[liberationtech] Defending Dissidents from Targeted Digital Surveillance

[Yosem Companys]

The seminar below shouldbe available on live stream:

https://www.youtube.com/watch?v=ytcsTzfRVqw




> From: Bill Marczak 

 *Title:* Defending Dissidents from Targeted Digital Surveillance
 *Speaker:* William R. Marczak
 *Advisor:* Prof. Vern Paxson

 *Date:* Friday, Dec 09, 2016
 *Time:* 12PM - 1PM
 *Location:* 205 South Hall, UC Berkeley
 *Food:* Light lunch
 *RSVP requested:* https://docs.google.com/forms/
 d/e/1FAIpQLSfSeROEo6bOTvNzZw6KTf--Lgr5-yP5TFcpT0qY66x9foyHtg/viewform

 *Abstract:*

 Computer security research devotes extensive efforts to protecting
 individuals against indiscriminate, large-scale attacks such as those used
 by cybercriminals, and protecting institutions against targeted cyber
 attacks conducted by nation-states (so-called “Advanced Persistent
 Threats'').  Where these two problem domains intersect, however---targeted
 cyber attacks by nation-states against individuals---has received
 considerably less study.

 In this talk, I will first detail my efforts to characterize this
 space, based on analysis of an extensive collection of suspicious files and
 links targeting activists, opposition members, and nongovernmental
 organizations in the Middle East over a period of several years.  I will
 present attack campaigns involving a variety of commercial “lawful
 intercept” and off-the-shelf tools, and explain Internet scanning
 techniques I used to map out the potential broader scope of such activity.
 Based on these first efforts, I will present the results of my IRB-approved
 research study involving in-depth interviews with 30 potential targets of
 abusive surveillance in four countries.  The results give insight into
 potential targets’ perceptions of the risks associated with their online
 activity, and their security posture.  Based on my study results, I will
 propose Himaya, a defensive approach I developed that readily integrates
 with targets’ workflow to provide near real-time scanning of a subject’s
 email messages to check for threats.  I will explain Himaya’s architecture
 and provide preliminary data from its beta deployment.

>>>
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] IGF Day 2 update

[Yosem Companys]

From: Joly MacFie 

Third day in in Guadalajara and things are now truly under way after the
official opening session last night. Speakers included Larry Strickling -
https://youtu.be/PwQQQLcCq_I?t=3257 and Kathy Brown -
https://youtu.be/PwQQQLcCq_I?t=3618 Kathy has published  a statement at
https://www.internetsociety.org/news/igf2016-internet-society-urges-all-internet-stakeholders-find-coherent-voice-key-issues

Diplo session reports can be found at
http://digitalwatch.giplatform.org/events/11th-internet-governance-forum

ISOC publishes a very handy guide which includes the sessions where our
staff are speaking- today's edition -
http://www.internetsociety.org/blog/public-policy/2016/12/day-2-collaboration-and-community-igf-2016
I have been grabbing some (but not all) - transcripts - they are at
http://isoc-ny.org/igf16/


Lastly the quicklinks:

Schedule: https://igf2016.intgovforum.org/
Webex: https://igf2016.sched.org/info
Webcasts: http://www.igf2016.mx/multimedia.php
Videos: https://www.youtube.com/user/igf/videos
  






--
---
Joly MacFie  218 565 9365 Skype:punkcast
--
-
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] IGF Daily 2 - Reporting from the 11th Internet Governance Forum

[Yosem Companys]

From: Marilia Maciel 

Please find below the IGF daily
,
with a summary of what was discussed in IGF day 1, data analysis of
transcripts and an interview with ISOC's president Kathy Brown. The IGF
daily is developed by Diplo Foundation and the Geneva Internet Platform,
with the support from ICANN, ISOC and the IGF Secretariat.

You will find the previous issue with highlights from IGF day 0 here
.

