"All current and former Army National Guard members since 2004 could be affected by this breach because files containing personal information was inadvertently transferred to a non-DoD-accredited data center by a contract employee [...]"
That's not cynical at all, and the reason why Amazon is currently working on building DoD approved data centers (Not sure if it was in mainstream news... I saw it when I was browsing job listings)
I'm reminded of the breach reported by Britain's National Health Service in 2014 (http://www.theguardian.com/society/2014/mar/03/nhs-england-p...), where data was uploaded to make use of Google's big-data sifting technologies in violation of NHS policy about secured storage of British citizenry PII.
The irony that the data had been uploaded to a physically secured, encrypted datacenter network from 27 DVDs in the possession of someone who could do whatever they wanted to with the contents of those DVDs without audit was not lost on me.
I don't reference this to imply it was good and proper use of the data; merely to note the difference between policy security and actual security.
Great response from jedberg about the business costs of security and the fact that a company can take it seriously and still have a breach: https://news.ycombinator.com/item?id=9834461
I'd call this an exception. An organization that is willing to take one on the chin, so to speak, by declaring a breach of their policies even in the absence of evidence of abuse of the policy violation is actively demonstrating their commitment to security before they've been hacked.
That advice is good for logicians, not consultants. Clearly it is better from a consultancy point of view to assume all data has been breached and everything that could break is broken and needs fixing.
As spacehome points out, that advice is a logical contradiction (and therefore not particularly suitable for logicians). Absence of evidence is not proof of absence.
So the probability that A exists is a weighted average of the probability that A exists when there is and is not evidence.(Since P(E)+P(~E)=1) There is a kind of 'conservation of probability'.
If the idea that 'E is evidence of A' is to mean anything at all, then it means that P(A|E) > P(A). Hence P(A|~E) must be less than P(A). Another way to say it is that P(~A|~E) > P(~A). And absence of evidence is absence of evidence.
You're speaking of negative evidence; as in, evidence that negates a particular truth claim.
Negative evidence is not the same thing as the utter and complete non-existence of any evidence whatsoever—the absence of evidence. That's because negative evidence absolutely is evidence.
The saying goes, 'the absence of evidence is not evidence of absence' not 'the evidence of absence is not evidence of absence'. See the difference?
I wasn't. ~E is a shorthand way to write that E is not found, not that the opposite of E is found. In the language of probability/set theory, ~E is E's complement - every event in the space of probabilities except for what's in E. It's the unique set such that ~E intersect E = empty set, and ~E union E is the whole space.
The point of the proof I gave is that there is no distinction between 'negative evidence' and 'absence of evidence'.
As I mentioned earlier, there is a kind of conservation of probability. The only way for a piece of evidence to give evidence for A is that the lack of that evidence reduces the probability of A. The probability mass has to come from somewhere.
"I wasn't. ~E is a shorthand way to write that E is not found"
You where. What you are describing is, 'we constructed a hypothetical experiment and arrived at a null result'; that is, in fact, evidence.
No one is saying, 'a null result is not evidence of absence'.
Please stop conflating the presence of something with the absence of something.
Yes, the statement is a tautological statement. We are repeating the same assertion twice using different phrasing. And as such, the proposition as stated is logically irrefutable.
'No evidence is no evidence', is a correct—but diminished—restatement.
I watched the video you linked. It's a straw man and misrepresents the way the maxim is commonly used.
Let's go back to my original example and say we want to know if A is true. We have the choice to run an experiment whose positive result E would give support to A. The linked video would say that before we run any experiment, we have no additional evidence for A. Essentially that P(A) = P(A). This is true.
The way this should be used in the real world is: I look even the slightest bit for A and don't find it. As long as my search for A had the smallest positive chance of finding it were it to exist, then my lack of ability to find A gave me information about the world, and we get that P(~A | ~E) > P(~A).
Edit: To be precise the maxim should be something like: "Absence of evidence after looking for evidence is evidence of absence".
The very act of "looking for evidence" moves it out of the category of the absence of evidence.
Again, what is being said is, 'no evidence is no evidence'. If you have the absence of evidence then you have no evidence of absence.
We are--kind of--using the word absence in two senses. First as a synonym for none, a number less than one, zero; the second as a synonym for non-presence, non-existence, the lack of an extant sample.
Having zero [absent] evidence is not evidence that there is no extant sample [absence]. I hope that helps.
I think in a world where physical things influence a system so pervasively so as to be irrevocable, leaving their causal footprint everywhere, absence of evidence predicts absence of evidence. It's not proof, but evidence, which is something else. A better word might be information. I argue that absence of evidence is information that should influence your bet on the course of future information.
