Cyberwars: ACLU and NSA ex-Director to Debate Tomorrow!

keith-alexander-nsa-flickrIn what is sure to be a barn-burner of a debate, the former head of the National Security Agency – General Keith Alexander – will be participating tomorrow in a with ACLU Executive Director Anthony Romero. The televised, surveillance-themed debate, will take place tomorrow –  June 30th, 10:30am Eastern Time – on MSNBC. The subject: whether or not the NSA’s vast surveillance and data mining programs are making American’s safer.

While many would prefer that the current head of the NSA be involved in the debate, General Alexander is a far better spokesperson for the controversial programs that have been the subject of so much controversy. After all, “Emperor Alexander” – as his subordinates called him – is the man most directly responsible for the current disposition of the  NSA’s cyber surveillance and warfare program.Who better to debate their merit with the head of the ACLU – an organization dedicated to the preservation of personal freedom?

Edward-Snowden-660x367And according to classified documents leaked by Edward Snowden, General Alexander’s influence and power within the halls of government knew no bounds during his tenure. A four-star Army general with active units under his command, he was also the head of the National Security Agency, chief of the Central Security Service, and the commander of the US Cyber Command. It is this last position and the power it wields that has raised the greatest consternation amongst civil-libertarians and privacy advocates.

Keith Alexander is responsible for building this place up between 2005 and 2013, insisting that the US’s inherent vulnerability to digital attacks required that he and those like him assume more authority over the data zipping around the globe. According to Alexander, this threat is so paramount that it only makes sense that all power to control the flow of information should be concentrated in as few hands as possible, namely his.

NSA_fort_meadeIn a recent security conference held in Canada before the Canadian Security Intelligence Service (CSIS), Alexander expressed the threat in the following, cryptic way:

What we see is an increasing level of activity on the networks. I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in.

If this alone were not reason enough to put people on edge, there are also voices within the NSA who view Alexander as a quintessential larger-than-life personality. One former senior CIA official who agreed to speak on condition of anonymity, claimed:

We jokingly referred to him as Emperor Alexander—with good cause, because whatever Keith wants, Keith gets. We would sit back literally in awe of what he was able to get from Congress, from the White House, and at the expense of everybody else.

And it is because of such freedom to monitor people’s daily activities that movements like the February 11th “The Day We Fight Back” movement – an international cause that embraced 360 organizations in 70 countries that were dedicated to ending mass surveillance – have been mounted, demanding reform.

us_supremecourtIn addition, a series of recent ruling from the US Supreme Court have begun to put the kibosh on the surveillance programs that Alexander spent eight years building up. With everything from cell phone tracking to cell phone taps, a precedent is being set that is likely to outlaw all of the NSA domestic surveillance. But no matter what, the role of Snowden’s testimony in securing this landmark event cannot be underestimated.

In fact, in a recent interview, the ACLU’s Anthony Romero acknowledged a great debt to Snowden and claimed that the debate would not be happening without him. As he put it:

I think Edward Snowden has done this country a service… regardless of whether or not what he did was legal or illegal, whether or not we think the sedition laws or the espionage laws that are being used to possibly prosecute Snowden are too broad, the fact is that he has kick-started a debate that we did not have. This debate was anemic. Everyone was asleep at the switch.

One can only imagine what outcome this debate will have. But we can rest assured that some of the more predictable talking points will include the necessities emerging out of the War on Terror, the rise of the information revolution, and the dangers of Big Brother Government, as well as the NSA’s failure to prevent such attacks as the Boston Marathon Bombing, the Benghazi Embassy bombing, and a slew of other terrorist incidents that took place during Alexander’s tenure.

Do I sound biased? Well perhaps that’s because I am. Go ACLU, stick to Emperor Alexander!

Sources: engadget.com, democracynow.org

Crypto Wars: The Tech World vs. the NSA

cyber_securitySix years ago, something interesting took place at Microsoft’s Windows annual Crypto conference in Santa Barbara. In the course of the presentations, two members of the company’s security group (Dan Shumow and Niels Ferguson) gave a talk that dealt with internet security and the possibility that major systems could be hacked.

They called their presentation “On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng”. That’s a name few people outside of the techy community would recognize, as it refers to a pseudorandom number generating program that is used extensively in cryptography. And thought the presentation was only nine slides and a few minutes long, they managed to capture the attention of the crowd with some rather stark observations.

cyber_security1Basically, they laid out a case showing that the new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made one of the program’s algorithms susceptible to cracking. But the weakness they described wasn’t just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design.

At the time, no one thought much of it. But today, that’s all changed, thanks to Edward Snowden. Apparently, cryptographers and journalists are seeing a connection between the talk given by Shumow and Ferguson and the classified NSA documents Snowden leaked. Apparently, some of that information confirms that the weakness in the Dual_EC_DRBG algorithm might be indeed a backdoor.

nsa_aerialEarlier this month, an article appeared in the New York Times that implied that the backdoor was intentionally put there by the NSA as part of a $250-million, decade-long covert operation by the agency to weaken and undermine the integrity of a number of encryption systems used by millions of people around the world.

