Should I Trust The Cloud?

https://www.flickr.com/photos/dherholz/450303689/

I received an email recently from a colleague asking about data sovereignty, and in particular asking about how schools deal with the  need to store all personal data on Australian servers to be compliant with the law. This was my reply…

When deciding whether to do a thing – any thing – you need to assess the relative risk. There is NOTHING that can have it’s risk mitigated to zero. So while we can have debates about the security of the cloud, the fact is that ANY service is generally only as safe as the password that protects it. It’s far simpler to socially engineer your way into a system than to hack it, and it’s easier to follow someone through an open doorway before the door shuts than to crack the lock. There are security risks involved with every system.

What makes you think that data saved on a server that happens to be geographically located on Australian soil is any safer than data on a server located on the other side of some imaginary geographical dividing line? What policies make Australian servers impervious to security issues?  What is it about Australian passwords that are safer than non-Australian passwords?

It’s interesting that whenever I hear the security argument from someone, I ask them whether they use 2-factor authentication on their online accounts. The answer is almost invariably never. I find it hard to take someone seriously when they bleat about security and yet do nothing to secure their own stuff using the safest and simplest technology we have available; 2 factor authentication.

I also find it amusing that these same people who bang on about not trusting the cloud, also almost always have a bank account. When I ask them where their money is stored, they say “in the bank”. When I ask where is it actually stored, they have no idea. They don’t know where their money – or the digital records that define the concept of money – is actually stored. They never stop to consider than when they go to an ATM and withdraw $50, it’s not the same $50 note that they actually put into the bank. There is no magical shoebox under the bank’s bed that stores their actual money… it’s all just computer records, kept on a server, somewhere, and I guarantee that they have no idea where that somewhere is.

That’s why the debate about whether we should be allowing our data to be stored offshore is such a laughable concept. It shows a real lack of understanding about the way the Internet actually works.

The truth is, it doesn’t matter WHERE your data is stored. What matters is WHO is storing it, and whether you trust them with it. I’d rather trust my data to major cloud provider offshore who offer privacy policies that I trust, along with strongly encrypted and sharded data storage techniques, virtual and physical security over their datacentres, and a proven track record of doing the cloud right, than to some minor player in the cloud storage space just because they happen to have servers in Australia.

I’m also not a lawyer.  However, I’ve done enough research into the Australian data sovereignty laws to feel satisfied that I’m interpreting them the right way. And contrary to all the Fear, Uncertainty and Doubt being spread around regarding these laws, they do NOT say that cloud services cannot be used unless the servers are in Australia. What they say is that the cloud service USER – that’s you – needs to feel satisfied that the cloud service PROVIDER is offering a service that meets your expectations of safety, security, privacy and redundancy.  If you do your due diligence, and come to the conclusion that you’re satisfied with your cloud service provider is giving you a level of service you can trust, then you are free to use it and in turn offer it to your users. If you don’t believe they are offering this level of service, then don’t use them. It’s as simple as that.

Your choice will never be able to come with a 100% guarantee. Nothing does. But if you do your research carefully and make your choices well, the chances are as good as they will ever be that you have made the right decision. The cloud offers amazing possibilities, and I’m completely convinced it IS the future of computing. I’m all in on the cloud as the platform.

To me, there is really only one obvious choice in picking a cloud provider. You want someone whose entire infrastructure is built for the cloud, whose entire business model is built on doing it right, managing data with security and integrity and maintaining the trust of their users. I’m not mentioning names because I’m sure you can make your own decisions about who you trust and how well they do this cloud thing.

What I don’t want to do is to place my data with a cloud provider who is still playing catchup, whose cloud infrastructure run on legacy platforms that were never built for the cloud, and whose business practices in slagging their competition I find completely distasteful.

I don’t care where their servers are located.

Header image by Dave Herholz – CC BY-SA

Getting out of Password Hell

A while ago I realised that my online life was in password hell. I was using literally hundreds of sites and services that required passwords, but they were held together with a confusing mess of old passwords that I’d mostly forgotten, numerous passwords which were being used on more than one site,  passwords that didn’t meet the usual complexity rules usually required across the Internet, and so on. I often found myself having to do a password reset just to access a site, and of course that new password became yet another one I had to remember. Or forget.

