The idea that coercive interrogation works rests on an untested and largely unsupported framework, says Shane O'Mara, director of the Institute of Neuroscience at Trinity College Dublin, Ireland. On the face of it, the coercive model for interrogation seems like common sense: there is information that the interrogator wants to know and the subject holds but doesn't want to give up. The interrogator applies some pressure to break down the defences put up by the subject, who then spills the desired information. "You see this model repeatedly in movies and TV series such as 24," says O'Mara. Whether it really works like that is questionable, however. "Everything we know shows that the ability to accurately retrieve information is severely impaired under conditions of extreme stress," O'Mara says. Studies on soldiers, for instance, have shown that manipulating sleep, food and temperature produces severe effects on memory, even when people are willing to give up information. In a recent paper, O'Mara outlined the problem (Trends in Cognitive Sciences, vol 13, p 497). Both torture and CIDT flood the brain with stress hormones such as cortisol and the catecholamines, with potentially profound effects. Three regions are especially affected: the hippocampus, which is important in retrieving long-term memories; the amygdala, which forms part of the fear network; and the frontal lobes. Disturbances of these regions are likely to kick in during coercive interrogation, particularly if such questioning continues for weeks or months. In addition, prolonged stress could also lead to the creation of false memories based on information and supposed facts presented by the interrogator. This phenomenon, known as confabulation in psychiatric jargon, is also found in people with frontal lobe disorders. "These people are not consciously making stuff up or trying to lie," says O'Mara. "But they have difficulty discriminating between genuine memories and those that don't bear any relationship to events they have experienced. Though the occurrence of confabulation in torture victims is more speculative, it's a marked possibility."
Whether it really works like that is questionable, however. "Everything we know shows that the ability to accurately retrieve information is severely impaired under conditions of extreme stress," O'Mara says. Studies on soldiers, for instance, have shown that manipulating sleep, food and temperature produces severe effects on memory, even when people are willing to give up information.
In a recent paper, O'Mara outlined the problem (Trends in Cognitive Sciences, vol 13, p 497). Both torture and CIDT flood the brain with stress hormones such as cortisol and the catecholamines, with potentially profound effects. Three regions are especially affected: the hippocampus, which is important in retrieving long-term memories; the amygdala, which forms part of the fear network; and the frontal lobes. Disturbances of these regions are likely to kick in during coercive interrogation, particularly if such questioning continues for weeks or months.
In addition, prolonged stress could also lead to the creation of false memories based on information and supposed facts presented by the interrogator. This phenomenon, known as confabulation in psychiatric jargon, is also found in people with frontal lobe disorders. "These people are not consciously making stuff up or trying to lie," says O'Mara. "But they have difficulty discriminating between genuine memories and those that don't bear any relationship to events they have experienced. Though the occurrence of confabulation in torture victims is more speculative, it's a marked possibility."
Interesting commentary:
I don't think this is really a case about ISP liability at all. It is a case about the use of a person's image, without their consent, that generates commercial value for someone else. That is the essence of the Italian law at issue in this case. It is also how the right of privacy was first established in the United States. The video at the center of this case was very popular in Italy and drove lots of users to the Google Video site. This boosted advertising and support for other Google services. As a consequence, Google actually had an incentive not to respond to the many requests it received before it actually took down the video. Back in the U.S., here is the relevant history: after Brandeis and Warren published their famous article on the right to privacy in 1890, state courts struggled with its application. In a New York state case in 1902, a court rejected the newly proposed right. In a second case, a Georgia state court in 1905 endorsed it. What is striking is that both cases involved the use of a person's image without their consent. In New York, it was a young girl, whose image was drawn and placed on an oatmeal box for advertising purposes. In Georgia, a man's image was placed in a newspaper, without his consent, to sell insurance. Also important is the fact that the New York judge who rejected the privacy claim, suggested that the state assembly could simple pass a law to create the right. The New York legislature did exactly that and in 1903 New York enacted the first privacy law in the United States to protect a person's "name or likeness" for commercial use.
The video at the center of this case was very popular in Italy and drove lots of users to the Google Video site. This boosted advertising and support for other Google services. As a consequence, Google actually had an incentive not to respond to the many requests it received before it actually took down the video.
Back in the U.S., here is the relevant history: after Brandeis and Warren published their famous article on the right to privacy in 1890, state courts struggled with its application. In a New York state case in 1902, a court rejected the newly proposed right. In a second case, a Georgia state court in 1905 endorsed it.
What is striking is that both cases involved the use of a person's image without their consent. In New York, it was a young girl, whose image was drawn and placed on an oatmeal box for advertising purposes. In Georgia, a man's image was placed in a newspaper, without his consent, to sell insurance.
Also important is the fact that the New York judge who rejected the privacy claim, suggested that the state assembly could simple pass a law to create the right. The New York legislature did exactly that and in 1903 New York enacted the first privacy law in the United States to protect a person's "name or likeness" for commercial use.
The whole thing is worth reading.
Read more of this story at Slashdot.
The documents also lay out, in chilling detail, exactly what should occur in each two-hour waterboarding "session." Interrogators were instructed to start pouring water right after a detainee exhaled, to ensure he inhaled water, not air, in his next breath. They could use their hands to "dam the runoff" and prevent water from spilling out of a detainee's mouth. They were allowed six separate 40-second "applications" of liquid in each two-hour session - and could dump water over a detainee's nose and mouth for a total of 12 minutes a day. Finally, to keep detainees alive even if they inhaled their own vomit during a session - a not-uncommon side effect of waterboarding - the prisoners were kept on a liquid diet. The agency recommended Ensure Plus. "This is revolting and it is deeply disturbing," said Dr. Scott Allen, co-director of the Center for Prisoner Health and Human Rights at Brown University who has reviewed all of the documents for Physicians for Human Rights. "The so-called science here is a total departure from any ethics or any legitimate purpose. They are saying, 'This is how risky and harmful the procedure is, but we are still going to do it.' It just sounds like lunacy," he said. "This fine-tuning of torture is unethical, incompetent and a disgrace to medicine."
"This is revolting and it is deeply disturbing," said Dr. Scott Allen, co-director of the Center for Prisoner Health and Human Rights at Brown University who has reviewed all of the documents for Physicians for Human Rights. "The so-called science here is a total departure from any ethics or any legitimate purpose. They are saying, 'This is how risky and harmful the procedure is, but we are still going to do it.' It just sounds like lunacy," he said. "This fine-tuning of torture is unethical, incompetent and a disgrace to medicine."
The "Microsoft Online Services Global Criminal Compliance Handbook (U.S. Domestic Version)" (also can be found here, here, and here) outlines exactly what Microsoft will do upon police request. Here's a good summary of what's in it:
The Global Criminal Compliance Handbook is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft's stored user information. It also provides sample language for subpoenas and diagrams on how to understand server logs. I call it "quasi-comprehensive" because, at a mere 22 pages, it doesn't explore the nitty-gritty of Microsoft's systems; it's more like a data-hunting guide for dummies.
I call it "quasi-comprehensive" because, at a mere 22 pages, it doesn't explore the nitty-gritty of Microsoft's systems; it's more like a data-hunting guide for dummies.
When it was first leaked, Microsoft tried to scrub it from the Internet. But they quickly realized that it was futile and relented.
Lots more information.
Funny:
MOUNTAIN VIEW, CA—Responding to recent public outcries over its handling of private data, search giant Google offered a wide-ranging and eerily well-informed apology to its millions of users Monday. "We would like to extend our deepest apologies to each and every one of you," announced CEO Eric Schmidt, speaking from the company's Googleplex headquarters. "Clearly there have been some privacy concerns as of late, and judging by some of the search terms we've seen, along with the tens of thousands of personal e-mail exchanges and Google Chat conversations we've carefully examined, it looks as though it might be a while before we regain your trust." Google expressed regret to some of its third-generation Irish-American users on Smithwood between Barlow and Lake. Added Schmidt, "Whether you're Michael Paulson who lives at 3425 Longview Terrace and makes $86,400 a year, or Jessica Goldblatt from Lynnwood, WA, who already has well-established trust issues, we at Google would just like to say how very, truly sorry we are."
