PRISM Fallout: In Cloud We Don’t Trust?

first_imgServerless Backups: Viable Data Protection for … The NSA does not monitor every piece of data, the story reports, only targeted individuals. But the capability to monitor the target within all of the companies’ data is there, according to the slides obtained by the Post.All of the companies named in the leaked slides have categorically denied being involved in PRISM, which is pretty much the only answer they can give: if such a program exists, they are likely bound by court order from revealing their participation, and if it doesn’t exist, then they are truthful in denying it. The U.S. government, for its part, acknowledges that such programs do exist, but that the documents published by the Post and the U.K.’s Guardian contain “numerous inaccuracies.”Which, alas for the U.S. tech industry, isn’t exactly a “no.”Perception-wise, the firms named in the leaked slides are screwed. If PRISM doesn’t exist, it will be very hard to prove otherwise in a climate where distrust of government is at an all-time high. If PRISM does exist, then the perception of these companies will either be as lying co-conspirators in a massive breach of user privacy – or incompetent morons who don’t know that the U.S. government can get into their data whenever it wants.The most likely scenario here is that the tech companies are being very, very literal: they can deny ever hearing of a program called PRISM because they may have really never heard of it. Ars Technica spoke with Electronic Frontier Foundation Staff Attorney Kurt Opshal, who outlined what’s probably going on with these denials:“Whether they know the code name PRISM, they probably don’t,” [Opshal] told Ars. “[Code names are] not routinely shared outside the agency. Saying they’ve never heard of PRISM doesn’t mean much. Generally what we’ve seen when there have been revelations is something like: ‘we can’t comment on matters of national security.’ The tech companies responses are unusual in that they’re not saying ‘we can’t comment.’ They’re designed to give the impression that they’re not participating in this.”In Cloud We Trust?Successfully pulling off that impression would seem to be nearly impossible and the nine tech companies named in the PRISM documents are in for a world of pain. Already, U.S.-based users, individual and corporate, are up in arms about the perceived breach, even as the U.S. government insists that it is not spying on its own citizens, but is targeting non-U.S. citizens in its quest to maintain national security.US companies may end up becoming more active participants in cyber/national security related activities anyway, depending on how Department of Defense cyberwar rules of engagement play out. (See also: New Cyberwar Rules Of Engagement: Will The U.S. Draft Companies To Fight?)But for public cloud users who reside outside the U.S., the statements about non-U.S. targets are sure to have a chilling effect. Especially in the European Union, which has been critically examining their data relationship with the U.S. for some time. That relationship, once precarious, may have just gotten pushed off the cliff.Currently, data generated by European companies is bound by the strictures of the E.U.’s 1998 European Commission Directive on Data Protection (ECDDP), which, among other things, blocks data from being transferred to outside the European Economic Area unless the E.U.’s strict protection guidelines were followed.The problem is that U.S. laws and policies let data like names and addresses be handled in ways that were way outside the ECDDP comfort zone. This would have effectively prevented any European data from being stored on U.S.-based clouds and data centers, were it not for Safe Harbor.Established in the Fall of 2000, Safe Harbor is a compromise that would allow data interchange to take place. Safe Harbor requires that companies follow a certain set of privacy practices, such as informing individuals that their data is being collected and how it will be used. If Safe Harbor rules are followed by U.S. companies, which self-certify themselves to be Safe Harbor compliant, then E.U. data can be stored in the U.S., which is handy since many of the world’s biggest public cloud services are located in the U.S.All of the E.U. nations, with the exception of Germany, are participants in the E.U.-U.S. Safe Harbor agreement. This is why in Germany, corporate workers are prohibited from using services like Google Docs to store and work with company information. (One has to wonder if the Germans didn’t have an inkling that something like PRISM was going on.)The Europeans have had some qualms about Safe Harbor already. Last July, an independent European advisory body, the Article 29 Working Party, recommended the existing Safe Harbor agreement between the U.S. and E.U. is not enough to provide true security for European organizations’ data. Their argument? That self-certification was nowhere near enough to assure adequate protections.“…[I]n the view of the [Article 29] Working Party, sole self-certification with Safe Harbor may not be deemed sufficient in the absence of robust enforcement of data protection principles in the cloud environment,” the recommendation stated. “The Working Party considers that companies exporting data should not merely rely on the statement of the data importer claiming that he has a Safe Harbor certification. On the contrary, the company exporting data should obtain evidence that the Safe Harbor self-certifications exists and request evidence demonstrating that their principles are complied with.”In other words, don’t take U.S. tech companies at their word that they will comply with Safe Harbor rules.Safe Harbor At RiskFast forward to today, when suddenly the Article 29 Working Party’s non-binding recommendation has some teeth to it. European companies and lawmakers are very likely going to look at the events surrounding PRISM and wonder how safe their data would be if stored in a U.S. system.Amazon and Rackspace, two large U.S.-based public cloud providers, were not named in the PRISM slides, but Microsoft and Google were. While no one knows if the U.S. intelligence services can and were accessing cloud-based data hosted by Microsoft and Google, the integrity of their cloud hosting services will probably be called into question now, especially by companies outside the U.S., which – by the U.S. government’s own insistence – are valid targets for national security investigations.The E.U.-U.S. Safe Harbor agreement may be the one of first casualties of the leaking of PRISM – even if PRISM turns out to be fictitious. Just the hint that something like PRISM could exist could evaporate a large amount of trust and business for U.S. cloud vendors – even ones not named in the PRISM documents.Public cloud infrastructure is under serious threat, as users domestic and international start seriously questioning public cloud security and integrity. This may bring a large shift towards private cloud or virtual data centers deployments, as companies seek to protect their data from government’s prying eyes.Images courtesy of Shutterstock. brian proffitt Related Posts U.S. tech firms who have built their business on a free-flowing Internet just got a huge smack in the face. Leaked government documents seemed to reveal the existence of a top-secret program with the capability to mine their users’ data at will.Right now, the debate is over exactly what data’s being collected and how—and whether the companies were complicit in letting it happen.But that misses the real impact of such a program. Regardless of the details, it will damage the reputations of the U.S. as a technology marketplace.There are many operations that will feel the hit, but the biggest one may be in cloud computing. After all, what foreign company would want to host its data in a cloud that could be rifled at will by the U.S. government?What We Think We KnowLeaked documents from the National Security Agency and the FBI have revealed an apparent secret government program, code-named PRISM, that is “extracting audio, video, photographs, e-mails, documents and connection logs that enable analysts to track a person’s movements and contacts over time,” according to the Washington Post.The data was pulled from the servers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple. Dropbox, the Post reported, is supposedly “coming soon.”center_img How Intelligent Data Addresses the Chasm in Cloud Top Reasons to Go With Managed WordPress Hosting Cloud Hosting for WordPress: Why Everyone is Mo… Tags:#cybersecurity last_img read more