Naturally, these allegations not only stoked the fires over the NSA’s long history of spying on databases, both domestic and foreign, it has also raised questions over the integrity of the rather byzantine process that produces security standards in the first place. The National Institute of Standards and Technology (NIST) approved Dual_EC_DRBG and the standard, is now facing criticism alongside the NSA.

nist_aerialbigAnd while NIST has since been forced to re-open the program to examination and public discussion, security and crypto firms around the world are scrambling to unravel just how deeply the suspect algorithm infiltrated their code, if at all. Some even went so far as to publicly denounce it, such as corporate giant RSA Security.

But of course, a number of crypto experts have noted that the Times hasn’t released the memos that purport to prove the existence of a backdoor. What’s more, the paper’s direct quotes from the classified documents don’t mention a backdoor or efforts by the NSA to weaken it or the standard, only the efforts of the agency to push the standard through NIST’s committees for approval.

nsasecurity_primary-100041064-largeOne such person is Jon Callas, the CTO of Silent Circle – a company that offers encrypted phone communication. Having attended the Crypto conference in 2007 and heard the presentation by Shumow, he believes that the real problem may lie in the fact that the algorithm was poorly made:

If [the NSA] spent $250 million weakening the standard and this is the best that they could do, then we have nothing to fear from them. Because this was really ham-fisted. When you put on your conspiratorial hat about what the NSA would be doing, you would expect something more devious, Machiavellian … and this thing is just laughably bad. This is Boris and Natasha sort of stuff.

Sources at Microsoft agree. In addition to the presenters – who never mention the NSA in their presentation and went out of their way to avoid accusing NIST of any wrongdoing – a manager who spoke with WIRED on condition of anonymity believes the reporters at the Times saw the classified documents dealing with the program, read about the 2007 talk, and assumed their was a connection.

cryptographyBut Paul Kocher, president and chief scientist of Cryptography Research, says that regardless of the lack of evidence in the Times story, he discounts the “bad cryptography” explanation for the weakness, in favor of the backdoor one:

Bad cryptography happens through laziness and ignorance. But in this case, a great deal of effort went into creating this and choosing a structure that happens to be amenable to attack.

Personally, I find it interesting that the NSA would be so committed to making sure a program passed inspection. Especially one that had a fatal flaw that, when exploited properly, could be used to give someone who knew about it access to encrypted information. But of course, it’s not like the NSA has been known to invade people’s privacy, right? RIGHT?

Clearly, all there is at this point is speculation. One thing is certain though. In the coming weeks and months, the NSA is going to be the recipient of even more flak over its monitoring and cryptographic activities. Whether this effects any change in policy remains to be seen, but I doubt anyone will be holding their breaths.

Sources: wired.com, nytimes.com

Should We Be Afraid? A List for 2013

emerg_techIn a recent study, the John J. Reilly Center at University of Notre Dame published a rather list of possible threats that could be seen in the new year. The study, which was called “Emerging Ethical Dilemmas and Policy Issues in Science and Technology” sought to address all the likely threats people might face as a result of all developments and changes made of late, particularly in the fields of medical research, autonomous machines, 3D printing, Climate Change and enhancements.

The list contained eleven articles, presented in random order so people can assess what they think is the most important and vote accordingly. And of course, each one was detailed and sourced so as to ensure people understood the nature of the issue and where the information was obtained. They included:

1. Personalized Medicine:
dna_selfassemblyWithin the last ten years, the creation of fast, low-cost genetic sequencing has given the public direct access to genome sequencing and analysis, with little or no guidance from physicians or genetic counselors on how to process the information. Genetic testing may result in prevention and early detection of diseases and conditions, but may also create a new set of moral, legal, ethical, and policy issues surrounding the use of these tests. These include equal access, privacy, terms of use, accuracy, and the possibility of an age of eugenics.

2. Hacking medical devices:
pacemakerThough no reported incidents have taken place (yet), there is concern that wireless medical devices could prove vulnerable to hacking. The US Government Accountability Office recently released a report warning of this while Barnaby Jack – a hacker and director of embedded device security at IOActive Inc. – demonstrated the vulnerability of a pacemaker by breaching the security of the wireless device from his laptop and reprogramming it to deliver an 830-volt shock. Because many devices are programmed to allow doctors easy access in case reprogramming is necessary in an emergency, the design of many of these devices is not geared toward security.

3. Driverless zipcars:
googlecarIn three states – Nevada, Florida, and California – it is now legal for Google to operate its driverless cars. A human in the vehicle is still required, but not at the controls. Google also plans to marry this idea to the zipcar, fleets of automobiles shared by a group of users on an as-needed basis and sharing in costs. These fully automated zipcars will change the way people travel but also the entire urban/suburban landscape. And once it gets going, ethical questions surrounding access, oversight, legality and safety are naturally likely to emerge.