All the best wishes,
Marilia
-- 

*Marília Maciel*
Digital Policy Senior Researcher, DiploFoundation

WMO Building *|* 7bis, Avenue de la Paix *| *1211 Geneva - Switzerland
*Tel *+41 (0) 22 9073632 *| *
*Email*: *maril...@diplomacy.edu * *|** Twitter: *
*@MariliaM*
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] E-Voting

[Richard Brooks]

With all these discussions too often vote selling
is overlooked. If I can vote from an insecure location,
I can vote in front of someone paying me $100 to
vote as they want.

On 12/07/2016 09:24 AM, Rich Kulawiec wrote:
> On Fri, Dec 02, 2016 at 02:26:49PM -0500, Andres wrote:
>> Rich, the article you link to talks about the risk of one individual voting 
>> machine being tampered with.
> 
> I think you missed the point Schneier was making.  It's NOT about one
> individual voting machine, it's about attacker budgets.  Look at the
> big picture, not the small one he used to illustrate the point.
> 
> An attacker with a $100M budget (a conservative estimate in 2004, now
> clearly only a fraction of that available) isn't going to use it to
> attack just one voting machine: that'd be a poor return on investment.
> A 2016 attacker, who could have a budget an order of magnitude larger,
> would likely attack in a systemic, distributed -- and subtle -- fashion.
> 
>> When voting online you can use any hardware (PC, Mac, Linux, iPhone
>> or Android phone, public or private) to vote and later verify your vote.
> 
> That last part ("...later verify your vote") disqualifies the system
> from use.  This is a well-known problem with election systems (electronic
> of otherwise): if you can verify your vote at some later point, then
> so can someone else.  And if someone else can verify your vote, then
> you can be induced (willingly or otherwise) to vote as directed.
> 
> And even if that's addressed, there's a massive problem with this approach,
> or ANY approach that allows voters to use their own computing systems.
> End-user systems are compromised in enormous numbers.  This is a well-known
> problem that's been discussed at length for much of this century, e.g.:
> 
>   Vint Cerf: one quarter of all computers part of a botnet
>   
> https://urldefense.proofpoint.com/v2/url?u=http-3A__arstechnica.com_news.ars_post_20070125-2D8707.html=CwICAg=Ngd-ta5yRYsqeUsEDgxhcqsYYY1Xs5ogLxWPA_2Wlc4=V-iMGiA8Z-z_leHLkLSzXQ=qMImdh9SPdSh0J1lYvW6lT4Efp8_E0PG25r-1X0yqnY=uc0iCxMO3Cofo8KoWjuvBByD54w0bAmxBXLjanHMkII=
>  
> 
> When Cerf made that estimate, I thought -- based on my own research and
> consultation with others doing similar work -- that it was too high by
> perhaps 25% to 50%.  With the benefit of hindsight, I think he was right
> and I was wrong.  Given the passage of time since then, the numbers are
> undoubtedly far higher.  (Doubly so since nothing truly effective has
> been done to reduce them or even slow down the growth rate, and many
> things have happened to make the situation much, much worse.)  I suspect
> that the number of compromised systems is probably ten times what it was
> ten years ago and no doubt the mass deployment of IoT devices with horrible
> (or no) security will make this even worse.  And if various governments
> are successful in forcing vendors to build in backdoors, it will get
> MUCH worse in a big hurry.
> 
> Why does this matter?  Because (as I've said ad nauseum) if someone else
> can run arbitrary code on your computer, it's not YOUR computer any more.
> 
> If your phone is compromised, and you use it to vote, and you later
> use that phone to verify that your vote was cast as you think it was,
> how do you know that what you're seeing on the screen is correct?
> Why couldn't the same malware that redirected your vote from candidate
> A to candidate B also show you that you voted for candidate A?  (That isn't
> a particularly challenging software problem given that the former has
> been solved.)
> 
> Remember: it's not your phone any more.  It's theirs.  You may walk
> around with it, you may use it, but you don't own it.  Not any more.
> So why would you expect someone else's phone to behave as you think
> or believe or want it to?
> 
> Does that malware exist?  I don't know.  But I do know that if a
> sizable enough population starts using their phones to vote, it WILL
> exist, because it will become worth someone's effort.  (And by the way:
> this will require far less than even the small $100M budget from 2004.)
> 
> Substitute "tablet" or "laptop" or "smart home IoT device" or "desktop"
> or whatever without loss of generality for "phone". 
> 
> Any voting system which allows voters to use their own computing devices
> is fatally flawed and must be dismissed, with prejudice, immediately.
> 
> ---rsk
> 


