NSA Director Admiral Michael Rogers said at a cyber security conference in Washington DC Monday this week that the government needs to develop a “framework” so that the NSA and law enforcement agencies could read encrypted data when they need and he was immediately challenged by top security experts from the tech industry, most notably Yahoo’s chief information security officer Alex Stamos (see transcript).
This is probably the most telling moment of how US President Barack Obama is still on the wrong frequency on cyber matters…
Obama blamed the “impact on their [the tech companies] bottom lines” for the mistrust between the government and Silicon Valley in the aftermath of the Snowden revelations. These were his words, straight from the POTUSA mouth rather than reading from the scripts, in an exclusive interview with Re/code’s Kara Swisher (see video below) following the well publicized cybersecurity summit at Stanford University last Friday, when he signed an executive order to encourage the private sector to share cybersecurity threat information with other companies and the US government.
Contrast that with the high-profile speech by Apple CEO Tim Cook (see video below), who warned about “life and death” and “dire consequences” in sacrificing the right to privacy as technology companies had a duty to protect their customers.
His speech was delivered before Obama’s address to the summit – which the White House organized to foster better cooperation and the sharing of private information with Silicon Valley – best remembered for the absence of leaders from tech giants like Google, Yahoo and Facebook who gave Obama the snub amid growing tensions between Silicon Valley and the Obama administration. Heavyweights whom Obama counted as “my friends” in the Re/code interview (watch closely his expression at the 39th second of the clip above).
This is really nothing new but I’m posting it because similar “news” resurfaced again the past week.
If you’ve already bought one, the easy solution is to cover the webcam with a duct tape unless you need to use it.
This is bad news with far-reaching global implications – and it’s affecting not just only those based in China.
News has surfaced over the weekend that some foreign-based virtual private network (VPN) vendors found their services in China had been disrupted following a government crackdown – which the authorities labeled as an “upgrade” of its Internet censorship – to block the use of VPNs as a way to escape the so-called Great Firewall.
Many China-based internet users use VPNs to access external news sources but this is also bad news for companies and government offices based in China as well as anyone visiting the Chinese mainland – as many businessmen and executives use VPNs, as part of their company (and security) practice, on their business trips. Many foreigners and businesses residing in China also use VPNs for their day-to-day communications.
The VPNs provide an encrypted pipe between a computer or smartphone and an overseas server such that any communications would be channeled through the designated pipe, which effectively shield internet traffic from government filters that have set criteria on what sites can be accessed.
Find out more about this news below – And as China is fast moving beyond the “factories of the world” tag to become a global economic powerhouse and important trading partner to many developed and developing countries, this is one development to keep a close watch on.
Blackberry’s CEO John Chen in his latest blog post “Encryption Needn’t Be An Either/Or Choice Between Privacy and National Security” responded to the recent push by British Prime Minister David Cameron – endorsed by US President Barack Obama last week – to ban encrypted communications in the name of national security:
Encryption Needn’t Be An Either/Or Choice Between Privacy and National Security
In the wake of the Paris terror attacks earlier this month, U.K. Prime Minister David Cameron proposed banning encrypted communications services such as those offered by Apple, Facebook and others. President Obama partially endorsed Prime Minister Cameron’s proposal a few days later, indicating he would support banning encrypted communications services that cannot be intercepted by law enforcement and national security agencies. While there is no publicly-available evidence that encrypted communications played any role in the Paris attacks, security officials say their ability to prevent future attacks will be hindered if terrorists are able to evade surveillance using encrypted communications and messaging services.
Privacy advocates have harshly criticized the Cameron-Obama proposals, arguing that encryption is a vital tool for protecting sensitive government, corporate and personal data from hacking and other forms of cyber theft. Following the recent spate of hacking attacks against Sony, Target, Home Depot, certain celebrity users of popular but hackable smartphones, and others, these advocates argue we need more, not less encryption. Further, they argue that banning encryption will not necessarily make it easier for security agencies to surveil terror plotters; after all, the terrorists will know they are being overheard and will simply communicate in new and ever-changing forms of coded language.
Reconciling these opposing perspectives on encryption requires a reasoned approach that balances legitimate national security concerns with legitimate cyber security concerns.
