Manhattan DA calls for backdoors in all mobile operating systems

g3

A new report from the Manhattan District Attorney calls for law requiring "any designer of an operating system for a smartphone or tablet manufactured, leased, or sold in the U.S. to ensure that data on its devices is accessible pursuant to a search warrant." Read the rest

If the Paris attackers weren't using crypto, the next ones will, and so should you

imessage-logo.png

Lots of law enforcement agencies hate crypto, because the technology that helps us protect our communications from criminals and griefers and stalkers and spies also helps criminals keep secrets from cops. With each terrorist attack there's a fresh round of doom-talk from spooks and cops about the criminals "going dark" -- as though the present situation, in which the names and personal information of everyone who talks to everyone else, all the time, where they are then they talk, where they go and who they talk to next, is somehow less surveillant than the past, when cops could sometimes use analog tape-recorders to wiretap the very few conversations that took place on landlines. Read the rest

UK law will allow secret backdoor orders for software, imprison you for disclosing them

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x829

Under the UK's new Snoopers Charter (AKA the Investigatory Powers Bill), the Secretary of State will be able to order companies to introduce security vulnerabilities into their software ("backdoors") and then bind those companies over to perpetual secrecy on the matter, with punishments of up to a year in prison for speaking out, even in court. Read the rest

Chrome won't trust Symantec-backed SSL as of Jun 1 unless they account for bogus certs

why-symantec-ssl-certificates-are-1-1-638

In September, Google caught Symantec issuing a fake google.com cryptographic certificate that could have been used to seamlessly intercept encrypted Google.com traffic. Symantec is one of the participants in Certificate Transparency, through which all new certificates issued and seen in the wild are logged to append-only, cryptographically provable logs, which create irrefutable audit trails for any bogus certs issued/discovered. Read the rest

HOWTO use Tor Messenger, the new, super-secure/private chat app

tor-msg-logo

It's still in beta, but Tor Messenger from the Tor Project has security and privacy baked in by design, and it's the easiest method yet devised to use OTR (Off the Record), the gold standard in secure communications. Read the rest

UK govt: no crypto back doors, just repeal the laws of mathematics

217

The UK government continues to exhibit its historic, dangerous cluelessness about crypto. After promising to ban working crypto in the previous election campaign, the Tory government has advanced a nonsensical compromise: apps can use working crypto, but also have to be able to break that crypto on demand, without using backdoors. Read the rest

Sixth grader sells artisanal Diceware passwords

IMG_2455-e1445538863131

11 year old Mira Modi, daughter of privacy journalist Julia Angwin, has a startup through which she hand-generates secure Diceware passwords for $2, which she mails in sealed letters through the USPS, "which cannot be opened by the government without a search warrant." Read the rest

DoJ to Apple: your software is licensed, not sold, so we can force you to decrypt

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x828

The DoJ is currently trying to force Apple to decrypt data stored on a defendant's Iphone, and Apple, to its great credit, is fighting back, arguing that on the one hand, it doesn't have the technical capability to do so; and on the other, should not be required to do so. Read the rest

How a mathematician teaches "Little Brother" to a first-year seminar

Little-Brother-Debate-Map-2015

Derek Bruff teaches a first-year college writing seminar in mathematics, an unusual kind of course that covers a lot of ground, and uses a novel as some of its instructional material -- specifically, my novel Little Brother. Read the rest

Now we know the NSA blew the black budget breaking crypto, how can you defend yourself?

v1P0LA

Well, obviously, we need to get Congress to start imposing adult supervision on the NSA, but until that happens, there are some relatively simple steps you can take to protect yourself. Read the rest

It's not enough that Apple and Google are bringing usable crypto to the world

vM4PXl

An excellent essay by Penn law prof Jeffrey Vagle describes how the deployment of really easy-to-use, good crypto by Google and Apple is a game-changing shift in the ability of ordinary people to be secure from snooping by crooks, spies (and yes, cops), but how that isn't enough, by a long stretch. Read the rest

The NSA sure breaks a lot of "unbreakable" crypto. This is probably how they do it.

bump-key

There have long been rumors, leaks, and statements about the NSA "breaking" crypto that is widely believed to be unbreakable, and over the years, there's been mounting evidence that in many cases, they can do just that. Now, Alex Halderman and Nadia Heninger, along with a dozen eminent cryptographers have presented a paper at the ACM Conference on Computer and Communications Security (a paper that won the ACM's prize for best paper at the conference) that advances a plausible theory as to what's going on. In some ways, it's very simple -- but it's also very, very dangerous, for all of us. Read the rest

Jimmy Wales calls UK's proposed crypto ban "moronic"

800px-JimmyWalesJI5

The Wikipedia co-founder is also the UK government's special Internet advisor. In the previous election cycle, Tory PM David Cameron promised to ban strong crypto if re-elected, and when the US surveillance establishment dropped its demands for a ban on crypto, Cameron doubled down on the proposition. Read the rest

Data breaches are winning the privacy wars, so what should privacy advocates do?

a19040d4-e425-416c-ada5-539e8464578e-2060x1236

My latest Guardian column, "Why is it so hard to convince people to care about privacy," argues that the hard part of the privacy wars (getting people to care about privacy) is behind us, because bad privacy regulation and practices are producing wave after wave of people who really want to protect their privacy. Read the rest

Kickstarting an encrypted email game about the Snowden leaks

2c40f4a3dfaea9fdb11225b4f87fa0e2_original

James writes, "A blend of fact and fiction, players take on the role of an NSA agent tracking down the source of the leaks. They'll discover the journalists involved, and the real messages sent by Snowden to them at the time." Read the rest

HOWTO make a physical, papercraft GPG box

thumb37

Shiro writes, This is a tutorial by @shiromarieke and @nsmnsr on how to make a 'GPG BOX' [PDF], a tool to easily explain GPG encryption. It has been made for CryptoParty Berlin. Read the rest

David Cameron now all alone in demanding crypto backdoors, doubles down on antibiotic resistant superterrorists

544px-David_Cameron_with_Soldiers_in_Afghanistan_MOD_45154991

The US government has given up on demanding backdoors in cryptography for now (advocates have announced that they'll wait until a terrorist attack and then use that as the excuse for fresh demands), leaving the UK government as the last man standing in the race to compromise the security of the technologies with the power of life and death over us. Read the rest

More posts