Category Archives: Privacy

Lyrics for a Surveillance Society – The Hacking Suite for Governmental Interception

Lyrics by Hacking Team. Music by Azerbaijan, Bahrain, Egypt, Ethiopia, Kazakhstan, Morocco, Nigeria, Oman, Saudi Arabia, Sudan, and several United States agencies including the DEA, FBI and Department of Defense.

Criminals and terrorists rely on mobile phones, tablets, lap tops and computers equipped with universal end-to-end encryption to hide their activity. Their secret communications and encrypted files can be critical to investigating, preventing and prosecuting crime. Hacking Team provides law enforcement an effective, easy-to-use solution. Law enforcement and intelligence communities worldwide rely on Hacking Team in their mission to keep citizens safe. The job has never been more challenging or more important.

You have new challenges today

Sensitive data is transmitted over encrypted channels

Often the information you want is not transmitted at all

Your target may be outside your monitoring domain

Is passive monitoring enough?

You need more ….

You want to look through your target’s eyes

You have to hack your target

While your target is …. Browsing the web, Exchanging documents, Receiving SMS, Crossing the borders

You have to hit many different platforms – Windows, OS X, Linux, Android, iOS, Blackberry, Windows Phone, Symbian

You have to overcome encryption and capture relevant data – Skype & Voice Calls, Social Media, Target Location, Messaging, Relationship, Audio & Video

Being stealth and untraceable

Immune to protection systems

Hidden collection infrastructure

Deployed all over your country

Up to hundreds of thousands of targets

All managed from a single place

Exactly what we do

Remote Control System – Galileo – The Hacking Suite for Governmental Interception

Hacking Team – Rely On Us

ENDS

Does anyone have experience of “KAYMERA MOBILE THREAT DEFENSE SUITE”

We are looking at this platform in parallel with the SaltDNA app which I previously posted about.

Kaymera has a pre-installed secured Android OS with integrated high-end security components to detect, prevent and protect against all mobile security threats without compromising on functionality or usability. A contextual, risk-based app uses a range of indicators to identify a risk in real-time and apply the right security measure so mitigation is performed only when needed and appropriate. Their Cyber Command Centre framework manages and enforces organization-specific permissions, security protocols and device policies. Monitors risk level, threat activities and security posture per device and deploys countermeasures.

Any thoughts welcome.

ENDS.

The USA, Narcissistic Rage, A Sense of Entitlement & Holding Our Rights Hostage

The US is taking a giant shit on all of us, and our rights. And we are letting them. This is a nation that is currently led by extremists who inherited the job from a crazily compromised administration.

I previously wrote in All The Presidents’ Messes:

“In my lifetime the American people have elected Nixon (Vietnam, Laos, Cambodia), Ford (by accident), Carter (Iranian Revolution & Iran Hostage debacle), Reagan (Funded the Taliban / Iran-Contra Affair / Nicaragua / El Salvador / Guatemala), Bush the First (Gulf War I), Clinton (Somalia, Rwanda, Haiti / Israel-Palestine / Ethnic Wars in Europe – Croats, Serbs and Bosnian Muslims / Kosovo & Albania), Bush the Second (Iraq / Afghanistan), Obama (IRANDEAL, global appeasement, the relatively unopposed rise of ISIS, and the disintegration of Syria and Libya and Egypt as a result of US Foreign Policy failures) and now Trump.”

All US policy decisions and their side-effects, one way or the other, cascade down into our European democracies. In the current climate that should worry you.

Privacy Is An Absolute Right

I am interested in Privacy. The abuse of Privacy (1) has far more fundamental negative effects than might seem to be the case at first glance.

I am an advocate for the right of every citizen to a private life, the preservation of civil liberties, and the defence of other hard won rights. Technology or rather its unfettered deployment is the single biggest threat to our personal freedoms and by extension to the proper administration of justice.

And so I write about it. Sometimes the writing is a bit technical but most of the time it’s referencing the technical results of other peoples work to support my arguments (which I always acknowledge – most important that is)

Orwell 4.0

Technology facilitated developments have created new tools for the State, Law Enforcement, and Intelligence Agencies to monitor not just person’s of interest but everyone (2). Software industry greed and software developer naivety is also driving an assault on our personal privacy and security (3).

These phenomena have already resulted in wholesale abuses (4) of habeas corpus, an alteration of the perception of what constitutes a fair trial, have worn down the right to silence of a suspect, made the avoidance of self-incrimination almost impossible, made illegal searches and seizures (5) acceptable, and encroached on the ability of defendants to construct a proper defence.