I felt things were a little bit out of hand so I finally took a few steps to clean up my digital life.

First, using the same password for everything is an exceptionally stupid idea. Instead, I came up with my own system that helped me create hard-to-guess, but easy-to-remember passwords that I could apply to any site.  Having a clear system for this meant that when I signed up for some new online service I could quickly come up with a password that was memorable while also being unique to that site. It really helps to have a system. I made sure that my system always met the minimum complexity rules usually found online… that is, they contained uppercase, lowercase, numbers and symbols and were at least 8 characters long. If you do nothing else, come up with a system for your passwords! It’s so frustrating when you attempt to log in to a site that you’ve been to previously and can’t remember your password. So come up with a system for yourself, and please don’t just use the same password everywhere!

Secondly, I turned on multistep or 2-Factor authentication  for passwords on every site that offered this option (and there are a lot of them now). This is probably the single biggest thing you can do to improve the security of your online life. If you go online and don’t use 2 factor authentication, you’re not really serious about your online security. It’s that simple. I find it both amusing and frustrating when I hear people questioning the security of online services, and then find out they don’t use 2-Factor passwords. If you don’t use 2-Factor on every site that enables it,  please, don’t ever complain about the dangers of online security.  It just makes you sound silly. It’s not hard to set up, and if you use something like Google Authenticator to manage your second factors, it’s very simple to use.  The minor inconvenience of having to enter the second factor is far outweighed by the added security. Trust me on this. Turn it on. Now.

Finally, I set up a password manager. I chose LastPass,  but there are others. It took a while to get my head around how LastPass works but once I did, it made life so much easier. If you want to try LastPass for yourself you can get it on this link.
https://lastpass.com/f?7253846

If you are in password hell like I was,  take some of these positive steps to sort it out.

In Second Factor We Trust

You hear of so many security compromises and hacks these days. There are major security breaches happening, with millions of passwords being stolen and used to steal or damage your stuff. So what can you do about it?

With so much of our lives now being lived in online spaces, losing a password, losing an account, having someone get into your stuff online,  would be a nightmare. What would happen if someone got into your Google account? Your Facebook? Your bank account?

I lost my original Twitter account (betchaboy) last year after a password breach and have never been able to get it back. These security breaches DO happen.

The best thing you can do to protect yourself is to turn on Two Factor authentication. Sounds complicated? Its not. It basically means that there are two passwords required to get into your account instead of the usual one… there is the normal password that you usually use, plus a second one that changes every 30 seconds or so. Even if the bad guys were to get your password, without the second factor – which only you know because it’s generated on your phone, in your presence, on demand – the first password is useless.

It’s a bit like having a door with two locks on it. You’d need both keys to open the door, not just one. Either key on its own won’t open it.

But wait, what? A second password that changes every 30 seconds? That sounds like a lot of messing around! I know it sounds like a hassle, but it’s actually not. Most Two Factor systems form a trust relationship with the devices and computers you use often so most of the time you don’t need the second factor for the computers you use regularly. It’s just needed when you log into a different computer or phone that you don’t normally use. Just like the one that a hacker might be trying to use to log in as you. Even if they discover your password, unless they have YOUR device they only have half the password.

I’ve been using Two Factor authentication on my main Google account for a while now. I resisted turning it on for ages because it all sounded too hard. I eventually relented and decided to give it a go. It’s something I should have done a long time ago. And it’s something that you, if you haven’t already, should do too. Right now.

I spent some time tonight setting up Two Factor authentication on all my Google accounts (about 5 of them), plus my Facebook, Evernote, WordPress, PayPal, Dropbox, Lastpass and Apple ID.  Here’s a good article on how to do it.

For most of these, the second factor can be generated by an app on your phone called Google Authenticator, available for Android, iPhone, Blackberry and Windows Phone. It uses Google’s open source token generation algorithm, and it spits out a new code every 30 seconds, specific to each account. Just log in to these sites as usual, but have your phone handy to generate the second password. It’s very straightforward and easy to use, and well worth whatever minor inconvenience it might cause (which honestly isn’t much)

If you haven’t set up Two Factor yet, can I strongly encourage you to at least give it a try. You can always turn it off if you hate it, but really, you should be using this! There was a report of a password breach for Dropbox users yesterday and it was such a relief to think that it didn’t really bother me as even if they got my password it didn’t matter. It was useless to them anyway.