Privacy is Everyone’s Concern
Our dependence on computing devices for transmitting and storing sensitive personal information has become irreversible. Billions of items of personal information including health records, bank account records, social security numbers and private photographs reside on millions of computers and in the cloud. This information is transmitted via the internet every day. The same is true for highly confidential and proprietary business information. And of course no government or law enforcement agency could function without maintaining high levels of information security.
With so much information residing on computer networks and flowing through the internet, cyber security has emerged as one of society’s uppermost concerns. Protecting private and sensitive information from hacking, intrusion and exfiltration now commands the attention not just of computer professionals, but also heads of state, CEOs, Boards of Directors, small business owners, and every individual using a computer or smartphone, and even those who never use a computing device.
Modern forms of encrypting voice and data traffic provide the best protection for highly valuable and private personal, business and government information. Rendering data unreadable to the intruder greatly diminishes the incentive to hack or steal. Banning encryption, therefore, would dramatically increase the exposure of all such information to hacking and cyber theft. Clearly that is not a viable option.
Call of Duty
On the other hand, the same encryption technology that enables protection of sensitive data can also be abused by criminals and terrorists to evade legitimate government efforts to track their data and communications. Companies offering encrypted communications thus have a duty to comply with lawful requests to provide information to security agencies monitoring would-be terrorists. Companies like BlackBerry: We’ve supported FIPS 140-2 validated encryption in all of our devices for the past 10 years – longer than many of our competitors have been selling smartphones.
Depending on the particular technology involved, that information requested by law enforcement agencies might include the content of encrypted messages, but it may include other vital data such as user information, the dates and times the subscriber contacted other users, the length of such communications, the location of the user, and so forth. In many instances non-content user information can be even more important than the actual content itself, because such metadata can provide crucial leads and other vital intelligence to law enforcement and security agencies.
Let’s be clear: I am not advocating sharing data with governments for their ongoing data collection programs without a court order, subpoena or other lawful request. However, telecommunications companies, Internet Service Providers, and other players in the modern communications and messaging ecosystem need to take seriously their responsibility to comply and to facilitate compliance with reasonable and lawful requests for such information. Unfortunately, not all players in the industry view this issue the same way. Some Silicon Valley companies have publicly opposed government efforts to enable lawful surveillance and data gathering, even where lives may hang in the balance. These companies appear to be trying to position themselves as staunchly “pro-privacy,” without according sufficient weight to legitimate and reasonable governmental efforts to monitor and track would-be terrorists. Far from protecting privacy rights, this irresponsible approach risks providing ever stronger arguments to those who would subjugate all cyber privacy concerns to national security.
The answer, therefore, is not to ban encryption, because doing so would give hackers and cyber-criminals a windfall, making it much easier for them to mine billions of items of sensitive personal, business and government data. Instead, telecommunications and internet companies should cooperate with the reasonable and lawful efforts of governments to fight terrorism. That way we can help protect both privacy and lives.
US President Obama has openly voiced support to British Prime Minister’s idea about banning encryption but as The Guardian report (below) last week on a secret US cybersecurity document in 2009 showed, they are very well aware their decision would leave the entire world highly vulnerable to cyber attacks at the expense of their interest in national security and terrorism matters.
Secret US cybersecurity report: encryption vital to protect private data
Newly uncovered Snowden document contrasts with British PM’s vow to crack down on encrypted messaging after Paris attacks
A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough.
The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.
In the wake of the Paris terror attacks, the prime minister said there should be no “safe spaces for terrorists to communicate” or that British authorites could not access.
Cameron, who landed in the US on Thursday night, is expected to urge Barack Obama to apply more pressure to tech giants, such as Apple, Google and Facebook, which have been expanding encrypted messaging for their millions of users since the revelations of mass NSA surveillance by the whistleblower Edward Snowden.
Cameron said the companies “need to work with us. They need also to demonstrate, which they do, that they have a social responsibility to fight the battle against terrorism. We shouldn’t allow safe spaces for terrorists to communicate. That’s a huge challenge but that’s certainly the right principle”.
But the document from the US National Intelligence Council, which reports directly to the US director of national intelligence, made clear that encryption was the “best defence” for computer users to protect private data.
Part of the cache given to the Guardian by Snowden was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.
One of the biggest issues in protecting businesses and citizens from espionage, sabotage and crime – hacking attacks are estimated to cost the global economy up to $400bn a year – was a clear imbalance between the development of offensive versus defensive capabilities, “due to the slower than expected adoption … of encryption and other technologies”, it said.
