Yottabytes: Storage and Disaster Recovery

May 13, 2016  11:10 PM

Man Jailed for Forgetting an Encryption Passcode

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Encryption, government, privacy, Security

It’s like one of those nightmares where you keep trying to type in a password and it doesn’t work. Except in this case, it’s real life, and a man has been in jail for seven months – without being charged – for forgetting an encryption passcode.

Francis Rawls, a former sergeant in the 16th district of the Philadelphia Police Department, has been accused of having child pornography on two encrypted Macintosh hard drives, which had been seized in March, 2015. He was ordered by a judge in August, 2015, to provide the passcode to decrypt the drives, but he claims to not remember it.

I don’t know about you, but I’ve been known to forget a password over a long weekend, let alone five months.

Consequently, for the last seven months, Rawls has been in jail for contempt of court for refusing the judge’s order, though he hasn’t been charged with a crime. His attorney is claiming that having to provide the passcode violates his right to self-incrimination.

Back story

Courts have been deciding back and forth on the issue for several years now and, most recently, have decided that a phone password is more like the combination to a safe than a physical object such as a key. It matters because something that is the expression of one’s mind, like the combination to a safe, is protected under your Fifth Amendment rights not to incriminate yourself. A physical key, something you possess, is something you can be forced to produce.

The Fifth Amendment angle is, in fact, why police wanted Rawls to type in the passcodes himself rather than tell someone else what they were – because it was thought that the latter would amount to testifying against himself, writes Christine Hauser in the New York Times.

“Quite sensibly, Rawls refused,” writes William Grigg in this website Personal Liberty. “He is a veteran cop and knows – better than the public he supposedly served in that capacity – what happens when a targeted citizen offers the police unrestricted access to his home and personal effects. If he had acceded to the demand for his encryption codes, Rawls would have done the equivalent of allowing the police to rummage through every room, closet, and drawer in his home, while letting them inspect all of his correspondence, medical records, and personal finances. Diligent and motivated investigators would eventually find something that an ambitious prosecutor could use to manufacture a felony charge.”

The government is claiming it wouldn’t be self-incrimination because it knows there’s child pornography on the hard drives. “If the government already knows there’s child pornography on Rawls’s hard drives, then it’s not self-incrimination for Rawls to give his passwords,” explains Travis Andrews in the Washington Post. “Think of it like a search warrant: if an officer of the law is granted a search warrant to someone’s house, then that suspected party has no recourse but to allow the officer enter his house. Much like that hypothetical person wouldn’t be able to lock the door, Judge Rueter ruled that Rawls can’t refuse to provide the passwords.”

On the other hand…

Needless to say, Rawls’ defense attorney takes issue with this belief. “The government has not, as required by the relevant decryption precedents, demonstrated that the storage of any particular file or files on the hard drives is a foregone conclusion,” notes the brief. “Instead, it put forward only a suspect witness who gave attenuated testimony and a forensic examiner who was unable to offer any authoritative opinion regarding the contents of the hard drives.”

Nor does his attorney agree with the dodge of having Rawls type in the passcodes rather than provide them to someone else. “The fact that the government seeks to have the codes entered into a forensic interface rather than spoken aloud does not change the analysis,” notes the brief. “It still demands that Mr. Doe divulge the contents of his mind, not demonstrate his typing skill.”

In an interesting coincidence, Rawls is being compelled to enter his passcode using the All Writs Act, the same act under which the Federal Bureau of Investigation recently tried to force Apple to develop an operating system to make it easier for it to break into a suspected terrorist’s iPhone.

After Rawls was accused of having child pornography on his iPhone 6, he did enter the passcode to decrypt that, and no child pornography was found. Investigators were able to decrypt his Mac Pro using a passcode found on the iPhone 6, without finding child pornography on it, according to a brief filed in the case. And he did try, reportedly for several hours, to come up with the passcode to decrypt his hard drives.

Was it a ruse?

The fact that Rawls did willingly decrypt the phone, and did attempt to enter a passcode for the hard drives, is being called a “ruse” by prosecutors. The government “contended that Mr. Doe’s unlocking of the iPhone 6 and entry of passcodes for the hard drives ‘was a deliberate façade designed to feign compliance with the Court,’” writes Rawls’ defense attorney. How it would have looked different if he honestly did want to cooperate and honestly did forget the passcode, nobody seems to have said.

This isn’t the first time that someone has been jailed for contempt for refusing to provide a passcode for an encrypted drive – several people in the U.K. have been jailed for refusing to provide an encryption passcode — but it may be the first time in the U.S.

It’s also not the first time someone has refused to provide the passcode to decrypt their hard drive; Jeffrey Feldman, who was also accused of having child pornography, refused to provide a passcode, and several judges ruled several different ways on whether he had to provide it. In that case, however, investigators learned enough details about what was on the drives on their own that they dropped the attempt to have him decrypt them.


To make matters worse for Rawls, because he is a police officer – that is, former police officer; he was fired, after 17 years on the force, after he was jailed – he was put into solitary confinement to protect him from the other inmates. So not only has he been in jail seven months; he’s been in solitary confinement for seven months.

“He spends 22 and a half hours of every day completely alone,” writes Andrews. “If someone visits him, they have to remain behind a barrier. Each month, he’s granted one fifteen-minute phone call.”

Meanwhile, government prosecutors have until May 16 to file their brief with the Third District Federal Circuit Court of Appeals in response to Rawls’ attorney’s motion to have him released.

