web analytics

Bill Bennett

Menu

Tag: security

Five Eyes wants access to encrypted messages

New Zealand joined its Five Eyes security partners to ask social media companies like Facebook to allow access to encrypted data.

Five Eyes is a security partnership that includes the United States, Britain, Canada, Australia and New Zealand. India and Japan also took part in the move.

At first sight this looks like a continuation of a long campaign by Western governments to unravel digital encryption. I talked to Kathryn Ryan about this on RNZ Nine-to-Noon last week.

Governments say they worry that criminals and terrorists can use encryption to keep illegal online activity private. There’s no question this goes on.

Important role

The difference this time is that the governments acknowledge encryption plays an important role. It gives people privacy and enables online commerce including banking. This would be difficult to do without encryption.

When Justice minister Andrew Little announced New Zealand’s support earlier this week he was clear that any access to encrypted data would require a warrant.

This would subject large technology companies like Facebook and Google to the same measures as local companies like Spark or Vodafone. New Zealand’s Telecommunications Interception Capability and Security Act (TICSA) means local companies must comply with proper warrants.

Hard to enforce

While New Zealand law applies to foreign technology giants, our system has little power to enforce warrants. An international agreement and a common legislative framework will make it easier for local law enforcement.

The UK and US have legislation to address this. Australia has anti-encryption legislation, which has not been effective because it can’t be enforce.

Five Eyes is not asking for carte blanch. At this stage it is making a request and asking the tech companies for their ideas.

The security partnership says it wants to embed public safety in system designs. This would let companies act against illegal content and activity without reducing user safety.

Five Eyes wants law enforcement access to content in a readable and usable format where an authorisation is lawfully issued. At the moment companies can respond to warrants with indecipherable encrypted data.

There are, as you’d expect, fears about privacy and freedom.

While we shouldn’t play these fears down, in part this is back to the question of social media companies taking more responsibility for what happens on their sites.

Encryption works

There’s a clear message here that governments remain frustrated by their inability to access encrypted material. In other words, encryption is working.

There’s a contraction here, earlier in the week GCSB director Andrew Hampton talked about this on Nine-to-Noon. The relevant clip is the last few minutes of a long 27 minute interview.

He rightly talked about the “threat surface” and security vulnerabilities. Yet encryption is on of the best tools we have to reduce these threats and vulnerabilities.

This action is not about making tech companies give government agencies back doors into encryption. That has been discussed in the past.

Back doors are a bad idea because the moment there is an entry point for government agencies there is one for criminals and terrorists. It takes one law enforcement officer anywhere in the world to hand those keys over to a criminal.

Acronis True Image 2021 review – Complete back-up and security

Acronis True Image 2021 promises to keep your data safe for around A$100 a year. It protects PCs and Macs from disasters, accidents, criminal attacks and ransomware.

What is True Image?

True Image started life as a back-up application. The name refers to the way it creates a copy or an image of your computer data on an external hard drive or cloud server.

Two years ago Acronis added security features adding ransomware protection to back-up. The most expensive version of the software included blockchain certification. I’m not convinced that is necessary. Yet there are those who find it useful.

The 2021 version of the software adds more protection. Acronis says it deals with malware, malicious websites and code injection. This means the security software has to work in real-time.

There’s the timely addition of protection from videoconferencing interference. This is a threat that emerged during the Covid-19 lockdown. The feature is not included in the MacOS version.

In effect, Acronis repackaged its enterprise security technology for individuals and small businesses.

Acronis True Image 2021

One user interface

Having back-up and security controlled by a single user interface simplifies the two processes. That’s important. Many small business buy back up and security then fail to make the most of them because it’s difficult.

True Image 2021 has a clean, straightforward interface. This hasn’t changed since I reviewed True Image 2019 more than two years ago.

It’s not immediately obvious how everything works, but it is easy to learn. The trick is to mouse your way around the user interface and try all the options.

Once you’re done, you can leave True Image to work without day-to-day intervention, although it is likely you will need to revisit the app.

Testing True Image

I tested it on an iMac. Here it adds an icon to the menu bar. Unlike other MacOS apps, this is not a menu, instead it shows notifications. There is an option to open the app’s main screen from here.

