It was reported to the Dutch parliament yesterday that we are still number one when it comes to absolute number of phone taps! This considering that we only have a fraction of the population of other big phone tapping countries such as the USA, UK and Germany.

I reported about the first official phone tapping statistics in may 2008. Since then there has been a yearly report, but now they’ve changed that to half-yearly again.

The Numbers:
Well over 13000 phone taps in the first half of 2009.
An average of 2250 active phone taps during that time.
Of which 80% concerned mobile phones.

Compared to previous reports:
There is a huge increase of absolute number of taps compared to last years statistics. But last years where yearly, so longer running taps aren’t counted twice and thus the two can’t be compared by simply multiplying the half yearly statistics. So if we compare the to the 2007 half yearly statistics there is only a slight increase in the number of absolute taps.

However the number of average running taps has increased dramatically. In 2007 this was 1681, but the last report is of 2250 taps running on average!

Moreover there has been a slight decrease of mobile phone taps, relatively speaking.

There have been questions from the parliament whether this high number of taps actually helps solve more crime. It is however, still unclear if there’s going to be any research on this matter.

What is a strong password,
how do you know if a password is strong and how do you pick one? That’s what this is going to be about. Passwords are for security, they’re used to certify that one who has knowledge of the correct password has access to the system/information. That’s a very wide description and may thus result in all kinds of different levels of security that are needed. Does this password give you access to your bank account or only to a share with your music collection on your home LAN? What attackers can we expect, or more specifically how does one attack a password? This is the most important, because if we know that, we know what our passwords are up against.
Lees verder →

What is encryption?
Cryptography is the field of technologies for hiding information. It tries to hide, encrypt, the information in such a way that a third party who has access to the hidden, encrypted, data cannot reconstruct, decrypt, the original information. In more practical terms, the encryption methods apply a certain routine to information so that it’s no longer recognizable as it’s original. With the right key, that was determined before encrypting the data and the accompanying routine for decrypting the information, the original information can be recovered.
Cryptography was first pioneered many centuries ago. It was the work of specialists to create encryption routines for the military mainly. Cryptography remained something mainly for the military for quite long. Up until a century ago almost entirely and only in the last 20 to 30 years has it become mainstream. Nowadays it’s being used all around us; in ATM cards, on ecommerce websites, in game consoles, for the distribution of copyrighted music and film and many more applications. This is all possible due to the rise of the computer and readily available gross amounts of computing power. Considering the computing power available nowadays we’re actually encrypting very little and leaving the door right open to a lot of sensitive data.

Why do we need to encrypt more?
If you don’t all ready know it, without encryption there is no such thing as privacy. At least not for your data. It’s all 1′s and 0′s but doesn’t take a genius at all to recognize the data it represents if it’s not encrypted when intercepted. And there are literally thousands of ways to intercept data, but I’ll list some common ways.

• Internet
  is probably the most dangerous place for your data as concerned with privacy. If you don’t use a encrypted connection with the server, pretty much anybody can get their hands on your full communication. People in your local network, your internet provider, the host of the web-site you’re visiting, proxies you’re tunnelled through even if they are transparent and you don’t even notice or know, any carrier of your traffic which can be pretty much any arbitrary person for all you know because routes are chosen dynamically and you have very little to no influence on that and last but not least someone who specifically targets your communication being either a hacker, the government or who knows who.
• E-mail
  is pretty much the same story as for internet
• Instant messaging
  is also just as weak as the whole rest of the internet!
• WiFi
  is a special case all by itself. Special for the fact that it’s extremely dangerous. This is because the information is just put straight into the air for anybody to receive. With the right antenna this can even be from quite far away. Further away than you can be from the access point. Can you imagine what happens if this is unencrypted, or encrypted with some weak encryption such as wep?
• USB-sticks
  might get stolen or lost. Just plug ‘m in, thanks to plug ‘n play, no problem. The average grandmother can do that. Even encrypted and supposedly safe USB sticks might very well turn out to be very insecure after all.
• External hard drives
  as you might have figured suffer from pretty much the same issues as USB-sticks except for that less of them are out there who actually try and protect your data.
• Personal Computers
  get stolen. But a bigger risk might be that other people use them as well. Maybe you don’t fear your husband, wife or maybe even the kids wandering around through your computer, but what about the friends and family who visit your house. Maybe even friends of friends during a party? And did you ever think about the possibility that you might ever become under criminal or tax fraud investigation. You don’t even have to be guilty to be investigated, that’s the ‘beauty’. But then you say, I’ve got my account protected with a password and I’ve made my files private, isn’t that enough? NO! Plain simple NO! All though it will prevent the occasional access to your files it won’t stop the more determent of mind. If they have full access to the hardware, e.g. stolen computer or you’re under investigation, then it’s very easy, but even with limited access it’s possible. Some years ago at a institution we were able to retrieve a very sophisticated password from a machine with a padlock on the case, the HDD as only boot device and bios password set. And then there still is the malware that endangers your data.
• Laptops
  are the same as PC’s except for that they are stolen much easier, more often, get in the range of different people more easily and that customs have the right to search them if you travel abroad.

Encrypting more, doesn’t that sound like a wise decision?

Today a letter to the dutch minister of justice was released. This letter addresses phone tapping statistics collected by the Unit Landelijke Interceptie van het Korps Landelijke Politie Diensten (Unit National Interception from the National Police Department). I will try to translate the letter into English.

In the letter of 13 November 2007 (Tweede Kamer, vergaderjaar 2007-2008, 30517, nr. 5) I promised to send you the tapping statistics, as discussed in the letter, considering the second half of 2007. With this letter I’d like to full fill that.

The Unit National Interception from the National Police Department facilitates the interception for all police departments, the Special Investigations Bureau and the Royal Constabulary and since the middle of 2007 it functions as only body to talk to concerning interception of telecommunication for investigation.

In the second half of 2007 the Attorney General ordered the tapping of 12,491 phone numbers. Of these 84% of the cases considered a mobile phone number and in 16% a tap on a land line. In this period there was a daily average of 1681 active taps.

The statistics for the coming years will be included in the budget cycles and be presented to you through that path.

The Minister of Justice,

This is just an incredibly high rate considering that the Netherlands is a relatively small country with only about 16M people. An average of 1681 active taps means that every 1 in 10,000 is currently being monitored. 12.491 taps in 6 months means about 25K a year. That means on average a tap this year on about 1 in every 650 people. But you should also consider this; not only the people whose number is being taped have their privacy violated, but also the people who call and are called by those persons. If the tapped lines on average only make and receive 5 calls a day this means that the number of people affected daily is almost six times larger!

My sense of privacy on the phone has completely gone by now. I all ready knew that our government liked to tap a lot, but I never could have imagined it to be this bad.

It’s almost 1984 and big brother is maturing ever more. Data retention is in effect in ever more countries and most security agencies can tap anything with the push of a button and often even locate you through your mobile phone. Governments even put spying software on your computer (!) if they can’t film you on the streets with one of their 1,500,000 cameras. It’s not only that they can do all this and admit it, but they do so ever more! So what can we do to protect our privacy when big brother is trying to find out what takes places in the comforts of our home?