On the other hand, Rawls has a long way to go to set any sort of record for longest jail time, without a charge, for contempt. H. Beatty Chadwick was released in 2009 after serving 14 years for contempt after saying he had lost $2.75 million and could not split it with his former wife. He pointed out that he would have served less time if he had been convicted of third-degree murder.

April 30, 2016  10:57 PM

‘License and Registration. And, Cell Phone.’

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
government, privacy, Security, smartphone

We’re all accustomed to handing over our driver’s license and registration when we get pulled over. But if New York lawmakers have their way, you’ll also have to hand over your cell phone after an accident, so police can check to see whether you were using it illegally at the time.

While the Supreme Court ruled in June, 2014, that police need a search warrant, or your consent, to gain access to your phone, this bill — New York Senate Bill S6325A — elides this requirement by declaring that by driving in New York, you are automatically giving consent.

Motorists involved in crashes who refuse to surrender their phones to police would have their licenses suspended, and could face a one-year revocation of their license and a $500 fine, according to Mike McAndrew in Syracuse.com.

The bill prohibits police to review the content of a person’s cell phone, such as texts, social media postings, and email messages, McAndrew writes. “It would only allow officers to check if the phone was illegally used while driving.”

New York would be the first state to pass such a law, McAndrew adds, but the New York Times notes that such a law could spread to other states. For example, the Vermont legislature earlier this year considered a bill that would also require drivers to hand over their phones so police could check whether they’d been in use, without an accident being required.

The bill was announced in collaboration with an activist group founded by parents of children involved in crashes caused by drivers distracted by their devices, called Distracted Operators Risk Casualties, or Dorcs. (And no, we’re not making that up.)

But some are skeptical about the idea. “They would get into your phone only for the purpose of finding out whether you were using it at the time of the collision. They would not, of course, look at anything else while they were in there. They totally promise,” snarks Kevin Underhill in Lowering the Bar. “If there’s anything history has taught us, it’s that law enforcement and government can be trusted not to adapt a new technology for questionable uses despite promises to the contrary.”

Underhill points out, too, that the proposed law is pretty broad. “It applies not just to a driver suspected of causing injury or death but to all drivers in any ‘accident or collision involving damage … to property,'” he notes. “Somebody backed into your car at the gas station? Hand over your phone. Oh, you didn’t have it with you right then? Did you have it ‘near the time of such accident or collision’? Hand it over. And I’m not sure how they could determine whether you were using it at any particular time without learning about what you were using it for. For that matter, if the fact of ‘use’ is really all they would learn, how would they know you were using it illegally? I ‘use’ my phone all the time for voice navigation. Is that a problem now? What about hands-free calling?”

“There are so many ways in which somebody could be using the phone in a car that is not a violation of any laws,” Mariko Hirose, a lawyer with the New York Civil Liberties Union, tells Joel Rose of NPR. “This bill is simply providing a way for law enforcement to get around the privacy protections that apply to a cellphone.”

Other civil liberties organizations also have concerns with the bill, such as the Electronic Frontier Foundation (EFF), which believes it’s unconstitutional. “A law that essentially requires you to hand over your phone to a cop in a roadside situation without a warrant is a non-starter,” Lee Tien, a senior staff attorney with the EFF, told Jose Pagliery of CNN. Similarly, Marc Rotenberg, the president of the Electronic Privacy Information Center, called the bill “excessive, unnecessary, and invasive,” Pagliery writes.

Actually, the real target of the law appears to be the police, who apparently do not always attempt to retrieve records from cell phones after accidents. “Law enforcement can subpoena records from the phone company or ask a judge for a warrant to search the phone itself,” Rose writes. “But they don’t always do it because it takes a lot of money and time for cases that can be hard to prove.”

“All you really need to know about New York Senate Bill S6325A is that it would create a law named after a person (this one would be ‘Evan’s Law’), since any law named after a person is almost always a terrible idea,” Underhill writes. “If the law were a good idea, they wouldn’t need to try to generate support by manipulating people’s emotions.”

April 28, 2016  11:13 PM

Yet Another Set of Terrorists Fails to Use Encryption

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Encryption, government, privacy, Security

Government officials have been using recent terrorist attacks to try to justify limiting the use of encryption. You may recall, for example, that the Federal Bureau of Investigation (FBI) recently attempted to force Apple to develop a different version of the iPhone operating system to make it easier for the agency to break into encrypted phones thought to be owned by the perpetrators in last December’s San Bernardino attack.

Similarly, states such as California and New York have attempted to put forth bills that would outlaw the sale of cell phones with unbreakable encryption, while agencies such as the FBI have been recommending a mandated “back door” for law enforcement into encrypted phones.

These efforts have been continuing even though there’s been very little indication that terrorists are actually using encryption. For example, the FBI used last fall’s terrorist attacks in Paris to justify their long-held position that governments should mandate a “back door” into encryption, even though there’s no evidence the attackers used encryption — and, in fact, quite a lot of evidence that they didn’t.

One of the most recent incidents was the March bombings in Brussels. Rep. Adam Schiff, the California representative who’s the top-ranking Democrat on the House Intelligence Committee, suggested the same day they occurred that encryption might have been involved, writes Cory Bennett in The Hill.