Back-up remains the focus. You can create images of entire drives, partitions, folders or even individual files. True Image can back-up your network drives and add back-ups for your mobile phone or tablet.

There are options to do a full back-up, this can take a long time, or to do a differential back-up. This means backing up everything that changed since the last back-up.

Back-up options

You control the back-up frequency. Options range from monthly, which I’d regard as “why bother”? all the way to hourly.

The default is daily. There’s a twice daily option which I’ve set to back-up about half way through my working day and then late at night. That way I’m never going to lose more than a few hours work.

More frequent back-ups are possible, but this can tie up resources.

There are options to remove older back-ups when you are running out of space on your target disc. You can do this manually or leave it to the software. You can also set up validations.

Pricing

There’s a basic A$70 subscription that doesn’t include cloud back-up. You’ll need a local or network drive. Acronis does not appear to allow you to use alternative cloud storage.

The A$98 Advanced plan includes 500GB of cloud back-up storage. There is a A$140 plan with a terabyte of storage. These prices are for one computer.

Acronis’ per computer price drops if you add more, but you don’t get more cloud storage.

This complex price structure is strange given that everything else about True Image 2021 works to hide complexity. I’m concerned that buyers can end up buying more than they need, or not enough.

Back-up updates

There are updates to the way True Image handles back-ups. It no longer duplicates data if a back-up is interrupted, say if you lose your connection. Instead of restarting and doing the whole back-up again, it picks up from where it left off.

While testing I ran into a couple of interesting observations. First, there may be times when you want to turn off protection. I did this when bittorrenting a copy of LibreOffice 7 for review.

True Image’s security stopped my bit torrent client from working. Fair enough. To allow it through I paused the software, then forgot to restart. The next morning an email arrived telling me the scheduled back-up failed. This is excellent. It’s easy to forget to switch back on and leave yourself without back-ups or protection. Getting a non-intrusive reminder is the best way of fixing this.

Safe replication

Likewise, after first installing the application, I chose to make a replica of my Mac hard drive using the Acronis Cloud. All good. Then I swapped out my home Wi-Fi router for a D-Link Wi-fi 6 router review.

The router remained installed. When I went to update the drive replica, True Image responded with a message saying replication would restart after I connected to an approved Wi-fi network.

This protection would stop True Image from automatic drive replication when, say, a laptop connects to public Wi-fi. It takes a couple of clicks to resume replication with a new router.

True Image’s replication will wait until the everyday back-up is complete. It handles tasks one-by-one, not in parallel. This is useful on slower connection.

Fast, if your network is fast

Cloud back-ups are fast. I have a gigabit fibre connection, my Wi-fi 6 router is the bottleneck. It can clock speeds of over 500mbps. On my set-up, when True Image connects to the Acronis Cloud the reported speed fluctuates from around 100 mbps up to over 200 mbps.

Back-up times vary. The time indicator on the user interface gives a rough guide, but don’t take it seriously. It warned me a full drive back-up of 340 GB would take 52 minutes. I left it running and checked 30 minutes after starting to find it had finished.

Incremental back-ups of around 200 MB take a couple of minutes. Again, the times reported on the user interface can be misleading. The ‘less than one minute’ turned out to be a few seconds over two minutes.

Early back-up software, including earlier versions of True Image, could hurt system and network performance. I found this year’s edition of Norton LifeLock ties up all system resources when in full flight and then some. That is another story for another time.

True Image 2021 has no noticeable impact on performance. Automated back-ups can happen while I’m on a Zoom call and I’d never know. I haven’t seen a spinning Mac beachball while using True Image. This is in part down to plenty of headroom on a fibre connection and Wi-fi 6 local network, but, as mentioned, Norton struggles with the same resources.

True Image 2021 verdict

I can’t think of any other application that combines back-up and security in the way True Image does. The price is on a par with buying separate applications to do the two jobs.

You won’t need to pay for Acronis back-up and a separate security suite. You won’t need to learn two user interfaces. This is important if you don’t have full time IT professionals to call on for help.

Getting both back-up and security in a single integrated package from one source simplifies both.

