SECURITY ISSUES: MICROSOFT + YAHOO, CALEA, FISA, PATRIOT ACT and MONITORING THE PUBLIC
Microsoft grows larger, stronger and more unaccountable...?
According to Reuters...
Microsoft bids $44.6 billion to buy Yahoo
" Microsoft Corp offered to buy Yahoo Inc for $44.6 billion, in a bold bid to transform two ailing Internet businesses into a worthy competitor for market leader Google Inc."
"Yahoo would give Microsoft dominance in Web banner ads used by corporate brand advertisers. It also attracts more than 500 million people monthly to sites devoted to news, finance and sports, and Yahoo Mail is the No. 1 consumer e-mail service."
"But critics say the two companies have too many overlapping businesses -- from instant messaging to email and advertising, as well as news, travel and finance sites -- and both are weak in the Web search market, where Google dominates."
Clear and present danger?
Considering that Microsoft software and applications are used on most personal and professional desktops in American, I am now beginning to become somewhat concerned over the personal security and freedom issues involving such a dominant corporate position within our general culture.
My reasons are simple:
There is no doubt that Microsoft embeds "hidden" codes in documents and other products produced with Microsoft software. Formally known as GUIDs (Globally Unique IDentifiers), these codes can allow the federal government, corporations or individuals to track documents, computer programs and other information back to a single computer and possibly to a single individual who used the computer on a specific date and time. Unless you store and transmit your information in clear, human-readable, plain-text, it is possible that your document, text file, audio file, video file or program contains personally identifying "metadata."
Microsoft: agent of the government?
Considering that Microsoft is subject to no-announce administrative summons such as those promoted by the Patriot Act and other legislation, it is theoretically possible for Microsoft to serve as an agent of the government to electronically surveil the American public without any further enabling legislation or violating the governments restrictions on compiling and maintaining massive databases for uses other than national defense.
The Microsoft way...
Allowing Microsoft to own and operate a large search engine under the most liberal interpretation of Microsoft's standard EULA (End User Licensing Agreement) and privacy agreements where "Microsoft can do anything it wants and is not responsible for the consequences of its actions" is unacceptable.
The need for legislative and judicial safeguards...
Without specific legislation safeguarding the rights of individuals from "unreasonable search and seizures" and companies from "industrial espionage," I believe that this transactions not only presents a clear and present danger to American privacy rights, but also serves to highlight the increasing politicalization of our American institutions and agencies where enforcement agencies may be co-opted into taking action for political reasons unrelated to their primary missions.
CALEA & Deep-packet mining...
CALEA (Communications Assistance for Law Enforcement Act) amended the United States Code (Title 18) "to make clear a telecommunications carrier's duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes."
From Wikipedia...
"CALEA was intended to preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities."
"Common carriers, facilities-based broadband Internet access providers, and providers of interconnected Voice over Internet Protocol (VoIP) service – all three types of entities are defined to be “telecommunications carriers” for purposes of CALEA section 102."
It is necessary, therefore, to legally capture individual packets of Internet data when requested by governmental representatives and possibly to assist in the determination of the contents of transmitted documents and files.
Questioning the sanctity of encryption keys...
Does this mean that the encryption techniques used in today's commercial applications must be "breakable" by the authorities which gives rise to industrial and foreign espionage? Does this mean that they encryption keys formulated by today's software are not somehow embedded in transmissions, retained within the hidden recesses of the computer or are periodically uploaded to some "big brother" database maintained by a private or governmental agency?
Questioning the propriety of data mining...
For the uninitiated, the term data mining applies to the aggregation of large amounts of information and then using software to develop interrelations between data elements based on specially-crafted algorithms (computer instructions).
However, this presents two major issues: one, can all of the information be legally accessed by the party doing the analysis and two, are the relationships that are developed relevant to the use at hand. As an example: does the general presumption that dope dealers buy expensive jewelry warrant the use of a program to filter through the records of jewelry dealers to see if one can find dope dealers?
Is the entire concept of data mining flawed?
One, because it requires beginning assumptions which lead to the invasion of personal, professional and commercial privacy.
Two, because of the ambiguity in correctly determining identities, it is fair to place a number of people with similar identities under surveillance?
Three, because we do not have enough skilled translators to determine the correct translation of the content and "nuance" of the intercepted materials?
Three, because of a failed fundamentals assumption that serious communication between terrorists may be coded in "every-day" speak: referring to "Mr. B. visiting the store to purchase hardware?"
One needs only to look at the foolishness being perpetrated by the TSA with its compiled feel-good "do not fly" list.
There is no way to distinguish between John Smith the terrorist and John Smith the two-year old baby in diapers.
Due to problems with the use and transliteration of foreign names into our contextual usage, the name-matching system becomes almost useless.
Terrorists do not use their real names.
The TSA lacks biometric identification means to discern an individual's true identity.
Enabling the TSA to perform data mining to link a name to financial and commercial transactions based on erroneous naming assumptions is likewise ludicrous.
The additional security problems arising from "XML" and its variants...
