Category Archives: Regulatory matters

USsenate2

Shhh… US Senate Vote Falls Short of Curbing NSA Surveillance

It’s a fitting scene from the classic movie Gone with the Wind with the famous closing quote “Frankly, my dear, I don’t give a damn”.

The US Senate vote on the USA Freedom Act Tuesday night to rein in the NSA spying power came shy of just 2 votes of the 60 needed to take up the legislation, which would have otherwise stopped the controversial phone record metadata collection by the NSA

Any hope will now hinge on June next year as the legal grounds for the NSA phone snooping, as revealed by the Snowden revelations, under the Patriot Act will then expire – which means the NSA would require then new legislation to justify their access to these mass data.

AfriLeaks

Shhh… WikiLeaks’ Cousin AfriLeaks – A New Anonymous Whistleblowing & Open Data Platform for Africa

AfriLeaks, a brand new anonymous whistleblowing platform, will be launched end November but unlike the renowned and established WikiLeaks, this African cousin will not be releasing secret information directly to the public.

“[AfriLeaks will] provide a secure tool for connectivity between the whistleblowers and the media who then investigate the substance and character of the leak,” according to Khadija Sharife of the African Network of Centers for Investigative Reporting (ANCIR) – the organization that will host the platform – in a Deutsche Welle report earlier this week

According to Deustche Welle, unlike WikiLeaks’ aim to publish and disclose information, “AfriLeaks will be there to provide leads for stories to media and research organizations. The new platform will allow whistleblowers to choose the media or research organization to which they want to send the information”.

Assange-Bio

WikiLeaks founder Julian Assange may be smiling. According to a biography (above), Assange described “going to Africa and testing my ground” in the early days of WikiLeaks where one of the very first story his whistleblowing platform broke was on Kenya – which was then fed to The Guardian who ran “The Looting of Kenya” as a front-page story. The article was subsequently picked up by the Kenyan media.

“From our point of view, the leak supported the idea that oppressed media organizations could suddenly be freed when a story that mattered to them – and which they couldn’t reveal on their own – was given legitimacy and the oxygen of international exposure first,” according to the book.

“We kept at it, kept publishing stuff that the African papers were too frightened to publish…”

FacialRecognition

Shhh… US Federal Judge Calls for Scrutiny of FBI’s Facial Recognition System

A federal judge, US District Judge Tanya Chutkan, ruled last week that the FBI’s futuristic facial-recognition database requires scrutiny from open-government advocates because of the size and scope of the surveillance technology as well as privacy concerns – see story below.

Quick background: The FBI announced in late September its US$1 billion facial recognition program – the Next Generation Identification (NGI) System – was finally up and running. In development since at least 2008, “the NGI System was developed to expand the Bureau’s biometric identification capabilities, ultimately replacing the FBI’s Integrated Automated Fingerprint Identification System (IAFIS) in addition to adding new services and capabilities”.

Privacy groups are concerned that the NGI System becomes invasive by collecting images of people suspected of no wrongdoing.

Federal Judge Says Public Has a Right to Know About FBI’s Facial Recognition Database

By Dustin Volz National Journal November 7, 2014

A federal judge has ruled that the FBI’s futuristic facial-recognition database is deserving of scrutiny from open-government advocates because of the size and scope of the surveillance technology.

U.S. District Judge Tanya Chutkan said the bureau’s Next Generation Identification program represents a “significant public interest” due to concerns regarding its potential impact on privacy rights and should be subject to rigorous transparency oversight.

“There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered,” Chutkan wrote in an opinion released late Wednesday.

Her ruling validated a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center that last year made a 2010 government report on the database public and awarded the group nearly $20,000 in attorneys’ fees. That government report revealed the FBI’s facial-recognition technology could fail up to 20 percent of the time. Privacy groups believe that failure rate may be even higher, as a search can be considered successful if the correct suspect is listed within the top 50 candidates.

“The opinion strongly supports the work of open-government organizations and validates their focus on trying to inform the public about government surveillance programs,” said Jeramie Scott, national security counsel with EPIC.

Privacy groups, including EPIC, have long assailed Next Generation Identification, which they argue could be used as an invasive means of tracking that collects images of people suspected of no wrongdoing. The program—a biometric database that includes iris scans and palm prints along with facial recognition—became “fully operational” this summer, despite not undergoing an internal review, known as a Privacy Impact Assessment, since 2008. Government officials have repeatedly pledged they would complete a new privacy audit.

