Category: Privacy

Short Cross posting

… Not from anyone, not from anywhere. But crossing some book tips, and asking for comments.
Was reading the Good Book, when realizing that it, in conjunction with Bruce, could lead to some form of progress beyond the latter when absolutist totalitarian panopticon control frameworks might seem the only way out. In particular, when including this on the Pikettyan / Elyseym escape or not that serves only some but not the serfs. And then add some Mark Goodman (nomen est omen, qua author, and content?) and you can see where Bruce may have missed exponential crumbling of structures, and said escape might be by others than the current(ly known) 1% … Not all Boy Cried Wolfs will be wrong; on the contrary — Not Yet is very, very different from Never, but rather Soon Baby, Soon.

Not rejoicing, and:
DSC_0097
[Nope, not safe here (Haut Koenigsbourg) either.]

Last night a … saved me (updated)

As @swiftonsecurity (and of course @meneer of #ditchcyber fame) and others may improve since the rhythm is only almost perfect, already this:

[To the music but outdated lyrics of Indeep — but what style
 (Hey @ESCIA is that you with the mic ..?)]

Last night an information risk / security management professional saved my desktop PC life
Last night an information risk / security management professional saved my desktop PC life
Cause I was sittin’ there screen of death’d bored to death
And in just one breath he chatted said

You gotta reboot get up
You gotta reload get on
You gotta restore get down girl
You know you drive me #DIV/0! crazy baby
You’ve got me turning to another OS man
Called you on the VOIP phone

No one’s pinging back home
Baby why ya leave me all >dev/null alone
And if it wasn’t for the endless GitHub surfing music
I don’t know what I’d do

Last night an information risk / security management professional saved my desktop PC life
Last night an information risk / security management professional saved my desktop PC life from a broken pipe heart
Last night an information risk / security management professional saved my desktop PC life
Last night an information risk / security management professional saved my desktop PC life with a patch song

You know I hopped into my notepad car
Didn’t need to leave the coffee shop get very far no
Because I had you on my stash of data-breached X-rated pics mind
Why only give you a ticket and secretly close it immediately be so unkind?

You’ve got your hapless users women all around
All around this AD town, boy
But I was trapped in the SLA from hell love with you
And I didn’t know what to do
But when I turned on my RTFManual radio
I found out all I needed to key in know
Run the diagnostics kit Check it out

Last night an information risk / security management professional saved my desktop PC life
Last night an information risk / security management professional saved my desktop PC life from a broken pipe heart
Last night an information risk / security management professional saved my desktop PC life
Last night an information risk / security management professional saved my desktop PC life with a patch song

Last night an information risk / security management professional saved my desktop PC life
Last night an information risk / security management professional saved my desktop PC life from a broken pipe heart
Last night an information risk / security management professional saved my desktop PC life
Last night an information risk / security management professional saved my desktop PC life with a patch song

Hey listen up to your local information risk / security management professional
You better hear what he’s got to type so fast you can’t keep track say
There’s not a problem that I can’t fix
Cause I can do it in the rogue exploit suite mix
And if your crappy ol’ XP machine man gives you trouble
Just you step away from the keyboard move out on the double
And you don’t let it trouble your ‘brain’ brain
Cause away goes PEBKAC troubles
Down the drain
I said away goes PEBKAC troubles
Down the drain

Last night an information risk / security management professional saved my desktop PC life
There’s not a problem that I can’t fix
Cause I can do it in the rogue exploit suite mix
There’s not a problem that I can’t fix
Cause I can do it in the rogue exploit suite mix

Last night an information risk / security management professional saved my desktop PC life
There’s not a problem that I can’t fix
Cause I can do it in the rogue exploit suite mix
There’s not a problem that I can’t fix
Cause I can do it in the rogue exploit suite mix

Quite an improvement indeedp … And leaving you with, of course:
Indeep

You must, you mustn’t

Strange. The last couple of weeks, months, have seen a resurgence of “Anything that is not explicitly forbidden, is allowed.
Which was, well, true in only the most devolved, twisted (pejorative sense) means/ends ethics and morals discussions. And still is. But suddenly, there’s a new angle: All that aren’t involved in the spoils of such tactics (not being rich enough to have used Panama Paper style constructions, even when not aware as such vulgar ‘money’ things had been handled by sycophant minions (of mind, certainly)), want the overthrow of the said sad sentence, by including that all that is permitted, should not be done when (not if) the moral higher ground would forbid it, still.

