September 2013 - Page 2 of 3 - The Privacy Post

0

NSA & The Rise of Cryptography

Posted by on Sep 16, 2013

You might think that the NSA would back off of their rampant citizen spying programs after the enormous international backlash against the PRISM program. Unfortunately, it doesn’t seem that assuaging public rage is on the NSA’s docket. Recent revelations published by the Guardian indicated that the NSA and UK’s GCHQ have continued to broaden digital espionage programs. Privacy advocates are fighting back through legislation, but the best way to protect your digital rights in the meantime is to exclusively upload to a secure cloud provider that offers both data privacy and user anonymity.

NSA & Cryptography Image from fcw.com

According to files published by the Guardian, the NSA spends over $200 million annually on a programs which seeks to “covertly influence” technology product designs. Additionally, the NSA has allegedly been involved in a decade-long program that enabled Internet cable taps. Over in the UK, a GCHQ team is developing a way to crack the encryption efforts of Facebook, Google, Yahoo, and Hotmail. In a leaked GCHQ document from 2010, the joint intent to crack encrypted data was made public. The document states, “For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used Internet encryption technologies. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.” This has troubled both privacy advocates and libertarians that feel their digital rights are being infringed. According to Bruce Schneier, Harvard fellow at the Berkman Center for Internet and Society, “Cryptography forms the basis for trust online. By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet.”

Bruce Schneier photo from Wired.com

Cryptography researcher Matthew D. Green of Johns Hopkins University agrees that attempting to build and implement such backdoor spying programs is dangerous. According to Green, “The risk is that when you build a back door into systems, you’re not the only one to exploit it. Those back doors could work against U.S. communications, too.” Other countries and spies could use these programs against our own national interest, especially given that the Snowden and Manning Leaks show that the government doesn’t quite have a good handle on its sensitive data. As law professor James Grimmelmann says, “Start from the point that if the NSA had competent security, Snowden wouldn’t have been able to do a tenth of what he did. You give sysadmins privileges on specific subsystems they administer. And you do not give them write access to the logs of their own activity. The NSA should be grateful that Snowden got there first, and not the Chinese.”

Other privacy advocates and cryptographers feel disheartened, as all of this just seems like a regurgitation of the same played out debates over the NSA Clipper Chip encryption back door program proposed in the 1990s. Cryptographer and SSL protocol designer, Paul Kocher, expressed his frustration with the current debacle. In regards to the NSA’s attempts at creating an encryption backdoor, he said, “And they went and did it anyway, without telling anyone. The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort. This is the golden age of spying.”

Snowden’s NSA Cryptology Leak from Wired.com

This should send anyone who is scared toward proper encryption and secure cloud services. For as Edward Snowden recently asserted, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.” Along with proper encryption and exclusive storage and syncing with a secure cloud service, Bruce Schneier offered the Guardian five simple steps to stay secure despite NSA surveillance programs:

1) Hide in the network.

2) Encrypt your communications.

3) Assume that while your computer can be compromised, it would take work and risk on the part of the NSA – so it probably isn’t.

4) Be suspicious of commercial encryption software, especially from large vendors.

5) Try to use public-domain encryption that has to be compatible with other implementations.

Staying Safe With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

September 2013 - Page 2 of 3 - The Privacy Post

0

How to Protect Your Kids From Cyber Bullying

Posted by on Sep 13, 2013

Parents already have so much to contend with in the modern world when it comes to keeping their children safe. The Internet only complicates things with increased threats and the possibility of well-meaning kids unintentionally disclosing sensitive information like school names and personal addresses. As more and more kids plug in online to a wide range of social media, the rise of cyber bullying has only picked up steam. Parents and schools can proactively combat cyber bullying through strategic protocols, clearly articulated expectations, and strict penalties. And when it comes to protecting identities and photos, exclusive storage through a secure cloud service is essential.

Cyber-Bullying

Children of all ages have signed up for Facebook, Instagram, and Twitter accounts, despite age restrictions. Through these forms of social media, kids can bypass parental knowledge and permission, while offering up their sensitive info to strangers online. A photo could reveal school sites, friends’ names, and home addresses to would-be predators, while cyber-bullies have used publically posted photos to harass, blackmail, and demean children. Geotags are particularly tricky in that they can reveal the exact location of children. Another problem posed by online social networking is the blanket of anonymity that cyber-bullies hide behind.

