Recommended reading: clear analytical insights in a cluttered sea
With all the attention focused on privacy and security these days, any significant development or incident gets tremendous online coverage. This is at one a good thing and a terrible problem. We’ve noted before the difficulties in sorting through on the sources of information available online, in particular the problems with determining the true state of events among conflicting published accounts, and also what can happen when misinformation propagates rapidly leveraging the Internet. A notable recent example of this last issue was the widely circulated rumor of Supreme Court Chief Justice John Roberts imminent resignation, a bit of misinformation apparently originating in a Georgetown University law professor’s lecture, ironically on the subject of the reliability of anonymous sources.
In this environment it is therefore remarkable to find cogent, thoughtful, well-reasoned analysis about a high-profile event, incident, or trend. Today we have two to share, and we have Twitter to thank to bringing them to our attention. First, on the topic of the recent legal ruling in Italy finding three Google executives guilty of violating privacy laws: the public response to this case has been dominated by sentiments that the ruling represents a grave threat to freedom of expression on the Internet. In stark contrast comes an article from EPIC Executive Director Marc Rotenberg published through the Huffington Post (and brought to our attention by Bruce Schneier) that provides a clear and straightforward legal analysis of the law on which the decision was based, and highlights the logic of the legal arguments by comparing the Italian personal data protection law to the arguments providing the basis for the earliest legal protections of the right to privacy in the U.S. In so doing, Rotenberg not only explains the completely rational legal basis for the ruling, but also shows all the virtual hand-wringing about implications for ISP liability to be largely irrelevant.
On another front, ever since Google’s public disclosure about the attacks against it in China and the speculation and allegations as to whether the attacks were state-sponsored hacking, there has been a marked increase in attention on the concept of the advanced persistent threat (APT). Unfortunately, a lot of the people and organizations now talking about APT either seem to not understand the concept, or to diminish its significance by incorrectly likening it to everyday security breaches, or simply to use the fear, uncertainty, and doubt surrounding this class of threat to market their products and services, whether or not they have any bearing on the problem or its mitigation. Blogger and incident response expert Richard Bejtlich has been particularly vocal on this topic and, especially, incensed at its frequent mischaracterization, and taking to Twitter to criticize or ridicule vendors or purported security experts who perpetuate these misconceptions. Against this backdrop comes a wonderfully accurate assessment of the whole APT issue from Sourcefire’s Matt Olney (who Twitters under the handle @kpyke), which came across our feed courtesy of Joel Esler, also of Sourcefire (creators of Snort and other incident detection and prevention tools). Olney’s post on the Sourcefire VRT blog is well worth a read.