Tag: usable | SpinSafe

NSA Blew $100 Million On Phone Records Over Five Years, Generated Exactly One Usable Lead

February 26, 2020/in Internet Security

The telephone metadata program the NSA finally put out to pasture in 2019 was apparently well past its expiration date. Since the initial Snowden leak in 2013, critics have argued the program needed to die since it was obviously the sort of general warrant rummaging (only without the warrant!) the founding fathers headed off with the Fourth Amendment.

The program wasn’t remade/remodeled until the passage of the USA Freedom Act in 2015. That took the phone records away from the NSA and left them at their place of origin — the databases maintained by telcos and other service providers. The government was also required to put forward some sort of articulable suspicion before asking for phone records from telcos.

The NSA was uniquely unprepared to handle these sorts of transactions, having been built from the ground up to collect everything and sort through it later. Now that its searches were more confined, it frequently found itself obtaining more records than it could legally justify having. The cost of compliance managed to outweigh the benefits of the program and the NSA just kind of stopped approaching the FISA court with requests for communications metadata.

Still, proponents argued the program had value — possibly unrealized — and that it should not be written out of existence by the periodic surveillance powers renewal process. I have no idea what they planned to use as evidence for these claims. A new report by Charlie Savage for the New York Times makes it clear even the most obligatory cost-benefit analysis should lead Congressional oversight to question why it allowed the modified Section 215 collection to limp along for another five years.

A National Security Agency system that analyzed logs of Americans’ domestic phone calls and text messages cost $ 100 million from 2015 to 2019, but yielded only a single significant investigation, according to a newly declassified study.

$ 100 million for a single investigation lead. How’s that for ROI? It actually produced two leads, but the other lead was a dead end that terminated an investigation before it could get past its initial stages.

Not only was the program useless, it was also redundant.

It also disclosed that in the four years the Freedom Act system was operational, the National Security Agency produced 15 intelligence reports derived from it. The other 13, however, contained information the F.B.I. had already collected through other means, like ordinary subpoenas to telephone companies.

Killing the program just makes sense. And Congress can do it with during the renewal process for the USA Freedom Act, which expires in March of this year. With this information in the public domain, no one can seriously argue the program should continue to consume tax dollars and provide almost zero usable intel for another five years. Given the fact these agencies can still use subpoenas to target phone records, it would seem far more beneficial for everyone if the NSA and FBI did a bit more targeted snooping, rather than use the Foreign Intelligence Surveillance Act to sweep up Americans’ phone records.

Permalink | Comments | Email This Story

Techdirt.

Sonos’ Wasteful ‘Recycle Mode’ Bricks Perfectly Usable Tech

January 3, 2020/in Internet Security

Sonos is taking heat this week for a wasteful “feature” in its “smart” speakers that isn’t all that smart.

Last October, Sonos announced a new “Trade up” upgrade discount program that let you trade in older Sonos hardware for a 30% discount on new gear. But buried within the program was a bizarre caveat: to get the discount, users need to put their old hardware into “recycle mode,” which effectively bricks the product preventing it from being used again. According to Sonos, once you apply online you’ll get the discount immediately, but the speaker system you’re trading in goes into a 21 day countdown mode before it’s inevitably made useless:

“Recycle Mode is a state your device enters 21 days after recycling confirmation in the Sonos app. In Recycle Mode, all data is erased and the device is permanently deactivated so you can safely and securely dispose of it. Once a device is in Recycle Mode, it cannot be reactivated.”

One Twitter user, who works at a hardware recycling center, offered a good thread highlighting the stupidity of the program that’s well worth a read:

Sonos states on their website that "sustainability is non-negotiable," and that they design products to minimize impact, but I work at an e-waste recycler and have demonstrable proof this is false.

Sonos's "recycle mode" intentionally bricks good devices so they can't be reused. pic.twitter.com/VJDNhYOxRy

— ralph waldo cybersyn (@atomicthumbs) December 27, 2019

The fact that repurposing the hardware (or selling it to somebody else) never entered Sonos’ executives brains suggests the program — which is heavily hyped as being “environmentally friendly” — wasn’t particularly well thought out. Sonos, for its part, tries to tell The Verge that the company is worried about performance degradation with these older units:

“The reality is that these older products lack the processing power and memory to support modern Sonos experiences. Over time, technology will progress in ways these products are not able to accommodate. For some owners, these new features aren’t important. Accordingly, they may choose not to participate in the Trade Up program.

But for other owners, having modern Sonos devices capable of delivering these new experiences is important. So the Trade Up program is an affordable path for these owners to upgrade. For those that choose to trade-up to new products, we felt that the most responsible action was not to reintroduce them to new customers that may not have the context of them as 10+ year old products, and that also may not be able to deliver the Sonos experience they expected.”

But that still feels like Sonos attempting to control the uncontrollable. Users who buy discounted older tech should know that this value equation comes at the cost of older, less efficient gear. And the decision to cripple perfectly functional kit (which Sonos quietly admits is reversible on a “customer by customer” basis, in contrast to what the Sonos website claims) only contributes to a culture that celebrates waste but often undermines repair and re-use.

Permalink | Comments | Email This Story

Techdirt.

Usable Security – Reply to “Security Now” – (by @baekdal)

April 21, 2011/in Computer Security

Back in 2007, I wrote an article about password security. Specifically how you could create a simple and usable password while remaining secure. In that article, you can read that it is 10 times more secure to use “this is fun” as your password, than “J4fS<2“.

The article is the 6th most popular article of all times on Baekdal.com. It has been read 1,364,640 times and last week it suddenly spiked again.

Many people have commented that I am wrong. They say that the password can be hacked much faster (using rainbow tables and similar), that it is not random enough, that it is too simple etc.

It culminated yesterday, when the highly respected security expert, Steve Gibson of GRC, talked about it in his popular podcast “Security Now” – along with Leo Laporte.

You can watch the whole thing here: http://twit.tv/sn297 (video coming)

Note: I deeply respect Steve and Leo, and I frequently watch the podcasts, as well as many other shows on Twit.tv.

Steve basically said the same thing as many others. It can be hacked a lot faster. It is not random enough. it is too simple.

He is absolutely right and I agree with what he said. But, does that mean I am wrong? Well, no – not really. Let me explain.

You can always make a password more secure by adding complexity. But you will also very quickly reach a point in which it is no longer usable.

You cannot remember a password like “8dU2i2xs1*hT#4A9tccT.” And even if you could, it would be really annoying to type.

The time and agony involved in using that password would costs too much, compared to the low risk of using the much simpler “this is fun” (which is still 11 characters long and quite secure). Read more

Anti-phishing coalition deploys real-time education program – Help Net Security

October 19, 2009/in Computer Security

The APWG (Anti-Phishing Working Group) and Carnegie Mellon University’s CyLab Usable Privacy and Security Laboratory (CUPS) will announce tomorrow the deployment of their real-time counter-eCrime education system designed to instruct consumers the …

Tag Archive for: usable