Say I'm looking for alien civilization. I write a magical program to search one planet at a time, and stop when it finds an alien civilization. I argue that with every planet that fails the test, we should consider that as information toward the case that this program will never stop. I think these claims are testable if crafted into narrower versions.
A reframed version of the maxim would be: Absence of evidence is not information for evidence of absence. Another reiteration could be "absence of evidence does not provide predictive utility toward any claims on the evidence of absence". I claim the opposite.
I think the author of your link would say that in my rephrasing of things, the whole class of my examples are negative evidence, because he counts any information as negative or positive evidence, and in consistency he demands perfect ignorance. No peeking in the cat box. Unfortunately, me scanning for planets counts as peeking, or getting information, into portions of a very large cat box.
This isn't what most people think of when they hear data breach. There was a breach of DoD security standards when data was transferred to an inappropriate environment but no evidence that the data has been leaked beyond that transfer.
I think it's laudable that the Army National Guard would do a breach notification when there's only the possibility of malicious data loss.
Awesome! You wouldn't remember me (I don't even remember what name I used), but I was in the clan for a while. You taught me how to juggle people after flipping them. Hope you're doing well.
I immediately assume China and/or Russia are working on a World War III plan. Dossiers are being built to help carry out the targeted and synchronized assassination of tens of thousands of key U.S. military personnel by sleeper cell agents during a coordinated world-wide attack.
I would assume the U.S. has a similar operational plan. In times of peace, it is a functioning military's job to plan for war.
One key difference is that the U.S. is already testing the technology and process necessary to carry out such an operation---reference the drone strike.
> files containing personal information was inadvertently transferred to a non-DoD-accredited data center
Which could be anything. For example, an AWS server somewhere. Or, how about a VPS hosted by GoDaddy? A lame attempt at humor. Yet, what do we really know?
> by a contract employee,
Which could be anybody, right?
> we do not believe the data will be used unlawfully
We don't guarantee...we do not "believe".
More detail would have been useful. If my data was with the Guard I would not know what any of the above meant other than my data was made available to a contractor who uploaded it to a random server somewhere and, at the moment, it could be floating in space for anyone to grab.
1) This was an external press release. It's possible communication to the actual Guard had more detail. Or not; it's the military, and they'll tell you what you "need to know."
2) While they don't guarantee the data wasn't leaked, I read that as more in the sense that "The non-DoD-accredited datacenter is outside of our auditing trail" than in the sense that it's actually likely the data was leaked. If you take my state's drivers' license database and uploaded it to AWS, the state can't "guarantee" the data wasn't used unlawfully either, but you can be certain that Amazon has a lot to lose if some failure of their infrastructure gives China access to a list of passport-authorizing documents.
When I read that "an employee transferred data to a non DoD-accreditated data centre", I imagine the employee transferring a dataset to Amazon Web Services or something similar (usually because the tooling in their current environment is horrible).
Edit: I just had a look and found AWS is actually DoD-certified http://aws.amazon.com/compliance/dod/. I wonder what the data centre in question could be.
Only some parts of AWS are DoD certified, and even then only some services in the GovCloud region (which isn't widely available) are fully certified. It's entirely possible some contractor made use of a service which isn't certified still.
I'm sorry but there is likely to be more to come. "All current and former since 2004" .. No one transfers all the files by accident unless the systems and controls and sheer "WTF am I doing this for" attitude is simply missing.
This Inwill guess is the least awful of a series of breaches to be released, as everyone falls over themselves to check their seals.
It's likely similar to the British NHS policy failure in 2014.
The shear between the tools publicly available on private data networks for analyzing and slicing bulk data and the tools available on cloud networks is wide and growing. As it continues to widen, you can anticipate that more and more tech-savvy mid-level staff in government positions will look at the status quo and say "I could follow policy to the letter, or I could use the cheap-and-easy tools I'm familiar with to get some Goddamn work done and trust that data living in AWS is at least as secure as where it currently lives, in that tool-shed-looking building on the back of the base with the door that doensn't quite latch correctly."
This seems non-adversarial, more like a violation of DoD's own internal policies. I wonder why they don't say whether they were able to perform any remediation?
As a former ARNG member and a current Army Reserve member, this doesn't surprise me at all. The U.S. military's regard for personal information has been dreadful. Service in the military entails endless filling out of paper and electronic forms and almost every one of them has the servicemember's SSN on them. These forms get filed in filing cabinets, e-mailed around and--quite often--left on desks. The situation is made worse because our pay grades are typically part of the form, too, so a potential identity thief knows the approximate salary of the victim because our salaries are standardized and readily available.
