Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet

For years, legal wiretapping was straightforward: the officer doing the intercept connected a tape recorder or the like to a single pair of wires. By the 1990s, however, the changing structure of telecommunications—there was no longer just “Ma Bell” to talk to—and new technologies such as ISDN and cellular telephony made executing a wiretap more complicated for law enforcement. Simple technologies would no longer suffice. In response, Congress passed the Communications Assistance for Law Enforcement Act (CALEA) which mandated a standardized lawful intercept interface on all local phone switches. Since its passage, technology has continued to progress, and in the face of new forms of communication—Skype, voice chat during multiplayer online games, instant messaging, etc.—law enforcement is again experiencing problems. The FBI has called this “Going Dark”: their loss of access to suspects’ communication. According to news reports, law enforcement wants changes to the wiretap laws to require a CALEA-like interface in Internet software. CALEA, though, has its own issues: it is complex software specifically intended to create a security hole—eavesdropping capability—in the already-complex environment of a phone switch. It has unfortunately made wiretapping easier for everyone, not just law enforcement. Congress failed to heed experts’ warnings of the danger posed by this mandated vulnerability, and time has proven the experts right. The so-called “Athens Affair,” where someone used the built-in lawful intercept mechanism to listen to the cell phone calls of high Greek officials, including the Prime Minister, is but one example. In an earlier work, we showed why extending CALEA to the Internet would create very serious problems, including the security problems it has visited on the phone system. In this paper, we explore the viability and implications of an alternative method for addressing law enforcements need to access communications: legalized hacking of target devices through existing vulnerabilities in end-user software and platforms. The FBI already uses this approach on a small scale; we expect that its use will increase, especially as centralized wiretapping capabilities become less viable. Relying on vulnerabilities and hacking poses a large set of legal and policy questions, some practical and some normative. Among these are: (1) Will it create disincentives to patching? (2) Will there be a negative effect on innovation? (Lessons from the so-called “Crypto Wars” of the 1990s, and in particular the debate over export controls on cryptography, are instructive here.) (3) Will law enforcement’s participation in vulnerabilities purchasing skew the market? (4) Do local and even state law enforcement agencies have the technical sophistication to develop and use exploits? If not, how should this be handled? A larger FBI role? (5) Should law enforcement even be participating in a market where many of the sellers and other buyers are themselves criminals? (6) What happens if these tools are captured and repurposed by miscreants? (7) Should we sanction otherwise illegal network activity to aid law enforcement? (8) Is the probability of success from such an approach too low for it to be useful? As we will show, these issues are indeed challenging. We regard the issues raised by using vulnerabilities as, on balance, preferable to adding more complexity and insecurity to online systems

Risking Communications Security: Potential Hazards of the Protect America Act

A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders. This creates serious security risks: danger of exploitation of the system by unauthorized users, danger of criminal misuse by trusted insiders, and danger of misuse by government agents

