DOCSLIB.ORG

AUTHENTICATION TECHNIQUES for HETEROGENEOUS TELEPHONE NETWORKS by BRADLEY GALLOWAY REAVES a DISSERTATION PRESENTED to the GRADUA

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
AUTHENTICATION TECHNIQUES for HETEROGENEOUS TELEPHONE NETWORKS by BRADLEY GALLOWAY REAVES a DISSERTATION PRESENTED to the GRADUA AUTHENTICATION TECHNIQUES FOR HETEROGENEOUS TELEPHONE NETWORKS By BRADLEY GALLOWAY REAVES A DISSERTATION PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY UNIVERSITY OF FLORIDA 2017 © 2017 Bradley Galloway Reaves For Sarah ACKNOWLEDGMENTS Iamonlywritingthistodaybecauseofthemultitudeoffamily,friends,teachers,and colleagues who helped get me here. This journey began in high school, when Mrs. Reid, my English teacher, suggested that I would make a good college professor. I wasn’t sure about the idea until my second programming class in college. I loved programming, so I would do the lab assignments at home, then show up in the lab to demonstrate the project to the TA. My work for the week was done, but I didn’t leave the lab. Instead, I stayed for the next few hours helping other students when they needed help with the programming assignments. It became the best part of my week, and I realized that there was no career I wanted more than to be a professor of computing. Having a goal and knowing what it takes to achieve it are two very di↵erent things. At the time I knew I needed a PhD, but nothing of what it took to get one. Luckily, I had wonderfully supportive professors and advisors who told me what it took, and one in particular helped me take the first steps toward a research career. Tommy Morris was a new professor at Mississippi State, and after teaching my digital design class o↵ered me a (paid!) position in his research lab. I thought I’d be doing scut work, but he very quickly let me define my own project: analyzing the security of digital radios. Along the way, he taught me the basics of computer security, how to define and execute a research project, how the publication process works, and helped me win an NSF Graduate Fellowship. As I finished my master’s degree, I desperately wanted to learn how to do the best research I could, and I knew I still had so much to learn. By certain divine providence, I joined Patrick Traynor’s group at Georgia Tech. Patrick Traynor has, over the course of the past six years, become the single greatest professional influence on my life. He has been not just an amazing academic advisor, but also an incomparable friend, confidant, occasional running coach, and an exemplar of what it means to live life fully. He taught me every aspect of my craft, including how to be an impactful teacher, mentor, manager, technologist, and researcher, and he 4 believed in me even when I did not believe in myself. He showed me by his example that as important and rewarding as it is do pour everything you have into your career, it is far more important to care for your family and put their needs first. If I am a fraction of the teacher, advisor, husband, and father that he is I will lead a full and rich life. Very few doctoral courses follow a straight-line path, and my course was no exception. The greatest surprise and kismet occurred when Patrick Traynor moved to the University of Florida in 2014 to found the Florida Institute for CyberSecurity Research (FICS), and I joined him as a founding member of the group. While leaving Georgia Tech and Atlanta was bittersweet and meant leaving behind good friends and colleagues, UF provided bountiful opportunities that I would have been a fool to miss. At FICS, I had the pleasure of working with a group of friends and colleagues who were not only all dedicated to building one of the world’s finest computer security research groups, but to have fun doing so. I know that what success I have had has been enabled by the support and camaraderie of the great group of students and faculty at FICS. There is nothing better than working with a group of friends you can rely upon in the trenches. UF provided a wonderful home to write my dissertation, but satisfying the University’s rigorous requirements as a transfer student would not have been possible without the support of the CISE graduate advisor, Adrienne Cook. I can say with no reservation that I would not have graduated without her tireless support and assistance. She not only regularly made the seemingly impossible happen, her exceptional optimism and friendliness made every visit to her office a delight. Iwouldalsoliketothankmydissertationcommitteefortheirhelpfuladviceand guidance in completing this dissertation. One of the lessons I learned from Patrick Traynor was that it is far better to work with others on projects than to work alone, and he proved that to me by grafting me into an extensive academic family. Kevin Butler was always ready with a brilliant insight or helpful comment to make my work much better than it would have been otherwise. 