[P2P-F] Fwd: [xnet-news] About the manipulated information regarding the data protection of the census during the #CatalanReferendum

Sun Oct 8 09:28:05 CEST 2017

---------- Forwarded message ----------
From: Contact Xnet <contact at xnet-x.net>
Date: Sun, Oct 8, 2017 at 1:18 AM
Subject: [xnet-news] About the manipulated information regarding the data
protection of the census during the #CatalanReferendum
To: xnet-news at listas.xnet-x.net

[sorry, english must be improved]

https://xnet-x.net/en/en-about-manipulated-information-
data-protection-census-catalanreferendum/

Recently, articles have been published by Xataca
<https://www.xataka.com/seguridad/los-datos-de-los-votantes-en-el-referendum-catalan-en-riesgo-cualquiera-puede-hackearlos>
and El Pais
<https://elpais.com/tecnologia/2017/10/05/actualidad/1507196018_140173.html>
on an alleged security vulnerability that exposes Catalan census data to
anyone with a little free time and bad intentions.
A week earlier, a few days before the referendum vote, the Catalan
Government surprised by using a encrypted and distributed technology
<https://medium.com/@josepot/is-sensitive-voter-data-being-exposed-by-the-catalan-government-af9d8a909482>
approach to overcome digital repression
<https://xnet-x.net/en/digital-repression-and-resistance-catalan-referendum/>
from the central government, allowing citizens to consult the polling
stations where they should vote. The articles quoted question the safety of
this system and alarmed that the data of citizens is already exposed
because of this system.

Xnet has studied the question and in we have to say:

– To begin with, like any computer expert knows, one hundred percent
security does not exist, anything could be hacked with sufficient
resources. With the data we have now, we can say that the security of the
census is very good especially in comparison with the censuses of the
central government that, for example, in electoral period is often given to
the political parties.

– In the case of the Catalan census, the security measures applied have
been optimal regarding the value of the data at risk: DNI (truncated, only
the last 5 figures), postal code and date of birth. Data that could be
collected much more easily with brute-force attacks or other attacks on
other registers. Thus, the strategy of the Generalitat has been a risky but
a functional and sufficiently secure emergency solution
<https://blogs.elconfidencial.com/tecnologia/homepage/2017-10-06/mitos-verdades-y-manipulaciones-por-que-hackear-el-censo-catalan-no-es-tan-sencillo_1456148/>
.

– Xnet has contacted other experts in cryptography to investigate the
matter. Here is the feedback received:

*“The cryptographic algorithm used is secure and in line with the ISO/IEC
18033-1:2015 and 18033-3:2010 standards. It uses a CBC encryption block
that is also used in military environments and 256-bit AAS Hashing
compatible. In this case, it is normal not to using “SALT” because the
database had to be distributed and the decryption had to be carried out in
each client. This would have required to expose the “SALT”. The criticism
of not using SALT evidences a lack of knowledge in the matter and/or not
having taken into account all the elements of the case. Thus, according to
our professional opinion, the authors have not endangered the personal data
of the Catalan census since the encryption procedure followed is in line
with the standard in this matters. Although the brute-force attack scenario
may be plausible, the relationship between the data obtained with respect
to the investment in economic technology required is not profitable.”*

– The alleged leak of data El País speaks about in its alarmist headline
boils down to: with enough free time and knowing the last 5 digits of
someone’s ID, some bad data thief could guess… his age and his
neighborhood. Something quite inefficient for that data thief taking into
account that the Public Administration and its poor management of our
private data has left for years other better ways for massively obtaining
more detailed citizen data.

– We want to ask Xataka, a technology medium that we follow and respect,
not to fall into the temptation to publish information not sufficiently
corroborated in the form of “doubts for debate” as they contribute to a
false debate that wants to reconstruct a symmetry in the a conflict that is
not such and in reality a situation in which one of the only objective and
over the parts data that we have is a constant violation of the rights on
the Internet and civil liberties by the Spanish State. Doing this without
enough precautions allows a technical issue to be used politically by
propaganda and the creation of fake news. Regarding EL País, which in fact
includes it in his serial fiction on “the network of Russian interference”
that is behind everything that happens in Catalonia, as if it were not a
historical political conflict with a broad social base; we simply ask them
to stop publishing fakenewsand hysterical news stories about what is
happening in Catalonia. We especially condemn its deliberate intention to
criminalize distribution strategies and encryption technologies since they
are opening the future doors to an improvement of the democratic quality
and its criminalization entails a permanent state of authoritarian
exception in our life in the digital space.

-----

XNET

https://xnet-x.net/en/
https://twitter.com/X_net_
https://www.facebook.com/RedX.Net

-----

If you do not want to receive more email from this list please click the
next link and send the email letting the subject or body untouched.

UNSUBSCRIBE:

mailto:sympa at listas.xnet-x.net?subject=SIGNOFF%20xnet-news at listas.xnet-x.net
&body=SIGNOFF%20xnet-news at listas.xnet-x.net

Sorry for any inconvenience.

-- 
Check out the Commons Transition Plan here at: http://commonstransition.org

P2P Foundation: http://p2pfoundation.net  - http://blog.p2pfoundation.net

<http://lists.ourproject.org/cgi-bin/mailman/listinfo/p2p-foundation>Updates:
http://twitter.com/mbauwens; http://www.facebook.com/mbauwens

#82 on the (En)Rich list: http://enrichlist.org/the-complete-list/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ourproject.org/pipermail/p2p-foundation/attachments/20171008/801b4046/attachment-0001.html>
-------------- next part --------------

-----

XNET

https://xnet-x.net/en/
https://twitter.com/X_net_
https://www.facebook.com/RedX.Net

-----

If you do not want to receive more email from this list please click the next link and send the email letting the subject or body untouched.

UNSUBSCRIBE:

mailto:sympa at listas.xnet-x.net?subject=SIGNOFF%20xnet-news at listas.xnet-x.net&body=SIGNOFF%20xnet-news at listas.xnet-x.net

Sorry for any inconvenience. 