This document discusses using open source platforms and encryption to protect privacy and security online. It notes that open source software can provide alternatives to public cloud services, giving users more control over their data. The document recommends a variety of open source tools for operating systems, email, browsers, office suites and private clouds to help users have a safer internet experience.
Omnis systems presentation for the Crypto Party in Brighton - December 2013
1. Internet security and privacy.
Using Open Source based platforms to
protect your rights.
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
2. About me
Paolo Vecchi
– CEO of
• Omnis Systems Ltd (UK)
• Omnis Systems Srl (Italy)
– Scouting and distributing Open Source and Linux based
solutions.
– Passionate about Linux and security.
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
3. What is going on?
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
4. When did it started?
It never ended.
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
5. When did it started? It never ended.
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
6. War on terror started before 2001?
Definition of terrorism (US): is the unlawful use of
force and violence against persons or property to
intimidate or coerce a government, the civilian
population, or any segment thereof, in furtherance
of political or social objectives.
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
7. Maybe there are other reasons?
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
8. Houston we have a problem
European Parliament: Report on the existence of a global system for the interception of private and commercial communications
(ECHELON interception system) (2001/2098(INI). Published cases of industrial espionage.
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
9. A more recent story
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
11. Other channels
Lawful interception standards: CALEA (US) & ETSI (EU)
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
12. Going fishing?
Undersea fibre connections
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
14. ISP & Telcos
Major exchanges
Other LEAs
ISP & Telcos & their equipment
must be CALEA/ ETSI LI compliant
Unknown organisations?
Your ISP/Telco
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
15. Do ISPs & Cloud providers have a choice?
Presentation: ETSI & Lawful Interception of IP traffic
RIPE 48 Meeting - 3 to 7 May, 2004
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
16. NSA/GCHQ not the only problem
Inconsistent privacy laws
How is your data being used?
Not in the USA?
You are an “alien” without rights
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
17. Did anybody say “Safe Harbor”?
US-EU Safe Harbor is a streamlined process for US companies to comply
with the EU Directive 95/46/EC on the protection of personal data.
Principles:
Notice - Individuals must be informed that their data is being collected and about how it will be used.
Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third
parties.
Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow
adequate data protection principles.
Security - Reasonable efforts must be made to prevent loss of collected information.
Data Integrity - Data must be relevant and reliable for the purpose it was collected for.
Access - Individuals must be able to access information held about them, and correct or delete it if it is
inaccurate.
Enforcement - There must be effective means of enforcing these rules.
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
18. Can our laws protect us? Dont bet on it!
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
19. Privacy on public Cloud services
Data protection risks of cloud computing
(extract from the EU Data Protection Working Party document WP 196 )
Lack of control as cloud clients may no longer be in exclusive control of their data
Lack of availability due to lack of interoperability (vendor lock-in)
Lack of confidentiality as data could be disclosed to (foreign) law enforcement agencies
without a valid EU legal basis and thus a breach of EU data protection law would occur.
Lack of intervenability due to the complexity and dynamics of the outsourcing chain
Lack of intervenability (data subjects’ rights)
Lack of isolation: A cloud provider may use its physical control over data from different
clients to link personal data
The Data Protection Working Party was set up under Article 29 of Directive 95/46/EC.
It is an independent European advisory body on data protection and privacy.
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
20. A look at public Cloud services
Do you really want to give them your money?
.. or on site.
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
21. Is the Cloud a good deal?
Giving away our data and paying for it
Disadvantages:
No control over the technology
No control over future services & features
Security issues
Requires additional infrastructure for secure communications
Loss of data and complex migration to other solutions
Difficult to integrate local and legacy services
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
22. Maybe Open Source can do better
Open Source can cost less than generic Cloud services
Additional benefits:
Open Source based solution and infrastructure
Low cost/low maintenance in-house solution
Reduced storage usage thanks to attachments deduplication
It can be integrated with DMS/ECM and Cloud based storage
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
23. Tin foil hat anyone?
Protecting our privacy may not be easy …
… but we have to start from somewhere
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
24. Whatever you do, think first
Simple rules to protect your privacy and freedom:
– 1 - am I sure I want to type that?
– 2 - go to 1
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
25. Is encryption the solution?
Only if combined with other good practices and tools
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
26. Time for some onions?
They are working on it but it can still be a good option.
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
27. Make them run for the money
It's too easy!
- using public cloud services you lose control on your data
- your data will be shared between services
- you won't know with whom your data has been shared until it's too late
- NSA/GCHQ & Co won't have excuses to ask for bigger budgets
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
28. Decentralisation in Privacy friendly areas
Give them millions of small servers instead of few Cloud services
Cloud providers want to work with us? Move DC to Europe then.
NSA wants data? Must follow EU Data Protection rules.
?
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
29. Use the source
They use it
They recommend it & sometime use it
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
30. Open Source & Linux
www.prism-break.com put together a nice collection of Open Source solutions
Soon available on Omnis Systems web site together with business solutions
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
31. So Geeks and Nerds will save us?
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
32. Major contributors to Open Source
1. Red Hat: 12.3%
9. Parallels 1.3%
2. IBM: 7.6%
10. Renesas Technology: 1.3%
3. Novell: 7.6%
11. Academia: 1.2%
4. Intel: 5.3%
12. Fujitsu: 1.1%
5. Independent consultant: 2.5%
13. MontaVista: 1.1%
6. Oracle: 2.4%
14. MIPS Technologies: 1.1%
7. Linux Foundation: 1.6%
15. Analog Devices: 1.0%
8. SGI 1.6%
16. HP: 1.0%
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton
33. Open Source / Open Core is good for all of us
Increases security
Keep control of your data
Ready for (UK or EU) Cloud integration
Develops local skills
Reduces costs
Increases local revenues
Reduces tax avoidance by international Corporations
Open source for a safer Internet experience – Crypto Party – December 2013 - Brighton