Wednesday 30 March 2016

Ghana Looks to Pass a Spy Bill by Another Name

Ghana, Spy Bill, Interception of Postal Packets and Telecommunications Messages Bill, SumRando Cybersecurity, VPN, Secure Messenger
Ghana, now is the time to let your parliament know how you really feel about the Interception of Postal Packets and Telecommunications Messages Bill.

Public outcry has already renamed the bill everything from an ‘Interception of Communications Bill’ to a ‘Spy Bill’, both widely seen as more to-the-point titles. At issue is the fact that the bill would allow the Ghanaian government to listen to, record and intercept the communications of individuals viewed as a threat to national security (without defining whom these individuals might be).

According to Ghana’s Ministry of Interior, “the object of the bill is to enact legislation for the lawful interception of postal packets and telecommunication messages for the purpose of fighting crime, suppressing organized crime including money laundering, terrorism, narcotic trafficking, identity theft and generally for the protection of national security.” As it is currently written, the bill establishes safeguards such as requiring a court order or warrant in order to intercept communications, but is also riddled with troubling loopholes.

Of main concern is provision 4(3) of the bill: “The national security coordinator may where there is the need for urgency, orally authorise the interception without a warrant of a postal-packet or telecommunication message but the oral authorization shall be confirmed by obtaining a warrant from the high court within 48 hours after the oral authorization has been issued.”

The clause has been criticized for deregulating the interception of communications and placing unchecked power—albeit briefly—in the hands of a single individual, as opposed to a court.

In the words of Ace Anan Ankomah and Susan-Barbara Adjorkor Kumapley: “What this means is that the National Security Coordinator, a person appointed by the President and who reports to the President, can intercept your correspondence/communications, listen to your phone calls, and read your letters and text messages, for 48 hours without any independent checks and balances, or guarantees against abuse; and he can simply avoid going to court by terminating the interception before the 48 hours is over. Then he can, arguably, resume the interception for another 48-hour cycle. There is no one to check to see what he is going to use that for because the Bill removes the legislative check captured in the EI [Executive Instrument] requirement, and defers (potentially indefinitely) the judicial check in seeking a court order/warrant.”

The lack of protections during this two-day window is in direct violation of Ghana’s 1992 constitution, a document which, as the Ghana Bar Association (GBA) acknowledged, “seeks to blunt the capricious effect of such circumstances by demanding safeguards that are rooted in the rule of law, best exemplified, for now, by making the judiciary (an independent institution) the first point of call for purposes of determining whether such interference qualifies within the exceptions justifying interference with a person’s privacy.” The GBA argued that the bill did not allow for the supervision necessary to regulate whether information was in fact obtained during or outside of the assigned 48-hour period and also asked that any information obtained during this questionable timeframe not be treated as “lawful” or admitted in court proceedings.

Of further concern is the fact that this bill would override the protections granted by several laws already in place. Currently, interception without a warrant is prohibited by the Security and Intelligence Agencies Act, EOCO Act, Narcotics Control Act, Electronic Communications Act (ECA), the Mutual Legal Assistance Act and the Electronic Transactions Act. Although the Interception of Postal Packets and Telecommunications Messages Bill would consolidate interception legislation into one place, its convenience would come at the expense of lost oversight, as its 48-hour clause eliminates not only warranted interception but also the process established for the President to intercept communications via an Executive Instrument (EI).

Ghana’s parliament went into Easter recess last week with the promise that the feedback of stakeholders and the public alike would be welcome components of the bill’s consideration. Don't let this opportunity go to waste...and regardless of the outcome, keep surfing secure and staying Rando!

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 24 March 2016

All Quiet on the Apple Front—But Not for Long

Apple, FBI, iPhone, encryption, SumRando Cybersecurity, VPN, Secure Messenger, United States
March 22nd was expected to be a day of reckoning in the ongoing Apple-FBI battle but instead turned into the calm before an impending storm.

Tuesday’s scheduled hearing was canceled because the FBI may have found a way to unlock the iPhone of San Bernardino shooter Syed Farook without the help of Apple, a situation that would render the iPhone supplier’s help as well as the hearing unnecessary.

At this point, little more than the fact that the FBI has until April 5 to provide a status update is known. In the meantime, theories attempting to explain such a last minute change of course abound—and range from believing the FBI has indeed found a way in to suggesting the government is merely attempting to buy time because it knows it doesn’t.

