Police Requests for New Internet Powers Could Cost You Big

19-Nov-16 07:29 pm EST Leave a comment

datalegislation

C

anada’s CBC (a leading media and news organization in the country) promoted a story this past week concerning a very public request to the senior politicians for greater investigative powers.  This was followed by a poll that showed a degree of support for the police requests – seemingly predicated on a desire to curb child pornography among other crimes.  While civil libertarians and technology professionals raised the alarm on hearing this request, there was only limited consideration given to the cost of granting powers of this sort to police – tied largely to the cost of potentially onerous data warehousing by ISPs.  (As a footnote here, I want to cite the case of the UK which, this past week, saw Parliament enact legislation that would be largely in-line with the kinds of legislative change the RCMP would like to see enacted here in Canada.)

“Two parliamentary committees examined this issue.  Then there was the unanimous Supreme Court [of Canada] decision.  What part of ‘unconstitutional’ doesn’t [RCMP] Commissioner Paulson understand?”

Michael Harris, iPolitics.ca, November 25, 2016

Privacy and Internet Commerce

C

anadians (and people generally) can still be very reluctant to share their personal information online.  A recent website delivered by The AppRefactory — the Edgewater Tenants’ Community Website — has been off to something of a slow start with the administration fielding questions about why an end-user’s address is needed as part of the signup process.  This is done with the awareness and limited support from the property management company that acts as the landlord which has data about every tenant’s address, yet that same information is not so readily volunteered when it takes digital form.  The information in this case is used to simply verify that an end-user signup request is for a tenant as opposed to some random user from the Internet; in order to ensure that any information a tenant elects to access or share on the site is kept within the tenant community only.  As such it is a measure intended to protect tenant privacy, but there can still be reluctance about sharing it.

This is just an example of how users have adapted over the years to safeguard their privacy.  Yet now the police want measures taken by Internet Service Providers (ISPs) to circumvent privacy to such a degree that they will never again be aware of who exactly has access to their information.  (We saw in another article posted this past week how police could access computer records without appropriate authorization or authority.)  And should police officers once again demonstrate how human they can be and make a mistake, suddenly the information they’ve been entrusted with is available to parties unknown.

Such cases, once known to the public (as they will tend to be, thanks to our free press), could easily put end-users further on the defensive about their information.  And, despite poll results suggesting some support for increased police powers, there remains the likelihood the average person in Canada (which, historically, tends to be a person that trusts police authority) hasn’t thought the issue through very thoroughly and certainly not technically.  The regime Canadians will be confronted with, whatever their decision about the powers police should have online, could easily be one business is less well-able to thrive in and would find it harder to operate in without being less able to solicit end-user consent and confidence meaningfully.

And they wouldn’t know it until it really was too late.

New Powers Add Onerous Burdens on All Business (Not Just ISPs)

T

he legislation in the UK does not specifically distinguish nor give license to ISPs to operate or grant any special legal distinction to them apart from providers of Internet-facing services generally.  As such it would seem to stand as a matter of law that anyone providing Internet-facing services could be compelled to maintain logs concerning end-user activity.  From a technical perspective, the law wouldn’t be all that meaningful if it couldn’t extend, for example, to providers of Virtual Private Network (VPN) services which are frequently used to both secure corporate communications online as well as anonymize network access to  BitTorrent media sharing sites or “Deep Web” network traffic.

msazurelogoSo the law must apply to businesses using the Internet equally (or at least be seen to apply as such).  And how will the small business be impacted when they’re suddenly required to maintain a database documenting (as the RCMP want) up to two years of end-user activity?  One approach we could use would be to use Microsoft Azure’s service calculator to take a service that uses a very modest 5GB of data monthly to track data transfer activity for a service, numbering just 10,000 transactions.  Without any service connections, charging just for the storage of table-based data only, we get an added cost of $409.00 per month, including a $364.00 Standard Support feature on local redundancy only.  (Nothing could immediately be found on legislative requirements for backing up this data, but a vendor support feature seemed logical to imagine in this scenario.)  That’s a not-so-inconsiderable $4,900 per year and is getting pricey for the average small business.

Now if you run a big business, things get interesting: scaled up to 5TB of data and 1 million transactions, the costs at the same level of support (with local redundancy only) balloon out to $5,223.68 per month or a whopping $62,684.16 per year.