Since then, law enforcement has been studying the laptop of one of the suicide bombers, Brahim El-Bakraoui, who blew himself up at Brussels airport, writes Lucy Clarke-Billings in Newsweek. “The bomber referred to striking Britain, the La Défense business district in Paris, and the ultra-conservative Catholic organization, Civitas, in a folder titled ‘Target,’ written in English, according to the source,” Clarke-Billings writes. “The laptop was found in the trash by police in Brussels shortly after the suicide bombings on March 22 that killed 32 people at the city’s airport and on a Metro train.”

So let’s get this straight. The data was not only unencrypted, but in English. And on top of that, it was located in a file folder. Labeled TARGET.

That’s right up there with Jurassic Park’s “It’s a Unix system! I know this!”

Security experts who are following the incidents believe there’s no indication that terrorist organizations have some sort of overarching encryption plan. “The clear takeaway from this list is that: 1) ISIS doesn’t use very much encryption, 2) ISIS is inconsistent in their tradecraft,” writes an information security researcher known as “the grugq” in Medium. “There is no sign of evolutionary progress, rather it seems more slapdash and haphazard. People use what they feel like using and whatever is convenient.”

The laptop discovery fits in with what appears to have been the strategy used thus far, writes Quartz. “ISIL’s strategy in last year’s Paris attacks and others was simple: avoid trackable electronic communications like email and messaging apps in favor of in-person meetings and disposable devices, or ‘burner phones,’ that are quickly activated, used briefly, and then dumped,” the organization writes. “Communications from the Paris attacks were reportedly (paywall) largely unencrypted, and investigators have found much of their intelligence through informants, wiretaps, and device-tracking rather than by trying to decipher secret messages. That’s not to say that terrorists won’t use encryption to carry out heinous acts. They will. But encryption is by now a fact of life: your apps, credit cards, web browsers and smartphones run encryption algorithms every day.”

Of course, to some people, the TARGET folder discovery was almost too good to be true. Skeptics on social media have been suggesting that the folder was planted by a group such as the CIA, that the folder was a decoy, and so on.

On the other hand, there doesn’t seem to have been much of a question about confirming who performed the Brussels attacks, especially since they were suicide attacks. If the folder was really planted, wouldn’t it have made for sense for the government agency involved to have used some sort of encrypted – though easily breakable – code? That way, the agency could have used it to justify its attempts to outlaw encryption. If the FBI planted the TARGET folder, it missed an opportunity.

April 24, 2016  10:57 PM

People Still Poke USB Sticks In Things, Researchers Find

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

It turns out that the reason people keep poking USB sticks into things isn’t necessarily because they’re stupid. It’s because they’re nice.

A recent study by researchers at the University of Illinois discovered that almost half of the people who found USB sticks scattered by the researchers ended up sticking them into their computers. This isn’t new. What was new is the reason – ostensibly, so the people who found them could return them to their owners.

“We dropped nearly 300 USB sticks on the University of Illinois Urbana-Champaign campus and measured who plugged in the drives,” writes Elie Bursztein, one of the researchers, who heads Google’s anti-abuse research team. “We find that users picked up, plugged in, and clicked on files in 48 percent of the drives we dropped,” he writes. “They did so quickly: the first drive was connected in under six minutes.” The full study will be published in May 2016 at the 37th IEEE Security and Privacy Symposium, he adds.

“We dropped five types of drives on the University of Illinois campus: drives labeled ‘exams’ or ‘confidential,’ drives with attached keys, drives with keys & return address label, and generic unlabeled drives,” Bursztein writes. “On each drive, we added files consistent with the drive’s label: private files for the sticks with no label, keys or a return label; business files for the confidential one; and exam files for the exam drives.”

In fact, researchers found that they could make people even more likely to perform this altruistic behavior by personalizing the stick, Bursztein adds. “Attaching physical keys to elicit altruistic behavior was most effective,” he writes. “Keys with an attached return label were the least opened, likely because people had another means to find the owner.”

So what makes all this a problem?

For that matter, the researchers’ USB sticks essentially had malware on them. “All the files were actually HTML files with an embedded image on our server,” Bursztein writes. “This allowed us to detect when a drive was connected and a file opened without executing any unexpected code on the user’s computer. When a user opened the HTML file, we asked them if they wanted to opt out or to answer a survey about why they plugged in the drive in exchange of a gift card. 62 users (~20 percent) agreed to respond.”

And that’s where the being nice part comes in. “When asked why did they plugged the drive most survey respondents claimed it was for the altruistic purpose of returning the drive to its owner (68 percent),” Bursztein writes. “Only 18 percent said they were motivated by curiosity.”

Of course, that’s what they said. “The self-reported motivation is not consistent with which files were accessed,” Bursztein notes. “For example for the drives with physical keys attached, users clicked on winter break pictures more often than on the resume file, which would have contact information of the owner. Interestingly the same behavior is observed for the drives with a return label, but not for the drives with no marking.”

The other interesting aspect is how quickly this all happened. “Not only do many people plug in USB devices, they connect them quickly,” writes Bursztein. “20 percent of the connected drives were connected within the first hour and 50 percent were connected within 7 hours.” What makes this a problem is that if such sticks did contain a virus, it could spread before anyone could deal with it. “The windows of time available to detect that this attack is occurring is very short,” he warns. In fact, the first report of the presence of “weird USB keys” on the campus only started to surface on Reddit roughly 24 hours after the first wave – which still didn’t keep people from continuing to plug them in, he writes.

What’s particularly interesting is that this behavior is universal. “We found no difference between the demography, security knowledge and education of the users who plugged USB drives and the general population,” Bursztein notes.