What’s clear is that this fight is far from over.

Prior to the hearing’s cancelation, Monday’s Apple spring product release provided yet another opportunity for CEO Tim Cook to reinforce the company’s stance: “I’ve been humbled and deeply grateful for the outpouring of support we’ve received from Americans across the country from all walks of life. We didn’t expect to be in this position at odds with our own government, but we believe strongly that we have a responsibility to help you protect your data and to protect your privacy. We owe it to our customers and we owe it to our country. This is an issue that impacts all of us and we will not shrink from this responsibility.”

The support for Apple has been widespread, and includes that of Google CEO Sundar Pichai, Whatsapp CEO Jan Koum, United Nations Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression David Kaye, Silent Circle co-founder Phil Zimmermann, husband of San Bernardino shooting victim Salihin Kondoker and, as Cook mentioned, numerous protesters across the country.

The question that remains is whether such support will be enough. If the government is unable to unlock the iPhone, the hearing will simply continue as intended, but if it is successful in unlocking the phone, the United States government will have yet another tool to surveil its citizens and noncitizens alike—and a tool that Apple itself might not fully understand.

Even President Obama has recently come under attack for warning against an “absolutist” position regarding encryption: “If your argument is 'strong encryption no matter what, and we can and should in fact create black boxes,' that I think does not strike the kind of balance we have lived with for 200, 300 years,” despite also acknowledging that the personal information found on smartphones has a right to be protected. Given the current trajectory of the United States presidential campaign, there’s little hope Obama’s successor will offer much more support: Ted Cruz wanted to see Apple comply with the government’s request, Donald Trump went so far as to suggest a consumer boycott of the company in the interim, Bernie Sanders called for “middle ground” and Hillary Clinton reduced the standoff to the “worst dilemma ever.”

The prospect of a long-term change in government philosophy also looks bleak. A vaguely-worded anti-encryption bill, proposed by Senators Richard Burr and Dianne Feinstein, is currently circulating the United States Senate. Although in no immediate danger of being signed into law, the bill would codify the notion that federal court judges have a right to force companies into circumventing encryption on the government’s behalf.

At a time like this, it is imperative that the United States look beyond itself for answers. Beyond Apple and beyond the FBI is an international community reminding us that encryption remains a basic human right. On Monday, Amnesty International released Encryption: A Matter of Human Rights in a timely reminder of why such technology must be protected for all.

Accompanying the report, Amnesty International Deputy Director for Global Issues Sherif Elsayed-Ali acknowledged, “The Apple case shows what is at stake in the encryption debate. It is not just about one phone, but whether governments should be able to dictate the security of software that protects the privacy of millions of people. Opening a ‘backdoor’ in security for governments risks opening the door to both cyber criminals who want to hack your phone and governments around the world who want to spy on and repress critics. If the US authorities force one of the world’s biggest tech companies to make its products less secure, the danger is that governments around the world will follow suit and demand similarly intrusive powers from the hundreds of smaller companies developing privacy technology.”

If it's frightening to imagine the United States government forcing Apple to cooperate, just imagine how much worse off we would all be if the government doesn’t even need Apple’s help.

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 22 March 2016

For Many, Nowruz Brings a ‘New Day’ But Not Peace

Persian New Year, or Nowruz, meaning “new day”, has been celebrated for thousands of years by individuals in much of Caucasus, Central Asia and the Middle East. Historically, the holiday’s ability to transcend the boundaries of countries and religions has come as both a blessing and a curse, as it has the power to either unite or divide groups of people; this year’s Nowruz has already proven to be no exception.

In New York yesterday, UN Secretary-General Ban Ki-moon focused on the “inspiration” that March 21st, the International Day of Nowruz, is often acknowledged for: “Nowruz is an ancient celebration that predates today’s borders and divisions. It is a reminder that national boundaries, religious faiths and other superficial differences are not as important as our common humanity. In that way, Nowruz breaks down barriers and builds bonds of trust.”

The bonds of trust he described were found in some celebrations this year, but certainly not all:

In Iran, President Hassan Rouhani forewent tradition and replaced the goldfish typically found on the Nowruz Haft Seen table display with an orange, a gesture indicating his support of those opposed to the practice of keeping and then releasing the fish, usually to their death. His action has been received online with both praise and criticism: animal rights activists were pleased, but others argued it was a thinly veiled attempt to gain popular support.