I can agree. Being in the category of … well mostly having first-world problems and not (much) more. But then again, it strikes me as odd that somehow, we don’t have good handles to straighten out the wicked ones — bar revolution. Because our legal system doesn’t seem to be as strict as it once was; forbidding all that was not allowed for a proper functioning of society. There have been changes to society… Where theft is still impermissible if of physical stuff, but in many ways is perfectly good to go when by failure to act, like many 1%ers. Though Aristoteles (Ethica Nicomachea; read the damn thing!) rightly would frown upon such dimwittedness but there.
So, actually, law would have to change but hasn’t. The very ones to be controlled by it, of course, are the first through the escape vents. And, Pikettyan or Elysium style, might prevent catching up categorically.

We could discuss on and on. But prevalent is: Now what ..? So, for the time being:
20140930_124258
[‘Coloured in, otherwise too bleak your future is’; The Hague]

I am Satoshi Nakamato

… If only to dilute the discussion. And to all be Spartacus. Let the Craigs be the fools (not even meant lightly; rather pejorative here) they are. The absolute hard-math sides of Bidkoyn coming full circle to the mysteries to be kept mysteries for the very sake of it for once you dumb.ss! of its origins.

To keep it real:
20140917_091306_HDR
[Mining precedes, but the use side is in transport ..? <Think that one over> at Utrecht]

Emerging degrees of privacy

Given that ‘privacy’ is a property that emerges from good Security, more particularly from Confidentiality (and Integrity), there’s two avenues to succeed in this field:

  1. If quick and maybe even too dirty: Data minimalisation (as e.g., here, in Dutch)
  2. Else (OR?): Fine-grained protection, also against the default Read all down the stack (user / end point / comms channels / applications / middleware / servers / storage — with the latter maybe crawling up and down the stack again when virtualizing in the cloud)
  3. Because binary’s not my thing and keeping it real (i.e. (!) not being consistent) is: Would any of you have pointers to some science on possible degrees or levels of privacy ..?
    The idea keeps floating around in my skull. Including degrees of invasion! Where sometimes, the required degree (as set by the subject) would be less than the degree for some government agency so everything goes … for this some data point only. Yes, Value creeps in as a boring subject but isn’t everything. Should be a field of study …?

Thanks anyway for all your pointers on the last item… (none); hence:
DSC_0732
[It’s watching over your shoulder….! Het Loo]

Repeat: Trawling for noise

So… Legal developments go at glacial ‘speed’, thus mumbling critical oversight to sleep. Happened, once again, in NL. Mass collection (sic) of and trawling through all sorts of data ‘out there’ is free game for gov’t agencies.
NO the oversight committee will not do anything. Anyone saying so, plainly and simply lies under oath to overthrow the constitution (isn’t that high treason?)

But what will happen of course, is that those that in the past weren’t able to connect the dots (proven fact), will now be swamped in enormously bigger piles of noise data. At the very very best (??) they’ll find bucketloads of false positives — ruining perfectly normal, perfectly legally operating citizens’ lives, of course without any serious recourse or restitution of lost life’s pleasure and happiness…
And the false negatives will also explode, induced by the very ‘countermeasures’.
So, also those that propose and implement and work with such ‘solutions’ quod non, will be culpable to.

Oh well Or well was right. Plus:
DSC_0516
[I don’t want or like, but do expect, a similar thing again; for different reasons but with no really different methods — Prinsenhof Delft ya’know]

Crash’in the wings

… Thinking back of the Taleb’ian remarks, and truths, on Extremistan, and how some more or less closely watched parameters may lose their variance but not their uncontrol since such petering out of shock’lets are just the precursors of an asteroid impact scale collapse, I wondered what is about to happen in infosecland. Since for weeks, nay months already, there has hardly been any news… Apart from the usual suspects (#ditchcyber ..!), there hasn’t been anything serious, has there, by means of yet another class break or more comprehensive controllability breakdown?

Which is why everyone should sit more uneasily, in stead of the opposite sleeping better than ever.

But then, this was the message from your Wolf-crying boy …?

To which:
elk-06

[Since last Friday, you know this isn’t a reindeer but an elk that is no moose, at least not everywhere]

Watson’s ID

Does Watson have an identity? Because, when it (sic; why not ‘she’ ..?) is intelligent enough to make its own decisions, it may want to, or know ways to obtain, or be bestowed with, personhood of some sorts. To which it may need an identity, and according ID.
But that all hinges on the construct of a single, identifyable instance of <something>. And all sorts of fancy dancy press announcements — where one might ask ‘Where you’ve been to come to the show only now’ — regarding deploying ‘Watson’ in some confined business context seem to start to fly around; mostly with corporates having a dire need to blow over the news of their atrocious lack of morals — but what is it they use?
Most probably only a time share (think S/36 style) or copied-instance or copied-engine of the concept / most elaborately trained instance available.
Do we have a criminal / misdemeanour system in place already for such non-human persons? No, I don’t mean the sorely failed ‘corporate’ personhood approach as that’s a hoax. People still are in charge of corporates, and are punishable per (Board!) capita for anything that anyone does on behalf of their employer XOR they are fundamentally not allowed to act independently in any society.

