Thursday 30 April 2015

Department of Homeland Security Wants to Build Stronger Ties to Silicon Valley, Beginning With Encryption

Washington made yet another trek to Silicon Valley last week and has laid plans to stay.

Secretary Jeh Johnson
On April 21, United States Secretary of Homeland Security Jeh Johnson spoke at RSA’s annual security conference and openly acknowledged that a lack of answers and talent within the government has led it to seek closer ties with the tech industry: “Today I am pleased to announce that the Department of Homeland Security is also finalizing plans to open up a satellite office in Silicon Valley, to serve as another point of contact with our friends here. We want to strengthen critical relationships in Silicon Valley and ensure that the government and the private sector benefit from each other’s research and development. And we want to convince some of the talented workforce here in Silicon Valley to come to Washington.”

His speech consisted of laundry list reminders of how the US government has supported the private sector before concluding in a carefully worded plea: “Now, finally, I have an ask: for your indulgence and your understanding on the subject of encryption. The Department of Homeland Security has both the cybersecurity mission and a law enforcement/counterterrorism mission for the American people. We have feet in both camps. I therefore believe I have a good perspective on this issue. The current course we are on, toward deeper and deeper encryption in response to the demands of the marketplace, is one that presents real challenges for those in law enforcement and national security.
“Let me be clear: I understand the importance of what encryption brings to privacy. But, imagine the problems if, well after the advent of the telephone, the warrant authority of the government to investigate crime had extended only to the U.S. mail. Our inability to access encrypted information poses public safety challenges. In fact, encryption is making it harder for your government to find criminal activity, and potential terrorist activity. We in government know that a solution to this dilemma must take full account of the privacy rights and expectations of the American public, the state of the technology, and the cybersecurity of American businesses. We need your help to find the solution.” 

At surface level, Secretary Johnson merely asked for help in finding a solution to a problem, but the underlying message was clear: the tech industry’s current trajectory of securing the internet via encryption is making DHS’s job more difficult. The US government would like an all-access pass to the internet and is willing to draw on a collective fear of crime and terrorism to try to get encryption back and front doors.

Secretary Johnson posited that his joint interests in cybersecurity, law enforcement, and counterterrorism help him to clearly understand the delicate balance between freedom, privacy, and security, but instead his vision seems to be narrowed and clouded by these very factors. His speech, which included references to Abraham Lincoln and 1995’s Oklahoma City bombing, revealed an approach to cybersecurity rooted in the way things have always been, which is precisely how the United States government has repeatedly gone wrong.

Secretary Johnson was right to identify his ask regarding encryption as an “indulgence”; as such, he should not be surprised when Silicon Valley doesn't respond favorably. According to the New York Times, in the words of Amit Yoran, president of RSA, “There is no sane argument for weakening encryption. Period.”

Yoran’s keynote address at the RSA conference concluded with a truth regarding cybersecurity that continues to evade Washington: “This is not a technology problem; this is a mindset problem. The world has changed.” Yoran acknowledged that we live in a time of data breaches not because of a lack of technology, but because of how we approach cybersecurity. We need to focus on strong authentication and enhanced external threat intelligence, not on building exploitable government back doors into our secure communications. We need to think proactively, not defensively.

Yoran summarized the reality of modern cybersecurity as such: “Simply put, and for all practical purposes, we can neither secure nor trust the pervasive complex and diverse endpoint participants in any large and distributed computing environment, let alone the transports and protocol through which they interact. That is the situation that we’re in today.” And that statement alone is why we cannot weaken encryption for the sake of DHS. Secretary Johnson needs to realize that the internet is a tool for everyone and that internet users deserve access to encryption without fear of government back doors. Secretary Johnson believes privacy should be compromised for security when in reality greater privacy will in turn lead to enhanced security.

This year’s RSA conference attracted a record-setting 33,000 people, proof that the movement to strengthen internet security has gained momentum. Let’s hope that some of those privacy-minded attendees become the talented Silicon Valley workforce that talk some sense into Washington.