Iran, Nowruz, Persian New Year, Haft Seen, SumRando Cybersecurity, VPN, Secure Messenger

In Afghanistan, not only has the fear of suicide bombing and the Taliban undermined the picnicking that typically accompanies Nowruz, some imams are campaigning against the holiday altogether on the grounds that it predates Islam. According to the BBC’s Auliya Atrafi, social media has the power to worsen the situation, “Many believe that this puritanical thinking is the product of the Salafi school of thought, spreading throughout the world with the help of imams, social media and backed by Saudi oil money. So whether a young man lives in Herat, London or Helmand, an internet search will produce the same conservative anti-Nowruz messages.”

In Turkey, Nowruz was welcomed in some places, but not others. In Diyarbakir, thousands came together to celebrate the holiday, but the mostly Kurdish crowd also used the opportunity to protest the arrest of Abdullah Ocalan, leader of the Kurdistan Workers’ Party. In Ankara and Istanbul, celebrations were prohibited altogether. Turkey as a whole is a far cry from the “common humanity” Nowruz promotes: in the last week alone, a suicide bombing killed 37 people in Ankara, a car bomb was found in Diyarbakir, and a suicide attack in Istanbul claimed the lives of 4 individuals.

For 3000 years, Nowruz has asked its followers to mark the first day of Spring in solidarity and peace. SumRando applauds those individuals who have found ways—public or private—to carry out this tradition, despite the difficulties that stand in their way.

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 17 March 2016

St. Patrick’s Day: Mythical Holiday vs. Modern Reality

Ireland, St. Patrick's Day, censorship, internet access, SumRando Cybersecurity, VPN, Secure Messenger
[Source: Andreas F. Borchert]
Americans of all backgrounds eagerly anticipate March 17 each year as an opportunity to wear green, eat corned beef and cabbage, drink beer and bring out the ‘Irish’ in everyone. St. Patrick’s Day, once a holiday to celebrate the homeland for 19th century Irish immigrants, has grown so ubiquitously popular that even Ireland’s politicians head stateside to participate in American parade festivities.

So, what are the Irish in Ireland up to this St. Paddy’s day?

Some will be celebrating, of course, but others may simply be looking ahead to March 27, the centennial of Ireland’s 1916 uprising. 100 years prior, Irish nationalists revolted against their British government by seizing buildings throughout Dublin and declaring Ireland an independent republic; the fighting that followed left nearly 500 nationalists dead and destroyed much of Dublin. Although the rebellion was all but over in a matter of days, the iron fist used by the British to quell the revolt would eventually come to fuel the resentment necessary to create an independent Irish state in 1949.

Ireland today is certainly not the place it was a century ago, but that is not to say life is all 4-leaf clovers and pots of gold at the end of rainbows. Recently:

  • There has been much criticism over a complete lack of adequate Internet access in much of rural Ireland:  “It is unacceptable for those in rural Ireland to be consigned to battle with poor connectivity. Over and over again we hear of the problems a lack of broadband is causing in rural areas. It is adding to the isolation many in rural Ireland feel—and is contributing to the demise of local communities,” argued Seamus Sherlock of the Irish Cattle and Sheep Farmers’ Association. Fortunately, change is coming: telecoms operator Eir has promised to connect 100,000 residences by 2017 and the government itself has developed a National Broadband Plan to connect 750,000 residences by 2020.

  • Ireland’s Censorship of Publications Board opted to ban a book for the first time in 18 years. “The collective view of the board was that it was a vile publication as it contained graphic descriptions of the rape of a minor,” reported board chairman Shane McCarthy. The initial ban will last for 12 years and prohibit the sale or distribution of the book.

  • No longer a city in shambles, Dublin today is better known as the Silicon Docks, a global tech hub that boasts Facebook’s international operations. The accounts of 83% of all Facebook users (from everywhere but the United States) are managed in Ireland and, increasingly, subject to Irish law: two weeks ago, a German court overturned a decision to allow fake names on Facebook because, although such an act would be protected by German law, Facebook’s real name policy is not in violation of Irish law. The case stems from Facebook’s decision to block the account of a German woman for using a fake name and then unilaterally reinstating it under her actual name.  

