Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
[Some readers will ask, Why is this computer-related? The answer of course that our computer systems and especially Big Data systems tend to be power hungry. Besides, I have been harping for years on the need for holistic thinking, and thus it behooves us to keep in mind the effects of climate change (the popular term for `global warming') in our long-term thinking. Thus, this item seems highly relevant to the bigger picture. PGN] Kiley Kroh, *Think Progress*, 13 May 2014 http://thinkprogress.org/climate/2014/05/13/3436923/germany-energy-records/ On Sunday, Germany's impressive streak of renewable energy milestones continued, with renewable energy generation surging to a record portion -- nearly 75 percent—of the country's overall electricity demand by midday. With wind and solar in particular filling such a huge portion of the country's power demand, electricity prices actually dipped into the negative for much of the afternoon, according to Renewables International. In the first quarter of 2014, renewable energy sources met a record 27 percent of the country's electricity demand, thanks to additional installations and favorable weather. “Renewable generators produced 40.2 billion kilowatt-hours of electricity, up from 35.7 billion kilowatt-hours in the same period last year,'' Bloomberg reported. Much of the country's renewable energy growth has occurred in the past decade and, as a point of comparison, Germany's 27 percent is double the approximately 13 percent of U.S. electricity supply powered by renewables as of November 2013. Observers say the records will keep coming as Germany continues its Energiewende, or energy transformation, which aims to power the country almost entirely on renewable sources by 2050. “Once again, it was demonstrated that a modern electricity system such as the German one can already accept large penetration rates of variable but predictable renewable energy sources such as wind and solar PV power,'' said Bernard Chabot, a renewable energy consultant based in France, via e-mail. “In fact there are no technical and economic obstacles to go first to 20 percent of annual electricity demand penetration rate from a combination of those two technologies, then 50 percent and beyond by combining them with other renewables and energy efficiency measures and some progressive storage solutions at a modest level.'' ]...]
*Beyond the NSA* is a series of articles at politico.com, examining the unchecked expansion of private-sector data collection and its implications for consumer privacy. One of the articles in this series—“Who watches the watchers? Big Data goes unchecked''—can be found at <http://www.politico.com/story/2014/05/big-data-beyond-the-nsa-106653.html>. The lead is “The NSA might be tracking your phone calls. But private industry is prying far more deeply into your life.'' This is even true of the Politico.com Webpage containing the article itself! A Ghostery analysis shows that the page initiates 495 calls to various http or https Websites, at 38 locations, including 92 of these to DoubleClick. As the article says, “it's kind of creepy.''
I'm honored to have Dan Wallach speaking at NSF today (this is a lecture series I organize). Please watch it on the recorded copy. (BTW, the recorded copy is closed captioned.) Dan Wallach (Rice University), STAR-Vote: A Secure, Transparent, Auditable, and Reliable Voting System, 15 May 2014 STAR-Vote is a collaboration between a number of academics and the Travis County (Austin), Texas elections office, which currently uses a DRE voting system and previously used an optical scan voting system. STAR-Vote represents a rare opportunity for a variety of sophisticated technologies, such as end-to-end cryptography and risk limiting audits, to be designed into a new voting system, from scratch, with a variety of real world constraints, such as election-day vote centers that must support thousands of ballot styles and run all day in the event of a power failure. This paper describes the current design of STAR-Vote which is now largely settled and whose development will soon begin. Bio Dan Wallach is a professor in the Department of Computer Science and a Rice Scholar at the Baker Institute for Public Policy at Rice University in Houston, Texas. His research considers a variety of different computer security topics, ranging from web browsers and servers through electronic voting technologies and smartphones. Future talks: Jul 17 2014: Crispin Cowan, Microsoft Nov 13 2014: Data Chisnell from UsabilityWorks
