Category: Privacy, Surveillance, & Security

Source: Why the NSA Should Delete Its Data on Americans – The Atlantic

Software vulnerabilities aren’t the only thing that the NSA stockpiles. Four years ago, the American public learned that the agency hoovers up metadata pertaining to the private communications of most every adult in this country. … What if the U.S. government never itself abused the system it built, but failed to safeguard its contents?

The likelihood of the trove’s eventual theft strikes me as significant (and that is assuming that a foreign government or group of hackers hasn’t already gotten any of it). The NSA failed to stop Snowden from taking some of its most closely held secrets. It failed to stop the Shadow Brokers from taking some of its most closely held cyber weapons and deploying them against innocents, including Americans. Why expect it to successfully safeguard its most closely held trove of metadata?

To keep it in the hands of the NSA, given its track record, is folly. All data the NSA retains on Americans should be erased now before it falls into the wrong hands. And Congress should pass data-retention laws that force categories of private corporations, which are often even less capable of safeguarding the data that they amass, to purge whole categories of sensitive information at regular intervals. How many breaches must we witness to give up on securing and start deleting?

Source: TSA Plans to Use Face Recognition to Track Americans Through Airports | Electronic Frontier Foundation

Even as late as May 2017, CBP recognized that its power to verify the identification of travelers was limited to those entering or leaving the country. But the TSA Modernization Act would allow CBP and TSA to collect any biometrics they want from all travelers—international and domestic—wherever they are in the airport. That’s a big change and one we shouldn’t take lightly. Private implementation of face recognition at airports only makes this more ominous.

This vast data collection will also create a huge security risk. As we saw with the 2015 Office of Personnel Management data breach and the 2017 Equifax breach, no government agency or private company is capable of fully protecting your private and sensitive information. But losing your social security or credit card numbers to fraud is nothing compared to losing your biometrics. While you can change those numbers, you can’t easily change your face.

Source: Should all locks have keys? Phones, Castles, Encryption, and You. – YouTube, by CGP Grey

On the internet a digital lock must protect you from not just the neighborhood burglar but all burglars everywhere. On the internet there’s no such thing as distance.

Continue reading Should all locks have keys? Phones, Castles, Encryption, and You. – YouTube

Source: Obscurity is a Valid Security Layer

risk = probability X impact

This means you lower risk (and increase security) by doing one of two things:

1. Reducing the probability of being attacked, or…
2. Reducing the impact if you are attacked.

…
The key point is that both methods improve security. The question is really which should you focus on at any given point. Is adding obscurity the best use of my resources given the controls I have in place, or would I be better off adding a different (non-obscurity-based) control?

Source: When it comes to internet privacy, be very afraid, analyst suggests | Harvard Gazette

Consumers are concerned about their privacy and don’t like companies knowing their intimate secrets. But they feel powerless and are often resigned to the privacy invasions because they don’t have any real choice. People need to own credit cards, carry cellphones, and have email addresses and social media accounts. That’s what it takes to be a fully functioning human being in the early 21st century. This is why we need the government to step in.
…
Opting out doesn’t work. It’s nonsense to tell people not to carry a credit card or not to have an email address. And “buyer beware” is putting too much onus on the individual. People don’t test their food for pathogens or their airlines for safety. The government does it. But the government has failed in protecting consumers from internet companies and social media giants. But this will come around. The only effective way to control big corporations is through big government.