Today Wednesday January 20 2016 at 6:30pm the New York Linux Users Group (NYLUG) will host Let’s Encrypt: A Free, Automated, and Open CA at Civic Hall NYC. Let’s Encrypt (letsencrypt.org) is new free, automated, and open certificate authority created in order to help Web security and privacy to take a big step forward by adopting encryption via TLS for all traffic. This presentation will cover how Let’s Encrypt works and why it works the way it does. The event will be webcast live via the Internet Society Livestream Channel.
Tagged: security Toggle Comment Threads | Keyboard Shortcuts
Today Monday 14 December 2015 from Noon-2pm EST (17:00-19:00 UTC) the Global Knowledge Partnership Foundation, the Public Interest Registry (PIR) and the Internet Policy Forum of the Washington DC Chapter of the Internet Society (ISOC-DC) present the first event in a 3 event series of the Pathfinder Initiative about Building Internet Capacity for Non-Profits and NGOs. This kick-off event will focus on Internet Security. Speakers: Dr. Katherine Albrecht – Startmail; Courtney Radsch – The Committee to Protect Journalists; Christian Dawson – Internet Infrastructure Coalition. The event will be webcast live via the Internet Society Livestream Channel
View on Livestream: https://livestream.com/internetsociety/pathfinder1/
On January 13, 2014 the Berkman Center for Internet & Society at Harvard University presented a talk – The Great Firewall Inverts – saying:
The world is witnessing a massive expansion of Chinese telecommunications reach and influence, powered entirely by users choosing to participate in it. In Usage of the mobile messaging app WeChat (微信 Weixin), for example, has skyrocketed not only inside China, but outside, as well. Due to these systems being built upon proprietary protocols and software, their inner workings are largely opaque and mostly insecure. (WeChat has full permission to activate microphones and cameras, track GPS, access user contacts and photos, and copy all of this data at any time to their servers.)
In this talk, Nathan Freitas — Berkman Fellow, director of technology strategy and training at the Tibet Action Institute. and leader of the Guardian Project — questions the risks to privacy and security foreign users engage in when adopting apps from Chinese companies. Do the Chinese companies behind these services have any market incentive or legal obligation to protect the privacy of their non-Chinese global userbase? Do they willingly or automatically turn over all data to the Ministry of Public Security or State Internet Information Office? Will we soon see foreign users targeted or prosecuted due to “private” data shared on WeChat? And is there any fundamental difference in the impact on privacy freedom for an American citizen using WeChat versus a Chinese citizen using WhatsApp or Google?
Video is below:
Watch on YouTube: http://youtu.be/KEJGqNf2rgk
Transcribe on AMARA: http://amara.org/en/videos/QXtvLEbkPhRP/
Download video: http://wilkins.law.harvard.edu/events/luncheons/2015-01-13_frietas/2015-01-13_frietas853.mov
Download audio: http://wilkins.law.harvard.edu/events/luncheons/2015-01-13_frietas/2015-01-13_frietas.mp3
Twitter: @berkmancenter + Firewall
On October 28 2014 the New York Technology Council presented, as part of its Security Track, David Maman of GreenSQL speaking on Protecting Sensitive Data in the Cloud: New Approaches to Mitigate Database Security Risk. As data moves to the cloud, databases are increasingly vulnerable to breaches, and as a result enterprises need to ensure that they apply rigorous strategies and controls to protect their information assets. This talk is a brief review of how to classify and discover data, manage the risks associated with migrating data to the cloud, and identify effective tools and techniques to detect and respond to data breaches. Video is below.