5 Will Enck showed me how wonderful collaboration can be and was always ready with encouragement. Patrick McDaniel gave me the advice I needed at precisely the right times. I’m also grateful to my family, who gave me everything I needed to be successful. My mother nurtured (and sometimes even bravely endured) my insatiable curiosity, while my father taught me to love learning how things worked, building and making things, and the courage to believe I can do anything I put my mind to. My stepmother Angela showed me what it means to love someone as your own. Pat Bradley, my grandmother, taught me to love reading and to find humor in everything. My grandmother Ann showed me what endless patience and self-sacrificing love truly mean, and my grandfather John demonstrated what discipline and a strong work ethic can achieve. Sarah Anderson Reaves has been with me since well before this long journey was even an idea. She has selflessly loved me through everything: a decade of rootlessness and the uncertainty of college and graduate school; the long days and sometimes even longer nights of coursework, research, and travel; self-doubt and delusions of grandeur; celebrations and disappointments; crises and opportunities. Through all of it she has been my greatest supporter and my best friend. This thesis and the degree it completes would never have happened were it not for the love she gave and the sacrifices she made, large and small. I am so very lucky I get to share my life with her. To everyone mentioned here, and all those who have helped me become who I am: thank you from the bottom of my heart. 6 TABLE OF CONTENTS page ACKNOWLEDGMENTS ................................. 4 LIST OF TABLES ..................................... 10 LIST OF FIGURES .................................... 11 ABSTRACT ........................................ 13 CHAPTER 1 INTRODUCTION .................................. 15 1.1 Thesis Statement ................................ 17 1.2 Contributions .................................. 17 1.3 Organization .................................. 17 1.4 Publications ................................... 18 2 BACKGROUND AND RELATED WORK ..................... 19 2.1 The Modern SMS Ecosystem ......................... 19 2.2 Telephone Network Background ........................ 22 2.2.1 Landline Networks ........................... 23 2.2.2 Cellular Networks ............................ 24 2.2.3 VoIP ................................... 26 2.2.4 Challenges to Authenticating Phone Calls ............... 27 2.3 Related Work .................................. 29 2.3.1 Prior Work on SMS Use and Abuse .................. 29 2.3.2 Telephony Fraud and Detection .................... 30 2.3.3 Prior Work Authenticating Phone Calls ................ 31 2.3.4 Audio Quality Measurement ...................... 32 3 CHARACTERIZING THE SECURITY OF THE SMS ECOSYSTEM WITH PUBLIC GATEWAYS ................................ 34 3.1 Methodology .................................. 36 3.1.1 Public Gateways ............................. 36 3.1.2 Crawling Public Gateways ....................... 40 3.1.3 Additional Data Sources and Analyses ................ 40 3.1.4 Message Clustering ........................... 43 3.1.5 Message Intentions ........................... 45 3.2 Data Characterization ............................. 46 3.2.1 Gateways and Messages ......................... 46 3.2.2 Infrastructure .............................. 46 3.2.3 Geography ................................ 48 3.2.4 Clusters ................................. 49 7 3.2.5 SMS Usage ................................ 49 3.3 Uses of SMS as a Secure Channel ....................... 51 3.3.1 PII and other Sensitive Information .................. 51 3.3.2 SMS code Entropy ........................... 55 3.3.3 Takeaways ................................ 58 3.4 Abuses of SMS ................................. 59 3.4.1 Gateways and PVA ........................... 59 3.4.2 Detecting Gateways ........................... 61 3.4.3 Abuse Campaigns in SMS ....................... 65 3.4.4 Takeaways ................................ 69 4 DETECTING INTERCONNECT BYPASS FRAUD ............... 73 4.1 What is a Simbox? ............................... 75 4.1.1 How Simbox Fraud Works ....................... 76 4.1.2 Consequences of Simbox Operation .................. 78 4.2 Methodology .................................. 79 4.2.1 Inputs to Ammit ............................ 80 4.2.2 Detecting Unconcealed Losses ..................... 81 4.2.3 Detecting Concealed Losses in GSM-FR ................ 84 4.2.4 Simbox Decision and SIM Detection .................. 85 4.2.5 Efficiency of Ammit ........................... 86 4.3 Threat Model and Evasion ........................... 86 4.3.1 Security Assumptions .......................... 87 4.3.2 Evasion .................................. 87 4.4 Experimental