An old story, but right in the risks area: http://www.utsandiego.com/photos/2014/may/15/1325563/
In Kansas, Professors Must Now Watch What They Tweet NRP, 14 May 2014 http://www.npr.org/2014/05/14/312524014/in-kansas-professors-must-now-watch-what-they-tweet The Kansas Board of Regents gave final approval Wednesday to a strict new policy on what employees may say on social media. Critics say the policy violates both the First Amendment and academic freedom, but school officials say providing faculty with more specific guidelines will actually bolster academic freedom on campus. The controversial policy was triggered by an equally controversial tweet posted last September by David Guth, an associate journalism professor. Reacting to a lone gunman who killed 12 people at the Washington Navy Yard in Washington, D.C., he wrote: “The blood is on the hands of the #NRA. Next time, let it be YOUR sons and daughters.'' Guth was placed on administrative leave after an outcry from the public and state lawmakers. Rep. Travis Couture-Lovelady, a member of the Kansas House of Representatives and the National Rifle Association, says he was outraged by the tweet. He supports the board of regents' new policy to place parameters on professors. “Look, you have freedom of speech, but you can't go this far, I think having a clear understanding between faculty and the board of regents on what's acceptable and what's not is better for everyone involved.'' The new policy says that faculty and staff of the state's six universities, 19 community colleges and six technical colleges may not say anything on social media that would incite violence, disclose confidential student information or release protected data. But it also says staffers are barred from saying anything “contrary to the best interests of the university.'' Critics say the broad nature of the guidelines would offer administrators enormous latitude in firing people—even those with tenure. Will Creeley, director of legal and public advocacy at the Foundation for Individual Rights in Education, says it's one of the most restrictive social media policies in the country. “We have a First Amendment to protect controversial statements like professor Guth's, We don't have it to protect pictures of kittens posted on Facebook. If you punish a student or professor for a clearly protected speech, you send a message to everyone else on campus that you better watch what you say.'' Kansas University science professor Burdett Loomis says the regents are scared of Kansas lawmakers. “All of this has to be taken into account in the context of a very, very conservative Kansas Legislature that has very little sympathy, I think, for higher education,'' Loomis says. The board of regents is appointed by the state's Republican governor, Sam Brownback. Last December, when the board of regents first announced that a new policy was in the works, Loomis posted this reaction on Facebook: “Unbelievably broad and vague set of policies. Perfect example of using a nuclear weapon to destroy a gnat of a pseudo problem.'' The board of regents chairman, Fred Logan, has dismissed the controversy over the policy as `ludicrous'. He defended the new policy and said it would shore up academic freedom by creating more specific guidelines. “In many respects, the work that has been done has really focused on lifting up academic freedom as a core principle for the Kansas Board of Regents. Now, that may sound funny, but if you look in our policy manual, there's really not much in there about that.'' As for Guth, the professor who triggered the policy, he spent this semester on sabbatical in far western Kansas. But he's still talking; on his blog, he writes, “How can a guy talk to students about social media if he doesn't participate in the online discussion?''
