Feeds:
Posts
Comments

Archive for January 13th, 2010

I posted on this earlier, and Ars Technica has a followup post this morning.  I think the most relevant concern is below, which has to do with the cost of allowing government monitoring:

Why only subject lines? If the attackers could get access to subject lines, why couldn’t they access entire e-mails? Apparently because the hackers infiltrated automated systems set up to provide such information to law enforcement in the US and elsewhere. (Getting access to the contents of e-mail messages is harder under US law than getting access to addresses, subject lines, etc, which are considered to be on the “outside of the envelope” and subject to pen register searches).

According to a Macworld source, “Right before Christmas, it was, ‘Holy s—, this malware is accessing the internal intercept [systems].'” Later, Google cofounder Larry Page supervised a Christmas Eve meeting on the security breach.

Fun fact: Google’s security team managed to penetrate one of the servers being used by the attackers, which was how the full extent of the attack—more than 30 companies—was revealed.

Breaches by design. Former Ars writer Julian Sanchez, now covering security at the Cato Institute, sees a problem with these automated law enforcement tracking systems in place at most major ISPs and Web companies. “As an eminent group of security experts argued in 2008, the trend toward building surveillance capability into telecommunications architecture amounts to a breach-by-design, and a serious security risk. As the volume of requests from law enforcement at all levels grows, the compliance burdens on telcoms grow also—making it increasingly tempting to create automated portals to permit access to user information with minimal human intervention.

“The problem of volume is front and center in a leaked recording released last month, in which Sprint’s head of legal compliance revealed that their automated system had processed 8 million requests for GPS location data in the span of a year, noting that it would have been impossible to manually serve that level of law enforcement traffic. Less remarked on, though, was Taylor’s speculation that someone who downloaded a phony warrant form and submitted it to a random telecom would have a good chance of getting a response—and one assumes he’d know if anyone would.”

via Google and China: the attacks and their aftermath.

Advertisements

Read Full Post »

Pretty astounding news, and really important regarding US relations with China.  I suspect China will hack my account now, but thought this should be further publicized anyway.

Well, we’ve got to hand it to Google—the company’s “don’t be evil” schtick has long worn thin and governments around the globe are already probing its potential monopoly power, but who else would come out swinging against the entire Chinese government and announce an end to its own collaboration in censorship, all while recognizing that it could lose access to the entire Chinese market? And do it in a blog post?

This far but no further

The extraordinary announcement came this afternoon: Google has had it with China’s pervasive web of censorship and spying, and the company is done censoring its search results in China. The decision wasn’t made in a vacuum, but rather came after years of increasing cyberattacks from the Chinese mainland. A recent, massive infiltration attempt that targeted Google and 20 other tech companies was the final straw. Though Google stops short of naming the Chinese government as the party behind the attacks, the implication is clear.

via Furious Google throws down gauntlet to China over censorship.

Read Full Post »