Through private profiles or fake identities, bullies can make outrageous claims and attacks without having to worry about retribution or consequences of any kind. Such anonymous bullying has even led to suicides, as in the case of a 16-year-old that recently hung herself in response to the cruelty she experienced online from strangers. The teen had posted a simple medical question on eczema, a common skin condition, to Ask.fm. Instead of getting helpful answers, which is what the website is purportedly intended for, she received a barrage of harassment and shaming. Parents should be cautious about letting their children post to public forums, especially if bullying has been an issue in the past. And schools should establish strict guidelines for posting to forums, staying away from public sites that attract cyber-bullies in favor of protected educational sites that don’t allow students to hide behind anonymous avatars.

How Cyber-Bullying Victims Feel

Cyber-bullying has become somewhat of a buzzword as of late, but just what does this broadly applied term mean? Russ Warner of Net Nanny recently offered a description of cyber-bullying to The Huffington Post:

  • Post rumors, lies, or “dirt” about the victim in a public forum
  • Share embarrassing pictures of the victim in a public forum or through email
  • Use texts, instant messages, emails, or photos to send mean or threatening messages
  • Upload a video to YouTube that embarrasses the victim
  • Create a fake Facebook account and pretend to be the victim, but act in a negative way
  • Pretend to be the victim in a chat room, and act in embarrassing ways
  • Share the victim’s personal information in a public forum

Fundamentally, cyber-bullying is traditional bullying carried into the digital world. Much of it revolves around trying to embarrass, shame or imitate the victims.

Safe Facebook Practices

According to the Cyberbullying Research Center at the U.S. Department of Health and Human Services, 52% of students have been affected by cyber-bullying. Over 80% of youth admit that there are hardly any consequences for online bullying and about a third of children younger than 13 have experienced some sort of cyber-bullying. Kelly Sheridan at Information Week offers some suggestions for schools that parents can also implement at home.

1. Filter objectionable content and keywords.

HTTPS sites can help schools and parents catch cyber-bullies in the act.

2. Deploy URL categorization and filtering software.

Don’t let kids access sites that are notorious playgrounds for bullies and predators.

3. Application control.

Install strict privacy applications and security measures. SpiderOak is one great secure cloud service that offers private storage.

4. Stay current on trends.

Children’s taste change just as fast as the Internet so make sure you don’t fall behind the trends.

5. Implement awareness campaigns.

Some schools have shown success in eradicated unwanted bullying behavior by meeting the challenge directly through awareness campaigns.

Once kids know what your expectations are regarding online behavior and cyber-bullying, it’s appropriate to roll out consequences for failure to adhere to the policies you set forth. Successful consequences typically revolve around online use, such as the suspension of accounts or loss of Internet privileges. According to psychologist Roxana Rudzik-Shaw, “Bullying is no longer confined to the school playground, home or workplace. It is all around us in this digital age, which often feels inescapable.” One of the best ways to escape the encompassing sense of cyber-bullying is through a secure cloud service.

Parental Supervision and Protection in the Cloud

For many parents and guardians, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave their children’s data and photos wide open to theft, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy.

SpiderOak protects sensitive data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile security.

September 2013 - Page 2 of 3 - The Privacy Post

0

The Past and the Future: Taking the 4th Amendment Online

Posted by on Sep 12, 2013

The 4th Amendment to the U.S. Constitution protects citizens from warrantless searches and seizure of private property. Many civil libertarians and others across the political spectrum consider this to be one of the most important elements to the Bill of Rights. Privacy advocates have invoked the 4th Amendment in a campaign to take citizen privacy rights online for the digital age. The amendment states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Unfortunately, news of the NSA’s continued PRISM program has eradicated the public’s trust in government and reveals just how flagrantly organizations like the NSA disregard citizens’ constitutional rights. But as the legal war for online privacy rages on, be sure to protect your data and identity in the meantime by exclusively storing and syncing with a secure cloud service.

Fourth Amendment Rights

Legislators are divided as to what should be done, if anything, regarding PRISM. According to Representative Peter King (R – New York), “This is a legitimate role of government, and when we’re talking about life and death, and having lived in New York through 9/11 I know what life and death means. We cannot afford to have this become a debating society. We need decisions made quickly, yes or no, up or down, because lives are at stake.” But such aggressive attempts to curb debate only frustrate online users and create even more cause for distrust.

