<div dir="ltr"><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Contact Xnet</b> <span dir="ltr"><<a href="mailto:contact@xnet-x.net">contact@xnet-x.net</a>></span><br>Date: Sun, Oct 8, 2017 at 1:18 AM<br>Subject: [xnet-news] About the manipulated information regarding the data protection of the census during the #CatalanReferendum<br>To: <a href="mailto:xnet-news@listas.xnet-x.net">xnet-news@listas.xnet-x.net</a><br><br><br>
<div text="#000000" bgcolor="#FFFFFF">
<p><font face="Helvetica, Arial, sans-serif">[sorry, english must be
improved]</font></p>
<p><font face="Helvetica, Arial, sans-serif"><font face="Helvetica,
Arial, sans-serif"><a class="m_-5326232606913069443moz-txt-link-freetext" href="https://xnet-x.net/en/en-about-manipulated-information-data-protection-census-catalanreferendum/" target="_blank">https://xnet-x.net/en/en-<wbr>about-manipulated-information-<wbr>data-protection-census-<wbr>catalanreferendum/</a></font></font></p>
<p><font face="Helvetica, Arial, sans-serif"><font face="Helvetica,
Arial, sans-serif"></font></font><br>
</p>
<p>Recently, articles have been published by <a href="https://www.xataka.com/seguridad/los-datos-de-los-votantes-en-el-referendum-catalan-en-riesgo-cualquiera-puede-hackearlos" target="_blank">Xataca</a> and <a href="https://elpais.com/tecnologia/2017/10/05/actualidad/1507196018_140173.html" target="_blank">El Pais</a> on an alleged security vulnerability
that exposes Catalan census data to anyone with a little free time
and bad intentions.<br>
A week earlier, a few days before the referendum vote, the Catalan
Government surprised by using a <a href="https://medium.com/@josepot/is-sensitive-voter-data-being-exposed-by-the-catalan-government-af9d8a909482" target="_blank">encrypted and distributed technology</a>
approach to overcome <a href="https://xnet-x.net/en/digital-repression-and-resistance-catalan-referendum/" target="_blank">digital repression</a> from the central
government, allowing citizens to consult the polling stations
where they should vote. The articles quoted question the safety of
this system and alarmed that the data of citizens is already
exposed because of this system.</p>
<p>Xnet has studied the question and in we have to say:</p>
<p>– To begin with, like any computer expert knows, one hundred
percent security does not exist, anything could be hacked with
sufficient resources. With the data we have now, we can say that
the security of the census is very good especially in comparison
with the censuses of the central government that, for example, in
electoral period is often given to the political parties.</p>
<p>– In the case of the Catalan census, the security measures
applied have been optimal regarding the value of the data at risk:
DNI (truncated, only the last 5 figures), postal code and date of
birth. Data that could be collected much more easily with
brute-force attacks or other attacks on other registers. Thus, the
strategy of the Generalitat has been a risky but a functional and
sufficiently <a href="https://blogs.elconfidencial.com/tecnologia/homepage/2017-10-06/mitos-verdades-y-manipulaciones-por-que-hackear-el-censo-catalan-no-es-tan-sencillo_1456148/" target="_blank">secure emergency solution</a>.</p>
<p> – Xnet has contacted other experts in cryptography to
investigate the matter. Here is the feedback received:<br>
<em>“The cryptographic algorithm used is secure and in line with
the ISO/IEC 18033-1:2015 and 18033-3:2010 standards. It uses a
CBC encryption block that is also used in military environments
and 256-bit AAS Hashing compatible. In this case, it is normal
not to using “SALT” because the database had to be distributed
and the decryption had to be carried out in each client. This
would have required to expose the “SALT”. The criticism of not
using SALT evidences a lack of knowledge in the matter and/or
not having taken into account all the elements of the case.<br>
Thus, according to our professional opinion, the authors have
not endangered the personal data of the Catalan census since the
encryption procedure followed is in line with the standard in
this matters. Although the brute-force attack scenario may be
plausible, the relationship between the data obtained with
respect to the investment in economic technology required is not
profitable.”</em></p>
<p>– The alleged leak of data El País speaks about in its alarmist
headline boils down to: with enough free time and knowing the last
5 digits of someone’s ID, some bad data thief could guess… his age
and his neighborhood. Something quite inefficient for that data
thief taking into account that the Public Administration and its
poor management of our private data has left for years other
better ways for massively obtaining more detailed citizen data.</p>
<p>– We want to ask Xataka, a technology medium that we follow and
respect, not to fall into the temptation to publish information
not sufficiently corroborated in the form of “doubts for debate”
as they contribute to a false debate that wants to reconstruct a
symmetry in the a conflict that is not such and in reality a
situation in which one of the only objective and over the parts
data that we have is a constant violation of the rights on the
Internet and civil liberties by the Spanish State. Doing this
without enough precautions allows a technical issue to be used
politically by propaganda and the creation of fake news. Regarding
EL País, which in fact includes it in his serial fiction on “the
network of Russian interference” that is behind everything that
happens in Catalonia, as if it were not a historical political
conflict with a broad social base; we simply ask them to stop
publishing fakenewsand hysterical news stories about what is
happening in Catalonia. We especially condemn its deliberate
intention to criminalize distribution strategies and encryption
technologies since they are opening the future doors to an
improvement of the democratic quality and its criminalization
entails a permanent state of authoritarian exception in our life
in the digital space.</p>
</div>
<br><br>
-----<br>
<br>
XNET<br>
<br>
<a href="https://xnet-x.net/en/" rel="noreferrer" target="_blank">https://xnet-x.net/en/</a><br>
<a href="https://twitter.com/X_net_" rel="noreferrer" target="_blank">https://twitter.com/X_net_</a><br>
<a href="https://www.facebook.com/RedX.Net" rel="noreferrer" target="_blank">https://www.facebook.com/RedX.<wbr>Net</a><br>
<br>
-----<br>
<br>
If you do not want to receive more email from this list please click the next link and send the email letting the subject or body untouched.<br>
<br>
UNSUBSCRIBE:<br>
<br>
mailto:<a href="mailto:sympa@listas.xnet-x.net">sympa@listas.xnet-x.net</a><wbr>?subject=<a href="mailto:SIGNOFF%2520xnet-news@listas.xnet-x.net">SIGNOFF%20xnet-news@<wbr>listas.xnet-x.net</a>&body=<a href="mailto:SIGNOFF%2520xnet-news@listas.xnet-x.net">SIGNOFF<wbr>%20xnet-news@listas.xnet-x.net</a><br>
<br>
<br>
Sorry for any inconvenience.<br>
<br>
<br></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>Check out the Commons Transition Plan here at: <a href="http://commonstransition.org" target="_blank">http://commonstransition.org</a> </div><div><br></div>P2P Foundation: <a href="http://p2pfoundation.net" target="_blank">http://p2pfoundation.net</a> - <a href="http://blog.p2pfoundation.net" target="_blank">http://blog.p2pfoundation.net</a> <br><br><a href="http://lists.ourproject.org/cgi-bin/mailman/listinfo/p2p-foundation" target="_blank"></a>Updates: <a href="http://twitter.com/mbauwens" target="_blank">http://twitter.com/mbauwens</a>; <a href="http://www.facebook.com/mbauwens" target="_blank">http://www.facebook.com/mbauwens</a><br><br>#82 on the (En)Rich list: <a href="http://enrichlist.org/the-complete-list/" target="_blank">http://enrichlist.org/the-complete-list/</a> <br></div></div></div></div>
</div>