Category Archives: privacy

Meanwhile back in the real world: Cyber Security Questions

If the American media can get off the horse race/predictable elections tangent it’s been on of late, there are some stories needing far more explication and analysis than they’ve received, a not-so-modest-list on one topic:

Cyber Security:  There are questions in this realm that need to be explored, and if I had my druthers there would be far more discussion of —

(1)  How individuals can secure their data, or at the very least be assured that the results of data mining operations can be regulated such that breaches can be minimized and misuse mitigated?  If you aren’t a bit disturbed by recent Congressional action to allow the collection and compilation of your information from the Internet to the providers — without your consent, and certainly without paying you for it — then please give this another thought or two.   There’s been entirely too much “ho hum” attached to reports of data breaches.  This, in the face of the fact that 47% of data breaches in 2015 were either malicious or criminal in nature.  In 2015 Anthem Inc. was hit, 80 million customers at risk; in 2014 Ebay was hit, 145 million customer records were compromised; also in 2014 76 million JPMorganChase customers had their data in peril. [Bankrate]

There have been other breaches, which hit the news flaring like a roman candle on the 4th of July, and then flaming out of view just as quickly.  Ok, the subject matter is technical and explanations can be tedious, but aside from advising people to secure their data and change passwords, etc. the media has been behind the story in too many cases.

(2) No state Secretary of State and no local election officials want to be the subject of allegations they’ve not secured voter information.  Our ears should perk up when any one or more of these officials say things even remotely related to “it can’t happen here.” We know that this has happened in at least 39 states, and it obviously DID happen here.  Again, if “meddlers” (a kind word for foreign interests — Russian) want to muddle our elections then a break-in to election rolls, coupled with a few changes here and there, mixed with the already documented problems with the Cross Check program, is an obvious recipe for serious issues.

Update:  And the the WTF Moment — Secretary of State Tillerson says his desire is to work with the Russian government on…Cyber security.  We might want to wait on this until we find out the full extent of Russian efforts to intrude on our election systems and election information sources??

(3) Now, imagine that a breach can be made of such things as the Republican National Committee data on US voters. Oh wait.  It has been left vulnerable, for 12 days no less, simply sitting in a cloud file in a nicely packaged spreadsheet format– of nearly 200 million people.  This may not count as a “breach,” perhaps more like a giant leak.  And, will this major spill be investigated?  Broadly reported? Endlessly analyzed?  If the past is any indicator — probably not.  Yet, if major parties or marketers are allowed (maybe even encouraged) to compile large files of voter/customer data, then what liability do these entities have in terms of securing what has been collected?

Common sense would appear to dictate that “if you collect it you must secure it.”  Further, we need to ask: Are current penalties for storing data in such a state that it is vulnerable to attack sufficient to deter collectors from sloppy data management systems? If you haven’t heard talking heads opining on this lately,  neither have I.

Perhaps we should.

Advertisements

Comments Off on Meanwhile back in the real world: Cyber Security Questions

Filed under Politics, privacy, Privacy and Civil Liberties Oversight Board, Voting

From Deep Throat to Deep Root: Republicans Careless With 200 Million Voter Files

Oh for the Olden Times when the Grand Old Party had its individual and collective knickers in a twist over Secretary Clinton’s “carelessness” with State Department e-mails on <clutch pearls here> a private server…  However, now we have to visit the Business and Technology section of the Washington Post to find the following:

“Detailed information on nearly every U.S. voter — including in some cases their ethnicity, religion and views on political issues — was left exposed online for two weeks by a political consultancy which works for the Republican National Committee and other GOP clients.

The data offered a strikingly complete picture of the voting histories and political leanings of the American electorate laid out on an easily downloadable format, said cybersecurity researcher Chris Vickery. He discovered the unprotected files of 198 million voters in a routine scan of the Internet last week and alerted law enforcement officials.” (emphasis added)

Translation:  Data mined information on 198 million Americans was  collected, collated, compiled, and then left for 12 days in an UNPROTECTED STATE for the eyes of any and all — criminal identity thieves, criminal scammers, and anyone who didn’t want to go to the bother of hacking into any server in any location.  For 12 days all this information was out there, like the food on a buffet — those in line just had to recognize what was on offer.

Where are the calls for hearings?  The Outraged cries for an investigation into how this could have happened?  The questions as to how we might be able to guarantee something this horrendous doesn’t happen again.

If a “good guy” could find this data during a “routine scan” what might happen when someone with less admirable intentions conducts a targeted scan of what’s available on American voters?

Let this sink in.

