The war on encryption waged by the F.B.I. and other intelligence agencies is unnecessary, because the data trails we voluntarily leak allow “Internet of Things” devices and social media networks to track us in ways the government can access.
That's the short version of what's in “Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” a study published today by the Berkman Center for Internet and Society at Harvard.
It's been a month since Juniper admitted that its firewalls had back-doors in them, possibly inserted by (or to aid) US intelligence agencies. In the month since, Juniper has failed to comprehensively seal those doors, and more suspicious information has come to light. Read the rest
In an interview with the WSJ's CIO blog, Lawrence Lessig proposes that the existence of cryptographic tools that allow for "zero-knowledge" data-querying, combined with the potential liability from leaks, will drive companies to retain less data on their customers. Read the rest
In Shopshifting: The potential for payment system abuse, Karsten Nohl and Fabian Bräunlein showed attendees at Hamburg's Chaos Communications Congress just how poor the security in payment terminals is, and demonstrated several attacks that would let them harvest card numbers and PINs, make undetectable phantom charges and refunds to merchant accounts, and commit other mischief. Read the rest
There's no way to turn off the "recovery" feature that sends your disk encryption keys to Microsoft by default, without notice -- though you can (and should) ask Microsoft to forget the keys later. Read the rest
"We know of no case where such an addition of exceptional access capabilities has not resulted in weakened security." Read the rest
The Obama administration, which has staffed up on savvy pro-privacy technologists, even as its law enforcement arm has called for a "magic pony" that would let Internet users attain technological security without compromising the ability to wiretap them, has promised to release a statement indicating whether it will make policy based on science or fear.
Update: Kevin Bankston clarifies:
Read the rest
This week's Radio Motherboard podcast (MP3) talks with Matthew Mitchell, a former data journalist who organizes Harlem Cryptoparty, a regular training meeting for black activists who want to learn to defend themselves against the burgeoning police/DHS practice of racially profiling black activists through targeted surveillance.
Though social media surveillance is a modern phenomenon, the US government has a long and shameful history of surveilling black activists (see, for example, the FBI's attempt to convince Martin Luther King to kill himself).
Harlem Cryptoparty is an attempt to help black people armor themselves against everyday surveillance, promoted through barbershops, hair salons, black churches and flyers in the neighborhood.
2:24 Mitchell explains why a cryptography meetup makes sense in Harlem.
5:05 In order to reach the Harlem community, you have to recruit offline.
7:55 Cryptoparties and privacy events are still rare in the inner city in predominantly black and Latino communities, even though it’s not just a hypothetical threat. “You’re worried about, hey this guy threw me against a wall, flashed a badge at me, took my phone, he said if I gave him the phone he’ll let me walk, otherwise I have to do paper work. What was he doing with it?”
9:40 Nusrat Choudury from the ACLU’s Racial Justice program joins us. She wrote this piece, “The Government Is Watching #BlackLivesMatter, And It’s Not Okay.”
12:40 There is a pattern throughout history of the government using the fear of threats to conduct surveillance on “people who look or act different.”
15:30 A private security firm called Zero Fox collected information on protesters in Baltimore and labeled some “high severity physical threats.”
Despite the French Ministry of Interior's demands to crack down on Internet anonymity, Prime Minister Manual Valls has gone on record saying he won't allow such a thing to pass: Read the rest
Whenever a clueless authority figure who apparently knows nothing about security (like, apparently, FBI director James Comey) calls for a ban on crypto, here's the article you should show them.
Let's Encrypt is a joint project from EFF, Mozilla and others that allows anyone to create a free HTTPS certificate in minutes, this being a critical piece of infrastructure, necessary for making connections between a web-server and a browser secure and private. Read the rest
The nonprofit foundation that oversees development on Tor, the anonymity and privacy tool, has launched its first ever major cash fundraiser, seeking support for its crucial work. Read the rest
The Mozilla Foundation stopped active development of the Thunderbird stand-alone email client in 2012, a year before Edward Snowden's revelations about mass email interception by spy agencies sparked an exodus from webmail platforms. Read the rest