The Modern Copier

A modern photocopier is basically a computer with a scanner and printer attached. This computer has a hard drive, and scans of images are regularly stored on that drive. This means that when a photocopier is thrown away, that hard drive is filled with pages that the machine copied over its lifetime. As you might expect, some of those pages will contain sensitive information. Always make sure that you physically destory the storage device to ensure it does not end up in wrong hands.

FBI Fusion of Law and Hacking

In an interesting development in the US Department of Justice is dropping all charges in a child porn case to keep TOR hack code secret. According to DOJ "disclosure is not an option".

To catch the culprits of child pornography FBI took control of the server that was used for hosting porn material and deployed a TOR exploit to ascertain the IP addresses of its users. The use of TOR allows users to obscure and anonymoise their identities on the internet and connect to the dark web. With the exploit created by the FBI they were easily able to identify the end users. Experts believe the Network Investigative Technique as the DOJ calls it was basically a malware.

Now lets see how the NIT worked and gathered the information on TOR network.

The website suspected of hosting contraband child porn was known as Playpen, and operated as a darknet website only reachable through TOR. Hidden services on the darknet by default, attempt to hide the locations of both servers and the computers being used to visit the site using a series of intermediary nodes such that visitors location cannot be determined at the website. In an ongoing investigation The FBI learned, through one of its foreign partner, that a website dedicated to the distribution of child sexual abuse materials was determined to be located within the United States jurisdiction. While the FBI was able to locate the server, and bring the site under its control, it was still unable to determine the physical location of individuals who were accessing and posting child pornography on the site.

The FBI using a court authorization to hack the circumvention method was successful in determining the IP address of the website users. It operated the website for 13 days under its control and managed to obtain valuable information of its users using NIT.  As Susan Hennessey and Nicholas Weaver have discussed in detail how NIT was operated by the FBI it will be worth sharing a brief description of the exploit and its basic components.

The Network Investigative Technique (NIT consists of a number of components typical of a malware.

1. A “generator” which runs on the hidden service.
2. An “exploit” which, when transmitted from the hidden service to the visitor’s computer, enables running the FBI’s code on the visitor’s system.
3. The “payload” which the exploit fetches, runs on the visitor’s system, and conducts the actual search, transmitting the information discovered to an FBI server.
4. A “logging server”, a system run by the FBI that records the information transmitted by the payload.

The primary role of the generator is to generate a unique and random ID number  associate the ID with a logged-in user of the site, and then transmit the exploit, the ID, and the payload to the user’s computer.

The exploit takes control over the Tor browser used by the visitor, control it uses to load and execute the payload. Knowledge of how the exploit works is the most sensitive part of an NIT public disclosure not only risks losing the opportunity to use the technique against other offenders but would also permit criminals or authoritarian governments to use it for illicit purposes until a patch is developed and deployed. This is the component the government refuses to disclose in the instant cases.

The payload is the program which searches and gathers information such as computer name, user name, mac address and than transmit it alongwith the unique ID over an unencrypted channel on the internet exposing victims computer public IP address from which he can be tracked back.

The logging service, running on a separate computer, receives the NIT response. The important component in this activity is packet capturing and storing it in a pcap file which records all network traffic transmitted over the unencrypted channel. 

In the current case 137 defendants are facing serious charges over data obtained primarily from NIT and seizure of computers. Interestingly from a defense point of view defendants are asserting that the code involved in the NIT are material to their defense which needs to be shared with them for a fair trial and raise following important questions which are befitting for cyber crime trials in Pakistan as well.

1. Defendants should be given an opportunity to perform a detailed evaluation of the functionality of the expolit in this case NIT, to determine what it searched for in the victims computer, how the search was conducted and what data was seized, and the chain of custody.

2. Critical question is how the key ID was generated and whether every computer was given a unqiue ID. To analyze this from a defendants point of view he would need the source code to ascertain that process and cross match it with the logging activity.

3. The pcap file transmitted over an unencrypted channel was manipulated by any third party.

4. Allowing defense to examine the complete source code including the exploit may result in exposing sensitive classified information to a vast array of actors that can be detrimental to national security operations.

Privacy is Dead

When I started working in internet development I saw it as a great tool of liberation for the global South. 18 years down the road I see it as a great facilitator of absolute control. It is not now but may become a threat to human civilization in coming years.

We live in an age of corporate surveillance architectured by neoliberal global capitalists where Governments and corporate interests have united under the umbrella of metadata surveillance. Given the developments in the surveillance industry in recent years I have taken a different stance on the issue of privacy perhaps, from what most of you would expect me to have taken. I for sometime now have been very vocal about the National Security Agency and massive mass surveillance  programs and I think that we should understand that the game for privacy is gone.  The mass surveillance is here to stay.

Mass surveillance has had a trickle-down effect, whereby not only large and mid-sized states are engaging in this unethical act of spying on the innocent, but even small countries like ours are now spying on their own citizens after the de facto approval by the world’s most powerful.

