Internet Monitoring: Who Watches the Watchers? 75
wiredmikey writes "Here's an interesting take on the IT security industry and tools being sold and used by to monitor internet users. It's no secret that many states and nations are censoring and monitoring the Internet. Many of these governments are considered authoritarian regimes, often times with trade restrictions and other sanctions against them. Most of these censorship systems are based on proprietary, enterprise hardware and solutions. Unfortunately, those who decide where these tools end up are often torn between conflicting interests. How many services and devices are actually being used by people whom we prefer would not have access to them? How long until they are used against us, even if indirectly? At which point do we have to stop looking at Information Security as a market, and begin viewing it as a matter of defense and (inter)national security?"
I sure woud like... (Score:3, Insightful)
Re: (Score:2)
Good thing you're monitor such stuff. Good job.
Re:I sure woud like... (Score:4, Insightful)
Keep wishing for your mythical free-market to "fix things". Be prepared to wait a very, very long time for that to actually happen, however. You Adam Smith fanboys all seem to continuously forget that "the invisible hand" requires a fully informed market to function properly. To suggest that "the general public", as a whole, has even the most remote possibility of being fully informed on a matter as complex as network/computer security is, to understate it by a bunch, absurd. I am not satisfied to live in a world where some magic akin to fairy dust will supposedly ensure that vendors only sell secure products. You're god damned right I want laws that require a certain level of security be engineered into the products and services that are offered to the market. And no, I do not want the law to specify the technology, only the need for it, and most importantly, the penalties for failing to provide it. It should hurt, by than a quarter or two worth of profits, when TJ Max or Blue Cross decides to cut corners on the guarding my personal information which they have insisted they must store in their systems. It should be a crime to be so negligent with so much treasure.
Re: (Score:1)
Perhaps religion is the answer? If you firewall your country, Ala doesn't approve, boom 90% of blockades disbanded. The other 10% (China), well that's a tough one, how about blacklisting them on USA websites effectively cutting them off from 90% of the web?
The problem doesn't lie in the software but the motive, just like they try to control software piracy, the internet isn't that kind of place where you can say you can't have this and there is no other path to your goal, there almost always is.
Re: (Score:3)
and most importantly, the penalties for failing to provide it. It should hurt, by than a quarter or two worth of profits, when TJ Max or Blue Cross decides to cut corners on the guarding my personal information which they have insisted they must store in their systems. It should be a crime to be so negligent with so much treasure.
Agreed, although I think financial penalties are not nearly enough. Executives working for a company that breaks the law should be held personally responsible. The world needs chain gangs made up of former executives imo.
Re: (Score:2)
Keep wishing for your mythical free-market to "fix things". Be prepared to wait a very, very long time for that to actually happen, however.
Yeah, about 60 years, the time it took China to go from its plethora of failed 5 year plans to the current FREE market economy it has now. I need convincing that any government has my best interests in mind. Some regulation is in order in same matters, sure, but everytime there's a problem you fools cry for more regulation. Well, we had a ton of regulation in place and what have the last 5 years brought?
Re: (Score:2)
Barn doors and horses. Once a tool is conveyed to someone, it will, eventually, be available to everyone.
But you're right: what happens in the interim?
Re:I sure woud like... (Score:4, Insightful)
WTH are you talking about? The article is talking about ISP level traffic monitoring and filtering technology, and you're commenting about securing individual computers. I know this is /. and all, but come on now.
You don't get to decide (Score:5, Insightful)
Re: (Score:2)
I know.
A noble sentiment, without effective representation or recourse.
See Michael Hudson [nakedcapitalism.com].
Re:You don't get to decide (Score:5, Interesting)
I don't follow.
How does a rant on the inability of the government to stop corporate attacks on itself refute a claim that the government is coordinating attacks on the public?
Hudson, you'll note, says the solution is for we, the people, to get back in control and apply the laws we have.
Being able to look in on the banks' internet communications would be one of our, the people's, tools.
As for this entire scare-fest, I will repeat what I always say in this situation:
THE INTERNET IS NOT SECURE
Nor is it private. No more than using a megaphone to do your telecommunications. I know some people want to front the idea that there's a "reasonable expectation of privacy," but those people are blatantly ignorant of the origins and construction of the Internet. Or else they're well aware of them, and are trying to make the proles believe that the Internet dosn't pass every packet of your data along a sequence of loosely-related public and private linkages, any of which has every right to read and laugh at the data flowing through its equipment.
Re: (Score:3)
The government is now nothing but a Rent-A-Cop for those corporations.