These costs are certainly something to consider when it comes to determining who is paying for all this extra monitoring.  One thing is clear, it won’t be coming out of the RCMP’s budget!

And although this is the costs according to one vendor, it is an industry leader in a space oft-credited with reducing the costs associated with maintaining large warehouses of data (a main selling point behind “the cloud” movement).  One shudders to think how much more onerous these costs could become if one is required by law to maintain hardware and software of their own, in a facility that is solely under their own control.

Final Analysis: Restrain Police Powers Online

W

ith passage of the UK legislation this past week, the Government of Canada may be best-advised to stay the course for now and weigh its options again at a later date if it chooses.  While I suspect both in the wake of Brexit and their now police powers law (called the “Investigatory Powers Bill”) will lead the UK (and England in particular) into a self-made socio-economic crisis, there remains the question as to what exactly the impact of their measures will have.  The opportunity here isn’t to regulate early and hopefully stop child sexual abuse — a cause I’m very sympathetic to and have even had occasion to assist police with.  Rather, it’s to gain the wisdom about whether the impacts of these measures will simply drive it further underground or make a meaningful difference (as opposed to being an issue cited simply as a political red herring to grant powers that will be used for other purposes).  To discover whether the economic impact is too burdensome.  And to learn comprehensively if there will be the promised ‘greater good’ worthy of the limits a free and democratic society — a just society — places on itself and its citizens.

Advertisements

Keybase Brings Free Security to Novice Users

02-Sep-17 11:59 pm EST Leave a comment
P

GP encryption is not new – quite the opposite.  But it’s always had one big advantage over its leading competitor: S/MIME.  S/MIME is used to encrypt email using certificate-based, 3rd-party authentication whereas PGP relies on dual, private/public key encryption.  And thanks both to S/MIME gaining commercial vendor support relatively early, coupled with being easier than the open-source-supported PGP (with relatively primitive tools that required some degree of technical competency to master); those wanting to encrypt email easily had to deal with investing in 3rd party certificates that could cost hundreds or even thousands of dollars before the feature was available.

KeybaseThanks to Edward Snowden, we’re all now pretty-well acquainted with the notion we’ve lost privacy and will likely never get it back.  But even so, that doesn’t mean the government (or God-knows-who nowadays) ought to have carte blanche to read chats, emails or become privy to what you’re downloading via bitTorrent or what cash you’re exchanging with parties online.  (At least not until tax time.)  And a tool that works on all platforms big and small, like Keybase, is now available to assist with all of the above!

To begin, it’s best to start on a Mac or Windows environment – somewhere where the configuration utility can operate.  The system does a pretty decent job of talking one through the process of setting up one’s first PGP (security) keys and getting the app installed.  However, one improvement for the future might be getting this utility (also called a “CLI” or “command-line interface”) to work within a web browser so one can perform the entire process using a hand-held device.  Once the software is installed, one finds installed an icon in their system tray (on Windows) which will present the list of users and some very heavily shaded icons (despite) which are used to access other parts of the Keybase app.  The CLI also has its own icon deployed to the Windows ‘Start’ menu and this is where you can quickly access many of the features associated with setup.  In my case, I already had PGP keys and so using the CLI was a necessary part of the setup.  Regardless, to get acquainted with the CLI and how it works with setup, I’d begin by loading up a copy of the “new user” docs in a web browser.  Then in the CLI utility, run two commands:

First, run “keybase help” to see what commands are instantly available to you as a new, unregistered user (there are a few), and

Second,, run “keybase signup”.

Finally, I’d quickly read through the “basic docs” you have open in your browser and drill down into any areas where you have questions.  Still more questions about Keybase and maybe PGP?  I strongly advise you get a Reddit account if you’ve not already got one and access the group called r/Keybase.  You’ll find this well-trafficked!

Although the Keybase app (accessed from the system tray) links to several choice apps, PGP is extremely versatile and plug-ins exist for Microsoft Outlook 2016 (and earlier) and is used with numerous other applications.

If there is a down-side to the app, there is a concern that — since a Keybase account can be used with several keys — it could be possible for someone to associate 2 keys (which typically involve two email addresses being known) together and thereby create an identity profile on a Keybase user.  This is a security concern, although an obvious workaround would be to register PGP keys to separate Keybase accounts and thereby never expose oneself.  Keybase itself claims it never advertises personal details, but if one connects to another user (say, for secure chat) and exchanges their public key; in such a case the potential would exist for that 3rd party to disclose your email at their discretion.  (This itself isn’t a security flaw, but it is something to be mindful of when exchanging data security regardless of the means used.)