Former governor of New Mexico Gary Johnson recently launched an aggressive attack on such systemic breaches of citizen digital privacy, saying to New Mexico Watchdog, “My blood’s boiling and I want to keep awareness of this at a heightened level. Maybe we can get more disclosures out of this, maybe we’ll get Congress demanding more. What we’re really concerned with is the Fourth Amendment and due process,” Johnson said. “Where is the due process? Who is looking over law enforcement’s shoulder? Who is looking over the NSA’s shoulder? … This is the libertarian cause right here. Libertarians have been out there sounding the warning bell about this issue ever the Patriot Act was signed.” And Johnson is right as this push for greater transparency and constitutionality has garnered large support, unifying parties that are otherwise fiercely at odds.

Gary Johnson

Despite the public backlash, governmental institutions and courts seem to think that business as usual will suffice. Recently, the Fifth Circuit Court of Appeals upheld the right of law enforcement agencies to seize private cellphone location data from service providers without a warrant. Because such digital records have been deemed as “clearly a business record” the courts claim that no Fourth Amendment protections are in order. However, this is disingenuous at best. Warrantless tracking of car location is still protected under the Fourth Amendment, even if the car in question is driven strictly as “a business”. So it is obvious that the court’s logic doesn’t hold water. As Orin Kerr of George Washington University Law School says, “The opinion is clear that the government can access cell site records without Fourth Amendment oversight.” This sets a dangerous precedent that has gotten privacy advocates up in arms all across the digital world. According to ACLU lawyer Catherine Crump, “ This decision is a big deal. It’s a big deal and a big blow to Americans’ privacy rights.”

MIT’s Immersion

To see some of the information that the government has on you, check out Immersion. This new tool taps the cloud to analyze big data for an understanding on what relationships your Gmail account reveals. And that’s just part of what the NSA can see with their notorious PRISM program. Instead of waiting on the government to update its dated privacy policies, it’s time to proactively safeguard your data from legal snoops. One of the best and easiest ways to do that is through a secure cloud service that protects data and shields your identity.

A Secure Cloud Solution

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

September 2013 - Page 2 of 3 - The Privacy Post

0

Picking Apart the EU’s Right to Be Forgotten

Posted by on Sep 11, 2013

International enterprises that rely on European businesses are stuck in a sticky situation. As the Continent turns towards debating digital privacy rights in the wake of the NSA PRISM program leaks, conflicting opinions on how to protect users have left the European Union in a messy hodgepodge of pending legislation. If enacted, such governmental legal protections might make some users more relaxed about using online services, but they still don’t offer true protection from hacking and legal snooping. The only way for enterprises to navigate this murky legal territory is to proactively guard their data, rather than relying on potential legislation. For enterprises of all sizes, SpiderOak Blue offers a range of flexible secure cloud services, from storage to infrastructure.

EU Parliament

The European Union is anything but united when it comes to what should be done regarding citizen digital privacy rights. One MEP had harsh words for America’s violation of international law in spying on the UN (as revealed through the PRISM leaks). MEP Amelia Andersdotter of the Swedish Pirate Party recently said, “I hope that they [EU nations] will have the courage to react very strongly against these revelations because ultimately damaging to the trust free market in the world that the United States is acting like this.” In reaction to such concerns, European nations and businesses are pushing for diverse solutions to the problem of digital privacy rights. One potential solution is in new EU regulations that require ISPs and telecom services to notify the government within a day of detecting a data breach. According to Ross Brewer, vice president of international markets at LogRhythm, “The barrage of data breaches that we are seeing points to an urgent need for organizations to up the ante on data protection. When these regulations were first discussed following the EC’s draft proposals in 2012, many people considered the suggested penalties and timeframes too severe. Perhaps those organizations should have seen this as a warning, and used the last 12 months to really get their ducks – or cyber defenses – in a row. Unfortunately, it seems that this did not happen.”

MEP Amelia Andersdotter

Enterprises that operate in Europe should know that strict financial penalties await those companies that refuse to cooperate with the new disclosure law. According to LogRhythm’s Ross Brewer, “As with any ongoing crisis, there comes a time when less talk and more action is needed – and it may be the case that this impending regulation will be the final call to action for those organizations still lagging behind with lax security policies, Given the well-documented sophistication and readiness of today’s cybercriminals, organizations can no longer sit idly and assume that they are immune to attack. As the risk of reputational damage and customer churn clearly aren’t persuasive enough, maybe the threat of severe, perhaps debilitating, financial penalties will do the trick. While the new regulations are fairly limited at the moment, it is only a matter of time before a universal set of rules is not just proposed, but enforced.”

