1. Monthly archive
  2. June 2015

June 2015

UK intelligence agencies should keep mass surveillance powers, report says

UK intelligence agencies should be allowed to retain controversial intrusive powers to gather bulk communications data but ministers should be stripped of their powers to authorise surveillance warrants, according to a major report on British data law. The 373-page report published on June 11 -- "A Question of Trust", by David Anderson QC -- calls for government to adopt “a clean-slate” approach in legislating later this year on surveillance and interception by GCHQ and other intelligence agencies. However, Downing Street hinted that David Cameron was unlikely to accept one of his key recommendations: shifting the power to agree to warrants from home and foreign secretaries to a proposed new judicial commissioner.

The prime minister’s spokeswoman said the authorities needed to be able “to respond quickly and effectively to threats of national security or serious crime”, which appears to suggest ministers are better positioned to do this than judges. Anderson’s report, commissioned by Cameron in 2014, comes in response to revelations two years ago by the US whistleblower Edward Snowden about the scale of government surveillance.

Largest employee union says hackers stole personal data on every federal worker

The largest union representing federal employees said it believes the hackers from China who breached a database containing employment information have access to the personal information of every federal worker. In a letter sent June 11 to Katherine Archuleta, the federal personnel chief, J. David Cox, president of the American Federal of Government Employees, wrote that the union believes the criminals “are now in possession of all personnel data for every federal employee, every federal retiree and up to one million former federal employees.” Cox also said the criminals stole a range of personal information that goes beyond what the Office of Personnel Management disclosed when it went public with the intrusion, including military records, veterans’ status and life insurance information. In short, the employees’ entire personnel file.

After OPM Debacle, Three-Step Biometric ID Checks Are Coming

Expect computers to require that federal personnel use a smartcard, a password and their fingerprints before logging on, as a way to shore up defenses in the wake of a massive government cyber assault, a top official from the Department of Homeland Security said. So-called three-factor authentication goes one step further than today's governmentwide sign-on routine, which involves only a badge and PIN, if that.

Most agencies, including the recently hacked Office of Personnel Management, only require a PIN. Foreign spies, who allegedly extracted details on millions of current and former federal employees from OPM’s network, might change that. "Several organizations are looking at three-factor authentication," said Shonnie Lyon, acting director of the DHS Office of Biometric Identity Management. Lyon, who did not name the agencies. "I think that's the way things are going to have to go."

Smartphone thefts are way down. Here’s why.

It’s a tough time to be in the business of stealing smartphones. Apple started letting users clear their data and disable their iPhones remotely in 2013 with its “Find My iPhone” feature, and Android is expected to roll out the function soon. That makes it harder for thieves to do much with a stolen smartphone: If it doesn’t work, it’s not worth an awful lot on the black market. Now, that technology appears to be turning away would-be thieves: A third fewer Americans say they had phones stolen last year compared to 2013, according to a Consumer Reports study released June 11.

The magazine says it tweaked its methodology in the latest study, which could account for some of the change, but that the overall change is still significant. That's what prosecutors and policymakers hoped for as they’ve pushed for so-called “kill switches” to become standard in smartphones. The issue has inspired legislation in Congress (though it hasn’t moved out of committee) and laws in states such as Minnesota and California, particularly as phone thefts soared in recent years. The number of Americans whose phones were stolen doubled between 2012 and 2013, according to the magazine.

Americans are literally using apps like it’s our job

We all know we live in a world where there's an app for everything. But how do we really use them? Nielsen released a new study showing that while the number of apps that smartphone-wielding Americans use holds steady at around 26.7 per month, we're spending more time with them overall. The average person used apps for 37 hours and 28 minutes last quarter -- nearly a full work-week. And that's up from 30 hours and 15 minutes just the quarter before and a 63 percent rise over two years, the company said. But that doesn't mean we're using more apps. The study found that while people are dipping into their apps more, they're not necessarily downloading a wider variety of apps. Instead, they're spending more time with the ones they already have. The firm also found that more than 70 percent of all usage comes from the top 200 apps.

Race was also a determining factor in how many apps people used, and for how long. African-Americans tend to use more apps, 30.3, on average, and spend nearly 43 hours using them. Hispanics, meanwhile, use fewer apps but spend nearly as much time -- 41 hours and 31 minutes -- in apps per month. Asian-Americans use an average of 28 apps per month and spend just over 37 hours using them. Nielsen found that white smartphone users use the fewest apps and spend the least time using them.

NCTA to FCC: LTE-U Could Cause Untold Harm

The National Cable & Telecommunications Association wants the Federal Communications Commission to open a new docket on the implications of allowing mobile operators to employ "non-standard" LTE unlicensed (LTE-U) technologies to operate in unlicensed spectrum, which the cable trade group argues could degrade Wi-Fi service, which is cable operators' primary mobile broadband play. That came in comments to the FCC late on June 11.