Regional brain hypometabolism is unrelated to regional amyloid plaque burden

In its original form, the amyloid cascade hypothesis of Alzheimer's disease holds that fibrillar deposits of amyloid are an early, driving force in pathological events leading ultimately to neuronal death. Early clinicopathological investigations highlighted a number of inconsistencies leading to an updated hypothesis in which amyloid plaques give way to amyloid oligomers as the driving force in pathogenesis. Rather than focusing on the inconsistencies, amyloid imaging studies have tended to highlight the overlap between regions that show early amyloid plaque signal on positron emission tomography and that also happen to be affected early in Alzheimer's disease. Recent imaging studies investigating the regional dependency between metabolism and amyloid plaque deposition have arrived at conflicting results, with some showing regional associations and other not. We extracted multimodal neuroimaging data from the Alzheimer's disease neuroimaging database for 227 healthy controls and 434 subjects with mild cognitive impairment. We analysed regional patterns of amyloid deposition, regional glucose metabolism and regional atrophy using florbetapir ((18)F) positron emission tomography, (18)F-fluordeoxyglucose positron emission tomography and T1-weighted magnetic resonance imaging, respectively. Specifically, we derived grey matter density and standardized uptake value ratios for both positron emission tomography tracers in 404 functionally defined regions of interest. We examined the relation between regional glucose metabolism and amyloid plaques using linear models. For each region of interest, correcting for regional grey matter density, age, education and disease status, we tested the association of regional glucose metabolism with (i) cortex-wide florbetapir uptake; (ii) regional (i.e. in the same region of interest) florbetapir uptake; and (iii) regional florbetapir uptake while correcting in addition for cortex-wide florbetapir uptake. P-values for each setting were Bonferroni corrected for 404 tests. Regions showing significant hypometabolism with increasing cortex-wide amyloid burden were classic Alzheimer's disease-related regions: the medial and lateral parietal cortices. The associations between regional amyloid burden and regional metabolism were more heterogeneous: there were significant hypometabolic effects in posterior cingulate, precuneus, and parietal regions but also significant positive associations in bilateral hippocampus and entorhinal cortex. However, after correcting for global amyloid burden, few of the negative associations remained and the number of positive associations increased. Given the wide-spread distribution of amyloid plaques, if the canonical cascade hypothesis were true, we would expect wide-spread, cortical hypometabolism. Instead, cortical hypometabolism appears to be linked to global amyloid burden. Thus we conclude that regional fibrillar amyloid deposition has little to no association with regional hypometabolism

Who Underreports Smoking on Birth Records: A Monte Carlo Predictive Model with Validation

Research has shown that self-reports of smoking during pregnancy may underestimate true prevalence. However, little is known about which populations have higher rates of underreporting. Availability of more accurate measures of smoking during pregnancy could greatly enhance the usefulness of existing studies on the effects of maternal smoking offspring, especially in those populations where underreporting may lead to underestimation of the impact of smoking during pregnancy.In this paper, we develop a statistical Monte Carlo model to estimate patterns of underreporting of smoking during pregnancy, and apply it to analyze the smoking self-report data from birth certificates in the state of Massachusetts. Our results illustrate non-uniform patterns of underreporting of smoking during pregnancy among different populations. Estimates of likely underreporting of smoking during pregnancy were highest among mothers who were college-educated, married, aged 30 years or older, employed full-time, and planning to breastfeed. The model's findings are validated and compared to an existing underreporting adjustment approach in the Maternal and Infant Smoking Study of East Boston (MISSEB).The validation results show that when biological assays are not available, the Monte Carlo method proposed can provide a more accurate estimate of the smoking status during pregnancy than self-reports alone. Such methods hold promise for providing a better assessment of the impact of smoking during pregnancy

Numerical Portrait of a Relativistic Thin Film BCS Superfluid

We present results of numerical simulations of the 2+1d Nambu - Jona-Lasinio model with a non-zero baryon chemical potential mu including the effects of a diquark source term. Diquark condensates, susceptibilities and masses are measured as functions of source strength j. The results suggest that diquark condensation does not take place in the high density phase mu>mu_c, but rather that the condensate scales non-analytically with j implying a line of critical points and long range phase coherence. Analogies are drawn with the low temperature phase of the 2d XY model. The spectrum of the spin-1/2 sector is also studied yielding the quasiparticle dispersion relation. There is no evidence for a non-zero gap; rather the results are characteristic of a normal Fermi liquid with Fermi velocity less than that of light. We conclude that the high density phase of the model describes a relativistic gapless thin film BCS superfluid.Comment: 37 pages, 16 figure

Bugs in our Pockets: The Risks of Client-Side Scanning

Our increasing reliance on digital technology for personal, economic, and government affairs has made it essential to secure the communications and devices of private citizens, businesses, and governments. This has led to pervasive use of cryptography across society. Despite its evident advantages, law enforcement and national security agencies have argued that the spread of cryptography has hindered access to evidence and intelligence. Some in industry and government now advocate a new technology to access targeted data: client-side scanning (CSS). Instead of weakening encryption or providing law enforcement with backdoor keys to decrypt communications, CSS would enable on-device analysis of data in the clear. If targeted information were detected, its existence and, potentially, its source, would be revealed to the agencies; otherwise, little or no information would leave the client device. Its proponents claim that CSS is a solution to the encryption versus public safety debate: it offers privacy -- in the sense of unimpeded end-to-end encryption -- and the ability to successfully investigate serious crime. In this report, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance. Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which client-side scanning can fail, can be evaded, and can be abused.Comment: 46 pages, 3 figure

