Manhattan DA calls for backdoors in all mobile operating systems


A new report from the Manhattan District Attorney calls for law requiring "any designer of an operating system for a smartphone or tablet manufactured, leased, or sold in the U.S. to ensure that data on its devices is accessible pursuant to a search warrant." Read the rest

If the Paris attackers weren't using crypto, the next ones will, and so should you


Lots of law enforcement agencies hate crypto, because the technology that helps us protect our communications from criminals and griefers and stalkers and spies also helps criminals keep secrets from cops. With each terrorist attack there's a fresh round of doom-talk from spooks and cops about the criminals "going dark" -- as though the present situation, in which the names and personal information of everyone who talks to everyone else, all the time, where they are then they talk, where they go and who they talk to next, is somehow less surveillant than the past, when cops could sometimes use analog tape-recorders to wiretap the very few conversations that took place on landlines. Read the rest

UK law will allow secret backdoor orders for software, imprison you for disclosing them


Under the UK's new Snoopers Charter (AKA the Investigatory Powers Bill), the Secretary of State will be able to order companies to introduce security vulnerabilities into their software ("backdoors") and then bind those companies over to perpetual secrecy on the matter, with punishments of up to a year in prison for speaking out, even in court. Read the rest

Chrome won't trust Symantec-backed SSL as of Jun 1 unless they account for bogus certs


In September, Google caught Symantec issuing a fake cryptographic certificate that could have been used to seamlessly intercept encrypted traffic. Symantec is one of the participants in Certificate Transparency, through which all new certificates issued and seen in the wild are logged to append-only, cryptographically provable logs, which create irrefutable audit trails for any bogus certs issued/discovered. Read the rest

HOWTO use Tor Messenger, the new, super-secure/private chat app


It's still in beta, but Tor Messenger from the Tor Project has security and privacy baked in by design, and it's the easiest method yet devised to use OTR (Off the Record), the gold standard in secure communications. Read the rest

UK govt: no crypto back doors, just repeal the laws of mathematics


The UK government continues to exhibit its historic, dangerous cluelessness about crypto. After promising to ban working crypto in the previous election campaign, the Tory government has advanced a nonsensical compromise: apps can use working crypto, but also have to be able to break that crypto on demand, without using backdoors. Read the rest

Sixth grader sells artisanal Diceware passwords


11 year old Mira Modi, daughter of privacy journalist Julia Angwin, has a startup through which she hand-generates secure Diceware passwords for $2, which she mails in sealed letters through the USPS, "which cannot be opened by the government without a search warrant." Read the rest

DoJ to Apple: your software is licensed, not sold, so we can force you to decrypt


The DoJ is currently trying to force Apple to decrypt data stored on a defendant's Iphone, and Apple, to its great credit, is fighting back, arguing that on the one hand, it doesn't have the technical capability to do so; and on the other, should not be required to do so. Read the rest

How a mathematician teaches "Little Brother" to a first-year seminar


Derek Bruff teaches a first-year college writing seminar in mathematics, an unusual kind of course that covers a lot of ground, and uses a novel as some of its instructional material -- specifically, my novel Little Brother. Read the rest

Now we know the NSA blew the black budget breaking crypto, how can you defend yourself?


Well, obviously, we need to get Congress to start imposing adult supervision on the NSA, but until that happens, there are some relatively simple steps you can take to protect yourself. Read the rest

It's not enough that Apple and Google are bringing usable crypto to the world


An excellent essay by Penn law prof Jeffrey Vagle describes how the deployment of really easy-to-use, good crypto by Google and Apple is a game-changing shift in the ability of ordinary people to be secure from snooping by crooks, spies (and yes, cops), but how that isn't enough, by a long stretch. Read the rest

The NSA sure breaks a lot of "unbreakable" crypto. This is probably how they do it.


There have long been rumors, leaks, and statements about the NSA "breaking" crypto that is widely believed to be unbreakable, and over the years, there's been mounting evidence that in many cases, they can do just that. Now, Alex Halderman and Nadia Heninger, along with a dozen eminent cryptographers have presented a paper at the ACM Conference on Computer and Communications Security (a paper that won the ACM's prize for best paper at the conference) that advances a plausible theory as to what's going on. In some ways, it's very simple -- but it's also very, very dangerous, for all of us. Read the rest

Jimmy Wales calls UK's proposed crypto ban "moronic"


The Wikipedia co-founder is also the UK government's special Internet advisor. In the previous election cycle, Tory PM David Cameron promised to ban strong crypto if re-elected, and when the US surveillance establishment dropped its demands for a ban on crypto, Cameron doubled down on the proposition. Read the rest

Data breaches are winning the privacy wars, so what should privacy advocates do?


My latest Guardian column, "Why is it so hard to convince people to care about privacy," argues that the hard part of the privacy wars (getting people to care about privacy) is behind us, because bad privacy regulation and practices are producing wave after wave of people who really want to protect their privacy. Read the rest

Kickstarting an encrypted email game about the Snowden leaks


James writes, "A blend of fact and fiction, players take on the role of an NSA agent tracking down the source of the leaks. They'll discover the journalists involved, and the real messages sent by Snowden to them at the time." Read the rest

HOWTO make a physical, papercraft GPG box


Shiro writes, This is a tutorial by @shiromarieke and @nsmnsr on how to make a 'GPG BOX' [PDF], a tool to easily explain GPG encryption. It has been made for CryptoParty Berlin. Read the rest

David Cameron now all alone in demanding crypto backdoors, doubles down on antibiotic resistant superterrorists


The US government has given up on demanding backdoors in cryptography for now (advocates have announced that they'll wait until a terrorist attack and then use that as the excuse for fresh demands), leaving the UK government as the last man standing in the race to compromise the security of the technologies with the power of life and death over us. Read the rest

More posts