FBI Director James Comey has told Congress that the database would not collect or store photos of ordinary citizens, and instead is designed to “find bad guys by matching pictures to mug shots.” But privacy groups contend that the images could be shared among the FBI and other agencies, including the National Security Agency, and even with state motor-vehicle departments.

In his testimony, given in June, Comey did not completely refute that database information could potentially be shared with states, however.

Government use of facial-recognition technology has undergone increasing scrutiny in recent years, as systems once thought to exist only in science fiction movies have become reality. TheNew York Times reported on leaks from Edward Snowden revealing that the NSA intercepts “millions of images per day” across the Internet as part of an intelligence-gathering program that includes a daily cache of some 55,000 “facial-recognition quality images.”

The Justice Department did not immediately return a request for comment regarding whether it will appeal Chutkan’s decision.

FBIdoc-OpOnymous

Shhh… Counting the Costs of FBI’s Operation Onymous

Op-Onymous

The FBI announced last week that law enforcement agencies including the bureau, the Department of Homeland Security and Europol have arrested 26-year old San Francisco resident Blake Benthall (below) who was allegedly the operator and administrator – under the handle “Defcon” – of the online drugs marketplace Silk Road 2.0, just a year after the original Silk Road’s alleged mastermind, Russ Ulbricht, was also arrested in San Francisco.

BlakeBenthall

According to related court documents, Benthall was charged last Friday with narcotics trafficking, as well as conspiracy charges related to money laundering, computer hacking, and trafficking in fraudulent identification documents – which Benthall reportedly “admitted to everything”.

“The website [Silk Road 2.0] has operated on the “Tor” network, a special network of computers on the Internet, distributed around the world, designed to conceal the true IP addresses of the computers on the network and thereby the identities of the network’s users,” according to the FBI.

The globally coordinated effort involving 17 nations dubbed Operation Onymous – obviously as opposed to the “anonymous” Tor network – has reportedly led to 17 arrests and a seizure of more than 400 “hidden services” and darknet domains, $1 million in bitcoins, $250,000 in cash plus a variety of drugs, gold and silver.

It later emerged there were actually just over 27 sites seized – including Silk Road 2.0 – instead of more than 400 as initially reported: the FBI spokesperson David Berman later clarified the 400 URLs amounted only to a dozen or so sites.

However, several pertinent questions surfaced:

- Is Tor still safe given the FBI has obviously broken (how?) into it?

- Is the world really a safer place after the FBI shut down a major “darknet” marketplace? What makes the authorities rule out the emergence of a more secure, bigger and effective Silk Road 3.0? (The FBI said in its press release that “Those looking to follow in the footsteps of alleged cyber-criminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don’t get tired.”)

- How much of taxpayers’ monies were spent to make these 17 arrests in 17 nations with this global operation?

Blackberry-Encryption

Shhh… Former NSA Attorney: Encryption Behind Blackberry’s Demise & Warning to Apple and Google

The authorities hate smartphone encryption and it shows. And they’re in concerted efforts to wage a war against it.

In echoing the recent messages from FBI director James Comey and GCHQ chief Robert Hannigan, former NSA general counsel Stewart Baker told the Web Summit audience in Dublin earlier this week that the moves by Google and Apple and others to encrypt user data was more hostile to western intelligence gathering than to surveillance by China or Russia.

In a conversation with Guardian special projects editor James Ball, Baker used Blackberry as an example:

Encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now – that has not ended well for Blackberry,” said Baker.

He claimed that by encrypting user data Blackberry had limited its business in countries that demand oversight of communication data, such as India and the UAE and got a bad reception in China and Russia. “They restricted their own ability to sell. We have a tendency to think that once the cyberwar is won in the US that that is the end of it – but that is the easiest war to swim.”

Baker said the market for absolute encryption was very small, and that few companies wanted all their employees’ data to be completely protected. “There’s a very comfortable techno-libertarian culture where you think you’re doing the right thing,” said Baker.

“But I’ve worked with these companies and as soon as they get a law enforcement request no matter how liberal or enlightened they think they are, sooner to later they find some crime that is so loathsome they will do anything to find that person and identify them so they can be punished.

This latest anti-encryption blabbing drew quick defense from Blackberry COO Marty Beard, who found Baker’s remarks “don’t make any sense”.

“Security is a topic that’s increasing in importance,” Beard told the audience at FedScoop’s FedTalks event Thursday. “It’s the reason that all G7 countries and the G20 work with BlackBerry.

“We just see it growing in importance. The increasing cybersecurity threats are exploding, security across all [technology] layers is critical.”