4. 3-D Printing:
AR-153D printing has astounded many scientists and researchers thanks to the sheer number of possibilities it has created for manufacturing. At the same time, there is concern that some usages might be unethical, illegal, and just plain dangerous. Take for example, recent effort by groups such as Distributed Defense, a group intent on using 3D printers to create “Wiki-weapons”, or the possibility that DNA assembling and bioprinting could yield infectious or dangerous agents.

5. Adaptation to Climate Change:
climatewarsThe effects of climate change are likely to be felt differently by different people’s around the world. Geography plays a role in susceptibility, but a nation’s respective level of development is also intrinsic to how its citizens are likely to adapt. What’s more, we need to address how we intend to manage and manipulate wild species and nature in order to preserve biodiversity.This warrants an ethical discussion, not to mention suggestions of how we will address it when it comes.

6. Counterfeit Pharmaceuticals:
Syringe___Spritze___by_F4U_DraconiXIn developing nations, where life saving drugs are most needed, low-quality and counterfeit pharmaceuticals are extremely common. Detecting such drugs requires the use of expensive equipment which is often unavailable, and expanding trade in pharmaceuticals is giving rise to the need to establish legal measures to combat foreign markets being flooded with cheap or ineffective knock-offs.

7. Autonomous Systems:
X-47BWar machines and other robotic systems are evolving to the point that they can do away with human controllers or oversight. In the coming decades, machines that can perform surgery, carry out airstrikes, diffuse bombs and even conduct research and development are likely to be created, giving rise to a myriad of ethical, safety and existential issues. Debate needs to be fostered on how this will effect us and what steps should be taken to ensure that the outcome is foreseeable and controllable.

8. Human-animal hybrids:
human animal hybrid
Is interspecies research the next frontier in understanding humanity and curing disease, or a slippery slope, rife with ethical dilemmas, toward creating new species? So far, scientists have kept experimentation with human-animal hybrids on the cellular level and have recieved support for their research goals. But to some, even modest experiments involving animal embryos and human stem cells are ethical violation. An examination of the long-term goals and potential consequences is arguably needed.

9. Wireless technology:
vortex-radio-waves-348x196Mobile devices, PDAs and wireless connectivity are having a profound effect in developed nations, with the rate of data usage doubling on an annual basis. As a result, telecommunications and government agencies are under intense pressure to regulate the radio frequency spectrum. The very way government and society does business, communicates, and conducts its most critical missions is changing rapidly. As such, a policy conversation is needed about how to make the most effective use of the precious radio spectrum, and to close the digital access divide for underdeveloped populations.

10. Data collection/privacy:
privacy1With all the data that is being transmitted on a daily basis, the issue of privacy is a major concern that is growing all the time. Considering the amount of personal information a person gives simply to participate in a social network, establish an email account, or install software to their computer, it is no surprise that hacking and identity theft are also major conerns. And now that data storage, microprocessors and cloud computing have become inexpensive and so widespread, a discussion on what kinds of information gathering and how quickly a person should be willing to surrender details about their life needs to be had.

11. Human enhancements:
transhumanismA tremendous amount of progress has been made in recent decades when it comes to prosthetic, neurological, pharmaceutical and therapeutic devices and methods. Naturally, there is warranted concern that progress in these fields will reach past addressing disabilities and restorative measures and venture into the realm of pure enhancement. With the line between biological and artificial being blurred, many are concerned that we may very well be entering into an era where the two are indistinguishable, and where cybernetic, biotechnological and other enhancements lead to a new form of competition where people must alter their bodies in order to maintain their jobs or avoid behind left behind.

Feel scared yet? Well you shouldn’t. The issue here is about remaining informed about possible threats, likely scenarios, and how we as people can address and deal with them now and later. If there’s one thing we should always keep in mind, it is that the future is always in the process of formation. What we do at any given time controls the shape of it and together we are always deciding what kind of world we want to live in. Things only change because all of us, either through action or inaction, allow them to. And if we want things to go a certain way, we need to be prepared to learn all we can about the causes, consequences, and likely outcomes of every scenario.

To view the whole report, follow the link below. And to vote on which issue you think is the most important, click here.

Source: reilly.nd.edu

Plurality: A Concept Movie

Just found this on IO9, a new 14 minute concept movie about the future of New York City. According to the film, it’s 2023, and the introduction of a brand new technology – the Betham Grid – has made things like credit cards, ID cards, and keys obsolete. In essence, the Grid is a massive DNA scanner and social network, with readouts on every public surface in the city. Touch a door, a hand rail, or even a wall, and the Grid reads your DNA, identifies you and pinpoints your location.

Naturally, this has simplified life in many respects. In others, it turned NYC into something of a “Big Brother” state. Crime has dropped to previously unheard of levels, identity theft has become impossible, but the right to privacy remains in a state of limbo. And befitting all potentially dystopian scenarios, there’s a twist, which is alluded to in the name. Ultimately, the question remains, what is the ultimate cost of safety?

Take a look, and take note of all the attention to detail that runs throughout. Director Dennis Lui was sure to incorporate as many examples of futuristic technology as possible, from holographic display glass, to cars with Heads-Up Displays, to augmented reality glasses. The production values are also very impressive.