Encryption Debate: Justice Department Lawyer Says US Needs to Present Better Data

password_protection_pixabay.jpg

The federal government needs to be clearer about the importance of accessing encrypted smartphone evidence in order to prosecute criminals, a Justice Department lawyer acknowledged Monday.

“We need to do a better job explaining how many cases are affected by this,” Kiran Raj, senior counsel to the deputy attorney general, said at a Georgetown University law school panel discussion on encryption and privacy.

Federal law enforcement officials have repeatedly warned in the last year that encryption technology built into smartphones is making it harder for investigators to monitor messages from criminal suspects and to get the evidence they need while investigating child exploitation and other crimes. They want to ensure that they can access encrypted communications during investigations, with companies maintaining the key to unlock such data.

But technology companies have called those concerns overstated, saying encryption safeguards customers’ privacy rights and offers protections from hackers and other breaches.

Critics also say the government has not made a compelling case that horrible crimes have occurred because law enforcement officials couldn’t intercept encrypted communications. Nor have officials been able to point to a significant number of cases cracked because investigators had access to a smartphone. Some of the cases that federal officials have cited have involved evidence collected from sources other than on a phone.

“Quantitatively, I’d be the first to say that we as the government need to do a better job,” Raj said. He said the fact that investigators used other means to solve a crime doesn’t mean that encrypted communication was any less of a concern.

Technology companies and law enforcement have been at odds on the encryption debate, and it’s not clear where the disagreement is headed. Justice Department officials have said they aren’t necessarily seeking a legislative fix and are instead hoping to work collaboratively with the companies.

Robert Litt, the general counsel for the Office of the Director of National Intelligence, expressed hope that some middle ground might be found. “The fact that there isn’t a 100 percent solution doesn’t mean we shouldn’t try to get a solution for as much as we can,” he said.

India Drops to #131 in UN’s Broadband Penetration Rankings

url_bar_pixabay.jpg

India has slipped in global rankings on broadband penetration but has made slight progress in the percentage of individuals using Internet in the country, according to a United Nations report.

The UN Broadband Commission released ‘The State of Broadband’ report Monday just ahead of the forthcoming Sustainable Development Goals Summit at UN and the parallel meeting of the BroadbandCommission for Sustainable Development on September 26.

The report says that 57 percent of the world’s people remain offline and unable to take advantage of the enormous economic and social benefits the Internet can offer. India ranked 131 out of 189 countries on fixed-broadband subscriptions in 2014, a drop from the 125th rank a year before.

On active mobile-broadband subscriptions, India ranked 155, a significant drop from the 113th rank in 2013. India ranked 136th in individuals using the Internet in 2014, with 18 percent individuals using the net, an improvement over the 142nd rank in 2013 when 15.1 percent individuals used the Internet.

India ranked 80 among 133 developing countries on percentage of households with Internet in 2014 with a 15.3 percent penetration as compared to the 75th rank and 13 percent penetration in 2013.

The report said that in order to connect everyone, it is vital to increase the online representation of many of the world’s languages, especially for regions and countries with high linguistic diversity such as Africa, India and South-East Asia.

“The UN Sustainable Development Goals remind us that we need to measure global development by the number of those being left behind,” said Houlin Zhao, who serves as co-Vice Chair of the Commission with UNESCO Director-General Irina Bokova.

“The market has done its work connecting the world’s wealthier nations, where a strong business case for network roll-out can easily be made. Our important challenge now is to find ways of getting online the four billion people who still lack the benefits of Internet connectivity, and this will be a primary focus of the Broadband Commission going forward,” Zhao said.

The report said 3.2 billion people are now connected, up from 2.9 billion last year and equating to 43 percent of the global population.

But while access to the Internet is approaching saturation levels in the developed world, the net is only accessible to 35 percent of people in developing countries.

The situation in the UN-designated Least Developed Countries is particularly critical, with over 90 percent of people without any kind of Internet connectivity.

In total, there are now 79 countries where over 50 per cent of the population is online, up from 77 in 2014. The top ten countries for Internet use are all located in Europe.

IT Department Working on E-Delivery of Ballots to Remote Voters

The IT department in collaboration with the Election Commission is developing an e-postal ballot system which will enable electronic delivery of ballots to remote voters.

The system is proposed to provide one-way e-delivery, wherein the ballots shall be delivered electronically to remote voters, who will then download and print the ballots, an official in Communications and IT Ministry told PTI.

Voters will then mark their choices, thereby converting the ballot to vote and seal it in an envelope. “This envelope, along with procedurally required declarations, be put into another envelope and mailed through postal system to the returning officer by post,” the official said.