An unclassified table accompanying the report states that encryption is the “[b]est defense to protect data”, especially if made particularly strong through “multi-factor authentication” – similar to two-step verification used by Google and others for email – or biometrics. These measures remain all but impossible to crack, even for GCHQ and the NSA.
The report warned: “Almost all current and potential adversaries – nations, criminal groups, terrorists, and individual hackers – now have the capability to exploit, and in some cases attack, unclassified access-controlled US and allied information systems.”
It further noted that the “scale of detected compromises indicates organisations should assume that any controlled but unclassified networks of intelligence, operational or commercial value directly accessible from the internet are already potentially compromised by foreign adversaries”.
The primary adversaries included Russia, whose “robust” operations teams had “proven access and tradecraft”, it said. By 2009, China was “the most active foreign sponsor of computer network intrusion activity discovered against US networks”, but lacked the sophistication or range of capabilities of Russia. “Cyber criminals” were another of the major threats, having “capabilities significantly beyond those of all but a few nation states”.
The report had some cause for optimism, especially in the light of Google and other US tech giants having in the months prior greatly increased their use of encryption efforts. “We assess with high confidence that security best practices applied to target networks would prevent the vast majority of intrusions,” it concluded.
Official UK government security advice still recommends encryption among a range of other tools for effective network and information defence. However, end-to-end encryption – which means only the two people communicating with each other, and not the company carrying the message, can decode it – is problematic for intelligence agencies as it makes even warranted collection much more difficult.
The latest versions of Apple and Google’s mobile operating systems are encrypted by default, while other popular messaging services, such as WhatsApp and Snapchat, also use encryption. This has prompted calls for action against such strong encryption from ministers and officials. Speaking on Monday, Cameron asked: “In our country, do we want to allow a means of communication between people which we cannot read?”
The previous week, a day after the attack on the Charlie Hebdo office in Paris, the MI5 chief, Andrew Parker, called for new powers and warned that new technologies were making it harder to track extremists.
In November, the head of GCHQ, Robert Hannigan, said US social media giants had become the “networks of choice” for terrorists. Chris Soghoian, principal senior policy analyst at the American Civil Liberties Union, said attempts by the British government to force US companies to weaken encryption faced many hurdles.
“The trouble is these services are already being used by hundreds of millions of people. I guess you could try to force tech companies to be less secure but then they would be less secure against attacks for anyone,” he said.
GCHQ and the NSA are responsible for cybersecurity in the UK and US respectively. This includes working with technology companies to audit software and hardware for use by governments and critical infrastructure sectors.
Such audits uncover numerous vulnerabilities which are then shared privately with technology companies to fix issues that could otherwise have caused serious damage to users and networks. However, both agencies also have intelligence-gathering responsibilities under which they exploit vulnerabilities in technology to monitor targets. As a result of these dual missions, they are faced with weighing up whether to exploit or fix a vulnerability when a product is used both by targets and innocent users.
The Guardian, New York Times and ProPublica have previously reported the intelligence agencies’ broad efforts to undermine encryption and exploit rather than reveal vulnerabilities. This prompted Obama’s NSA review panel to warn that the agency’s conflicting missions caused problems, and so recommend that its cyber-security responsibilities be removed to prevent future issues.
Another newly discovered document shows GCHQ acting in a similarly conflicted manner, despite the agencies’ private acknowledgement that encryption is an essential part of protecting citizens against cyber-attacks.
The 2008 memo was addressed to the then foreign secretary, David Miliband, and classified with one of the UK’s very highest restrictive markings: “TOP SECRET STRAP 2 EYES ONLY”. It is unclear why such a document was posted to the agency’s intranet, which is available to all agency staff, NSA workers, and even outside contractors.
The memo requested a renewal of the legal warrant allowing GCHQ to “modify” commercial software in violation of licensing agreements. The document cites examples of software the agency had hacked, including commonly used software to run web forums, and website administration tools. Such software are widely used by companies and individuals around the world.
The document also said the agency had developed “capability against Cisco routers”, which would “allow us to re-route selected traffic across international links towards GCHQ’s passive collection systems”.
GCHQ had also been working to “exploit” the anti-virus software Kaspersky, the document said. The report contained no information on the nature of the vulnerabilities found by the agency.