Do it. Do it now. Seriously.

In None We Trust

I wonder how many teachers would be prepared to gather all their students together at a school assembly sometime and say the following to them …

“Look, we just need you all to know that we do NOT trust you. We’ve talked about it, and we think that given the opportunity, you will all get up to no good and make poor decisions. Because of this, we plan to closely monitor your every move and to make sure that you don’t get away with anything, ever. We plan to prevent you from doing common tasks that are probably perfectly fine and safe. However, since we are, after all, assuming that you won’t be able to make your own good decisions about those things, we have taken the liberty of making those decisions for you.

Essentially, we think you are all a bunch of thieves, cheats and liars with no sense of morals or ethics, and you probably spend all your time looking at pornography anyway. We have no intentions of assuming anything other than the worst… as I said, we really just don’t trust you.

Thank you, that is all. You may now go to class.”

Nah, we’d never do that to our kids, would we?

Now, here’s your locked-down school-supplied laptop. Have a nice day.

Dirty Rotten Scoundrels

If there’s one thing I hate it’s when people assume I’m an idiot and try to rip me off.

So when I got home today I opened the mailbox (yes, the real one!) to find this letter from a company called the Domain Renewal Group.  Their letter – which looked very much like an invoice –  was addressed to me as the owner of the domain betchablog.com and kindly informed me that this domain was due for renewal soon and that I should pay this as soon as possible.  The wording on the letter said that “the domain name registration is due to expire in the next few months“… and that… “Failure to renew your domain name by the expiration date may result in a loss of your online identity.”

All of that is true.  Betchablog.com IS coming up for renewal, and I DO need to renew it. The problem is that Domain Renewal Group are NOT my domain registrar, and they never have been.  I happen to have all of my various domains registered with GoDaddy, and I’ve never even heard of this other mob.

A closer reading of the letter reveals that all of the statements in their letter are technically correct, but written in such as way as to be misleading and underhanded in their deceptiveness.  The letter reads just like a regular renewal notice, but is in fact a transfer and renewal notice.  By signing it and sending it back with payment it would authorise them not just to renew the domain, but to take the domain away from the current registrar and move it their overpriced services.  How overpriced?  Well, I just took a look at GoDaddy’s site and it seems the going rate for a new .com domain is USD$10.69.  Their price for a domain transfer with 12 months renewal is only USD$6.99.  For the same thing, the Domain Renewal Group were about to charge unsuspecting or careless domain owners AUD$45 (about USD$41.50).

The thing is, there are many organisations where the bills are often paid by a different department to the ones that register the domains, that wouldn’t even question such an invoice when it arrived. The wording is sneaky enough, and the format looks enough like an invoice, that many people would just pay it without even questioning it.  I find this notion of trying to trick people into doing things they don’t mean to do is an appalling business practice.

There happened to be a Toronto-based phone number on the form so I rang it using Skype. The guy who answered asked what he could help me with, so I told him that I was very unimpressed with this deceptive and misleading way of doing business.   He sounded both surprised that someone would bother to call just to complain, but judging from his tone this was not the first time he’d had a complaint about it.  His response was a careless, “Like, whatever”, but he incorrectly assumed that there is nothing I can do about it other than complain.

He forgets that we live in an age where everyone is a publisher. He stupidly neglects to consider that the very customer base they are trying to mislead – those domain owners who own blogs and websites – are the exact same people who own their very own “personal printing presses” in the forms of blogs.  If you’re going to pull this scam-like crap on people, how stupid do you have to be to do it to people who can publicly tell the world about it?

My advice?  NEVER do business with the Domain Renewal Group.  Tell your friends never to do business with the Domain Renewal Group. And if I did have any domains registered with them I would be immediately transferring them elsewhere.

A Policy of Trust and Respect

I’m a huge believer in the notion of trust and respect as the primary drivers in the relationship between student and teacher. People have occasionally told me that I’m just incredibly naive about this, but all I can talk from is my own experience, and in my own experience, building relationships of trust, respect and genuine care between student and teacher is the foundation upon which all “policy” rests on in my  classroom. I realise that school administrators will feel a need for something a little more concrete than this, but any policies, AUPs or guidelines that aren’t based on this first rule are  simply not sustainable in my view.

