Is Skype Involved In Spying?

Luxembourg’s data protection authority is investigating Microsoft-owned Skype for its alleged cooperation with the U.S. NSA’s Prism spying program, according to the agency.

Luxembourg’s data protection authority, CNPD, is investigating Skype’s links to NSA spying programs after receiving several complaints, said Tom Kayser, a spokesman for the authority. “I can’t really talk about the details of the investigation because it is still ongoing,” he said.

Skype, which has its European headquarters in Luxembourg, allegedly cooperates with the NSA through a program exploring the legal and technical issues involved in making customer calls available to intelligence and law enforcement agencies. The Guardian newspaper first reported the investigation.

The CNPD has powers to ensure that multinational companies based in Luxembourg respect national law, and often receives complaints from the data protection authorities of other European Union member states.

Privacy campaign group Europe-v-Facebook filed one of the complaints in June. That filing was part of a barrage of complaints filed in various countries against European subsidiaries of tech companies that are allegedly involved in the NSA’s spying program, including Facebook, Apple, Microsoft and Yahoo.

Under Luxembourg data protection law service providers and operators are required to ensure the confidentiality of communications and related traffic data.

“No person other than the user concerned may listen to, tap or store communications or the traffic data relating thereto, or engage in any other kinds of interception or surveillance thereof, without the consent of the user concerned,” reads the law’s unofficial English translation.

Violators can face up to a year in prison and/or a fine up to a!125,000 ($170,000). The court dealing with the matter can also order companies like Skype to stop any processing that conflicts with the law on pain of a periodic monetary penalty determined by the court.

“We regularly engage in a dialogue with data protection authorities around the world and are always happy to answer their questions,” a Microsoft spokeswoman said in an email. “It has been previously widely reported that the Luxembourg DPA was one of the DPA’s that received complaints from the ‘Europe v Facebook’ group so we’re happy to answer any questions they may have.”

Source

FCC To Auction Spectrum

The U.S. Federal Communications Commission will sell 10 megahertz of spectrum in the 1900MHz band for commercial mobile services in an auction set to start on Jan. 14, the agency announced.

The agency on last  Friday set a minimum price for licenses in the so-called H block of $1.56 billion, with some of the money funding the First Responder Network Authority (FirstNet), a government board building a nationwide broadband network for public safety agencies.

The auction will help mobile providers address a predicted spectrum shortage, said Mignon Clyburn, the FCC’s acting chairwoman. The auction “will help close the spectrum gap as well as contributing to the goal of making mobile broadband available to our nation’s first responders,” she said in a statement.

Congress, in the Middle Class Tax Relief and Job Creation Act of 2012, required the FCC to license 65 megahertz of spectrum, including the 10 megahertz in the H block, by February 2015.

The FCC has considered auctioning the 1915-1920MHz and 1995-2000MHz spectrum in the past, but concerns about interference with a nearby PCS block kept the commission from moving forward. An FCC order adopted in June created technical rules to keep the H block from interfering with PCS signals.

Commissioner Ajit Pai praised Clyburn for scheduling the auction. The spectrum “will help deliver bandwidth-intensive mobile services and applications” over mobile networks, he said in a statement.

Source

Does The Cloud Need To Standardize?

Frank Baitman, the CIO of the U.S. Department of Health and Human Services (HHS), was at the Amazon Web Services conference  praising the company’s services. Baitman’s lecture was on the verge of becoming a long infomercial, when he stepped back and changed direction.

Baitman has reason to speak well of Amazon. As the big government system integrators slept, Amazon rushed in with its cloud model and began selling its services to federal agencies. HHS and Amazon worked together in a real sense.

The agency helped Amazon get an all-important security certification best known by its acronym, FedRAMP, while Amazon moved its health data to the cloud. It was the first large cloud vendor to get this security certification.

“[Amazon] gives us the scalability that we need for health data,” said Baitman.

But then he said that while it would “make things simpler and nicer” to work with Amazon, since they did the groundwork to get Amazon federal authorizations, “we also believe that there are different reasons to go with different vendors.”

Baitman said that HHS will be working with other vendors as it has with Amazon.

“We recognize different solutions are needed for different problems,” said Baitman. “Ultimately we would love to have a competitive environment that brings best value to the taxpayer and keeps vendors innovating.”

To accomplish this, HHS plans to implement a cloud broker model, an intermediary process that can help government entities identify the best cloud approach for a particular workload. That means being able to compare different price points, terms of service and service-level agreements.

To make comparisons possible, Baitman said the vendors will have to “standardize in those areas that we evaluate cloud on.”