Effects of traumatic brain injury and posttraumatic stress disorder on development of Alzheimer's disease in Vietnam Veterans using the Alzheimer's Disease Neuroimaging Initiative: Preliminary report

Introduction Traumatic brain injury (TBI) and posttraumatic stress disorder (PTSD) have previously been reported to be associated with increased risk of Alzheimer's disease (AD). We are using biomarkers to study Vietnam Veterans with/without mild cognitive impairment with a history of at least one TBI and/or ongoing PTSD to determine whether these contribute to the development of AD. Methods Potential subjects identified by Veterans Administration records underwent an initial telephone screen. Consented subjects underwent clinical evaluation, lumbar puncture, structural magnetic resonance imaging, and amyloid positron emission tomography (PET) scans. Results We observed worse cognitive functioning in PTSD and TBI + PTSD groups, worse global cognitive functioning in the PTSD group, lower superior parietal volume in the TBI + PTSD group, and lower amyloid positivity in the PTSD group, but not the TBI group compared to controls without TBI/PTSD. Medial temporal lobe atrophy was not increased in the PTSD and/or TBI groups. Discussion Preliminary results do not indicate that TBI or PTSD increase the risk for AD measured by amyloid PET. Additional recruitment, longitudinal follow-up, and tau-PET scans will provide more information in the future

Mutations in the UBIAD1 Gene, Encoding a Potential Prenyltransferase, Are Causal for Schnyder Crystalline Corneal Dystrophy

Schnyder crystalline corneal dystrophy (SCCD, MIM 121800) is a rare autosomal dominant disease characterized by progressive opacification of the cornea resulting from the local accumulation of lipids, and associated in some cases with systemic dyslipidemia. Although previous studies of the genetics of SCCD have localized the defective gene to a 1.58 Mbp interval on chromosome 1p, exhaustive sequencing of positional candidate genes has thus far failed to reveal causal mutations. We have ascertained a large multigenerational family in Nova Scotia affected with SCCD in which we have confirmed linkage to the same general area of chromosome 1. Intensive fine mapping in our family revealed a 1.3 Mbp candidate interval overlapping that previously reported. Sequencing of genes in our interval led to the identification of five putative causal mutations in gene UBIAD1, in our family as well as in four other small families of various geographic origins. UBIAD1 encodes a potential prenyltransferase, and is reported to interact physically with apolipoprotein E. UBIAD1 may play a direct role in intracellular cholesterol biochemistry, or may prenylate other proteins regulating cholesterol transport and storage

Head injury is associated with tau deposition on PET in MCI and AD patients

Introduction: Head injuries (HI) are a risk factor for dementia, but the underlying etiology is not fully known. Understanding whether tau might mediate this relationship is important. Methods: Cognition and tau deposition were compared between 752 individuals with (impaired, n = 302) or without cognitive impairment (CN, n = 450) with amyloid and [18F]flortaucipir positron emission tomography, HI history information, and cognitive testing from the Alzheimer's Disease Neuroimaging Initiative and the Indiana Memory and Aging Study. Results: Sixty-three (38 CN, 25 impaired) reported a history of HI. Higher neuropsychiatric scores and poorer memory were observed in those with a history of HI. Tau was higher in individuals with a history of HI, especially those who experienced a loss of consciousness (LOC). Results were driven by impaired individuals, especially amyloid beta-positive individuals with history of HI with LOC. Discussion: These findings suggest biological changes, such as greater tau, are associated with HI in individuals with cognitive impairment. Small effect sizes were observed; thus, further studies should replicate and extend these results