shift change 2024-02-14

Will

4 min read

Welcome to your shift change report: news from the off-going watch to the oncoming on anything interesting in privacy, security, or intelligence. 

1. Privacy is not dead, it’s just slow catching up.

privacy rising from the coffin

The Electronic Frontier Foundation highlights a few trend that should perk up a down-and-out privacy appreciator, like:

  • Laws finally catching up in states across the Union and, well, the planet.
  • Civil society organizations growing and multiplying to tackle the threat.
  • More and more of the internet and its protocol stack is encrypted.
  • More and more location data requires a warrant (or someone can just ask your pharmacist).
  • Despite the US’ government funding and encouraging location and sensitive data hoarders business models, the same US government is trying to tamp down on the hoarding of location and sensitive data, that is also buys…

Ok, that last one is not working out as well as I’d hope, but the US government contains multitudes and loves to contradict itself. 

Things, some things, not all things, are getting better. But the vast majority of the “getting better” is trying to attack symptoms not causes. That’s like trying to develop the world’s best cough medicine but not telling people to wash their hands. Great, I’m glad someone is shoving Robitussin down my throat, but maybe the wisdom was in avoiding the sickness in the first place.

For everyone of EFF’s positives-to-appreciate, there are stark counterexamples of the underlying problem of data hoarding and surveillance-ease being drugs the government and companies pushing for profit, profit, profit want us off of but won’t take themselves off of.

2. If police want to fly a drone over your house and fine or punish you—they need a warrant. Towns the police work for…think they are different?

super random next door high def drone overflights that happen to find stuff

Oh, we can’t fly a drone over his house to catch him in a code violation? What if we fly near his house and our high def cameras happen to pick up code violations while we look at something near his house? 

If a pilot was in the drone, not controlling it remotely, this is not even a question, you need a warrant. But a great way to measure the contempt your government has for you or the Constitution that restricts their activities, is how absurd a proposition they provide as explanation for why they should already be able to steamroll your rights. We just happened to be looking next door to a guy we have been looking at for code violations and then when we were just looking at things nearby we CAUGHT THE CODE VIOLATIONS WE DEFINITELY ALREADY TOLD YOU WE WEREN’T LOOKING FOR. But now that we accidentally saw it while looking near it, we want to use it like we did the warrant stuff correctly.

C’mon.

3. Common or cherry laurel? Pick out your privacy hedging.

Get non-digital with your privacy options. I love highlighting physical privacy protections, especially around your home. If you wonder why—see the two above stories, and read up on what a reasonable expectation of privacy is, and why deliberate privacy-enhancing decisions can actually provide legal protection.

4. The United Nations confirms well-known theory that North Koreans love stealing money—but that money may feed new trends—what could you do with 3 billion dollars?:

throw money at it
The full UN report will be published in the weeks to come, Reuters sources said, and will include new trends in North Korean state-sponsored hacking including increased collaboration between threat groups, targeting of the defense sector, and supply chains.

5. Have a lead on the Hive ransomware group? The US government would like to validate that information and give you money—up to 5 million dollars (potentially, maybe, whose to say?)

more money

If you are a random internet sleuth, this money is almost certainly not for you. This government money is almost certainly targeted at peeling away layers of the Hive onion by incentivizing someone involved to come forward, so investigators can start unravelling the network. If it works, in the next year or so maybe the US government indicts some people overseas with little hope of actually hauling them into court or punishing them for their crimes, but it aids continual attribution for relatively low cost. And if no one comes forward with anything useful it's literally free.

## The shift change is a collection of timely stories of interest in the security, privacy, and intelligence worlds. Thanks for reading, and feel free to reach out to will@signaltonoise.fyi for any questions, comments, or thoughts on items you’d like to see highlighted (especially if its free, virtual training or networking events that could help the community as a whole).

Read more