Unfortunately, there still is no universal standard that enterprises can rely on. Instead, international corporations must navigate different laws that require differing levels of security and disclosure, creating the confused legal mess that many enterprises find themselves in today.

Ross Brewer of LogRhythm

Pending legislation that would enact strict new protections for EU citizen data has recently been stalled in the EU parliament until October, leaving no safeguards in place from continued programs like PRISM. Called, the Data Protection Regulation, this proposal was introduced in 2012 with the addition of a Right to Be Forgotten clause. The bill is currently being debated as some elements have raised concerns over the potential for abuse through censorship. European Union member states currently each adopt some version of a 1995 bill that protects data and online privacy. But without being updated to take into account international citizen espionage programs like PRISM, this outdated legislation does little to actually keep EU nations safe.

Staying Safe With SpiderOak

For most enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave sensitive corporate and customer data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that businesses can tailor the service to fit their needs.

SpiderOak Blue protects sensitive corporate data with strong encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data whatsoever. This way, even if programs like NSA’s PRISM continue to stand unchallenged, enterprises can rest easy knowing that their data is truly protected while earning diehard customer loyalty. SpiderOak’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

September 2013 - Page 2 of 3 - The Privacy Post

0

Snapchat Leaves Your Photos & Data Vulnerable!

Posted by on Sep 10, 2013

Most smartphone users and shutterbugs are familiar with the “private” photo app snapchat. The app allows users to send each other instant snapshots that are timed and supposedly deleted forever once opened by the intended recipient. Unfortunately, recent news shows that the mobile application can be easily hacked and that “deleted” photos are actually recoverable. This should worry both Snapchat users and parents of smartphone-savvy teens as sensitive photos and personal information could be hacked and used for exploitation and blackmail. Instead of using unsafe applications, users with sensitive photos and personal information should exclusively upload to a secure cloud that offers user privacy.

Snapchat

According to a study conducted by Gibson Security, Snapchat has a large number of glaring security gaps. The popular photo-sharing app only uses two encryption keys for all users, which are kept by the company, meaning that they must be released to the government in the case of a subpoena. According to the Gibson advisory, “Internet trolls and stalkers could use this [personal] information to harass people in real life, unmasking the anonymity and privacy Snapchat provides. The scariest part for us is the possibility of a company utilizing this exploit on a massive scale, only to sell a database of Snapchat names, phone numbers and locations to a third party. With little work, a malicious party could steal large amounts of data and sell it on a private market, and that’s highly illegal.”

Gibson Security’s Discovery

To the dismay of privacy advocates and phone photographers, Snapchat still hasn’t addressed these security concerns. As the security firm told ZDNet, “Snapchat aren’t exactly easy to get hold of,” claiming, “With a couple lines of Python, someone could view all your unread messages, and depending on the situation, modify and even replace the images completely.” The potential for blackmail and harassment is high, which makes consumers question why it is that Snapchat won’t put in the extra effort to keep their privacy safe. The Gibson study goes on further to claim that “Snapchat [uses] a fairly simple (yet strangely implemented) protocol on top of HTTP. We won’t reveal anything about the protocol, only what is needed for these problems, but the rest is easily figured out. We are privacy conscious, being users of the service ourselves.”

How Snapchats Can Be Recovered

Gibson Security isn’t the only company to find problems with Snapchat’s lack of security. Richard Hickman of Decipher Forensics showed a television reporter that his firm had restored allegedly deleted photos hosted by the app. The only response that Snapchat has given at this time is a blog post claiming “if you’ve ever tried to recover lost data after accidentally deleting a drive or maybe watched an episode of CSI, you might know that with the right forensic tools, it’s sometimes possible to retrieve data after it has been deleted.” But this is just false. With strong encryption, user-hosted keys, and the promise to delete photos from servers, the application could offer much better protections from the threat of hacking and recovered photos. Hickman claims, “The actual app is even saving the picture. They claim that it’s deleted, and it’s not even deleted. It’s actually saved on the phone.” Some, like Orem Police Lieutenant Craig Martinez, caution again using the app altogether. The officer recently advised, “Be careful what you do on your cell phone, what you put on your cell phone. Because once it’s there, chances are it’s going to be there for a really long time, even if you can’t see it.”