The Amazon conference had about 2,500 registered to attend, and judging from the size of the crowd it certainly appeared to have that many at the Washington Convention Center. It was a leap in attendance. In 2012, attendance at Amazon’s government conference was about 900; in 2011, 300 attended; and in 2010, just 50, Teresa Carlson, vice president of worldwide public sector at Amazon, said in an interview.

Source

Cyber Attacks Increasing In Middle East

Syria’s civil war and political strife in Egypt have given birth to new battlegrounds on the Web and driven a surge in cyber attacks in the Middle East, according to a leading Internet security company.

More than half of incidents in the Gulf this year were so-called “hacktivist” attacks – which account for only a quarter of cybercrime globally – as politically motivated programmers sabotaged opposing groups or institutions, executives from Intel Corp’s software security division McAfee said on Tuesday.

“It’s mostly bringing down websites and defacing them with political messages – there has been a huge increase in cyber attacks in the Middle East,” Christiaan Beek, McAfee director for incident response forensics in Europe, Middle East and Africa (EMEA), told Reuters.

He attributed the attacks to the conflict in Syria, political turmoil in Egypt and the activities of hacking collective Anonymous.

“It’s difficult for people to protest in the street in the Middle East and so defacing websites and denial of service (DOS) attacks are a way to protest instead,” said Beek.

DOS attacks flood an organization’s website causing it to crash, but usually do little lasting damage.

The Syrian Electronic Army (SEA), a hacking group loyal to the government of President Bashar al-Assad, defaced an Internet recruiting site for the U.S. Marine Corps on Monday and recently targeted the New York Times website and Twitter, as well other websites within the Middle East.

Beek described SEA as similar to Anonymous.

“There’s a group leading operations, with a support group of other people that can help,” said Beek.

McAfee opened a centre in Dubai on Monday to deal with the rising threat of Internet sabotage in the region, the most serious of which are attacks to extract proprietary information from companies or governments or those that cause lasting damage to critical infrastructure.

Cyber attacks are mostly focused on Saudi Arabia, the world’s largest oil exporter, Qatar, the top liquefied natural gas supplier, and Dubai, which is the region’s financial, commercial and aviation hub, said Gert-Jan Schenk, McAfee president for EMEA.

“It’s where the wealth and critical infrastructure is concentrated,” he said.

The “Shamoon” virus last year targeted Saudi Aramco, the world’s largest oil company, damaging about 30,000 computers in what may have been the most destructive attack against the private sector.

“Ten years ago, it was all about trying to infect as many people as possible,” added Schenk. “Today we see more and more attacks being focused on very small groups of people. Sometimes malware is developed for a specific department in a specific company.”

Source

U.S. Cloud Vendors Hurt By NSA

Edward Snowden’s public unveiling of the National Security Agency’s Prism surveillance program could cause U.S. providers of cloud-based services to lose 10% to 20% of the foreign market — a slice of business valued at up to $35 billion.

A new report from the Information Technology & Innovation Foundation (ITIF) concludes that European cloud computing companies, in particular, might successfully exploit users’ fears about the secret data collection program to challenge U.S. leadership in the hosted services business.

Daniel Castro, author of the report, acknowledges that the conclusions are based, so far, on thin data, but nonetheless argues that the risks to U.S. cloud vendors are real.

Indeed, a month prior, the Cloud Security Alliance reported that in a survey of 207 officials of non-U.S. companies, 10% of the respondents said that they had canceled contracts with U.S. service providers after Snowden’s leak of NSA Prism documents earlier this year.

“If U.S. companies lose market share in the short term, it will have long-term implications on their competitive advantage in this new industry,” said Castro in the ITIF report. “Rival countries have noted this opportunity and will try to exploit it.”

To counter such efforts, the U.S. must challenge overstated claims about the program by foreign companies and governments, said Jason Weinstein, a partner in the Washington office of law firm Steptoe & Johnson and a former federal prosecutor and deputy assistant attorney general specializing in computer crime.

“There are a lot of reasons to be concerned about just how significant those consequences will be,” Weinstein said. “The effort by European governments and European cloud providers to cloud the truth about data protection in the U.S. was going on well before anyone knew who Edward Snowden was. It just picked up new momentum once the Prism disclosures came out.”

Weinstein contends that European countries have fewer data protection rules than the U.S.

For example, he said that in the U.K. and France, a wiretap to get content can be issued by a government official without court authority, but that can’t happen in the U.S.

“U.S. providers have done nothing other than comply with their legal obligations,” he said. But because of Snowden’s leaks, “they are facing potentially significant economic consequences.”

Gartner analyst Ed Anderson said his firm has yet to see any revenue impact on cloud providers since the Prism disclosures, but added, “I don’t think Prism does U.S. providers any favors, that’s for sure.”

