The Blog Thing

As the second country in the world (Chile beat us to it) the Dutch have amended the Telecom Law to enforce Internet Net Neutrality.

This means that ISP’s are not/no longer allowed to, for instance:

• slow down or limit certain types of traffic (think p2p traffic)
  block – or charge for certain types of traffic (think Skype, SIP, WhatsApp, etc)

There is currently one exception mentioned in the law, and that says that ISP’s can block certain types of traffic on ideological grounds, if the user specifically asks for it. This one exception is expected to be removed in yet antoher amendement, to be voted on next week.

Apart from the neutrality, the Teleocom law now also says that web site owners must specifically ask users’ permission to store non-session tracking cookies. This is thought to promote privacy.
Web site owners don’t have to do this each time a user visits, they may do so once a year.

Team Cymru, a non profit internet security research firm, has created a white paper on what is changing in the moving and availability of “digital identities” – scans of passports – and virtual money.

It’s a good paper that gives some insight in to the changing world of identity theft and money movement.

You can find it here:

http://www.team-cymru.org/ReadingRoom/Whitepapers/2010/FakeID_in_the_Underground_Economy.pdf

I came across a story that describes how a security report on the Canadian Electronic Health Records system was pulled from publication because of the many flaws found.

Reading the story, you can see that roughly same applies to the Dutch ” Electronisch Patientendossier – EPD”. Isn’t it time for the Ducth government to do as the Canadians did and order an independent security review, rather than continuously repeating that “everything will be all right”? We’ve heard that one before…

http://www.vancouversun.com/health/health+security+report+withheld/2590803/story.html

Yes folks, it’s party time!
Today is the International Privacy Day. In most European countries, the United States and Canada initiatives have been developed to give privacy the spotlight it deserves.

I don’t think we have very much to rejoice about, though. In my opinion privacy is an issue that has been put on the backburner in most “civilized” societies. Where once it was an almost holy given right, that right has been nibbled away through time, to the point where we should be really worried.
More and more people are so scared by feelings of unsafety that they are willing to give up large parts of their privacy, to receive a false sense of safety in return. When you rationalize it (read Bruce Schneiers “Beyond Fear” to help you with that), the tradeoff isn’t one I’m happy with.

The sheer number of databases, governemental and private, that hold privacy related information on any and Read the rest of this entry »

I’ve been thinking about writing about this for while now and when I heard it again today, I decided it was time.

So what did I hear? Well, to be short: “I don’t need privacy, because I’ve got nothing to hide.”.

Although I can understand the reasoning, it’s very shortsighted in my opinion.

First off all, privacy is a constitutional right, at least where I live. Privacy is not about hiding anything you’re not supposed to do, it’s about respect and maintaining dignity.

Second, if you’ve got nothing to hide, there’s no need to violate your privacy, is there?

Third, you might have nothing to hide now, because your government thinks what you’re doing is OK and really won’t use all that data they have on you against you.
But suppose in five or ten years from now a different government thinks radically different? Suddenly the things you consider to be lawfull now, are outlawed. Will you still be so pleased you gave up your given right to privacy?

So next time, carefully consider all angles before giving up any right you have, OK?

Want to read more? There’s an exelent article on the value of privacy here.

No posts for a while now; have been busy. But I just had to react to this one.
Several news sites have run stories about Google Earth being a safety hazard, because now anyone can get their hands on detailed images of otherwise classified installations around the world.

I won’t go into the debate if thats true or not. But HELLO??
The image data on Google Earth is hardly up-to-date and does nobody know that there have been commercial satellite imaging companies around for a few years now? For the right amount you can get up-to-the-minute satellite images of any location you wish. Try googling “commercial satellite images”…
So why has noone run stories about that before? Nobody knew? Come on, the same story-runners of today have been using these services for their own purposes for some time now, so that can’t be it. No, I guess some people have finally woken up and others think it makes nice headlines that sell their papers.

The point I am trying to make is that the availablity of satellite images isn’t new. The hype is. And hypes are dangerous in my opinion because they distract the attention from the real problems of this world. No terrorist needs a satellite picture of a big mall to bomb it…

People and governments (which consist of people after all) sometimes behave in strange ways, if you ask me.

After the September 11 attacks in the USA “security” was beefed up all around the world. Suddenly police officers and other security personell were visible in very large numbers. That gave us a nice and comfortable feeling, didn’t it?
Until the bombing of public transport in Spain, that is. But strangely, the same thing happened again. More visible security personell all over the world in major cities and especially in public transport environments.
Last week there was the bombing of public transport in London. And again… Well, you know by now.

Apart from that, billions of dollars, euros and whatevers have been poured into all kinds off measures that are supposed to increase security; prevent terrorist acts from occuring again. But as we have seen, these measures don’t prevent the attacks at all. Off course, they are by and large needed to prevent the public from saying “the government didn’t do anything about it” and to give the public a sense of security. I guess that these measures will stop the undetermined goons; but they won’t stop the determined terrorist.

So what’s so strange?

People tend to improve security on objects that have been proven insecure, only to divert the attention of terrorists (or thieves, hackers, etc.) to less secure objects. I doesn’t prevent very much, it just makes them seek other attack surfaces. And there are simply too many of those to secure them all.

Wouldn’t it be far more effective to pour most of those billions of that have been (and will be) spent on “visible” security measures into detective measures aimed against the funding of these individuals and mitigating damage when terrorist acts do occur?

I wish the people that have been involved in all off these attacks all the strength they need to deal with what has happened and hope that the London bombing was the last one of its kind.
But honestly, I fear that it was not.