Between this and all the other security flaws inherent in USBs – even Captain America, ATMs, and the International Space Station are vulnerable — Bursztein is actually suggesting getting rid of USB sticks altogether. “You can enforce a policy to forbid the use of USB drives,” he writes. “On Windows this can be done by denying users access to the Usbstor.inf file. With the advent of cloud storage and fast internet connections, this is policy is not as unreasonable as it was a few years back.”

What’s going to be interesting is what sort of ramifications there’s going to be about this research. For example, it sounds like telling people not be stupid isn’t a very successful strategy, because they don’t think they’re being stupid. “Why being more security savvy is not negatively correlated with being less vulnerable is everyone’s guess,” Bursztein writes. “It raises the question of the effectiveness of security education at preventing breaches.”

Not to mention, what other kinds of things might people be convinced to do because they think they’re being nice?

April 7, 2016  9:55 AM

After Outcry, CIA Drops Plan to Erase Its Email Messages

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Email, privacy, Security, Transparency

Despite all the attention paid to Hillary Clinton’s email server, it’s easy to overlook the fact that a number of federal agencies have been looking for ways to delete email messages.

The Central Intelligence Agency (CIA) recently decided that it was dropping a plan it had made in 2014 that would have deleted the email messages of everyone in the agency – other than the top 22 people – within three years of their departure from the agency, “or when no longer needed, whichever is sooner.”

“A representative for the National Archives confirmed to The Hill on Monday that the agency backtracked on its proposal last month, following efforts to reorganize its structure,” writes Julian Hattem.

According to The Hill, the restructuring, announced in October, involved creating a fifth “directorate” at the CIA, Digital Innovation, tasked specifically with cybersecurity issues.

The CIA wasn’t the only agency to come up with a plan to scrub old email messages. The Department of Homeland Security announced a similar plan in November, 2014.  That proposal covered more than just email messages, but also included surveillance data, so there was some security rationale for deleting it.

The theory behind the deletion was that any important CIA email messages would have been retained in some other way, such as by being sent to or from one of the 22 senior officials, wrote Hattem in The Hill at the time. In addition, the original request had noted that email messages not from senior staff that were in fact implementing programs on behalf of senior staff were intended to be retained.

The CIA plan was swiftly criticized by a number of transparency organizations and Congressional representatives, including the heads of the Senate Intelligence and Judiciary committees. This led to the National Archives temporarily changing its mind. The CIA has now permanently withdrawn the program. Opponents of the CIA’s proposal also pointed out that the organization had already destroyed 2005 records, such as waterboarding videotapes.

So what’s leading to all these agencies wanting to delete information? In the case of DHS, it was supposedly due to storage costs, a justification that some found disingenuous due to the low cost of storage these days. Overall, it was a request from the Obama administration to help keep track of just the important stuff.

“The National Archives has been pushing all federal agencies for better management of the avalanche of email they generate daily,” writes David Welna for NPR. “The Obama administration has issued a directive giving those government entities until the end of 2016 to propose policies to winnow out important email, store it electronically, and discard the rest.”

That proposal is called Capstone, for a program that helps retain email messages without requiring user input. Based on a 2011 White House directive, Capstone is intended to make it easier for find federal government email messages.

For example, the CIA had previously been preserving  email messages by printing them out and filing them, wrote Ali Watkins for HuffPost Politics. “The CIA’s current system involves printing and filing away emails that are deemed important, a determination that is left largely to the discretion of individual agency employees,” she writes. “It is not clear what the timeframe is for how long those printed emails and any remaining electronic archives are supposed to be retained, though it appears there is currently no official requirement.”

What’s surprising is that the National Archives approved the plan in the first place. One would think that the Archives, of all places, would feel strongly about preserving records such as email messages, knowing that, in many cases, the value of a particular message might not be recognized until years later.

March 31, 2016  5:11 PM

Computer Techs Required to Report Child Pornography

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
law, privacy, Security

You may not know it, but if you’re a computer technician, you may have the same obligation to report child pornography as a doctor, day care facility, or film processor.

Utah just passed the Reporting of Child Pornography law, HB155, which puts this into place. It joins what is said to be 12 other states, as well as the province of Manitoba in Canada, in passing such legislation, which include Arkansas, Illinois, Missouri, New Jersey, North Carolina (where there has been at least one such case), Oklahoma, South Carolina, and South Dakota. Oregon and Florida have also at least considered such laws.

Under the Utah law, if computer technicians encounter what they consider to be child pornography in the course of their jobs, they are required to report it to a state or local law enforcement agency, the Cyber Tip Line at the National Center for Missing and Exploited Children, or an employee designated by the employer to receive and forward any such reports to one of the aforementioned agencies, writes the law firm of Fabian Van Cott.

It isn’t clear whether the legislation is also intended to apply to, say, sysadmins or technicians who work on computer storage, but it’s a safe way to bet. The law also allows technicians to disregard confidentiality agreements between clients to protect them from being sued by the company or clients as a result of the report, writes the Daily Universe.

The legislation is derived from similar legislation that had been enacted for film processors in a number of states. Back when there was such a thing as Fotomat, film technicians were also obligated to report it when they encountered child pornography in film left for them to develop.

As with film technicians, computer technicians are specifically told that “baby in the bathtub” pictures shouldn’t count. And technicians are told they aren’t obligated to go hunting for child porn on computers under their purview.