Thursday 23 April 2015

HBO NOW, Netflix, and VPNs: A Tale of Two Online Streaming Services and the Three Little Letters That Disrupt Their Business Models


Less than a month after the launch of HBO NOW, the online streaming service declared war on VPN users worldwide. According to TorrentFreak, paying customers in countries such as Australia, Canada, Germany, and the UK who have been using VPNs and other methods to access the US-only content were recently greeted with the following message from HBO NOW:

“It has come to our attention that you may have signed up for and viewed video content on the HBO NOW streaming service from outside of the authorized service area (the United States, including D.C. and certain US territories).

“We would like to take this opportunity to remind you that the HBO NOW streaming service is only available to residents of the United States, for use within the United States. Any other access is prohibited by our Terms of Use.”

The announcement concludes with a number to call to prove one’s eligibility; otherwise, customers should expect their accounts to be deactivated without refund.

Online streaming services such as HBO NOW face competing priorities in attracting as many paying customers as possible versus honoring their country-dependent licensing deals. Unfortunately for the average Game of Thrones lover, this week’s crackdown proves that HBO NOW values its outdated business model more than its consumers. And sadly for HBO NOW’s revenue, the company may have just turned paying, workaround-friendly overseas customers into people willing to pirate its content for free.

If HBO NOW hopes to live long enough to truly compete with Netflix, it would be wise to follow the 18 year old’s lead regarding VPN usage. Last week, ZDNet brought attention to April 16’s WikiLeaks revelation: email documentation shows that Netflix resisted Sony’s pressure to crack down on ‘circumvention websites’ in 2013. Keith Le Goy, Sony’s president of distribution, complained, “Netflix are heavily resistant to enforcing stricter financial geofiltering controls, as they claim this would present a too high bar to entry from legitimate subscribers. For example, they want people to be able to use various methods of payment (e.g. PayPal) where it is harder to determine where the subscriber is based. They recognize that this may cause illegal subscribers but they (of course) would rather err that way than create barriers to legitimate subscribers to sign up.”

Instead of confirming the whereabouts of each of its subscribers, Netflix has chosen to work towards global licensing of its content, which it hopes to complete by 2016. According to Netflix’s head of content, Ted Sarandos, “The best way to make the VPN issue a complete non issue is through global licensing that we’re continuing to pursue with our partners.” The company recognizes that if it continues to offer the best content at the best prices to only its American customers in a world in which VPNs allow internet users to appear to be anywhere, the rest of the world is not going to settle for second class global citizenship. 

VPN users worldwide have spoken. Regardless of whether a person is an Australian, an American living in Australia, an American on a business trip to Australia, or an American unwilling to watch a movie on public wi-fi in his nation’s capital, he wants equal access to equal content. Online streaming services need to recognize that current licensing agreements don’t meet the needs of today’s consumers. HBO NOW should put an end to its customer witch hunt and start addressing consumer demand.

Monday 20 April 2015

SumRando Expands to Jordan

Where in the world is SumRando these days? In addition to hosting servers in Sweden, New York, Brazil, Hong Kong, Singapore, and Turkey, we have just added a 7th node: Jordan. This expansion gives those of you in the Middle East an even faster connection and those of you outside the Middle East access to content as if you were there.

Jordan’s recent efforts to strengthen cybersecurity make it a logical choice for SumRando. In late 2014, the Jordanian Ministry of Information and Communications Technology announced plans to open a cybercrime center in Amman and also began to explore aligning its cybercrime laws with the Council of Europe’s Budapest Convention. We are excited to offer a node in Jordan amidst this recent momentum towards protecting privacy and preventing cyberattacks.

As with all of our servers, the hardware used in Jordan is 100% owned, operated, and maintained by SumRando, which means that in addition to employing high level encryption standards, we are able to ensure a trusted and secure VPN service. No one else uses our connections or circuits, allowing us to enforce strict security policies and prevent third party interference, access and data snooping, regardless of direct or indirect attempts to intercept data.