Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Middle Brothers

published on 2020-11-25 18:54:44 UTC by j4vv4d
Content:

When we talk about privacy and surveillance, discussions usually involve talk of Governments keep the population under manners. 

But unlike the good old days of the eighteenth century, Governments aren’t the only ones with skin in the population monitoring, control, and profiteering business. We now have a whole slew of middle brothers aka big tech wanting a slice of that mind-control pie. 

Spying on employees

Amazon has found itself in the spotlight this past week with Vice publishing an article entitled, Secret Amazon Reports Expose the Company’s Surveillance of Labor and Environmental Groups

Joseph Cox picked out some of the juicy parts and shared on twitter.  

Source: https://twitter.com/josephfcox/status/1330925535069757440?s=20

Before reading the article, I just saw the headline and some of the tweets and felt outraged enough to share the link with my Host Unknown Podcast co-presenters Andy and Thom. Yes, I wonder why I talk to them too – especially when Andy responded with: 

Nice story. When you remove the emotion, I can’t see as much wrong as the article makes out!

Andrew Agnes via Whatsapp

Anyway, I’m not going to debate as to whether or not an organisation should spy on its employees – and to what degree … well not quite yet. 

Sharing is (s)caring

Still on the topic of Amazon, I received an interesting email from the tech giant announcing a new offering entitled Amazon Sidewalk (you just know a marketing intern who’s never stepped outside of the US came up with a name like that). 

The blurb from the website describes Sidewalk as: 

Amazon Sidewalk is a shared network, coming later this year, that helps devices like Amazon Echo devices, Ring Security Cams, outdoor lights, and motion sensors work better at home and beyond the front door. When enabled, Sidewalk can unlock unique benefits for your device, support other Sidewalk devices in your community, and even open the door to new innovations like locating items connected to Sidewalk.

So, basically, there’s Amazon, a company that we’re already feeling a bit creeped out a bit by, that now wants to borrow a part of your internet that it will <securely> make available to your neighbours and others in the vicinity to help power their smart things. 

After all, this is the company that brings you Ring camera’s – the same ones that were breached last December

The same company that sells woefully insecure alternative smart doorbells. 

But hey, won’t you think of the lost puppies? Yes, I’m being serious – they actually put that in the Sidewalk marketing propaganda FAQ’s.

Source: Amazon Sidewalk FAQs

Are you enraged yet? Or are you dead from the inside like Andy? I kind of need you to at least be mildly annoyed at this point because I’m going through great lengths to paint Amazon as the bad guys here.

In fairness – and I am nothing, if not fair. Amazon did publish a Sidewalk Privacy and Security Whitepaper which is something that perhaps deserves a bit more time than I gave it. But, then again, I’m not saying that technically it’s a flawed design (unlike this little gem that Paul Moore shared – but don’t click on that yet, that’s a side quest).

Workplace Analytics

Hold my Cloud said Microsoft and check out Workplace Analytics (promo video). It’s built right into MS 365 and it calculates productivity scores of employees. What is a productivity score I hear you ask? Well, according to Wolfie Christl it sounds an awful lot like a full-fledged workplace surveillance tool.

Surveillance 365

Wolfie goes on to say,

Employers/managers can analyze employee activities at the individual level (!), for example, the number of days an employee has been sending emails, using the chat, using ‘mentions’ in emails etc.

Showing data on individuals can be turned off, but it’s activated *by default*. This normalizes extensive workplace surveillance in a way not seen before. I don’t think employers can legally use it in most EU countries. I’m sure they cannot legally use it in Austria and Germany.

In addition, Microsoft lures companies into sharing employee data with Microsoft in order to show them how their numbers compare to the numbers of other organizations. As a result, Microsoft gets access to a massive stack of employee data across many organizations.

This is so problematic at many levels:
– Managers evaluating individual-level employee data is a no go – Any evaluation of group ‘productivity’ data can also shift power from employees to organizations
– Employee self control via MyAnalytics is the first step to normalization
– Not least, Microsoft gets the power to define highly arbitrary metrics that will potentially affect the daily lives of millions of employees and even shape how organizations function

Wolfie Christl (Twitter thread)

Tech<NO>logy

Let’s take a collective deep breath and chill (or maybe that advice only applies to me). We have a ton of issues here and I kind of purposely / accidentally mixed them up to make my case for outrage. To paraphrase Andy, if you take the emotion out sometimes things don’t seem as bad as they are.

Yes, there are tons of crappy smart devices and internet of things out there. Amazon sells a lot of them – and yes, even their own devices aren’t always 100% secure – but then again no one has perfect security.

Putting that aside, the question is, whether it’s a good idea for organisations to spy on their employees – particularly union workers, activists and the like. Well, this isn’t a new challenge. Do you really think oil and gas don’t check to see if any of their employees are Greenpeace activists. Or NASA employs flat-earthers?

Probably poor analogies, but it happens.

Organisations like to keep an eye on their employees, and Microsoft just handed all the data they need on a silver platter. Is this anything new? Again, not really, there has been productivity and employee monitoring software on the market for ages.

I think I have issues with two things.

First, that the tendency is to use technology to solve every single issue out there, even if it doesn’t need to. Like, employee monitoring – it’s a managers job to look after their staff, ensure they get the support they need, and they can meet their targets. Saying that Bob spends 3 hours more a week on emails than Sally does isn’t particularly useful.

Secondly, we’re used to organisation collecting data about us and monetising it, usually in the way of ads or to sell you something. The main point being that the use of the data was somewhat transparent to us users. Giving that data to your employers is more ropey, because let’s face it – a lot of managers are poor at leading teams and developing people.

It’s why I feel like Sidewalk has the potential of being misused – especially once law enforcement get wind of this massive dataset of information that can be used. It’s not like they’re a stranger to it.

Now is time to take action… in 5 mins

The answer to many of the real and perceived challenges we have is quite simple. Let’s hit them where it hurts.

Quit Facebook
Stop buying from Amazon
Don’t use Microsoft
Uninstall Twitter
… add a few more steps here
utopia!

But the problem is that most of us are high on our own supply. As much as many people would love to stop using a particular service, it’s difficult to give up the convenience. Given enough time, that becomes the new normal (not referencing COVID-19). Don’t believe me? Try buying a non-smart TV… I’ll wait.

I’m still not convinced that things are as bad as some headlines make them out to be – despite me being completely cynical about many offerings. But at the same time, I don’t think middle brothers have taken anything from us. We’ve given it all up willingly because ultimately, most of us are too lazy to make a difference.

Article: Middle Brothers - published almost 4 years ago.

https://javvadmalik.com/2020/11/25/middle-brothers/   
Published: 2020 11 25 18:54:44
Received: 2021 06 06 09:04:45
Feed: J4vv4D
Source: J4vv4D
Category: Cyber Security
Topic: Cyber Security
Views: 2

Custom HTML Block

Click to Open Code Editor