Increasing Understanding of Technology and Communication

Facebook & Google Battle Latest FBI Challenge

Latest-FBI-Attempt

Now the FBI wants access to your web browsing history as they continue efforts to expand surveillance. The FBI and Silicon Valley are in a fight over whether web browsing records are the same as telephone bill records.

The latest surveillance battle gripping the technology industry is focused on a rewrite of US surveillance law that would mean the justice department would be able to access a citizen’s web browsing history, location data and some email records without approval from a judge using a so-called “national security letters” (NSLs).

The FBI contends that such data is covered implicitly under current statute, which was written years ago and only explicitly covers data normally associated with telephone records.

Director James Comey now is lobbying Congress to make clear it also applies to the digital equivalent.

Late on Monday, major technology companies including Google, Facebook and Yahoo sent a letter warning Congress that they would oppose any efforts to rewrite law in the FBI’s favor.

“This expansion of the NSL statute has been characterized by some government officials as merely fixing a ‘typo’ in the law,” the companies wrote. “In reality, however, it would dramatically expand the ability of the FBI to get sensitive information about users’ online activities without court oversight.”

It marks another battle over a small clause in federal law that could dramatically affect how the US conducts terrorism investigations. For years, the bureau has relied on the controversial national security letters to obtain certain types of data quickly from technology companies. These letters don’t require a warrant and often come with a gag order prohibiting the recipients from discussing them. Technology companies complain the FBI has become too reliant on them, but the FBI complains that cases are getting slowed down because some companies have stopped cooperating.

It’s not so much that technology companies don’t want to give any user data to the government. Rather, their legal teams have problems with the growth of national security letters because the accompanying gag orders prevent companies from telling users much about how they help the government. This can create mistrust and, as happened after the Edward Snowden leaks, eventual embarrassment if the details are disclosed.

Companies also argue NSLs are problematic because of the lack of judicial oversight. They give too much power to one branch of government, they argue, and make it hard to predict what the government may ask for next.

Comey has said expanding NSL rules is one of his agencies top legislative priorities. US senators are exploring multiple ways to pass the law tweak this year.

Technology and legal experts also dispute Comey’s argument that he effectively is asking Congress to correct a typo. In 2008, the justice department’s office of legal counsel said explicitly that the agency can only issue national security letters for “name, address, length of service, and local and long distance toll billing records”.

At the time, the government had asked DoJ’s lawyer if those four types of data are “exhaustive or merely illustrative of the information that the FBI may request and a provider may turn over”.

To which the office of legal counsel responded: “We conclude that the list ... is exhaustive.”

Read Article (Danny Yadron | theguardian.com | 06/07/2016)

How important is your browsing history to the law? Federal Prosecutors have Claimed that Clearing Browser History is an Obstruction of Justice. Negligent Mom’s Browser History Admissible in court.

Knowing how to fully utilize the constantly evolving devices that connect to it and the Internet itself, is an issue just as important as Internet access if not more.  Our instructional webinars are the long-term solution for addressing device usage, and we need your support.

Master Level High-Tech Webinars

Dark Web Warns of Medical Records Hacking

Dark-Web-Warns

NEW YORK — You just don’t hear this everyday: “I invented the ‘dark web.” But for Paul Syverson, co-creator of the Tor web browser, the claim is true.

Syverson stood in front of journalists and tech professionals Thursday, making this declaration in an airy room tucked away on the second floor of Manhattan’s Museum of Jewish Heritage. Sunlight poured in through the windows. Outside, tour boats swished through the Hudson River.

This was truly an odd setting for an “Inside the Dark Web“ conference, with talk about cybercrime and anonymized “onion routing“ on the Internet. But any daydreaming about the nice weather was halted toward the end of Syverson’s keynote, when he mentioned an emerging threat to people’s online privacy.

“Medical identity theft is poised to take over as the primary form of identity theft,” Syverson said.

It’s already a big problem. More than 155 million Americans have potentially had their medical data exposed in the last six years alone, the Brookings Institution says. That’s largely because hospitals and other organizations aren’t doing their part to secure patients’ data. But individuals are increasingly using online health care services, which means they’re responsible in part for making sure their connections are secure.

Tor can help with that. The service’s downloadable software routes online traffic in a way that helps users stay anonymous when navigating the Internet. It’s thus helped create a “dark web,” a network of sites that are inaccessible via Google Search, say.

Syverson spent much of his talk explaining the technology that makes Tor work, but he mentioned identity theft to illustrate why the browser is increasingly relevant to anyone with an online presence.

People who know how to use the service can avoid being tracked by bad actors, protect themselves from government surveillance and so on. Syverson compares Tor to encryption — a once controversial security measure that’s commonplace today: Roughly 15 years ago, before cyberattacks and massive data dumps seemed like weekly occurrences, people tended to be skeptical about the necessity of encrypting information online. Many people today are similarly dubious about the need for a service like Tor, Syverson said.

“Back then, if you were encrypting your website, people were like, ‘Oh, what do you have to hide?’ And now it’s recognized as a fundamental enabler of eCommerce,” he added.

Syverson referenced a health care NGO that is developing a site on the dark web for “anonymous online drug tests, anonymous online health services, anonymous online chat, anonymous research questionnaires for health.” He wouldn’t name it because the project is still in development, but the takeaway was clear: In the era of mass online communication, anonymous browsing can be responsible browsing. You obviously wouldn’t want a hacker to access your medical records, after all.

Of course, anonymous browsing and the dark web are infamous for enabling crime, as well.