XML (eXtensible Markup Language) and its variants provides for the explicit tagging of data that is stored in computers or transmitted via electronic means. It also removes the anonymous nature of stored or transmitted information by using explicit data tags.
An example of XML..
<Transaction> <Identity> <FirstName>John</FirstName> <MiddleInitial>J.</MiddleInitial><LastName Guid="0000-oooo-oooo-oooo" DriversLicenseState="CA" DriversLicense="X000000"> Jones </LastName> </Identity><Role>Purchaser</Role> <Action> Purchased</Action> <Merchandise StockNumber=" B0000" MerchandiseDescription="Diamond-encrusted ID Bracelet" MerchandiseCost="100000.00" MerchandiseCostPaymentForm="Amex Credit Card" </Merchandise> </Transaction>
As you can see, a computer would have very little problem with understanding the data elements and re-combining them in any number of algorithmic combinations.
The next step would be to scan financial databases to find out if the person so identified had a legitimate business or any social standing in the community. Then what?
There is also some concern, on behalf of myself and others involved with security issues, that the number of known XML-like identifier tags in a message can offer offer a boost to those who are attempting to break the encrypted code.
And this is where we are headed today, technologically speaking.
False premise justification for invasion of personal privacy
Both the democrats and the Republicans often resort to "it's for the children" justifications for their oppressive or unpopular actions. And it is no secret that the government may secretly approve of a certain degree of crime in order to impose their heavy-handed controls and justify their own agency's existence. The hypocrisy of the government can be clearly demonstrated by considering the subject of "substance abuse" which has given rise to numerous monitoring and surveillance efforts.
One, the government knows that it is a scientifically-proven fact that tobacco is both addictive and deadly, yet they continue to allow it to be sold while taxing it heavily to finance governmental operations.
Two, the government knows from first hand observation and cumulative statistics that alcohol causes any number of social ills leading to further crime and the slaughter of a large number of citizens who are caught in the headlights of a drunken driver, yet they allow it to be sold and continue to tax it heavily to finance governmental operations.
And three, they make substances like marijuana illegal so they can surveil the populace and further impose regulations which allow for any manner of egregious "legal" actions to be taken against citizens. Not to mention that the drug trade single-handedly supports much of the current judicial system and its "not so admirable" practitioners, the self-serving lawyers who write the legislation.
Not let us not forget the government's puritanical approach to what they "deem" pornography; often based on their personal or religious preferences. Another money-maker for the government. It still is amazing to me that money generated by the public's consumption of pornography continues to have socially beneficial effects such as the introduction of new and better technology. And now, we are even seeing the rise of graphically-explicit pornographic materials on telephones. Especially when an increasing number of legislators are affiliated with personal sexual peccadilloes.
The need for the "rule of law..."
Lest I sound like a democrat, I would like to reiterate that I am in favor of "due process" rights and safeguards and the legal process of obtaining a search warrant based upon "probable cause." And severely punishing those who act upon false testimony to obtain such warrants; such as that knowingly false or partially true information supplied by law enforcement personnel and their so-called "confidential informants." I believe that those who politicize and further corrupt our institutions under the color of authority should be sent to jail.
In the final analysis, it is up to the people to curtail any governmental attempt to subvert liberty and further diminish our personal freedoms.
What can YOU do?
Never overlook the possibility that politically-driven evildoers within government are seeking to consolidate their political power over the citizens of the United States. There have always been instances of people, while claiming that "the end justifies the means," have engaged in illegal activities and egregious violations of our Constitutional laws.
Never assume that a large commercial transaction which affects millions of citizens does not give rise to the potential for governmental abuse of the commercial organization to the detriment of all citizens.
Support organizations which monitor security and freedom issues such as the Electronic Frontier Foundation (www.eff.com).
Our wise Founding Fathers believed that government, in an of itself, while serving a useful purpose, but was eminently corruptible. Therefore, numerous safeguards were built into the system. Unfortunately, with the proliferation of large sums of money and political power, a portion of our government has been corrupted in favor of the special interests who seek to milk our natural resources and productivity for their own purposes, over their sworn duties to serve "We the People."
-- steve
A reminder from OneCitizenSpeaking.com: a large improvement can result from a small change…
The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane. -- Marcus Aurelius
Reference Links:
This blog entry takes no position on the financial considerations of the proposed buyout of Yahoo by Microsoft, it only serves to raise additional social, privacy and security concerns related to such a purchase.
“Nullius in verba”-- take nobody's word for it!
"Acta non verba" -- actions not words
“Beware of false knowledge; it is more dangerous than ignorance.”-- George Bernard Shaw
“Progressive, liberal, Socialist, Marxist, Democratic Socialist -- they are all COMMUNISTS.”
“The key to fighting the craziness of the progressives is to hold them responsible for their actions, not their intentions.” – OCS "The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." -- Marcus Aurelius “A people that elect corrupt politicians, imposters, thieves, and traitors are not victims... but accomplices” -- George Orwell “Fere libenter homines id quod volunt credunt." (The people gladly believe what they wish to.) ~Julius Caesar “Describing the problem is quite different from knowing the solution. Except in politics." ~ OCS