22 December 2005

UK+Car Movement Monitoring+Data Retention Act = Dystopia

Dystopia: A dystopia (alternatively, cacotopia, kakotopia or anti-utopia) is usually seen as the antithesis of a utopian society. A dystopian society is usually characterized by an authoritarian or totalitarian form of government, or some other kind of oppressive social control. The first use of the word has been credited to John Stuart Mill, whose knowledge of Greek would suggest that he meant it as a place where things are bad, rather than simply the opposite of Utopia. The Greek prefix 'dys'/'dis' signifies 'ill','bad' or 'abnormal', whereas 'ou' means 'not'. I've always been one for privacy, and well after reading the article in the Independent Online today, and with all the recent news about the EU Data Retention act, things are starting to really bug the hell out of me. We used to live in a world where privacy really used to matter, and our affairs where left private, and people would have to go to a great deal of trouble to find out certain information about each other, and cross various legal boundries to do so. These days however, it seems that the U.K government is pushing things further and further away from that time, all in the name of terrorism! I do not support terrorism in any way, and would just like to make that clear now. I am completely against any form of terrorism and feel that more should be done to stop it affecting innocent people and children. What I am against however is governments deciding that they can do whatever the hell they like to the general population in the name of tyring to stamp out terrorism. The headline on the article I read a few moments ago is this Britain will be the first country to monitor every car journey. This gets to me at so many different levels. So they are going to be setting up cameras all over the country so that they can track the whereabouts of a vehicle at any given time, and all of these camera feeds will be linked up to a huge data centre somewhere, so that they can playback infomation at will. Here's a quote from Frank Whiteley, Chief Constable of Hertfordshire: "What the data centre should be able to tell you is where a vehicle was in the past and where it is now, whether it was or wasn't at a particular location, and the routes taken to and from those crime scenes. Particularly important are associated vehicles." So all this data is going to be stored in a central location??? So if we travel somewhere, we WILL be monitored! Hell, they'l even be able to tell us what route we took, who needs the AA's routefinder anymore? "Hello Government car survalance, how can we help?" "Hello, could you please tell me the route I took last weekend to get to Birmingham, as I'd like to go that way again?" "Certainly sir, what's your car registration details, and may I please have your postcode to verify your identity?" Due to the fact that in the UK, we are allowed access to all the infomation held about us, such as credit, criminal and medical records, will we also be allowed access to these records as well? Do they really not see the security implications with doing this? Here's a scenario for you to think about: Imagine that I want to get someone's daily route to work, for whatever reason, use your imagination on this one (think high level political figures.) So I hire a top notch hacker to gain access to the travel records stored at previously mentioned data centre, I will then have a pretty good idea of exactly what time that person will be at the corner of Smith and Jones street. The same also goes for the secure cash delivery vans that deliver money to the ATM's and banks, if I wanted to know what route they take each day/week, all I would have to do is gain access to the vans travel records over a 2 month period, and voila! So much easier that having to perform the standard manual survailance techniques, and much less of a risk of getting spotted. So will this really be helping to stamp out the current crime rate, or will it be helping it out? Couple this with the EU Directive on Privacy and Electronic Communications that states: "Under the terms of the new Directive, member states may now pass laws mandating the retention of the traffic and location data of all communications taking place over mobile phones, SMS, landline telephones, faxes, e-mails, chat rooms, the Internet, or any other electronic communication device. The new Directive reverses the 1997 Telecommunications Privacy Directive by explicitly allowing EU countries to compel Internet service providers and telecommunications companies to record, index, and store their subscribers' communications data (Art. 15 (1) of Dir. 2002/58/EC (PDF). The data that can be retained includes all data generated by the conveyance of communications on an electronic communications network ("traffic data") as well as data indicating the geographic position of a mobile phone user ("location data") (Art. 2 (b) and (c) of Dir. 2002/58/EC). The contents of communications are not covered by the data retention measures. These requirements can be implemented for purposes varying from national security to criminal investigations and prevention, and prosecution of criminal offences, all without specific judicial authorization." So, they can monitor how we get from A to B in our cars, monitor our phone calls, sms's, e-mail and chat conversations, so how much further will this extend? What's next, video cameras in our homes? That may sound a bit paranoid, but it really does seem that we're heading in that direction. As far as anything online goes, there's ways around that as we can use encryption to conceal all our online activities, but yet, we are required by the law to hand over our private keys if requested, and can be charged with not handing them over. There's currently a nice long thread going on this topic on Slashdot as well, and I have to strongly agree with falzer224563's comment, which was " That cuts it, I'm moving to America!" At least over there they don't seem to be getting as anal about the whole thing, and they seem to be the biggest terrorist target in the world. Go figure! Here's a link to a Shockwave video about what all of this government monitoring could lead to, and yes this is a reality, and if things continue the way that they're going, we may not be too far away from this. Watch video. For more info on the EU Data Rentention Policy, please see the Electronic Privacy Information Center's page. Well, I guess that's my rant over and done with today. On a lighter note this is my last day at work until the 9th Jan 2006, and I can't wait to start my leave!!!!