  • A banner hung in commemoration of the 1916 uprising found itself under (social media) attack. Tweets of protest over the decision to include portraits of historical figures not involved in the uprising include, “Tourists will be torturing the poor guides with ‘so, where did these guys fight?’” and “Sickened that the official centenary celebration has managed to be more absurd than our 1916 [spoof] documentary.”

Whether or not you choose to celebrate St. Patrick’s Day today, remember that behind this larger-than-life holiday is a people whose struggles—past and present—are very much alive, real and perhaps more similar to your own than you ever imagined.

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 15 March 2016

SumVoices: Digital Security Starts With Contextual Risk Assessment

Our last installment of SumVoices featured an anonymous contributor from Algeria, in English and Arabic. This month we bring you Venezuelan digital rights activist and digital security trainer, Marianne Díaz Hernández, in English and Spanish.

SumVoices, Venezuela, Marianne Díaz Hernández, digital security trainingFor the last six years, I have been a digital rights activist in Venezuela and a great amount of my work has been focused on digital security training aimed at audiences at risk: activists, journalists and young students who are beginning to defend their civil rights. In my experience, a concept that is often disregarded in the digital security training arena is that of risk assessment. While in certain contexts, risk assessment is something of a cliché term to throw around—a buzzword, like "entrepreneurship" or "synergy", in those contexts where it's frequently overlooked, we are often missing something very important: the fact that tools and tactics are not universally applicable, and thus the fact that we might be aiming at the wrong target when choosing certain tools without having a complete understanding of the nature of risks present.

This is something that becomes particularly important not only for those of us who conduct trainings aimed at different audiences, but also for those who design training materials, handbooks, and software that is going to be used by people at risk. Understanding the nuances of risk when looking at different scenarios can often mean the difference between designing a handbook or app that is going to be used by many people in many contexts versus creating something that only those with the same background as us are going to be able to use.

Points to consider when creating strategies that are applicable to many different scenarios include:

  • What is the scope of internet availability? What speed and quality of connection is available?: When recommending streaming apps like Periscope in the South American context--particularly in Venezuela, where we currently deal with one of the worst, slowest and most expensive internet connections in the world, we are often faced with the fact that internet connections are not reliable and upload speeds are sorely lacking, not to mention the fact that connection is often paid for by the megabyte and extremely expensive. Some people cannot count on internet access at home, and some can only connect once a week or once a month.

  • What technology is available? Is what I’ve created compatible?: This is often overlooked when creating apps that work exclusively in iOS environments and thus cannot be used by the many people who lack economic resources and are most at risk. Compatibility is also overlooked when creating apps that only work with newer versions of some operating systems, disregarding the fact that most people in developing countries only have access to the previous, often out-of-date versions of operating systems that come with cheaper devices.

  • Is it legal to use? Should I warn users of possible legal consequences?: Technologies like encryption and practices like anonymity are illegal or outlawed in many countries. For example, anonymity is forbidden in Venezuela and encryption is illegal in Russia and Tunisia. If someone is going to make the decision to use technology that could put them at further risk, this decision should be made from a place of informed awareness.

  • Is it understandable? Is it accessible? Does it make sense in a given cultural context?: In many places, particularly in those where indigenous languages still survive and coexist, language is a barrier that can keep people from accessing certain tools and materials. In my experience with training Venezuelan indigenous populations at risk, the trainings have to be conducted in Spanish, which is the legal language of the country, but not the mother tongue of the audience. Even when trying, sloppy translations have the potential to become a hazard instead of an aid. Considering cultural aspects also means considering the risks of taking out a cellphone in the street in certain places, or simply carrying it while out and about.

Even though it's impossible to list every aspect that we should consider, more often than not, just being aware of differences and being open to asking questions and listening to answers is a good place to start. As in many other circumstances, the ability to fight preconceived notions and assumptions is the key to opening a door that will lead us to more diverse solutions for digital security.

Venezuelan lawyer and digital rights activist Marianne Díaz Hernández is involved in initiatives including Creative Commons Venezuela and Acesso Libre. She also contributes to Global Voices and guest blogs for Amnesty International. Follow her @mariannedh.

Want more SumVoices? Read on!

