Crypto gripes, election security, and mandatory cybersec school: Uncle Sam's cyber task force emits todo list for govt The US Department of Justice (DOJ) this week released the first report from its Cyber Digital Task Force – which was set up in February to advise the government on strengthening its online defenses. The report [PDF], compiled by 34 people from six different government agencies, examines the challenges facing Uncle Sam's …
"As such, the relationship that the Department, including the FBI, builds and maintains with the private sector is critical to our efforts to combat cybercrime."
And the first company to give in to the 3 letter agencies signs it's own death warrant, no-one will touch their products again.
"And the first company to give in to the 3 letter agencies signs it's own death warrant, no-one will touch their products again."
That hasn't actually been the case in the past. Some people are concerned about this sort of thing and will act, but I don't think the majority of Facebook users would quit if they were spied upon. *coughcough*
"With the US midterm elections just months away and fears of foreign meddling already on people's minds"
Enough with this cyber böllïx, this isn't Faux News.
"the Department of Homeland Security and states attorney generals will coordinate under a single banner to help ensure the integrity of the vote count."
How about not using closed voting machines with no paper record?
The key beneficiaries of voting machines are the machine producers and the news media who get to announce election results in many cases, usually correctly, by the 10 or 11 PM news slot. Facts being what they are, waiting another half day cannot reasonably be judged harmful. Certification of results remains mired in the past and never happens sooner than a week or two after the election in any case, which allows for such things as counting provisional and late arriving absentee ballots and recounts that may be legally required or requested by candidates in close contests.
How about not using voting machines at all?
"...the Justice Department is not a fan of the common man having access to encryption."
How the fuck do these morons expect to keep the "common man" safe in the Internets without allowing "him" to use encryption?
Blowing and sucking the straw simultaneously is logically and physically impossible!
" "Virtually every instance of cyber-related crime implicates the private sector in some way, whether the private sector is the target of malicious cyber activity, the provider of technology or services through which cybercrimes are committed or concealed, or the repository of evidence (such as communications) relating to cyber-enabled criminal activity," the task force concludes.
"As such, the relationship that the Department, including the FBI, builds and maintains with the private sector is critical to our efforts to combat cybercrime." ® "
Wow! Where do they expect the things used to do any computing come from? Personal freedoms are being heavily targeted under OPOTUS; of course, his base is not known to be supporters of personal freedom, other than guns for all, so it makes sense for "law enforcement agencies"* to grab even more snooping capability with OPOS at the helm.
Makes me wonder when the BSDs will be banned as they are doing really good work securing those OSs.
* I double quoted law enforcement agencies as I grew up thinking they worked to protect the citizenry and local law enforcement may still be mostly about that, but at higher levels it is certainly a political game. Sadly, once those recieve new powers it is difficult to ensure those powers are used appropriately and are rarely relinquished. Hence the danger of a Fascists as President (FaP) or Donald (FaP) Trump.
There is no need to ban the BSD's. They will make them useless by creating hardware with backdoors, or hardware that requires proprietary blobs with backdoors. Or both. Companies will have to comply. And they will have to be silent as well.
Open source CPU design. Is it having a hard time? Is that a coincidence?
Yes, I hadn't thought of that at the time of writing that comment and that makes a lot more sense as it shows how concerned governments are about our security all the while circumventing our security through CPU/chipset management engines and the whole trusted computing paradigm. Thanks for that reminder.
Check! Done. Intel considered harmful (pdf).
Of course that's old news, 2015 vintage. And the undercover OS it describes, Intel's Management Engine, is older still. (And it has an analog in AMD, so don't think it's just Intel.)
The bad news: your hardware is not secure and (probably) never will be. The good news: you're too small a fish to get fried by it. So far. Until someone automates a hack for these secret-OS-under-your-OS codebases.
I agree that the local police are _usually_ less corrupt than broader agencies (Your mileage may vary if you live in a minority-resident/majority owned area). That said, the biggest LE news in a couple decades in my home town was when a couple local cops were caught tipping a burglary ring off when asked to "keep an eye on our house, we're going to be traveling for a week".
While foreign influence is always a danger to an election I believe the biggest threat comes from corporate interests.
https://en.wikipedia.org/wiki/Lobbying
"Lobbying, persuasion, or interest representation is the act of attempting to influence the actions, policies, or decisions of officials in their daily life, most often legislators or members of regulatory agencies. "
"The threat such operations pose to our society is unlikely to diminish."
I believe the biggest threat comes from corporate interests.
Therein is perhaps part of the puzzle as such. If you're using encryption, the likes of Google can't read your mail and figure out how to target more ads. The individual's safety isn't a concern where corporate profits are involved. There's a long history of this especially in the drug industry and very evident in the Web world.
In the United States, it is fairly clear that lobbying is included in the "right of the people peaceably to assemble, and to petition the Government for a redress of grievances," as it is described in the first amendment. As the cited Wikipedia article noted in passing.
Lobbying is first amendment protected in the most obvious and fundamental sense. Bribery is not, but an implied accusation of bribery requires at least evidence of the criminal act. It almost always is hard to be sure whether campaign contributions, by far the most common referent in this context, flow to politicians because they already are known to favor the donor's position or, alternatively, because it is thought they will cause the recipient to change position (and vote) on a particular issue. In practice, it likely involves some of each, with the mix depending, among other things, on what the politician believes constituents think about particular issues (which may be distinct from what they actually believe). Including ancient and well-known practices like log rolling and spreading around of government projects further muddies things, to the point where attributing legislative voting behavior on individual votes is generally impractical. The simple model - contributions => election => legislative votes for contributors' benefit - is hard to prove except possibly in rare cases,
The fact is that elected officials stand for election, and often for reelection quite a few times after. Utah's senior senator Orrin Hatch is a fairly extreme example: first elected in 1976, he was reelected in 1982, 1988, 1994, 2000, 2006, and 2012. Given the vanishingly small number of reports of recent vote buying*, and the demonstrably rather weak relation of campaign advertising expenditure to electoral success, other factors probably determine voting behavior in many cases. Those "other factors" include political party attachment, belief about social issues that the usual suspects in campaign contribution discussions mostly don't care much about, and a large number of others, some praiseworthy and others decidedly not.
* "Vote buying" also is generally unenforceable, although traditionally considered effective Even in the old Chicago days when precinct committeemen passed out money (classically, $2, later a meal voucher) to induce voting, they trusted that the recipient's basic honesty and knowledge of the source would bring a vote for the "correct" candidate.
...God forbid that the average citizen has the ability to lock down their data so that spooks, spies, and government agents on fishing expeditions (or otherwise) cannot access it. After all, a citizen who can enforce their privacy rights is an enemy of the state, right?
Or to paraphrase a quote from Putin in The Hunt for the Red October "Privacy is detrimental to the well-being of society..." or something like that.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