Re: (Score:1)
So "Rant" is the term you use, when presented with an analysis with which you disagree?
You are a stunning rhetorician.
Re: (Score:2)
I read it. It's ranty. And where did I say I disagree with it?
Re: (Score:3)
Let me get it started:
I won't collect information I don't directly need to offer automagicalness in my software.
I won't store information that is no longer relevant (old passwords, credit card numbers, etc.)
I will contact, though it might be impersonal, users who have been singled out
Re: (Score:2)
We need a GPL type universal list of shit that's unethical.
Your idea cries out for a "business search engine" as well, so you could say "I want to find a business in my area for 'drycleaning' which supports 'X' and 'Y', and is against 'Z'" etc -- allowing one to much, much more effectively "put one's money where one's mouth is."
Re: (Score:2)
Re: (Score:2)
There are effective monopolies. Do you think you can browse more than 10 different properties on the web, without becoming hopelessly enmeshed in Google "services" that you did not electively consume?
There are commercial interests that also operate without your awareness. What about CarrierIQ? http://mobile.slashdot.org/story/11/11/23/0032233/carrieriq-tries-to-silence-security-researcher [slashdot.org]
You are a hidden, downstream OEM relationship away from "services" that treat you like a human crop, to be harvested wi
Re: (Score:2)
MEEEPT!
Re: (Score:2)
Oh, and "Thanks" for the ad-hominem. My day wasn't complete, without someone lowering the level of discourse, as you just have.
You do realize who you were responding to, don't you?
Re: (Score:2)
Belatedly. Thanks. :-)
Re: (Score:1)
perhaps you don't understand what "WE THE PEOPLE" means.
It means "we who are claiming (rightly or wrongly) to speak in the name of the people".
Re: (Score:3)
You mean "it IS being used against you, right now, and your ISP is selling the information for money."
In my case, the IT department is just adding to the pile of things they can fire me for. "This is the number of times you visited /. This is the number of times you visited fark. Get out."
Re: (Score:2)
Ditto to what another commented regarding a work connection not being for your own personal amusement. As one of those IT Department folks, I tell folks so surf from their phone and/or tether and bring their own personal laptop to surf from. I don't care how you use your time, that's not my job, and you could just as easily be reading a book or on the phone all day taking bets. From a security standpoint, where staff surf with work PCs exposes my network, which is why I'm strict. Yes, we've got many lay
Re: (Score:3)
> It will be used against you.
It is* being used against you.
[*] - https://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy [wikipedia.org]
Where is the conflicting interest? (Score:2)
Most parties spying on the Internet have just one interest in mind. We (some, you, whoever) may not like that interest, but it is rare that one of them have conflicting intersts as the summary says.
Re:Where is the conflicting interest? (Score:4, Interesting)
Most parties spying on the Internet have just one interest in mind. We (some, you, whoever) may not like that interest, but it is rare that one of them have conflicting intersts as the summary says.
Blind eyes all around.
True there was some legislation about a decade ago, threatening USA trade with that evil unnamed country to the north (eh!) because they were trading with Cuba, but eventually some work-around was settled on, because Canada was the USA's biggest trading partner (still might be, despite what you may think of China.)
This is why people who once worked in government become "Trade Consultants" for $$,$$$,$$$ after leaving the service of the people, because they have the contacts and know the loopholes.
Well I suppose you could go ask your government (Score:5, Insightful)
on why they permit sales outside of the country followed quickly by asking yourself this, why do we expect to hold a corporation to a standard that we do not expect to hold our government too?
By that I mean, it sure is SAFE and EASY to go after a company to uphold values you hold dear but damn if anyone wants to stand up to their own government when it maintains relationships one way or another with the same regimes.
Then top it off with multinationals, to whom are they beholden. If you have offices in the US, Germany, Russia, and China, whose laws take precedence? What if your further incorporated on some tiny island for tax purposes?
Yes its a bad thing what these countries do, but guess what, they always have and will, hoping to limit the damage by limiting the software available won't get much relief to the oppressed. That change happens at home by getting the right people in government who actually stand behind the words they use on the campaign trail.
Security through obscurity (Score:3, Insightful)
Writing one of these tool sets is not that difficult, nor are the technical concepts involved.
They will exist even if every existing developer decides to cease supporting them.
The only solution are strong workarounds: peer-to-peer proxies like Tor and BitTorrent, in addition to strong encryption.
