image of breaking badness
Breaking Badness
Breaking Badness

160. Legends of the Hidden Data

Coming up this week on Breaking Badness: Gérard Depardon’t Monitor Me, Are You Afraid of the Dark Web?, and Gold, Guidance, and Grievances.

Here are a few highlights from each article we discussed:

Gérard Depardon’t Monitor Me

  • On July 5, France’s Parliament made the decision that French police should be able to spy on citizens remotely through their phones if suspected of breaking the law
  • France lagged behind quite a few other countries as far as legally authorized technology surveillance goes
    • It’s important to recognize the distinction, though, between legislation lag and capability gap; France is already a pretty sophisticated actor as far as surveillance goes
  • The police could monitor “suspected” criminals, but what is the criteria for being “suspicious?”
    • It’s speculative at this point so far, as a final bill hasn’t been passed, but some pushback appears to have caused them to require judicial authorization – similar to warrant authorization as in the US, though it’s worth noting that’s barely more than a rubber stamp
    • Crimes involved need to be “serious” – defined as punishable by five years or more in prison – but “suspected” does seem to be quite nebulous, so I’m hoping someone can set me straight on that requirement
  • The article states that authorities would be able to collect geolocation details, but are other details up for grabs like images, contacts, notes, etc.?
    • It sounds like full device compromise is on the table – geolocation, remote activation of microphone and camera, and access to contents
    • There are some vague gestures as to keeping the surveillance “proportionate” to the suspected crime, and a time limitation of six months at most – though presumably, law enforcement would just need to re-apply for judicial review to continue the surveillance
  • The plan is “meant to bring up to speed the out-to-date French justice system with those of its EU neighbors,” but what other countries in the EU are passing legislation like this?
    • The UK is much more like the US, in that warrants are generally required and surveillance has to be “proportionate and necessary” – along with the legislature-approved retention of bulk data in case they want to “collect” it later
    • Similarly, Spain has enacted technological surveillance in the wake of both terrorist activity and civil unrest
    • Scandinavian countries tend to be a little more guarded at lower levels of law enforcement, while the higher level security services often have pretty easy access
    • The final bill hasn’t passed, but it looks like it has enough support
    • Right now they’re just working out some specifics, including some moderate limitations proposed by Macron’s party
  • What can citizens do for themselves?
    • There are two important principles at work here:
      • If a nation state wants access to your device, they’re gonna get access to your device
      • Just like with criminal actors, there are steps you can take that raise the cost to compromise your device and affect the decisionmaking involved in whether the effort is worth it or not. Things like Lockdown mode on iOS, or enabling developer mode and utilizing some of those options in Android, along with good digital security hygiene. I’ve been spending the past year or so experimenting with the options available for enabling privacy, and the personal frustration and opportunity cost has gone *way* down in recent years. Moving away from consumer services addicted to exploiting user data is another great way to slim down your own surface and improve your privacy

Are You Afraid of the Dark Web?

  • Nickelodeon has confirmed that the data leaked from an alleged breach of the company is legitimate but some of it appears to be decades old
  • The only purpose of this breach that we can speculate at this time is that it’s perhaps clout-driven rather than for monetary gains
    • Nickelodeon notes that customer and employee data was not taken, but rather 500GB in documents and media files
    • A lot of it seems like it’s Spongebob-related 
    • There’s a prestige-type thing that goes along with crimes like these  
  • The investigation is ongoing, but at the present time we don’t have information on how the breach was executed
    • The level of access might just have been easier, perhaps the policies for older data was simpler to navigate 
  • In pirating and creative communities there’s an argument about properties that are purposely retiring favorite series for tax breaks, rather than releasing them on DVDs
    • It’s causing a bunch of people to pirate them 
    • Taylor gives a shout out to for old 80s Christmas TV specials

This Week’s Hoodie/Goodie Scale

Gérard Depardon’t Monitor Me

[Taylor]: 8.5/10 Hoodies
[Ian]: 6/10 Hoodies

Are You Afraid of the Dark Web?

[Taylor]: 3/10 Hoodies
[Ian]: 5/10 Hoodies

That’s about all we have for this week, you can find us on Twitter @domaintools, all of the articles mentioned in our podcast will always be included on our podcast recap. Catch us Wednesdays at 9 AM Pacific time when we publish our next podcast and blog.

*A special thanks to John Roderick for our incredible podcast music!