Nonetheless, Anderson added, “I think the reality is [the controversy] is likely to die down over time, and we expect adoption to probably continue on the path that it has been on.”

One reason why U.S. providers may not suffer is because “the alternatives aren’t great if you are a European company looking for a cloud service,” he said.

Source

FTC Warns Google And FB

The Federal Trade Commission (FTC) has promised that her organisation will come down hard on companies that do not meet requirements for handling personal data.

FTC Chairwoman Edith Ramirez gave a keynote speech at the Technology Policy Institute at the Aspen Forum. She said that the FTC has a responsibility to protect consumers and prevent them from falling victim to unfair commercial practices.

“In the FTC’s actions against Google, Facebook, Myspace and others, we alleged that each of these companies deceived consumers by breaching commitments to keep their data confidential. That isn’t okay, and it is the FTC’s responsibility to make sure that companies live up to their commitments,” she said.

“All told, the FTC has brought over 40 data security cases under our unfairness and deception authority, many against very large data companies, including Lexisnexis, Choicepoint and Twitter, for failing to provide reasonable security safeguards.”

Ramirez spoke about the importance of consumer privacy, saying that there is too much “shrouding” of what happens in that area. She said that under her leadership the FTC will not be afraid of suing companies when it sees fit.

“A recurring theme I have emphasized – and one that runs through the agency’s privacy work – is the need to move commercial data practices into the sunlight. For too long, the way personal information is collected and used has been at best an enigma enshrouded in considerable smog. We need to clear the air,” she said.

Ramirez compared the work of the FTC to the work carried out by lifeguards, saying that it too has to be vigilant.

“Lifeguards have to be mindful not just of the people swimming, surfing, and playing in the sand. They also have to be alert to approaching storms, tidal patterns, and shifts in the ocean’s current. With consumer privacy, the FTC is doing just that – we are alert to the risks but confident that those risks can be managed,” she added.

“The FTC recognizes that the effective use of big data has the potential to unleash a new wave of productivity and growth. Like the lifeguard at the beach, though, the FTC will remain vigilant to ensure that while innovation pushes forward, consumer privacy is not engulfed by that wave.”

It’s all just lip service, of course. Companies might be nominally bound by US privacy laws in online commerce, and that might be overseen by the FTC, but the US National Security Agency (NSA) collects all internet traffic anyway, and makes data available to other US government agencies and even some private companies.

Source

Google Snubs Privacy

Search giant Google has told the British government it is immune to prosecution on privacy issues and it can do what it like. The US Company is accused of illegally snooping on its British customers by bypassing privacy settings on Apple devices, such as iPads, to track their browsing history.

A group of British people took Google to court but the search engine is trying to get the case thrown out. Its argument is that it is not subject to British privacy law because it is based in California. This is the second time that Google has tried to avoid British law by pretending to operate in another country. It has come under fire for failing to pay tax in the UK

Nick Pickles, director of Big Brother Watch, said: ‘It is deeply worrying for a company with millions of British users to be brazenly saying they do not regard themselves bound by UK law. Solicitor Dan Tench, of law firm Olswang, said this was another instance of Google being here when it suits them and not being here when it doesn’t. Ironically when the US ordered Google to stop what it was doing, it forced the search engine to pay a $22.5million to regulators.

There are some indications that Google may not get its way. In July the Information Commissioner’s Office told Google its privacy rules breached UK law so it will be very hard for it to stand up in court and say it didn’t.

Source

NOAA Super Computer Goes Live

The National Oceanic and Atmospheric Administration has rolled out two new supercomputers that are expected to improve weather forecasts and perhaps help better prepare us for hurricanes.

The two IBM systems, which are identical clones, will be used by NOAA’s National Weather Service to produce forecast data that’s used in the U.S. and around the world.

One of the supercomputers is in Reston, Va.; the other is in Orlando. The NWS can switch between the two in about six minutes.

Each is a 213-teraflop system running a Linux operating system on Intel processors. The federal government is paying about $20 million a year to operate the leased systems.

“These are the systems that are the origin of all the weather forecasts you see,” said Ben Kyger, director of central operations at the National Centers for Environmental Prediction.

NOAA had previously used identical four-year-old 74-teraflop IBM supercomputers that ran on IBM’s AIX operating system and Power 6 chips.

Before it could activate the new systems, the NWS had to ensure that they produced scientifically accurate results. It had been running the old and new systems in parallel for months, comparing their output.

The NWS has a new hurricane model, which is 15% more accurate in day five of a forecast for a storm’s track and intensity. That model is now operational and running on the new systems. That’s important, because the U.S. is expecting a busy hurricane season.