SeattleTimes

Shhh… FBI’s Mock-Up As Newspaper to Hack Suspect’s Computer

Previously on Shhh-cretly, we reported how the FBI could legally impersonate someone’s identity to create a phony Facebook account in that person’s name without that person’s knowledge in order to reach out to suspected criminals – and separately the NSA also disguised itself as Facebook servers in order to gain access to the computers of intelligence targets.

Well the buck doesn’t stop there. It turned out that the FBI, in the spirits of catching suspects, was also involved in planting fake news stories: The editor of The Seattle Times found out only last week that the FBI made a mock-up of the publication’s website in 2007 in order to spread spyware onto the computer of a suspect.

The FBI is reportedly defending its right to rely on such tactics to prevent “possible act of violence” – and let’s not forget FBI director James Comey is not impressed with Apple and Google phones being “too secure” and he’s been busy making his rounds pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption so that the bureau can access those devices, in the namesake of law enforcement of course.

Or do you think the bureau has gone well overboard and beyond its restraints?

Right2Bforgotten

Shhh… The BBC “Forgotten” List (& Forgotten Company Directors?)

The BBC plans to publish a regularly updated list of articles removed from the search engine Google following the controversial “right to be forgotten rule”.

Google has so far received some 153,000 requests which have involved about half a million different link and 40 percent of these links have been removed. However, according to associate professor David Glance, director of the Center for Software Practice at the University of Western Australia:

… there is a great deal of concern about the sorts of things that are being removed. So, for example, information about former company directors have been removed. So various people are now asking for that type of information to be restored because it’s part of the public record and important information when you are considering the effectiveness or the background of a company or the directors.”

Comey-FBI

Shhh… FBI’s Comey Hints Action Against Apple & Google Over Encryption

The FBI director James Comey has been busy making his rounds pressurizing the Congress to force Apple and Google to do away with their new default smartphone encryption.

“Perhaps it’s time to suggest that the post-Snowden pendulum has swung too far in one direction — in a direction of fear and mistrust,” Comey reportedly told the Brookings Institution in a speech last week, where he hinted that the administration might consider new laws and regulations to force companies to offer the government some ways to unlock personal data stored on the phones, such as photos, videos, emails, messages and contacts list “so that those of us in law enforcement, national security and public safety can continue to do the job you have entrusted us to do, in the way you would want us to.”

Here are some video clips to amplify his views on the subject:

Google-JapanDoraemon

Shhh… Japan’s “Forget” Ruling on Google

The Tokyo District Court ordered Google Japan last Thursday to follow Europe’s recent “right to be forgotten” ruling and remove the search results of a Japanese man’s past relations with a criminal organization following his complaint of violation into his privacy.

According to the judge preceding the case, some of the Google results “infringe personal rights” and had harmed the plaintiff.

The European Court of Justice ruled in May that anyone living in the European Union and Europeans living outside the region could ask search engines to remove links if they believed the online contents breached their right to privacy and are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed.”

But despite the uproar and headlines in the aftermath, the dirty little secret is that nothing has really changed. What Google has effectively done is to remove results from name search of those names approved to be deleted but only on its European websites. The same results remain on the Google US homepage and all its non-European sites.

Furthermore, Google is only removing the results but not the links. Its European sites may have deleted the results for a search on a specific name but a search for the same name accompanied by other key words may still churn out the same results.

In an earlier Shhh-cretly column, I explained with examples why there is a limit on the extent of privacy and any attempt to manually and selectively remove the Google search contents, successful or otherwise, is like playing God.

CitizenB-NGF

Shhh-cretly Featured in “Citizen B”: A Documentary on Surveillance & Privacy

Shhh-cretly was interviewed by renowned and award-winning director Werner Boote, who was in Hong Kong with his Austrian crew this week to film Citizen B, a 90-minute documentary on surveillance and privacy to be released in 2015.

IMG_20141009_161005

IMG_20141009_161920

CitizenB

CitizenB2

CarmenSegarra

Shhh… The Secret Tapes of Goldman Sachs by Carmen Segarra

In what could be equivalent to a nuclear bomb on Wall Street, former New York Federal Reserve Examiner Carmen Segarra has released some 46 hours worth of voice recordings, secretly taped with a small recorder on her keychain in 2012, that purportedly show bank regulators going soft and cozy with banking giant Goldman Sachs at a time when the New York Fed was expected to become a stronger regulator after the financial crisis of 2008.

To demonstrate a case in point from the recordings: “We’re looking at a transaction that’s legal but shady,” according to a New York Fed staffer in reference to a proposed Goldman Sachs financial transaction.