Recently, Graham Cluley (@gcluley) posted a clarification of a definition on Twitter“It’s always bugged me how people say “Innocent until proven guilty”. It’s “Innocent *unless* proven guilty” folks.” – that is worth thinking about in an age of trial by media and JTC-as-a-Service (JTC – Jumping to Conclusions a.k.a Fake News).

In parallel with this there is an increasing trend of “ordinary” crimes being tried in “extra-ordinary” courts, tribunals, or military courts. The checks and balances that used to notionally counter the power of the state and where the actions of government could be publicly scrutinized has almost ceased to effectively exist.

Surveillance politics, the rise of extremists on the left and the right, religious fanaticism, the re-emergence of censorship and even actual talk of “blasphemy laws” in the parliaments of Western democracies leaves one bewildered. How will we fare when even newer technologies such as VRSN, and AI with even greater capacity to embed themselves in our lives begin to mature from the novel stage into the deployment stage?

What will be the effect of kinematic fingerprinting, emotion detection (6), psychographic profiling (7), and thought extraction (8) on the right to privacy and basic freedoms. These are questions and concerns that get lost in the rush to innovate. Software companies and developers have a responsibility but they do not exercise it very often.

What are the ethics? What are the acceptable limits? What are the unforeseen by-products?

The US Has Claimed “Absolute Privilege”

The US is the bully on the block and its “bitch” friends the UK (9), Canada, New Zealand (10), & Australia (11) just follow its lead or actively facilitate them.

The opacity of US laws (12) and SIGINT collection methods is an abuse of the rights of every defendant that comes in front of their Courts. Increasingly, that is just about anybody that they can lay their hands on, from anywhere (13).

The election of Trump just solidified my view that the world has turned upside down and it seems that taking action to reverse the trend of the normalisation of the abnormal (14) is a Sisyphean task and just seems to encourage the buggers (15).

The US position on most of these matters is ephemeral – not just on data protection (16) – and US national interest, national security, or just plain duplicity (17) governs their agenda.

There is so much abuse of power by the US that it is impossible to keep tabs. These things used to matter (18). These things used to enrage us (19). The US has led a race to the bottom on so many fronts that the rest of the world seems to be suffering from bad news fatigue (20) and has zoned out (21).

It is individuals and NGO’s now that are the gatekeepers of our rights and the ones that hold governments to account and increasingly they are being marginalized.

References

(1) Anonymous Chronic; 21st Nov 2016; NSA, GCHQ, The Five Eyes Handing Ireland Cyber-Security Opportunity; AirGap Anonymity Collective

(2) Anonymous Chronic; 21st Nov 2016; Mass Surveillance & The Oxford Comma Analogy; AirGap Anonymity Collective

(3) Anonymous Chronic; 21st Nov 2016; Software Industry Greed is Driving the Assault on our Privacy & Security; AirGap Anonymity Collective

(4) Kim Zetter; 26th Oct 2017; The Most Controversial Hacking Cases of the Past Decade; Wired

(5) Andy Greenberg; 10th Oct 2014; Judge Rejects Defense That FBI Illegally Hacked Silk Road – On A Technicality; Wired

(6) Anonymous Chronic; 3rd Jan 2017; Orwell 4.0: The Stealth Advance of Kinematic Fingerprinting & Emotion Detection for Mass Manipulation; AirGap Anonymity Collective

(7) Anonymous Chronic; 4th Feb 2017; Is Kosinski “Tesla” to Nix’s “Marconi” for Big Data Psychographic Profiling?;AirGap Anonymity Collective

(8) Ian Johnston; 18th Apr 2017; Device that can literally read your mind invented by scientists; Independent

(9) Anonymous Chronic; 30th Nov 2016; My Privacy Lobotomy or How I Learned to Stop Worrying & Love the IP Act; AirGap Anonymity Collective

(10) Anonymous Chronic; 3rd Nov 2016; Overwatch – The Five Eyes Espionage Alliance; AirGap Anonymity Collective

(11) Anonymous Chronic; 21st Nov 2016; Australia Is A Proxy War for the Five Eyes & Also Hogwarts; AirGap Anonymity Collective

(12) American Civil Liberties Union & Human Rights Watch; 21st Nov 2016; Joint letter to European Commission on EU-US Privacy Shield; Human Right Watch)