Security experts regularly say that keeping software up to date and being aware of vulnerabilities is vital for businesses to protect themselves and their customers from being hacked. Failing to fix vulnerabilities leaves open the risk that other governments or criminal hackers will find the same security gaps and exploit them to damage systems or steal data, raising questions about whether GCHQ and the NSA neglected their duty to protect internet systems in their quest for more intelligence.
A GCHQ spokesman said: “It is long-standing policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the parliamentary intelligence and security committee.“All our operational processes rigorously support this position. In addition, the UK’s interception regime is entirely compatible with the European convention on human rights.”
Michael Beckerman, president and CEO of the Internet Association, a lobby group that represents Facebook, Google, Reddit, Twitter, Yahoo and other tech companies, said: “Just as governments have a duty to protect to the public from threats, internet services have a duty to our users to ensure the security and privacy of their data. That’s why internet services have been increasing encryption security.”
Rather than hearing from the geeks, it may be refreshing to listen the same from Mark Cuban, Shark Tank host and owner of NBA team Dallas Mavericks:
In the aftermath of the recent Charlie Hebdo attacks, it came as no surprise politicians were quick to up the antenna (again) on surveillance and stifle the right to privacy – whilst, in the same breath, they drape themselves publicly in Paris to embrace free speech and press freedom.
British Prime Minister David Cameron, for example, stole the headlines this week saying that, if re-elected in May, he would ban encrypted online messaging apps like WhatsApp and Snapchat if the British intelligence agencies were not given backdoors to access the communications.
“We must not allow terrorists safe space to communicate with each other,” said Cameron as he spoke about a “comprehensive piece of legislation” to close the “safe spaces” used by suspected terrorists – and also planned to encourage US President Barack Obama (who should be reminded that he has promised to pursue NSA reforms) to make internet companies like Facebook and Twitter cooperate with British intelligence agencies to track the online activities of Islamist extremists.
Backdoors are by and large security holes and what Cameron is proposing would set a dangerous precedence with irreversible consequences far beyond the loss of free speech – this is best summed up in the following open letter to David Cameron (below – and here):
Following up on an earlier post on the same topic:
Continuing on my blog post yesterday – shouldn’t one feel guilty about posting photos of their loved ones online without knowing or truly understanding the underlying risks?
Well instead of covering the face(s), how about encoding your photos with personal secret code so that only you and those selected parties can see them? That’s what this software PhotoScrambler is about.
If you’re still coining your new year resolutions… how about never to post (and tag) any photos of yourself and loved ones online?
Yes, it’s a social norm these days – just look at the Facebook sphere – but I can’t explain the risks better than this excellent presentation (below) from the Make Use Of blog about facial recognition technology and the risks of posting our photos online.
Food for thoughts?
Question: If the NSA managed to threaten and make Internet and technology giants like Yahoo, Google, Apple, Facebook, etc to hand over our metadata, who else could they target?
The US Postal Service?
And why not – since the information like names, addresses and postmark dates of both the senders and recipients conveniently splashed on the package covers could provide valuable investigative leads to law enforcement agencies?
As it turned out, the USPS Office of Inspector General (OIG) — the internal watchdog of the postal service – found that “USPS captured information from the outside of about 49,000 pieces of consumer mail in 2013 and turned much of it over to law enforcement organizations throughout the country, unbeknownst to the intended senders and recipients” – see full story below.
The US Postal Service has been quietly surveilling more mail than anyone thought
Program captured information from the outside of 49,000 pieces of mail in 2013 alone, sharing it with law enforcement agents
By Carl Franzen on October 28, 2014 02:15 pm
Snail mail is growing steadily less popular thanks to the internet, but people in the US still send lots of it every year — over 158 billion pieces of mail were handled by the US Postal Service in 2013 alone. As it turns out, the USPS has also been quietly spying on way more of the mail passing through its doors than previously acknowledged. A report from the agency’s internal watchdog — the USPS Office of Inspector General (OIG) — found that USPS captured information from the outside of about 49,000 pieces of consumer mail in 2013 and turned much of it over to law enforcement organizations throughout the country, unbeknownst to the intended senders and recipients. This information reportedly did not include the contents of letters and packages, but rather was limited to the information appearing only on the exterior, such as names, addresses, and postmark dates.
The report on the USPS information capturing program, called “mail covers,” was initially published to little fanfare over the summer and subsequently reported on by Politico, but is getting more attention now with an article appearing today in The New York Times that includes additional details.