For parents and people that still want to use Snapchat, the company has offered a simple guide, which has been recently posted to Forbes:

  • Snapchat is not for children under 13. Children under 13 are prohibited but since Snapchat doesn’t ask for age on signup, parents or others need to report if a child under 13 is using it.
  • To send a message to someone on Snapchat you need to know their user name and add them to your “My Friends” list.
  • By default anyone who knows your username or phone number can send you a message, but you can configure Snapchat to only accept messages from people on your friends list.
  • You can block a user by finding their name in your friends list, swiping to the right on iOS or long-pressing in Android and selecting Edit.

While these precautions can be good first steps, it still doesn’t change the fact that the company does little to keep your identity and private photos safe.

Securing Photos Through SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave photos and private info wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that photos, files, and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

September 2013 - Page 2 of 3 - The Privacy Post

0

How SpiderOak Shields You From PRISM

Posted by on Sep 9, 2013

Cloud companies have been scrambling to provide consumers with guaranteed protections from hacking and legal snoops after the public fallout occurring as a result of the NSA’s PRISM program leak. As governmental organizations like the NSA continue to snoop on citizens, cloud services like SpiderOak continue to up the ante in privacy protections and data security. SpiderOak shields users from PRISM through strong encryption and the fact that only users host encryption keys. The company also recently rolled out a plan to accept bitcoin and continues to update its celebrated Crypton privacy framework.

SpiderOak & Prism

Recently, reports on intelligence budgets show that governmental agencies are ramping up efforts on citizen spying. Roughly $11 billion is allocated to the Consolidated Cryptologic Program, which Director of National Intelligence James Clapper says is part of an exploration “in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic.” The details of the program are still confidential, which has caused much justified paranoia in the online community. Google Cloud Storage is just one company that is trying to fight back against lack of public confidence following the PRISM leaks. With a 128-bit Advanced Encryption Standard (AES) and encrypted keys, the company seeks to win back consumer trust. Unfortunately, this doesn’t go far enough.

128-bit encryption is relatively weak when more secure companies like SpiderOak can offer 256-bit encryption. Furthermore, the company keeps a master encryption key that is supposedly rotated. According to Google, “We provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and we frequently push back when the requests appear to be fishing expeditions or don’t follow the correct process. When we are required to comply with these requests, we deliver it to the authorities. No government has the ability to pull data directly from our servers or network.” But this explanation falls flat on its face when considering the fact that a simple subpoena would allow the government to access files using Google’s master key. With SpiderOak, users hold their keys so that the company can’t access your data even if it was asked to by the law.

Wikipedia Security Measures

 

Another company fighting back against privacy breaches is Wikipedia. The free research site promises to protect user privacy through HTTPS security protocols. According to a statement, the company “believes strongly in protecting the privacy of its readers and editors. Recent leaks of the NSA’s XKeyscore program have prompted our community members to push for the use of HTTPS by default for the Wikimedia projects.” While this is a promising step in the right direction, it’s just one example of a company proactively doing the right thing by protecting user privacy.

SpiderOak CEO Ethan Oberman

Another way to protect privacy online is through the use of the secure digital currency, bitcoin. Very few cloud companies accept bitcoin, which makes SpiderOak’s recent efforts to allow for bitcoin payment all the more revolutionary. According to SpiderOak spokesman Daniel Larsson, “The potentially anonymous and proof-centric nature of cryptographic currencies certainly ties into our overall messaging. Based on all of the above, it seems rather natural to at least start experimenting with cryptocurrencies as a form of payment. The choice of bitcoin was easy as it is the most widely adopted cryptocurrency and is also the only one directly exchangeable for fiat (USD), should we decide that we want to move towards larger scale acceptance.” While the bitcoin program is just in its initial pilot stages, security concerns are sure to push consumers towards the private currency.

One of SpiderOak’s strongest selling points is in its privacy platform. The company’s Crypton framework allows for private storage, sync, and development. CEO Ethan Oberman says, “Previously, privacy could only live in the belly of a downloaded client which limits adoption and creates obstacles — especially as the world shifts toward the web. Now armed with a way to push privacy further into the web than previously possible, the Crypton framework can serve as a necessary cornerstone in the development and continued advancement of this new privacy platform.”