Load more

Recommended publications
  • Uila Supported Apps
    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
    [Show full text]
  • Sharing Economy Has Been Revealed As a Valuable Tool
    As the Let’s Talk Trash team has been investigating how to move Powell River closer to Zero Waste, the Sharing Economy has been revealed as a valuable tool. Here are a few local Sharing Economy resources we can all tap into. The Sharing Economy (Collaborative Consumption): • is a socio-economic system built around the sharing of human and physical resources. • provides expanded access to products, services and talent beyond initial face to face exchanges. Ex: Craigslist, Ebay • includes the shared creation, production, distribution, trade and consumption of goods and services by people and organizations. • can involve sharing access to products or services, rather than having individual ownership. Ex: Tool Library, Car Sharing • encompasses for-profit, non-profit, barter and co-operative structures. • is based on a set of values that includes trust, transparency, economic empowerment, creative expression, authenticity, community resilience and human connection. • is available to corporations, governments and individuals willing to actively participate as buyers, sellers, lenders or borrowers in these varied and evolving organizational structures. Accommodation Sharing Couch Surfing: Connects travelers. Members can find a place to stay or share their home with other travelers. Hosting and couch surfing are FREE. Hosts and guests have profiles to ensure safety and respectful treatment of the spaces. https://www.couchsurfing.com/ Air B’n B: Cheaper than a hotel or house rental, and more unique. There are rooms and homes available in 190+ countries. Hosts and guests have profiles to ensure safety and respectful treatment of the spaces. Sign up for free and offer or book a space. https://www.airbnb.ca/ Home Exchange: Exchange homes with other users in 150 countries.
    [Show full text]
  • The Handshake - Establishing Secure Connections Over Insecure Channels
    Lecture 13: The handshake - establishing secure connections over insecure channels Boaz Barak We’ve now compiled all the tools that are needed for the basic goal of cryptography (which is still being subverted quite often) allowing Alice and Bob to exchange messages assuring their integrity and confidentiality over a channel that is observed or controlled by an adversary. Our tools for achieving this goal are: • Public key (aka assymetric) encryption schemes. • Public key (aka assymetric) digital signatures schemes. • Private key (aka symmetric) encryption schemes - block ciphers and stream ciphers. • Private key (aka symmetric) message authentication codes and psedoran- dom functions. • Hash functions that are used both as ways to compress messages for authentication as well as key derivation and other tasks. The notions of security we require from these building blocks can vary as well. For encryption schemes we talk about CPA (chosen plaintext attack) and CCA (chosen ciphertext attacks), for hash functions we talk about collision-resistance, being used (combined with keys) as pseudorandom functions, and then sometimes we simply model those as random oracles. Also, all of those tools require access to a source of randomness, and here we use hash functions as well for entropy extraction. Cryptography’s obsession with adjectives. As we learn more and more cryptography we see more and more adjectives, every notion seems to have modifiers such as “non malleable”, “leakage-resilient”, “identity based”, “concurrently secure”, “adaptive”, “non-interactive”, etc.. etc. Indeed, this motivated a parody web page of an automatic crypto paper title generator. Unlike algorithms, where typically there are straightforward quantitative tradeoffs (e.g., faster is better), in cryptography there are many qualitative ways protocols can vary based on the assumptions they operate under and the notions of security they provide.
    [Show full text]
  • Wiretapping End-To-End Encrypted Voip Calls Real-World Attacks on ZRTP
    Institute of Operating Systems and Computer Networks Wiretapping End-to-End Encrypted VoIP Calls Real-World Attacks on ZRTP Dominik Schürmann, Fabian Kabus, Gregor Hildermeier, Lars Wolf, 2017-07-18 wiretapping difficulty End-to-End Encryption SIP + DTLS-SRTP (SIP + Datagram Transport Layer Security-SRTP) End-to-End Encryption & Authentication SIP + SRTP + ZRTP Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time Transport Protocol) 2017-07-18 Dominik Schürmann Wiretapping End-to-End Encrypted VoIP Calls Page 2 of 13 wiretapping difficulty End-to-End Encryption & Authentication SIP + SRTP + ZRTP Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time Transport Protocol) End-to-End Encryption SIP + DTLS-SRTP (SIP + Datagram Transport Layer Security-SRTP) 2017-07-18 Dominik Schürmann Wiretapping End-to-End Encrypted VoIP Calls Page 2 of 13 wiretapping difficulty Introduction Man-in-the-Middle ZRTP Attacks Conclusion End-to-End Security for Voice Calls Institute of Operating Systems and Computer Networks No End-to-End Security PSTN (Public Switched Telephone Network) SIP + (S)RTP (Session Initiation Protocol + Secure Real-Time
    [Show full text]
  • Analysis of Effect of Zfone Security on Video Call Service in Wireless Local Area Network
    International Journal of Computer Techniques -– Volume 6 Issue 6,November 2019 ANALYSIS OF EFFECT OF ZFONE SECURITY ON VIDEO CALL SERVICE IN WIRELESS LOCAL AREA NETWORK Arip Solehudin 1 Bayu Priyatna 2 Nono Heryana 3 Teknik Informatika Fakultas Ilmu Komputer School of Engineering and Computer Science Sistem Informasi Fakultas Ilmu Komputer Universitas Singaperbangsa Karawang Universitas Buana Perjuangan Karawang Universitas Singaperbangsa Karawang Karawang, Indonesia Karawang, Indonesia Karawang, Indonesia [email protected] [email protected] [email protected] Abstract—Along with the development of WLAN (Wireless VoIP LAN that uses cable began to move using wireless Local Area Network) network technology, many services that network technology, namely wireless. The use of wireless used cable networks began to migrate to wireless networks. networks as a medium for the flow of data makes VoIP VoIP (Voice over Internet Protocol) is one service implemented services can be used in several communication technology in wireless local area networks. However, VoIP that uses tools such as personal computers, laptops, and smartphones. wireless technology as a data stream media Video Call service has a high risk of tapping pictures. To avoid tapping pictures, The use of VoIP technology that is implemented on you can add a security system to the service, one of which is to WLAN networks with video call services found in VoIP use Zfone security. With him adding a security system that will facilities is an excellent solution for conducting influence the work of Video Call services on the quality of conversations at affordable costs compared to the VoIP service.
    [Show full text]
  • Zfone: a New Approach for Securing Voip Communication
    Zfone: A New Approach for Securing VoIP Communication Samuel Sotillo [email protected] ICTN 4040 Spring 2006 Abstract This paper reviews some security challenges currently faced by VoIP systems as well as their potential solutions. Particularly, it focuses on Zfone, a vendor-neutral security solution developed by PGP’s creator, Phil Zimmermann. Zfone is based on the Z Real-time Transport Protocol (ZRTP), which is an extension of the Real-time Transport Protocol (RTP). ZRTP offers a very simple and robust approach to providing protection against the most common type of VoIP threats. Basically, the protocol offers a mechanism to guarantee high entropy in a Diffie- Hellman key exchange by using a session key that is computed through the hashing several secrets, including a short authentication string that is read aloud by callers. The common shared secret is calculated and used only for one session at a time. However, the protocol allows for a part of the shared secret to be cached for future sessions. The mechanism provides for protection for man-in-the-middle, call hijack, spoofing, and other common types of attacks. Also, this paper explores the fact that VoIP security is a very complicated issue and that the technology is far from being inherently insecure as many people usually claim. Introduction Voice over IP (VoIP) is transforming the telecommunication industry. It offers multiple opportunities such as lower call fees, convergence of voice and data networks, simplification of deployment, and greater integration with multiple applications that offer enhanced multimedia functionality [1]. However, notwithstanding all these technological and economic opportunities, VoIP also brings up new challenges.
    [Show full text]
  • How to Use Encryption and Privacy Tools to Evade Corporate Espionage
    How to use Encryption and Privacy Tools to Evade Corporate Espionage An ICIT White Paper Institute for Critical Infrastructure Technology August 2015 NOTICE: The recommendations contained in this white paper are not intended as standards for federal agencies or the legislative community, nor as replacements for enterprise-wide security strategies, frameworks and technologies. This white paper is written primarily for individuals (i.e. lawyers, CEOs, investment bankers, etc.) who are high risk targets of corporate espionage attacks. The information contained within this briefing is to be used for legal purposes only. ICIT does not condone the application of these strategies for illegal activity. Before using any of these strategies the reader is advised to consult an encryption professional. ICIT shall not be liable for the outcomes of any of the applications used by the reader that are mentioned in this brief. This document is for information purposes only. It is imperative that the reader hires skilled professionals for their cybersecurity needs. The Institute is available to provide encryption and privacy training to protect your organization’s sensitive data. To learn more about this offering, contact information can be found on page 41 of this brief. Not long ago it was speculated that the leading world economic and political powers were engaged in a cyber arms race; that the world is witnessing a cyber resource buildup of Cold War proportions. The implied threat in that assessment is close, but it misses the mark by at least half. The threat is much greater than you can imagine. We have passed the escalation phase and have engaged directly into full confrontation in the cyberwar.
