July/August 2019 issue of acmqueue The July/August 2019 issue of acmqueue is out now

Subscribers and ACM Professional members login here

Privacy and Rights

  Download PDF version of this article PDF

Error 526 Ray ID: 5276d9484ef4e770 • 2019-10-18 01:48:13 UTC

Invalid SSL certificate








What happened?

The origin web server does not have a valid SSL certificate.

What can I do?

If you're a visitor of this website:

Please try again in a few minutes.

If you're the owner of this website:

The SSL certificate presented by the server did not pass validation. This could indicate an expired SSL certificate or a certificate that does not include the requested domain name. Please contact your hosting provider to ensure that an up-to-date and valid SSL certificate issued by a Certificate Authority is configured for this domain name on the origin server. Additional troubleshooting information here.


Originally published in Queue vol. 7, no. 8
see this item in the ACM Digital Library



Ariana Mirian - Hack for Hire
Investigating the emerging black market of retail email account hacking services

Meng-Day (Mandel) Yu, Srinivas Devadas - Pervasive, Dynamic Authentication of Physical Items
The use of silicon PUF circuits

Nicholas Diakopoulos - Accountability in Algorithmic Decision-making
A view from computational journalism

Olivia Angiuli, Joe Blitzstein, Jim Waldo - How to De-identify Your Data
Balancing statistical accuracy and subject privacy in large social-science data sets


(newest first)

Xpltivdletd | Tue, 04 Oct 2011 02:16:46 UTC

In the U.S.Navy, at least in the years from 1969__1989, official phones were answered: "{place} {command} {person} speaking, THIS IS A NON-SECURE LINE, (how) may I help you, sir?"

Yes, we would the standard PC Indignant Interruptive "YOU mean sir-or-MA'AM!!!" from a caller now and then, but this was the Navy--not a college campus. The sex of the Commanding Officer--not the synthetic outrage of the caller--set the default. My point is the "non-secure line" statement. It reminded the caller discussing classified info was inappropriate, and better to err on the side of caution than on the side of convenience.

I already tag my "automatic-signature" in e-mail with a similar caveat; e-mail is about as private as would be "tagging" a passing truck or railcar with your message. It might be time to add "This is a non-secure phone" to your usual word(s) when answering a phone, whether it's a wired landline or something else. It would remind the caller AND would remind "Big Sibling" we know she-or-he is watching. Best regards.

helen cohen | Tue, 09 Feb 2010 02:01:13 UTC

see what is in the major newspapers; every hour world news, visit the link: www.lafsar.com

gone | Mon, 09 Nov 2009 16:20:15 UTC

I was attacked over wireless by Israeli individual on a dating site in 2006; he said in IM chat- I'm taking over your computer.

I unplugged the RJ-45 ethernet cable to my G5 Mac Pro. The network traffic went HIGHER than what bayarea.net ADSL went, and I was unplugged. I thought "this is magic" at the time...

> two Israeli companies that provide interception equipment to > US and other governments, have deliberately introduced > backdoors in their systems that give Israeli intelligence wide > access to domestic communications inside the US.

Fazal Majid | Sun, 13 Sep 2009 05:30:03 UTC

There is another attack vector to consider. CALEA has a server side embedded in the digital switching networks of the phone companies, but also a client-side component used by federal law-enforcement and intelligence agencies. If poorly vetted (and in many cases vetting is in fact theoretically impossible), these systems are an attractive target for foreign governments or organized crime to introduce backdoors and covert channels into. Essentially CALEA hands the communications infrastructure on a silver platter to those who can hack the government. Past incidents have shown that the security of government systems leaves much to be desired.

Numerous allegations have been made for instance that Verint and Amdocs, two Israeli companies that provide interception equipment to US and other governments, have deliberately introduced backdoors in their systems that give Israeli intelligence wide access to domestic communications inside the US.

Peter Baker | Sat, 12 Sep 2009 18:10:20 UTC

There is a third vector - security is moving up the stack. First there were separate wires, then segregation meant separate networks, then network protocols - all of them have eventually turned into pooled resources. Meaningful security now resides at application level, and this is where a new generation of privacy assaults is building: social websites (where the application level becomes a pool).

The "cloud" concept is asking end users and businesses to trust providers that have, at best, marginal legal containment in the country of origin and even less so abroad, with the best example Google who has pioneered mass intrusion of privacy (allegedly non-evil, of course). Have a look at their Terms of Service, clause 11 - they have even afforded themselves the ability to take your information elsewhere..

Couple with that an interesting deficiency in Data Protection laws: if a business collects data from a user, purpose has to be specified and maintained. If a business collects data about a user from ANOTHER user, considerably less controls apply - and who is going to check compliance in the countries with notification duty? What happens to facial recognition name tags in their web albums? Do they really stay in the account or will they be used to find other occurrences in the vast Google haystack?

Now extrapolate: add an ECHELON and a Carnivore, sorry, DCS-3000 feed to Google and friends (Facebook?) and hey, presto, another NSA. Legally so. Voluntarily so - and our kids grow up thinking this is acceptable.

There is nothing wrong with legally sanctioned surveillance - police and other security services cannot function without - provided there is cause, oversight, transparency, control and, ultimately, accountability. Otherwise it's maybe time to stop pretending to be a democracy.

Tony Pelliccio | Sat, 12 Sep 2009 17:16:12 UTC

Excellent analysis of the wiretapping framework and how the envelope has been expanded over time to included TCP/IP packets, etc.

As to the CDR, VoIP users pretty much have all their CDR data available to them via a web interface. I know that's the case with my Vonage account, and my MagicJack does the same. It's saved my bacon a couple of times when I needed to lookup a number of someone who called. But I know that law enforcement has full access to it. It's all innocuous anyhow but I object to the open peeping going on.

Leave this field empty

Post a Comment:

© 2019 ACM, Inc. All Rights Reserved.