's fitting, then, that the annual UNESCO World Press Freedom Day conference will be held in Helsinki this year, May 2-4. Freedom of information is a topic that's close to our heart. We were fighting for digital freedom before it was cool - yes, before Edward Snowden. A free press is foundational to a free and open society. A free press keeps leaders and authorities accountable, informs the citizenry about what's happening in their society, and gives a voice to those who wouldn't otherwise have one. Journalists shed light on issues the powers that be would much rather be left in the dark. They ask the tough questions. They tell stories that need to be told. In a nutshell, they provide all of us with the info we need to make the best decisions about our lives, our communities, our societies and our governments, as the American Press Institute puts it. That's a pretty important purpose. But it can also be a dangerous one. Journalists working on controversial stories are often subject to intimidation and harassment, and sometimes imprisonment. Sometimes doing their job means risking their lives. According to the Committee to Protect Journalists, 1189 journalists have been killed worldwide in work-related situations since 1992, when they began counting. 786 of those were murdered. Freedom of the press and digital technology are inextricably intertwined. Journalists' tools and means of communication are digital - so to protect themselves, their stories and their sources, they also need digital tools that enable them to work in privacy. Encrypted email and messaging apps. Secure, private file storage. A password manager to protect their accounts. A VPN to hide their Internet traffic and to access the content they need while they're on assignment abroad. F-Secure at World Press Freedom Day It's because press freedom and technology are so intertwined that it's our honor to participate in this year's World Press Freedom Day conference. Here's how we'll be participating in the program: Mikko Hypponen, Chief Research Officer at F-Secure, will keynote about protecting your rights. Tuesday May 3, 14:00 to 15:45 Erka Koivunen, our Cyber Security Advisor, will participate in a pop-up panel debate on digital security and freedom of speech in practice. Tuesday May 3, 15:45 – 16:15 Sean Sullivan, our Security Advisor, will be on hand to answer journalists' questions about opsec tools and tips. One of our lab researchers, Daavid, will be inspecting visitors' mobile devices for malware. We'll feature our VPN, Freedome.   Check out our Twitter feed on May 3 for livestream of Mikko's and Erka's stage time.                 Banner photo: Getty Images

April 27, 2016
BY 
Internal startups are a way for big companies to innovate and adapt.

Why an Internal Startup Could Be Companies’ New Recipe for Success

AirBNB. Uber. These are but two examples of disruptive startups that are popping up to challenge big organizations' legacy mindsets and business models. Digitalization has completely shaken the world, and companies have two options: adapt to stay in the game, or be left behind in a cloud of dust. But it's hard to turn a big ship around. That's why F-Secure's Harri Kiljander, Janne Jarvinen and Marko Komssi believe that a great way for companies to accelerate innovation is to bring the startup model in-house. They've collaborated with peers from other organizations in a new ebook, The Cookbook for Successful Internal Startups. The book is a practical guide to establishing and running an internal startup. An internal startup, they say, is a great route to cheaper innovation execution and faster time to market. And the three have experience to draw on: F-Secure has developed its VPN product, Freedome, its password manager, Key, and its smart home security device, Sense, all as internal startups. The book pulls together F-Secure's learnings as well as the learnings of other companies who use the model. I caught up with Harri, Janne and Marko to talk about the internal startup scene. What is your definition of a startup? Harri: A startup is an organization that is established to build a new product or a new service under a significant uncertainty. Trying to do something new that doesn't exist yet, and constrained by a lack of established processes or budgets or resources. Janne: To me, a startup is the means to build something new and disruptive, and build it as fast as possible, with the intention of scaling as quickly as possible. You're not trying to make something that just a few people can do for a living, but you're trying to build up a big business quickly from something new. Marko: A startup is an entity that is searching for a scalable, profitable business model. It differs from a company in that a company has already found its business model. Why do you want to encourage big companies to form internal startups? Harri: Big companies are really good at doing old things. An internal startup is great way to introduce new ways of working and to try developing and launching new and better products and services. Janne: All companies want to explore new areas, but in the established organization it's difficult to start something new. With an internal startup, you don't worry about the existing organizational structures. From a company perspective, because the startup is not embedded into the larger organization, it's easier to handle and it's easier to see whether it's producing results. It also gives employees the chance to be involved in something new. How has the internal startup model been beneficial for F-Secure products Freedome and Key? Harri: One of the key elements has been the rapid development and feedback cycle - the classic cycle of build, measure, learn. Build something, release it, gather feedback from users and markets, and then adjust your product, pricing, channels, etc. The more rapid you can make this cycle, the higher the likelihood of being able to generate success. Janne: We built Freedome and Key much faster as internal startups than we would have done in the traditional way. The global launch took place just nine months after the idea, and that's extremely fast. Marko: Freedome was incubated in strategic unit, not the business unit. It had more freedom as it was able to work independently, without being under any existing business pressure. What is the biggest advantage an internal startup has over an independent startup? Harri: The ability to access the big company resources, including free labor and expertise. In a big company there are a lot of experienced people who yes, may be stuck with old ways of working, but they still have lots of experience and know about doing business. Marko: Access to the company lawyers, marketing competence, PR, company name brand, social media channels with established followings, etc. A startup has to pay for everything or get the competence somehow, whereas a big company has it in house. And vice versa, what is the biggest advantage an independent startup has over an internal startup? Janne: It's not constrained by a company's mindset and objectives, so it has more freedom. However, once an independent startup gets financing, the people writing the checks will start to want some control anyway, so in that sense it's not so different from an internal startup. Marko: The feeling of ownership. The independent startup team really feels that they own the idea. With an internal startup you somehow still feel that you are a company employee first. So ownership is weaker in an internal startup and that has an impact. What do you hope people take away from the startup cookbook? Harri: I hope people get a spark of courage to establish this kind of exercise in their own established organization. If they're not sure how to go about it, they are welcome to contact the writers of the book and we might be able to help them. Even big organizations can do things fast if they follow the recipes or principles we outline in the book. Janne: I hope people in large organizations see that they can explore new areas using this model. Our goal is to really help people learn from other companies' experiences so that they don't have to learn everything on their own. Read The Cookbook for Successful Internal Startups The Cookbook for Successful Internal Startups was created by the industrial organizations and research partners of Digile’s Need 4 Speed program. F-Secure is the driver company of N4S and Janne Järvinen leads the N4S consortium. Harri Kiljander is Director of Privacy Protection, Janne Jarvinen is Director of External R&D Collaboration, and Marko Komssi is Senior Manager, External R&D Collaboration at F-Secure.

April 26, 2016
BY