Post-Modern Electioneering: Back to the Future

09-Feb-17 08:11 am EST Leave a comment
Robyn Urback | Columnist

Robyn Urback Columnist

Written in response to CBC News: “Millennials finally fall out of love with Justin Trudeau after he abandons electoral reform: Opinion by Robyn Urback

A

s a member of the vaunted (yes and cynical) Generation-X, I’ve got to just roll my eyes once more….. Millennials are doing precisely what the generations before have done as youth – not voted as a block….at least – not for long.

But if there is really a block here to be won (and – let’s be clear – there isn’t), it would be easy to take yesteryear successes and use ’em again. We need more IT staffers (like me!) to explore service industries like software development or network engineering. And offering a bit of money for vocational training here (alongside some success stories) would really go a long way toward making up for lost ground on the FPP voting fiasco. Trudeau, God bless him, should’ve known better than to try saying “well we tried, but you know in government – you can’t always do what you thought you could before being elected” routine. Even if you believe it, it’s kind of a crappy reason to go back to the public with.

The real worry I have isn’t the loss of some fictionalized Millennial solidarity. It’s the potential for cross-demographic populism and fascism to take hold in this country! And while O’Leary isn’t Trump, maybe the best we can hope for it the short term is that fascism will pass us by and that Trudeau’s over-promise, under-deliver showing so far somehow reverses itself the more experience he gets as our Prime Minister.

I’m about the same age as he is – but it’s obvious to me while he might be better at leading the country than I’d be….his father he is not. And there is plenty for him to learn yet!

Doomsday Clock: It is now 2 minutes before midnight!

30-Jan-17 07:30 am EST Leave a comment
B

efore I had entered high school (back in the late 1970’s), I can remember the periodic ominous warnings of the world’s “Doomsday Clock” scientific group.  And I was greatly relieved (as I’m sure we all were) when the pressures of a looming nuclear apocalypse seemed to disappear with the collapse of communism in what is now called “The Russian Federation”.  We got all the way back to 15 minutes before midnight (or just about) and then with the rise of terrorism it started to creep back toward midnight again.

So now it almost seems shocking to hear the clock is nearly as close as it’s ever been to midnight (surpassed only by periods of extreme political tension when nuclear war between Russia and the U.S. seemed an ever-present threat)!  Last week’s article on the subject is worth a read as is taking a moment for each of us to reflect on what we can do to save our planet.  At the moment, things are looking especially apocalyptic again — climate change, the rise of fascism, threats of war on multiple fronts (as was pointed out over the weekend by the last President of the USSR, Mikhail Gorbachev)…we need to stop allowing apathy and mediocre leadership to drive us all over a cliff.

 

 

 

Yelp E-Mails Rooking in Small Business!

18-Dec-16 10:47 am EST Leave a comment
O

perating as a small business owner, on a couple of occasions in the past I’ve encountered people that are something less than honest.  This is not the norm by any means — and yet one realizes early on to keep a wary eye for those few wolves who fashion themselves guardians of the hen house, so to speak….

yelp

A bit of research can be an eye-opener too, which is why I’m kind of kicking myself for not seeing these folks coming from a mile off: Yelp.com

 

 

I recently received a $300 advertising coupon, alike the sort I’ve received from advertisers like Google.com in the mail.  You enter a coupon code somewhere and get to try out the service.  I took advantage of such an offer from Yelp in late October of this year — only to start getting transactions mysteriously showing up on my credit card earlier this month, contrary to expectations.

I had taken advantage of the coupon at the time, which did not explicitly advertise there would be debits automatically starting once the $300 had been used up.  Nor was I able to readily determine at any point how much of the credit was used.

Finally, when a December bill appeared, I immediately contacted Yelp to cancel any advertising services that might have been procured.  I was concerned that it wasn’t generating any business for me and that they were keeping records of user credit card numbers (a practice with which I have issues for both reasons of personal security and privacy).

Contact with Staff was Terse and Unhelpful

The amount of the bill wasn’t too substantial – less than $100 in Canadian funds.  However, despite taking this as an opportunity to build a positive customer experience, they responded to my concerns as “threatening” them (when I mentioned I would be describing my interactions with customer service here on my blog) and trying to get out of paying the bill, stopping short of calling me a thief outright.  This attitude was evident despite my attempts to voice my concerns to two different parties by phone – the only emails I could receive from them seemed to be automated messages aimed at billing.