How to Guard Your Privacy & Shield Your Identity With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

September 2013 - Page 2 of 3 - The Privacy Post

1

The Economic Impact of Russia’s New Anti-Piracy Laws

Posted by on Sep 6, 2013

Recently Russia awarded NSA leaker Edward Snowden with a year of asylum. But at the same time that officials were granting the whistleblower a temporary from the U.S., the country enacted new anti-piracy laws that jeopardize online liberty, freedom of speech, and economic growth in Russia. Enterprises that work in the country or target Russian consumers should be aware of what these laws entail and how they might impact future business. And in the midst of cyber warfare, legal surveillance, and breaches of privacy, all organizations should proactively guard their data through secure cloud services. With strong encryption and a guarantee not to host encryption keys or plaintext, the secure cloud is quickly becoming the last bastion of privacy on the net.

Russian Anti-Piracy Laws

One of the recently enacted bills blocks any site that is deemed to support or aid in copyright infringement. This strict measure even applies to posting links to torrent sites like PirateBay. Nicknamed the “Russian SOPA”, the bill was ironically ushered in to law the same day that Snowden was granted asylum, indicating to what extent the whistleblower is being used by major nations for this dramatic episode of international political theatre. Other proposed legislation, such as the one sponsored by State Duma Deputy Yelena Mizulina that seeks to ban sites featuring curse words.

Another bill allegedly protects children by giving the government authority to blacklist any site with exploitative material. Critics of this proposed legislation claim that it is being used a way to handover more censorship rights to the government and that it is unclear as to what would be deemed exploitative. As Yelena Kolmanovskaya, chief editor of Yandex, says, “ The need to fight child pornography and illegal content are as important for civil society as the support of constitutional principles like freedom of speech and access [to] information.” But she adds “The proposed methods provide a means for possible abuse and raise numerous questions from the side of users and representatives of Internet companies.” But the bill’s sponsor Mizulina has harsh words for critics, claiming that “The online community initiated the need for adopting this law themselves, that’s why I’m sure not all of the online community is against it – just certain circles that can be associated with the pedophilia lobby.”

Yelena Mizulina

The reason that the demonized critics of such legislation are so strongly opposed to a bill that would purportedly protect innocent children is that there are no transparency measures or checks and balances set in place to rein in the government from censoring anything they deem unfit for public viewing. Through such legislation the government could silence dissent and usher in a new era of Russian oppression. The law allows censors to blacklist IP addresses instead of the URLs that are allegedly the source and hosts of banned content. This results in collateral damage as many sites are brought down without having committed any crimes or having anything to do with the questionable content under investigation.

As Russian reporter Alexey Eremenko notes, “About 150 websites were on the blacklist as of July 1, but another 6,800 unrelated sites fell victim to the ban because the government is using a flawed blocking mechanism… according to independent internet watchdog Rublacklist.net”. This puts enterprises at risk of Russian espionage, censorship, and even blacklisting.

Protests in Russia

The good news is that some national and international enterprises are fighting back. The top Russian global investment firm, VTB Capital sent a letter to clients regarding the law, which partially states, “The new law makes it possible to shut down unwanted Internet resources by linking any piracy video to the website and submitting a lawsuit.” Russian websites have also banded together in the thousands to deliver a petition to the Russian parliament. But instead of relying on the Russian government to get its house in transparent order, enterprises should shield their sensitive data from all sides through the secure cloud.

Secure Cloud Solutions for Enterprises

For most enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave sensitive corporate data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides SMEs and Fortune 1000s with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a hybrid cloud, so that businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and enabling a mobile workforce.

September 2013 - Page 2 of 3 - The Privacy Post

0

Catching Your Favorite Shows Inside the Cloud

Posted by on Sep 5, 2013

The state of television today varies widely depending on whom you ask. In the opinion of actor Nicholas Lyndhurst, “There used to be something every night of fantastic quality, be it a sitcom, a drama or current affairs. Now it’s maybe once a week, which is a shame. The golden age has gone.” While that might be true in regards to traditional syndicated television shows, online watching is completely changing the game. Shows like House of Cards and Orange Is the New Black have gained cult followings almost overnight with cloud-enabled online viewing. Instead of waiting around for next week’s episode and potentially losing interest, viewers can binge-watch new seasons all in one sitting. This new strategy is an attempt to stave off online piracy, which has eaten into the profits of the entertainment industry for years. But the only way to truly safeguard data from piracy is to exclusively store and sync to a secure cloud provider that offers data privacy and user anonymity.