Today, True Image is comprehensive to the point of providing more protection than everyday users or small businesses need.

It could be overkill for your needs.

If your data is precious or your work makes you a security target you should consider True Image.

If you handle other people’s data it could be essential. It makes sense if you work for a company or agency that requires high levels of security. Choose it if losing your data for more than a few minutes will cost you money.

Footnote:

I took my time testing Acronis True Image 2021 for a good reason. The software came the same time as Norton Lifelock, which is an indirect rival. Lifelock trashed my computer. I wanted to give Acronis enough time to screw up before telling readers one is better than the other. After two months, I’m happy to report nothing untoward happened.

Working from home surveillance arms race

The move to working from home means there’s a boom in employee surveillance software. Bosses can check workers are hard at it, not leaning back for a Netflix binge.

Companies have used technology to snoop on workers for years. It ranges from spy-in-the-cab devices used to measure truck driver movements to key-loggers counting the number of keystrokes a desk bound employee makes every hour.

If you want you can check if an employee takes many tea, toilet or lunch breaks. There are even home detention style ankle bracelets used in warehouses and similar workplaces to track where everyone is.

Counter productive

Keeping close tabs on workers can be counter productive. If the metric is measuring the number of mouse movements per hour, employees will focus on moving mice, not on doing what they are paid to do.

What you measure is what you get.

For many tasks surveillance is plain dumb. It’s easier to measure a worker’s output. That’s what matters.

They earn their pay as long as they add value, serve customers, clear call backlogs or otherwise improve profits. It shouldn’t matter how many key strokes, phone calls or trips around the warehouse floor they make to get there.

Snooping

Now companies use similar employee snooping technology to watch staff working from home. The companies who sell these systems have seen their business grow at a cracking pace.

The names of these products say a lot about the mindset of companies using the technology:

  • Time Doctor,
  • ActivTrak,
  • StaffCop.

That last one is vile.

On top of everyday snooping there are products which let bosses watch what is going on through the webcams on home computers.

One product that does this goes by the name of Sneek….

There’s a naming pattern emerging here, at least the people who make this software are self-aware. You’d have to worry about managers leafing through brochures for products with names like Sneek and StaffCop.

Listening in

Others products let managers listen in on people’s home. There are tools that automate camera watching or listen in case trigger words are used.

And then there is this example from the Wired story

“PwC has developed facial recognition software that can log employees’ absences from their computer screens – including for bathroom breaks. The accounting firm insists the technology is to meet compliance regulations as the financial world adjusts to home life.”

Much of this is thought of as normal in the US. The products can be illegal elsewhere in the world. This review of StaffCop in PCMag) evaluates the product without any reference to ethics or morality.

It’s one thing for a company to put this software on computers in its offices, or even on computers that it buys and distributes to staff working from home. Asking people to install the software on their own hardware is another level of evil.

The idea of watching people in their homes using a screen was talked about 70 years ago. That’s when George Orwell wrote 1984. In the book Big Brother has a screen where government spies watch people in their homes all the time.

Orwellian

In other words, it’s no exaggeration to describe these applications as Orwellian. We overuse that term, but it applies here.

Once again we are at a point where 1984 is a training manual, not a warning.

Where they can, workers are fighting back. Wired magazine’s story is about the resistance movement fighting home employee surveillance.

As with the bosses, many of the weapons workers use to counter surveillance are digital. It’s an arms race. A range of new software helps workers get around surveillance. Surveillance software companies respond to block the blockers then the blockers block back.

One trick mentioned in the Wired story, which works if you have a powerful computer, is to use a virtual machine. That is, in effect, a software computer that lives inside of your computer. It can fence off the surveillance software.

There is software to fake mouse movements and software to emulate keyboard use. People even stick tape over webcams or microphones and then claim the hardware isn’t working. The potential to fight back is as unlimited at the potential for snooping.

New Zealand won’t follow UK’s Huawei 5G ban | RNZ News

“TICSA has been in place since 2014, and works well. We are confident that New Zealand’s telecommunications networks are secure, and that our regulatory model serves New Zealanders well.”He said every decision was made on a case-by-case basis, and in accordance with New Zealand laws.