Source

The DoD May Share Airwaves

The U.S. Defense Department is proposing to share some of its radio airwaves with private industry, a nod to growing pressure from the wireless industry and the Obama administration that federal agencies ease their control of valuable spectrum.

In a letter released by the Federal Communications Commission on Tuesday, the Department of Defense offers to share the airwaves it now dominates in the slice of frequencies from 1755 megahertz (MHz) to 1780 MHz with spectrum-hungry wireless and Internet companies.

The military would rearrange its systems within that slice of spectrum as well as the 2025-2110 MHz band and compress programs into the 1780-1850 MHz band that it would retain.

The Defense Department uses the airwaves for programs such as pilot training and drone systems and has faced criticism from some in the industry and in Congress for resisting efforts to open those airwaves for commercial use to satisfy growing demands posed by data-hungry gadgets and services.

The Pentagon had pointed to its own need for airwaves as its use of drones and other reliance on wireless technology grows. It also had estimated the process of moving its programs to new frequencies would cost more than $12 billion.

Under the new plan, the Defense Department drops the cost estimate to $3.5 billion by compromising on sharing slices of airwaves without completely clearing any of the spectrum bands.

In the letter, originally sent on July 17 to the National Telecommunications and Information Administration, which oversees federal airwaves, DOD Chief Information Officer Teresa Takai called the proposal “a workable balance to provide access to the 1755-1780 MHz band most desired by the commercial wireless industry while ensuring no loss of critical DoD capabilities.”

The NTIA, in its own letter to the FCC, said it had not had enough time to review the proposal and could not yet endorse it.

The FCC, with NTIA’s help, is preparing for several auctions of airwaves to take place in coming years, including one that would sell off chunks of federally controlled spectrum. They will be the first reshuffling of airwave ownership since 2008.

Congress has required the FCC to auction off the 2155-2180 MHz band by February 2015 and the industry has sought to pair up that slice of spectrum with the valuable 1755-1780 MHz band, arguing it would collect more money. Lawmakers in the House of Representatives have introduced a bill to ensure such pairing.

The FCC has been drafting a notice of proposed rulemaking that would seek public comments on how the FCC should auction those federally owned or already cleared airwaves to the wireless companies and an FCC official said the agency’s notice will address the Pentagon’s new proposal.

President Barack Obama last month directed federal agencies to look for ways eventually to give up or share more of their airwaves with the private sector. This followed his June 2010 call to open up 500 MHz of federal spectrum for commercial use.

Source

Will The FBI Ditch Blackberry?

Samsung Electronics Co Ltd is close to signing a deal to sell its popular line of Galaxy devices to the U.S. Federal Bureau of Investigation, sources familiar with the situation said late last  Friday.

The deal would be a boost for Samsung, which is increasingly seeking to cater to the needs of government agencies, a niche long dominated by Canadian smartphone maker BlackBerry Ltd.

The FBI, with more than 35,000 employees, at present uses mainly BlackBerry devices. It is unclear whether the agency plans to replace all BlackBerry equipment with Galaxy models or whether it will use hardware from both companies.

A spokeswoman for the FBI declined to comment on the matter, saying that the selection of its new smartphones is part of an active acquisition process and any current discussions are proprietary to the government.

The imminent deal was initially reported by the Wall Street Journal late on Thursday. The WSJ also said Samsung is close to signing a smaller order for its devices with the U.S. Navy, citing people familiar with the matter.

Representatives of BlackBerry and Samsung declined to comment. BlackBerry emphasized, however, that it regards its operating system as the best in the market in terms of security features.

“The security of mobile devices is more important now than it has ever been before,” BlackBerry’s chief legal officer, Steve Zipperstein, said in an interview. “It is fair to ask why in this context anyone would consider moving from the gold standard in security, which is the BlackBerry platform.”

In May, the U.S. Pentagon cleared Samsung’s Android mobile devices and a new line of BlackBerry devices powered by the BB10 operating system for use on Defense Department networks.

Samsung has been pushing hard to convince government agencies and corporate clients that its Galaxy devices, powered by Google Inc’s Android operating system, can meet their stringent security needs.

The South Korean company hopes that the Pentagon clearance and the imminent deal with the FBI will help boost sales to security-conscious clients including banks and law firms.

Some analysts remain skeptical about whether Android can meet all security requirements of such clients, and note that the FBI itself has highlighted some vulnerabilities of the platform.

“The Android operating system hasn’t been secured properly,” said Rob Enderle, principal analyst with Enderle Group, noting that Samsung has layered technology on top of the operating system in an attempt to make its Galaxy devices safer.

Source

« Previous Page — Next Page »