We can talk about all the laws that we want, and what policies should be and how society should behave and how it should work, but we should realize the fact that privacy is gone and it will not come back short of a very regressive economic collapse which reduces the technological capacity of civilization.

As the price of cutting edge technology continues to decline, states will employ more  surveillance technologies at an increasing rate.

The reason it will not come back is that the cost of engaging in mass surveillance is decreasing by about 50 per cent every 12 months, the underlying cost of telecommunications, moving surveillance intercepts, computerization and storage – all those costs are decreasing much faster at a geometric rate than the human population is increasing.

If you look at societal behavior with reduced social spaces like Sweden, South Korea, Okinawa in Japan and North Korea then you’ll see that society adapts. Everyone becomes incredibly timid, they start to use code words; use a lot of subtext to try and sneak out your controversial views. Like baat tu ap samaj gaye hon gay etc and so on.

Privacy is one of many values “that simply are unsustainabe in the face of the reality of technological change; the reality of the deep state with a military-industrial complex and the reality of Islamic terrorism,  and national security is legitimizing that sector in a way that it’s behaving.

Its time to innovate and strategies and comeup with tools like bitcoin, tor and few others in a growing list as a societal reaction to growing state control. Telecos needs to become more transparent.

Transcript of a talk on Privacy

Looking for Leadership

I have always wondered why modern IT  organizations tolerate dysfunctional leaders? The only justification can be thats its prevalent everywhere and organizations are more happy to accept mediocrity. The problem with this approach is that it leads to growing employees frustration and lack of trust in the ambigious work enviornment.

Most IT organizations cripple or bust not due to lacking human resource or technology but primarily due to lack of leadership. Innovation in the digital age comes from sharing of  ideas and giving an opportunity to your workforce to be heard or share their ideas. Organizations with poor leaders usually have a homogenous team of people with similar way of thinking and liking. This can create cognitive gaps in strategy and its execution. Furthermore, such leaders prefer surrounding themselves with people who are biased and have little interest in seeing the organization grow.

In any successful organization leadership is the key element. The work enviornment is stress free and employees have a sense of direction in achieving business goals. Usually such businesses perform better in satisfying its customer base. In comparision if your organization has  poor leadership at various levels than you are bound to suffer from the following;

1. Low employee engagement and ownership of tasks.
2. Lack of communication within departments.
3. Poor moral forcing to accept culture of mediocrity.
4. Declining business performances and unhappy customers.
5. Thrusting own agendas on the employees.
6. Growing culture of negativity and biased decision making.

When poor leadership is in the hot seat of driving an organization it impacts all areas of business. The first sign is anergy in departments leading to low moral among the work force and forcing good employees either to pick up the slack or switch to a work enviornment where they can grow to achieve their goals. Once the top performers leave the organization those who stay behind get frustrated and eventually lose the energy to stay on top of things.

Written from Khanozai to Quetta on the N50.

The Failure of Human Rights

I am born in an age in which most of the major human rights treaties (there are nine “core” treaties) have been ratified by the vast majority of countries. Yet it seems that the human rights agenda has fallen on hard times. Women lack equality, political freedom is getting curtailed, child labour and forced slavery is rampant in much of the world. Socio economic inclusion of persons with disabilities in society is still a distant dream. Further, the heavy weight champions of human rights i.e. United States and Europe have floundered from blunder to blunder authorizing torture, mass surveillances, targeting civilians using drone strikes, funding and fueling religious extremism, protecting authoritarian regimes, and failing to control the xenophobia towards its Muslim communities. Yet still lingers on to the moral authroity of launching military interventions based on the premise of human rights violations by states that are unfriendly towards western interests. Governments continue to violate human rights with impunity and silence those who speak against the attrocities. Almost 150 of 193 countries that belong to UN engage in torture and extrajudicial killings. An alarming number indeed. Any kind military intervention as seen recently in cases of Iraq and Syria have backed fire as well.

The sad reality is the western ideology of human rights have failed and there is very little evidence to support that human right treaties have done much to improve the miserable state of human wellbeing.  The failure of states in improving wellbeing of people are slowly pushing them towards the Chinese model of development, which combines political repression and economic liberalism.  The threat to human rights framework from such models and practises adopted by US such as recourse to torture and targetted killing of civilians is a big threat to international human rights regime.

Many experts argue that the world is a freer place than it was 60 years ago, but an important question to this argument is it freer because of the human rights treaties or because of development evolution, such as economic growth? My answer is more inclined towards the economic growth and happenings in free markets. Any person can formally have up to 400 international human rights including important rights to freedom of expression, privacy, identity, work, leisure and religious freedom among many others but the dilemna for governments is they have no guidance on them. Lack of skills, budgets and understanding of human rights framework at all levels results in preventing the government from protecting them. For example everyone has the right to be protected from torture. Now imagine our police being barred from using torture to solve criminal cases or eradicate polio. This will require to overhaul an entire dysfunctional system from setting up investigation units having high paid police officers, towards making changes in judiciary and even the political system. With limited resources it makes it extremely difficult for government to achieve the objectives. Most NGOs working on developing human rights pick and choose the rights they want to be prioritised in discussions with the government. A NGO working on the right for privacy or freedom of expression will be focusing on prioritising these two rights only as a requirments from its donors and will not push for rights of person with disabilities though equally important. The ambiguity in human rights makes it more difficult for government to take it seriously.