At the point where any of those fail you, the solution is regime change, not technology.
access control and auditing (Score:1)
most enterprise, carrier, and production grade security tools have internal auditing and tracking such that the auditors have an audit log of themselves with respect to the actions taken within the security tool.
that said, in the end whatever individual or group has oversight and access into that log data might review it manually, using correlation engines, or ignore it entirely. if they find something that is questionable, they might choose to act on it or not. in the end there is a serious human element,
Export Administration Regulation (US) (Score:2)
Well, if you're in the US, you could lobby to get the relevant technologies, software and hardware controlled by the Export Administration. Yes, the US has had export restrictions for 220+ years, since banning the export of long straight pine logs the Royal Navy wanted for masts & spars.
New and revised ECCNs get published in the Federal Register daily. But they only apply to the US, so you just may be exporting jobs.
You'd better think long and hard about what you want to control. Crisco would not be
Comment removed (Score:5, Informative)
Re: (Score:1)
Ha! Now you have just admitted they care! :-)
I know! (Score:2)
Coast Guard?
WITR (Score:2)
Who watches the watchers? (Score:2)
The Hawtch-Hawtcher Net Watcher....
Market wants v. security concerns (Score:5, Insightful)
At which point do we have to stop looking at Information Security as a market, and begin viewing it as a matter of defense and (inter)national security?"
I believe all the governments of the world are unanimous in saying they don't like the influence that people in other countries have on their citizens. Thus, the internet is a threat to all governments, everywhere, and the solutions will be varying degrees of censorship and control of critical infrastructure until access to the internet in its present form is impossible and is instead subsumed by a global network which mirrors the geographical and sociolpolitical needs of those governments.
Re: (Score:3)
very insightful.
governments are 'yay for us! we're so great, we're so great!' cheerleaders, essentially. telling their people they are the best and most evolved ones on the planet, those other guys don't know jack shit, etc, etc. this is standard programming from governments to their people. its what keeps the 'unity' stuff going. aka, patriotism.
the internet shows that man-drawn temporary land boundaries are just that; and that people are people and oppressors are oppressors. this is the real skin ga
Re:Market wants v. security concerns +1 (Score:2)
Great insight. It will be sad to look back on our current Internet in 50 years and realize how free it was.
Re: (Score:3)
I was hooked into digital anarchy by that text 25yr ago and I hope that the message it convoys will never stop:
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Damn kids. They're all alike.
But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world...
Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.
I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."
Damn kid. Probably copied it. They're all alike.
I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.
And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...
Damn kid. Tying up the phone line again. They're all alike...
You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.
Title (Score:1)
All of them (Score:2)
How many services and devices are actually being used by people whom we prefer would not have access to them?
All of them.
How long until they are used against us, even if indirectly?
Indefinitely
EVERYONE (Score:2)
Perhaps the best thing to do is make EVERYONEs search data available to EVERYONE.
That way we're all on equal footing and may even find out that Grandma has the same interest in midgets as you.
Used by [censored] (Score:2)
Here's an interesting take on the IT security industry and tools being sold and used by to monitor internet users.
Looks like we're using it where I work, i'm guessing we censored our company name so no one would grow suspicious.
Re: (Score:2)
Why do we still accept communication standards that do not include true end-to-end encryption ?
Because no encryption provided by a 3rd party can be trusted. If you want your communications secure, you have to install your own encryption packages, from trusted sources. If "the Net" or any vendor supplies your encryption, and you lack the ability to study the source code, you must assume that they can read everything you send or receive.
The folks who built the postal system understood that their only important job was getting the mail through. The folks who built the Internet understood that thei
Isn't it obvious? (Score:1)
Chuck Norris protects the internet. :)
But it can stop "hate" speech! (Score:1)
LOL. All the Slashdot retards who actually use the term 'hate speech' - I think you mean 'thought crimes', which Orwell WARNED us about - 1984 was supposed to be a warning, not an instruction manual.
Tyrants take away free speech because otherwise they will be exposed by it. Idiots support the removal of other people's free speech because you are too STUPID to be able to rationally argue your position, so you seek to silence any opposition. How embarrassing is that.
Go ahead and mod me down, thus proving me r
nothing useful (Score:1)
Not just governments (Score:2)
The reason for this is to make sure viruses or exploits cannot be encrypted. But of course it also means your company could, in theory, grab e-mail account
Why so secretive? (Score:2)
Here is the scenario. Workers do stuff secretively because they do not want their supervisors to know. Now the supervisors start to monitor those workers so that they can see when they are being naughty, except, they themselves are not being monitored, so the workers are outraged when they find out the supervisor was watching youtube on the job, which entails monitoring the workers to make sure they aren't watching youtube...
So who watches the watchers?
First, one doesn't need to monitor someone to undo secr