9134 Shenanigans

While “Surveillance in the Digital Enclosure” is a relatively old article Andrejevic does have some valid points to make. What we have today is essentially ubiquitous computing. As phones become smarter, tablets more portable and the overall price of computers becomes more affordable the odds that a person will have more than one computer to their name increases drastically. I personally have 6 computers, 4 of which are portable. I am of course including modern gaming consoles and e-readers since they have the ability to connect to the net in the same way that my desktop does, the only difference is that some of these machines run a bit slower by default since their main function is not to access the general web.

With all this in mind cloud computing is also becoming more popular. The more machines people have that can connect to the web the more people want to ensure that these same machines can be synced through this web. Google Drive, Dropbox and other cloud computing programs are widely available and becoming more and more popular. There are some obvious issues about security when information is stored completely online. Instead of going over an old article, which is a great read BTW, I am going to go briefly over the issues that have recently come to light which seem to be in some ways a reflection of the concerns that Andrejevic has about ‘digital enclosure’ which is, in essence, cloud computing.

….Enter ‘Heartbleed’….

What is Heartbleed you ask? It is not a virus, it is not a worm, and it is not even an attempt by an external source to compromise or hack security. It is instead a bug… and not just any bug but a bug that has been in existence for 2 years in the 2012 update for OpenSSL. You know that little ‘s’ you see in the https address that lets you know your data is secure… well OpenSSL provides that service to individuals and companies. For two years there was a bug in this popular software which created vulnerabilities which until the beginning of this week were unknown to the general public.

http://heartbleed.com/

So what exactly does this little bug do that makes it so gosh darn problematic? At its core the Heartbleed bug allows for easy hijacking from anywhere in the world. For a great walkthrough on how people can do this visit this site: https://www.mattslifebytes.com/?p=533. This walkthrough shows people how to hijack a user’s account. The problem with this is of course the fact that Heartbleed apparently went unnoticed for two years and taking advantage of the bug apparently does not leave much of a trace. How are people supposed to know if their information is secure? This was only one bug which for all intents and purposes was not malicious by nature.

What I believe really ties in well with Andrejevic’s article is this other article I found on WIRED about Heartbleed. http://www.wired.com/2014/04/nsa-heartbleed/. This article looks at the possibility that Heartbleed may have provided the NSA with the ability to gain access to the “private keys used for SSL” and essentially use these keys to decrypt “internet traffic”. This article cites another article (http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security) which apparently had papers from Snowden providing evidence that the NSA was looking to develop ways to decrypt the traffic of organizations like Google, Facebook, and Yahoo. It is theorized that the NSA might have been able to use this bug to potentially get the access keys to these organizations. Of course there is no evidence that this has occurred but it has been less than a week since Heartbleed has become known to the general public. Who is to say that more information might not be discovered at a later date?

Needless to say Andrejevic seemed to have the right idea that the use of “digital enclosures” could enable further surveillance and it appears that our internet security and encryptions might not protect us as much as we think it does….

http://xkcd.com/129/

Although this comic by xkcd is about DRM it also reflects the concerns I feel towards internet censorship. Throughout history there are examples of the complacency of people, or δῆμος, which tends to result in a populace that can be manipulated and taken advantage of easily. Rome is a particularly good example of this since the mob, or common people, could be easily manipulated by those in power who were in control of the grain supply. In countries such as Canada our food supplies are not as important but we can be just as easily controlled if we aren’t careful. It is our dependence on the internet for our communication and news that makes us vulnerable. Allowing others to impose filters and censorship on what people are able to experience online will negatively affect people’s ability to look critically at the world around them.

This is the future that Brown is also concerned about in his article “Internet Censorship”, which can be found at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1026597. He expounds the various issues and risks that are presented by internet censoring technology. The biggest issues are of course that technology is inflexible and easy for any person with rudimentary computer skills to overcome with a proxy server or VPN. From what I hear from friends and family with Netflix they already use some kind of proxy server or extension to change the location their computer registers as to take advantage of American and UK programming. For most blocking technologies it doesn’t take much more than that to confuse them into granting access to content that is supposed to be blocked.