    [Show full text]
  • Crypto Projects That Might Not Suck
    Crypto Projects that Might not Suck Steve Weis PrivateCore ! http://bit.ly/CryptoMightNotSuck #CryptoMightNotSuck Today’s Talk ! • Goal was to learn about new projects and who is working on them. ! • Projects marked with ☢ are experimental or are relatively new. ! • Tried to cite project owners or main contributors; sorry for omissions. ! Methodology • Unscientific survey of projects from Twitter and mailing lists ! • Excluded closed source projects & crypto currencies ! • Stats: • 1300 pageviews on submission form • 110 total nominations • 89 unique nominations • 32 mentioned today The People’s Choice • Open Whisper Systems: https://whispersystems.org/ • Moxie Marlinspike (@moxie) & open source community • Acquired by Twitter 2011 ! • TextSecure: Encrypt your texts and chat messages for Android • OTP-like forward security & Axolotl key racheting by @trevp__ • https://github.com/whispersystems/textsecure/ • RedPhone: Secure calling app for Android • ZRTP for key agreement, SRTP for call encryption • https://github.com/whispersystems/redphone/ Honorable Mention • ☢ Networking and Crypto Library (NaCl): http://nacl.cr.yp.to/ • Easy to use, high speed XSalsa20, Poly1305, Curve25519, etc • No dynamic memory allocation or data-dependent branches • DJ Bernstein (@hashbreaker), Tanja Lange (@hyperelliptic), Peter Schwabe (@cryptojedi) ! • ☢ libsodium: https://github.com/jedisct1/libsodium • Portable, cross-compatible NaCL • OpenDNS & Frank Denis (@jedisct1) The Old Standbys • Gnu Privacy Guard (GPG): https://www.gnupg.org/ • OpenSSH: http://www.openssh.com/
    [Show full text]
  • Collaborative Consumption: Sharing Our Way Towards Sustainability?
    COLLABORATIVE CONSUMPTION: SHARING OUR WAY TOWARDS SUSTAINABILITY? by SAMUEL COUTURE-BRIÈRE A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF ARTS in THE FACULTY OF GRADUATE AND POSTDOCTORAL STUDIES (Political Science) THE UNIVERSITY OF BRITISH COLUMBIA (Vancouver) December 2014 © Samuel Couture-Brière, 2014 ABSTRACT Collaborative consumption (CC) refers to activities surrounding the sharing, swapping, or trading of goods and services within a collaborative consumption community. First, this MA thesis evaluates the factors contributing to the rapid increase of CC initiatives. These factors include technology, personal economics, environmental concerns, and social interaction. Second, the thesis explores the prospects and limits of CC in terms of sustainability. The most promising prospect is that CC seems to generate social capital and initiate a value shift away from ownership. However, institutional forces promoting growth limit this potential. The thesis concludes that CC itself is not enough to achieve sustainability, and therefore, more political solutions are needed. The paper ends with a critical discussion on the future of our growth-based economic model by suggesting that certain forms of CC could represent the roots of a “post- growth” economy. ii PREFACE This thesis is original, unpublished, independent work by the author, S. Couture-Brière. iii TABLE OF CONTENTS ABSTRACT ...............................................................................................................................................
