Category Archives: Security Mindset

EARN IT: the bill to end all encryption

A draft of a recently leaked bill has many across the internet worried about their online privacy when it relates to government surveillance. The “Eliminating Abusive and Rampant Neglect of Interactive Technologies Act” or EARN IT was written by Lindsey Graham and Richard Blumenthal, a bi-partisan effort, with the intent to prevent online abuse and exploitation of children. In order to achieve this, the bill seeks to establish a committee of fifteen members including The Attorney General, The Secretary of Homeland Security, and the Chairman of the FTC. This committee would be responsible for recommending “best practices regarding the prevention of online child exploitation content”.

Richard Blumenthal and Lindsay Graham

So far, this seems reasonable. After all, who wouldn’t get behind a bill that protects children from exploitation. The issue is that the best practices that the committee publishes must only have the support of the committee members and ten other members of congress. Other than that it seems that any “best practice” can be submitted to the Attorney General, who then has the power to “modify if necessary, the recommended best practices” and publish the final version.

Even this would not be a huge cause for concern if these practices were what they sounded like, best recommendations for protecting minors. However these best practices are not recommendations, rather they are seemingly mandatory practices that hold legal weight behind them. Companies that provide online services would be required to comply with these practices within a year of their publication and re-asses their compliance every year after. If they do not and are accused of hosting unlawful and exploitative material in regards to children, the company will be stripped of their section 230 protections. This would open up a floodgate of potential lawsuits that if acted upon, would run many online businesses into the ground.

William Barr sworn in as attorney general, following ...
Current Attorney General William Barr

While this bill is not blatantly attacking on online privacy, it does give an absurd amount of power to the Attorney General and fourteen other members of congress who would now have the power to regulate how much of the internet is run. The current Attorney General, William Barr, has advocated for backdoors to be built into encryption schemes for government use frequently. Many fear that if this bill is passed, he and others will use their new legal powers to force cryptography providers to build these backdoors and essentially give the government access to all of our online communication. Not only does this mean that cryptography would be useless against governing bodies, it also means that it would be severely weakened against bad actors as a backdoor that can only be used by the government simply cannot exist.

It seems as though this bill would not really have any effect on how online child exploitation is prosecuted in terms of those who actually commit the crimes; rather it targets online companies and services unfairly.

While the bill hasn’t been introduced formally, it has caused major uproar from online communities since its leak and it is easy to see why. It gives too much power over something that effects all of us daily to much too few. At best it can be used to protect children and take down exploitative websites, at worst it undermines the security and privacy of all of our online activities and one person essentially gets to decide which end of the spectrum the bill’s practice would fall on. Given the government’s track record of mass online surveillance we should be reluctant to give them more power over our communications.

Written by Grayson Hassell

The bill can be read in its entirety here.

You can take action against the bill here.

Read about the mentioned section 230 protections here.

the effects of coronavirus on bitcoin

Due to the current pandemic, we are seeing a decrease in the economy. The stock market has sunk and has brought down every company with it. With all this happening really fast, people are letting go of their stocks after losing hope that they will regain their value anytime soon. If you are a member of the Cyberworld like me, maybe you have also been keeping an eye on Bitcoin. Although it was keeping up really well while stocks have been dramatically losing their values, Bitcoin has recently suffered a fall going from $10,360 on Feb 13th to $6,902 today. Although it still has a high value, the decrease is very still significant and it is not looking like it will recover anytime soon.

Bitcoin’s current value at April 10th

What does that mean for us?

If you are a current Bitcoin owner, there’s nothing really worth doing as of now besides waiting for it to regain its value. If you currently don’t own any Bitcoin, I have great news for you. With this global pandemic not stopping anytime soon, Bitcoin will likely keep decreasing in value. Now is the perfect time to acquire some and wait until everything goes back to normal and sell it for a high price.

“Analysts of all types remain very firm in their assertions that Bitcoin stands to gain significantly due to a range of upcoming events. For example, much discussed block reward halving will re-shape the market, making existing Bitcoins more valuable. “

Smith, Trevor

Another point worth mentioning is that aside from proportioning new opportunities for Bitcoin acquisition, this pandemic is also prompting more cybercrime. Cybercrime was bound to increase with everyone panicking due to this virus and the criminals taking advantage of people’s fear, and day to day life becoming virtual. This decrease in value will also hurt cyber-criminals who request payments in Bitcoin.

And as we live through these tough times, the best thing to do is wash our hands, check out for phishing emails and invest in Bitcoin.

References:

– “Bitcoin Price Index — Real-Time Bitcoin Price Charts.” CoinDesk, 2020, http://www.coindesk.com/price/bitcoin.

– Smith, Trevor. “Why Bitcoin Analysts See This Dip As Incredible Opportunity To Buy.” Bitcoinist.Com, 10 Apr. 2020, bitcoinist.com/why-bitcoin-analysts-see-this-dip-as-incredible-opportunity-to-buy/.

-Suberg, William. “Bitcoin Price Ignores $2.3T Fed Cash as Pundit Warns of ‘Sucker Rally.’” Cointelegraph, 9 Apr. 2020, cointelegraph.com/news/bitcoin-price-ignores-23t-fed-cash-as-pundit-warns-of-sucker-rally. Accessed 11 Apr. 2020.