The international human rights champions have a lot in common with the arrogance of development economists which in previous decades tried and failed to alleviate poverty by imposing western solutions on developing countries like ours. But  development economists were clever to have reformed their approach, the human rights movement has yet to acknowledge its failures. It is time for a reckoning.

Written on route to Hub from Quetta on RCD Highway.

The Failure of Human Rights

I am born in an age in which most of the major human rights treaties (there are nine “core” treaties) have been ratified by the vast majority of countries. Yet it seems that the human rights agenda has fallen on hard times. Women lack equality, political freedom is getting curtailed, child labour and forced slavery is rampant in much of the world. Socio economic inclusion of persons with disabilities in society is still a distant dream. Further, the heavy weight champions of human rights i.e. United States and Europe have floundered from blunder to blunder authorizing torture, mass surveillances, targeting civilians using drone strikes, funding and fueling religious extremism, protecting authoritarian regimes, and failing to control the xenophobia towards its Muslim communities. Yet still lingers on to the moral authroity of launching military interventions based on the premise of human rights violations by states that are unfriendly towards western interests. Governments continue to violate human rights with impunity and silence those who speak against the attrocities. Almost 150 of 193 countries that belong to UN engage in torture and extrajudicial killings. An alarming number indeed. Any kind military intervention as seen recently in cases of Iraq and Syria have backed fire as well.

The sad reality is the western ideology of human rights have failed and there is very little evidence to support that human right treaties have done much to improve the miserable state of human wellbeing.  The failure of states in improving wellbeing of people are slowly pushing them towards the Chinese model of development, which combines political repression and economic liberalism.  The threat to human rights framework from such models and practises adopted by US such as recourse to torture and targetted killing of civilians is a big threat to international human rights regime.

Many experts argue that the world is a freer place than it was 60 years ago, but an important question to this argument is it freer because of the human rights treaties or because of development evolution, such as economic growth? My answer is more inclined towards the economic growth and happenings in free markets. Any person can formally have up to 400 international human rights including important rights to freedom of expression, privacy, identity, work, leisure and religious freedom among many others but the dilemna for governments is they have no guidance on them. Lack of skills, budgets and understanding of human rights framework at all levels results in preventing the government from protecting them. For example everyone has the right to be protected from torture. Now imagine our police being barred from using torture to solve criminal cases or eradicate polio. This will require to overhaul an entire dysfunctional system from setting up investigation units having high paid police officers, towards making changes in judiciary and even the political system. With limited resources it makes it extremely difficult for government to achieve the objectives. Most NGOs working on developing human rights pick and choose the rights they want to be prioritised in discussions with the government. A NGO working on the right for privacy or freedom of expression will be focusing on prioritising these two rights only as a requirments from its donors and will not push for rights of person with disabilities though equally important. The ambiguity in human rights makes it more difficult for government to take it seriously.

The international human rights champions have a lot in common with the arrogance of development economists which in previous decades tried and failed to alleviate poverty by imposing western solutions on developing countries like ours. But  development economists were clever to have reformed their approach, the human rights movement has yet to acknowledge its failures. It is time for a reckoning.

Written on route to Hub from Quetta on RCD Highway.

Paying Higher Wages is Not a Drain on Profits

Most organizations providing customer services to the populace whether in private or public capacity have a major challenge that is "satisfying the end customer". But are we really doing the right things and have the correct directions and processes in place to achieve the goal of providing great customer care remains to be seen. One such organization that I happen to be a part of in Pakistan is going through a phase we saw the US superstore chain Walmart went through couple of years back also knows as the "Walmart Effect". US retail giant Walmart found that its stores were a mess with empty shelves and unhappy customers similar to what we are seeing with NADRA where long queues, poor customer care, corruption and front line employees lacking the impulse of doing the right thing have become a major headache for the public. 

In this era of digital innovation and growth NADRA as a leading public sector organization has become stagnant in its growth. The major reason behind it's decline is low morale, corruption and unsatisfied work force. To overcome challenges of similar nature Walmart took shocking steps in raising wages of front line work force, invested in their training's and opened paths for employees to advance. It was a major shift in their strategy one that understood that "paying high wages is not just a drain on profits but an engine of collective growth". 

NADRA as a leading public sector organization in Pakistan needs to follow the similar footsteps one that allows to pay some dividends to work force from the profits its making, invest in employees training and give them opportunities to advance otherwise the goals of achieving great customer care and become a catalyst of change will not materialize. In the 21st century we need a generation of leaders who understand why change is important to the business and their accountability to implementing it.

In the 21st century, organizations like NADRA and many others need 21st century leaders who are willing to change and move away from antiquated management practices. As a futurist, I hope this post helps you start thinking about what we need to be doing and the shifts we need to make.