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

SumVoices: La seguridad digital comienza con el análisis de riesgos contextual

Our last installment of SumVoices featured an anonymous contributor from Algeria, in English and Arabic. This month we bring you Venezuelan digital rights activist and digital security trainer, Marianne Díaz Hernández, in English and Spanish.

SumVoices, Venezuela, Marianne Díaz Hernández, digital security trainingDurante los últimos seis años, he sido una activista por los derechos digitales en Venezuela, y una parte importante de mi trabajo se ha enfocado en entrenamientos de seguridad digital dirigidos a audiencias en riesgo: activistas, periodistas y estudiantes que están comenzando a defender sus derechos civiles. En mi experiencia, un concepto que se deja de lado a menudo en el campo del entrenamiento en seguridad digital es el del análisis y evaluación de riesgos. Mientras que en ciertos contextos, el análisis de riesgos es más bien un término cliché que se deja caer—una suerte de palabra clave, como “emprendimiento” o “sinergia”, en otros contextos donde a menudo es pasado por alto, solemos estar perdiendo algo muy importante: el hecho de que las herramientas y las tácticas no son universalmente aplicables, y por tanto, el hecho de que podríamos estar apuntando al objetivo equivocado al elegir ciertas herramientas sin tener un entendimiento completo de la naturaleza de los riesgos que están presentes.

Esto es algo que se vuelve particularmente importante no sólo para aquellos entre nosotros que llevamos a cabo entrenamientos dirigidos a diferentes audiencias, sino también para aquellos que diseñan materiales de entrenamiento, manuales y software que será usado por personas en riesgo. Comprender los matices del riesgo cuando observamos diferentes escenarios puede a menudo significar la diferencia entre diseñar un manual o una aplicación que será usada por muchas personas en muchos contextos, en vez de crear algo que sólo aquellos con el mismo ambiente que nosotros podrán usar.

Algunos puntos a considerar al crear estrategias que sean aplicables a diferentes escenarios incluyen:

  • ¿Cuál es el alcance de la conexión a Internet? ¿Qué velocidad y calidad de conexión está disponible?: Cuando recomendamos aplicaciones de transmisión en directo, como Periscope, en el contexto latinoamericano—particularmente en Venezuela, donde actualmente lidiamos con una de las peores conexiones, más lentas y más caras del mundo, a menudo nos enfrentamos al hecho de que las conexiones a Internet no son confiables y las velocidades de carga se quedan muy cortas, sin mencionar el hecho de que la conexión es a menudo pagada en megabytes y extremadamente costosa. Algunas personas no pueden contar con acceso a Internet en sus hogares, y algunas sólo pueden conectarse una vez a la semana o al mes. 

  • ¿Qué tecnología está disponible? ¿Es compatible esto que he creado?: Esto a menudo se deja de lado al crear aplicaciones que funcionan exclusivamente en ambientes iOS, y por tanto no pueden ser empleadas por muchas personas que carecen de recursos económicos y son quienes se encuentran en riesgo más a menudo. La compatibilidad es también dejada de lado al crear aplicaciones que sólo funcionan en versiones más recientes de algunos sistemas operativos, haciendo caso omiso del hecho de que muchas personas en países en desarrollo sólo tienen acceso a las versiones más recientes, a menudo obsoletas, de sistemas operativos que vienen con dispositivos más económicos.

  • ¿Es legal usarlo? ¿Debería advertir a los usuarios sobre posibles consecuencias legales?: Tecnologías como el cifrado y prácticas como el anonimato son ilegales en muchos países. Por ejemplo el anonimato está prohibido en Venezuela, y el cifrado es ilegal en Rusia y Túnez. Si alguien va a tomar la decisión de usar tecnología que pudiera ponerlos en un riesgo mayor, esta decisión debería ser tomada desde una posición de conciencia informada.

  • ¿Es comprensible? ¿Es accesible? ¿Tiene sentido en un contexto cultural determinado?: En muchos lugares, particularmente en aquellos donde todavía sobreviven y coexisten lenguas indígenas, el idioma es una barrera que puede evitar que las personas accedan a ciertas herramientas y materiales. En mi experiencia entrenando poblaciones indígenas en riesgo en Venezuela, los entrenamientos tienen que ser llevados a cabo en español, que es el idioma legal del país y es a menudo el idioma del entrenador, pero no es la lengua materna de la audiencia. Incluso cuando lo intentan, las traducciones de mala calidad tienen el potencial de convertirse en un peligro en lugar de una ayuda. Considerar los aspectos culturales también significa tener en cuenta los riesgos de sacar un celular en la calle en ciertos lugares, o simplemente de llevarlo consigo cuando salen de sus hogares.