After encountering two highly confrontational staff I thought it incumbent to characterize my experience as objectively as I could for the benefit of others seeking a review of the Yelp service.

 Doesn’t Follow its Own Advice on Handling Complaints

Yelp’s own advice on the subject of end-user reviews is as follows¹:

Either way, when responding to reviews it is important to have good practices established to make sure your organization and your [customer]’s privacy are protected. In both scenarios, the goal should be to take the conversation offline and to a private channel.

It’s my considered opinion Yelp did not follow it’s own advice in my particular case, nor does it do so when it comes to the privacy of others; whether they are customers or simply users of its service(s):

  • retaining credit card information can be a license for the unscrupulous to simply debit amounts indefinitely regardless of customer intent; such as when a company doesn’t bother to take the spending intentions of customers into account and charges for services they don’t want; effectively taking a nickel-and-dime approach to earning profit rather than promoting & selling services on the strength of their own merit, and
  • allowing customer service staff to become confrontational with customers is both unnecessary and inexcusable.  Worse still, Yelp made virtually no effort to “take the conversation offline”, instead calling my intention to review my interactions with them a “threat” and insisting they’d continue with the charges.

It’s certainly accurate to say I can’t describe my own experience with Yelp as necessarily representative of those one would have with the company and it does appear many have had positive experiences with them.  However, I can equally accurately say that my experience was anything but positive from the perspective of a customer and there are many on Facebook and other alternate online sources who report difficulties as well.  I can also state with certainty that given my concerns, treated as they were, will result in my never considering business with them again in the future.

Epilogue

My experience also left me with the impression that Yelp is a company governed less by technology innovation and more by a very single-minded focus on earnings from its advertising business.  (Although it was not necessarily my intention at the outset to demand no-cost settlement of the bill they sent me, this became an issue when they declined to discuss my concerns in good faith.)  In the future, I’m likely to seek out Microsoft, Google or WordPress when considering online advertising.  Even should this prove to be more expensive, both companies seem to be paying a lot greater attention to their advertising clientele.

Follow-ups to this story may appear here, should any occur.

¹ See https://www.yelpblog.com/2016/12/experts-guide-patient-privacy-online-reviews near the subheading “Example 1” for source.

Project “ARTeRMis” Site Published

15-Nov-16 12:25 am EST Leave a comment
spedgewaterico1024

Link to “Edgewater” Tenant Site Prototype

P

roperty Management Application(currently code-named Project “ARTeRMis”) moved a step closer to delivery of a much larger property management tool based on Microsoft SharePoint today with publication of one of the trial components: “Edgewater“. This component is simply an amalgamation of a number of different elements native to SharePoint, but hosted in the Office 365 environment and is setup to product test the suitability of them for inclusion in the TRM (Tenant Relationship Manager) application delivery going forward.

Artermis will ultimately be heavily dependent on Office 365, SharePoint and ASP.NET MVC when it ships; currently forecast for initial delivery sometime in 2017.

Terry Glavin

CHRONICLES

Techno Manor

Geek's Corner

VM.Blog.

an IT blog.. and an occasional rant

Yammer Site Status

Is Yammer down? Offline? Broken? Undergoing scheduled maintenance? When will it be back? Find out here.

jalalaj

A journey full of wonderful experiences

Azure and beyond

My thoughts on Microsoft Azure and cloud technologies

TechCrunch

Startup and Technology News

Ottawa Citizen

Ottawa Latest News, Breaking Headlines & Sports

National Post

Canadian News, World News and Breaking Headlines

Targeted individuals's

One Government to rule them all.

Joey Li's IT Zone

Everything about IT

jenyamatya

Unravelling the magik of code...

The Bike Escape

Because Cycling is Life

The Ross Report

Now you know where you need to know more...

Lights in the Dark

A journal of space exploration

Strength Rehabilitation Institute

Bridging the gap between physiotherapy and exercise.

The Ross Report

Now you know where you need to know more...

Little Girl's Mostly Linux Blog

Nothing to see here. Move along...

David Eedle

Geek, tech, programmer, business owner. Serial starter of things. Occasional finisher. Oh, and please don't call me Dave.

%d bloggers like this: