Tag Archives: security policy

We must bridge the gap between technology and policymaking – Bruce Schneier

Abstract

Technologists and policymakers largely inhabit two separate worlds. It’s an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split as a major hindrance to solving the world’s problems.

Today, it’s a crisis. Technology is now deeply intertwined with policy. We’re building complex socio-technical systems at all levels of our society. Software constrains behaviour with an efficiency that no law can match. It’s all changing fast; technology is literally creating the world we all live in, and policymakers can’t keep up. Getting it wrong has become increasingly catastrophic. Surviving the future depends in bringing technologists and policymakers together.

Listen to Sir Bruce Schneier

Reads more in

https://www.weforum.org/agenda/2019/11/we-must-bridge-the-gap-between-technology-and-policy-our-future-depends-on-it/

Australia Proposed Law: Social media execs may get Jail for violent crime streaming

Abstract

The proposed laws would cover “the playing or streaming of terrorism, murder, attempted murder, torture, rape and kidnapping on social media”, the government announced over the weekend. 

Social media platforms would also be required to notify the Australian Federal Police if they become aware that their site has been used to stream violent crimes. Should a notification fail to happen, fines of up to AU$840,000 for companies, and AU$168,000 for individuals, may be levied. 

Reference

https://www.zdnet.com/article/australia-to-rush-laws-on-jailing-social-media-execs-for-violent-crime-streaming/

Data Privacy: It’s time for the data brokers to be accountable.

You might be wondering why everyone in cyber experts call & I quote “Your Personal data is new oil”. Comparison Oil with Personal data is a metaphor because everyone is after your personal data. It’s the fact that user personal data is being sold from one party to another.

The whole shadow business is called data brokerages including big giants: Facebook, Google & Amazon. They have free hand: From collecting user data to selling third-parties. If data breach happens, They are not accountable at all. For the data brokers, Data breaches in their database does not matter because they know their data is not a secret. They have already sold many times.

Data brokers intrude on the privacy of millions of people by harvesting and monetizing their personal information without their knowledge or consent. Worse, many data brokers fail to securely store this sensitive information, predictably leading to data breaches (likeEquifax) that put millions of people at risk of identity theft, stalking, and other harms for years to come.


List of major data brokerages

But, Time is changing & now world is waking up on data privacy & un-ethical practices. Also, Making data brokerages accountable. One of the recent example apart from GDPR law is Vermont’s New Data Privacy Law

What Vermont’s Law Does

Vermont’s new data privacy law seeks to protect consumers from data brokers through four important mechanisms.

Transparency. Data brokers must annually register with the state. When doing so, they must disclose whether consumers may opt-out of data collection, retention, or sale, and if so, how they may do so. A data broker must also disclose whether it has a process to credential its purchasers, and its number of security breaches.

Duty to secure data. Data brokers must adopt comprehensive data security programs with administrative, technical, and physical safeguards.

No fraudulent collection. Data brokers may not collect personal information by fraudulent means, or for the purpose of harassment or discrimination.

Free credit freezes. Credit freezes are an important way for consumers to protect themselves from the fallout of a data breach. Many businesses will not extend credit absent a report from a credit reporting agency, and a credit freeze bars these agencies from issuing a report until a consumer lifts the freeze when they actually want credit. Vermont already empowered consumers to use credit freezes to protect themselves from credit fraud. The new Vermont law bars credit agencies from charging consumers fees for this protection.

Reference

https://www.eff.org/deeplinks/2018/09/vermonts-new-data-privacy-law

IoTSecurity: IoT Code of Practice by UK Govt

The United Kingdom has been very pro-active in regulating the most important cybersecurity concerns. Bruce Schneier (Cyber Guru ) often suggests that it is time for the govt’s to act & regulate on the IoT devices. In recent times, U.K govt has done phenomenal job regulating following important security concerns.

Apart from regulations, The significant part is that UK govt partner with private companies to come up with solutions. Many govt’s hesitate to take other stakeholders onboard.

Who are the audiences of Code of Practice regulation?

  • Device Manufacturer
  • IoT Service Providers
  • Mobile Application Developers
  • Retailers

So, What are the security Concerns on IoT devices?

  • Consumer privacy: Many devices are more of spy devices & keep track of every user movement, private conversation, video recording etc. Experts tell us that Privacy isn’t a right anymore in today’s world & We should get over it. However, It can still be controlled with the right tools.
  • Consumer security: Biggest concern is that consumer security. The more you can connected the more you are vulnerable. Unlock home, remotely hacking home video, smart TV etc are normal nowadays.
  • Unsecured manufacturing & Retailing: Most of the IoT devices are unsecured. And, Organizations has huge controlled on it. A consumer does not have the authority to ask for more security. If someone can unlock the door because of misconfiguration, Manufacturer & service providers are not liable.
  • Used these unsecured devices in large hacking (i.e DDOS): You might be familiar with distributed denial of service. These IoT devices help to achieve that.

Code of Practice regulation applies in following types of devices

  • Connected children’s toys and baby monitors
  • Connected safety-relevant products such as smoke detectors and door locks
  • Smart cameras, TVs and speakers
  • Wearable health trackers
  • Connected home automation and alarm systems
  • Connected appliances (e.g. washing machines, fridges)
  • Smart home assistants

Code of Practice Guidelines

  1. No default passwords
  2. Implement a vulnerability disclosure policy
  3. Keep software updated
  4. Securely store credentials and security-sensitive data
  5. Communicate securely
  6. Minimize exposed attack surfaces
  7. Ensure software integrity
  8. Ensure that personal data is protected
  9. Make systems resilient to outages
  10. Monitor system telemetry data
  11. Make it easy for consumers to delete personal data
  12. Make installation and maintenance of devices easy
  13. Validate input data

Reference

https://www.gov.uk/government/publications/secure-by-design/code-of-practice-for-consumer-iot-security

CyberSecurity: How chatbots are a new threat to democracy?

Since social media has become a media platform & news streams, Crooks & Politician, criminals etc started to exploit that. Some people argue that main stream media is so unfair & biased and social media is a way to contact their followers.

To go with this logic, Crooks started to buying trolls & trollers. These trollers are the human & they create fake agenda. If you closely see how facebook, twitter etc are full of trolls & fake news or funny cartoons, vedios. In Reality, Crooks set the agenda whom they wish to target in social media today.  Political parties are having IT cell as department to spread their message whether that is true or false does not matter.

There are IT companies who have a department to serve these crooks & politicians. They create thousands of fake accounts & dominate the real conversation going between few people. These fake accounts are created smartly & have local language or message as well. And, They just flood the bunch of messages & confuse people on every topic. It is done by every political party in large nowadays. 

Buying trollers are costly & it is an ongoing investment for all the crooks & politicians. So, In the coming days, It would not be wrong to say that People would look for cheaper & effective options & that could be a Chatbots.

Read full opinion about Chatbots & how it could be a dangerous

Abstract

Chatbots are software programs that are capable of conversing with human beings on social media using natural language. Increasingly, they take the form of machine learning systems that are not painstakingly “taught” vocabulary, grammar and syntax but rather “learn” to respond appropriately using probabilistic inference from large datasets, together with some human guidance.

Most political bots these days are similarly crude, limited to the repetition of slogans like “#LockHerUp” or “#MAGA.” But a glance at recent political history suggests that chatbots have already begun to have an appreciable impact on political discourse. In the buildup to the midterms, for instance, an estimated 60 percent of the online chatter relating to “the caravan” of Central American migrants was initiated by chatbots.