Thursday, 11 February 2016

Karisma Advises Colombia to Dismantle Data Retention Regime

Colombia, Latin America, SumRando Cybersecurity, VPN, Secure Messenger, data privacy, government surveillance
Lately, Colombian news has been plagued with problems in need of solutions: the threat of Zika, the persistence of female genital mutilation, an increase in violence against journalists and even a not-yet-agreed-upon peace following decades of civil war.

The issue that has not received its share of attention is data retention.

In January, the Karisma Foundation quietly released a report titled, “Is Data Retention Legitimate in Colombia?: Comparative Analysis of a Mass Surveillance Tool that Restricts Human Rights.” Karisma’s report may not have reached audiences everywhere, but its conclusion must: Out of respect for human rights, Columbia needs a new approach to data retention.

The report included a powerful reminder of why our metadata matters: “Our most personal information, a reflection of our life and our very thoughts, no longer remains exclusively in our private sphere. Now, personal information is also found in databases, built for different purposes and administered by entities both public and private. These databases are fed by constant flows of information. Together, they make up a file about each individual, a “personal dossier”. Computers register the time they are turned on, the applications they use, the webpages they visit, and the location from which they are used. Cell phones are constantly aware of their location, and they register incoming and outgoing calls, text messages, and photos. The strength of these data lies in their combination: an analysis based on cross referencing various databases can reveal enough about a person to constitute a violation of their rights.”

In the report, Karisma compared practices in Colombia with those in Brazil, Mexico and Peru and investigated the legitimacy of each country’s data retention as defined by the Organization of American States, which finds communications surveillance legitimate if it is established in a law; pursues a legitimate aim; is necessary, adequate and proportional to the objective pursued; and respects due process and judicial review.

Specifically, two Colombian laws were examined: Decree No. 1704 of 2012, regarding criminal investigations, which requires telecommunications service providers to keep subscriber information and device location data and Law No. 1621 of 2013, focused on intelligence activities, which mandates retaining “communications activity histories for telephone subscribers, technical identification data for subscribers subject to operation” and location data.

Karisma found Colombia’s data retention according to Decree No. 1704 and Law No. 1621 to be illegitimate because:

  • The laws are vague and limitless, not legitimate or proportional. What exactly must be kept and for how long is ambiguous. All criminal investigations are granted access to data, as are all “authorized” intelligence activities; who provides such authorization is not defined.
  • Data retention is not subject to judicial authorization or review. It’s automatic for all.
  • There is a lack of transparency. Users are not notified of monitoring practices and the state does not disclose information about requests for communication interception and surveillance. Therefore, citizens cannot appeal or respond to what they don’t know.

The report concludes: “Data retention law in Peru, Colombia, Mexico and Brazil are too permissive, too broad, and provide so few guarantees that it isn’t possible to rely on them as a legal framework for the protection and respect of their citizens’ human rights. It would be advisable for Colombia and the remaining countries to demonstrate their strong commitment to the protection of human rights and to dismantle the current data retention regime.

Colombia has her hands full right now, but if she can mitigate Zika while potentially concluding peace talks with the FARC, we’re confident there is also room at the table for data retention revisions.

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday, 9 February 2016

SumRando’s Guide to a Secure Brazilian Carnival Experience

Brazil, Carnival, Zika, Chiba, VPN, Secure Messenger, SumRando Cybersecurity
[Source: Yasuyoshi Chiba/AFP/Getty Images]
Brazil is currently mid-Carnival celebration, which means the weather is warm, the party is endless and the clothing is practically non-existent. This annual event gives Brazilians and tourists alike an opportunity to let it all hang out before Ash Wednesday ushers in yet another season of Lenten piousness.

Year after year, Carnival has proven to be an explosion of Samba, shimmer and sensuality, but one of this year’s main attractions is an invisible virus called Zika. The virus, which was recently discovered to lead to the birth defect microcephaly in pregnant woman, has infected 1.5 million Brazilians already. Known to be contained in saliva, semen, sweat and blood and thought to be transmitted by mosquitoes (if not the bodily fluids themselves), it’s not hard to see that the very premise underlying hot, sweaty, sexual Carnival is a public health incident waiting to happen.

Regardless, if the first four days of this time-honored tradition have proven anything, it’s that the show will go on, virus or no. For those who are celebrating, SumRando suggests the following critical safety gear:

  • Mosquito Repellent: Apply. Apply. Bathe. Apply. And apply some more. 
Tama, Brazil, Carnival, Zika, VPN, Secure Messenger, SumRando Cybersecurity
[Source: Mario Tama/Getty Images]
  • Protective Costumes: Be creative! Tuck a little mosquito netting under your hat to keep your head safe, or go all out and cover your entire body.
  • Condoms: Health workers at Carnival hand out condoms every year, and this year they have seen more takers than ever before. If you were looking for an excuse to practice safe sex, know that the latest research points towards sexually transmitted Zika.
  • SumRando’s VPN: How many times a day do you use the Internet on your phone? Multiply that number by 6 and that’s how many times you will use it on insecure public Wi-Fi from Carnival’s Friday kickoff to Ash Wednesday. Be smart—login to SumRando’s VPN before entering any passwords or personally identifying information online.  
  • SumRando Secure Messenger: Want to guarantee that only you and a selected recipient see a certain Carnival photo? Better yet—want to permanently delete that photo from both phones after it has been seen? SumRando Messenger for Android is here for you. 