http://arstechnica.com/security/2014/05/significant-portion-of-https-web-connections-made-by-forged-certificates/
Electronic Frontier Foundation Media Release For Immediate Release: Thursday, 15 May 2014 Contact: Rebecca Jeschke Media Relations Director Electronic Frontier Foundation press@eff.org +1 415 436-9333 x177 Which Tech Companies Help Protect You From Government Data Demands? EFF Survey Shows Improved Privacy and Transparency Policies of the Internet's Biggest Companies San Francisco - Technology companies are privy to our most sensitive information: our conversations, photos, location data, and more. But which companies fight the hardest to protect your privacy from government data requests? Today, the Electronic Frontier Foundation (EFF) releases its fourth annual *Who Has Your Back* report, with comprehensive information on 26 companies' commitments to fighting unfair demands for customer data. The report examines the privacy policies, terms of service, public statements, and courtroom track records of major technology companies, including Internet service providers, e-mail providers, social networking sites, and mobile services. “The sunlight brought about by a year's worth of Snowden leaks appears have prompted dozens of companies to improve their policies when it comes to giving user data to the government,'' said EFF Activism Director Rainey Reitman. “Our report charts objectively verifiable categories of how tech companies react when the government seeks user data, so users can make informed decisions about which companies they should trust with their information.'' EFF's report awards up to six gold stars for best practices in categories like require a warrant for content, and publish transparency reports. Last year, only one company we surveyed earned a full six stars—Sonic, a California ISP. This year, Apple, CREDO Mobile, Dropbox, Facebook, Google, Microsoft, Twitter, and Yahoo all joined Sonic in receiving six full stars, and several others—LinkedIn, SpiderOak, Tumblr, Wickr and Wordpress -- only missed getting all six stars because they did not have to bring public court battles on behalf of their users. This year, the majority of the companies surveyed have made a formal commitment to inform users when their data was sought, a welcome safeguard that gives users the information they need to fight on their own. This shows that the technology industry is adopting a best practice pioneered by Twitter, which in 2010 fought for the right to tell its users about a government order for their information as part of the WikiLeaks investigation. Additionally, 20 of the companies EFF reviewed published transparency reports detailing government requests for user data, which is a striking increase from last year, when only seven companies in EFF's report published them. This is now a new standard in the tech industry: corporations are actively and voluntarily working to shed light on the government attempts to access user data. However, it's not all good news in this year's report. Photo-messaging application Snapchat received only one star—particularly troubling due to the sensitive nature of photos and the company's young user base. “Snapchat joins AT&T and Comcast in failing to require a warrant for government access to the content of communications. That means the government can obtain extraordinarily sensitive information about your activities and communications without convincing a judge that there is probable cause to collect it,'' said EFF Staff Attorney Nate Cardozo. “We urge these companies to change course and give their users this simple and needed protection from government overreach.'' As part of this year's report, EFF collaborated with data analysis company Silk to help explore trends in government access requests. Silk's analysis provides a simple mechanism for reporters and the general public to explore corporate transparency reports, shedding light on which companies receive the most data requests, which companies push back against government data requests, and which countries are most aggressive in demanding user data. For the full report, *Who Has Your Back*: https://www.eff.org/who-has-your-back-government-data-requests-2014 For the Silk analysis: https://transparency-reports.silk.co/ For this release: https://www.eff.org/press/releases/which-tech-companies-help-protect-you-government-data-demands About EFF The Electronic Frontier Foundation is the leading organization protecting civil liberties in the digital world. Founded in 1990, we defend free speech online, fight illegal surveillance, promote the rights of digital innovators, and work to ensure that the rights and freedoms we enjoy are enhanced, rather than eroded, as our use of technology grows. EFF is a member-supported organization. Find out more at https://www.eff.org.
EFF: AT&T, Comcast, and Snapchat are laggards on privacy policies [Terser summary of the preceding item. PGN] (Ars Technica via NNSquad) http://arstechnica.com/tech-policy/2014/05/att-comcast-and-snapchat-are-laggards-on-privacy-policies/ The highest ratings—companies given six stars—were handed to Apple, Credo Mobile, Dropbox, Facebook, Google, Microsoft, Sonic, Twitter, and Yahoo. The report, released Thursday, reviewed 26 companies in all, rating them on everything from whether they require warrants for data handovers to whether they have publicly opposed mass surveillance and fight for “users' privacy rights in courts.'' The study found that Snapchat, AT&T, and Comcast lagged “behind others.'' Snapchat was among the biggest privacy underachievers, earning one star.