“There are bad guys that use this, too, just like there are bad guys that use cell phones, hammers and lots of other things,” Syverson said.

Asked by The Huffington Post whether Tor and the dark web should be more accessible for the average person, he offered a shrug.

“It’s not hard at all. It’s drag and drop, click ‘download’ — and it runs on your computer,” Syverson said.

If you’re curious, try it for yourself.

Read Article (Damon Beres | huffingtonpost.com | 05/12/2016)

If the medical community didn’t have their heads so far up the cloud, hacking of medical records wouldn’t be so prevalent. (Insanity: Doing the same thing over and over again and expecting different results.) The cloud is not secure!

Technology is advancing at an exponential rate, inevitably the day will come when even millennials will be unfamiliar with the latest technology.  It’s up to each individual to get a little Tech-savvy for their own wellbeing and that of their loved ones.

When hacking occurs no business is a victim, only people can be a victim.” One day, all individuals will be using the Tor.

Master Level High-Tech Webinars

The Training of IBM Watson to Hunt Hackers

Watson-to-Hunt-Hackers

Watson, IBM's computer brain, has a lot of talents. It mastered "Jeopardy!," it cooks, plays chess, and even tries to cure cancer. But now, it’s training for a new challenge: Hunting hackers.

On Tuesday, IBM Security announced a new cloud-based version of the cognitive technology, dubbed “Watson for Cybersecurity.” In the fall, IBM will be partnering with eight universities to help get Watson up to speed by flooding it with security reports and data.

The plan as of now is for Watson to process up to 15,000 documents about digital security a month -- including everything from blog posts to videos -- so that it can get a feel for the sometimes esoteric terminology of the cybersecurity world.

Students at the partnered universities will help with that by initially annotating documents so that Watson will be able to interpret the material on its own down the line.

The end goal is a big data approach to cybersecurity that will have Watson automatically scour vast troves of security research at a rate human operators couldn't possibly manage to investigate when something fishy hits a victim’s computer systems.

"It's automating the hunt,” explained Caleb Barlow, vice president for IBM Security.

Right now, security practitioners are overwhelmed with a flood of alerts about possible threats to their networks, according to Barlow. “They can't sift through all the data that's coming at them -- many of which are false positives,” he said.

According to one 2015 report from the Ponemon Institute, more than half of the time security staff spends investigating malware alerts is wasted on inaccurate intelligence or false alarms -- costing organizations $25,000 per week on average.

That's where Watson can help. Watson won't necessarily replace those staffers, according to Barlow. Instead, the system could help them prioritize the almost never-ending flow of alerts heading their way -- hopefully shutting down potential attacks faster and putting others on the alert.

"When we can stop an attack early on and then tell everyone else, we don't only block it -- we're also playing offense by stopping the bad guys from attacking anyone else," said Barlow.

Barlow also said that the company's relationships with universities could help train up more human talent to fend off attackers.

The University of Maryland Baltimore County, for instance, is creating a new Accelerated Cognitive Cybersecurity Laboratory via a partnership with IBM this fall. The lab will focus on using machine learning and systems like Watson to solve cybersecurity problems.

UMBC is also one of the universities that will help train Watson this fall, along with the Massachusetts Institute of Technology, California State Polytechnic University Pomona, Pennsylvania State University, New York University, the University of New Brunswick, the University of Ottawa and the University of Waterloo.

Read Article (Andrea Peterson | washingtonpost.com | 05/10/2016)

There is no doubt that Watson is capable of engaging this task, the question is “will it actually be configured and released on hackers?”.

Meanwhile, there are still millions struggling with digital literacy that have no idea of Watson’s capabilities. Our instructional webinars are the long-term solution for addressing device usage, and we need your support.

Master Level High-Tech Webinars

Microsoft Finally Stands up Too Hackers

Microsoft-and-Hackers

For years Microsoft has been known as, amongst other things, an easy target for hackers.  Products were so infested with vulnerabilities that Bill Gates once ordered all engineers to stop writing code for a month and focus this time to fix bugs in software they had already built.

But, Microsoft seems to have cleaned up its act, they’ve even impressed security specialists like Mikko Hypponen, chief research officer for F-Secure who used to cringe at Microsoft’s development practices.  Mr. Hypponen said, “They’ve changed themselves from worst in class to best in class.  The change is complete. They started talking security very seriously.”

Still, online hacking has become even more startling, such as the theft of personal data from millions of Target customers and terabytes of private emails from Sony Pictures Entertainment (both companies use Microsoft products).  Even though Microsoft hasn’t been blamed for allowing these attacks, critics insist that the tech giant should do even more to make digital systems resistant to breaches.

Soon after becoming Microsoft’s chief executive in February 2014, Satya Nadella instituted a monthly meeting with security leaders from across the company.  The meet to discuss industry trends and analyze threats.  Microsoft’s security managers are now moving into the same facility after being scattered around the company’s campus in the Seattle suburb.

There are still plenty of bugs being discovered in Microsoft’s code. But some of the fears about the security of their programs have gradually subsided.

There is no doubt that Microsoft has made preventing hackers a priority.  The latest version of their operating system, Windows 10, has a feature called Windows Hello that allows people to log into a PC with a scan of their finger, iris or face instead of using a password –weak passwords are a common cause of data breaches.

Read Article (Nick Wingfield | nytimes.com | 11/17/2015)

Microsoft should have addressed their coding vulnerabilities long ago, focusing for a month definitely isn’t enough. Their development process should have included a task element that addressed these issues.

Master Level High-Tech Webinars