On the other hand, under the Utah law, they could themselves have charges filed against them for failing to report. “Computer technicians could face a $1,000 fine or six months in jail if they don’t report child pornography to police,” warns Fox 13. “Proving that the technician saw something illegal, but didn’t report it would fall on the shoulders of the prosecutor.”

Plus, the bill provides “immunity against civil lawsuits for technicians who report in good faith but make a mistake, writes the Salt Lake Tribune. The combination certainly seems intended to encourage people to err on the side of reporting.

What’s most surprising, actually, is how many Utah legislators – 13 out of 75 — actually debated and voted against the bill. Critics called its language “fuzzy” and were concerned about the implications.

“The idea of somebody from Geek Squad or somebody who is helping someone else at home with their computer, if you find something that you find offensive or that you think is pornographic, you must report that? That concerns me,” Rep. Johnny Anderson, R-Taylorsville, who owns several child care facilities, told City Weekly. “I don’t want us going down the road of telling someone that if you think your neighbor is doing something wrong, you are required by law to go to the police about it. I don’t want to immediately compare it to Nazi Germany, but it feels that way.”

Some computer technicians were also worried about the ramifications of the bills. Though several of them pointed out that they already report such findings, they were concerned about the legal penalties should prosecutors decide that they had seen the images.

Lawmakers also expressed concerns about the possibility of false accusations, writes the Deseret News. “Rep. Ed Redd, R-Logan, said he could see people being blackmailed and their reputations sabotaged. ‘Anyone of us in this room could be accused of this,’ he said.”

And indeed, at least one computer technician in Missouri has already attempted to blackmail one such client, instead of reporting the files to the authorities.

This wasn’t the only pornography legislation passed by the Utah state government during its most recent session. The state became the first in the country to name pornography a public health crisis through a bill that was passed unanimously by both houses of the Utah Legislature.

The organization behind the bill, the National Center on Sexual Exploitation – which considers the American Library Association a “pro-pornography organization” — is reportedly writing similar legislation for eight states so far. The intention behind the bill is said to be to encourage the federal government to more decisively enforce its anti-obscenity laws.

“This ought to be seen like a public health crisis, like a war, like an infectious fatal epidemic, like a moral plague on the body politic that is maiming the lives of our citizens,” Elder Jeffrey R. Holland, member of the Quorum of the Twelve Apostles of the Church of Jesus Christ of Latter-day Saints, reportedly told some 2700 attendees at the 14th annual conference of the Utah Coalition Against Pornography. “We do need to see this (pornography) like avian flu, cholera, diphtheria or polio.”

Ironically, despite its reputation, Utah has been considered to be a hotbed of porn use, ranking #1 in the country in 2009 for subscriptions to porn sites, according to one study. While some have criticized the methodology of that statistic, pointing instead to a different one where Utah ranks 40th, that study, too, has its flaws, as it’s limited to only a single site, PornHub.com, and measures “pageviews per capita.” Not to mention, “Mormon porn” is apparently a thing, as are other ways of getting around the porn restriction.

And despite Rep. Steve Eliason, R-Sandy, telling the Salt Lake Tribune that the bill “makes clear that in Utah, we don’t stand for child abuse,” Utah is also ranked highly on another statistic: Actual sexual abuse of minors, according to U.S. Department of Health and Human Services’s 2013 report. One study last November found Utah first in the country for child sexual abuse, though one organization claimed this was because Utah had “tougher laws than other states and may pursue child abuse more vigorously.”

With child pornography being one of those sure-fire issues that few people would be caught dead opposing, the computer technician legislation is likely to spread to other states. So be aware.

March 27, 2016  4:48 PM

Open Source Database Raises Health Data Privacy Concerns

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Database, health, privacy, Security

It sounds like a noble cause: A company, Ambry Genetics, is making a database of information it’s collected about 10,000 people with breast and ovarian cancer freely available, in the hopes that other researchers can use it to help develop preventions and cures for such diseases. But while the company no doubt has great intentions, release of medical data like this can create health data privacy concerns.

“The 10,000 people all have or have had breast or ovarian cancer and were tested by Ambry to see if they have genetic variants that increase the risk of those diseases,” writes Andrew Pollack in the New York Times. “Ambry returned to the samples from those customers and, at its own expense, sequenced their exomes — the roughly 1.5 percent of a person’s genome that contains the recipes for the proteins produced by the body. Since proteins perform most of the functions in the body, sequencing just that part of the genome provides considerable information, and is less expensive than sequencing the entire genome.” The company spent $20 million on the project, he adds.

What makes this whole story particularly poignant is that Ambry founder and CEO Charles Dunlop suffers from cancer himself, which he attributes to a genetic mutation, and recently stepped down as CEO. “I would not be resigning if it weren’t for having stage four prostate cancer, which is now in remission,” he writes. “Cancer sucks. The stress of the job coupled with my gene mutation leaves a high likelihood of bringing the cancer back.”

This isn’t the first time databases of such anonymous medical data have been collected. Icelandic company deCODE is working to develop a database of health data for as much as two-thirds of the population of the country. Because the Icelandic population is relatively insular, this was a treasure trove for researchers, writes Emma Jane Kirby for the BBC.

“With little significant immigration since the Norsemen first settled here in the 9th Century, Iceland is among the most homogeneous nations on earth,” Kirby writes. “With so little background noise to filter in the small population of just 320,000 people, it’s much easier for scientists to isolate faulty genes than it is in larger multi-ethnic countries such as Britain or the US. Iceland also has a database containing the genealogy of the entire nation dating back 1,100 years.”

The Ambry Genetics database, known as AmbryShare, is nominally anonymous, Pollack writes. “AmbryShare will not contain the actual exome of each person, because that would pose a risk to patient privacy,” he writes. “Rather it will contain aggregated data on the genetic variants. For example, a researcher could look up how frequently a particular mutation occurs among the 10,000 people. Ones that occur frequently in these 10,000 patients, but not among healthy people, could raise the risk of developing those cancers.”

But health data privacy research has shown that “anonymous” medical data isn’t necessarily so and that individuals can be identified by a remarkably short list of data. In fact, just knowing a gender, birthdate, and zip code is unique for 87 percent of the U.S. population, wrote Seth Schoen for the Electronic Frontier Foundation in 2009.

“The notion of “anonymized” or “sanitized” data is then problematic; researchers habitually share, or even publish, data sets which assign code numbers to individuals,” Schoen wrote. “There have already been conspicuous problems with this practice, like when AOL published “anonymized” search logs, which turned out to identify some individuals from the content of their search terms alone.”

Also recall that law enforcement agencies have been doing what they can to mine genetic information from various private companies that collect it, such as 23andme. While the Ambry database includes only people with breast or ovarian cancer, it doesn’t necessarily mean that it could only help law enforcement track down people with those conditions. Certain components of DNA are passed down through the father and mother. It could happen that a relative of a criminal would be tested and in the database, which would help narrow down the search.

Health data privacy is likely to become even more of an issue in light of President Barack Obama’s Precision Medicine Initiative, which is intended to create a database of medical information for a million people and is expected to cost as much as $1 billion over the next four years.

“When information from one million people is brought together, it would make an attractive target for a hacker working to link the data back to individuals,” writes Dina Fine Maron in Scientific American. “Such a breach could rob both patients and their families of their privacy. Data for research are typically scrubbed of identifying factors like a patient’s name and birth date, but someone with enough information about an individual’s family tree may be able to connect some dots.”

In fact, health data privacy concerns have been enough to keep some people from participating in studies, Maron notes. But the PMI database could also include existing databases with participants who didn’t consent to this specific sort of aggregation, but who agreed that their data could continue to be used for research.

The downside of such privacy concerns is that not making the data accessible is a loss to research. “Admittedly, there’s not much loss to society if IMS Health can’t sell prescription data to marketers,” wrote the late tech journalist Steve Wildstrom in 2011, in response to a legal case on the issue of “anonymous” health databases that turned out not to be. “But there could be a considerable loss if researchers lose access to great masses of aggregated data. We are just at the point where the collection and analysis of vast amounts of data is becoming routinely practical. While there may be considerable risks in assembling that data, there is also a wealth of information about ourselves and our society that could be obtained from them. The debate must weigh both benefits and risks.”

March 17, 2016  4:55 PM

License Plate Readers Are Storing Everywhere You’re Going

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
privacy, Security

Remember a couple of years back, when people realized that their Android phones actually stored their location data, and how uptight everyone got? It turns out that private companies and governments are doing the same thing with your car using license plate readers, building gigantic databases of everywhere you’ve been. It’s perfectly legal, they don’t need a warrant, and they can even make money selling the data.

“These readers, which are situated at intersections, scan license plates and cross-reference them with state, federal and Department of Motor Vehicles records,” writes Jaxon Axelrod in American City & County of one such system, in Freeport, N.Y. “Police are alerted at a command center that is open 24 hours a day, seven days a week when a plate is connected with an infraction.”

The town of 43,000 paid $750,000 for the system, which has tracked 17 million plates in three months. In that time, Freeport has impounded more than 548 vehicles, issued 2,008 summons, returned 15 stolen vehicles to their owners, and arrested 28 people, Axelrod writes.

In fact, the system is so successful that the police chief wants to expand his staff of 95 by seven more officers to keep up, after overtime costs increased by 20 percent. Dissenters say the officers are being kept busy by writing up minor offenses such as expired tags.

In Pennsylvania, the state plans to eliminate registration stickers entirely in favor of license plate readers. Ironically, in that state, some police officers are against the idea, primarily due to cost concerns.

In other cases, private companies are collecting the data, writes Conor Friedersdorf in The Atlantic. “Throughout the United States—outside private houses, apartment complexes, shopping centers, and businesses with large employee parking lots—a private corporation, Vigilant Solutions, is taking photos of cars and trucks with its vast network of unobtrusive cameras,” he writes. “It retains location data on each of those pictures, and sells it.”

As of January, Vigilant Solutions has taken roughly 2.2 billion license-plate photos to date, and adds about 80 million more each month, Friedersdorf writes, noting the company has 3,000 law enforcement agencies, comprising approximately 30,000 police officers, among its clients.

Between 2007 and 2012, the U.S. Department of Homeland Security distributed more than $50 million in federal grants to law-enforcement agencies for automated license-plate readers, write Julia Angwin and Jennifer Valentino-Devries in the Wall Street Journal, adding that a 2010 study estimated that more than a third of large U.S. police agencies use automated license-plate readers.

It’s a lot of data that can infringe on people’s privacy by recording their comings and goings about sensitive locations, and which is readily accessible. “Police can generally obtain it without a judge’s approval,” Angwin and Valentino-Devries write. “By comparison, prosecutors typically get a court order to install GPS trackers on people’s cars or to track people’s location via cellphone.”