First some background: the mail covers program is hardly new, it’s been in existence for over a hundred years, as The Times notes. It’s also not as invasive as a full search warrant for the contents of mail, which the USPS also grants (although only for federal search warrants; state search warrants aren’t accepted by the agency). In a guide for law enforcement agencies, the USPS explains exactly how the program works: a police officer/law enforcement agent needs to be already conducting an investigation into a suspected felony and have the names and addresses for their intended surveillance targets. The officer must send this information to the USPS through the mail or provide it verbally (in person or over the phone), along with a reason why the mail cover is needed. Then the USPS will begin capturing the information from the exterior of all the targets’ incoming and outgoing mail for up to 30 days (although extensions are available). The USPS says that “information from a mail cover often provides valuable investigative leads,” but adds that it “is confidential and should be restricted to those persons who are participating in the investigation.”
However, as the OIG report found, there are numerous problems with the way the USPS has been running the mail covers program. For starters, the USPS has a mail cover app that apparently doesn’t work very well and is blamed for the agency continuing to capture information from the mail of 928 targets even after the surveillance period was supposed to have ended. The USPS also appears to have started mail cover surveillance on targets without sufficient justification from law enforcement as to why it was needed, and some USPS employees didn’t even keep the written justification on file like they were supposed to. And in a further failure of duty, several mail covers weren’t started on time. Perhaps most troubling of all, the USPS doesn’t appear to have been accurately reporting the total number of mail covers in its official records provided to the Times under Freedom of Information Act requests, which show only 100,000 total requests for mail surveillance between 2001 and 2012 (an average of 8,000 a year, way fewer than the 49,000 mail covers acknowledged in the OIG report). The USPS said it agreed with the findings of the OIG report and would work to implement changes, but for an agency already struggling with how to move into the future, the findings are hardly good news.
Here’s an interesting story from BuzzFeed about a “little-noticed” court ruling from the US Justice Department – that the government has the right to impersonate someone’s identity, create a phony Facebook account in that person’s name, post racy photos found on that person’s seized phone – all without that person’s knowledge – in order to reach out to suspected criminals.
The world is still coming to grips with the snooping of personal information by the NSA, GCHQ and the likes in this post-Snowden era. But to commandeer one’s identity, without one’s knowledge, to catch criminals (or terrorists for that matter)? Has that gone too far, endangering one’s life?
(Btw check out this article on how to detect fake Facebook profiles.)
Government Set Up A Fake Facebook Page In This Woman’s Name
A DEA agent commandeered a woman’s identity, created a phony Facebook account in her name, and posted racy photos he found on her seized cell phone. The government said he had the right to do that.
Chris Hamby BuzzFeed Staff
Posted on Oct. 7, 2014, at 7:16 a.m.
The Justice Department is claiming, in a little-noticed court filing, that a federal agent had the right to impersonate a young woman online by creating a Facebook page in her name without her knowledge. Government lawyers also are defending the agent’s right to scour the woman’s seized cellphone and to post photographs — including racy pictures of her and even one of her young son and niece — to the phony social media account, which the agent was using to communicate with suspected criminals.
The woman, Sondra Arquiett, who then went by the name Sondra Prince, first learned her identity had been commandeered in 2010 when a friend asked about the pictures she was posting on her Facebook page. There she was, for anyone with an account to see — posing on the hood of a BMW, legs spread, or, in another, wearing only skimpy attire. She was surprised; she hadn’t even set up a Facebook page.
The account was actually set up by U.S. Drug Enforcement Administration special agent Timothy Sinnigen.
Not long before, law enforcement officers had arrested Arquiett, alleging she was part of a drug ring. A judge, weighing evidence that the single mom was a bit player who accepted responsibility, ultimately sentenced Arquiett to probation. But while she was awaiting trial, Sinnigen created the fake Facebook page using Arquiett’s real name, posted photos from her seized cell phone, and communicated with at least one wanted fugitive — all without her knowledge.
The Justice Department’s headquarters in Washington, D.C., referred all questions to the DEA, which then declined to answer questions and, in turn, referred inquiries to the local U.S. attorney’s office in Albany, New York. That office did not respond to multiple requests for an interview.
A Facebook spokesman declined to comment on the case. The site’s “Community Standards” say, “Claiming to be another person, creating a false presence for an organization, or creating multiple accounts undermines community and violates Facebook’s terms.” The spokesman said there is no exception to this policy for law enforcement.
Meanwhile, the bogus Facebook page remains accessible to the public, BuzzFeed News found.
Leading privacy experts told BuzzFeed News they found the case disturbing. “It reeks of misrepresentation, fraud, and invasion of privacy,” said Anita L. Allen, a professor at University of Pennsylvania Law School.
The experts also agreed that the case raises novel legal and ethical questions. There is a long tradition of deceptive practices by police that are legal, they noted. For example, officers assume a false identity to go undercover. “What’s different here,” said Ryan Calo, a professor at the University of Washington School of Law, is that the agent assumed the identity of a real person without her explicit consent.
“The technologies we have now are enabling all sorts of new uses,” said Neil Richards, a professor at the Washington University School of Law. “There are a whole bunch of new things that are possible, and we don’t have rules for them yet.”
The DEA’s actions might never have come to light if Arquiett, now 28, hadn’t sued Sinnigen, accusing him in federal district court in Syracuse, New York, of violating her privacy and placing her in danger.
In a court filing, a U.S. attorney acknowledges that, unbeknownst to Arquiett, Sinnigen created the fake Facebook account, posed as her, posted photos, sent a friend request to a fugitive, accepted other friend requests, and used the account “for a legitimate law enforcement purpose.”
The government’s response lays out an argument justifying Sinnigen’s actions: “Defendants admit that Plaintiff did not give express permission for the use of photographs contained on her phone on an undercover Facebook page, but state the Plaintiff implicitly consented by granting access to the information stored in her cell phone and by consenting to the use of that information to aid in an ongoing criminal investigations [sic].”
That argument is problematic, according to privacy experts. “I may allow someone to come into my home and search,” said Allen, of the University of Pennsylvania, “but that doesn’t mean they can take the photos from my coffee table and post them online.”
“I cannot imagine she thought that this would be a use that she consented to,” the University of Washington’s Calo said.
“That’s a dangerous expansion of the idea of consent, particularly given the amount of information on people’s cell phones,” said Elizabeth Joh, a professor at the University of California, Davis, School of Law.
The government’s court filing confirms that Sinnigen posted a photo of Arquiett “wearing either a two-piece bathing suit or a bra and underwear,” but denies “the characterization of the photograph as suggestive.”
This picture is no longer on the Facebook page, but others are. An album called “Sosa,” her nickname, shows her in a strapless shirt and large hoop earrings or, in another, lying face-down on the hood of the BMW, legs kicked up behind her. “At least I still have this car!” reads a comment supposedly posted by her.
The DOJ also acknowledges that Sinnigen posted photos of Arquiett’s son and niece, who were then clearly young children.
Arquiett’s current attorneys declined requests to interview her. But court documents tell much of her story.
She was arrested in July 2010 and accused of participating in a conspiracy to distribute cocaine, an offense that could carry up to a life sentence. She pled guilty in February 2011, and, in a court filing, federal prosecutors recommended a reduced sentence, noting that she was not a significant player in the conspiracy and had promptly accepted responsibility.
Arquiett grew up in Watertown, New York, according to a motion on sentencing by her attorney in her criminal case. Her father was imprisoned when she was an infant. Her mother was an alcoholic and drug user, and her stepfather abused both Arquiett and her mother.
By 2008, Arquiett was dating Jermaine Branford, who authorities believed to be the head of a drug trafficking ring, the criminal complaint against Arquiett says. He also physically abused her, according to the sentencing motion her lawyer filed.
The government accused Arquiett of allowing Branford and his associates to process and store cocaine in her apartment and helping them contact other members of the drug ring and arrange transactions. Branford later pled guilty in federal court to conspiracy to distribute cocaine and received a sentence of almost 16 years.
Arquiett’s lawyer argued that Branford and his crew took advantage of her vulnerabilities. “To her, because they ‘took care’ of her, she considered them like family,” attorney Kimberly Zimmer wrote. “In fact, they preyed upon and used her.”
Arquiett, Zimmer wrote, wasn’t paid like other members of the drug ring, just given money on occasion to buy gas or other items. “At the time, although she knew that her co-defendants were distributing drugs and that she was helping them to do so, she considered the things that she did for Branford and the other co-defendants as ‘favors,’ ” Zimmer wrote.
