Irreal

Anyone who’s been following Irreal lately is painfully aware that the NSA scandals have kicked my paranoia into hyperdrive. Still, there are limits. Apple’s recent announcement of their fingerprint reader on the iPhone 5S has provoked those poor souls even more inflicted than I into paroxysms of suspicion that the NSA is plotting to steal their fingerprints.

Fortunately, my pal Watts has an excellent post that assuages their concerns and debunks the whole foolish notion. Watts explains how the system actually works and why this really is tinfoil hat thinking. If you’re an Apple user and worried about the technology or you just want an entertaining read, head over to Coyote Tracks and enjoy.

If you want some additional technical details, which corroborate what Watts says, there’s a nice description of the technology over at Quora.

Update: have → has

If you’re a Microsoft user and at all concerned about the security of your computers, you need to read this BoingBoing story about Microsoft’s cooperation with numerous 3-letter government agencies. If ever there were an argument for open source, here it is.

I love my Apple systems and I haven’t seen much about Apple doing this sort of thing but it does give me pause. If nothing else, it makes sense to use third party (open source) applications for full disk encryption and other security measures. It’s pretty clear that it’s foolish to trust any vendor large enough to be worth the government’s attention. If this sort of thing worries you too, check out Prism Break for some alternatives.

I ended my Dinner With General Alexander post with the observation that when the Government collects data, regardless of the stated rationale, there will inevitably be mission creep that sees the data being used in new, unintended ways and that it always leads to abuse. If that sounded hyperbolic to you, consider this article from Rick Falkvinge over at Falkvinge & Co. on Infopolicy.

Sweden, in 1975, started requiring that hospitals take a blood sample from every newborn child. This was specifically to test for and track Phenylketonuria, a genetic disease that can have severe consequences. The samples were preserved to enable research into the disease. Taken is isolation, this seems like a perfectly reasonable program. Help research into a dangerous genetic disease and track those that are susceptible to it. Unfortunately, the iron law of data abuse had a perfectly predictable outcome.

As early as 1998 the police began accessing this data to facilitate investigation of criminal cases. As I’ve said before, I’m an American and view these things through American eyes but this would be blatantly illegal here. It’s very hard to compel DNA from a suspect in America. I would imagine that Europe, with its more robust privacy laws, would have similar restrictions. Yet here we are with the Government seizing DNA data from individuals who had no opportunity to object to its collection.

If the data is there, anyone with an interest in exploiting it will demand access. The only way to prevent this is to prevent the collection of the data in the first place. We are, of course, way beyond that now. Our only recourse is to demand that the Government stop collecting it and destroy what it already has.

Bruce Schneier, one our best independent security experts, has some useful advice on staying safe from NSA surveillance. He is working with the Guardian and has access to the Snowden documents so he can bring some reasoned analysis to the situation. The short story is that the math behind modern encryption is still sound and that the NSA’s reported “breakthroughs” almost certainly involve attacks on implementations, stealing or coercing the private keys of service providers, and the weakening of crypto standards.

He offers 5 things you can do to keep yourself safe. You can read his advice at the link but the TL;DR is encrypt your data and communications with open source software. The open source part is crucial given that the NSA has reportedly influenced major vendors to build in backdoors or weaknesses. Open source doesn’t provide absolute protection against this, of course, but it does make it much harder to sneak weaknesses into the system.

Schneier’s article is a good recapitulation of where we, as users and NSA targets, stand today and what steps we can take to keep our private matters private. It’s a good read. Recommended.

Glenn Greenwald’s latest article is out at the The Guardian. Despite repeated assurances that Americans’ data are respected and protected it turns out that the NSA is sharing raw intelligence including Americans’ data with Israel. As it happens, I don’t have a problem with Israel and am happy to have them as one of America’s friends. I also don’t have a problem with my pal Bob but that doesn’t mean I want to share all my private data with him. This is yet another example of how out of control the NSA is.

This may seem to be an American-centric problem but, of course, it’s not. The point to take away here is that the NSA has no respect for innocent Americans’ rights and even less for that of those from other countries. As the story at the link makes clear, the NSA’s brethren in those foreigners’ countries are only too happy to cooperate with the NSA and sell out their own citizens.

We must, all of us, insist that our governments knock it off and start respecting our right to privacy. Just whining won’t make it happen, of course, but a recent event here in the US shows us what’s possible. Whatever your feelings about gun control, a successful recall election in Colorado shows what can happen when voters feel the government is ignoring their wishes. We really need to hold our politicians’ feet to the fire and insist they put a stop to spying on their own citizens. Really, why do we even need to say this?

John Dvorak is at his hyperbolic best in this piece on the NSA. In it, he throws out red meat for those of us enraged by what the NSA is doing. His take is that the NSA sees Americans as the enemy and that those in congress—the members of the Senate Select Committee on Intelligence and the House Intelligence Committee—are responsible for this and should be thrown out of office.

I often disagree with Dvorak and frequently find him annoying but it’s hard to disagree with what he says here.

Patrick Gray over at Wired wrote an interesting article in which he posits that Tech Companies and Government May Soon Go to War Over Surveillance. His notion is that while tech companies may have been willing to accommodate the NSA or allow themselves to be pushed around before the Snowden revelations they now realize that the subsequent destruction of their users’ trust represents an existential threat. One way of regaining that trust is to put in place robust systems that make NSA surveillance difficult or impossible. By doing this now they put the government in a bind. As Gray remarks, it’s one thing to pass laws prohibiting such changes and quite another to mandate that they be removed from users’ devices It’s pretty clear that the public wouldn’t tolerate the latter.

Now, it would appear that the first shot in that war has been fired. The Washington Post is reporting that Google has accelerated its program to encrypt data as it moves between Google data centers. Before this change, data in flight between the data centers represented rare points of vulnerability. Whatever their previous transgressions, if any, it’s clear that Google is moving at speed to make their users’ data tamper-proof.

When I first read Gray’s article I was a bit skeptical that the war would come to pass. Google’s action gives me hope that maybe it will.

update: represent → represents