A Fight for the future message: The following companies just betrayed billions of people.


The following companies just betrayed billions of people.

Apple, Microsoft, Adobe, Symantec, and a handful of other tech companies just began publicly lobbying Congress to pass the Cybersecurity Information Sharing Act (CISA), a bill that would give corporations total legal immunity when they share private user data with the government and with each other. Many of these companies have previously claimed to fight for their users’ privacy rights, but by supporting this bill they’ve made it clear that they’ve abandoned that position, and are willing to endanger their users’ security and civil rights in exchange for government handouts and protection.

Tell them why they’re on the wrong side of history.

Fight for the Future will deliver your email and send you campaign updates. Privacy

Thanks for taking action!

We’re up against some of the most powerful corporate lobbyists in the country, but that hasn’t stopped us before. If a critical mass of citizens speak out against CISA, our voices will be impossible to ignore.

We are boycotting Salesforce / Heroku. Click here to learn more.

What does it take for some of the biggest competitors in the tech industry to put their differences aside and sign a letter endorsing a hugely unpopular surveillance bill? Sweeping legal immunity. Worse, these companies know that their customers hate CISA, and so they’re jumping into the water together, hoping there’s safety in numbers. After all, you can’t blame Microsoft if Apple is doing the same thing, right?

What’s wrong with CISA?

If you’re not up to speed, CISA is a mass surveillance bill posing as a “cybersecurity” bill. Congress has been blindly scrambling to react to the OPM hacks, and their solution is a giveaway to the NSA and giant corporations:

  • All privacy policies effectively null and void. Companies can share any private user data with the government, without a warrant, as long as the government says it is being used for a “cybersecurity” purpose.
  • Data is shared with a wide array of government agencies, from the FBI and NSA, to the IRS and local law enforcement.
  • In exchange, companies are given blanket immunity from civil and criminal laws, like fraud, money laundering, or illegal wiretapping (if a violation was committed or exposed in the process of sharing data).
  • Companies that play along can get otherwise classified intelligence data from the government, including private information about their competitors.

To learn more about CISA, click here.

Dial 985-222-CISA to call Congress now.

Internet users demand meaningful cybersecurity legislation, not more mass surveillance. Millions have already spoken out, and there’s still time to send Congress a clear message. Please call your representatives, and share this page to spread the word!

var aid = ‘6055’,
v = ‘qGrn%2BlT8rPs5CstTgaa8EA%3D%3D’,
credomain = ‘adkengage.com’,
ru = ‘http://www.thepuchiherald.com/wp-admin/post.php’;
document.write(”);

A Fight for the future message: The following companies just betrayed billions of people. was originally published on The Puchi Herald Magazine

Advertisements

Are we using a double standard in IT security?


chinatousaAre we using a double standard in IT security?

In the last years Cyber Security has raised as a major concern in any sector of our lives, from government to business and even at private and personal level. But I am wondering if there is a sort of double standard when we judge facts happening when they are related to cybersecurity.

Let’s make some example:

We all have read concerns rising form the rumoured new rules that china will impose to companies selling IT equipments in some sensitive sector like financial, western expert have raised all so of questions pointing out that this will damage western IT companies and claim this will be a protectionist move. So let us think a little bit about this. The new China rules are not clear right now, there are rumours that it will impose to release source code to the Chinese government and the same will impose back-door to the equipments.
The claimed reason is that it is to protect key assets in China, because government cannot trust vendors. The western answer is that this is pure speculation and a move to rise protectionist barriers against foreign IT competitors.
What is lacking in those analysis is that if those rules will be as rumours claims they will have a negative impacts on Chinese companies too.

In order to be able to sell their equipment abroad Chinese IT companies will have to, literally, duplicate their line products one for China and one for the rest of the world. Different codes will be a mandatory need to be able to sell their equipment outside the country, and they will find a competitive landscape that would be even more hostile than the one we have now, dramatically  rising costs.

At the same time is interesting to note how in some western countries, take USA as an example, the fact to be a Chinese company is enough to be banned from federal tenders just because they “could” contain back-doors used by Chinese government, companies like Huawei and ZTE are facing this sort of fate in USA. No proves or facts have to be presented, the suspect is enough. The Rogers committee voiced fears that the two companies were enabling Chinese state surveillance, although it acknowledged that it had obtained no real evidence that the firms had implanted their routers and other systems with surveillance devices. Nonetheless, it cited the failure of those companies to coöperate and urged US firms to avoid purchasing their products: “Private-sector entities in the United States are strongly encouraged to consider the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services. US network providers and systems developers are strongly encouraged to seek other vendors for their projects. Based on available classified and unclassified information, Huawei and ZTE cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems.”
I wonder why nobody rise the protectionist flag in this case, probably because suspects are credible?
So while upon suspects of working for a government we are allowed to ban a company, in front of solid facts as

  • the NSA activities of espionage (see Edward Snowden revelations and Greenwald articles),
  • back-door implanted by companies upon state requests (think of the RSA BSAFE default crypto algorithm DUAL_EC_DRBG affair or the old FBI magic lantern trojan not detected by Norton and other antivirus)
  • Backdoors implanted modifying HWSW by NSA on major IT vendors intercepting the equipment before they reach the customers (ANT programs) without vendors agreement or knowledge see also:

https://nex.sx/blog/2015-01-27-everything-we-know-of-nsa-and-five-eyes-malware.html

http://blog.thinkst.com/p/if-nsa-has-been-hacking-everything-how.html

 

we consider it normal and trust USA equipment.

Still wondering why Chinese government do not trust western stuffs for key areas?

Another interesting example of dual behavior when talking about cyber-security is the well-known recent Sony pictures Hack. No doubt on the media has been done about the North Korean identity of the attackers, but a few solid facts (actually no one) have been presented to sustain it. On the other side Cyber-security experts have tried to rise some perplexity on this quick attribution. Sony has a long story of failed cyber security protections and successful hacks, I wrote on this since the first PSN network problem, but at those times nobody were pointing so easily to a suspect. So why media have identified this time the bad guys while cyber-security expert sill have concerns? Taia global was probably the first company to rise public concerns about this too quick attribution, followed by other serious sources, companies and researchers. If you read the news now doubts on North Korea attribution is widely accepted but in the public opinion the guilt is clear.

We could continue to show other examples, it’s common to find statistics showing that the major source of cyber attack is China, but forgetting to mentions what is the rate of attack that China face or a minimum explanation of why could there be so many sources to be used. May be if you visit China you would find out that mobile internet is so widely common that would not be a surprise to imagine how easy should be to install botnets here. Just walk on the street, you’ll see an incredible number of people walking and playing with their smart phone (there 4G connection are normal) and then using the computer at home. And where there are home users and bandwidth there  you have botnets.

We should probably change the dual standard mode and start to consider CyberSecurity as a worldwide complex problem that need neutral metric to be correctly evaluated otherwise we will base our decision on prejudices and not facts.

var aid = ‘6055’,
v = ‘qGrn%2BlT8rPs5CstTgaa8EA%3D%3D’,
credomain = ‘adkengage.com’,
ru = ‘http://www.thepuchiherald.com/wp-admin/post.php’;
document.write(”);

Are we using a double standard in IT security? was originally published on The Puchi Herald Magazine