Noteworthy news on the privacy front:
By Lisa Klein, Courthouse News Service:
Facebook violated its users’ privacy to acquire the largest privately held stash of biometric face-recognition data in the world, a class action claims in Chancery Court.
Lead plaintiff Carlo Licata claims Facebook began violating the Illinois Biometric Information Privacy act of 2008 in 2010, in a "purported attempt to make the process of tagging friends easier."
Through its "tag suggestions" program, Facebook scans all pictures uploaded by users and identifies any Facebook friends they may want to tag, according to the April 1 lawsuit in Cook County Court.
Facebook got its facial recognition technology from the Israeli company Face.com, which Facebook later bought. Face.com is not a party to the lawsuit.
I wrote this back in 2013, but not much has changed for encryption level standards – these are still best sources I can find. So I’m reprinting an old post in the hopes of propagating better information.
This question is getting asked a lot, and the answers you see out in the public sphere of the internet range from pathetically underwhelming to just plain wrong in some cases. So this is my attempt to point people in the right direction. When you do see people who know what they are talking about discussing security the talk can turn towards holy wars, philosophical rabbit holes, or just become so overburdened with acronyms that a layman has to give up. So I’m going to point you to some concise and comprehensive web documents to help solve the problem.
Disclaimer: I’m not an authority, nor am I speaking for my employer, or any other group; this is entirely my own humble opinion.
You must use a combination of security protocols, practices, and standards to truly secure your data and network into the next decade. The brute force hacking ability available to individuals has been greatly extended and enhanced the past few years. By strapping together a high-powered computer and some high-powered video cards hackers can have the power of one of yester year’s supercomputers in their hands without spending the equivalent of a small nation’s budget to get there. Everything, including the methods in the links I’m going send you to, is theoretically hackable given enough computing horsepower and time. Your task is to make the time and horsepower curve too steep for hackers anytime in the immediate future and to persistently upgrade as these methods and standards evolve.
The first stop is Cisco and their next generation encryption white paper. Pay attention to the tables in the document first – upgrading to the recommended Next Generation encryption levels is best, but where circumstance, budget, or hardware capacities prevent that you should go to the “acceptable” levels, and if even that’s not possible, then at least try to meet the minimums in appendix A at the bottom and then add some controls to protect or mitigate your weakly encrypted data. Pay the most attention to tables one and two, which are pretty self-explanatory, and please read the caveats in the text, the heavier overhead encryption methods can cause hardware and software processing overload if you don’t engineer to right capacity. Also note that there’s an NSA paper linked if you need to see what’s needed for Government encryption security.
Next stop is the National Institute of Standards & Technology PDF http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf – this document tells you what our best standards body thinks. At this link you will find many NIST PDFs on most security processes, recommendations, and standards that you might care about including Key Generation & Handling.
The next stop is W3C - since so much of what we do is web centric, it’s very important to make sure Developers are securing data locally, through web encryption standards, and for cross site vulnerabilities. If you are following modern web standards then you’ll be using a bit of XML to share data & you will find sub links for encrypting XML as well as other protocols, and since it’s important to follow standards to prevent hacking, you should use the W3C validation tools against your pages regularly.
All of this is for naught however if you don’t layer your security – encrypting is just one part of protecting data. You must also consider physical layers, process deterrents, and prevention of social engineering attacks. When all is said and done remember that you must still be able to work – don’t make yourself so secure that you can’t.
Here are some more Spring time photos.
Here’s a great Berkman panel discussing Bruce Schneier’s new book, and zig-zagging back and forth on which is worse – big data, or big government snooping.
via Bruce Schneier’s Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World – YouTube.
The overnights and mornings here have been cold, dipping to near freezing, but our days have been temperate and things are growing. The hillsides are reaching that green haze point – that day when they seem to have a green nimbus around those bare grey branches – and shortly after all turns green and half the houses in Lenexa will become invisible again behind their screens of leafy trees.
Here’s a photo gallery of some of those signs of Spring:
Here’s a great view from the other side of the moon, courtesy of NASA and the Lunar Reconnaissance orbiter.
Here in Kansas we are experiencing signs of Spring, buds appearing on trees, snow melted, and yesterday I got my first chigger bite.
The other day I saw someone online boast about how they knew some obscure English etymology fact as they proclaimed that they ‘didn’t even have to look it up!’ Their pride in their knowledge of a trivial fact was a revelation for me: my generation usually takes great pride in their knowledge of facts, as if knowing something obscure were of value by itself. However does knowing facts matter as much in this day and age, and does knowing more facts than your neighbor make your life better anymore than having more beer caps would?
Before you automatically object, please take a moment to weigh some values against the facts you treasure.
First – Is it better to know things, or is it better to know how to know new things? Is it better to commit things to memory, or is it better to commit patterns, learning tools, logic, faces, friends, beautiful moments, and art to memory? Is the knowledge that you have as important as the journey to gain it?
Second – Any bare fact in and of itself is pretty trivial – and gaining that fact is more trivial still. This thudded home to me with great force on my last vacation as I watched a couple unfold a map, and pore over it, trying to find some location. Meanwhile their teen kept trying to interject and they kept hushing her. It took the teen pushing her phone screen with a pinpointed map on it in her parents face for them to recognize that she had just asked her phone and found the spot they’d both been arguing over and trying to find for ten minutes. She’d done it in seconds.
Third – Our memories are fallible, and we all have built in biases. These are inescapable conditions of being human. What we think we know is sometimes wrong. e.g. My wife tells me I’m wrong a lot. I think it was Socrates who said something akin to “The unexamined life is not worth living” so why don’t you examine your assumptions and “knowledge” on occasion?
Fourth: Our biases aren’t all socially evolved conditions of being human, some are built in by purposeful lies. That’s known as propaganda, and propaganda is driven by fear and hate. Propaganda only works with the ignorant, or the with the willfully ignorant.
Fifth: Your human perceptions are also flawed, maybe that song’s not really about a cross-eyed bear. (mondegreen – you could look it up.)
So why think you know some fact, or take a guess, when instead you can just ask Google, Siri, Alex, or even Bing? Why not double check even if you think you know? When I thought I knew the quote author above I was a bit wrong…. Yes, it was Socrates sort of, but only as paraphrased by Plato’s recollection of his speech at his trial. I just learned something new that I thought I already knew. So there’s the power of augmenting your intelligence. Finding that out was as simple as asking my pad.
Perhaps to my generation facts are of more value simply because of the efforts you had to go to just to obtain them – as my many trips to the library for my high school debate team attest to… nowadays finding things out has become trivial with all of the online data tools and search engines that we have at our beck and call.
In this millenium why shouldn’t you Google, ask Siri, or Alexa, almost anything just to double check? Why wouldn’t you augment your intelligence with the biggest brain and knowledge base on the planet: the Internet? Please take a New Year’s resolution to start asking Google and Siri more, start augmenting your feeble human intelligence, in this coming year stop handicapping your brain friends. Be not proud of what you know – instead be proud that you are smart enough to look it up.
Crossposted to LittleGreenFootballs.com .
A stunning collection of several timelapse photo series taken from the ISS.