The secret recordings – released to both a reporter for ProPublica and radio program This American Life – show an unwillingness among some Fed supervisors to both demand specific information from Goldman about a transaction with Banco Santander and to strongly criticize what Segarra concluded was the lack of an appropriate conflict-of-interest policy at Goldman.

Segarra, who later suited the New York Fed for wrongful termination after her refusal to alter a critical examination of Goldman’s legal and compliance units, said her colleagues were too soft on those kinds of transactions and the banking industry in general.

Europe’s Ruling on Google: Much Ado About Nothing

Europe’s Ruling on Google: Much Ado About Nothing

Forget-me-not

“More than once, I’ve wished my real life had a delete key.” – Harlan Coben, American novelist.

If that sounds familiar, it has now become a reality but with reasons for concern – it has been two months since the controversial European “right to be forgotten” ruling. The irony is that nothing has actually changed fundamentally despite all the subsequent hoo-hah.

Let’s not forget the internet was originally designed to exchange raw data between researchers and scientists. Any attempt to manually and selectively remove the contents, successful or otherwise, is like playing God – much worse when Google decides what to delete.

I have listed an example to illustrate the lessons to be learned and price to be paid – of a somewhat similar attempt and the implications on the society at large.

You can find the entire column here.

Post-Snowden, the US Reaps a Security Whirlwind

Post-Snowden, the US Reaps a Security Whirlwind

From China with Love

It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.

There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.

Snowden said his biggest fear is that nothing would change following his bold decision a year ago.

You can find the entire column here.

The Growing Hacker Epidemic

Time for Standardized Data Breach Law

The latest hack on Bitcoin exchange Mt.Gox, leading to its sudden bankruptcy late February, and the spate of recent cyber-attacks have prompted warnings of a wave of serious cybercrimes ahead as hackers continue to breach the antiquated payment systems of companies like many top retailers.

Stock exchange regulators like the American SEC have rules for disclosures when company database were hacked but the general public is often at the mercy of private companies less inclined or compelled to raise red flags.

The private sector, policymakers and regulators have been slow to respond and address the increasing threats and sophistication of cybercriminals – only 11 percent of companies adopt industry-standard security measures, leaving our personal data highly vulnerable.

Time for a standardized data breach law?

Find out more from my latest column posted here and there.

The Perilous Job of Auditing China

Sometimes Auditors Have to Flee for Their Lives

Who should be most afraid of auditing in China – a US examiner, the Chinese regulators or the companies being audited? Pick those doing the examining. For all of the accounting profession’s image as a dull and boring occupation, in China it isn’t. Sometimes it can be downright dangerous.

You can find the entire column here.

Tinker Data Bankers Spies

Hong Kong Tightens Rules on IPOs – The Territory Gets Tough on Regulating Domestic and International New Listings

Starting Oct. 1, in a worst-case scenario, bankers and listing professionals could be put behind bars for their role in public listings in Hong Kong, up till recently a top capital-raising center and magnet for initial public offerings from Chinese companies. To top it off, the current clampdown on data and corporate investigations in mainland China further complicates the situation.

The controversy stems from measures announced by the Hong Kong Securities and Futures Commission in December 2012 to step up the regulatory regime for listing sponsors, including clarifications of their liabilities – up to civil and criminal liabilities – to be put into effect Oct. 1 this year, and will apply to all public listings filed from that date. These measures supplement the new listing rules previously announced by The Stock Exchange of Hong Kong to promote more extensive and thorough due diligence of listing candidates.

You can find the entire column here and there.

The Demise of the Cloud

NSA Snooping Compromises the Cloud Computing Industry

Facebook CEO Mark Zuckerberg complained last week that trust in social networks and Internet companies has dived ever since cyber snooping and spying activities by the US National Security Agency began to make global headlines earlier this year.

It is no surprise. In fact, as fugitive former NSA operative Edward Snowden pointed out, the encryption system adopted by the International Organization for Standardization and its 163 member countries were actually written by the NSA, convincing proof that online platforms being used by Internet companies and the commercial world, including banks, could in fact be easily compromised by the NSA.

In other words, the NSA designed their own secret back door into the global encryption system for their convenience. So until the encryption system has been overhauled and taken away from NSA’s control, no server and no cloud service provider is secure enough to be entrusted with any confidential data.

So why then are blindly trusting companies still moving ever more data into the cloud and onto servers, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances, etc., is available to the US snoops?

You can find the entire column here.