Comments Off on From Deep Throat to Deep Root: Republicans Careless With 200 Million Voter Files

Filed under Politics, privacy, Public Records, Vote Suppression, Voting

Follow the Money: The Internet No-Privacy Act in the 115th Congress

The Verge offers a public service for American voters, compiling the votes on the Internet No-Privacy Bill HJRes 43 and the money received from Big ISPs.  Thus we discover that Senator Dean Heller received $78,950 from industry sources, which doesn’t put him “up there” with the $251,110 given to Senator Mitch McConnell, and the $215,000 awarded to Senator John Thune, but nevertheless a nice contribution.

Representative Mark Amodei (R-NV2) received a tidy $22,000 contribution from the industry coffers.

What the resolution does is muddy the waters about enforcement of FCC rules, Verge explains:

“That brings us to the privacy rules. Through a rarely invoked law, Congress was able to take back the privacy rules set by Wheeler, effectively undoing his interpretation of what the Telecom Act says about customer data. That leaves a gap: we don’t know how Chairman Pai will interpret the law, or what rules he’ll set. He might replace them with looser rules that take after the FTC or wait to roll back the Title II interpretation overall. But until he acts, we can’t say for sure what carriers will be allowed to do.

At the same time, the absence of firm rules could be the whole point. Pai is a free-market conservative, and believes that companies will typically find the optimal solution without government interference. Holding off on setting new rules could be right in line with that philosophy, leaving companies to make their own judgments on customer data without fear that they’ll be punished for overstepping FCC guidelines. Unfortunately for privacy-minded consumers, that would leave few legal protections for private data shared with carriers.”

That last line is rather chilling.

What the advertisers want is a land amenable to “granular personalized targeting,” read advertising directed to specific consumers for specific products and services.  Those advertisers can just as easily be political groups and organizations.

The final irony is that Our information may be aggregated and sold to the highest bidders, but members of Congress are protected.  The ‘yes’ votes may be saying, in essence, “I’ve got my privacy, you try to get yours.”

Comments Off on Follow the Money: The Internet No-Privacy Act in the 115th Congress

Filed under Amodei, Heller, Internet, Politics, privacy

SJR 34 and Your Internet Privacy

The purpose of SJR 34 (and HJR 86) was simple: To allow Internet Service Providers to collect and sell your Internet browsing history.  Not only did Senator Dean Heller support this, he signed on as a co-sponsor of the bill on March 7, 2017, one of 23 sponsors to do so.  Who’s impacted by this? Anyone who links through Comcast (17 million customers), AT&T (another 17 million customers), Time Warner Cable (add another 14 million customers), Century Link (additional 6.4 million customers), Charter (another 5 million customers), and a host of smaller providers. [Ecom] (See also PEcom)

Nevada customers of AT&T, Verizon, Comcast, Time Warner, Charter, Cox and others, are also among those whose private browsing history can be tracked, collected, and sold off. [into link]

It seems bad enough to have the ISPs sell off information about browsing history to advertisers, who after browsing one day for sneakers, would want to be bombarded by advertising for the next year with sneaker ads?  Browsed for ‘best garden supplies?’ Expect ads for plant food, fertilizers, spades, and wheelbarrows for eternity? Then the scenarios become more pernicious.

Browse for information on asthma? Not only is the human browser now in line for a multitude of ads for medications, but there’s a hint here that some personal medical history may have been collected and sold.  The same issue might be raised about those looking up symptoms and treatments for everything from pediatric illnesses to Alzheimer’s Disease.  Thus far we’re only talking about the initial sales, and the use of the collections by commercial advertisers. However, there’s a question about what constitutes a buyer for the information?

The buyer might not have to be, for example, the Interpublic Group of New York City, one of the nation’s largest advertising firms. Could the buyer be the WPP Group of London, UK? Or, the Dentsu Group, of Tokyo. Could the buyer be RMAA, the largest advertising firm in Russia? Is there any protection in the bill to prevent the secondary sale of browser histories from an advertising agency to a data management and analysis company? What we have herein is a bill to allow the transfer of massive amounts of valuable data collected from individuals in the United States to the highest bidder, with little or no consideration of the after effects.

Gee, let’s hypothesize that I’m a foreign power with some experience dabbling in US state and national elections.  Let’s also assume that the foreign power is familiar with inserting ‘bots’ to drive traffic to particular websites, or insert fake news, confirmation bias ‘news,’ and other practices into the research patterns of American Internet users. What do I want? I want data on where those people ‘go’ on the Internet; the better I know my ‘target’ the better I can hone my message. Do those who go to Senator Bilgewater’s site also tend to go to sites concerning wildlife preservation?  If I can put these two bits of information together I can more effectively insert advertising either for or against the Senator. I can more effectively insert phony information into my messaging for the supporters or opponents of Bilgewater.  In short, I can ‘dabble’ more efficiently. Even more bluntly, have we handed our adversaries more ammunition for their advertising and propaganda guns?