Danny O'brien, EFF, 14 May 2014 <https://www.eff.org/deeplinks/2014/05/mozilla-and-drm> It's official: the last holdout for the open web has fallen. Flanked on all sides by Google, Microsoft, Opera, and (it appears) Safari's support and promotion of the EME DRM-in-HTML standard, Mozilla is giving in to pressure from Hollywood, Netflix, et al, and will be implementing its own third-party version of DRM. It will be rolled out in Desktop Firefox later this year. Mozilla's CTO, Andreas Gal, says that Mozilla “has little choice.'' Mozilla's Chair, Mitchell Baker adds, “Mozilla cannot change the industry on DRM at this point.'' At EFF, we disagree. We've had over a decade of watching this ratchet at work, and we know where it can lead. Technologists implement DRM with great reticence, because they can see it's not a meaningful solution to anything but rather a font of endless problems. It doesn't prevent infringement, which continues regardless. Instead, it reduces the security of our devices, reduces user trust, makes finding and reporting of bugs legally risky, eliminates fair use rights, undermines competition, promotes secrecy, and circumvents open standards. It's clear from the tone of Gal and Baker's comments, and our own discussions with Mozilla, that you'll find no technologist there who is happy with this step. The fact that Mozilla, in opposition to its mission, had to prepare and design this feature in secret without being able to consult the developers and users who make up its community is an indication of how much of a contradiction DRM is in a pro-user open-source browser. Unchecked, that contradiction is only going to grow. Mozilla's DRM code,imported from Adobe as a closed-source binary, will sit in a cordoned sandbox, simultaneously Mozilla's responsibility but beyond its control. Mozilla will be responsible for updates to the DRM blackbox, which means users will have to navigate browser updates that will either fix security bugs or strip features from their video watching. Mozillians have already been warned of the danger of talking too much about how DRM works (and doesn't work), lest they trigger the provisions in the Digital Millennium Copyright Act (DMCA) that forbid `trafficking' in circumvention knowledge. Baker may think that Mozilla cannot change the industry on its own (despite it having done so many years ago). Sadly, it changes the industry by accepting DRM. It is these repeated compromises to the needs of DRM advocates by tech company after tech company that are changing the nature of personal computing, transforming it into a sector that is dominated by established interests and produces locked-down devices, monitored and managed by everyone but their users. Past experience has shown that standing up to DRM and calling it out does have an effect. As we have said to the W3C, and Cory Doctorow spells out to Mozilla in this Guardian article, we can do much more to fight the negative consequences of DRM than simply attempt to mitigate the damage of its adoption. [...]
CRYPTO-GRAM, May 15, 2014, by Bruce Schneier, CTO, Co3 Systems, Inc.
schneier@schneier.com http://www.schneier.com
In addition to turning the Internet into a worldwide surveillance platform,
the NSA has surreptitiously weakened the products, protocols, and standards
we all use to protect ourselves. By doing so, it has destroyed the trust
that underlies the Internet. We need that trust back. Trust is inherently
social. It is personal, relative, situational, and fluid. It is not uniquely
human, but it is the underpinning of everything we have accomplished as a
species. We trust other people, but we also trust organizations and
processes. The psychology is complex, but when we trust a technology, we
basically believe that it will work as intended.
This is how we technologists trusted the security of the Internet. We didn't
have any illusions that the Internet was secure, or that governments,
criminals, hackers, and others couldn't break into systems and networks if
they were sufficiently skilled and motivated. We didn't trust that the
programmers were perfect, that the code was bug-free, or even that our
crypto math was unbreakable. We knew that Internet security was an arms
race, and the attackers had most of the advantages. What we trusted was
that the technologies would stand or fall on their own merits.
We now know that trust was misplaced. Through cooperation, bribery, threats,
and compulsion, the NSA—and the United Kingdom's GCHQ—forced companies
to weaken the security of their products and services, then lie about it to
their customers.
We know of a few examples of this weakening. The NSA convinced Microsoft to
make some unknown changes to Skype in order to make eavesdropping on
conversations easier. The NSA also inserted a degraded random number
generator into a common standard, then worked to get that generator used
more widely.
I have heard engineers working for the NSA, FBI, and other government
agencies delicately talk around the topic of inserting a `backdoor' into
security products to allow for government access. One of them told me,
“It's like going on a date. Sex is never explicitly mentioned, but you know
it's on the table.'' The NSA's SIGINT Enabling Project has a $250 million
annual budget; presumably it has more to show for itself than the fragments
that have become public. Reed Hundt calls for the government to support a
secure Internet, but given its history of installing backdoors, why would we
trust claims that it has turned the page? We also have to assume that other
countries have been doing the same things. We have long believed that
networking products from the Chinese company Huawei have been backdoored by
the Chinese government. Do we trust hardware and software from Russia?
France? Israel? Anywhere? This mistrust is poison. Because we don't know,
we can't trust any of them. Internet governance was largely left to the
benign dictatorship of the United States because everyone more or less
believed that we were working for the security of the Internet instead of
against it. But now that system is in turmoil. Foreign companies are fleeing
US suppliers because they don't trust American firms' security claims. Far
worse governments are using these revelations to push for a more
isolationist Internet, giving them more control over what their citizens see
and say. All so we could eavesdrop better.
There is a term in the NSA: `nobus', short for `nobody but us'. The NSA
believes it can subvert security in such a way that only it can take
advantage of that subversion. But that is hubris. There is no way to
determine if or when someone else will discover a vulnerability. These
subverted systems become part of our infrastructure; the harms to everyone,
once the flaws are discovered, far outweigh the benefits to the NSA while
they are secret.
We can't both weaken the enemy's networks and protect our own. Because we
all use the same products, technologies, protocols, and standards, we either
allow everyone to spy on everyone, or prevent anyone from spying on
anyone. By weakening security, we are weakening it against all attackers. By
inserting vulnerabilities, we are making everyone vulnerable. The same
vulnerabilities used by intelligence agencies to spy on each other are used
by criminals to steal your passwords. It is surveillance versus security,
and we all rise and fall together.
Security needs to win. The Internet is too important to the world—and
trust is too important to the Internet—to squander it like this.
We'll never get every power in the world to agree not to subvert the parts
of the Internet they control, but we can stop subverting the parts we
control. Most of the high-tech companies that make the Internet work are US
companies, so our influence is disproportionate. And once we stop
subverting, we can credibly devote our resources to detecting and preventing
subversion by others.
This essay previously appeared in the *Boston Review*.
http://www.bostonreview.net/mayjune-2014
(BBC via NNSquad) http://www.bbc.com/news/technology-27426937 “The controversial proposals have drawn an unprecedented level of scrutiny to the Federal Communication Commission (FCC) and its vote, which was passed with three commissioners voting in favour and two against. The meeting of the five commissioners was repeatedly interrupted by protesters, several of whom were removed from the room.'' - - - Had to go to BBC for this. CNN is busy running wall to wall playback and analysis of phone conversations of an apparently senile basketball team owner, recorded illegally by his pimp. They also interviewed the pimp live. So they don't have time left for stories affecting the future of the Internet.