Only now do we have new entities coming aboard that behave like individuals but have none behind them to cover for accountability … or they aren’t individual operators. So, no choice. But as yet, no legal system to operate in. Conundrum!

On a somewhat tangential (is it?) node: Yes, AlphaGo has beaten a human a couple of times, and the other way around now, too, but that doesn’t mean the game is lost (its interest); see Chess. And, ‘who’ has beaten the human player? Is it a ‘who’ or is it (not only) an ‘it’ or not even that, is it too abstract to say that a ‘robot’ that is in fact an ‘information system somewhere out there dispersed in place, maybe even in time’ has beaten a human..? AGI has no power plug, people!

Also,
The Church
[“The” Church, Ronchamps]

Security so(m)bering

There’s this discussion going down on the merits of privacy versus security. Whether the one is part of the other, or the other way around, or both. Whereas the smarts are with considering privacy enhanced by good confidentiality settings ’cause they see that privacy is an issue of higher (abstraction) order than mere confi; achieved by it but only as infosec are the bricks and mortar when all you wanted is not bricks or so but a wall.
Through which you may reflect on compliance in infosec. Because hardly ever, is that taken to include compliance with the principles and business objectives and conditions that include being sparse with hinder to the business. Really, those that truly set only guiding rails not enforcement rails, are the unicorns of the trade. No, not those unicorns, those are just frauds anyway.
You may try to do better; really. It starts with risk … when properly applied, you would not get the remarks about ‘why, it has never happened to us before / what are the odds?’ but might even get better support for some slightly hindering process changes and better (but less end user detectable) ‘infra’ i.e., everything under the users’ level of visibility.
So, I’m not sombering or if, about the eager beaver pervasive prevalence. Because sobering up, wising up, may win the day and may be due…

We shouldn’t somber too much… Isn’t this a perfect opportunity to finally demonstrate how we do (… can …) link up information security to real business issues at the highest GRC levels. Since we shouldn’t be passive, and leave ‘privacy’ to be taken over by lawyers jumping into the current Privacy Officer void. Since we can translate all the operational and tactical work that we do on privacy, all the way up to strategic levels and still be very concrete. And not have to wait till ill-understandable “guidelines” (shackles) keep us from achieving something.
No more wannabe whining about ‘deserving’ a seat at the Board table or at least be heard; not asking to be allowed but matter-of-factly showing ‘Done.’ … if, not when, you did informtion security right all the way…

Just like that:

[“Na na nanana can’t hear you!”; Porto]

De nieuwe KvK-registratie

Voor velen is het een klusje dat lastig is, maar er nu eenmaal bijhoort als onderdeel van ‘being in business’.
De registratie bij de Kamer van Koophandel. De basics, bij de enthousiaste start van bijvoorbeeld een zelfstandig bestaan. Het onderhoud, bij wisselingen in het verenigingsbestuur — en dan blijkt de KvK dermate relevant, dat men nog een natte handtekening vereist maar dan wel in het bekende veel te kleine rechthoekje te plaatsen waardoor de gezette handtekening welhaast per definitie niet klopt…! Hoe diep in het vorige millennium kan je achtergebleven zijn; dit toont wel aan dat de KvK welhaast niet nuttig meer kan zijn…

Maar nu is er in tijden van ‘cyber’ (#ditchcyber!) een alternatief of eerder, een vergelijkbare registratie: Bij de AP.
Jawel, de Autoriteit Persoonsgegevens, zo genoemd omdat de verwarring met het begrip ‘privacy’ nog niet groot genoeg was wellicht, en hernoemd om weer een decennium opstarttijd te geven voordat effectiviteit kan worden verwacht en alsdan weer een nieuwe tijd aangebroken is die vraagt om een ‘andere’ instantie ..?
Want we hebben immers de Wet meldplicht datalekken… Met 700 registraties in de eerste twee maanden (rekening houdend met een volle eerste maand nieuwjaarsborrels, dus een week of vier) is wel duidelijk dat het een kwestie is van (aan)melden en verder gelukkig niets — tenzij men pech heeft niet politiek relevant te zijn en ‘dus’ najaagbaar …

Ach, overheid; leuker kunnen ze het niet maken, wel onmogelijker…?
DSCN1834
[En daar komt nou ook niet echt tegenwind vandaan…]

Maverisk / Étoiles du Nord