House of Cards

Recently, Kevin Spacey addressed the audience at the Edinburgh International Television Festival. While speaking on the benefits of entertainment tax credits to local economies, the actor also touched on the necessity of moving away from the syndicated model to an instant streaming model. According to Spacey, “Clearly the success of the Netflix model – releasing the entire season of House Of Cards at once – has proved one thing: the audience wants control. They want freedom. If they want to binge – as they’ve been doing on House Of Cards – then we should let them binge.” It seems that the actor has touched on a growing revolution in television. House of Cards, a Netflix original drama, made history by becoming the first show on television to release its entire season online all at once. Netflix has already earned the business of about 1.5 million fans in the UK while the BBC’s journey into online streaming amounts to roughly 40% of its monthly viewership.

Online Media Growth

Kevin Spacey also made wave by suggesting that syndication is on the way out and that both film and television will soon adopt on-demand models. He claims that piracy will continue until the industry makes the switch. According to Spacey, “Why is Game of Thrones the most pirated show in the history of TV? Because people can’t get it fast enough, that’s why. I believe if you go to a movie theatre and you see something you think is incredible, if you walk out of the theatre and there was a bin in the lobby of DVDs of the film you just watched, you would buy four of them – one for you and three for your friends.  I believe the notion of being able to convince theatre owners that we can open a movie online, in the movie theatres, on DVD on the same day; that is probably where it is leading. That would be a huge bite out of piracy; if it is all available no one is stealing it before someone else gets it.”

Regardless of the relative marketing merits of piracy, stealing intellectual property always hurt businesses and cuts into profits. Piracy would even disrupt Spacey’s strategy of on-demand streaming, because if pirates can hack and leak a season a month before its released, why would viewers sign up for a subscription service? The true solution to piracy, whether the industry goes on-demand or not, is in exclusively storing and syncing with a secure cloud provider.

Netflix Growth

Cloud Solutions for Production Teams

For most production teams, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave company data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides production teams with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a hybrid cloud, so that users and SMBs of all sorts can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. SpiderOak’s cross-platform cloud services are available on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and storage while on the go.

September 2013 - Page 2 of 3 - The Privacy Post

0

Can’t Decide Between Public Or Private? Go Hybrid!

Posted by on Sep 4, 2013

Small and medium-sized businesses have leveraged public and private cloud services in order to compete on a global scale. But technology managers have issues with both deployment options as public options are less secure and private clouds can be expensive. To help bridge the gap, hybrid clouds have become the latest IT craze as they offer SMBs greater flexibility in infrastructure, storing, and syncing to the cloud. Regardless of which deployment option you choose, be sure that your cloud service offers encryption for data privacy and that it doesn’t host any encryption keys or plaintext.

Hybrid Cloud

For most SMBs, the hybrid cloud offers all of the cloud’s benefits with added security, lower costs, and more user control. Mike Maples, founder of the Floodgate Fund, notes that many businesses still aren’t capitalizing on the cloud. According to Maples, “On one hand, it seems like the cloud is ready for prime time. But there’s another way to look at this. You’ve got a lot of people in IT who would say that they’re never going to use the cloud. I think there was some study that came out recently that said something like 61 percent of files will never go to the cloud, because of security concerns.” But with a private or secure hybrid cloud, businesses can enjoy security, privacy controls, and convenience.

What Is the Hybrid Cloud?

In a recent Rackspace survey, 52% of respondents said they moved from the public cloud to the hybrid of private cloud primarily out of security concerns. About 40% claimed that private and hybrid clouds provided increased control over data and privacy, while 37% made the move primarily out of performance issues. Overall, public cloud use has dropped by about 8% from last year. According to Rackspace CTO John Engates, these figures indicate the general turn towards hybrid clouds as a solution. Engates said, “We had looked at hybrid as a bridge to the past. Now we’re seeing it as a bridge to the future. Young companies that don’t have legacy applications are turning to private clouds to do things they couldn’t do in the public cloud. That’s been a real eye-opener for us. It’s not just big companies that have a bunch of old stuff; it’s small companies that have a bunch of new stuff.”