Stacey Higginbotham, Gigaom.com, 15 May 2014 http://gigaom.com/2014/05/15/net-neutrality-2014/ SUMMARY: The FCC is sticking to its guns on net neutrality, voting to approve a framework for rules that could create an Internet fast lane, while trying to patch up the loopholes that would make that fast lane possible. On Thursday, the FCC commissioners voted 3-2 to approve a framework for net neutrality rules that continue to favor the creation of an Internet fast lane while exploring a line of inquiry into the idea of reclassifying broadband as a public utility. So, while the Federal Communications Commission has taken the protesters outside their offices to heart and adjusted the focus of its net neutrality rules a bit, the fate of the Internet is still up in the air. The notice sets off a discussion process that will culminate in new net neutrality rules, which chairman Tom Wheeler has said he hopes will be in place before the end of the year. Such rules are aimed at preventing ISPs from discriminating against traffic on their pipe, for example, preventing Comcast from slowing Gigaom traffic while stories from Comcast-owned NBC properties load with ease. However, the timing of actual rules will depend on what the agency decides to do after the four-month comment period on today's proposed rules expires. So what are those rules? I'll explain below. Bringing in wireless networks to the net neutrality fold: In 2010, wireless and wireline networks were subject to different net neutrality rules after a compromise between Google and Verizon. The rules around discrimination on wireless networks were a bit more lenient, given the challenges of delivering large amounts of content over limited spectrum resources. By including the possibility of bringing wireless further into these rules, we have the debate over wireless discrimination all over again. And this is truly a tough debate because the physics of wireless networks are different from wireline networks. But with AT&T and Verizon trying to push landline and DSL customers onto LTE networks for voice and broadband access in rural areas, this debate is essential in order to make sure that the customers who have no choice but LTE have the same Internet options as someone with cable or fiber. Enhance transparency rule: This is pretty simple, but the idea here is that when ISPs take actions to block content or slow content or engage in deals with companies under any sort of prioritization scheme, customers will know about it, so they can “weigh their options.'' While it's nice to know that AT&T might have faster Netflix because the two companies have signed a deal to put Netflix traffic in a fast lane, it doesn't help me if my only other alternative is Time Warner Cable that has put Gigaom's servers in a fast lane, so I can send my video files back to my corporate office. Consumers will be left with bad choices or no choices, depending on their needs and location. No blocking: This gets into the concept of the Internet slow lane. As part of no blocking, the agency recognizes that there are plenty of things an ISP can do to make content unusable, such as slowing it to the point where video files become unwatchable or packets in a download are lost. This rule proposes minimum standards that remain to be seen (I'll update when I see them) and will be a source of much drama in the weeks and months to come, because activists worry that it's the weak legal link that ISPs can use to fight the new net neutrality rules. No paid prioritization: The rules also try to say that priority service offered exclusively by a broadband provider to an affiliate should be considered illegal until proven otherwise. However, the agency acknowledges that this is a `Crebuttable presumption', which it defines as “presumption that is taken to be true unless someone comes forward to contest it and proves otherwise.'' Like a court case. That would then allow for paid prioritization. Yes, that is a house the FCC is building on sand. [...]
(Next Web via NNSquad) http://thenextweb.com/insider/2014/05/15/politician-paedophile-doctor-already-asked-google-forgotten-says-bbc/ “Now, the BBC reports that Google has received fresh takedown requests, from a former politician currently seeking re-election and who wants mentions of his behaviour in office deleted. Also, a man convicted of owning images of child abuse has requested links about his convictions to be removed, while a doctor has sought to delete negative reviews from his patients.'' - - - It would have been SO much easier for Stalin to delete `unfortunate' aspects of his history (not to mention completely deleting his ex-colleagues) if he had had access to the EU `right to be forgotten'. Yep. He didn't really believe in the public's Right to Know—like the EU, apparently.
[via Dave Farber, who comments, “This was a major part of the new book from Greenwald, very very interesting.'' Democracy Now, 14 May 2014 http://www.democracynow.org/2014/5/14/glenn_greenwald_us_corporate_media_is In the final part of our extended interview, Glenn Greenwald reflects on the Pulitzer Prize, adversarial journalism and the corporate media's response to his reporting on Edward Snowden's leaked National Security Agency documents. “We knew that once we started publishing not one or two stories, but dozens of stories, that not just the government, but even fellow journalists were going to start to look at what we were doing with increasing levels of hostility and to start to say, 'This doesn't actually seem like journalism anymore,' because it's not the kind of journalism that they do. It doesn't abide by these unspoken rules that are designed to protect the government.'' GUESTS Glenn Greenwald, Pulitzer Prize-winning journalist and author of the new book, No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State.
Please report problems with the web pages to the maintainer