Christopher Soghoian's NYT op-ed on one important lesson from Wikileaks: infosec for journalists and their sources. "Sadly, operational computer security is still not taught in most journalism schools, and poor data security practices remain widespread in news organizations. Confidential information is sent over regular phone lines and via text messages and e-mail, all of which are easy to intercept. — Read the rest

Senator Ron Wyden [D-Equestria] sent a letter to the chairs of the Senate Committee on Rules & Administration asking why Senate staffers have been issued ID cards whose "security chips" are just photographs of a chip.

Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers' accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals.

When computer security expert and hardcore traveller Przemek Jaroszewski found that he couldn't enter an airline lounge in Warsaw because the automated reader mistakenly rejected his boarding card, he wrote a 600-line Javascript program that generated a QR code for "Batholemew Simpson," a business-class traveller on a flight departing that day.

"There's classified, and then there's classified," President Barack Obama recently told Fox News anchor Chris Wallace in response to a question about the now-classified material on Hillary Clinton's private email server from when she was Secretary of State. — Read the rest

In early 2015, Reddit published a transparency report that contained heading for National Security Requests, noting, "As of January 29, 2015, reddit has never received a National Security Letter, an order under the Foreign Intelligence Surveillance Act, or any other classified request for user information."

"Everywhere they went, the attackers left behind their throwaway phones."

Buried in the New York Times story Mark poked fun at earlier for its Crypto Panic vibe, a confirmation of sorts that there's really no evidence the terrorists used crypto at all. — Read the rest

From a March 19, 2016 New York Times article:

One of the terrorists pulled out a laptop, propping it open against the wall, said the 40-year-old woman. When the laptop powered on, she saw a line of gibberish across the screen: "It was bizarre — he was looking at a bunch of lines, like lines of code.

It took a while, but FBI director Jim Comey got a little bit of the grilling he has earned in the FBI vs. Apple case. Freedom of the Press Foundation's Trevor Timm writes on today's House Judiciary Committee hearings on Capitol Hill, at which both the government and the Cupertino tech giant were represented. — Read the rest

FBI Director James Comey and Apple's senior vice president and general counsel, Bruce Sewell, are scheduled to testify at a House Judiciary Committee hearing today titled 'The Encryption Tightrope: Balancing Americans' Security and Privacy.' — Read the rest

Two lawmakers are reported to be planning to unveil details of a major encryption bill Wednesday, as the FBI's battle with Apple continues and a debate grows over what role government should play in regulating technology. — Read the rest

Daniel Rigmaiden was a prolific and talented fraudster who made more than a million dollars filing tax-returns for dead people, using ninja forgery skills and super-tight operational security to avoid arrest for years.

Wow. @CarnegieMellon is America's Shanghai Jiaotong. https://t.co/UAtaAgJvJh

— Edward Snowden (@Snowden) November 11, 2015

Documents published by Vice News: Motherboard and further reporting by Wired News suggest that a team of researchers from Carnegie Mellon University who canceled their scheduled 2015 BlackHat talk identified Tor hidden servers and visitors, and turned that data over to the FBI. — Read the rest

If you've been struggling to make sense of the stories about Stingrays (super-secretive cellular surveillance tech used by cops and governments) (previously) this week's Note to Self podcast does the best job I've yet seen (heard) of explaining them.

Redditor Fallenmyst just started a job at Walk N'talk Technologies, where she listens to randomly sampled speech-to-text recordings from our mobile phones, correcting machine conversions.

“We found that news organizations like the Associated Press, Le Monde, LA Times, CBS News, Forbes, Baltimore Sun, and Der Spiegel are still not protecting journalists and their sources from this type of surveillance.”

Newly published Edward Snowden leak shows British spy agency (and close NSA partner) GCHQ intercepted emails from many of the US and UK’s most respected news organizations.

Information about her role was revealed in the Senate Intelligence Committee's report released last week

Above, video of whistleblower Edward Snowden speaking via live encrypted video link at Freedom of the Press Foundation's recent #EncryptNews event at the Newseum in Washington, D.C.

I'm in Washington, D.C. today with the Freedom of the Press Foundation for a day-long event, "News Organizations and Digital Security, Solutions to Surveillance Post-Snowden."

Heavy hitters are present, talking about encryption and security in real-world practice–including including Dana Priest, investigative reporter, Washington Post; James Risen, investigative reporter, New York Times; Christopher Soghoian, principal technologist and senior policy analyst, ACLU; Julia Angwin, investigative reporter, ProPublica; all of The Intercept's security team and others. — Read the rest