Businesses are flocking to hybrid solutions for the relative low cost and added security measures, especially in the wake of the PRISM leaks. Another survey of U.S. and U.K. IT managers shows that 60% are moving away from the public cloud toward more secure options like hybrid services. John Engates claims that businesses “turn to the hybrid cloud because it can combine the best of public cloud, private cloud and dedicated servers, delivering a common architecture that can be tailored to create the best fit for their specific needs. For example, instead of trying to run a big database in the public cloud on its own, which can be very problematic, businesses can leverage the hybrid cloud to run that database much more efficiently on a dedicated server that can burst into the public cloud when needed.” But if hybrid cloud providers wish to be successful, they must be able to show users that their data is truly protected and that their identities are kept anonymous, particularly after the blowback felt in the U.S. cloud industry after news broke on the NSA’s surveillance scandal.

Hybrid Clouds for SMBs

For most SMBs, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave company data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides SMBs with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a hybrid cloud, so that businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

September 2013 - Page 2 of 3 - The Privacy Post

0

US Surveillance Guidelines Dangerously Outdated

Posted by on Sep 4, 2013

Most Americans rely on the government to be at the forefront of cutting-edge technology. It was governmental investments that helped launch the Internet and rapid developments in defense tech have changed the face of international policing forever. But while the U.S. is advanced when it comes to some elements of infrastructure and defense, the country’s surveillance guidelines haven’t been updated for 30 years. These outdated rules have paved the way for the rampant abuses of American privacy at the hands of governmental organizations like the National Security Agency and its PRISM program. Instead of waiting around for legal protections, online users should protect their sensitive data and identities by exclusively relying on secure clouds that offer strong encryption and user anonymity.

Early in 2013, President Obama appointed staff to the newly created Privacy and Civil Liberties Oversight Board. The board recently addressed the PRISM program and the absence of any revisions to privacy laws as old as 1984. Chairman David Medine of the PCLOB claims that the unique implementation of guidelines in each agency results in different approaches to data collection and sharing.  According to Medine, creating some standard “can constrain and specify what can be done with the information, how it’s collected and how it’s shared.” It’s up to each online user to determine whether or not to trust the government with their data, but given the NSA’s recent history of public lies users should proactively protect their sensitive data in the meantime.

In a recent interview with CNN, President Obama said, “I think there are legitimate concerns that people have that technology is moving so quick that, you know, at some point, does the technology outpace the laws that are in place and the protections that are in place? Do some of these systems end up being like a loaded gun out there that somebody at some future point could abuse?” Unfortunately, the time for questions is far behind us as citizens must grapple with a decade of data mining and monitoring without a warrant. President Obama also addressed the PRISM program directly, claiming, “What’s been clear since the disclosures that were made by Mr. Snowden is that people don’t have enough information and aren’t confident enough that, between all the safeguards and checks that we put in place within the executive branch, and the federal court oversight that takes place on the program, and congressional oversight, people are still concerned as to whether their emails are being read or their phone calls are being listened to.” But the real issue is that people haven’t been clearly given a picture of all of these alleged safeguards, checks, and oversights. Furthermore, given the President’s admission of the value of Snowden’s leaks, he pits himself in a sticky situation as attempts to apprehend and try the whistleblower are still ongoing.

David Medine

How did we get to this point in the first place? ForeignPolicy identifies four key steps that our nation took in the progressive erasure of civil liberties and privacy rights online: our hyperbolic response to the threat of terrorism after 9/11, the general public’s general acquiescence to monitoring for the sake of security, the rapid evolution of technology, and outdated privacy laws. The lack of security standards has led to some companies rising up to fill in the privacy gaps left by the government. Unsene is an encrypted Internet server that helps mask online activity and user identities.

Founder Chris Kitze doesn’t think that the government’s monitoring of private citizens has anything to do with security. Kitze says, “This has been going on for a long time and a company that I had that went public in 1998, in 1997 we went on a tour of the colocation facility. That is the place we hold all the servers. The person who was giving the tour said ‘that is the NSA room’. I asked ‘what do they do in here?’ and he said ‘they collect every e-mail and website visit that comes through here’. That has been going on since 1997 so it doesn’t really have anything to do with security. They are trying to make it pretend like it does, but they have just been doing this forever… I am sure there are good people in those agencies, who think they are doing something that is right, but they are crossing a line now and what they are doing is they are violating the constitution.” Ultimately, users must decide for themselves how much they trust government monitoring. But for privacy advocates, waiting for a governmental solution isn’t an option. The only way to guard your data and identity is through secure cloud services.

Guard Your Privacy & Shield Your Identity With SpiderOak

For most users, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave data wide open to third party attacks, leaks, or hacking. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides colleges with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.