The Centre for Development of Advanced Computing (C-DAC), under the Communications and IT department, is developing the e-postal ballot delivery system. At present, it is working on one-way or onward delivery of ballots but in future, it may include both ways – delivery and receipt of ballot.

The official said that it is envisaged that services voters, voters on election duty, overseas electors and any other voter notified by ECI will use the system.

Under the system, the voters shall be authenticated using two factors, namely mobile and email. “The returning officer can detect duplicate votes without losing security of the vote and voter association and can invalidate such duplicate votes even when the ballot was printed second time or photocopied by voter,” the official said.

The design developed by C-DAC will be evaluated by a committee of security experts before finally being implemented by the Election Commission (ECI). The government has in-principle approved allowing overseas Indians and personnel of armed forces to cast their votes using electronic means. As of now, only the latter is allowed proxy voting.

The ECI had constituted an inter-ministerial committee in May last year which had representatives from Law Ministry, External Affairs Ministry and Ministry of Overseas Indian Affairs and others.

The terms of reference of the committee was to examine the feasibility of different options that can be considered for facilitating voting by offshore electors.

The committee was also required to take into account the aspects of data security, secrecy of ballot in Internet voting, possibility of misuse, logistical and operational challenges.

In pursuance of the committee’s report, a panel of technical experts was constituted in February this year. The terms of reference of this panel was to help in design of IT tool to C-DAC for developing IT solution for e-postal ballot to NRI voters and services voters.

It also has to recommend the development strategy of IT application for implementation and also to monitor it.

Housing.com Acquires Plat and BigBHK

In an attempt to further expand its presence in different verticals and strengthen its product portfolio, property portal Housing.com on Sunday announced two acqui-hires – Plat and BigBHK.

Plat is an online network for agents enabling them to share real estate inventories and requirements, while BigBHK is a property management software (PMS) targeted at rental suppliers, strengthening its supply product portfolio.

With these acqui-hires, the company acquires quality talent from premier institutions such as IIT Delhi and BITS Pilani, a statement issued in Mumbai stated.

“The acqui-hires with Plat and BigBHK add immensely to our talent pool which in turn will empower our partners and consumers to better manage their property portfolio ensuring convenience and transparency. This is in line with our strategy moving forward of focusing on the core of our business,” Housing.com iCEO and COO Rishabh Gupta said.

The first step in this direction began with the launch of ‘Agents App’, a Housing agnostic product which aims to be a strong technology tool for realty agents across the country, he said.

“Since its launch, the app has received close to 10,000 downloads in less than one month. Fulfilling our endeavour of creating a robust real estate ecosystem, the new tool is slated to be a game changer in the agent market both in terms of efficiency and quality of service,” Gupta said.

With Plat, Housing.com strengthens its technology know-how to better cater to the needs of the agent community.

“This will help drive efficiencies in communications and operations such as posting leads and enhancing property showcase experience, thereby closing deals faster,” he said.

BigBHK will empower its partners to manage their property portfolios with a comprehensive web-based property management solution.

“Using BigBHK’s robust technology software, partners can streamline their realty lifecycle encompassing rental accounting, e-invoicing, record management, complaint tracking, reports, inventory management, etc,” he said.

BigBHK provides tenants access to a free platform to raise complaints, track rent dues and maintenance amount on a monthly basis. It runs successful operations across Bengaluru, Hyderabad, and Pune and is soon foraying into Chennai.

Government Plans New Body to Crack Down on Child Porn, Online Abuse

Tackling child pornography and online abuse will be the top priority of a highly sophisticated centre to be set up by the government to deal with cybercrime.

The initiative comes after an expert committee constituted to prepare a roadmap for effectively tackling cybercrime submitted its report to the Home Ministry.

According to the recommendations of the committee, there is a need to drastically reduce crimes against children and women, especially online abuse.

“These kinds of content and websites need to be monitored and blocked. The supporting laws need to be strengthened, parents need to be educated to monitor children’s activities in cyberspace and educate children about good cyber behaviour,” the committee has said in its report.

A Rs. 400-crore cybercrime control hub, to be called ‘Indian Cyber Crime Coordination Centre’ (IC4), will be set up to check all cybercrime, including child pornography and online abuse, as per the recommendations of the committee.

“Home Minister Rajnath Singh has already directed speedy implementation of recommendations of the committee,” an official said.

The government has taken seriously the issue of pornography and asked Internet Service Providers toblock over 800 sites which had child porn content.

The Supreme Court too had pulled up the government for not doing much to check child pornography. There has been almost 40 percent annual increase in cybercrimes registered in the country during the past two-three years, according to an official estimate.

The expert committee found that India lacks centralised online reporting mechanism, inadequate infrastructure for cybercrime monitoring and investigation, besides skilled cyber professionals.

Other drawbacks include challenges related to technology and research and development, lack of citizen awareness, legal and jurisdictional issues and lack of Standard Operating Procedure for cybercrime investigation.

The IC4 will have linkages with CCTNS and NATGRID, the two databases having information related to various kinds of crime and criminals. One of the priorities of IC4 will be to check attempts by international gangs to penetrate Indian government’s official communication network and hack them.

Key objectives of IC4 are: to act as a nodal point in the fight against cyber crime and as an early warning system for law enforcement agencies with active cybercrime monitoring. It will also set up an open platform for victims to raise cybercrime complaints with the protocol for resolution such as online crime reporting, to support and coordinate electronic investigations of cybercrime and assist the law enforcement agencies in criminal investigation.

“IC4 should provide all necessary technical assistance to CBI and state police on all cybercrime related issues,” the committee has said. The panel said the CBI needs to be further strengthened by improving its existing infrastructure, technology, forensic laboratory and manpower.

The CBI may continue to function as the central investigating agency for cyber crimes and collaborate with Interpol and Europol and at state level, while state police forces should undertake criminal investigation as per their jurisdiction.

The expert committee suggested enactment of a new Electronic Evidence Act similar to the UK and Singapore and regular review of existing laws. An Advance Application for Social Media Analytics may also come up to monitor social media platforms’ activities related to Ministries of Home, External Affairs, Defence and other government organisations, the committee said.

The expert group was constituted by the Home Ministry on December 24, 2014.

BharatNet to Be Put Before Cabinet Within 2 Months: BBNL CMD

lan_cable_enlarged_pexels.jpg

Government’s Rs. 72,000-crore nationwide broadband network programme BharatNet is likely to be submitted for the Cabinet approval within two months, a senior Department of Telecom official has said.

“Internal discussions are going on. We expect to place it (BharatNet) before Telecom Commission next month. If it is approved, then probably, we should be able to submit it to the concerned authorities for final approval by Cabinet within two months,” DoT Additional Secretary and BBNL Chairman and Managing Director Aruna Sundararajan told PTI.

Bharat Broadband Network Limited (BBNL) is a special purpose vehicle managing roll out of the project. A committee set up under the Telecom Ministry has remodelled the Rs. 21,000-crore National Optical Fibre Network (NOFN) started under the UPA government to connect all 250,000 village panchayats with high-speed broadband network.

Under BharatNet, there is a scope to connect urban households (by state government) with broadband speed of up to 20 megabit per second, while NOFN was limited to village panchayat-level only.

The NDA government had revised the timeline for completion of NOFN roll out by December 2016, but the committee estimates that BharatNet will be implemented by 2017-end.

“BharatNet is a new architecture. It is using a lot of other media to provide connectivity then just OFC. It also has a special purpose vehicle model where states can add value to the project… 18 states have so far agreed to set up SPVs for this project,” Sundararajan said.

The committee has recommended that in areas where household density is less than 150 and where the distance of the village panchayat from the Block headquarters is over 10km, satellite media be used to provide broadband connection.

Under the SPV model, the states would have the freedom to provide minimum bandwidths higher than 2Mbps, say 10-20Mmbps for households and 100Mbps to 1Gbps to businesses.

BBNL estimates that in the first year of implementation the project can result in the benefit of Rs. 66,465 crores.

Chinese Computer Hack Attacks Slow Ahead of Obama Summit: Reports

Major intrusions by Chinese hackers of U.S. companies’ computer systems appear to have slowed in recent months, private-sector experts say, ahead of a meeting between China’s president and President Barack Obama with cyber-security on the agenda.

Three senior executives at private-sector firms in the field told Reuters they had noticed a downtick in hacking activity.

“The pace of new breaches feels like it’s tempering,” said Kevin Mandia, founder of Mandiant, a prominent company that investigates sophisticated corporate breaches.

A point of friction in U.S.-Chinese relations, cyber-security will be a major focus of talks with Chinese President Xi Jinping this week in Washington, D.C., Obama said earlier this week.

In the same remarks, Obama called for a global framework to prevent the Internet from being “weaponized” as a tool of national aggression, while also holding out the prospect of a forceful U.S. response to China over recent hacking attacks.

Mandia has probed major corporate breaches, including those at Sony Pictures Entertainment, Target and healthcare insurers. Experts have connected some of these to a breach of classified background investigations at the U.S. Office of Personnel Management, which was traced to China.

Government-supported hackers in China may have backed off recently as Chinese and U.S. officials began negotiating in earnest over cyber-security ahead of the Obama-Xi summit.

“In my gut, I feel like the Chinese and the U.S. over the next couple of years are going to figure this out,” said Mandia, now an executive at Mandiant’s parent, FireEye Inc.

The FBI declined to comment on Friday.

The Obama administration has been weighing bringing economic sanctions against Chinese companies that have benefited from intellectual property theft. But no sanctions have been brought and U.S. companies disagree on the wisdom of such retaliation.

U.S. Assistant Attorney General John Carlin, who leads the Justice Department’s National Security Division, has scheduled a press availability on cyber-security for Wednesday in Pittsburgh.

That is the same day that President Xi is scheduled to attend an Internet industry forum in Seattle hosted by Microsoft Corp. Xi will depart the next day for Washington, D.C.

On Saturday, a Justice Department spokesman said Carlin will make routine remarks and answer questions. The spokesman said he expected U.S cyber espionage charges brought in May 2014 against five Chinese army officers would come up. The indictment alleged the officers conspired from 2006 to 2014 to hack into U.S. entities’ computers and steal information.

In July, the FBI said economic espionage cases it had handled in the preceding 12 months were up 53 percent from a year earlier, with China the biggest offender. Statistically, that period could have included a falloff toward the end.

While Mandia said his perception of a slowdown was unscientific and based on “how often my phone has been ringing,” others voiced similar views.

Stuart McClure, chief executive of Cylance Inc., a smaller cyber-security firm, said he too had noticed a drop-off in presumed Chinese attacks going back about six months.

“He has more volume” and so has a broader perspective, McClure said of Mandia. “But we have not seen the samples of attacks like we had been.”

Mandia and McClure spoke Thursday on the sidelines of the Billington CyberSecurity Summit in Washington, D.C.

Tom Kellermann, chief cyber-security officer at large security vendor Trend Micro Inc., said in an interview in New York he also had seen fewer new Chinese hacks recently, though he said one campaign that compromised U.S. defense contractors years ago might be adding new government targets.

“There’s been a consolidation in activity coming out of China,” Kellermann said. “It’s down a notch.”

A spokeswoman for security investigations firm CrowdStrike said in an email that it had not seen a significant change.

The Billington conference featured White House cyber-security policy coordinator Michael Daniel. After speaking on a panel, Daniel suggested to reporters that Chinese officials have been listening hard to U.S. complaints on economic spying.

Amazon India to Help Merchants Sell Through Own Website

amazon_packaging_reuters.jpg

Global e-commerce major Amazon today launched a new offering which will enable merchants with logistics and payment services to sell through their own website.

Using the new integrated payments and logistics offering, brands and businesses who want to sell through their own website can use ‘Pay with Amazon’ for order management and ‘Amazon Easy Ship’ for delivery and fulfillment, the company said in a statement.

Brands and businesses are looking to convert their static websites into digital storefronts and tap into the growing base of online shoppers in the country, Amazon India Vice President and Country Manager Amit Agarwal said.

(Also see:  Amazon Publishing Programme Expands to More Regions Including India)

“We have made it simple and easy for them to outsource their payments and fulfillment processes and enabled them to focus on their core business,” he added. “Amazon is committed to transforming the way India buys and sells and we are always looking for ways to help businesses that leverage India’s growing digital economy,” he said.

The integrated offering allows businesses to scale and grow their business at low operational costs by leveraging Amazon’s infrastructure.

Sellers also benefit from low shipping rates, COD and pre-paid orders, scheduled pickups, faster delivery and automated shipment tracking.

According to a EY report, India’s retail e-commerce market stood at $5.2 billion (roughly Rs. 34,252 crores) in 2014 with about 35 million online shoppers.

Microsoft tests a sweet service: Direct-shipping data for uploading to the cloud

onedrive-100527226-orig.png

One of the challenges of shifting to a new cloud storage provider is a very practical one: Uploading a lifetime’s worth of data takes forever. Microsoft’s Office 365 Import Service allows enterprises to take a shortcut: mail encrypted drives directly to Microsoft to load directly into OneDrive.

Right now, the program is someone limited: Enterprises can ship a drive to one of Microsoft’s datacenters to be uploaded into SharePoint, or just send a specific set of Outlook .PST files to Microsoft to seed an Office 365 account. During this preview of the program, the service is free.

As you might expect, though, enterprises aren’t the only ones who need to move massive amounts of data. Consumers can get locked into a cloud service for the simple reason that once data is uploaded, moving to another service involves downloading stuff locally and then reuploading it to the new service. Even if someone were willing to take the time, major ISPs like Comcast often implement so-called ‘data caps’—hard limits on the amount of data users could download and upload each month—which could thwart any big data-transfer project.

Many ISPs have temporarily suspended those caps, as competition from streaming services like Netflix, online marketplaces like Steam, and perpetual updates on Windows 10 become the new reality. But Comcast wants to reinstate data caps, and is testing fees to bypass them—which are sort of the same thing.

Shipping a drive—known as “seeding”—to a Microsoft or a Google could certainly lower the barrier to switching from one provider to another, especially if the provider itself ate the costs. Note that Microsoft requires you to encrypt the drive, so if it is lost in transit your data is theoretically safe.

Why this matters: The concept of “seeding” a backup isn’t new. Code42’s CrashPlan service used to offer the option of shipping an encrypted drive for them to load data into the cloud. (We haven’t been able to confirm if that option is still available, however.) Quick Backup, an Australian service, also offers a seeding option. Microsoft hasn’t said it will follow suit with a consumer seeding option for OneDrive. Neither has Google, for Google Drive. But for those cloud services that want to grow their business, drive seeding might be an option worth offering.

Ads based on your browsing history quietly hit Firefox’s New Tab page

firefox-mac-icon-100051847-orig.png

It’s official: Firefox is serving you targeted ads on the browser’s New Tab page now. But before you grab your torch and pitchfork, it’s not that bad.

Mozilla quietly rolled out its “Suggested Tiles” in early August, Content Services VP Darren Herman recently announced. Whilethe Directory Tile ads that appeared in Firefox in late 2014 are mere dumb display ads, Suggested Tiles tap your browsing history to show advertising that (theoretically) appeals to you.

Suggested Tiles aren’t a new Big Brother moment. They’re clearly labeled, and Mozilla doesn’t retain or share your individual user data—all Suggested Tile performance data is delivered to advertisers in aggregate, and all potential Tiles are downloaded from Mozilla’s servers in bulk based on your country and language. The decision about which specific Suggest Tiles are shown to you happens right within Firefox itself, based on your browsing history, and you personally control your browser’s user history the same way you always have.

firefox new tab data protection

This infographic explains the Suggested Tile process in detail. You can click it to enlarge it.

“With Suggested Tiles, we want to show the world that it is possible to do relevant advertising and content recommendations while still respecting users’ privacy and giving them control over their data,” Herman wrote when introducing the concept in May.

firefox ads

The impact on you at home: There’s been a firestorm brewing around these ads, but Firefox’s Suggested Tiles is advertising done right: They’re helpful without being intrusive or haphazard with your personal data. Mozilla deserves props for thinking through the entire process to make it as pro-user as possible—a rarity in the advertising world. And if you’re strongly against the idea of ads on Firefox’s New Tab page, you can disable both Suggested and Directory tiles by clicking the gear icon in the upper-right corner of the New Tab page, then selecting any option other than “Show suggested and your top sites.”Don’t be hasty to do so, however. Firefox’s share of the browser market has been slipping in recent months, and as a non-profit organization, Mozilla could really use the extra money provided by advertising tiles. True stealth modes don’t develop themselves, after all.

Some new tracking

That’s not to say that Firefox’s ads don’t collect information about you whatsoever. In order to gauge the effectiveness of Suggested Tiles, Firefox collects data about how you navigate the New Tab page, a Mozilla representative told ZDNet. Here’s everything that’s sent to Mozilla:

  • Language preference
  • Tile ID
  • How many times the Tile was displayed
  • Where in the grid of tiles a Tile was displayed
  • What interaction the user has with a Tile:
  • “Rolled over”
  • “Hovered over”
  • Pinned
  • Blocked
  • Clicked
  • Moved

“This data is associated with an IP address and is stored for a maximum of seven days, while Mozilla reports on the performance of the Tile,” the representative told ZDNet. “Then the IP address is removed from the data which is then archived. Mozilla does not create a profile of an individual over time.”

Suggested Tiles are currently active only in the EN-US version of Firefox, and the initial partners for the project—including Fortune Magazine, Quartz, the Make-a-Wish Foundation, and the Electronic Frontier Foundation—aren’t paying Mozilla for inclusion yet, so they’re marked “Suggested” rather than “Sponsored” for now.