Quirks in Tech

Just in case you thought that Snapchat’s privacy settings were awesome, researchers have found that the security model is pretty piss poor. 

Hackers who breached Google database appeared to seek identities of Chinese spies in U.S. who might be under watch.

This story is incredibly significant: it clarifies an additional target of the Aurora attacks in 2009 (the database that Google stored FISA warrant information in) and, as an extension, provides a notion of why NSA was involved in the investigation (i.e. any revelation of FISA information constitutes a national security issue).

I suspect we’ll never get the full story of what all occurred, but this article very nicely supplements some of the stuff we learned in Levy’s book In the Plex, as well as popular reporting around the series of attacks on major Western companies that happened in late 2009. It also reveals the significant of meta-data/information: it wasn’t necessarily required for attackers to know what specifically waas being monitored to take action to protect agents; all that was needed was information that the surveillance was occurring for countermeasures to be deployed.

This morning, The New Yorker launched Strongbox, an online place where people can send documents and messages to the magazine, and we, in turn, can offer them a reasonable amount of anonymity. It was put together by Aaron Swartz, who died in January, and Kevin Poulsen.

This has lots of interesting promise, though it’ll be *more* interesting when a non-US group of journalists use the system (the code will be open sourced). Frankly, given the history of American courts, I don’t think that leaking to a US publication is a terribly good idea at the moment if you want to remain anonymous.

Good news, everyone. The terrorists will win and New York City Mayor Michael Bloomberg wants to help. Of course, his speech is all about not letting the terrorists win. But he’s giving them exactly what they want.

Bloomberg is an incredibly worrying political figure. He’s gone from earlier this year stating the privacy is important, but cannot be maintained in the face of expanding police surveillance, to this:

“The people who are worried about privacy have a legitimate worry,” Mr. Bloomberg said during a press conference in Midtown. “But we live in a complex word where you’re going to have to have a level of security greater than you did back in the olden days, if you will. And our laws and our interpretation of the Constitution, I think, have to change.”

This is the second time in very recent memory that he, on the one hand, supports a notion of privacy while, on the other, asserts that privacy has to be increasingly limited to enjoy ‘security’. This is an absolutely false dichotomy, and is often linked to blasé efforts to ‘secure’ a population in ineffective, inefficient, or incorrect ways. Strong security protections can and should be accompanied by equally strong privacy protections; we need to escape the dichotomy and recognize that privacy and security tend to be mutually supportive of one another, at least when security solutions are appropriately designed and implemented.