Cybersecurity, Metadata and Surveillance


Parkinglot entrance from the new BND (Federal Agency Service) building in Berlin/Germany. © Benjamin Hiller

One of the big “buzz-words” of the last years is Big Data (LINK). Every large corporation, especially in the tech sector, tries to implement Big Data, combined with sophisticated algorithms, into their products, in machine learning, social media channels or targeted advertisement. Of course nation states and their various agencies are also interested inthis topic and, as the NSA scandals have shown, use Big Data for their own goals.

But Big Data and algorithms are only as good as the humans creating them. And these humans have their own social background, bias towards certain people and behaviors and thus the code can skew its results in one direction or another. And I have not even begun to raise the issue of ethics.

But why should, for instance, metadata be as powerful as “normal, open” data from a person? Because even if you try to stay “under the radar” metadata is created – and that is often enough to identify a person, his/her habits and political leanings to near perfection. The following, older, New Yorker article gives insight into this topic: “Whats the matter with metadata”.

And thus here some current news in regard to Big Data, Metadata and Surveillance:

1. Even the best algorithm can go astray – and that happened big time during the Champions League final in Cardiff, where facial recognition falsely identified 2.000 people as possible criminals – not the best outcome for this kind of software: LINK

2. The new Transparency Report 2017 regarding the “Use of National Security Authorities” (source) shows that the NSA has increased its collection of metadata via US phone-/internet providers from 151 million sets in 2016 to a whooping 534 million in 2017. It is only a matter of time until some badly implemented algorithm (as no human can sift through this mass of data in a reasonable time) can lead to some serious trouble or false accusations.

3. Everybody knows the Facebook feature of suggesting “friends you know” – now, according to a Telegraph article (LINK), researchers assert that this feature enabled radical Islamists to connect with each other and thus strengthen their network. Every convenient feature can also have a dark side.

4. And last but not least the EU Member States, despite the CJEU ruling against such “mandatory metadata collection” on a large scale, try to implement a new regulation which would force Internet-/Phone providers in Europe to keep data of their users for up to six months (LINK) – and at the same time (as always only to “fight terrorism”) they try to impose also a mandatory biometric passport in all EU member states (LINK). Happy Big Data collection – until a leak/breach happens and millions of sensitive data sets are exposed to the internet – as happened more than once already.

The quintessence is that we need some proper new regulations in regard to the collection of Big Data, Metadata and who handles what – and far more important these collections of data need to be protected in new ways as the past has shown that to often companies and states fail to keep this kind of data safe.

And if you want to keep your metadata a bit more under wrap here is the book for you to start on this long and challenging task: LINK

Deutsche Bahn: Free WLAN = Free Data

Begrüßung des WIFIonICE Netzwerkes – kein direkter Hinweis darauf, dass es ein offenes Netz ist

Auf Zugfahrten nutze ich die Zeit gerne um abzuschalten: Sei es, indem ich aus dem Fenster schaue und mich durch die unbekannten Landschaften inspirieren lasse, sei es, indem ich Musik höre und dabei ein gutes Buch lese.

Doch für viele Berufstätige ist die Fahrt im ICE mittlerweile eine Verlängerung des Arbeitsplatzes. Entsprechend enthusiastisch wurde Ende 2016 reagiert, als die Deutsche Bahn angekündigt hatte ihre ICE Flotte mit neuer, leistungsstarker WLAN Technik der schwedischen Firma Icomera aufzurüsten und zwar auch für die 2. Klasse.

Doch schnell kamen Zweifel auf in Sachen Sicherheit und der Nutzung des WLANs in den ICE Zügen. Wie der Chaos Computer Club Mitte 2017 berichtete (LINK) war die Schnittstelle des Herstellers Icomera mehr als schlecht programmiert und ermöglichte das einfache Datenauslesen. Angeblich wurde das Problem gepatcht, doch der CCC konnte nur eine „Verschlimmbesserung“ feststellen. Jedoch gibt es ein weiteres, gravierendes Problem. Ich werde im Folgenden darauf eingehen, theoretische Angriffsmöglichkeiten erläutern und Lösungsvorschläge präsentieren.

Continue reading

New publication (German/Afghanistan)

Dear readers,

in the current ZENITH Magazine you can find my reportage on young Afghans who got deported from Germany back to Kabul/Afghanistan. Together with the photographer Johanna-Maria Fritz we followed them for several days after their arrival. Additionally we interviewed numerous organisations in Germany as well as in Afghanistan to counter the German state narrative that Afghanistan would have “safe zones” for deportations.

The reportage can be read also online in German here: LINK