    [Show full text]
  • Mitigating Quantum Computing Threats and Attacks
    Running head: MITIGATING QUANTUM COMPUTING ATTACKS Mitigating Quantum Computing Threats and Attacks Robert E. Campbell, Sr. Capital Technology University Author Note This paper includes three prior peer-reviewed published works by the author that examines and surveys technical challenges and considerations in combating imminent quantum computing threats. These works are in the appendices section. MITIGATING QUANTUM COMPUTING ATTACKS Ph.D. of Technology Exegesis for Robert E. Campbell Sr. presented on September 5th, 2020 APPROVED: Chair, Capital Technology University External Examiner Dean of Doctoral Programs, Capital Technology University I understand that my exegesis will become part of the permanent collection of Capital Technology University. My signature below authorizes the release of my exegesis to any reader upon request. Robert E. Campbell, Sr. MITIGATING QUANTUM COMPUTING ATTACKS Abstract In 2019, we saw Google claim “Quantum Supremacy,” indicating that the pace of quantum computing has been underestimated and poorly understood. We have also seen rapid distributed ledger technology adoption in enterprise networks and critical infrastructure, with little progress in the replacement of or upgrading of one of the most fundamental aspects of cybersecurity, which is cryptography. While the U.S. National Institute of Standards and Technology (NIST), and other international organizations are working towards the standardization of Post Quantum Cryptography (PQC), there are compelling and low-cost solutions and steps available today that instantly strengthens standardized cryptography systems. Specifically, quantum technologies such as Quantum Random Number Generators (QRNGs), versus Random Number Generators (RNGs), and Quantum Key Generation (QKG), are Information-Theoretic Security (ITS) and not bound by mathematics, as most widely used standardized cryptography.
    [Show full text]
  • The Sharing Economy: Disrupting the Business and Legal Landscape
    THE SHARING ECONOMY: DISRUPTING THE BUSINESS AND LEGAL LANDSCAPE Panel 402 NAPABA Annual Conference Saturday, November 5, 2016 9:15 a.m. 1. Program Description Tech companies are revolutionizing the economy by creating marketplaces that connect individuals who “share” their services with consumers who want those services. This “sharing economy” is changing the way Americans rent housing (Airbnb), commute (Lyft, Uber), and contract for personal services (Thumbtack, Taskrabbit). For every billion-dollar unicorn, there are hundreds more startups hoping to become the “next big thing,” and APAs play a prominent role in this tech boom. As sharing economy companies disrupt traditional businesses, however, they face increasing regulatory and litigation challenges. Should on-demand workers be classified as independent contractors or employees? Should older regulations (e.g., rental laws, taxi ordinances) be applied to new technologies? What consumer and privacy protections can users expect with individuals offering their own services? Join us for a lively panel discussion with in-house counsel and law firm attorneys from the tech sector. 2. Panelists Albert Giang Shareholder, Caldwell Leslie & Proctor, PC Albert Giang is a Shareholder at the litigation boutique Caldwell Leslie & Proctor. His practice focuses on technology companies and startups, from advising clients on cutting-edge regulatory issues to defending them in class actions and complex commercial disputes. He is the rare litigator with in-house counsel experience: he has served two secondments with the in-house legal department at Lyft, the groundbreaking peer-to-peer ridesharing company, where he advised on a broad range of regulatory, compliance, and litigation issues. Albert also specializes in appellate litigation, having represented clients in numerous cases in the United States Supreme Court, the United States Court of Appeals for the Ninth Circuit, and California appellate courts.
    [Show full text]
  • Online Security for Independent Media and Civil Society Activists
    Online Security for Independent Media and Civil Society Activists A white paper for SIDA’s October 2010 “Exile Media” conference Eric S Johnson (updated 13 Oct 2013) For activists who make it a priority to deliver news to citizens of countries which try to control the information to which their citizens have access, the internet has provided massive new opportunities. But those countries’ governments also realise ICTs’ potential and implement countermeasures to impede the delivery of independent news via the internet. This paper covers what exile media can or should do to protect itself, addressing three categories of issues: common computer security precautions, defense against targeted attacks, and circumventing cybercensorship, with a final note about overkill (aka FUD: fear, uncertainty, doubt). For each of the issues mentioned below, specific ex- amples from within the human rights or freedom of expression world can be provided where non-observance was cata- strophic, but most of those who suffered problems would rather not be named. [NB Snowden- gate changed little or nothing about these recommendations.] Common computer security: The best defense is a good … (aka “lock your doors”) The main threats to exile media’s successful use of ICTs—and solutions—are the same as for any other computer user: 1) Ensure all software automatically patches itself regularly against newly-discovered secu- rity flaws (e.g. to maintain up-to-date SSL certificate revocation lists). As with antivirus software, this may cost something; e.g. with Microsoft (Windows and Office), it may re- quire your software be legally purchased (or use the WSUS Offline Update tool, which helps in low-bandwidth environments).
    [Show full text]