Carnival’s persistence in the face of Zika is a good reminder that the lives we lead—in person or in private—are ours, are worth living and are worth protecting. Samba secure and stay Rando!

Want to know more about data privacy around the world? Read on!
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Friday, 5 February 2016

Lunar New Year: Your News or Ours?

Much of Asia and the world will celebrate Lunar New Year on Monday, February 8. What will vary from place to place is how the media chooses to depict the holiday:

From our Hong Kong server, the South China Morning Post reported on the pressures Lunar New Year brings to have a significant other—and how far individuals will go to manufacture one:
Hong Kong, VPN, Your News or Ours?, SumRando Cybersecurity
[Source: A Secret Between Us]

In Singapore, the Straits Times focused its attention on a pre-New Year ritual involving money:
Singapore, VPN, SumRando Cybersecurity, Your News or Ours?
[Source: ST/Neo Xiaobin]

And in the United States, Reuters took advantage of the opportunity to highlight the politics behind the Pope’s Lunar New Year well-wishes:
Reuters, United States, VPN, SumRando Cybersecurity, Your News or Ours?
[Source: Reuters/Max Rossi]

The news you receive depends on where your internet service provider believes your computer is. See for yourself with our nodes in Brasil, Hong Kong, Jordan, New York, Singapore, Sweden and Turkey. Discover what's out there, surf secure and stay Rando!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider.

Tuesday, 2 February 2016

It's a Vulnerable World: January 2016

Vulnerabilities this past month popped up in the places we’d least expect: dental software, Blackphones, thermostats and even Twitter shortlinks, just to name a few. Take note of the risks below and take time to protect yourself:

It's a Vulnerable World, vulnerability, vulnerability roundup, VPN, Secure Messenger, SumRando CybersecurityDental Software: Dentrix G5 has been proven to not live up to the industry-standard level of encryption that its advertising promised, leaving sensitive patient information insecure.
Hyatt Hotels: Malware compromised the payment card data at Hyatt hotel restaurants, spas, golf shops, parking, front desks and sales offices worldwide from August 13 to December 8, 2015. A list of locations affected can be found on Hyatt’s website.

Blackphones: Smart Circle’s Blackphone, the “private by design” smartphone, has a vulnerability of its own: an open socket was found to allow hackers to control functions such texting, calling and altering the phone’s settings.

Phone calls: The MIKEY-SAKKE voice encryption protocol, promoted by the British government as a secure way to communicate, is in fact “motivated by the desire to allow undetectable and unauditable mass surveillance.” MIKEY-SAKKE supports key escrow, which gives the government the very backdoor into phone conversations it was looking for.

Argentina, Brazil, Ecuador and Venezuela: For the last seven years, hacker group Packrat has been targeting political opposition and the independent press in these South American countries with malware, phishing and disinformation. Even more disconcerting is the fact that the attacks are thought to be carried out by government actors.

Nuclear power: 20 countries, including Argentina, China, Egypt, Israel, Mexico and North Korea, completely lack government regulations regarding protection of atomic weapons or nuclear facilities against cyberattacks. According to former United States Senator Sam Nunn, “There was great progress for six or so years. But it has slowed down. It’s hard to keep this subject on the front burner.”

IoT thermostats: The Google-owned Nest Learning Thermostat was found guilty of leaking homeowners’ zip codes. Rest assured, the bug has since been fixed.

Medium in Malaysia:
When Malaysia blocked the Sarawak Report in 2015, the investigative journalism news source turned to publishing its articles on Medium. Now, Malaysia has blocked all of publishing platform Medium, citing “false” reporting as the reason for doing so.

Twitter links: Choose your Twitter shortlinks carefully: disguised links to have been circulating the platform. Accidentally click on one of them and your iPhone or iPad will shut down immediately.

Surf secure and stay Rando!

Want to know more about previous security vulnerabilities? Read on!
SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday, 28 January 2016

Happy Data Privacy Day, Randos!

Today we celebrate Data Privacy Day in honor of the January 28, 1981 signing of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. 35 years later, legislation such as this has never been more important.

Convention 108, as the treaty is more commonly known, was the first legally binding international agreement dedicated to the protection of individuals’ personal data. As the National Cyber Security Alliance reminded us in its Data Privacy Day video:

“What you may not realize is that there is probably more of your personal information floating around in cyberspace than you think. Everything from what you post on social media and your browsing habits to the information organizations collect about you online leaves a digital footprint...Information about you such as the games you like to play, what you search online and where you shop and live has value, just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.”

A year ago, we celebrated Data Privacy Day by offering our readers tips to enhance their online safety. Take a look. Although we wish we could report otherwise, these seven recommendations are as necessary today as they were in January 2015.

What we suspect has changed in the last year is the willingness of individuals to actively engage in data protection. In comparing 2014’s celebration with 2015’s, witnessed a nearly 125% increase in web traffic and the number of registered Champions of Data Privacy Day increased approximately 45%. Given that terms such as cybercrime law, data breach, encryption, government backdoor and VPN (and the concern for personal safety that they bring) are far more common than they were in January 2015, we expect this year’s celebration to be bigger than ever before.

January 28 is a day to envision a world that 'Respects Privacy, Safeguards Data and Enables Trust.’ Join us in striving to make this goal a reality.