Take blocking and filtering for example. While school boards have the best of intentions for protecting students when they block access to web 2.0 tools and other social technologies, such policies fail the trust and respect test, because they start with an assumption that bestows upon the students neither trust nor respect.

Or what about when a school tells students that their mobile phones will be confiscated if seen? Again, this approach treats students with neither trust nor respect.

Forcing students to complete work that appears meaningless to them, asking them to remember facts that seem unconnected or pointless, again treats kids with neither trust nor respect.

So, yes, when policy makers make policies, I believe they need to think about it in terms of providing an environment of trust and respect first, and then expecting students to work within guidelines that honour that trust and respect that they have been offered.

For example, having a mobile phone in school or in class is not really a problem if it’s use is bound by behaviour that treats the student with the trust to know when and how to use it the correct way, and the respect to assume that they will. Instead of jumping up and down and reading them the riot act if we so much as even see their cell phone, perhaps we need to expect that they are welcome to carry one as long as it doesn’t get used inappropriately… after all, isn’t that how most adults would wish to be treated? Imagine if schools confiscated cell phones from teachers.There would be an outcry and a resounding “Don’t they trust us to do the
right thing?!” from staff, as they felt a sense of violation at their employers assumption that phones would be used inappropriately. As teachers, we would feel as though we were not trusted, we were not respected, and that our ability to make sound decisions was in question before we’d even done anything wrong. I have never seen an employer make those sorts of draconian rules for their employees, but I hear about it happening from schools all the time with regard to their students.  I can only imagine how untrusted and unrespected our students must feel when placed in a similar situation. I’m not suggesting that that school policy should be a free-for-all where kids just do whatever they want. Far from it. I do however think that kids should be given the opportunity to prove they can do the “right thing” before we set up policies that automatically assume they won’t.

I see the same sorts of thinking when it comes to Internet access policies. Blocking access to the web becomes far less necessary if we begin with a fundamental assumption of trust that our students will do the right thing, backed up with the respect that they are capable and able to make those decisions for themselves. Instead of assuming the worst, how much better would the environment we create in our schools be if they were based on trust, respect, and a belief that students want to do the right thing if given the chance.

I really do believe that we get what we expect. As long as we create environments that are based on the expectation that students will do the wrong thing, they probably will. Funnily enough, if we start to create environments where we expect our students to do the right thing, they will usually do that too. They will give us whatever we expect from them, but mostly, school policies are set up to expect the worst.

Seriously, what’s the worst thing that could happen if we created an environment of trust and respect?

Image: ‘James,
I think your cover’s blown!

http://www.flickr.com/photos/23912576@N05/2962194797

No Clean Feed!

I spent today, pretty much by accident, at a forum-style discussion of the issues surrounding the Australian government’s proposal to filter the Internet access of all Australian citizens.  I say “by accident” because the invitation to attend an “Internet Filtering and Censorship Forum” appeared in my email a couple of weeks ago, and without reading it too carefully, I thought it was going to be an educationally focused discussion about the filtering issues that schools face.  That would have been useful and interesting, but I didn’t realise that the discussion would actually be centred on the bigger issue of the Australian government’s proposed Internet filtering scheme.  I’m glad I went.
Look, there is no argument from me that we need to keep our children safe online.  We absolutely need to protect them from the things that are clearly inappropriate, obscene or undesirable.  I remember the first time I realised my son had seen things online that I didn’t think he should see, and it’s a horrible feeling.  But this proposal by Senator Stephen Conroy (the Minister for Broadband, Communications and the Digital Economy) is unrealistic, unworkable, naive and just plan stupid.

Let me put you in the picture.  In the leadup to the last Australian federal election, the Australian Labor Party (then in opposition) made a series of promises to try and get elected (as they do).  One of those promises revolved around a deal done with the powerful Christian Right, in which the Christian Right essentially said “we will give you our preference votes in exchange for you promising to put ISP-level Internet filtering in place”.  The Labor party, in a desperate attempt to get elected, said “yes of course we will do that!”.  Well, they went on to win the election and now they are in the unenviable position of having to meet an election promise that is just plain stupid.  The minister in charge of all things digital, Stephen Conroy, is either the most honorable politician at keeping his promises or the most ignorant, pigheaded, obstinate politician I’ve come across.  I suspect a bit of both.