Aunque es imposible enumerar cada uno de los aspectos que debemos considerar, a menudo simplemente estar atento y consciente de las diferencias y estar abierto a hacer preguntas y a escuchar las respuestas es un buen comienzo. Al igual que en muchas otras circunstancias, la capacidad de luchar contra nociones preconcebidas y presunciones es la clave para abrir una puerta que nos llevará a soluciones más diversas en seguridad digital.

Venezuelan lawyer and digital rights activist Marianne Díaz Hernández is involved in initiatives including Creative Commons Venezuela and Acesso Libre. She also contributes to Global Voices and guest blogs for Amnesty International. Follow her @mariannedh.

Want more SumVoices? Read on!

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 10 March 2016

Internet Security Depends on Human Behavior, Says RSA’s Amit Yoran

RSA, RSA Conference 2016, Amit Yoran, cybersecurity, SumRando Cybersecurity, VPN, Secure Messenger
Each year, the RSA Conference provides a place for information security experts from around the world to delve deeply into global cybersecurity problems and solutions. This year was no exception, with a record 40,000 individuals in attendance at the 25th anniversary event.

Amidst the sea of technological solutions presented, the keynote address of one man, RSA President Amit Yoran, stood out. His message was clear: until human behavior changes, the Internet will continue to be the insecure place it currently is and hackers will continue to win the cybersecurity war. For three reasons, it is human behavior, not technology, that must change:

Reason #1: The Internet is inherently insecure.

“The general purpose computing paradigms that we operate under cannot be secured. A collection of incredibly complex, interconnected systems, our digital environments, are at their core not deterministic. And with the emergence of IoT, our challenges are only going to get exponentially worse. And yet we continue to push all of our communication, collaboration, and commerce online, pretending that preventative technologies like anti-virus, malware sandboxing, firewalls and even next generation firewalls, will keep us safe when we know that they won’t. Intellectually, we get it, but that’s not translating into changed behavior fast enough.”

Reason #2: Smart creatives today become hackers, not cybersecurity professionals.

“Think about our “game” of cybersecurity. Our opponent isn’t playing the same game and they surely aren’t following the same rules. In fact, our opponents don’t have rules. So in real life, who is sitting across our game board? If you could unveil our opponents, we would likely see creative human beings who are changing the rules as they play.

“For some perspective on tackling the cybersecurity challenge, let’s take a step back and come at our problem from a different angle. Our problem is not a technology problem. Our adversaries aren’t beating us because they have better technology. They’re beating us because they are being more creative, more patient, more persistent. They’re single-minded. They have a target – no prescribed path to get there, no overarching rules limiting them, and a virtually limitless number of pathways to explore.”

Reason #3: Governments continue to fight for security reducing measures, such as weakening encryption.

“We frequently see governments muddying the waters by allowing intelligence communities or law enforcement to dominate national cybersecurity policy and initiatives. Their perspective and agendas are radically different from those trying to defend networks.

“Some policy proposals, like weakening encryption, are so misguided as to boggle the mind. In an era where cybersecurity is consistently cited as the single greatest threat to our way of life, above terrorism and all else, how can we possibly justify a policy that would catastrophically weaken our infrastructures? And contrary to the going dark rhetoric, we live in a golden age of surveillance, more so than at any other point in human history. Weakening encryption is solely for the ease and convenience of law enforcement when pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened. However, if we weaken our encryption you can sure bet that the bad guys will use that and exploit it against us. Such a policy would also harm US economic interests on an already suspicious world stage, as well as unconscionably undermine those trying to defend our digital environments in every single industry.”

Yoran began and ended his speech with a reminder that, in today’s world of cybersecurity, actions speak louder than intentions. We simply cannot wait for technology to change or for experts and government officials to catch up. Take matters into your own hands and make a VPN, secure messenging, unique passwords and HTTPS part of your daily Internet routine.

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Tuesday 8 March 2016

This International Women’s Day, Celebrate the Words of Women

“Women are severely underrepresented in the news today. Only around 1 in 4 people heard or read about in news are women.”