Things are getting better and the DoD has switched to a non-SSN identification number but the SSN is still frequently used.
When that policy was enacted we were still living in the world where the SSN was not the primary means of personal identification. Social security cards used to explicitly say they were not to be used for personal identification, recently enough that mine does.
The DOD originally switched to the SSN from the previous service numbers, as in "name rank and serial number". It was a convenience measure, since the service number system was arcane.
Service numbers were also public record, and I've read documents indicating that social security numbers were not considered sensitive information (notwithstanding the fact that the DOD didn't have the concept of PII formalized back then).
Should the DOD have moved back to another serial number system sooner? Possibly. I'm amazed that they're moving at all.
The point I take away from this is, how long is SSN going to be a super secret 11-digit pin for your life? Banking online, job forms, etc all use SSN and it gets thrown around everywhere. Are there any indicators that we're working on something a bit more modern for identification?
This new version of 0Auth is based on a military grade security model.
You authenticate everywhere using a long number (PIN) (so long you have to write it down and store it). All the services you authenticate with will store this PIN unhashed.
You should keep your PIN safe, because it can be used to apply for bank accounts, loans, and commit tax fraud if it is stolen.
If you ever forget your PIN don't worry. We will print it on various letters and mail them to you. If you need it urgently, you will find it next to your name in various post-hack data dumps around the internet.
71 comments
[ 3.3 ms ] story [ 126 ms ] threadThe irony that the data had been uploaded to a physically secured, encrypted datacenter network from 27 DVDs in the possession of someone who could do whatever they wanted to with the contents of those DVDs without audit was not lost on me.
I don't reference this to imply it was good and proper use of the data; merely to note the difference between policy security and actual security.
I feel like this phrase has become the mating call of organizations who aren't serious about security until they get hacked.
http://youtu.be/MFBjCM0mZHg
Say we'd like to know if A exists. There's some evidence for A's existence, which we'll E. The absence of this evidence is ~E.
By Bayes' theorem:
P(A) = P(A intersect E) + P(A intersect ~E) = P(A|E)* P(E) + P(A|~E)*P(~E)
So the probability that A exists is a weighted average of the probability that A exists when there is and is not evidence.(Since P(E)+P(~E)=1) There is a kind of 'conservation of probability'.
If the idea that 'E is evidence of A' is to mean anything at all, then it means that P(A|E) > P(A). Hence P(A|~E) must be less than P(A). Another way to say it is that P(~A|~E) > P(~A). And absence of evidence is absence of evidence.
Negative evidence is not the same thing as the utter and complete non-existence of any evidence whatsoever—the absence of evidence. That's because negative evidence absolutely is evidence.
The saying goes, 'the absence of evidence is not evidence of absence' not 'the evidence of absence is not evidence of absence'. See the difference?
Watch the linked video when you have a moment.
I wasn't. ~E is a shorthand way to write that E is not found, not that the opposite of E is found. In the language of probability/set theory, ~E is E's complement - every event in the space of probabilities except for what's in E. It's the unique set such that ~E intersect E = empty set, and ~E union E is the whole space.
The point of the proof I gave is that there is no distinction between 'negative evidence' and 'absence of evidence'.
As I mentioned earlier, there is a kind of conservation of probability. The only way for a piece of evidence to give evidence for A is that the lack of that evidence reduces the probability of A. The probability mass has to come from somewhere.
You where. What you are describing is, 'we constructed a hypothetical experiment and arrived at a null result'; that is, in fact, evidence.
No one is saying, 'a null result is not evidence of absence'.
Please stop conflating the presence of something with the absence of something.
Yes, the statement is a tautological statement. We are repeating the same assertion twice using different phrasing. And as such, the proposition as stated is logically irrefutable.
'No evidence is no evidence', is a correct—but diminished—restatement.
Have you watched the video?
Let's go back to my original example and say we want to know if A is true. We have the choice to run an experiment whose positive result E would give support to A. The linked video would say that before we run any experiment, we have no additional evidence for A. Essentially that P(A) = P(A). This is true.
The way this should be used in the real world is: I look even the slightest bit for A and don't find it. As long as my search for A had the smallest positive chance of finding it were it to exist, then my lack of ability to find A gave me information about the world, and we get that P(~A | ~E) > P(~A).
Edit: To be precise the maxim should be something like: "Absence of evidence after looking for evidence is evidence of absence".
Again, what is being said is, 'no evidence is no evidence'. If you have the absence of evidence then you have no evidence of absence.