(13) Tom O’Connor; 6th Jul 2017; Russia Accuses US of Hunting and Kidnapping Its Citizens After Latest Arrests; Newsweek

(14) Anonymous Chronic; 29th Jan 2017; Take Action To Reverse The Present Trend Of The Normalisation of the Abnormal; AirGap Anonymity Collective

(15) Anonymous Chronic; 2nd Dec 2016; Silencing the Canary & The Key Powers & Reach of The IPA; AirGap Anonymity Collective

(16) Mary Carolan; 10th Mar 2017; Max Schrems claims US data privacy protections ‘ephemeral’; The Irish Times

(17) Shelley Moore Capito – United States Senator for West Virginia; 2nd Jul 2017; Stop Enabling Sex Traffickers Act of 2017; https://www.capito.senate.gov/

(18) Adam Taylor; 23rd Apr 2015; The U.S. keeps killing Americans in drone strikes, mostly by accident; The Washington Post

(19) HRW; 9th Dec 2014; USA and Torture: A History of Hypocrisy; Human Rights Watch

(20) Shannon Sexton; 30th Aug 2016; Five Ways to Avoid ‘Bad-News Fatigue’ and Stay Compassionately Engaged; Kripalu Center for Yoga & Health

(21) Susanne Babbel Ph.D.; 4th Jul 2012; Compassion Fatigue; Psychology Today

In Chamberlain-esque Pose EU Declares “Privacy in our Time”

The notional purpose of the EU-US Privacy Shield is to establish a framework that allows personal data for commercial purposes to be transferred between the European Union and the United States.

Personal data that is received by US companies operating in Europe is ostensibly governed by EU privacy laws. Pick any notable US organization and they have an office in Europe, typically serving the EMEA region.

But for the purposes of this rant suffice to say that we need only consider Google, Apple, Microsoft, Twitter, and Facebook (a.k.a “Farcebook”).

Do not buy into the high profile privacy battles that these organizations now raise high as examples of their commitment to their customers’ privacy. These are PR tactics.

All of these organizations were more than happy to be secretly willing accomplices to US intelligence agency antics and law-breaking before their activities were exposed and they suffered a backlash. They have been vigourously back-pedalling and papering over the cracks ever since. It is all meaningless posturing.

They are inherently compromised, every day, and in every way.

The EU-US Privacy Shield replaces what was called the International Safe Harbor Privacy Principles (ISHPP). Lofty names for a veneer that actually contains no verifiable substance or oversight when you examine the vast amount of exceptions and undermining laws that in fact render them all moot.

In late 2015 , the ISHPP was declared invalid in its entirety by the EU at a hearing in the European Court of Justice.

But like a smarmy salesperson, the US simply flicked the pages on the sales brochure asking “well, what about this?” – “no?” – “this?” – “no?” – “this?” – until some browbeaten Brussels technocrat bought the bullshit and agreed a new name for the same abuses.

In the usual garbled and meaningless language of the European Commission it was declared on 2nd February 2016 that the EU and the US had found new common ground on the privacy issue and an “Adequacy Decision” was published. (What exactly is an “Adequacy Decision” when it is at home eating chips and eavesdropping on its neighbours?)

In a Chamberlain-esque pose the EU held up this new agreement and declared that it was “…. equivalent to the protections offered by EU law.”

It is not.

ENDS

For more scholarly and considered thinking, read Joint letter to European Commission on EU-US Privacy Shield (July 26, 2017) from Human Rights Watch and Amnesty International to the European Commission to urge a re-evaluation of its Implementing Decision 2016/1250 on the adequacy of the protection provided by the EU-U.S. Privacy Shield on the basis that the United States of America (United States) does not ensure a level of fundamental rights protection regarding the processing of personal data that is essentially equivalent to that guaranteed within the European Union (EU).

Boiling Privacy Frogs

I really wish that I understood more about psychology and the human condition. The behaviour that puzzles me over and over again and for which I have no explanation is our ability to observe something happening that is detrimental to us in every way and yet do nothing.

It is the “Boiling Frog Phenomenon” which was allegedly a 19th century science experiment where a frog was placed in a pan of boiling water, the frog quickly jumped out. However, when the frog was put in cold water and the water slowly boiled over time, the frog did not perceive the danger and just boiled to death. The hypothesis being that the change in temperature was so gradual that the frog did not realize it was boiling to death.

