SEARCH CLINIC

Search engine online marketers
Subscribe Twitter Facebook Linkedin

Archive for February, 2016

Paris attacks: Silicon Valley in crosshairs over encryption

February 18, 2016 By: Dr Search Principal Consultant at the Search Clinic Category: Apps, Computers, Customer Service, data security, Email, Hackers, internet, Personal Security, Search Clinic, Uncategorized

Grief over the Paris attacks will soon make way to demands for action.

Grief over the Paris attacks will soon make way to demands for action.

As well as increased military activity, and the controversial suggestions to close the door on refugees, the next battle in the “surely something can be done” arena will be aimed squarely, and angrily, at Silicon Valley.

Tech companies were already under pressure to make it easier for governments to access “private” communication apps and services. Those calls have intensified greatly since the attacks in Paris.

The “problem” is to do with encryption.

Without encryption, all of the things we do online would be insecure, be it emailing, or shopping, or banking. They all rely on the principle that if you encrypt data using complex mathematics it is nigh-on impossible to crack.

If you’re using communication apps such as WhatsApp, Apple’s iMessage, WeChat and so on, your messages are encrypted by default.

It means that even if those companies wanted to hand over your messages to law enforcement, they couldn’t.

“There are a lot of technological capabilities that are available right now that make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it,” said CIA director John Brennan at a security forum on Monday.

“And I do think this is a time for particularly Europe, as well as here in the United States, for us to take a look and see whether or not there have been some inadvertent or intentional gaps that have been created in the ability of intelligence and security services to protect the people that they are asked to serve.”

An opinion column in the New York Times, authored by Manhattan’s district attorney, and the City of London Police commissioner, said “encryption blocks justice”.

In the piece, published back in August, they wrote about a murder near Chicago in which a father of six had been shot. At the scene, officers found two mobile phones. But they were passcode locked. Neither Google or Apple (the phones ran their software) could unlock the phones, and therefore the data was inaccessible.

“On behalf of crime victims the world over,” the opinion piece read, “we are asking whether this encryption is truly worth the cost.”

It’s an argument that can be made with more vigour than ever after the Paris attacks.

With access to communications, the anti-encryption advocates say, we could perhaps stop these tragic events from occurring. That’s a claim worth scrutinising.

It’s early days in the investigation, and no evidence has yet been offered to show that encrypted communications were used to organise the atrocity.

But technology industry is, on the whole, against the suggestion that law enforcement should have “backdoors” into popular services – the term given to a hidden way of circumventing the app’s security.

A backdoor, in the infosec world, is the term given to a method in which a supposedly secure system can be accessed. It could be a quirk in some code, or a vulnerability in how a system communicates. Whatever the weakness, typically, once backdoors are made public, they are fixed.

Hackers make serious money by discovering backdoors and selling them on – often to government security services.

Many in law enforcement and government feel there should be a backdoor made just for those in authority to investigate and stop criminals and terrorists.

But some of tech’s most influential figures say that the notion of a secure, secret backdoor is dangerously misguided.

If any backdoor exists, hackers will find it eventually. It would mean data security for all of us, not just criminals, would evaporate.

 

Cost concerns over web spying proposals

February 13, 2016 By: Dr Search Principal Consultant at the Search Clinic Category: Browser, Computers, Customer Service, data security, Dr Search, Google, internet, Personal Security, Search Clinic, Uncategorized

Disentangling data can be difficult and costly, say net experts.

Disentangling data can be difficult and costly, say net experts

UK MPs are investigating what it will cost ISPs to meet government proposals to log where Britons go online.

The House of Commons Science and Technology committee is looking at whether gathering data on net-using citizens is even feasible. It also wants to look into the potential impact that logging browsing will have on how people use the web.

The consultation comes as questions mount over the money the government will set aside to support monitoring.

The draft Investigatory Powers Bill (IP Bill) was unveiled last week and it attempts to update the way the state, police and spies gather data to fight crime, terrorism and other threats.

One of the most contentious aspects of the IP Bill obliges ISPs to record information about the services, websites and data every UK citizen uses. These “Internet

The Science and Technology committee has said it wants to look more deeply into this and its potential cost.

In a notice announcing the inquiry, the Committee said it wanted to find out if it was possible for ISPs to meet the IP Bill’s requirements. The text of the Bill asks ISPs to log where people go but not what they do when on a site or using a service.

MPs also want to find out how easy it is for ISPs to separate data about a visit to a site from what happens once people log in, because more stringent rules govern who can discover what people do on a site as opposed to the sites they use.

The Committee will also look at how much it might cost the providers to do this.

The government has said it will provide £175m to ISPs over 10 years to pay for data to be gathered and stored.

ISPs watch the flows of data across their networks to help manage traffic, he said, but they typically only sample these streams because they deal with such massive quantities of information every day.

How to protect your online brand against cybersquatters

February 02, 2016 By: Dr Search Principal Consultant at the Search Clinic Category: Browser, Computers, Customer Service, Cyber Security, Google, internet, Uncategorized

Cybersquatting is buying up website addresses, or domain names, that sound very similar to existing well known brand names.

 

When Google recently launched its new parent company Alphabet, and the abc.xyz web address, there were more than 20,000 registrations by people attempting to take advantage, registering names like googlefiber.xyz or googledocs.xyz.

And in January, eBay won one of the largest cybersquatting cases, winning the ownership of more than 1,000 domains that had used its trademark.

Protecting your brand name online is of critical business importance for smaller companies as well.

The potential for cybersquatting has grown since the Internet Corporation for Assigned Names and Numbers (ICANN) – the international body responsible for co-ordinating all these addresses – began issuing hundreds of new generic top level domains (gTLDs), such as .xyz, and .nyc, as well as controversial ones like .sucks and .porn.

When ICANN proposed allowing these new generic top level domains, the trademark world was not receptive to that idea because they were so concerned about cybersquatting and poaching. Those concerns would appear to have been justified.

People were “just overwhelmed” by the number of gTLDs becoming available.

In the distant history you had .biz or .info and things like this coming online in a small round of five or six new gTLDs. Now the burden of protecting your brand online is potentially much higher as more extensions become available.

So how do you protect your brand online?

Registering it as a trademark is a good first step as it gives you more rights over related web addresses.

Under ICANN’s Trademark Clearinghouse (TMCH) rules, a domain registry must provide a “sunrise period,” during which trademarked brands registered in the TMCH can buy domains before they are publicly available.

Simply buying up lots of addresses that are variations of your brand name is one option. But this can get expensive for a small business, as domains can vary in price from 99p to several thousand pounds.

GoDaddy, a web hosting company, says: “Really, nobody has to go out and buy hundreds of domain names across their brands and keywords to protect themselves. Be thoughtful about the handful of names that are most important to you and think about registering those – ones that if you saw in the hands of your closest competitor, you wouldn’t be happy about it.”

If you think a cybersquatter has bought a domain name that infringes your trademark, you can go through ICANN’s uniform domain name dispute resolution (UDRP) system to have your case heard by a panel of experts.

“The UDRP keeps people out of court,” says the WIPO. “If you’re sitting in the United States and there’s somebody in Vietnam that’s squatting on your brand, you don’t have to go a local court.”

Another option is the uniform rapid suspension (URS) system, which is a “lighter version.”

At the end of the UDRP process, I get the domain back in my portfolio and keep it out of the hands of other infringers. Under the URS though, it just gets suspended or taken down for the duration of the registration period.

The brand owner then has the choice of trying to obtain the domain in the future or waiting to see if anyone takes it again.

The cybersquatting issue is likely to keep lawyers and dispute resolution panels busy for years to come.