The plan is to legislate for all Australian Internet Service Providers to supply mandatory content filtering for their customers, at the ISP level.  This would mean that every Australian ISP would have to maintain whitelists and blacklists of prohibited content, and then filter that content before it gets to their customers.  It means that every Australian internet user would have a filtered, censored, internet feed, removing any content that the government deems inappropriate.  Many comparisons have been made to the filtering that currently takes place in China, where the Chinese government controls what their people see.  I don’t think it’s quite that bad (yet), since the Australian proposal is only only really talking about blocking content that is actually illegal (child pornography, etc) but the fact is that filtering is a non-exact science, and there is little doubt that there will be many, many webpages that get either overfiltered of underfiltered.  Those of us in the education sector who have been dealing with filters for years, know exactly how frustrating this can be.

The forum today, which was held at the Sydney offices of web-savvy law firm Baker and Mackenzie, raised many important issues surrounding the filtering proposal.  There were many experts in the room from organisation such as the Electronic Frontiers Australia, the Internet Industry Association, the Law School of the University of NSW, the Brooklyn Law School, the Australian Classification Board, the Inspire Foundation, and many others.   Many of these organisations had a chance to make a short presentation about their perspective on the government’s proposal, and there was a chance for some discussion from the larger group.  It was a great discussion all round.

This is a big issue.  Much bigger than I realised.  I’d read a bit about it in the news, but hadn’t given it that much thought.  On the surface, a proposal to keep children safe and to block illegal content seems like a reasonable idea.  In practice, it is a legal, political and logistical nightmare.

Here are just a few of the contentious issues that the Conroy proposal raises…

What are we actually trying to achieve? What do we really want to block? Stopping kids getting to a few naughty titty pictures is quite a different proposition from preventing all Internet users from accessing pornographic content. Are we trying to just protect children, or are we trying to prevent adults from seeing things that they ought to be able to have the right to choose whether they see or not?  The approaches for achieving each of these goals are probably quite different.

Who will make the decisions about what is appropriate or not? There are many inconsistencies in the way the Classification Board rates content.  There have been numerous examples where something that is rated as obscene is later reviewed and found to be only moderately offensive.  Who decides?  Why should a government be allowed to make decisions about what people are allowed to see or not see.  In Australia, unlike the US, we do not have a constitution that guarantees a right to free speech, so we cannot even use the argument that our government has no right to control what we see.  They can, and they are trying to enforce it.

Won’t somebody think of the children! Sure, filters are designed to keep children safe.  We all want that.  But what if I’m a childless couple?  If I have no children in my household, why should I have to be filtered and restricted for content that is aimed at adults?  As an adult, I should be able to access whatever content I like, including the titty pictures if that’s what floats my boat.  As an adult, I don’t need the government telling me what I can and can’t access online, especially if it has nothing to do with children.

How do you filter non-http traffic? Traffic moves around the internet using all sorts of protocols… ftp, p2p, https, email, usenet, bit torrent, skype, etc.  I was told by a reliable source today that there are hundreds of different internet protocols, and many new ones are being created all the time.  Filters generally only look at regular http traffic (webpages) and will therefore have little chance of catching content that uses other protocols.  Usenet News Groups are a huge source of pornographic material, yet they will be unaffected by the proposed filters.  There is nothing to stop child pornographers exchanging content over peer-to-peer networks, bit torrent, skype or even as email attachments…  and these would all go undetected by the filters.

Do we bend the trust model until it breaks? Although the http protocol is pretty easy to inspect for its contents, the https protocol is not. The https protocol, otherwise known as Secure http, is the same one used by banks, online merchandisers and so on to facilitate secure online ecommerce transactions.  Sending traffic via https instead of regular old http is trivial to do, so one would expect that if the filters eventually happen, then the child pornographers will just start to transmit their stuff using https instead.  This will lead to one of two possible situations…  either the filters will continue to ignore http traffic (as they do now) and the pornographers carry on with business as usual making the whole filter thing pointless; or instead, the people who create the filters get smart enough to come up with a way to inspect https traffic as well.  As clever as this might be, the whole idea of https traffic is that it is encrypted to the point where the packet contents cannot be seen.  To design filters that were smart enough to inspect encrypted packets, would, if it happened, also break the entire trust model for online ecommerce.  If https packets could be inspected for their contents there would be a major breakdown in trust for other transactions such as Internet banking, ecommerce and so on.  Would you give your credit card details if you knew that https packets were being inspected by filters?