VIDEO: @InternetSociety Briefing “Internet #Security and #Privacy: Ten Years Later” @isoctech at #ietf90
On July 22 2014 the Internet Society presented a briefing panel – Internet Security and Privacy: Ten Years Later – at the IETF 90 meeting in Toronto. Discussed were how Internet security and privacy landscapes have changed over the years, challenges we still need to address, and whether we’ll still be using the same security building blocks ten years from now. Also brought up were the societal and legislative changes that have affected the Internet, including user interfaces and risk assessment, privacy and identity implications of ‘free’ online services, and how the technical community can work together to implement more of the existing security standards like DNSSEC, DANE, and TLS. Speakers: Lucy Lynch, Director of Trust and Identity Initiatives, Internet Society; Danny McPherson, Senior Vice President and Chief Security Officer, Verisign; David Oran, Fellow, Cisco Systems; Wendy Seltzer, Policy Counsel, World Wide Web Consortium (W3C). Moderator: Andrei Robachevsky, Technology Programme manager, Internet Society. The session was webcast live via the Internet Society’s livestream channel, video is below.
View on YouTube: http://youtu.be/zqAgLkkRuBk
Transcribe on AMARA: http://www.amara.org/en/videos/QpvQ13x8nlpj/
On February 6 2014 security analyst and cryptographer Bruce Schneier gave a talk “NSA Surveillance and What To Do About It” as part of the Massachusetts Institute of Technology’s Big Data Lecture series. Video is below.
Download video: http://d1baxxa0joomi3.cloudfront.net/20010d06fe480b67ae457c7e947b2caf/basic.mp4
Transcribe on AMARA: http://www.amara.org/en/videos/Bi3iRRNRn3LV/
Last weekend February 8/9 2014 the New York Legal Hackers participated in an International Data Privacy Hackathon, along with colleagues in San Francisco and London. The New York location – the Made in NY Center in Dumbo, was webcast live by ISOC-NY via the Legal Hackers own YouTube channel.
The New York event kicked off with a spectacular panel of experts. Speaking were Jonathan Askin, Brooklyn Law School; Dona Fraser, ESRB; David Wainberg, AppNexus; Doc Searls; Amyt Eckstein, Moses & Singer; and K. Waterman, MIT Fellow.
* View on YouTube: http://www.youtube.com/watch?v=Lu_H_Bgt9po
At lunch on Saturday, there were two further keynote speakers: Susan Herman, Chair, ACLU, and Hon. Ann Aiken, Judge, District of Oregon. Judge Aiken challenged the hackers to come up with an app to aid released prisoners in successful reentry into society.
- View on YouTube: http://www.youtube.com/watch?v=OWeFhrJkAHw
Around 6:30pm Sunday, after a brief talk by Michael Joseph Holland, Center for Urban Science & Progress (CUSP) at NYU, and Dazza Greenwoood, MIT Media Lab, about a forthcoming anthology Privacy, Big Data, and the Public Good, the judging got underway. Projects presented were Using Copyright to Remove Revenge Pornography Selfies; Terms of Service Helper; Playing with Tor; Cookie Jar; Re-Entry (as suggested by Judge Aiken); and Ghostdrop.
- View on YouTube: http://www.youtube.com/watch?v=ty4bJHB_LiI
Finally the judging. The winner, Ghostdrop, took away a $1000 cash prize Runner up: Re-Entry got a silver GitHub account. Third place – Terms of Service Helper – got a 3D printed “giant-fracking” lock from Makerbot.
- View on YouTube: http://www.youtube.com/watch?v=ty4bJHB_LiI&t=1h46m15s
WEBCAST WED: 2014 Drell Lecture – Vint Cerf – Safety and Security in a Transnational World #VintCerfFSI @StanfordCISAC
Tomorrow, Wednesday January 22 2014, Stanford’s Center for International Security and Cooperation (CISAC) will present the 2014 Drell Lecture. This year’s speaker is Dr. Vint Cerf addressing the topic Safety and Security in a Transnational World. The event will be webcast live via the CISAC uStream. Starts at 7.30pm NYC time.