These systems are catching the attention of civil liberties organizations such as the American Civil Liberties Union and the Electronic Frontier Foundation. Aside from the whole issue of whether it’s a violation of our civil rights to use license plate readers to collect this data in the first place, the organizations are concerned about the safety of the data. In 2015, EFF learned that more than a hundred automated license plate reader cameras were exposed online, “often with totally open Web pages accessible by anyone with a browser,” the organization writes.

In response, some states are considering legislation, such as limiting how much data can be stored or the length of time it can be stored. The vendors, for their part, claim that such laws are a violation of their rights to free speech.

As with other privacy efforts such as the FBI’s attempt to get Apple to develop software to break into an iPhone owned by the San Bernadino shooters, supporters of the systems point to their abilities to fight crime. But only a tiny fraction of the captured plates are actually associated with a crime, according to the 2013 ACLU report, You Are Being Tracked.

“In Maryland, for every million plates read, only 47 (0.005 percent) were potentially associated with a stolen car or a person wanted for a crime,” write James R. Healey, Greg Toppo and Fred Meier in USA Today. “In one Sacramento shopping mall, private security officers snapped pictures of about 3 million plates in 27 months, identifying 51 stolen vehicles — but that’s a success rate of just 0.0017 percent.”

People who aren’t criminals are also concerned. “Through the “stakeout” feature, the NYPD may learn who was at a political rally, at an abortion clinic, or at a gay bar,” writes the ACLU. “Through the predictive analysis, the NYPD may learn that a person is likely to be near a mosque at prayer time or at home during certain hours of the day.  Through the ‘associate analysis,’ the NYPD may come to suspect someone of being a ‘possible associate’ of a criminal when the person is simply a family member, a friend, or a lover.”

On the bright side, technology is already being developed to solve the problem: “license plate reader blocker” has almost 100,000 hits on Google.

March 9, 2016  3:53 PM

Time for Backblaze’s Hard Drive ‘Swimsuit Issue’

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Backblaze, hard drive, HGST, Seagate, Storage, toshiba, western digital

The rest of the world has the Sports Illustrated swimsuit issue. The storage world has the Backblaze annual hard drive status report, but which is drooled over and argued over just as passionately, ever since the company started releasing the data a couple of years ago.

To give you some idea of the scale we’re talking about here, Backblaze had 56,224 spinning hard drives containing customer data as of the end of 2015, located in 1,249 storage pods. In comparison, a year ago the company had 39,690 drives running in 882 pods. That’s an increase of about 65 petabytes, more or less, the company writes.

The company uses 18 different types of hard drives in its data center, ranging from 45 HGST 8TB to 29,084 Seagate 4TB. It also still has 222 Seagate 1.5TB, which is the smallest drive it still uses.

Failure rates range from .44 percent for some models of HGST 4TB to 10.16 percent for the aforementioned Seagate 1.5TB models, which are also the oldest with an average age of more than 68 months. Not terribly surprising that they’re the ones most likely to fail. In fact, the company had said last year that it intended to migrate away from those Seagate drives.

Altogether, Seagate makes up 56 percent of the drives in the data center, compared with 41 percent for HGST and 3 percent for Western Digital. (Backblaze uses only a smattering of Toshiba drives.)

On the other hand, the company notes, when you look at the number of days drives have been in use, that statistic flips – HGST is 56 percent while Seagate is 41 percent. Why the distinction? “The HGST drives are older, as such they have more drive hours, but most of our recent drive purchases have been Seagate drives,” writes Andy Klein, director of product marketing. “Case in point, nearly all of the 16,000+ drives purchased in 2015 have been Seagate drives. Of the Seagate drives purchased in 2015, over 85 percent were 4TB Seagate drives.”

Consequently, Backblaze has largely migrated over to 4TB drives, with them comprising 75 percent of the hard drives the company uses, for a total of 42,301. 70 percent of them are Seagates, 30 percent are HGST, and Western Digital and Toshiba make up a sliver of less than 1 percent.

Of those 4TB drives, the HGST ones have less than a third of the failure rate of the other ones. So why not use just them? Because they’re not around any more. “The HGST 4TB drives, while showing exceptionally low failure rates, are no longer available having been replaced with higher priced, higher performing models,” Klein writes. “The readily available and highly competitive price of the Seagate 4TB drives, along with their solid performance and respectable failure rates, have made them our drive of choice.”

Klein also notes that while the Seagates do have a higher failure rate than HGST, it was possible to predict impending failures through SMART statistics, unlike disk drives from other manufacturers.

Backblaze has also begun using 6TB drives, which it began testing in 2014, and now uses nearly 2400 of them, Klein writes – 1882 from Seagate and 485 from Western Digital. However, the Western Digital ones have a failure rate more than five times higher than the Seagate ones, he notes.

In fact, Backblaze would love to buy more 6TB drives, but they are more expensive to buy and operate, and not nearly as available as the 4TB ones.  “There was a time during our drive farming days when we would order 50 drives and be happy, but in 2015 we purchased over 16,000 new drives,” Klein writes. “The time and effort of purchasing small lots of drives doesn’t make sense when we can purchase 5,000 4TB Seagate drives in one transaction.”

The company also has just a few 5TB Toshiba drives and 8TB HGST Helium drives, but didn’t say why it had such a small number – most likely because they were being tested until such time as they were cost-effective.

On the other hand, there are some models Backblaze no longer uses:

  • 1TB drives, having replaced them all with 4TB and 6TB drives to increase the capacity of its pods. It now uses the 1TB drives to “burn in” storage pods. “The burn-in process pounds the drives with reads and writes to exercise all the components of the system, Klein writes. “In many ways this is much more taxing on the drives then life in an operational Storage Pod.”
  • Seagate 2TB drives, because the company didn’t have very many, their failure rate was higher (10.1 percent), and they chose to upgrade the pods to 4TB drives. However, the company is still using more than 4,500 HGST 2TB drives because their failure rate is only 1.55 percent. Eventually they will be upgraded to 4TB or 6TB drives.
  • Seagate 3TB drives, which had a failure rate ranging from two to three times that of the closest other drive of that size. The company had said last year that it intended to migrate away from these drives, as well as the Seagate 1.5TB drives, due to their high failure rate.

If you’re just dying to get your hands on the raw data itself, it’s available online.

Disclaimer: I am a Backblaze customer.

February 29, 2016  4:47 PM

Amazon Web Services Jumps on the Zombie Bandwagon for Attention

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

A cloud company has finally figured out a way to get people to read its terms of service: Put a zombie reference in there.

“It’s hard to imagine the kind of person who would read all the way through Amazon Web Services’ massive terms of service agreement,” writes Jacob Brogan in Slate. “At more than 26,000 words, the document is denser and more digressive than Tristram Shandy, a veritable post-apocalyptic wasteland of legalese that dictates how users can and cannot employ products from the e-retailer’s massively profitable cloud computing division. Formidable as it is, however, someone managed to make it through.”

So where do the zombies come in? The service now includes a new Lumberyard gaming engine, which is free, open-source software intended to help developers write games. Normally, users are barred from integrating it “with life-critical or safety-critical systems,” including medical or military equipment,” Brogan writes. “Basically, that means you can’t use the software to program robot doctors or control weaponized drones,” which he says is pretty darn unlikely anyway. But just in case, all bets are off in the event of a zombie apocalypse, Amazon writes:

“However, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization.”

In the process, the zombie reference also helped promote Amazon’s new gaming engine. That’s likely to help the company’s cloud service, because the gaming engine must be hosted on either Amazon’s Web servers or the developers’ own, notes Elizabeth Weise in USA Today. In other words, no cloud service competitors, writes Chris Morris in Fortune. “And there’s no zombie apocalypse exemption there, so if the worst does happen, and Amazon’s servers go offline too, you’ll be out of luck,” notes Samuel Gibbs in The Guardian.

It’s not the first time that zombies have come up in the context of data protection and disaster recovery. In 2011, the CDC issued its own emergency preparedness and response circular about zombies.

“You may laugh now, but when it happens you’ll be happy you read this,” the circular warned. It went on to describe the zombie threat, and what people could do to be prepared in the event of a zombie apocalypse.

No, it wasn’t issued on April Fool’s Day, and no, it wasn’t a joke. Well, sort of. Did the CDC really expect a zombie apocalypse anytime soon? No, probably not. But it got attention, it made people laugh, and if it got people to read the circular, the information in it worked just as well protecting them against hurricanes and floods as it did against zombies.

As it turns out, the CDC may have been inspired by the Defense Department, which in 2011 released its own plan for “Counter-Zombie Dominance.” “Planners … realized that training examples for plans must accommodate the political fallout that occurs if the general public mistakenly believes that a fictional training scenario is actually a real plan,” quotes Foreign Policy in 2014. “Rather than risk such an outcome by teaching our augmentees using the fictional ‘Tunisia’ or ‘Nigeria’ scenarios used at [Joint Combined Warfighting School], we elected to use a completely-impossible scenario that could never be mistaken for a real plan.”

Cornell University also used zombies to help study the spread of disease, and in the process, figured out the safest places to be in the event of a zombie apocalypse. Similarly, last December, the British Medical Journal published a peer-reviewed study on the upcoming zombie apocalypse, to call attention to preparing for infectious diseases.

“Using zombies in lieu of real diseases gives researchers, public health professionals, policy makers, and laypeople the ability to discuss these heavy issues without getting bogged down in one specific outbreak or pathogen, because many of the problems we’d face during the zombie apocalypse are similar to those that come up in any serious epidemic: coordination. Funding. Communication. Training. Access to treatment or prevention,” writes Tara Smith, the author of the paper. “In short, it’s way more fun for the average person to shoot the shit about zombies than to have a more serious discussion about influenza, or Ebola, or whatever the infectious disease du jour may be–and maybe even learn a bit of science and policy along the way.”

In fact, the CDC zombie circular worked so well that the agency expanded the program into a variety of other content, including a graphic novel. The Amazon reference to the CDC may have been a nod to the program.

Considering that people have actually given up their first-born children through not reading terms of service carefully, vendors can’t be blamed for putting all sorts of weird things into them, just to get people to pay attention.

Newsweek, for example, pointed out that Tumblr’s community guidelines state: “While you’re free to ridicule, parody, or marvel at the alien beauty of Benedict Cumberbatch, you can’t pretend to actually be Benedict Cumberbatch.” And Tumblr also tells children younger than 13 in its terms of service to “ask your parents for a Playstation 4, or try books” instead of using Tumblr, writes David Goldman in CNN.

In that context, the amount of attention paid to the zombie reference in the Amazon terms of service worked pretty well – according to Google, it resulted in about 400 articles.

Well, 401.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: