This article, by Wired’s Ryan Singel details the FBI’s wiretapping capabilities with DCSNet, a communications surveillance network built under CALEA that sounds like it might have been advertised with the slogan, “Be the envy of other major governments”. The salient points:

- The FBI has extremely wideranging wiretapping facilities that let it log into a provider’s network; the provider turns on the tap once it receives a court order

- It’s having trouble with Skype, because there’s no central point to tap

- These digital wiretaps are more expensive than the traditional physical kind (by nearly a factor of ten) and processing the data is also considerably more expensive (all of which we taxpayers get to pay for)

- There are significant security holes inside DCSNet itself, many of which were spotted in its predecessor system, Carnivore.

wg

What is information assurance? I have my own idea. Do you have yours?

Wikipedia starts their coverage with this definition: “Information Assurance (IA) is the practice of managing information-related risks. More specifically, IA practitioners seek to protect the confidentiality, integrity, and availability of data and their delivery systems. These goals are relevant whether the data are in storage, processing, or transit, and whether threatened by malice or accident. In other words, IA is the process of ensuring that the right people get the right information at the right time.”

I suppose that’s okay. It doesn’t really match my own mental map of Information Assurance, though. When I think of Information Assurance, I think of a strategic, board level initiative that commits an organisation to certain principles. These principles are implemented through correct practice of certain disciplines, such as identity management, information security, business continuity, data privacy laws and regulations, etc. These disciplines are enabled by technologies, such as biometrics, database management and protection, correct software development practices, etc. Actually, it may not be that different to what Wikipedia writes later in its page on the subject, ‘a superset of information security’ issues.

How close is this to your views on information assurance?

I guess I’ll never be a comedian–I don’t do things in the right order.

Here’s the punchline: Safety fears over new register of all children. “It will be available to an estimated 330,000 vetted users. Some of those allowed to check records, such as head teachers, doctors, youth offender and social workers, are uncontroversial, but critics have questioned why other potential users, such as fire and rescue staff, will have access to the database.”

Erm, why is this level of access uncontroversial?
Here’s the set-up:

Five civil servants who help run the national DNA database have been suspended after being accused of industrial espionage. It is alleged they copied confidential information and used it to set up a rival database in competition with their employers, the Government’s Forensic Science Service.

A civil servant who was paid thousands of pounds to rubber stamp passport applications for illegal immigrants and a drug dealer was jailed for two years and two months today.

An internal investigation at the Department for Work and Pensions (DWP) has found that civil servants are colluding with organised criminals to steal personal identities on “an industrial scale”. Ministers have been privately warned that the investigation will show that hundreds of thousands of stolen personal details have been ripped off from official databases, often with inside help. Key personal details such as national insurance numbers can be used to commit benefit fraud, set up false bank accounts and obtain official documents such as passports.

More than 200 civil servants in the Department of Work and Pensions (DWP) have been disciplined for surfing the Web for porn during office hours. In the last eight months the staff accessed over two million pornographic images, including 18,000 involving child abuse. The Sun newspaper reports that some of the sites touted images purported to be of kids as young as 13.

Teacher arrested over child porn

And in a different case,

Teacher arrested over child pictures

And in a different case,

Royal News Princess Eugenies Teacher Arrested On Porn Charges

And in a different case,

Ex-teacher charged with sexual encounter with pupil

And in a different case,

College rocked by new sex scandal

I give up–there’s a lot more out there.

I must confess that when I first heard about SCADA-related security issues, the first thing that came to my mind was some of the hype about the Millenium bug. It just seemed a bit too convenient that the people highlighting the issues were the people selling solutions to combat it. (SCADA refers to Supervisory Control and Data Acquisition, proprietary computer control networks used in a lot of industry, such as utilities and chemical plants, etc., etc.)

But Y2K was not all smoke, of course. In addition to providing a key trigger for the Indian consultancies, it prompted a lot of thinking about IT security, and some of it is relevant to SCADA. And we need to take this to the next level of depth.

If you saw Bruce Willis in Die Hard 4.0, you saw the bad guys hijack a lot of SCADA networks in order to generate pyrotechnics and chances for the hero to get out of DC. My understanding is that this is not at all realistic (What? A Hollywood action movie not realistic?) But we need to have this vetted.

My preliminary understanding of this is that security was not built into them when they were implemented and that organisations have been slow to build them in after the fact. As some of the functionality of SCADA networks migrated onto WANS and the Internet, network owners did not build in normal security protocols to protect from snooping, hacking and the same viruses and worms that bedevil all Internet users.

How correct is this preliminary understanding?

My casual reading of the literature suggests that precautions have been advised since 1999, that groups exist to highlight best practice and stimulate awareness of SCADA security issues, and that the problem is not so dire as to require the services of balding Yank action heroes.

Am I living in a dream world? Digital Bond, a security consultancy, would probably have you think so. This article in the August 22 issue of Forbes, the American business magazine, also expresses a level of concern that goes far beyond my preliminary assessment, talking about a successful penetration of a nuclear power plant’s SCADA network. IT Security expert Bruce Schneier wrote that he didn’t think SCADA was as much of a problem now as it would be in future, but in the same blog post he linked to a March 2007 story that detailed a serious hole found in the U.S. national infrastructure. I read this shortly after I blithely wrote on the Blindside wiki that I thought the maximum impact from SCADA issues was in the present, while solutions were being developed but adopted unevenly.

So which is it? Am I living in a dream world and ignoring a serious threat? Is SCADA security being over-egged by security vendors? Is the problem going to get worse?

We could use a little help on this one, folks.

Here’s what we wrote on the wiki.

…at State of Play, Doug Thomas told the story of the mother who emailed him for advice about her son. It seems that the previous weekend she’d gotten somewhat alarmed when he spent six hours straight playing World of Warcraft. She asked him to quit the game, and when he didn’t, she came over and turned off his computer. “But we were on the *final boss*!” Her question to Thomas: What happened? Thomas replied that what she had done was turn off the computer at the moment when his team had reached the final challenge of the day, leaving the 39 people relying on him stranded. Oh.

My friend Barbara used to talk about the ways that games could be made more family-friendly. For example, she and her son used to argue when mealtime or bedtime came along and he simply wasn’t at a stopping place. She felt that games would be a lot less contentious in a lot of families if designers paid more attention to things like making it possible to save the game at *any* point instead of only at certain, widely dispersed points, or making pause available throughout, and so on. I thought these were all good points, and the fact that so many games were not designed this way probably has or had something to do with the average demographic of the designers.

I don’t know what the solution might have been for WoW. The mother’s response to Thomas’s answer was something like, “Isn’t six hours a long time to play a game?” Well, it is. And especially so if you’re 13 or whatever and, as teenagers often do, fail to communicate to your parent in advance exactly what it is you’re signing up for this Saturday.

There has long been a lot of belief in some parts of the computer industry that virtual worlds are the future (or an important part of it). These kinds of issues will continue to resurface. At State of Play, the design panel talked about how architecture affects human behaviour, comparing real-life examples of public spaces with the virtual ones – in one case, they showed the same world with a big, central fountain around which people congregated and then without it, with people just randomly dispersing. Designers clearly think about this when they build their worlds. But there seems to me much less thought for the way the virtual world intersects with the demands of real life. There is no offline mode for Second Life, for example, so there is no way to sit offline on a plane and read the information you’ve collected in the world even though you can save notecards and other documents. The world itself is too big to download, but I don’t really understand why there is no offline mode for your own inventory and small home space. That, of course, gives the game gods complete control over your experience at all times – there’s always a wait when you log into the world while it downloads all the software updates since your last visit.

Yesterday I asked if anyone is keeping a list of data disasters. Somebody is.

In the comments, Glyn noted that the Open Rights Group started to keep a list, documenting the disasters, as it were… Although it could use some updating, it appears.

http://www.openrightsgroup.org/orgwiki/index.php/Digital_Rights_Case_Studies”>Digital Rights Case Studies

One of the cases that keeps coming up at State of Play is the Bragg case. Bragg was a Second Life user who, as Linden Labs keeps suggesting people do, invested somewhat substantially in property in Second Life. It seems, though, that Bragg had found a way to get at Linden’s auctions of abandoned land before anyone else and buy it up very cheaply, intending then to flip the land at a profit nearer market rates.

Linden figured out what he was doing and confiscated the properties and banned him from SL. He is a lawyer. He sued in small claims court. The case has since escalated to include all sorts of damages and costs.

Reuters, which has a significant presence in SL, has been following the story. The case has been working up through the Pennsylvania courts (that’;s where Bragg lives and practices law). The Judge ruled Linden’s TOS illegal, and has refused to remove CEO Philip Rosedale personally from the case (a significant thing for company CEOs).

This case is of serious interest to the many lawyers here - it may set a precedent for how the law views virtual property. Professor Yee Fen Lim argues that property isn’t what people think it is: that *legally* property is really the rights of access and control. In that sense, virtual property is certainly property. Linden defines the property it “sells” as rental of the processor to run the sim. “As computer science that’s acceptable,” she said, “but in the legal view that means property is mere illusion.”

For Bragg, of course, the point is that he invested quite a bit of real money which has now been confiscated. In later panels, a number of commentators thought that Linden’s actions were not reasonable. Abrahams said that under Australian law Bragg would win. Today’s law workshop talked about how unfair and one-sided EULAs and TOSs are, and argued that Linden’s more rational response would have been to say, yeah, loophole in our system, we fix, we refund your money, maybe you can keep one property. But at the moment all virtual worlds are owned by companies who create all the laws, some by contract (TOS), some in code, some by emerging community standards.

wg

Via the BBC: “US job website Monster.com has suffered an online attack with the personal data of hundreds of thousands of users stolen, says a security firm.
A computer program was used to access the employers’ section of the website using stolen log-in credentials. Symantec said the log-ins were used to harvest user names, e-mail addresses, home addresses and phone numbers, which were uploaded to a remote web server.”

Oops. Is anybody keeping score on these things? It’d be great to be a journalist covering this subject. Write the story once, use search and replace on the company name, hit submit.

If this is happening to companies that live or die based on their security, what do we expect to happen in situations (such as some government applications) where security is a ‘tick the box’ annoyance? Don’t get me wrong, a lot of people in government are passionate about information security–but by no means is it universal.

What are the possible consequences? Well, the story continues: “The program used to access Monster.com user data was a Trojan, which are commonly used to gain access to bank details, usernames and passwords. More than 8,000 new variants of Trojans are found each month, according to internet security specialists Sophos.

Last year, a British nurse was blackmailed by hackers who had used a Trojan to access her personal e-mails. They threatened to reveal personal details unless she paid them.

I previously wrote about my concerns regarding the UK government’s readiness to begin construction of a National Identity Programme. Perhaps because it’s August (couldn’t possibly be the quality of my writing, right?), I only got one comment.

But what a comment. Dave Walker, perhaps known to you as author of Dave’s Bit Bucket, wrote, “…never mind the sheer throughput the system will have to have, especially at biometric enrolment / renewal time; see some advanced thinking on this at http://blogs.sun.com/davew/entry/more_national_id_card_food .” I hope he won’t mind my liberal quoting of his post (okay, downright theft, but in a good cause, you see). “While I’ve been somewhat sceptical about the usability of biometrics for some time now, the session was well worth attending. As well as having representation and presentation from staff-who-must-remain-nameless at the Home Office, we were fortunate enough to have Professor John Daugman (whose principal claim to fame is the characterisation of the analysis and transforms needed to authenticate people by iris recognition) presenting on issues he has regarding the N-to-N biometric comparison which is required at biometric registration time. An N-to-N comparison is needed to ensure that a person can’t turn up on one day with one set of papers and get an ID card, and turn up with the following day with a different set of papers, and get a second and different ID card.

Daugman has his head screwed on properly, and then some. While the paper he presented doesn’t appear to have made it to the web yet, he calculates the number of biometric comparisons which need to be made at biometric enrolment time for the proposed UK National ID card to be - for a database of 45 million principals, ie the UK adult population - around 10^15 to ensure biometric non-duplication. 10^15. Ouch.

He cited the example of the UAE biometric database, which makes 14 billion comparisons daily - this is 1/5000th the size of what woud be needed for the UK National ID Card system.

Of course, any check other than enrolment is a straightforward 1-to-1; a person presents a credential to an appropriate officer, the biometric on the credential (or stored in some database) is checked against the individual’s stored biometric as mapped to their credential, and the match between the ID and the biometric is either accepted (at which point, the credential’s presenter is validated) or rejected (at which point, the presenter of the credential is subject to whatever due process of law). Still, the inability to eliminate the single N-to-N comparison required, makes enrolment very big hill to climb.”

Skype has blamed its system-wide outage on Microsoft Patch Tuesday - all those computers being auto-patched and then restarted and then logging back into Skype consumed all the system’s resources.

There are so many Blindside issues there we can do them for you wholesale:

- single time of patching for billions of machines (Microsoft)

- software integrity issues (Skype)

- limits of self-healing ability of P2P when too many nodes out (supernodes, perhaps?)

- the road to service outage is paved with everyone’s best intentions

- increasing perception that patching can be dangerous, deterring users from doing it…

wg