Comments on: If You Can’t See It, It Can’t See You http://philosecurity.org/2010/02/01/if-you-cant-see-it-it-cant-see-you Mon, 13 Feb 2012 22:08:27 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Z. Constantine http://philosecurity.org/2010/02/01/if-you-cant-see-it-it-cant-see-you/comment-page-1#comment-5765 Z. Constantine Mon, 08 Feb 2010 11:07:59 +0000 http://philosecurity.org/?p=3024#comment-5765 I'd love to see a few well-designed and presented "exposés" appropriate for distribution to the not-so-savvy Internet user... One idea: Analysis and explanation of all TCP/IP traffic occurring in the background (i.e. not explicitly requested and invisible to the unobservant) when booting up, loading up a popular web browser, visiting a popular social networking site, etc. (... and follow that up with explanations of where personal data is "leaking" or a security vulnerability exists at each step) It is certainly hard to convince people of a threat which they do not comprehend, however, it is equally important to present a solution or suggestion toward user empowerment - most people choose to ignore threats they feel powerless against (and that may be why so many choose not to comprehend what is going on in the first place). I’d love to see a few well-designed and presented “exposés” appropriate for distribution to the not-so-savvy Internet user…

One idea: Analysis and explanation of all TCP/IP traffic occurring in the background (i.e. not explicitly requested and invisible to the unobservant) when booting up, loading up a popular web browser, visiting a popular social networking site, etc. (… and follow that up with explanations of where personal data is “leaking” or a security vulnerability exists at each step)

It is certainly hard to convince people of a threat which they do not comprehend, however, it is equally important to present a solution or suggestion toward user empowerment – most people choose to ignore threats they feel powerless against (and that may be why so many choose not to comprehend what is going on in the first place).

]]> By: uk visas http://philosecurity.org/2010/02/01/if-you-cant-see-it-it-cant-see-you/comment-page-1#comment-5757 uk visas Tue, 02 Feb 2010 12:34:47 +0000 http://philosecurity.org/?p=3024#comment-5757 Hi Sherri I've nothing to add right now but I think it's very important for people to understand, and engage with the debate, on internet surveillance. So I've Tweeted it and asked someone close who works in IT security and has more followers than I do to do likewise. Listeners of the RSA's podcast - Speaking of Security - will be aware of Joseph Menn's views on the criminal fraternity investing heavily on snooping on us - http://www.josephmenn.com/other_keystroke_betray_you.php Bruce Schneier also makes valid points: "Google's system isn't unique. Democratic governments around the world -- in Sweden, Canada and the UK, for example -- are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell. Many are also passing data retention laws, forcing companies to retain information on their customers. In the U.S., the 1994 Communications Assistance for Law Enforcement Act required phone companies to facilitate FBI eavesdropping, and since 2001, the National Security Agency has built substantial eavesdropping systems with the help of those phone companies. Systems like these invite misuse: criminal appropriation, government abuse and stretching by everyone possible to apply to situations that are applicable only by the most tortuous logic. The FBI illegally wiretapped the phones of Americans, often falsely invoking terrorism emergencies, 3,500 times between 2002 and 2006 without a warrant. Internet surveillance and control will be no different." http://www.schneier.com/blog/archives/2010/01/me_on_chinese_h.html I hope it all adds to the debate... Hi Sherri
I’ve nothing to add right now but I think it’s very important for people to understand, and engage with the debate, on internet surveillance.
So I’ve Tweeted it and asked someone close who works in IT security and has more followers than I do to do likewise.
Listeners of the RSA’s podcast – Speaking of Security – will be aware of Joseph Menn’s views on the criminal fraternity investing heavily on snooping on us – http://www.josephmenn.com/other_keystroke_betray_you.php
Bruce Schneier also makes valid points:
“Google’s system isn’t unique. Democratic governments around the world — in Sweden, Canada and the UK, for example — are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell.

Many are also passing data retention laws, forcing companies to retain information on their customers. In the U.S., the 1994 Communications Assistance for Law Enforcement Act required phone companies to facilitate FBI eavesdropping, and since 2001, the National Security Agency has built substantial eavesdropping systems with the help of those phone companies.

Systems like these invite misuse: criminal appropriation, government abuse and stretching by everyone possible to apply to situations that are applicable only by the most tortuous logic. The FBI illegally wiretapped the phones of Americans, often falsely invoking terrorism emergencies, 3,500 times between 2002 and 2006 without a warrant. Internet surveillance and control will be no different.”
http://www.schneier.com/blog/archives/2010/01/me_on_chinese_h.html

I hope it all adds to the debate…

]]> By: The DON http://philosecurity.org/2010/02/01/if-you-cant-see-it-it-cant-see-you/comment-page-1#comment-5756 The DON Mon, 01 Feb 2010 22:36:07 +0000 http://philosecurity.org/?p=3024#comment-5756 Response to Kevin H You make a good point. One good example for people, of why they should care is: If the government is collecting all this data about its citizens, what happens when (if) a not so pleasant government comes into power (a far right organisation like the BNP (British Nationalist Party)). They would have access to all that data, and therefore know the address of all ethnic minorities residing in the country. ooops. It is not so much what the government does with this information, the concern is much more what a nefarious government could do with this information. Add into this, most governments inability to keep so-called personal information secure and it doesn't even have to be a nefarious government, just someone (group) who manages to gain access to the personal data. Response to Kevin H
You make a good point.
One good example for people, of why they should care is:
If the government is collecting all this data about its citizens, what happens when (if) a not so pleasant government comes into power (a far right organisation like the BNP (British Nationalist Party)). They would have access to all that data, and therefore know the address of all ethnic minorities residing in the country. ooops.
It is not so much what the government does with this information, the concern is much more what a nefarious government could do with this information. Add into this, most governments inability to keep so-called personal information secure and it doesn’t even have to be a nefarious government, just someone (group) who manages to gain access to the personal data.

]]> By: Kevin H http://philosecurity.org/2010/02/01/if-you-cant-see-it-it-cant-see-you/comment-page-1#comment-5755 Kevin H Mon, 01 Feb 2010 19:20:26 +0000 http://philosecurity.org/?p=3024#comment-5755 I think the main reason why people have a lacidasical attitude towards internet privacy and security is because we lack tangible examples of these nefarious plots. It is easy to come up with examples of identity theft, but they mostly rely on keyloggers, spyware, and other activities which are illegal (even if they are easier to execute than they should be). The only stories I have heard about the perils of legal online surveillance seem to be advanced marketing (which most people believe they are not susceptible to, and there fore are more likely to ignore) and online photos/blogs causing employment problems (which, isn't so much about secret surveillance, but rather about personal choice and knowledge of consequences). So, I think the cause of online security and privacy would be helped tremendously if someone were to give us some good specifics of how this surveillance hurts your average westerner who doesn't worry that the thought police will bust down their door in the middle of the night. I think the main reason why people have a lacidasical attitude towards internet privacy and security is because we lack tangible examples of these nefarious plots. It is easy to come up with examples of identity theft, but they mostly rely on keyloggers, spyware, and other activities which are illegal (even if they are easier to execute than they should be).

The only stories I have heard about the perils of legal online surveillance seem to be advanced marketing (which most people believe they are not susceptible to, and there fore are more likely to ignore) and online photos/blogs causing employment problems (which, isn’t so much about secret surveillance, but rather about personal choice and knowledge of consequences).

So, I think the cause of online security and privacy would be helped tremendously if someone were to give us some good specifics of how this surveillance hurts your average westerner who doesn’t worry that the thought police will bust down their door in the middle of the night.

]]>