Daily Archives: November 29, 2016

DOJ defends new cyber snooping regulations

Posted on November 29, 2016 | Leave a comment

digital_fingerprintThe Department of Justice calls them procedural changes that will help the government to pursue child pornographers who use cybertechnology to conceal their identities. Opponents say they are substantive and troubling changes that will vastly expand the government’s ability to spy on innocent Americans.

The changes in question are amendments to Rule 41 of the Federal Rules of Criminal Procedure, which deals with the issuance of warrants and protocols for searches and seizures. Barring congressional action, the amendments take effect on Dec. 1.

The amendments have been under debate for the past three years and are designed to address the thorny question of which court has jurisdiction to issue warrants in cases where suspected cybercriminals are using tools such as Tor or virtual private networks to conceal their identities and locations. Journalists, human rights activists and law enforcement officials also use such tools for legal purposes.

The amendments would allow the issuance of a single warrant to potentially search millions of computers suspected of being infected by botnet malware.

The Justice Department has been posting a series of blogs in support of the new rules.

“When a child abuser has successfully anonymized their identity and location online, investigators do not know where the abuser’s computer is located,” Assistant Attorney General Leslie Caldwell wrote in a recent blog post. “So in those cases, the [existing] rules do not clearly identify which court the investigators should bring their warrant application to.”

In another post, Caldwell argued for using a single warrant to search multiple computers in different locations that are suspected of being infected by a botnet.

“The Rules [of criminal procedure] as currently written (and as conceived in 1917) would require the investigators to apply simultaneously for identical warrants in all 94 judicial districts in America — a severe impracticality if not impossibility,” he wrote.

Privacy advocates and some lawmakers are trying to block what they see as a green light to access the personal devices of millions of Americans on the mere suspicion that they are infected with botnets.

In October, a bipartisan group of 23 members of Congress signed a letter to the attorney general asking for clarification on how the Justice Department will notify individuals whose computers are infected with botnet malware, how it will conduct searches or “clean” such computers without collateral damage and how the principle of probable cause will be applied to “justify the remote search of tens of thousands of devices.”

The Electronic Frontier Foundation also has been a vocal opponent of the changes. “The amendment to Rule 41 isn’t procedural at all,” EFF Activism Director Rainey Reitman wrote earlier this year. “It creates new avenues for government hacking that were never approved by Congress…. Congress should reject the proposal completely.”

The Justice Department released another blog post on Nov. 28 to respond to criticisms of the amendments.

“The pending amendments do not authorize the government to undertake any search or seizure or use any remote search technique that is not already permitted under the Fourth Amendment,” the post states. “The amendments neither endorse particular searches as reasonable, nor do they in any way change the traditional constitutional, statutory, and prudential factors the department relies on to determine whether to seek a warrant. They simply identify the appropriate court to ask.”

But that response has not satisfied critics, including Sen. Ron Wyden (D-Ore.), who co-sponsored legislation that would block the Rule 41 amendments from going into effect. Although his office acknowledges it is an uphill battle to pass any legislation before the rules take effect, he and others remain committed to blocking or amending the changes.

In a recent statement, Wyden said Justice officials have failed to provide details on how they intend to hack potentially millions of devices under a single warrant.

“[That] should be a big blinking warning sign about whether the government can be trusted to carry out these hacks without harming the security and privacy of innocent Americans’ phones, computers and other devices,” he said.

Leave a comment

Posted in Cyber Security, Hacking, Law Enforcement, Security

Tagged , ,

Part 1: What is a Bitcoin and how does it work?

Posted on November 29, 2016 | Leave a comment

So I’ve been asked several times in the past couple of weeks, what is a Bitcoin and how does it work?

Bitcoin is a form of digital currency, created and held electronically. No one controls it. Bitcoins aren’t printed, like dollars or euros – they’re produced by people, and increasingly businesses, running computers all around the world, using software that solves mathematical problems.

It’s the first example of a growing category of money known as cryptocurrency.

What makes it different from normal currencies?

Bitcoin can be used to buy things electronically. In that sense, it’s like conventional dollars, euros, or yen, which are also traded digitally.

However, bitcoin’s most important characteristic, and the thing that makes it different to conventional money, is that it is decentralized. No single institution controls the bitcoin network. This puts some people at ease, because it means that a large bank can’t control their money.

Who created it?

A software developer called Satoshi Nakamoto proposed bitcoin, which was an electronic payment system based on mathematical proof. The idea was to produce a currency independent of any central authority, transferable electronically, more or less instantly, with very low transaction fees.

Who prints it?
bitcoins
No one. This currency isn’t physically printed in the shadows by a central bank, unaccountable to the population, and making its own rules. Those banks can simply produce more money to cover the national debt, thus devaluing their currency.

Instead, bitcoin is created digitally, by a community of people that anyone can join. Bitcoins are ‘mined’, using computing power in a distributed network.

This network also processes transactions made with the virtual currency, effectively making bitcoin its own payment network.

So you can’t churn out unlimited bitcoins?

That’s right. The bitcoin protocol – the rules that make bitcoin work – say that only 21 million bitcoins can ever be created by miners. However, these coins can be divided into smaller parts (the smallest divisible amount is one hundred millionth of a bitcoin and is called a ‘Satoshi’, after the founder of bitcoin).

What is bitcoin based on?

Conventional currency has been based on gold or silver. Theoretically, you knew that if you handed over a dollar at the bank, you could get some gold back (although this didn’t actually work in practice). But bitcoin isn’t based on gold; it’s based on mathmatics.

Around the world, people are using software programs that follow a mathematical formula to produce bitcoins. The mathematical formula is freely available, so that anyone can check it.

The software is also open source, meaning that anyone can look at it to make sure that it does what it is supposed to.

What are its characteristics?

Bitcoin has several important features that set it apart from government-backed currencies.

1. It’s decentralized

The bitcoin network isn’t controlled by one central authority. Every machine that mines bitcoin and processes transactions makes up a part of the network, and the machines work together. That means that, in theory, one central authority can’t tinker with monetary policy and cause a meltdown – or simply decide to take people’s bitcoins away from them, as the Central European Bank decided to do in Cyprus in early 2013. And if some part of the network goes offline for some reason, the money keeps on flowing.

2. It’s easy to set up

Conventional banks make you jump through hoops simply to open a bank account. Setting up merchant accounts for payment is another dauting task, beset by bureaucracy. However, you can set up a bitcoin address in seconds, no questions asked, and with no fees payable.

3. It’s anonymous

Well, kind of. Users can hold multiple bitcoin addresses, and they aren’t linked to names, addresses, or other personally identifying information. However…

4. It’s completely transparent

…bitcoin stores details of every single transaction that ever happened in the network in a huge version of a general ledger, called the blockchain. The blockchain tells all.

If you have a publicly used bitcoin address, anyone can tell how many bitcoins are stored at that address. They just don’t know that it’s yours.

There are measures that people can take to make their activities more opaque on the bitcoin network, though, such as not using the same bitcoin addresses consistently, and not transferring lots of bitcoin to a single address.

5. Transaction fees are miniscule

Your bank may (most likely) charge you a fee for international transfers. Bitcoin doesn’t.

6. It’s fast

You can send money anywhere and it will arrive minutes later, as soon as the bitcoin network processes the payment.

7. It’s non-repudiable

When your bitcoins are sent, there’s no getting them back, unless the recipient returns them to you. They’re gone forever.

So, bitcoin has a lot going for it, in theory. But how does it work, in practice? Stayed tuned for more tomorrow.

 

Leave a comment

Posted in Big Data, Cyber Security, Public Cloud, Security, Technology

Tagged ,