What: 2014 Drell Lecture – Vint Cerf – Safety and Security in a Transnational World
Where: Stanford University, California
When: Wednesday, January 22 2014 4.30-6pm PST| 2130-2300 EST | 0030-0200 UTC (Thu)
Twitter: @StanfordCISAC | #VintCerfFSI
The IPv6 Hackers list was created in August 2011 to provide a forum for IPv6 professionals to discuss low-level IPv6 networking and security issues that could eventually lead to advances and improvements. In July 2013 they held their first ever F2F meeting during IETF 87 in Berlin. Dan York of the Internet Society’s Deploy 360 team shot video.
View on YouTube: http://www.youtube.com/playlist?list=PLYFLRpJu7S0xNklKQYoxugKKoUkMrXxr2
Slides and info: http://www.ipv6hackers.org/meetings/ipv6-hackers-1
On June 27 2013, the Center for 21st Century Security and Intelligence at Brookings hosted General Martin E. Dempsey, chairman of the Joint Chiefs of Staff, for an event Defending the Nation at Network Speed. General Dempsey is the nation’s highest-ranking military officer. He previously served as the chief of staff of the Army, and before that as commander of U.S. Central Command. Following the general’s remarks, Brookings Senior Fellow Peter W. Singer joined him in a discussion of the state of American cybersecurity. Video is below. It runs just under an hour.
At the February 2013 OpenITP Tech-Activism 3rd Monday in NYC Nabiha Syed talked about online safety for journalists and small publishers. Nabiha co-founded Yale University’s Media Law Clinic, and since has been a Marshall Scholar at Oxford, worked at the New York Times as their First Amendment Fellow, and currently works as an attorney at Levine Sullivan Koch & Schulz, LLP. Video is below. Please try to find time to contribute to transcribing at AMARA.
Mansoor Ahmed is discussing. Toggle Comments
Tonight (Today in HK!) the Internet Society’s Hong Kong Chapter (ISOC HK) will co-present SecureHongKong 2012.
The one day conference will focus on how security professionals can address the constantly changing security landscape. In addition, it will provide the attendees with an opportunity to understand emerging technologies and how its adoption can help them mitigate the risk their organizations face with the increased sophistication of targeted attacks.
Hong Kong is UTC+8, thus 13 hours ahead of New York.
What: SecureHongKong 2012
Where: CyberPort HK
When: Monday December 17 2012 – 1000-1715 HKT | 0200-0915 UTC | 2100-0415 EST
Twitter: @isochk | #securehk (unconfirmed)
The Internet Society’s New York Chapter (ISOC-NY) and the New York Technology Council (NYTECH) joined the Public Interest Registry (PIR) in presenting a midday symposium “Mitigating DDoS Attacks: Best Practices for an Evolving Threat Landscape” in New York City on December 5 2012. Participating organizations include Afilias, Google, Neustar, M3AAWG, Symantec, EFF, and De Natris Consult. The event was webcast live via the Internet Society Chapters Livestream Channel. Audio / transcript links are below. English Closed captions are available.
Brian Cute – CEO, Public Interest Registry (PIR)
Jeff Greene – Senior Policy Counsel, Symantec
Ram Mohan – EVP & Chief Technology Officer, Afilias
Damian Menscher — Security Engineer, Google
Miguel Ramos – Senior Product Manager, Neustar
Danny McPherson – Chief Security Officer, Verisign
Jillian York – Director for International Freedom of Expression, Electronic Frontier Foundation (EFF)
@NCUC Policy Conference “Security & Freedom in a Connected World” Friday 10/12 (remote participation details) #icann #ncuc #icann45
The ICANN Non-Commercial Users Constituency (NCUC) (of which ISOC-NY is a member) is holding an all-day policy conference “ICANN & Internet Governance: Security & Freedom in a Connected World” in Toronto on Friday, 12 October 2012 – the eve of ICANN #45 .The conference will explore key ICANN and Internet governance policy issues. It will discuss the promotion of cyber-security and human rights on the Internet, multi-stakeholderism and the role of governments, and key policy issues surrounding new top-level domains such as freedom of expression and intellectual property rights. The conference’s subtitle recognizes society’s shared twin goals of security and freedom, and questions to what extent must society sacrifice one for the other. Remote participation will be available via Adobe Connect and there will also be a live webcast via the Internet Society Chapters Webcasting Channel. Toronto time is the same as NYC (=UTC-4)
What: NCUC Policy Conference: Security & Freedom in a Connected World
Where: Fairmont Royal York Hotel, Toronto, Canada
When: Friday October 12 2012 9am-5:45pm | 1300-2145 UTC
Adobe Connect: http://icann.adobeconnect.com/yyz45-ncuc/
Twitter: #ncuc | #icann45
A live webcast of the Asia Internet Symposium, Kolkata 2012 has just commenced on the Internet Society Chapters webcast channel. The theme of the Symposium is
‘The Twin Challenges of Security & Privacy: Balancing the Requirements‘.