To demonstrate the same effect in terms of the privacy, surveillance, unwarranted government intrusion debate just trace the evolving public attitude to the J. Edgar Hoover’s Subversive Files, COINTELPRO, The Iraq WMD Lie, Snowden & PRISM, and WikiLeaks Vault 7.

I have come to the conclusion that in relation to our right to privacy that we are all frogs in tepid water, the temperature of which is starting to rise rapidly, and we have no intention of jumping out.

ENDS

The Laurel & Hardy of Cybersecurity

When Turnbull and Brandis shuffle off to some home for the bewildered in a few years it is all of us that will be left with the legacy of their carry-on.

Here are some of the victories that these two beauties have presided over, and they don’t even know how it works, not even a little bit:

In an effort to drag the continent out from under the “stupid boy” stereotype, the Lowy Institute for International Policy, has just attempted to polish a turd by proposing that despite everything “Australia might be on the right encryption-cracking track” after all.

“From a cyber security perspective, as Patrick Gray has pointed out, sufficient safeguards could be placed around these ‘updates’ to ensure that they couldn’t be reverse engineered – they wouldn’t need to be a ‘backdoor,’ open to abuse. And by focusing on a device rather than a specific app, the displacement effect, so obvious in focusing government efforts on just What’s App or Telegram, would not apply.

In theory then, this model appears promising. How closely it aligns with the legislation promised by Turnbull and George Brandis last week remains to be seen. But whichever legislative model Australia pursues, its progress will be watched closely by governments across the world. And of course, by a whole host of technology and communications companies.

Recent developments suggest that underneath the techno-babble, political point scoring and counter-terrorism blame game, governments the world over are faced by a very real policy problem. Australia may prove to be the test case for a policy solution that has far reaching consequences for privacy, technological development and the future of law enforcement operations.”

Try again gents.

ENDS

Australia Is A Proxy War for the Five Eyes & Also Hogwarts

The Aussie government is pushing a Five Eyes agenda. Australia seems to have become a proxy war in the ongoing assault on privacy. They are to the Surveillance Wars what Yemen is to the Saudi-Iran ideological conflict. It is always a good idea to vary the cast but in reality they are May acolytes. A testing ground.

The amount of nonsense emanating from the encryption debate Down Under though is astonishing. If you have not been keeping up to speed with some of the recent comments down under then here is a quick recap for you:

  1. The George Brandis metadata interview;
  2. George again (36th Attorney-General for Australia) and the summary of his “over a cuppa” conversation with the GCHQ chappie on the feasibility of reading messages sent by platforms implementing end to end encryption such as WhatsApp and Signal – “Last Wednesday I met with the chief cryptographer at GCHQ … And he assured me that this was feasible.”;
  3. Malcolm Turnbull (the Prime Minister) and his alternative theory on the exceptional laws that govern Australian reality “Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only laws that applies in Australia is the law of Australia”;
  4. And a much more eloquent articulation by Troy Hunt of the whole phenomenon “Firstly, a quick apology from Australia: we’re sorry. Look, our Prime Minister and Attorney General didn’t try to launch us onto the World Encryption Comedy Stage but unfortunately, here we are.

In an effort to find something of the same equivalence on the stupidity index as 1-3 above I chose to google “Harry Potter and places where the laws of mathematics do not apply, excluding Australia and Hogwarts”.

One of the things that I found in the search results was the perfectly reasonably comment by a HP fan on a Reddit forum that “Gamp’s Laws of Transfiguration and the Fundamental Laws of Magic spring to mind, they’re pretty much what you can and can’t do with magic. They’re a lot like Newton’s Laws in that they both deal with nature.

This guy really meant it and so did the other guys he was chatting with. They all really, really believed or rather really, really wanted to believe that it was all real and true and factual.

Just like Brandis and Turnbull believe.

Totally lost in a universe of their own creation where mathematics and people work differently.

And then I found a scholarly dissertation by Shevaun Donelli O’Connell of Indiana University of Pennsylvania titled “Harry Potter and the Order of the Metatext: A Study of Nonfiction Fan Compositions and Disciplinary Writing

” which said on P.24 that “I already knew that Harry Potter was an important part of my relationships with my family and friends, but increasingly I realized that Harry Potter metaphors and analogies were working their way into my thinking and teaching about writing.“.

And there it was. The struggle is real. It seems many, many people are having trouble distinguishing fantasy from reality.

Christ help us when VRSNs arrive on the scene.

ENDS