The basics of crypto, in 4.5 pages, using only small words lawmakers can understand

Ed Felten (previously) -- copyfighter, Princeton computer scientist, former deputy CTO of the White House -- has published a four-and-a-half-page "primer for policymakers" on cryptography that explains how encryption for filesystems and encryption for messaging works, so they can be less ignorant. Read the rest

A "travel mode" for social media - after all, you don't take all your other stuff with you on the road

As the US government ramps up its insistence that visitors (and US citizens) unlock their devices and provide their social media accounts, the solution have run the gamut from extreme technological caution, abandoning mobile devices while traveling, or asking the government to rethink its policy. But Maciej Cegłowski has another solution: a "travel mode" for our social media accounts. Read the rest

Proof-of-concept ransomware locks up the PLCs that control power plants

In Out of Control: Ransomware for Industrial Control Systems, three Georgia Tech computer scientists describe their work to develop LogicLocker, a piece of proof-of-concept ransomware that infects the programmable logic controllers that are used to control industrial systems like those in power plants. Read the rest

How to legally cross a US (or other) border without surrendering your data and passwords

The combination of 2014's Supreme Court decision not to hear Cotterman (where the 9th Circuit held that the data on your devices was subject to suspicionless border-searches, and suggested that you simply not bring any data you don't want stored and shared by US government agencies with you when you cross the border) and Trump's announcement that people entering the USA will be required to give border officers their social media passwords means that a wealth of sensitive data on our devices and in the cloud is now liable to search and retention when we cross into the USA. Read the rest

After shutting down to protect user privacy, Lavabit rises from the dead

In 2013, Lavabit -- famous for being the privacy-oriented email service chosen by Edward Snowden to make contact with journalists while he was contracting for the NSA -- shut down under mysterious, abrupt circumstances, leaving 410,000 users wondering what had just happened to their email addresses. Read the rest

Barcelona government officially endorses Tor-based whistleblower platform

Xnet, a wonderful Spanish activist group, has created the Anti-Corruption Complaint Box, a whistleblowing platform for the city of Barcelona that allows people to file anonymous claims in a Globalleaks repository, with their anonymity protected by Tor. Read the rest

Whatsapp: Facebook's ability to decrypt messages is a "limitation," not a "defect"

Facebook spokespeople and cryptographers say that Facebook's decision to implement Open Whisper Systems' end-to-end cryptographic messaging protocol in such a way as to allow Facebook to decrypt them later without the user's knowledge reflects a "limitation" -- a compromise that allows users to continue conversations as they move from device to device -- and not a "defect." Read the rest

A critical flaw (possibly a deliberate backdoor) allows for decryption of Whatsapp messages -- UPDATED

Update: Be sure to read the followup discussion, which explains Facebook's point of view, that this is a deliberate compromise, and not a defect, that makes the app more usable for a wide variety of users, while putting them to little additional risk (namely, that Facebook might change its mind; or be forced to spy on its users; or suffer a security breach or internal rogue employee).

When Facebook implemented Open Whisper Systems' end-to-end encrypted messaging protocol for Whatsapp, they introduced a critical flaw that exposes more than a billion users to stealthy decryption of their private messages: in Facebook's implementation, the company can force Whatsapp installations to silently generate new cryptographic keys (without any way for the user to know about this unless a deep settings checkbox had been ticked), which gives the company the ability to decrypt user messages, including messages that have already been sent in the past.. Read the rest

Baratunde Thurston explains why encryption matters

Rainey from EFF writes, "EFF just launched a new video about its efforts to encrypt the web. It features bestselling author Baratunde Thurston explaining why encryption matters and two simple ways to ensure the web we love is encrypted." Read the rest

98% of Bitcoin trading volume over the past six months was in Chinese Renminbi

In case you were wondering why Bitcoin experienced a crazy spike recently: China's economy is a hyperinflated bubble, poised to burst and the Chinese central bank is depreciating the Renminbi -- so China's wealthy are getting their cash out of the country as fast as they can, using any means necessary: suing themselves, spending huge whacks of cash while on vacation, and converting it to Bitcoin (this is especially urgent now that the Canadian real-estate money laundry is shutting down) -- this is just the latest salvo in the Chinese capital flight story. Read the rest

My first Enigma machine: Mattel once sold a Barbie typewriter with built-in crypto capabilities

Slovenia's Maheno corporation manufactured a series of Barbie-branded and white label typewriters for kids, with a hidden feature that allowed their owners to use them to produce messages encrypted with a simple substitution cipher. Read the rest

Thailand's military-appointed Assembly unanimously passes an internet law combining the world's worst laws

On Dec 15, an amendment to Thailand's 2007 Computer Crime Act passed its National Legislative Assembly -- a body appointed by the country's military after the 2014 coup -- unanimously, and in 180 days, the country will have a new internet law that represents a grab bag of the worst provisions of the worst internet laws in the world, bits of the UK's Snooper's Charter, America's Computer Fraud and Abuse Act, and the dregs of many other failed laws. Read the rest

Trump's policies on net neutrality, free speech, press freedom, surveillance, encryption and cybersecurity

Three posts from the Electronic Frontier Foundation dispassionately recount the on-the-record policies of Trump and his advisors on issues that matter to a free, fair and open internet: net neutrality; surveillance, encryption and cybersecurity; free speech and freedom of the press. Read the rest

Ten principles for user-protection in hostile states

The Tor Project's "Ten Principles for User Protection in Hostile States" is both thoughtful and thought-provoking -- it's a list that excites my interest as someone who cares about the use of technology in improving lives and organizing political movements (principle 1 is "Do not rely on the law to protect systems or users" -- a call to technologists -- while number 7 is aimed at companies, "Invest in cryptographic R&D to replace non-cryptographic systems" and principle 2 says "Prepare policy commentary for quick response to crisis," which suggests that the law, while not reliable, can't be ignored); and also as a science fiction writer (check out those tags! "Acausal trade," "Pluralistic singularity" and "Golden path"! Yowza!) Read the rest

Freedom of the Press releases an automated, self-updating report card grading news-sites on HTTPS

Secure the News periodically checks in with news-sites to see how many of them implement HTTPS -- the secure protocol that stops your ISP and people snooping on it from knowing which pages you're looking at and from tampering with them -- and what proportion of them default to HTTPS. Read the rest

Bruce Schneier's four-year plan for the Trump years

1. Fight the fights (against more government and commercial surveillance; backdoors, government hacking); 2. Prepare for those fights (push companies to delete those logs; remind everyone that security and privacy can peacefully co-exist); 3. Lay the groundword for a better future (figure out non-surveillance internet business models, privacy-respecting law enforcement, and limits on corporate surveillance); 4. Continue to solve the actual problems (cybercrime, cyber-espionage, cyberwar, the Internet of Things, algorithmic decision making, foreign interference in our elections). Read the rest

Filmmakers want cameras with encrypted storage

Documentarians and news-gatherers who record sensitive material from confidential sources live in terror of having their cameras seized and their storage-cards plundered by law-enforcement; they struggle to remember to immediately transfer their files to encrypted laptop storage and wipe their cards while dodging bombs in conflict zones, or simply to remember to have robotically perfect operational security while they are trying to get a movie made. Read the rest

More posts