Zoom is trying to fix their mistakes, here’s how

Everybody’s been talking on Zoom lately, and everybody’s been talking about Zoom as well. More specifically, the topic of Zoom’s cyber security has been brought up lately due to their poor security of data, which allows anyone to potentially see anyone else’s recorded videos, and other people getting on their personal Zoom chats.

This brings up the question of “what are they doing about it?” and ”should we switch to another platform?”, which some New York schools and the company Google have been asking, disallowing Zoom’s usage for their people. Well, the people at Zoom are taking measures to try and fix some of these glaring issues. First of all, they are adding and grouping together new security features, allowing them to be access at a click of a button, granting you the ability to lock meetings so no one new can show up, and the function of the waiting room is now turned on by default, so the host will have to manually accept anybody who wants to come in.

They have also decided to take even more time and put in more effort into fixing their issues, with them stopping work on all their new features to focus on these problems. They also hired a security consultant, former Facebook CSO Alex Stamos, who will hopefully help them fix these issues (forbes).

Zoom has a lot on it’s plate for the next month, and I’m sure it will only grow, as Zoom has now increased its active users by twenty-fold, with 10 million users in December and now 200 million in March (businessinsider). I think with this huge boom of users, we can be somewhat lenient to Zoom, as it seems like they are making good strides to fix their problems in a efficient way.

Sources:
https://www.forbes.com/sites/kateoflahertyuk/2020/04/10/zoom-security-heres-what-zoom-is-doing-to-make-its-service-safer/
https://www.businessinsider.com/zoom-security-features-easier-access-stop-zoombombing-eric-yuan-2020-4

The California Consumer Protection Act: How does this change things?

One of the more recent additions to the laws in California is, as I’m sure many of you know, the California Consumer Protection Act. While the CCPA isn’t exclusive to the realm of cybersecurity, it definitely increases the rights of the cyber denizens living in California, who now have rights to the data that companies collect from them.

This means that when companies like Facebook or Google collect data through their platforms, Californians can now request to see that data, prevent the sale of that data, and learn if a company has sold that data. The CCPA also makes it so the company can’t charge them extra depending on if you use the rights the CCPA gives them.

However, things aren’t all as they seem. There are ways for companies to get around these limitations, such as removing the parts of the data that identify a specific person, thus making it into data that could have come from anyone. Another little thing that lets companies work like they would want to is that you have to opt out of their data collecting and selling, it doesn’t happen automatically. This makes it so that people who aren’t as tech-savvy or informed on news like this will never see the benefits.

Another problem that I could see arise is how to clarify what data is personal, and what is impersonal. For example, according to the Washington Post, companies Uber and Lyft collect data such as ratings, credit card information, and location data. However, Uber only reveals the user ratings, and not much else. Who decides which is which? This will surely be a discussion that will come up many times in the future.

The reason I found this happening to be related to the class is that I remembered what we did on Barlow’s Declaration of the Independence of Cyberspace, a piece on how he and the rest of the internet did not want to get involved with governments and wanted freedom for the citizens of the web. I feel like CCPA is a step in the right direction towards what Barlow wants, but I believe that this is too small of a step and that we need to think bigger, or at least expand outside of the Golden State.

By: Jake Peverly

Sources:
https://www.vox.com/recode/2019/12/30/21030754/ccpa-2020-california-privacy-law-rights-explained
https://www.washingtonpost.com/technology/2020/01/21/ccpa-transparency/
https://www.forbes.com/sites/michaelfertik/2020/01/27/ccpa-is-a-win-for-consumers-but-businesses-must-now-step-up-on-cx/#403b48bd6557
(Picture) https://multichannelmerchant.com/ecommerce/top-approach-accelerates-ccpa-compliance/

How Bugs Crashed The Iowa Caucus

The Iowa caucus is the first benchmark in the election in the presidential race of the United States. It’s results largely predict who has the best chances at receiving the presidential nomination for their party and are widely anticipated. However, this years Iowa caucus results were delayed for nearly a day because of a faulty app used to report the resulting data. According to Troy Price, an Iowa Democratic Chairman, a coding issue caused the app to report faulty “partial” data. The app, developed by Shadow, Inc. is currently being assessed by Blue Hexagon, a third party cybersecurity firm. According to their head of cyberthreat intelligence the version of the app used in the caucus has several problems and is being attributed to rushed production.

As can be expected, these delays caused frustration from voters and candidates alike. Formal apologies were released from the Democratic Party as well as Shadow, Inc. soon after the incident. In good news, it was reported that although the final app had many vulnerabilities, there was no sign of intrusion or interference in the delayed results. The delays were not only frustrating, but sparked a political battleground between candidates in the confusion. With Pete Buttigieg tweeting during the delays “We’re going to New Hampshire Victorious” as well as other candidates chiming in about their success.

Although I applaud the attempt at modernization, mixing technology with politics is dangerous and needs to be done with care. Especially with an event as anticipated as the Iowa caucus, botched results cannot be accepted. I believe that these modernization can be effective if done correctly and that this event should serve as a warning of the dangers of poor development.

Written by Grayson Hassell

Sources and additional readings:

Iowa caucus app debacle

KCCI Investigative Unit Looks into maker of caucus app

Iowa caucus debacle is one of the most stunning tech failures ever

Iowa caucus results delayed by an apparent app issue