For Whom the Whistle Blows

That Whistle Could Have You Behind Bars

For Whom the Bell Tolls was a 1940 novel by Ernest Hemingway about an American in the International Brigades who blows up a bridge during the Spanish Civil War with death the ultimate sacrifice.

But what about For Whom The Whistle Blows? That informs the current debate about Bradley Manning and Edward Snowden, two Americans who risked their lives by leaking documents on US foreign policy and covert cyber-snooping activities during the US war on terrorism. Are they prisoners – one in a US army stockade and the other in exile in Moscow – of conscience?

In contrast to the contemptuous labels and espionage charges the US government slapped on the two, one a US Army private first class and the other a former government intelligence contractor, both claimed their motive was to spark public debate and promote greater transparency in US government conduct. Whistle-blowers in general have all along been quite rightly championed and heralded by the authorities, media and the general public – at least by those whose oxen are not being gored from the revelations. Such are the dichotomies of modern history.

You can find the entire column here and there.

The Importance of Being Eliot

The Former Sheriff of Wall Street is Back

Wall Street – and some of Asia’s markets as well – should really panic if New York’s voters give Eliot Spitzer (again) to troll through corporate records looking for wrongdoing – and if the name Jesse M. Unruh rings a bell.

Spitzer, the disgraced former New York governor and attorney general best remembered for his forced resignation five years ago after being revealed as “client #9″ in the wake of a prostitution scandal, announced last week his return to the political spotlight by running for office – as the New York City Comptroller.

One would be forgiven for thinking the Harvard-trained lawyer – once considered in some quarters to be on his way to the White House – has gone low and cheap to run for a backwater auditing office best associated with pallid career politicians. But no, Spitzer the corporate scourge has other ideas.

You can find the entire column here.

Was Edward Snowden A Spy?

Or was Dick Cheney looking for a cheap excuse to play politics?

Edward Snowden with his sudden departure from Hong Kong for Moscow and eventually elsewhere, possibly a country hostile to the US, would reignite the question if he’s a spy or double agent.

But the allegations made last week by former US vice president Dick Cheney that the National Security Agency whistle-blower Edward Snowden could be a spy for China is off track, and he knows it, and are a deliberate public distraction as the Obama administration searches for scapegoats in the midst of defending the NSA surveillance programs with their one and only trump card.

Snowden left with his passport annulled, a warrant on his head plus criminal charges of espionage, theft and communicating classified intelligence to unauthorized persons.

But here is the dichotomy: While the corporate world is still coping with US regulations on better corporate governance practices, where does the notion of whistleblowing stand right now?

Please read the entire column here.

Big Brother, Big Pharma

The US tries to cut off a lifeline for low-cost pharmaceuticals

The issue of parallel trading seems to have reached the United States, where the US Justice Department has begun demanding that the two largest American couriers, FedEx and UPS, open and report on the contents in the sealed packages of their customers or face criminal charges.

At stake is the delivery of prescription medicines from online pharmacies to customers, according to a report last week by the online news portal WND. FedEx and UPS disclosed last November that they are targets of a federal criminal investigation related to their dealings with online pharmacies.

Please read full column here and there.

The Genesis of Hong Kong´s Company Law Fuss

The Companies Ordinance review has been years in the making

A recent hotly debated topic in Hong Kong relates to the government’s attempt to rewrite the Companies Ordinance, spurred largely by the sudden public realization that the resulting new Companies Bill was already passed in the local legislature without much media attention and the rude awakening to the subsequent impacts.

Much of the current media focus and public debates have been placed on only one aspect of the many proposed changes: to withhold from the public parts of the identification numbers and details of the residential addresses of company directors found in the Hong Kong company registration records.

The lightning rod for public concern has struck many a wrong cord, including outcries about the suppression of transparency and apprehension over possible government submission to China’s will.

This column looks at the roots of the situation and puts the fuss in perspective.

Please read full article here.

Hong Kong Considers Freedom of Information Act

While Attempting to Suppress Transparency

Paradoxically, even as the Hong Kong government is proposing far-reaching changes to the Companies Ordinance that would bring due diligence and investigations to a stop, officials are also quietly studying the possibility of introducing a Freedom of Information Act.

If that seems a contradiction, that’s because it is.

The Companies Ordinance amendments, either missed or ignored by the mainstream media when it was passed through the legislature earlier last year, will result in withholding from the public parts of the identification numbers and details of the residential addresses of company directors found in the Hong Kong company registration records – the very thing a freedom of information act is designed to facilitate.

Please read the full column here.