Monthly archives of “January 2016

comment 0

Netflix is setting back Piracy and Security


Malaysian rejoiced last month when Netflix announced that they would be coming to our shores. We were all salivating over the massive amount of content we would finally have access too…except that it wasn’t so massive.

Malaysia would enjoy less than 20% of what was available to Netflix users in the US or even in the UK, and that looked like an especially lousy deal since we were paying the same amount for our subscriptions.

I wasn’t that interested in the news, after all, I had already subscribed to Netflix for more than 2 years, and used a VPN to enjoy US and even UK content. I loved Netflix because it had a lot of interesting content, but what really sealed the deal for me was Pocoyo and Dora the explorer…I’m a father of a 2-year-old, and having a video on demand service that lets me address my toddlers demand was a life-saver.

Netflix was far more effective than youtube for videos for my kid, first of all, the content was pure, and I could be sure that nobody was messing with it or adding commentary, but more importantly, it had no adverts, and when you have a 2-year-old the last thing you want them to watch is adverts.

comment 0

Medium blocked: Collateral Censorship vs. Collateral Freedom

Website Blocked

So the buzz around twitter is that has been blocked by the Malaysian Authorities, and guess what? It’s true.

It was expected, after all Medium is where the ‘infamous’ Clare Rewcastle Brown uploads her articles to circumvent censorship of her own site, the equally diabolical

Medium is like twitter without the character limits, and it’s quite a cool site to just browse around and look for interesting articles to read, The platform claims to be “community of readers and writers offering unique perspectives on ideas large and small”.

A lot of successful writers and bloggers have taken to Medium to host their content, including Stephen Levy, the author of In the Plex, one of my favorite books on Google. He’s using it (and only it) to start a Tech Hub  for his content, and placing it alongside millions of other articles contributed by both professional and amateur writers.

So it made sense for SarawakReport to take their content to Medium. After all, most of their readership is Malaysian, and since Malaysian ISPs ‘censored’ their content, using a neutral ‘un-censored’ platform like Medium was a perfect solution—well almost perfect!

It’s a phenomenon called ‘collateral freedom’, and for a while SarawakReport readers, and Malaysian internet users enjoyed that collateral freedom, Medium was free and un-censored, which made Sarawark also free and un-censored as long as it was on the platform.

comment 0

Questions we need to ask about spyware

If you believe (as I do), that the government bought spyware, then here are some pertinent questions

Question 1: Do these government agencies actually have investigative powers?

While the police might have the legal authority to investigate someone, does the PMO, MACC or anyone else share that authority. If a government agency has no right to investigate someone, then why is it buying spyware?

The conversation should end here, as I don’t believe the PMO has any authority to use spyware, but the next question actually goes even further and ask if anyone has the legal authority to use it.

Question 2: Is spyware legal?

Installing spyware on a laptop or smartphone is far more intrusive than a regular home search, it’s like having an invisible officer stationed in your house listening in on everything you say and do. It doesn’t just invade the privacy of the victim, but even those that victim communicates with, shares their laptop with or even those that just happen to be nearby.

The MACC act, that governs the powers of the commission, specifically state that a the Public Prosecutor or Commissioner of the MACC can authorize the interception of communications if they ‘consider’ that the specific communication might help in an ongoing investigation. However, spyware from hacking team isn’t really ‘intercepting’ communications, because what is being communicated through the Internet is usually encrypted, Hacking team circumvents this by capturing the data before it is encrypted and then sends that captured data in a separate communication back to its control servers. Strictly speaking, this isn’t interception, its shoulder surfing on steroids.

Hacking Team InterceptionMore worrying, is that the spyware might take screen shots of diary entries and notes that the victim never intended to communicate with anyone, or draft e-mail entries that they later delete are also captured by this spyware.  Obviously this falls into a different category than simple ‘interception’, but I’m not done yet.


comment 0

PMO purchases of Hacking Team software

E-mail from Miliserv to Hacking team stipulating the end-customer as the Prime Ministers Department
E-mail from Miliserv to Hacking team stipulating the end-customer as the Prime Ministers Department

The Prime Ministers Department has denied (twice!) that it has ever procured surveillance software from Hacking Team. Even though hundreds of e-mails in the leaked Hacking Team archive point to it. The latest rebuttal, Datuk Azalina distanced her Ministry from other government agencies, encouraging reporters to seek official statement directly from other agencies accused of procuring the spyware.

In the mean-time though, we’ve now learnt that the MACC has made a ‘semi’ admission that they procured the spyware, and to clear any doubts there’s more proof at the end of this post. But in-spite of this, Datuk Seri Azalina has remained silent.

To be clear, I’m not accusing anyone of anything. I’m merely reproducing what is already in the public domain, in the hopes of us taking this conversation further to address more pertinent points. We are frustratingly stuck on this issue of purchase (or lack thereof) because the Prime Ministers Department denies it bought spyware. I find it quite appalling that the Ministry would issue a simple denial without further clarification when I had furnished many documents, in other words they’ve provided an unsubstantiated denial to my substantiated claim.

So…here’s an e-mail (linked here), showing Miliserv requesting Hacking Team to register the Prime Ministers Department as the End User of the system in the Licensing agreement, and here’s another (below), showing Miliserv preparing to welcome 6 PMO staff to their headquarters in Milan for ‘advanced training’. I have removed the names of the PMO staff (red blocks) as I believe that employees shouldn’t be punished for mistakes their employers commit (but you can search for it online, it comes with passport numbers as well). Why send 6 staff to Milan for training if you didn’t buy the spyware?