HC summons top police officers in road rage case

first_imgIn a road rage case that took the twist of threats to the victim’s life, the Rajasthan High Court has summoned Director-General of Police O.P. Galhotra and Jaipur Police Commissioner Sanjay Agarwal to appear in the court and explain faults in investigation after the registration of the first case. The victim has alleged that the accused persons are close to some influential police officers.Following a complaint of the victim, Sanjay Gupta, who was thrashed by some occupants of a speeding SUV on Jawaharlal Nehru Marg here on December 21, 2017, the Chief Metropolitan Magistrate had returned the chargesheet filed by the police on February 7 with the direction for reinvestigation.Justice Mahendra Maheshwari at the High Court’s Jaipur Bench summoned over the weekend the two top police officers to appear in the court on July 26 on a writ petition moved by Mr. Gupta, 40, who was peeved by shoddy investigation by the police into the case. Mr. Gupta alleged that the officers at the police station concerned had kept him waiting, instead of getting him medically examined, and exerted pressure on him to enter into a compromise with the accused.Victim thrashedMr. Gupta, working with the Employees’ Provident Fund Organisation in Jaipur, was beaten by the occupants of the speeding car when he confronted them following the car’s sudden turn that unbalanced his two-wheeler. His spectacles broke and he bled from nose during the thrashing.The victim later came to know that the car’s occupants were well-connected with the police. “Satya Dutt, who is named in the FIR, is related to Deputy Commissioner of Police (Jaipur North) Satyendra Singh, who influenced other police officers,” Mr. Gupta alleged in his writ petition.Revised chargesheetWith the “extraneous considerations” hampering a free and fair investigation, the police filed a chargesheet against only one accused, Satish Kumar, without getting him identified by Mr. Gupta. After the CMM found the probe incomplete and returned the chargesheet, the revised chargesheet has been filed in the court following registration of a fresh case and seizure of the vehicle in question.The High Court has asked the two police officers to inform the court of the disciplinary or penal action taken against the first Investigating Officer for his lapse or negligence.last_img read more

Anuj Sharma appointed new Kolkata Police Commissioner

first_imgIn a major reshuffle in the IPS cadre in West Bengal, Additional Director General (Law and Order) Anuj Sharma was on Tuesday appointed as the new Kolkata Police Commissioner. Rajeev Kumar, who held the post of the city police chief, was transferred as Additional Director General, Criminal Investigation Department. The West Bengal government had earlier described it as a “routine reshuffle” as Mr. Kumar had served as the Kolkata Police Commissioner for more than three years. The change of the guard in Kolkata Police also came at the suggestions of the Election Commission of India. The EC had indicated at an earlier press conference in the city that senior officers working in one position for three years ought to be shifted out.Siddhi Nath Gupta has replaced Mr. Sharma as the new ADG (Law and Order).Speaking to journalists after assuming charge, Mr. Sharma assured them that all Kashmiris residing in Kolkata are safe and their security has been stepped up.“Kashmiris are safe in the city. We have already identified the pockets where they are staying. We have interacted with them and assured them of their safety and security,” he told media persons at the Lalbazar Police Headquarters. Mr. Sharma said the Kolkata police are already doing a very good job in serving the people of the city and there is a need for some “fine-tuning”.“Our focus area will be on bringing communities closer to the police and protecting women,” he said.last_img read more

Lillard rallies Trail Blazers for tight win over Lakers

first_imgPortland Trail Blazers guard Damian Lillard, center, shoots as Los Angeles Lakers forward Kyle Kuzma (0) defends during the first half of an NBA basketball game, Monday, March 5, 2018, in Los Angeles. (AP Photo/Mark J. Terrill)LOS ANGELES — Damian Lillard scored 19 of his 39 points in the fourth quarter and the Portland Trail Blazers won their 15th consecutive game over the Los Angeles Lakers, 108-103 on Monday night.Lillard scored 15 in a row for the Trail Blazers down the stretch, giving them a 104-103 with 1:08 remaining by knowing down 1 of 2 free throws.ADVERTISEMENT Don’t miss out on the latest news and information. Typhoon ‘Tisoy’ threatens Games View comments Police teams find crossbows, bows in HK university PLAY LIST 01:29Police teams find crossbows, bows in HK university01:35Panelo suggests discounted SEA Games tickets for students02:49Robredo: True leaders perform well despite having ‘uninspiring’ boss02:42PH underwater hockey team aims to make waves in SEA Games01:44Philippines marks anniversary of massacre with calls for justice01:19Fire erupts in Barangay Tatalon in Quezon City Families in US enclave in north Mexico hold sad Thanksgiving LATEST STORIES The Lakers led 80-73 after the third quarter, with Randle scoring nine points and Caldwell-Pope adding seven. Caldwell-Pope knocked down back-to-back 3-pointers to put Los Angeles up by 12, the Lakers’ largest lead of the game. Delivering on the defensive end, the Lakers held Lillard and McCollum to a combined six points on 2-of-13 shooting. Portland was 5 of 23 from the field, shooting 21.7 percent in the quarter.The Trail Blazers opened up an 11-point lead in the first quarter after Ball was called for two personal fouls in the first 5:56. The short-handed Lakers responded by cutting the advantage down to three going into the second, where the trading of runs became more pronounced.McCollum had seven straight to start the quarter, helping Portland to a 17-8 scoring edge over the first 4:28 and opening up a 46-32 lead, only to see the Lakers answer with an 8-0 run that included consecutive 3s by Kuzma and Ball. The Trail Blazers were up 58-55 at the break, with McCollum scoring 14 of his 17 first-half points in the second quarter.TIP-INSTrail Blazers: Lillard was 12 of 25 for the game, including 6 of 11 from 3.ADVERTISEMENT Pussycat Dolls set for reunion tour after 10-year hiatus CJ McCollum had 22 points, and Jusuf Nurkic added 16 points and 16 rebounds.Julius Randle had 21 points and nine rebounds for the Lakers, who had their five-game winning streak ended. Kentavious Caldwell-Pope had 16 points, and Lonzo Ball had 10 points, two rebounds and two assists.FEATURED STORIESSPORTSWATCH: Drones light up sky in final leg of SEA Games torch runSPORTSLillard, Anthony lead Blazers over ThunderSPORTSMalditas save PH from shutoutLillard was 5 of 7 from the floor and 4 of 5 from 3-point range in the fourth quarter.Isaiah Thomas had a chance to tie it in the closing seconds but was stripped by Shabazz Napier, who then made two free throws. Thomas finished with 19 points. LOOK: Iya Villania meets ‘Jumanji: The Next Level’ cast in Mexico Roger Federer dazzles in first career Bay Area appearance Brace for potentially devastating typhoon approaching PH – NDRRMC MOST READ John Lloyd Cruz a dashing guest at Vhong Navarro’s wedding Typhoon Kammuri accelerates, gains strength en route to PH Google honors food scientist, banana ketchup inventor and war hero Maria Orosa Read Next Lakers: Six Lakers finished in double figures, including 14 points for Brook Lopez and 11 for Kyle Kuzma.UP NEXTTrail Blazers: Host the New York Knicks on Tuesday.Lakers: Host the Orlando Magic on Wednesday.last_img read more