Zimmer also noted Sinnigen’s actions. “Ms. Arquiett never intended for any of the pictures on her phone to be displayed publicly, let alone on Facebook, which has more than 800 million active users,” she wrote in the motion addressing sentencing. “More disturbing than the fact that the DEA Agents posted a picture of her in her underwear and bra is the fact that the DEA agents posted a picture of her young son and young niece in connection with that Facebook account, which the DEA agents later claim was used for legitimate law enforcement purposes, that is, to have contact with individuals involved in narcotics distribution.”
Taking all of this into account, a judge sentenced Arquiett to five years of probation, including six months of weekend incarceration and six months of home detention. This March, a probation officer certified that she had complied with the terms of her sentence and terminated her probation.
From China with Love
It’s the one year anniversary of what is now known as the Snowden revelations, which appeared on June 5 and June 9 when The Guardian broke news of classified National Security Agency documents and Edward Snowden revealed himself in Hong Kong as the source of those leaks.
There is still much to decipher from the chronology of events in the aftermath and the sudden global awakening to the end of privacy. Among the impacts on the personal, business and political fronts, one interesting salient feature is the hypocritical rhetorical spats between the US and China in recent weeks, which could set the undertone for US-Sino relations for years to come.
Snowden said his biggest fear is that nothing would change following his bold decision a year ago.
You can find the entire column here.
NSA Snooping Compromises the Cloud Computing Industry
Facebook CEO Mark Zuckerberg complained last week that trust in social networks and Internet companies has dived ever since cyber snooping and spying activities by the US National Security Agency began to make global headlines earlier this year.
It is no surprise. In fact, as fugitive former NSA operative Edward Snowden pointed out, the encryption system adopted by the International Organization for Standardization and its 163 member countries were actually written by the NSA, convincing proof that online platforms being used by Internet companies and the commercial world, including banks, could in fact be easily compromised by the NSA.
In other words, the NSA designed their own secret back door into the global encryption system for their convenience. So until the encryption system has been overhauled and taken away from NSA’s control, no server and no cloud service provider is secure enough to be entrusted with any confidential data.
So why then are blindly trusting companies still moving ever more data into the cloud and onto servers, where online access to highly confidential information related to clients, customers, employees, deals, business plans and performances, etc., is available to the US snoops?
You can find the entire column here.
Take your pick: Edward Snowden, Internet and phone service providers, or just everybody?
The furor over the past week about how US intelligence agencies like the National Security Agency and the Federal Bureau of Investigation have for years scooped up massive loads of private communications data raises one critical and distressing question.
Who, worldwide and in the US, are the general public supposed to trust now that it seems all forms of digital and cyber communications risk being read by the American authorities? The Americans, it seems, don’t believe it’s that big a deal. By 62-34, according to the latest poll by Pew Research and the Washington Post, they say it’s more important to investigate the threats than protect their privacy. But what about the rest of the world?
The immediate acknowledgement, rather than point blank denial, of the massive clandestine eavesdropping programs is no doubt alarming even for those long suspicious of such covert undertakings. But the more disturbing part is that the official response amounts to plain outright lies.
Please read this entire Opinion Column here.
The Security Assault on Social Networks
Forget hacking. It works but it’s illegal.
Big data mining is the future of cyber espionage. It is not illegal as long as the data is open source and in the public domain. And all that data on “open” social networking Web sites are most vulnerable.
Two recent commercially developed software packages could soon be giving your government and employer and possibly anyone else who is interested – ways to spy on you like never before, including monitoring your words, your movements and even your plans now and into the future.
Looking back at 2010: A Very Social World
The world has changed. More than ever before, it is dominated by two opposing forces: the compulsion to share information and the need to control it. The year 2010 can claim to have a pivotal spot in the technological history of mankind, though not evidently for the better.
On the eve of the New Year, I began to wonder what some of the most significant world events were and which of these stood out. How could they further have an impact on a world already paranoid about privacy and national security on one hand, and obsessed with the advancement of techno-devices on the other?
The WikiLeaks headlines obviously top the list on a global scale, followed by the Google pullout from China, which left its mark on the world of corporate espionage. Third is the pressure exerted on the Canadian company Research In Motion (RIM) to hand over its Blackberry encryption to several governments.
These three events signify a paradigm shift in the gathering and sharing of information… (Read the entire column here and there).