Dutch Government: Number of Internet Taps Has Quintupled In One Year

Via /. :

“A Dutch newspaper has a digital version of the letter Mr. Opstelten, Secretary of Justice and Security, sent to Dutch Parliament (PDF in Dutch), in which he quietly admits to 56,825 phone taps (a 3% rise in one year) and to 16,676 internet taps in 2012, a 400% rise, or a fivefold increase, in one year. An older report already exposed the Netherlands as one of the biggest wiretappers in the western world. Slate also knew, back in 2006, that Europeans actually love wiretapping and internet tapping. In the Netherlands, a country with a population of only 16 million, the practice has risen to the level of a staggering 1 in 1,000 phones being tapped.”

Beat that, America!

(Read the original on Slashdot.)

Keeping your data safe in the cloud the cheap way

Security and safety of data. You may not be concerned about it. I am. Especially since I like Cloud solutions.

spideroak_nav_mainI have an account with a cloud provider called SpiderOak where your data are stored encrypted. Your computer first encrypts your stuff and then sends it to SpiderOak’s servers. They don’t have your key, so if you lose it and you lock yourself out of the client on your computer, you’re royally buggered up. They can’t help you. SpiderOak offers 2GB free, other accounts cost money ($100/year, $10/month for 100GB). See their site for other pricing options if you’re interested.

What if you can’t afford that but you have a huge Skydrive with Microsoft, or this enormous space on Google Drive? The answer: Truecrypt.

Truecrypt is a helper program that allows you to encrypt stuff. You can make it encrypt a file, a disk partition or even your entire computer. For this post I stick to the file.

When you start Truecrypt you have the options:

Truecrypt 1

Note that this is a shot from Linux, in Windows it’ll look as good as the same. To set up an encrypted file, you click ‘create volume’, enter the name of the file and follow the prompts (the entire procedure is laid out in their Beginner’s Tutorial, so I’m not copying all that here. When you have followed the wizard, you have created a new volume.

Next step is to mount the file (volume). The fun bit is that you can mount the truecrypt file as a drive (e.g. /media/truecrypt in Linux, or to a drive letter like M: or V: in windows):
truecrypt 2

Via ‘select file’ you browse to your file (or you type in the name) and click Mount. Truecrypt asks you for the password you assigned to the file in the creation process and if that matches your file is mounted as a disk (as mine is in Slot 1. Windows will show you actual drive letters to assign something to).

Stick your work in the new drive, unmount it and back up that file to Google Drive, Dropbox, MS Skydrive etc, provided you have ample space there. If you created a 4GB Truecrypt file and you try to store that to a 2GB dropbox account, you’ll get yelled at by Dropbox.

The file (your new drive) will be fully encrypted, no one can read it. I have read that the FBI spent months trying to hack a Truecrypted drive from the infamous DotCom affaire and gave up. If you need your file back, just download it from wherever, mount it and voila, there are your files. For your eyes only, and no one else’s. Again: lose the password and you’re buggered.

Warning:

! Note that I don’t know if syncing a Truecrypt file “live” to Dropbox (e.g. you have the Truecrypt file INSIDE your Dropbox directory) works fine. I haven’t tried that.

I assume it will, as Truecrypt only has unencrypted data in memory and always writes encrypted data to disk. Dropbox then should move the update to the cloud, but understand that if you update e.g. a 1GB file (your drive), each update will cause the entire 1GB file to be Dropboxed, not just the 25 words you added to the file inside your Truecrypt-drive. For Truecrypt it’s a drive, for Dropbox it’s a big file. That is why I suggest copying the Truecrypt file to Dropbox when you’re done for the day or so.

Questions?

Google to the encryption-rescue

As found on cnet:

Google tests encryption to protect users’ Drive files against government demands

The search giant is seeking ways to armor user files, sources say, a move that could curb government surveillance attempts.

Google has begun experimenting with encrypting Google Drive files, a privacy-protective move that could curb attempts by the U.S. and other governments to gain access to users’ stored files.

Two sources told CNET that the Mountain View, Calif.-based company is actively testing encryption to armor files on its cloud-based file storage and synchronization service. One source who is familiar with the project said a small percentage of Google Drive files is currently encrypted.

The move could differentiate Google from other Silicon Valley companies that have been the subject of ongoing scrutiny after classified National Security Agency slides revealed the existence of government computer software named PRISM. The utility collates data that the companies are required to provide under the Foreign Intelligence Surveillance Act — unless, crucially, it’s encrypted and the government doesn’t possess the key.

“Mechanisms like this could give people more confidence and allow them to start backing up potentially their whole device,” said Seth Schoen, senior staff technologist at the Electronic Frontier Foundation in San Francisco.

Major Web companies routinely use encryption, such as HTTPS, to protect the confidentiality of users’ communications while they’re being transmitted. But it’s less common to see files encrypted while stored in the cloud, in part because of the additional computing expense and complexity and the difficulties in indexing and searching encrypted data.

Google previously had said that user files were transmitted in encrypted form, but stored in its data centers in an unencrypted manner, as detailed in an April 2012 post on a Google product forum from a community manager.