NCTA said the FCC needs to carefully supervise any standards-setting process, get all sides together to insure "effective sharing mechanisms," seek regular reports from IEEE and 3GPP standards-setting bodies, and not allow LTE-U to deploy until those processes are complete, and then regulate a solution if necessary to "protect consumers." Apparently, among the key cable operator concerns is that the mobile operator Wi-Fi technologies could interfere with other Wi-Fi devices, like cable in home Wi-Fi, not to mention, though he did, wireless garage doors and even baby monitors. That could turn mobile phones into mobile jamming devices.

Report: 5G Architecture Will Depend on One of Three Principal Carrier Decisions

The latest in a series of research reports from Mobile Experts aims to provide mobile telecommunication industry participants a better handle on emerging 5G network architectures for specific business scenarios. “While 5G is a popular label, it doesn’t mean much without a lot of deeper explanation…In reality, ‘5G’ is a grouping of multiple distinct use cases,” Mobile Experts’ principal analyst Joe Madden explained. “We think that each use case needs to justify itself with a return on investment, before the industry invests billions of dollars to develop it.” What Mobile Experts does expect will occur in all cases as 5G technology emerges is that network operators will make extensive re-use of their 4G assets. “Don’t expect the 5G roll-out to look anything like the investments in 2G through 4G, because the 5G solutions will piggyback on top of the 4G network, allowing deployment to be gradual and incremental in some cases,” Madden commented. In its 5G Architectures report, Mobile Experts outlines three principal architectural decisions wireless network operators will need to make:

  1. Ultra-Broadband (UBB)
  2. Critical Machine-Type Communications (Critical MTC)
  3. Massive Machine-Type Communications (Massive MTC)

The overall cost of 5G architectures will vary, in part because these radio solutions are very different from each other, Mobile Experts notes.

NAB: 'White Spaces' Database Still Fundamentally Flawed

The National Association of Broadcasters says the Federal Communications Commission's plans for unlicensed devices in the so-called TV "white spaces" remains fundamentally flawed and incapable of working as currently constituted. Back in March, NAB petitioned the FCC to suspend use of the database saying it allowed false and damaging information to be entered into it. NAB concedes that some improvements have been made since, particularly after press attention to the issue, but not nearly enough. That point was made in a presentation by NAB executives to FCC engineering staffers.

"Despite this effort, and despite the fact that the spotlight has never shone more brightly on the database, the database remains fundamentally flawed and incapable of serving its intended function in its current form." The database is supposed to identify channels in use by TV stations and others so that unlicensed devices using those so-called "white spaces" do not cause interference. NAB says the database continues to be riddled with inaccuracies, which signals that the issue will not be resolved until the FCC requires location information to be built in to the unlicensed device.

Appeals Court Denies Broadcaster Auction Challenge

The US Court of Appeals for the DC Circuit has denied a broadcaster challenge to the Federal Communications Commission's incentive auction framework. In August 2014, the National Association of Broadcasters challenged the FCC's broadcast incentive auction, saying that its framework "violates the Spectrum Act; (2) is arbitrary, capricious, and an abuse of discretion under the Administrative Procedure Act." Sinclair also sued over the auction. The court rejected both challenges.

"Petitioners press a series of arguments challenging the Commission’s implementation of the Spectrum Act’s mandate to expend 'all reasonable efforts' to preserve 'the coverage area and population served' of broadcasters reassigned to new channels in the repacking process. We reject petitioners’ arguments," a three-judge panel of the court said. NAB's primary beef is with how the FCC is proposing to predict TV station coverage areas, which it says could result in significant viewership loss. The NAB says that the FCC changed the methodology (the OET-69 bulletin) in contravention of the statute.

Even with a VPN, open Wi-Fi exposes users

[Commentary] By now, any sentient IT person knows the perils of open Wi-Fi. Those free connections in cafes and hotels don't encrypt network traffic, so others on the network can read your traffic and possibly hijack your sessions. But one of the main solutions to this problem has a hole in it that isn't widely appreciated. Large sites like Twitter and Google have adopted SSL broadly in order to protect users on such networks. But for broader protection, many people use a virtual private network (VPN). Most people, if they use a VPN at all, use a corporate one. But there are public services as well, such as F-Secure's Freedome and Privax's HideMyAss. Your device connects with the VPN service's servers and establishes an encrypted tunnel for all your Internet traffic from the device to their servers. The service then proxies all your traffic to and from its destination. But there is a hole in this protection, and it happens at connect time.

The VPN cannot connect until you connect to the Internet, but the VPN connection is not instantaneous. In many, perhaps most public Wi-Fi sites, your Wi-Fi hardware may connect automatically to the network, but you must open a browser to a "captive portal," which comes from the local router, and attempt to gain access to the Internet beyond. You may have to manually accept a TOS (Terms of Service) agreement first. In this period before your VPN takes over, what might be exposed depends on what software you run. Do you use a POP3 or IMAP e-mail client? If they check automatically, that traffic is out in the clear for all to see, including potentially the login credentials. Other programs, like instant messaging client, may try to log on.

[Larry Seltzer is the former editorial director of BYTE, Dark Reading, and Network Computing at UBM Tech and has spent over a decade consulting and writing on technology subjects]

© 1994-2024 Benton Institute for Broadband & Society. All Rights Reserved.