20 December 2005

I've gotta try this!!!!!!!!!

http://www.zorb.com/main.html Now that looks like fun! If anyone knows where to buy one of these, please let me know. I'm going to look on e-bay now ;-)

19 December 2005

2 x 0 Day exploits For Microsoft Excel!!!

So I just logged into my e-mail, and what do you know, AD [at] heapoverflow.com has just released 2x 0-day exploits for MS Excel. Both of these are NULL Pointer bugs in the application itself, and as yet AD has said that he has not notified MS of these vulns, due to the fact that they probably won't patch them anyway. ;-) Really can't say that I blame him, as MS really have been lagging behind quite a bit now, but hey, maybe one day they'll learn. Nice find AD!!

Bush Above The Law? Can You Say 1984?

So, after all that's happened with the NSA using ECHELON to snoop on US citizens, and local and internation phone calls, this turned up on one of the mailing lists that I subscribe to. Even though I don't live in the U.S, I do have some very close friends over there, and things like this really get to me. Laws are layed down for a reason, and when someone like the President of the U.S decides that these laws don't apply to him, it really shows what direction the world is heading. Below is a copy of a mail sent to the mailing list that I am on, and I couldn't have put this better. "This mailing list is putatively about cryptography and cryptography politics, though we do tend to stray quite a bit into security issues of all sorts, and sometimes into the activities of the agency with the biggest crypto and sigint budget in the world, the NSA. As you may all be aware, the New York Times has reported, and the administration has admitted, that President of the United States apparently ordered the NSA to conduct surveillance operations against US citizens without prior permission of the secret court known as the Foreign Intelligence Surveillance Court (the "FISC"). This is in clear contravention of 50 USC 1801 - 50 USC 1811, a portion of the US code that provides for clear criminal penalties for violations. See: http://www.law.cornell.edu/uscode/html/uscode50/usc_sup_01_50_10_36_20_I.html The President claims he has the prerogative to order such surveillance. The law unambiguously disagrees with him. There are minor exceptions in the law, but they clearly do not apply in this case. They cover only the 15 days after a declaration of war by congress, a period of 72 hours prior to seeking court authorization (which was never sought), and similar exceptions that clearly are not germane. There is no room for doubt or question about whether the President has the prerogative to order surveillance without asking the FISC -- even if the FISC is a toothless organization that never turns down requests, it is a federal crime, punishable by up to five years imprisonment, to conduct electronic surveillance against US citizens without court authorization. The FISC may be worthless at defending civil liberties, but in its arrogant disregard for even the fig leaf of the FISC, the administration has actually crossed the line into a crystal clear felony. The government could have legally conducted such wiretaps at any time, but the President chose not to do it legally. Ours is a government of laws, not of men. That means if the President disagrees with a law or feels that it is insufficient, he still must obey it. Ignoring the law is illegal, even for the President. The President may ask Congress to change the law, but meanwhile he must follow it. Our President has chosen to declare himself above the law, a dangerous precedent that could do great harm to our country. However, without substantial effort on the part of you, and I mean you, every person reading this, nothing much is going to happen. The rule of law will continue to decay in our country. Future Presidents will claim even greater extralegal authority, and our nation will fall into despotism. I mean that sincerely. For the sake of yourself, your children and your children's children, you cannot allow this to stand. Call your Senators and your Congressman. Demand a full investigation, both by Congress and by a special prosecutor, of the actions of the Administration and the NSA. Say that the rule of law is all that stands between us and barbarism. Say that we live in a democracy, not a kingdom, and that our elected officials are not above the law. The President is not a King. Even the President cannot participate in a felony and get away with it. Demand that even the President must obey the law. Tell your friends to do the same. Tell them to tell their friends to do the same. Then, call back next week and the week after and the week after that until something happens. Mark it in your calendar so you don't forget about it. Politicians have short memories, and Congress is about to recess for Christmas, so you must not allow this to be forgotten. Keep at them until something happens." If anyone reading this is in the U.S, stand up for your rights on this one, otherwise it won't be long before we see this sort of behaviour elsewhere in the world!