What: Asia Internet Symposium, Kolkata 2012
Where: Hyatt Regency Kolkata, India
When: Tuesday October 9 2012 – 1400-1730 IST | 0830-1200 UTC | 0430-0800 EDT
IETF 84 in Vancouver is rapidly approaching (29 July – 3 August 2012). Newcomers’ training and technical tutorials take place on Sunday (29 July), with the working group (WG), Birds of a Feather (BoF), and plenary sessions happening during the week. Agenda is here. Remote participation details are here. The tools agenda does a great job of combining the two! Hashtag is IETF#84
Once again,the Internet Society is pleased to bring you a Rough Guide to the IETF 84 sessions most relevant to our current work.
At this IETF meeting, we are turning our attention to the following broad categories:
- Trust technologies
(All times are local, UTC -7 hours, EDT -3)
On Thursday May 17 2012 the Internet Society Webcasting Channel will stream live the Internet Society Hong Kong Chapter (ISOC-HK) event “Building Trust in Cloud Computing” Summit 2012, which will inaugurate the Cloud Security Alliance – Hong Kong & Macau Chapter. It will be one of the most prominent cloud security events ever in Southern China, and features notable speakers from the CSA, NIST, Intel, and the Hong Kong Government. Since Hong Kong is 12 hours ahead of NYC, the webcast will kick off at 9.30pm EDT on Wednesday for NYC viewers.
What: “Building Trust in Cloud Computing” Summit 2012
When: Thursday May 17 2012 9.30am-5pm HKT | 0130-1300UTC | 2130(weds)-0500EDT
Where: Cyberport, Hong Kong
Twitter: isochk | cloud security alliance | #cloud
Video is now available of the New York Technology Council and Internet Society New York Chapter (ISOC-NY) joint event “New Techniques for Protecting Cloud Data and Security” on Jan 5 2012.
The New York Technology Council and Internet Society New York Chapter (ISOC-NY) on Jan 5 2012 will present a joint event “New Techniques for Protecting Cloud Data and Security” – a review of new research, including techniques for data encryption and management, that promises to make the cloud a safer place.
The event is free. Please be sure to register at the link below.
What: New Techniques for Protecting Cloud Data and Security
When: Thursday January 5, 2012, 6pm-8pm
Where: Parsons Kellen Auditorium, 66 Fifth Avenue, NYC
Who: Free for ISOC-NY & NYTECH members. Free for non-members.
Webcast: Will be taped for later viewing
Twitter: #cloud, #security, @ISOCNY, @nytechcouncil
Shai Halevi, Cryptography Researcher, IBM – Since 1997 Shai has been a research staff member in the Cryptography group at IBM T.J. Watson Research Center. Shai is a board member of the International Association for Cryptologic Research and an editor in ACM TISSEC. He was an editor of the proceedings of CRYPTO in 2009, and co-editor of the proceedings of the Theory of Cryptography Conference in 2006. Shai has a PhD in Computer Science from MIT.
Michiel de Jong, Founder & Lead Developer, Unhosted.org – Michiel de Jong studied Computer Science at Leiden University before working as a researcher and web technology engineer in several European countries. Last year he took a three month sabbatical on tropical island Bali, to work on a hobby project. The result became known as the Unhosted project and quickly gained a lot of momentum in the free software community. This way, what started as a programming holiday, turned into a full-time occupation for him.
