Thousands of companies spy on you

Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of 13 books–including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World–as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier FoundationAccessNow, and the Tor Project; an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org; and a special advisor to IBM Security and the Chief Technology Officer at IBM Resilient.

Schneier says “Thousands of companies are spying on you” in his CNN Opinion. Some excerpts:

… while Facebook is one of the biggest players in this space, there are thousands of other companies that spy on and manipulate us for profit…It has existed in secret far too long, and it’s up to lawmakers to force these companies into the public spotlight, where we can all decide if this is how we want society to operate and — if not — what to do about it.

There are 2,500 to 4,000 data brokers in the United States whose business is buying and selling our personal data. [and a thousand in India, thousands in Europe and so on???]

…Smart phone is probably the most intimate surveillance device ever invented. It tracks our location continuously, so it knows where we live, where we work, and where we spend our time. It’s the first and last thing we check in a day, so it knows when we wake up and when we go to sleep. We all have one, so it knows who we sleep with. Uber used just some of that information to detect one-night stands; your smartphone provider and any app you allow to collect location data knows a lot more…

…None of this is new…

Surveillance capitalism is deeply embedded in our increasingly computerized society, and if the extent of it came to light there would be broad demands for limits and regulation. But because this industry can largely operate in secret, only occasionally exposed after a data breach or investigative report, we remain mostly ignorant of its reach.

This might change soon

More here

Roundtable on (Cyber)Security for stakeholder inputs to GCCS2017

Roundtable on security
Internet Society India Chennai Roundtable for stakeholder inputs to cybersecurity policy

The Internet Society India Chennai  Round Table for Stakeholder inputs was held on the on October 22 at The Raj, Residency Towers, Chennai during 6-9 pm. This event on 22nd gains added importance as an event that was  organised as a Preparatory event to the Global Conference on Cyberspace to be held at New Delhi, as a High Level global diplomaticand policy event later this year.

The Round Table topic goes well beyond Internet Security, and broadly and loosely examined how Internet Security measures spill over to everyday life and how various security concerns, valid and real, sometimes translate into restrictions that alter the way we live our lives. The intention has been to see if diverse view points could contribute to Security design and help evolve good Security policies. The session was open for remote participation and recorded. The recording of the session is accessed from the link below:

Roundtable for stakeholder inputs to Cyber(Security)

This Roundtable event was in follow up an earlier Roundtable event during an ISOC Chennai DNSSEC/KSK rollover policy session at GRT Grand Hotel aur earlier event during June at Chennai. The Report on July 9, 2017.  A writeup based on the June event was sent to the Internet Governance Forum (IGF) Best Practices on Cybersecurity as inputs and attached below for context.

Reference Documents from the earlier (July9) event: (links below)

Internet Society India Chennai Response to the Questionairre from the IGF Best Practices Forum on Cyber Security

Report on Internet Society India Chennai Roundtable on the policy aspects of Cybersecurity:

Internet, Internet Governance and the Stakes

We organized a round table event with a select list of 25 participants at Residency Towers on 22 October to discuss the broader policy aspects of (Cyber)Security. Prior to this event, on invitation from NIT Calicut Alumni (Chennai Chapter) we had a conversation on “Internet and Internet Governance and the Stakes”

The link below points to the recording of the one hour session with the Chennai Chapter Alummni of the NII. Please follow the link to watch the event.  Our voices sound  a little different due to a recording error.

https://drive.google.com/open?id=0BymSF9LysHAKR3pTSU13VjY0MGc

Pre-event to a preparatory event: Oliver Crepin-LeBlond and Sebastien Bachollett at an ISOC India Chennai event with the Chennai Chapter of NIT Calicut Alumni

ISOC Chennai – ICANN DNSSEC KSK event at Chennai

To reach another person on the Internet you have to type an address into your computer – a name or a number. That address has to be unique so computers know where to find each other.

ICANN coordinates these unique identifiers ( Names and Numbers) across the world.

When typing a name, that name must be first translated into a number by a system before the connection can be established. That system is called the Domain Name System (DNS) and it translates names like https://wikipedia.org into the numbers. These numbers are called Internet Protocol (IP) addresses.

ICANN coordinates the addressing system to ensure all the addresses are unique. Without that coordination we wouldn’t have one global Internet.

Recently vulnerabilities in the DNS were discovered that allow an attacker to hijack this process of looking some one up or looking a site up on the Internet using their name. The purpose of the attack is to take control of the session to, for example, send the user to the hijacker’s own deceptive web site for account and password collection.

A technology called DNS Security Extensions (DNSSEC) secures this part of the Internet’s infrastructure. You can read more about DNSSEC here:

https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en

ICANN organises DNSSEC Training and Events worldwide. The Internet Society India Chennai Chapter would co-organize a DNSSEC event at Chennai on July 9, 2017. ICANN would host this event.

This would be a half-day session on DNSSEC with particular attention to the KSK rollover for the technical community in Chennai.  The event is open for ISPs, Network Operators, DNS Administrators and other Interested parties, preferably for those whose line of work relates to DNSSEC. Please reach out to the companies / organizations including educational institutions, Law and Order Agencies, Banks, ISPs, IT Companies and independent professionals you may know to be likely to have an interest in this topic.

The session would cover the following topics during 9 30 am – 1 pm, followed by Lunch

dnssec
Domain Name System Security Extensions

 

DNS and DNS Security Overview
Why DNSSEC?
Root Zone DNSSEC KSK Rollover

 

There is no Admission fee. However,  pre-registration is required as seats are limited to 30. The form is at page https://goo.gl/forms/YQO2KxCfTaVWul1X2 (short link)

( The above link points to: https://docs.google.com/forms/d/e/1FAIpQLSeT88T3jM5gn0Oyjk_cXTMI98xLwOa3jVbFNfN0rvkc7Ozlpw/viewform?usp=sf_link  )

After Lunch we will have an hour of discussions on the policy aspects of DNS.  This session would be for Business and Community Leaders who have an interest in Internet Policy, who would join us on invitation. If wish to recommend names of Business / Community Leaders whom you might have expertise and interest in the security aspects of DNS, please pass on the names by email to isocindiachennai AT gmail DOT com The invitees would join other participants for Lunch at 1 pm which would be followed by about 60 minutes or round table discussions on the policy aspects of DNS.