We are--kind of--using the word absence in two senses. First as a synonym for none, a number less than one, zero; the second as a synonym for non-presence, non-existence, the lack of an extant sample.
Having zero [absent] evidence is not evidence that there is no extant sample [absence]. I hope that helps.
Say I'm looking for alien civilization. I write a magical program to search one planet at a time, and stop when it finds an alien civilization. I argue that with every planet that fails the test, we should consider that as information toward the case that this program will never stop. I think these claims are testable if crafted into narrower versions.
A reframed version of the maxim would be: Absence of evidence is not information for evidence of absence. Another reiteration could be "absence of evidence does not provide predictive utility toward any claims on the evidence of absence". I claim the opposite.
I think the author of your link would say that in my rephrasing of things, the whole class of my examples are negative evidence, because he counts any information as negative or positive evidence, and in consistency he demands perfect ignorance. No peeking in the cat box. Unfortunately, me scanning for planets counts as peeking, or getting information, into portions of a very large cat box.
And so the tautological saying, 'the absence of evidence is not evidence of absence' still stands unassailed.
Just input corporation, firm or department name.
Select multiselect dropdown "what you take very seriously".
Select number of "employees|customers|people" (pick one) that will get free credit monitoring.
Select for how long.
Press [Submit]
Input payment information.
Press release automatically issued.
(we( at )?|CORP_NAME) take your (data|privacy|security|information) very seriously
"OMG we're in!"
I think it's laudable that the Army National Guard would do a breach notification when there's only the possibility of malicious data loss.
One key difference is that the U.S. is already testing the technology and process necessary to carry out such an operation---reference the drone strike.
Which could be anything. For example, an AWS server somewhere. Or, how about a VPS hosted by GoDaddy? A lame attempt at humor. Yet, what do we really know?
> by a contract employee,
Which could be anybody, right?
> we do not believe the data will be used unlawfully
We don't guarantee...we do not "believe".
More detail would have been useful. If my data was with the Guard I would not know what any of the above meant other than my data was made available to a contractor who uploaded it to a random server somewhere and, at the moment, it could be floating in space for anyone to grab.
Brilliant.
1) This was an external press release. It's possible communication to the actual Guard had more detail. Or not; it's the military, and they'll tell you what you "need to know."
2) While they don't guarantee the data wasn't leaked, I read that as more in the sense that "The non-DoD-accredited datacenter is outside of our auditing trail" than in the sense that it's actually likely the data was leaked. If you take my state's drivers' license database and uploaded it to AWS, the state can't "guarantee" the data wasn't used unlawfully either, but you can be certain that Amazon has a lot to lose if some failure of their infrastructure gives China access to a list of passport-authorizing documents.
This more like a breach of standards. At least they know where the data went. The OPM breach is far worse.
Edit: I just had a look and found AWS is actually DoD-certified http://aws.amazon.com/compliance/dod/. I wonder what the data centre in question could be.
This Inwill guess is the least awful of a series of breaches to be released, as everyone falls over themselves to check their seals.
The shear between the tools publicly available on private data networks for analyzing and slicing bulk data and the tools available on cloud networks is wide and growing. As it continues to widen, you can anticipate that more and more tech-savvy mid-level staff in government positions will look at the status quo and say "I could follow policy to the letter, or I could use the cheap-and-easy tools I'm familiar with to get some Goddamn work done and trust that data living in AWS is at least as secure as where it currently lives, in that tool-shed-looking building on the back of the base with the door that doensn't quite latch correctly."
Things are getting better and the DoD has switched to a non-SSN identification number but the SSN is still frequently used.
They started issuing cards with an EDIPI on them relatively recently, which is a step in the right direction, but there's still a lot of work to do.
The DOD originally switched to the SSN from the previous service numbers, as in "name rank and serial number". It was a convenience measure, since the service number system was arcane.
Service numbers were also public record, and I've read documents indicating that social security numbers were not considered sensitive information (notwithstanding the fact that the DOD didn't have the concept of PII formalized back then).
Should the DOD have moved back to another serial number system sooner? Possibly. I'm amazed that they're moving at all.
You authenticate everywhere using a long number (PIN) (so long you have to write it down and store it). All the services you authenticate with will store this PIN unhashed.
You should keep your PIN safe, because it can be used to apply for bank accounts, loans, and commit tax fraud if it is stolen.
If you ever forget your PIN don't worry. We will print it on various letters and mail them to you. If you need it urgently, you will find it next to your name in various post-hack data dumps around the internet.
http://www.troyhunt.com/2015/07/we-take-security-seriously-o...