Source: Andrew Little says New Zealand won’t follow UK’s Huawei 5G ban | RNZ News

Rachel Thomas at RNZ interviewed me on the likelihood of Huawei being allow to take part in New Zealand’s 5G networks.

Huawei doesn’t meet the standard set out in the Telecommunications (Interception Capability and Security) Act 2013 (TICSA).

Huawei didn’t pass the test the first time around and everyone goes out of your way to tell you that’s not a ban, that in effect bans it from the network until it passes that test, so we’re already in the ‘not going to be buying Huawei’ camp.

This could change if there is a change of government either here or in the US. The National Party is closer to China than Labour, Green or New Zealand First. A Democrat lead government in the US may want to take the heat out of trade tension with China.

Currently, no telco providers are using Huawei technology as part of their 5G networks in New Zealand – with Vodafone and Spark both working with Nokia.

But Spark and 2 Degrees have refused to say whether they would rule out partnering with Huawei for 5G networks in the future.

Government bill to tackle extreme, violent content

A bill introduced in parliament this week aims to tackle extremist content.

The Films, Videos, and Publications Classification (Urgent Interim Classification of Publications and Prevention of Online Harm) Amendment Bill introduces new criminal offences. It hands power to a chief censor who can make immediate decisions to block content.

It also allows the government to create and deploy internet filters. The filters would screen out material the chief censor decides is objectionable.

Response to Christchurch terror live-streaming

The bill matches the proposal first tabled in cabinet last December by Internal Affairs Minister Tracey Martin.

It aims to update the Films, Videos, and Publications Classification Act 1993 after last year’s live-streaming of the Christchurch terror attack.

The focus is on stopping the people or organisations from livestreaming objectionable content. It does not target companies who provide the infrastructure used to distribute content.

Take down notices and filters

Yet carriers and hosts will need to acknowledge government imposed take-down notices. This includes removing links to objectionable content. Failure to do so could result in civil action and fines.

The legislation will allow the Department of Internal Affairs to create internet filters. The DIA must consult with internet service providers before it launches a filter.

InternetNZ opposes the filter plan. In a media statement CEO Jordan Carter says there can be dangerous side effects from a filter.

He also says: “The proposed filters would work at the network level, in a way that is a mile wide and a millimetre deep.

“People who want to get around these filters can easily do so by using a VPN, technology that many Kiwis have been using when working from home recently.”

Filters can be ineffective

As Carter points out, the problem with filters is that they often don’t work as intended. Determined people who want to see or distribute objectionable material can workaround them. Everyone else may suffer a degraded internet experience.

Internet filters are, by their nature, blunt tools. There’s a trade off between failing to block bad material and blocking harmless content.

The same goes for artistic content. Filters are incapable of drawing lines in the right place.

False positives, false negatives

In the past researchers have found that filters designed to shield young people from pornography might block 90 percent of adult content. At the same time they can block up to a quarter of inoffensive pages.

Tinker with algorithms to permit more inoffensive material generally means letting more porn through.

Filter advocates talk about artificial intelligence helping, but that often makes matters worse. Filters don’t understand context or nuance. AI is usually terrible at context or nuance.

Risks elsewhere

Much of the focus with internet filters is on dealing with web pages. These days they account for a fraction of online material. Peer-to-peer networks, instant messaging and social media platforms are a bigger problem.

There are other issues with filtering. Protecting children might be straightforward, but teenagers are often more tech-savvy than adults.

Filtering can create a false sense of safety. It’s the same when not-very-tech-savvy people install security software. They feel safe from malware threats but can relax and fall victim to phishing or other scams.

While filters they are often set up with good intent, they can be used for broader censorship, even shutting down political opponents.

On the positive side

In practice, the slippery-slope argument doesn’t wash. New Zealand already has successful voluntary filters blocking child abuse material. That appears to be working well. There has been no slippery slope effect.

Determined viewers can bypass these filters. Yet they stop everyday users from stumbling over the objectionable material.

New Zealand’s child abuse filter gives service providers the option to opt-in. There is independent oversight.

The planned filter in the new legislation would be compulsory. There is no mention of formal oversight.