Susan Crawford in a Jul. 24 Bloomberg column Cyberwar Hysteria Hurts U.S., Helps Consultants notes how security hype, fueled by consultants spreading FUD couched in military language, is driving wholesale compromises of privacy and freedom.
The administration’s draft cybersecurity bill released in May would result in regulation of private Internet access providers by the Department of Homeland Security. The DHS approach maps to the framework under which chemical plants handling hazardous substances are regulated, signaling that some sector of the administration views the Internet as akin to an informational toxic-waste dump.
Most importantly, the bill would allow unrestrained “voluntary” sharing of any information by private operators with DHS, no matter how it was acquired and no matter how existing law would otherwise restrict disclosure of the information. Such sharing would be justified for cybersecurity purposes, if the operator made efforts to remove irrelevant identifying information and complied with not-yet-written privacy protections. This government- centered structure bypasses the Fourth Amendment’s right to privacy. The stated limitations are no real limitation at all.
The White House proposal would also broaden the scope of the Computer Fraud and Abuse Act, make the CFAA part of a racketeering prosecution (triggering harsh penalties), and generally enhance the sentences available under that statute. The CFAA already is interpreted breathtakingly broadly. All computers connected to the Internet are protected by the CFAA against undefined “unauthorized access,” which has made it possible for disgruntled employers to go after employees who use any information for purposes the employer doesn’t like. Expanding an already unconstrained scheme is the D.C. equivalent of jumping the shark; it calls the entire cyberwar enterprise into question.
Roger Cochetti, RJC Associates
- Jim Dempsey, Vice President of Public Policy, Center for Democracy & Technology
- Ed Felten, Chief Technologist, Federal Trade Commission
- Ambassador Phillip Verveer, Deputy Assistant Secretary of State & U.S. Coordinator for International Communications & Information Policy, State Department
While there have been concerns for some time a new report questions the reliability of SSL security, noting the possibility of the use of fake credentials to act as a middleman to eavesdrop on secure communications, including government surveillance usage.
Wired, in a seperate piece, notes that one vendor is even so bold as to sell a turnkey box to do the dirty work.
One of the Electronic Frontier Foundation’s founding principles was Mitch Kapor’s aphorism, “Architecture is politics.” The design of systems determines the kinds of politics that can take place in them, and designing a system is itself a political act. As part of EFF’s ongoing 20th anniversary celebrations, it held a panel called “Architecture is policy” at Carnegie-Mellon, featuring Ed Felten, Dave Farber, Lorrie Cranor, John Buckman, and Cindy Cohn
via Boing Boing
Lawrence E. Strickling, Assistant Secretary of Commerce for Communications and Information, gave a speech The Internet: Evolving Responsibility for Preserving a First Amendment Miracle at The Media Institute in Washington DC on February 24, 2010.
In it he suggests that we are now entering on a third stage of Internet development -whereas the Internet has been allowed togrow freely and form its own ecosystems, it is now becoming necessary to for some intervention to allow it to flourish optimally, particularly with respect to free speech. He notes the following initiatives:
Child protection and Freedom of Expression: The Online Safety Technology Working Group, created by Congress and convened by NTIA, will issue a report on the state of the art in child protection strategies online.
Cybersecurity: How do we meet the security challenge posed by the global Internet which will require increased law enforcement and private sector technology innovation yet respect citizen privacy and protect civil liberties. A Commerce Department cybersecurity initiative will address these issues, particularly as they relate to improving the preparedness of industry for cyber attacks.
Copyright protection: NTIA and the US Patent and Trademark Office, are beginning a comprehensive consultation process that will help the Administration develop a forward-looking set of policies to address online copyright infringement in a balanced, Internet-savvy manner.
Internet Governance: The NTIA will conduct a series of administrative reviews to ensure that the agreed upon ICANN commitments are carried out in full.