Facts such as this, reported by UN Women, remind us of the continued importance of International Women’s Day, celebrated each year on March 8. In honor of the holiday, we have highlighted below the handful of women whose words and actions have successfully captured the media’s attention in recent weeks:

Queen Rania (Jordan): Unwilling to accept a Charlie Hebdo cartoon that suggested drowned Syrian migrant Aylan Kurdi would have grown up to sexually harass women, Queen Rania commissioned Osama Hajjaj to depict an alternate viewpoint: an adult Aylan Kurdi as a productive member of society. “Aylan could’ve been a doctor, a teacher, a loving parent…Thanks @osamacartoons for sketching my thoughts,” Queen Rania tweeted.

Jordan, Queen Rania, Aylan Kurdi, political cartoon, SumRando Cybersecurity, VPN, Secure Messenger
[Source: Twitter]

Manar N (Saudi Arabia): At Starbucks in Saudi Arabia, single people and families enter and sit in separate parts of the establishment. When a dividing wall fell in a Riyadh Starbucks, it was replaced with a sign reading, “PLEASE NO ENTRY FOR LADIES ONLY SEND YOUR DRIVER TO ORDER THANK YOU.” In response, Manar M tweeted, “#Starbucks store in Riyadh refused 2 serve me just because I’m a WOMAN & asked me 2 send a man instead.” A flurry of activity on Facebook and Twitter followed, and within a week, the Starbucks in question was again open to all. 

Jacky Fleming (United Kingdom): Fleming’s latest book, The Trouble With Women, caught the Guardian’s eye. The book of cartoons draws attention to the absence of women from history and challenges the notion that women are less able than their male counterparts. According to Fleming, “Depriving girls of their history is control through lowered expectations.”

Jacky Fleming, The Trouble With Women, United Kingdom, SumRando Cybersecurity, VPN, Secure Messenger
[Source: The Guardian]

Guris Ozen (Turkey): Citing security concerns, Istanbul banned this year’s International Women’s Day rally. When it continued as planned, the Turkish police broke up a crowd of hundreds with rubber bullets. Ozen told Reuters, “We have always said that we would never leave the streets for the March 8 demonstration, and we never will. Neither the police nor the government can stop us. You see the power of women. We are here despite every obstacle and we will continue to fight for our cause.”

Loveness Mudzuru and Ruvimbo Tsopodzi (Zimbabwe): Former child brides Mudzuru and Tsopodzi recently argued to Zimbabwe’s Constitutional Court that child marriage is both illegal and unconstitutional—and the court agreed. According to the Huffington Post, Mudzuru is “happy that we have played an instrumental part in making Zimbabwe a safe place for girls. Raising a child when you are a child yourself is hard.”

Given the current state of women in the media, the words of women are rarely found in headlines, but it is well-worth a reader's time to find them. Every day, women exercise their right to free speech in order to stand up for their gender and for human compassion, but too often these stories aren’t heard.

The United Nation's theme of this year’s International Women’s Day is “Planet 50-50 by 2030: Step It Up for Gender Equality.” If we hope to achieve equal opportunities and rights for women by 2030, we must start by making room for the words of women today.

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Thursday 3 March 2016

Journalist Hunger Strike Seeks a Culture of ‘Peaceful Protest’ in Sudan

Sudan, journalist hunger strike, Al-Tayyar, SumRando Cybersecurity, VPN, Secure Messenger
[Source: Ashraf Shazly/AFP/Getty Images]
Google ‘Sudan’ and the words ‘army’, ‘violence’ and ‘fatality’ will appear. But take a look at the Sudan Tribune’s main headline from Tuesday and you’ll see the spotlight turned to nonviolent action: “Sudanese journalists go on hunger strike over newspaper suspension.”

The hunger strike is in direct response to the December 2015 decision of Sudan’s National Intelligence and Security Services (NISS) to suspend newspaper Al-Tayyar without explanation, but its intent extends far beyond reinstituting the newspaper.

“We want to draw attention to the difficulties faced by journalists and the restrictions on the freedom of press in the country in general,” acknowledged Khalid Fathi, Al-Tayyar’s managing editor.