"We would like to extend our deepest apologies to each and every one of you," announced CEO Eric Schmidt, speaking from the company's Googleplex headquarters. "Clearly there have been some privacy concerns as of late, and judging by some of the search terms we've seen, along with the tens of thousands of personal e-mail exchanges and Google Chat conversations we've carefully examined, it looks as though it might be a while before we regain your trust."
Google expressed regret to some of its third-generation Irish-American users on Smithwood between Barlow and Lake.
Added Schmidt, "Whether you're Michael Paulson who lives at 3425 Longview Terrace and makes $86,400 a year, or Jessica Goldblatt from Lynnwood, WA, who already has well-established trust issues, we at Google would just like to say how very, truly sorry we are."
How not to destroy evidence:
In a bold and bizarre attempt to destroy evidence seized during a federal raid, a New York City man grabbed a flash drive and swallowed the data storage device while in the custody of Secret Service agents, records show.
The article wasn't explicit about this -- odd, as it's the main question any reader would have -- but it seems that the man's digestive tract did not destroy the evidence.
Interesting paper: "A Practical Attack to De-Anonymize Social Network Users."
Abstract. Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates. These sites have millions of registered users, and they are interesting from a security and privacy point of view because they store large amounts of sensitive personal user data. In this paper, we introduce a novel de-anonymization attack that exploits group membership information that is available on social networking sites. More precisely, we show that information about the group memberships of a user (i.e., the groups of a social network to which a user belongs) is often sufficient to uniquely identify this user, or, at least, to significantly reduce the set of possible candidates. To determine the group membership of a user, we leverage well-known web browser history stealing attacks. Thus, whenever a social network user visits a malicious website, this website can launch our de-anonymization attack and learn the identity of its visitors. The implications of our attack are manifold, since it requires a low effort and has the potential to affect millions of social networking users. We perform both a theoretical analysis and empirical measurements to demonstrate the feasibility of our attack against Xing, a medium-sized social network with more than eight million members that is mainly used for business relationships. Our analysis suggests that about 42% of the users that use groups can be uniquely identified, while for 90%, we can reduce the candidate set to less than 2,912 persons. Furthermore, we explored other, larger social networks and performed experiments that suggest that users of Facebook and LinkedIn are equally vulnerable (although attacks would require more resources on the side of the attacker). An analysis of an additional five social networks indicates that they are also prone to our attack.
In this paper, we introduce a novel de-anonymization attack that exploits group membership information that is available on social networking sites. More precisely, we show that information about the group memberships of a user (i.e., the groups of a social network to which a user belongs) is often sufficient to uniquely identify this user, or, at least, to significantly reduce the set of possible candidates. To determine the group membership of a user, we leverage well-known web browser history stealing attacks. Thus, whenever a social network user visits a malicious website, this website can launch our de-anonymization attack and learn the identity of its visitors.
The implications of our attack are manifold, since it requires a low effort and has the potential to affect millions of social networking users. We perform both a theoretical analysis and empirical measurements to demonstrate the feasibility of our attack against Xing, a medium-sized social network with more than eight million members that is mainly used for business relationships. Our analysis suggests that about 42% of the users that use groups can be uniquely identified, while for 90%, we can reduce the candidate set to less than 2,912 persons. Furthermore, we explored other, larger social networks and performed experiments that suggest that users of Facebook and LinkedIn are equally vulnerable (although attacks would require more resources on the side of the attacker). An analysis of an additional five social networks indicates that they are also prone to our attack.
News article. Moral: anonymity is really, really hard -- but we knew that already.
The RSA 2010 Security Conference is just finishing up here in San Francisco, and I’m struck by how many of the conference sessions and keynotes have warned about the threat that socially engineered malware poses to the security of the Internet. Malware has become the scourge of the Internet, and it’s not just the security experts who are worried—the top story in my morning paper yesterday described how a typical malware attack compromised a financial firm’s network. Our data shows that one out of every 250 downloads is the result of a user being tricked into downloading malware to their PC.
We’re proud of the protection SmartScreen® Filter provides to protect IE8 users from such attacks, and I’d like share some of the latest numbers on our level of protection.
Since we launched IE8 in March 2009, SmartScreen has blocked over 560 million attempts to download malware, recently averaging over 3 million blocks per day! Hosted in datacenters around the world, SmartScreen’s URL Reputation Service (URS) has evaluated over 250 billion URLs to help keep IE8 users safe from malware. Even more impressively, since IE7’s Phishing Filter was introduced in 2005, the URS has processed over 5.7 trillion reputation requests in order to block malicious web sites. Every day, Microsoft receives around 300 million telemetry reports from IE8 users and processes 4.1 billion URLs looking for malicious websites and files. On the back end, our systems and analysts evaluate over 1 terabyte of binaries every day to help identify sites delivering malware.
The Q1 2010 NSS Lab’s test shows that Microsoft’s continued investment in SmartScreen is paying off. Since launch, IE8’s SmartScreen Filter has continued to improve its protection against Socially Engineered Malware threats.
IE6 and 7 don’t provide protection against socially-engineered malware. If your family and friends aren’t up-to-date, please encourage them to upgrade to IE 8 for a safer Internet experience.
While IE8 offers the best built-in protection any browser offers against socially engineered malware, you still should follow best-practices to stay safe online. For instance:
You can read more tips and learn about common Internet attacks over on the Security Tips blog.
Stay safe out there!
Eric Lawrence Program Manager
Glyn sez, "The Love Police do an amazing job demonstrating how to get out of being searched under section 44 of the Terrorism Act. Stopped by police outside the Tower of London, they avoid being searched, having to give their personal details and having their camera film looked at simply by stating the law, remaining calm and polite. (Although keeping the video camera rolling probably helped too.) The police sent an Inspector (rather senior), two Sergeants, five officers and four police cars. But in the end they walk away."
The Love Police: How to Escape a TERROR STOP (Thanks, Glyn!)
Tab isolation has recently become a more popular topic. This post is a quick survey of what tab isolation is, how it works, and what it provides.
What is it?
Tab isolation is a way to improve a browser’s reliability by containing the impact of a crash. Depending on how it’s implemented, tab isolation can also help contain some security attacks. There are two different implementations available today, each with different benefits.
In a tabbed browser without isolation, a problem in one tab can crash the entire browser. For example, a crash in a webpage in Firefox 3.6 or IE7 will bring down the entire browser. While modern browsers have features to recover tabs after a crash, the point of isolation is to contain the problem and prevent the browser from stopping. You can see a demo of this here (starting around 13:25).
A Quick Historical Survey
On March 5, 2008, Microsoft released the first IE8 beta with Loosely-Coupled IE (or LCIE for short). This was the first mainstream implementation of tab isolation. On September 2, 2008, Google Chrome’s first beta released with “process isolation.” Mozilla Firefox has recently discussed an “Out of Process Plugins” (OOPP) or Electrolysis project aimed at isolating Firefox plug-ins, such as Flash, from the rest of the browser.
How do isolation approaches differ today in approach and benefits?
There are a lot of different subsystems in a browser to isolate from each other, and different ways to do it.
IE8 isolates the frame process (title bar, back button, address bar, etc.) from the tabs processes (that show web pages). If anything causes a site to crash (an extension like Flash, or the rendering or scripting engine, etc.), the frame and other tab processes will not crash. IE isolates the whole tab – all of its code, data, and extensions – to keep IE resilient to webpages with issues.
In addition to using multiple processes, IE8 on Windows 7 and Vista (and IE7 on Vista) sandboxes the tab processes in Protected Mode for security reasons. Specifically, tabs run without permissions to install software, modify settings, or change files of any user. Protected Mode provides defense in depth so that (in most cases) security vulnerabilities in the browser or an add-on (like Flash) cannot be exploited to harm the computer. Isolation makes this additional security possible. (Technically, there are several different types of isolation (process isolation, origin isolation, etc.), and of sandboxing (integrity levels, restricted subsets, DOM mirroring, etc.) as well.)
Chrome’s isolation is a bit different, factoring the different subsystems of that browser along different lines. From their documentation, they have separate processes for rendering, for the frame, and for add-ons (native plug-ins, not extensions). As with IE7, part of Chrome runs with lower privilege. Unlike IE (where page add-ons run in low), plugins in Chrome by default run with more privileges. As with any architectural difference, there are scenarios that are better in one architecture and worse in another. Theoretically, for example, a vulnerability in the Flash control running in Chrome does not have a defense in depth protection like Protected Mode to contain it.
Isolation is a super important part of modern browsers. It’s essential for delivering a more reliable browsing experience. It can also improve security. Depending on how it’s engineered, it can also have an impact on compatibility with sites and browser extensions.
Andy Zeigler Program Manager
Firefox: KeeFox brings tight integration between the cross-platform, open-source password manager KeePass and Firefox, providing automatic logins, form filling, and more.
On Tuesday Kevin sang the praises of LastPass for password management, but a lot of readers are still in love with KeePass and aren't ready to trust their passwords with a third-party service, no matter how secure. Unfortunately, despite some solid plug-ins, KeePass's browser integration isn't close to as tight as LastPass's. That's where KeeFox comes in.
This extension is still a little rough around the edges (it's relatively young), but if you're a die-hard KeePass user and Firefox is your browser of choice, it's worth a little effort getting it set up. Once you do, the extension does automatic form filling, logs into sites instantly, offers one-click saving for adding new passwords to KeePass, and more.
The KeeFox extension is a free download, currently Windows only. If you use KeePass, this extension seems like a must have.
Of course, the study comes from a company that makes a tool to make it easier to install security updates, so there is that. And they give it away for free, and Brian Krebs, who knows from security, likes it.
The average Microsoft Windows user has software from 22 vendors on her PC, and needs to install a new security update roughly every five days in order to use these programs safely, according to an insightful new study released this week. The figures come from security research firm Secunia, which looked at data gathered from more than two million users of its free Personal Software Inspector tool. The PSI is designed to alert users about outdated and insecure software that may be running on their machines, and it is an excellent application that I have recommended on several occasions.
The figures come from security research firm Secunia, which looked at data gathered from more than two million users of its free Personal Software Inspector tool. The PSI is designed to alert users about outdated and insecure software that may be running on their machines, and it is an excellent application that I have recommended on several occasions.
Prosecutors began interrogating the first accused witches in the infamous Salem Witch Trials this week in 1692. How does one go about proving the guilt of a witch? Basically, any way you feel like doing it. Or, at least, that's the impression I get from this mental_floss 10 list.
Squid teapot. Could be squiddier.
I gave this one two days ago, at the RSA Conference.
The Spanish police arrested three people in connection with the 13-million-computer Mariposa botnet.
On Tuesday, the White House published an unclassified summary of its Comprehensive National Cybersecurity Initiative (CNCI). Howard Schmidt made the announcement at the RSA Conference. These are the 12 initiatives in the plan:
While this transparency is a good, in this sort of thing the devil is in the details -- and we don't have any details. We also don't have any information about the legal authority for cybersecurity, and how much the NSA is, and should be, involved. Good commentary on that here. EPIC is suing the NSA to learn more about its involvement.