The Senate twin in the House (HJR 86)/SJR 34 passed on March 28, 2017, only Representative Mark Amodei (R-NV2) voted in favor of the bill; Representatives Kihuen, Titus, and Rosen voted against it. [RC 202]

At the risk of facetiousness  on a serious topic, when Jill, of downtown East Antelope Ear, NV, goes online to search for a bargain on bed sheets, does she find herself viewing a plethora of ads for sex toys, a result of Jack’s periodic perusal of pornography sites? Would a simple search for high thread count sheets yield the splitting of those sheets in the Jack and Jill household? At least Jack and Jill will know whom to call about the issue — Senator Dean Heller and Representative Mark Amodei, who thought selling browser histories to be a grand idea at the time.

Comments Off on SJR 34 and Your Internet Privacy

Filed under Amodei, Heller, Internet, media, Nevada politics, Politics, privacy, Republicans, Titus

Trump Invites Cyber Attack

Cyber Attack Combo If you have a computer and use the Internet read the following statement from candidate Donald Trump very carefully:

“When asked about documents stolen in a cyber attack on the Democratic National Committee’s servers, (1) Trump suggested hackers had also breached Clinton’s personal email server.

“By the way, if they hacked, they probably have her 33,000 emails. (2)  I hope they do,” the GOP nominee told reporters, referring to Russia, who security experts suspect was behind the hack. “They probably have her 33,000 emails that she lost and deleted.”

He also addressed the country directly: (3) “Russia, if you’re listening, I hope you can find the 33,000 emails that are missing. I think you will probably be rewarded mightily by our press.” [TPM] [numbering added]

Let’s begin with Number One. The e-mails are a piece of the interminable GOP Benghazi nothing-burger which to date has yielded the participation of no less than 10 Congressional investigations; 252 witnesses called to testify, 62 hours of publicly available hearings, and 13 published reports – none of which indicate that Secretary Clinton did anything wrong.  But, there is always hope in GOP hearts. A hope expressed by Trump, who offered ZERO evidence that the hack included Clinton’s personal server.  He has no evidence her server was hacked – he just hopes so.  Let that sink in a second.

Number Two: He hopes they hacked her server.  Who hopes for someone else to be the victim of a cyber-attack?  Does anyone really wish for the Russians or any other source to cyber-attack anyone in the United States of America?  Is he really saying that he hopes a foreign power hacked one of our government officials?   After 10 Congressional investigations, an FBI report, and every single published report exonerating the former Secretary of State of any illegal activity – Trump is still wishing for something, anything, to come to light which would assist his political campaign.  This is Richard Nixon on steroids.  This isn’t keeping an “enemies list,” or “taping Oval Office conversations.” This is actively seeking assistance from a foreign power (probably the Russians) to get results of cyber-attacks on the United States of America.

Number Three: Now witness the stretch in the Trump Tweet.

Trump Cyber Attack Tweet If the Russians, or some other power, has found deleted e-mails then Trump wants them “handed over.”   On Twitter, Trump wants the e-mails handed over to authorities, but during the press conference he suggests that the media will jump all over the opportunity to publish them for click bait.  And, all this without offering a single attributable FACT that the deletions are “illegal,” or that they would contain any information relevant to the  investigations.

Worse still for Mr. Trump, there has been an FBI investigation and the security logs show NO evidence of any foreign hacks on the server in question. [NYT] [WaPo]  Therefore, all we can say is that Mr. Trump is trying to perpetuate the Fox News mythology of “missing e-mails” and not-very-smoking guns.  And yet more bad news for the mythologizers, the hacker who made claims about getting into Secretary Clinton’s e-mail server flat out lied. [PCWorld]

Let’s Get Serious

Mr. Trump’s anodyne platitudes and sweeping generalizations notwithstanding – there are a couple of things that he obviously doesn’t understand.

First, there’s cyber-war.  He called American efforts “obsolete.” I suppose we might thank him for suggesting that our enemies could safely underestimate our capacity. However, all sides understand  this is not the case.  For a more in-depth report on Mr. Trump’s inadequacies in regard to the nature and effectiveness of the U.S. cyber arsenal please read this piece in the Atlantic.

Secondly, there’s the insidiousness of suggesting that any foreign power should be applauded for gaining access to U.S. information via cyber-attacks.

In August 2015, Russian hackers carried out a cyber-attack on the Pentagon.  The attack shut down the unclassified e-mail system for the Joint Staff for about two weeks.  No classified information was accessed, nothing was stolen, and only unclassified accounts were involved in the cyber-attack – thank goodness. [USNWR]  However, we have to believe that there will be other, more sophisticated, and more egregious attacks to come.  Is Mr. Trump suggesting that if the Russians found out something useful for his campaign they should turn it over to the FBI and the Press? – From the Pentagon?

In June 2015, we learned the Chinese had hacked the computers of the Office of Personnel Management. The agency estimated about 4.2 million federal employees were affected, including 1.5 million who are members of the U.S. military. [WSJ]  Is Mr. Trump suggesting the hackers hand over any information which might be of any use to his campaign to the FBI and the Press?

Cyber-attacks aren’t playground dodge ball. Those who unsure of this proposition should read the articles in Wired, Business Insider, and Ars Technica on Stuxnet and Nitro Zeus.  For a truly nightmare scenario, imagine an attack on the U.S. electrical grid. [The Hill] Just such an attack happened in Ukraine last December. [Wired]  Is Mr. Trump suggesting that the Press might find it amusing to have the power go out in a major U.S. city during a campaign event for his opponent, Secretary Clinton?

The bottom line is that NO ONE, should be rooting for a cyber-attack, for any reason under any circumstances. NO ONE should be rooting for a foreign power to find a way into our secure information, our military operations, our personnel files, our electrical grid, our defense contractors, our banking institutions, our hospitals, our schools, or our retailing systems.

NO ONE.

Comments Off on Trump Invites Cyber Attack

Filed under Politics, privacy, Republicans

Culture Wars in the Potty

Iron Age

Once upon a time, for example back in the Iron Age, patriarchal bands hunted, planted, and herded.  Their story was collected, passed down, and now is accepted by some as literal. [AlterN]  Unfortunately, the Iron Age Rules of the Game don’t fit for everyone in the 21st century.  If one of the central rules was an “iron-clad” patriarchal system in which women were only “help-meets,” and daughters could be sold into slavery, [Exodus 21:7]   then it’s plausible that the biblical literalists might be disturbed by the autonomy of the modern era.  However, that’s no excuse to badger everyone into believing urban myths and blatantly false propaganda about women and members of the LBGT community.

As the backlash builds to the HB2 law in North Carolina, die-hards in Texas are doing a bit of chest pounding, declaring that the President can’t tell them to accommodate the needs of transgender children. [TPM]  The Lt. Governor offering:

“We will not yield to blackmail from the President of the United States,” Patrick said in a press conference responding to the administration’s letter. “We will not sell out our children to the federal government. And the people of Texas and the legislature will find a way to find as much of that money as we can if we are forced to. There is no compromise on this issue.”

He said that the debate over bathrooms “is the biggest issue facing families and schools in America since prayer was taken out of public schools.”

The biggest issue facing families and schools? Really?  This potty issue would be more important than the fact that the 2011 educational budget cuts are still having an effect [TXTrib], and that current budget levels have Texas ranked 38th in the nation? [DMN]  Or, perhaps there’s a more simple way of addressing the issue, such as the logic put forth by an Oklahoma legislator speaking of a bill to ban abortions:

“This is our proper function, to protect life,” said Senator Nathan Dahm, the Republican lawmaker who authored the bill, with fellow state Republican colleague David Brumbaugh confusingly adding, “Everybody talks about this $1.3 billion deficit. If we take care of morality, God will take care of the economy.” [InJust]

That’s right. If “we take care of morality then God will provide for the schools,  infrastructure, revenue streams, median household incomes, and corporate profits?  Surely, if we just follow all those Iron Age rules in the book – or at least the ones we want to – eating shrimp is OK? Wearing blended fabric clothing is all right? – then Life will take care of itself.  Leaving a person to wonder what ever happened to “God helps those who help themselves?”

Golden Rule

Or perhaps more importantly, what ever happened to the rules and advice imparted by Luke 6: 31, or by Number 13 of Imam Al-Nawawi’s Forty Hadiths, or Sutrakritanga 1.11.33, or Udana-Varga 5:18?

If we take a step further into Biblical territory we find:

“There are six things that the Lord hates, seven that are an abomination to him: haughty eyes, a lying tongue, and hands that shed innocent blood, a heart that devises wicked plans, feet that make haste to run to evil, a false witness who breathes out lies, and one who sows discord among brothers.” Proverbs 6: 16-19

Thus, spreading false information about gay, lesbian, bi-sexual, and transgendered people is abominable? Publishing misinformation and outright lies about Planned Parenthood is hateful?  Disseminating that which is harmful to individuals who do not share a particular interpretation of the Iron Age Rules is abominable?

It is NOT true that homosexuals are more likely to be pedophiles and child molesters. [UCDavisEdu] It is NOT true that transgendered people are a hoax. [MMA] It is NOT true that transgendered people just want to ogle the opposite sex in the restroom.  That’s the province of the immature.  What’s required to play the Potty War Games according to the Iron Age rules is to discount and discredit actual scientific research with statements like:

“I am not convinced by any science I can find that people with definitively male DNA and definitively male anatomy can actually be locked in a cruel joke of nature because they are actually female.” [MMA

The correct interpretation of this statement is  “I am perfectly willing to deny and discredit any scientific findings which don’t comport with my opinions,”  even if doing so is harmful to others.

And, accommodating the needs of transgendered children certainly isn’t harmful.  The LAUSD has already implemented a policy of accommodation for a decade with positive results:

“Opponents of A.B. 1266 have expressed concerns that students will abuse the policy, imperiling the safety of others. But our experience stands in stark contrast to such fears: In all the years since the LAUSD implemented its policy, we have encountered nothing but positive results. We are committed to providing safe schools for all children. Our equal access policy enhances, rather than diminishes, school safety.” [HuffPo]

Absent anything other than acceptable results in states that do have statutes protecting transgendered individuals, conservative media has resorted to contriving situations designed to make people uncomfortable and then reporting it as “news.” [EM.org]

rest room sign

What would happen if we were to follow the Big Rule, the one in Luke 6:31 et. alia., and thought of our rest room accommodations accordingly?  A single person’s discomfort is not an excuse for discrimination against – a transgendered person, a person in “gastric distress” who needs to find the first facility immediately available, a young father who wants to change his baby’s diaper, a father or mother escorting a child to the toilet – anyone who’s just trying to get by doing to others as he would have them do unto him.

Comments Off on Culture Wars in the Potty

Filed under abortion, conservatism, gay issues, privacy, religion

There were some weddings in Las Vegas

Rainbow Flag 2 Some couples got married in Las Vegas, NV yesterday, a headline which now joins “Dog bites man,” and “Spring Flowers Bloom” in the archives of conspicuous banality.   The question in Nevada shifted from “could it ever happen?” to “will it happen?” to “how come it has taken so long?”  [more from Ralston]

Conservatives who are still uncomfortable with the idea of letting a relatively small number of homosexual citizens in the state take on the joys and obligations of marriage may not take much comfort in the thought that part of their message over the last 30 years has been received:  Government should not intrude on our private lives.  And, when we’re talking about truly private matters – who can argue with that?

It’s never been a simple matter to claim religious authority in the public sphere.  It’s especially difficult in a country in which initial religious practice ranged from the Brownists in Plymouth – marriage was an invention of man without scriptural authority, to Catholics in Maryland – marriage was a sacrament. [CJPH]   However, it’s also never been a simple matter to avoid entangling religious beliefs and political ideologies – witness the Rovian formula welding Patriotism and Christianity for the benefit of the Republican Party.

The result has been a right wing conglomeration of the fiscal ultra-conservative (Grover Norquist) added to the religious ultra-conservative (Patriot Pastors) mixed with the military/financial interests (Koch Brothers, Wall Street).  At some point the seams start ripping.

Small But Not Too Small?

It’s impossible to have “small government” if the government is tasked with supervising individual sexual behaviors.  It’s impossible to have “small government” if the government is charged with executing statutes on family matters and women’s individual healthcare decisions.

It’s impossible to have “small government” while maintaining a military budget of at least $682 billion – as large as the combined military budgets of the next ten highest national budgets combined. [WaPo]  And, it’s impossible to have “small government” if we also want to secure fiscal and economic stability.  We tried ‘de-regulation’ and what we got was Enron and Lehman Brothers – and the worst economic disaster since the Great Depression of the 1930s.

Now the frazzle shows up in the religious realm.  It’s now impossible to anchor a political ideology on a  floating buoy – public opinion has moved remarkably on same sex marriages in the last decade.  What was a useful wedge issue in 2004 has become something to avoid in 2014.  Witness the palaver over Blundermeister John Boehner’s decision to campaign on behalf of a gay Republican in California? [TDB]

No majority is ever permanent. No radical ideology is ever secure.

Comments Off on There were some weddings in Las Vegas

Filed under Nevada politics, privacy, religion, Republicans, Rove