Computers are not very good at being smart. There is no way that all Internet content can be inspected by human beings.  It’s just too big, and growing too fast.  There are about 5000 photos a minute being added to Flickr.  About 60,000 videos a day being added to YouTube.  There are thousands of new blogs being started every month.  Content is growing faster than Moore’s Law, and there is no way that content can be inspected and classified by humans at a rate fast enough to keep up with the growth.  So we turn to computers to do the analysis for us.  Using techniques like heuristic analysis, computers try to make intelligent decisions about what constitutes inappropriate content.  They scan text for inappropriate phrases.  They inspect images for a certain percentage of pixels that match skin tones.  They try to filter out pictures of nudity, but in the process they block you from seeing pictures of your own kids at the beach.  Computers are stupid.

The Internet is a moving target. The Internet is still growing much too fast to keep up with it.  There are new protocols being invented all the time.  Content is dynamic.  Things change.  If I have a website that is whitelisted as being “safe” and ok, what’s to stop me from replacing the content with images that are inappropriate?  If just the URL is being blocked (and not the content) then that makes the assumption that the content will not change after the URL is approved.  A website could easily have its content replaced after its URL is deemed to be safe.

The technical issues are enormous. The internet was designed originally to be a network without a single point of failure.  When the US military built the Internet back in the late 60s, its approach was to build a network that could route around any potential breakdowns or blockages.  Yet when the filtering proposal is mapped out, the Internet is seen as a nice linear diagram that flows nicely from left to right, with the Cloud on one side, the end user on the other and the ISP in the middle.  The assumption is that if you simply place a filter at the ISP then all network traffic will be filtered through it.  Wrong!  The network of even a modest sized ISP is extremely complex, with many nodes and pathways.  In a complex network, where do you put the filter?  If there is a pathway around the filter (as there almost certainly will be in a network designed to not have a single point of failure) then how many filters do you need to put in?  It could be hundreds!  The technical issues facing the filtering proposal are enormous, and probably insurmountable to do effectively.

Filters don’t work. The last time the government issued an “approved” filter (at the user end) it was cracked by a 13 year old kid in minutes.  We were told the inside story of this today and some say that this was an unfair claim since the kid was given instructions by someone online, but the point remains that the filter was easily cracked.  Over 90% of all home computers run in administrator mode by default, so cracking a local filter is just not that hard.  Schools that filter will tell you that students who really want to get around the filters do so.  They use offshore proxies and other techniques, but filters rarely stop someone who really wants to get past them.  All they do is hurt the honest people, not stop the bad ones.

Australia, wake up!  Conroy’s plan is a joke.  It’s an insult.  It’s nothing but political maneuvering to save face and look like the government is doing something to address a problem that can’t be effectively addressed.  Conroy is doing all this to keep the Christian right happy in exchange for votes. He won’t listen to reason, and he won’t engage in discussion about it. He is taking a black and white view of a situation that contains many shades of grey.  The problem of keeping our kids safe online is important and needs to be addressed, but not like this.  Please take the time to write to him and tell him what you think. Don’t use email, it counts for nothing (even if he is the Minister for Broadband, Communications and the Digital Economy!)  Write to him the old fashioned way… it’s the only format that politicians take any notice of.

The irony of the underlying politics and the involvement of the Christian Right is the disgraceful history of child abuse by the Church… Catholic, Anglican, you name it.  There is case after case after case of children being abused and taken advantage of by priests and other religious clergy.  If Senator Conroy is serious about “evidence based research” and wants to legislate against the most likely places that children get molested and abused, maybe he should be doing something about putting “filters” on the catholic church.  Or what about banning the contact of small children with older family members… because statistically that’s where most child molestation takes place.  Stupid idea?  Of course it is, but it makes more sense than trying to impose a mandatory “clean feed” of Internet access for all Australians.

It’s a complete joke and a bloody disgrace.