Freedom is far from free in Sudan, a country categorized as the “Worst of the Worst” in terms of political rights and civil liberties according to independent watchdog Freedom House. The government routinely utilizes the 2009 Press and Publication Act to confiscate or temporarily shut down newspapers in order to prevent unwanted information from being published as well as the misnomered January 2015 Freedom of Access to Information Law to limit access to information of consequence for journalists and citizens alike. Journalists themselves frequently face harassment, physical attacks and even arrest.

In Sudan, surveillance is a fact of life. The National Telecommunications Corporation (NTC) regularly monitors internet activity and email and blocks websites in violation of “public morality” or for being “blasphemous”; the NISS is known to access the social media accounts of activists; and the government is thought to have phone-tapping, location tracking and even conversation eavesdropping capabilities.

This is the reality that the Al-Tayyar hunger strikers want to change.

Although no official reason has been given for the newspaper shutdown, it was preceded by a promise from President Omer Hassan al-Bashir to take “decisive measures” against Sudanese press for critical reports of Finance Minister Bader El Deen Mahmoud. Also prior to the shutdown, editor-in-chief Osman Marghani was arrested for anti-governmental reporting and “inciting an Arab spring.” Marghani, along with editor-in-chief Ahmed Yousef El Tay of Al-Saiha, now faces the death penalty.

In the words of Marghani, “The best outcome we anticipate from this [strike] is that the culture of protest, peaceful protest that is, spreads among Sudanese people.”

30 Sudanese journalists are currently chained together, with little more than a belief in a cause, the encouragement of their supporters and water to sustain them. Let’s hope this one act leads Sudan towards the Arab spring it has been seeking, that it is a shift away from violence and the “Worst of the Worst” and towards a country free from censorship, surveillance and unwarranted arrests.

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

Wednesday 2 March 2016

SumRando Cybersecurity Has Relocated to Mauritius

SumRando Cybersecurity, Mauritius, VPN, Secure Messenger, SumRando UpdatesIf you thought our Leap Day special was this week's big news, wait until you hear this: Five years after launching and following careful consideration, SumRando has re-headquartered in Mauritius.

As of March 2016, SumRando will be serving your cybersecurity needs from the African island nation of Mauritius. Recently, Mauritius has been recognized as Africa’s only "full democracy" as well as its “most peaceful country.” A former home to Dutch, French, and then British colonials (and at one point some pirates), Mauritius is now an independent economic force to be reckoned with and has a clear vision for its role as a player in the cyber community:

  • Implementing a “Smart Mauritius” Initiative: In addition to building a second Cyber City, Pravind Kumar Jugnauth, the minister of Technology, Communication and Innovation, is committed to a Mauritian future that emphasises internet and communication technology (ICT) innovation. By developing realistic policies that enshrine data integrity, Mauritius will serve as a cyber-hub for Africa and a standard bearer for responsible privacy practices.
  • Mauritius' Data Protection Act of 2004 = NO requirement to log your activity: In Mauritius, as with SumRando, your data is sacred. 

In 2011, SumRando was proud to call Cape Town, South Africa home, but recently we have witnessed this once-friendly jurisdiction change in response to overzealous and uninformed legislators at the helm. Our concerns include:

  • South Africa’s proposed Cyber-crimes and Cybersecurity Bill, which has been widely-criticized for its infringements of the rights to privacy and free expression. Its dangerously broad and vague language only serves to enhance the state’s surveillance powers.
  • The Protection of Personal Information (PoPI) Act of 2013, which was intended to herald in stronger, stricter personal privacy protections. It proposed regulations that would protect personal data and how it would be processed, stored, secured and destroyed; however, even three years later, it has yet to be fully enacted.

At SumRando, we are committed to providing our users with secure, reliable services and we are confident that our decision to relocate to Mauritius will enable us to continue to do so. You can expect to receive the same access to our VPN, Secure Messenger and Web Proxy services that you always have.

The one change you will notice is in our prices—we’ve lowered them. Our newfound savings in operating costs will translate to:

  • SumRando Gold (10GB/month) for $5 USD/month (was $10 USD/month)
  • SumRando Platinum (unlimited data) for $10 USD/month (was $20 USD/month)

Expect further updates as we continue to settle into our new home in Mauritius. In the meantime, feel free to contact us at with any questions, concerns or feedback. Thank you, Randos, for your support. It means the world to us.

Want the latest SumRando Cybersecurity updates?

SumRando Cybersecurity is a Mauritius-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!