-- 
===
R. R. Brooks

Professor
Holcombe Department of Electrical and Computer Engineering
Clemson University

313-C Riggs Hall
PO Box 340915
Clemson, SC 29634-0915
USA

Tel.   864-656-0920
Fax.   864-656-5910
Voicemail: 864-986-0813
email: r...@acm.org
web:   http://www.clemson.edu/~rrb
PGP:   48EC1E30
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by 

Re: [liberationtech] E-Voting

[Rich Kulawiec]

On Fri, Dec 02, 2016 at 02:26:49PM -0500, Andres wrote:
> Rich, the article you link to talks about the risk of one individual voting 
> machine being tampered with.

I think you missed the point Schneier was making.  It's NOT about one
individual voting machine, it's about attacker budgets.  Look at the
big picture, not the small one he used to illustrate the point.

An attacker with a $100M budget (a conservative estimate in 2004, now
clearly only a fraction of that available) isn't going to use it to
attack just one voting machine: that'd be a poor return on investment.
A 2016 attacker, who could have a budget an order of magnitude larger,
would likely attack in a systemic, distributed -- and subtle -- fashion.

> When voting online you can use any hardware (PC, Mac, Linux, iPhone
> or Android phone, public or private) to vote and later verify your vote.

That last part ("...later verify your vote") disqualifies the system
from use.  This is a well-known problem with election systems (electronic
of otherwise): if you can verify your vote at some later point, then
so can someone else.  And if someone else can verify your vote, then
you can be induced (willingly or otherwise) to vote as directed.

And even if that's addressed, there's a massive problem with this approach,
or ANY approach that allows voters to use their own computing systems.
End-user systems are compromised in enormous numbers.  This is a well-known
problem that's been discussed at length for much of this century, e.g.:

Vint Cerf: one quarter of all computers part of a botnet
http://arstechnica.com/news.ars/post/20070125-8707.html

When Cerf made that estimate, I thought -- based on my own research and
consultation with others doing similar work -- that it was too high by
perhaps 25% to 50%.  With the benefit of hindsight, I think he was right
and I was wrong.  Given the passage of time since then, the numbers are
undoubtedly far higher.  (Doubly so since nothing truly effective has
been done to reduce them or even slow down the growth rate, and many
things have happened to make the situation much, much worse.)  I suspect
that the number of compromised systems is probably ten times what it was
ten years ago and no doubt the mass deployment of IoT devices with horrible
(or no) security will make this even worse.  And if various governments
are successful in forcing vendors to build in backdoors, it will get
MUCH worse in a big hurry.

Why does this matter?  Because (as I've said ad nauseum) if someone else
can run arbitrary code on your computer, it's not YOUR computer any more.

If your phone is compromised, and you use it to vote, and you later
use that phone to verify that your vote was cast as you think it was,
how do you know that what you're seeing on the screen is correct?
Why couldn't the same malware that redirected your vote from candidate
A to candidate B also show you that you voted for candidate A?  (That isn't
a particularly challenging software problem given that the former has
been solved.)

Remember: it's not your phone any more.  It's theirs.  You may walk
around with it, you may use it, but you don't own it.  Not any more.
So why would you expect someone else's phone to behave as you think
or believe or want it to?

Does that malware exist?  I don't know.  But I do know that if a
sizable enough population starts using their phones to vote, it WILL
exist, because it will become worth someone's effort.  (And by the way:
this will require far less than even the small $100M budget from 2004.)

Substitute "tablet" or "laptop" or "smart home IoT device" or "desktop"
or whatever without loss of generality for "phone". 

Any voting system which allows voters to use their own computing devices
is fatally flawed and must be dismissed, with prejudice, immediately.

---rsk
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.