Jay Nancarrow, a Google spokesman, declined to answer questions about Google Drive encryption.

Secure encryption of users’ private files means that Google would not be able to divulge the contents of stored communications even if NSA submitted a legal order under the Foreign Intelligence Surveillance Act or if police obtained a search warrant for domestic law enforcement purposes.

Read the entire article on cnet.

Take the bus. Talk clearly please.

Things are getting more and more ‘up close and impersonal’. As found on Wired:

Public Buses Across Country Quietly Adding Microphones to Record Passenger Conversations

Photo: Oran Viriyincy/Flickr

Transit authorities in cities across the country are quietly installing microphone-enabled surveillance systems on public buses that would give them the ability to record and store private conversations, according to documents obtained by a news outlet.

The systems are being installed in San Francisco, Baltimore, and other cities with funding from the Department of Homeland Security in some cases, according to the Daily, which obtained copies of contracts, procurement requests, specs and other documents.

The use of the equipment raises serious questions about eavesdropping without a warrant, particularly since recordings of passengers could be obtained and used by law enforcement agencies.

It also raises questions about security, since the IP audio-video systems can be accessed remotely via a built-in web server (.pdf), and can be combined with GPS data to track the movement of buses and passengers throughout the city.

(There is more, read the whole deal on Wired)

Mother Found Guilty After Protesting TSA Pat-down of Daughter

Found on Slashdot:

In 2011, en route to Baltimore, Tennessee mother Andrea Abbott was arrested after squabbling with the TSA over their pat-down and “naked” body-scan process. Initially Abbott had protested a pat-down of her 14 year-old daughter, though eventually backed off. When her own turn came, she refused both a pat-down and body-scan. This week, despite having no criminal record, Abbott was found guilty of disorderly conduct and sentenced to one year of probation. A surveillance video of the affair shows what appears an agitated Abbott surrounded by various TSA agents, but seemingly contradicts the premise by which she was convicted. In the case against Abbott it was claimed that her behavior impeded the flow security-lines and lawful activity. Beyond Abbott’s confession of issuing some verbal abuse, the video does not appear to display a significant blockage of traffic nor anything noticeably criminal.”

It is probably a criminal offence to defy the mighty TSA. If everyone were to do that, where would that lead the world?

Dutch Ministry Proposes Powers for Police to Hack into Computers

Dutch Ministry Proposes Powers for Police to Hack into Computers, Install Spyware, Destroy Data

Dutch Ministry Proposes Powers for Police to Hack into Computers, Install Spyware, Destroy Data
The Dutch Ministry of Justice and Security has proposed some rather over the line measures and wants to extend such powers to the police that would allow them to break into computers and mobile phones in any part of the world.

According to the proposal [PDF] (in Dutch), dated October 15, the ministry has asked for powers that would allow police to not only break into computers but, would also allow them to install spyware, search for data in those computers and destroy data.

As explained by the digital rights group ‘Bits of Freedom’, which obtained the copy of the proposal, if the Dutch police gets such powers the security of computer users would be lessened and that there will be a “perverse incentive to keep information security weak.”

Another take is that millions of computers would be less secured as Government might not push companies to publish vulnerabilities on one hand and won’t encourage public to patch their systems on time on the other because it might want to exploit those vulnerabilities for its own purpose.

As much as this law is bad for the people, it is more so for the Dutch government as “other governments would be very interested in using such a power against Dutch interests.”

(Original article at ParityNews.com)

Chip in a pill

Proteus Biomedical has developed chip-in-a-pill technology that transmits patient data directly to a smartphone.

Some people will say that this is awesome, amazing, magnificent. Of course, as a technological breakthrough this is something very clever. This invention gives doctors the closest and most direct way to go inside you and find out what’s the matter. A nice detail here is that “It’s biodegradable, made from things in your diet, that is activated by acids in your stomach to send out a very super-low-power, digital signal that’s picked up by a patch that’s worn on your arm, that might look like a nicotine patch. … And from that device, it sends a signal to an app for your iPhone. From there, you’ve got the Internet. You can send the information to your doctor, to caregivers at home.” (Reference: NPR.org.)

But there is a backdraw. Not perhaps in this application as it is now, but think what could happen: you get this nice little pill with a chip, to find out what is ailing you. The doctor measures and extracts your signal. And then, instead of dissolving, the chip stays inside you, happily sending out signals. Such a nice way for the world to know where you are when you don’t have your mobile phone with you (or switched it off). And you would not know it.

And let’s take the paranoia a bit further. The worst scenario that can come from this would be control. Suppose there is this little chip inside you, or perhaps a few of them after subsequent pills, that can be used to control you. Subdue you when you are making trouble (whatever is seen as trouble), or turn you into someone you are not (going wild here, but nothing is outside the realm of possibilities with this). Someone flicks a switch and you turn into a killer? Not a nice thought.

This all may sound far-fetched but… remember the panic and the state of mind after the horror of 9 / 11 in New York happened? I have seen footage where people claim they would gladly get a chip in their body so they could be identified/located in a case of emergency. With pills like this, that future might not be far away.