The risk of certain pages being censored that weren’t meant to be censored is another big deal. Limits on current technology mean that it is rather difficult to block specific pages so it often happens that an entire domain is blocked. This restricts access to content that might not be deserving of the restriction. A great example is the blocking of YouTube by the Brazil government mentioned in the article. Although blocked due to only one video the entire population of Brazil was deprived of the myriad of videos available on YouTube. Yes YouTube is merely entertainment to some people however it also includes useful tools such as how-to videos. Oddly enough YouTube is becoming a valuable resource for many people and being deprived of the entire site would likely be a blow to many people.    

Perhaps the biggest issue with censorship is that once the technology is in place it is remarkable easy to modify it. If a state-wide censorship device is established then what is to stop that state from censoring more and more websites. The net is so large right now that it is quite possible that people would not be immediately aware of the censorship. Sure many people do use proxy servers and VPNs but not everyone does and who is to say that there won’t be technology in place someday to override them. Even if the technology begins as a way to ‘protect’ children it has the potential to become as heinous as the “Great Firewall of China” and inhibit freedoms that we take for granted. Yes this is alarmist and yes I read too much dystopian fiction for my own good but people should still be allowed to decide for themselves what is appropriate and what is not.

We should not allow technology to determine what we should be allowed to experience.

(Just to lighten the mood http://xkcd.com/504/)

Just realized that this did not publish on tumblr. I am still fumbling my way around it and as of yet I have not figured out how to successfully publish original content here. If this works then it is just a brief look at an article by Newitz on RFID hacking from 2006. Things have changed from 2006 but the issues covered in this article have not.

http://www.wired.com/wired/archive/14.05/rfid.html

So what exactly are RFIDs? If you have read the article above you understand that they are Radio Frequency Identification devices that are remarkably small and incorporated in just about everything these days. Not such a bad thing when you think about the convenience such devices provide. Unfortunately the convenience comes at a price. This article from 2006 talks about how RFIDs allow people to be tracked both by those who created the devices as well as by anyone with the technical know-how to hack the device. Considering the age of this article it stands to reason that technology has advanced even more which is enabling more people to be tracked using this type of technology and most of them do not even realize it.

http://www.youtube.com/watch?v=7Shp8BN1IYM

Credit cards containing RFID technology are relatively new but incredibly popular, I myself have one such card. They are convenient and easy to use… unfortunately these cards are ridiculously easy to steal and manipulate. Yes I know that there is a money cap on the RFID enabled cards so that you can only use the RFID chip to pay for so much at one time however these limits only apply to individual transactions so a person could theoretically steal your card and then spend all your money on small purchases. I also would like to point out that there is really no longer a requirement for hacking skills, all a person needs is a computer with access to the internet and they can find all sorts of instructions on how to hack RFID chips. With this kind of information a person could, much like in the above video, hack and clone any RFID chip. Cloning a key card is not much different from cloning a credit card they both require approximately the same technology and same skill.

 http://www.wired.com/threatlevel/2013/12/citywide-rfid-master-house-key-already-broken/

The security issues highlighted by Newitz’s article have still not been solved. Did you know that it is possible for an RFID chip to be read by an RFID reader that you don’t know about? While a chip requires a compatible reader to be read it is still possible for your student card to register in locations other than campus or for your credit card to register with readers beyond debit machines. Every time an RFID chip on your person registers with a machine organizations and individuals could be using that information to track your movements. That might seem paranoid to some, however what is to stop an ex from hacking one of your RFID chips to track your location. Nothing.

One protection measure mentioned in the article is encryptions which are still not always used and many of the encryptions that are used are still vulnerable to attacks. In fact RFID chips can be just as vulnerable as any other computer despite their small size. The following article actually talks about the different types of attack that can be enacted on an RFID chip, looking specifically at viral attacks. While an RFID chip can be infected just like a computer it does not have the same level of protection that a computer has. This means that if the system that the RFID reader is hooked up to does not have proper protection then the system and every RFID chip read by the reader could become infected from one tampered RFID chip.

http://www.rfidvirus.org/papers/percom.06.pdf

Basically what I am trying to get at is the fact that there are so many issues with this new technology. People need to understand that they need to be more critical of new technology and to look past the convenience that technology can offer. It is not just government organizations and computer geniuses that can take advantage of certain technologies. With internet access anyone can learn to hack. This means that not only can your school track your student card but your crazy ex can too.