NZ Greens unveil Internet Rights and Freedoms bill

Andrew writes, "The Green Party of Aotearoa New Zealand has launched their Internet Rights and Freedoms Bill. The Bill was launched on a crowdsourced platform where members of the public are given the opportunity to shape these emerging rights and freedoms. This is the first time a Bill has been crowdsourced by a political party in New Zealand. The Internet Rights and Freedoms Bill proposes:"

Read the rest

Yahoo beefs up security in two meaningful and important ways

Yahoo has taken some serious steps towards protecting user-privacy, writes the Electronic Frontier Foundation's Seth Schoen. After revelations that the NSA and GCHQ had hacked its services, intercepted private video-chats, and harvesting mass data from its fiber optic links, the company has added forward secrecy and STARTTLS to its roster of default-on security measures. Of the two, forward secrecy is the most interesting, as it protects the privacy of old intercepted Yahoo data even if the company loses control of its keys. Bravo, Yahoo! Cory 7

Michigan's Penguicon will focus on crypto and privacy this year

Scott sez, "Privacy and security has been a huge problem since the Snowden revelations, and midwest SF/open source software convention Penguicon [ed: near Detroit!] wants to be part of the solution. With Guest of Honor Eva Galperin from the Electronic Frontier Foundation and Cory Doctorow returning as Guest Emeritus, much of their tech track is focused on finding answers to the recent privacy problems highlighted by Snowden. Pre-registration tickets are available until April 1st. Programming was just announced." (Thanks, Scott!)

Self-directed Crypto 101 online course

Crypto 101 is a free online course on practical, applied cryptography: " everything you need to understand complete systems such as SSL/TLS: block ciphers, stream ciphers, hash functions, message authentication codes, public key encryption, key agreement protocols, and signature algorithms." Cory 5

Australian attorney general wants the power to launch man-in-the-middle attacks on secure Internet connections


The Australian attorney general has mooted a proposal to require service providers to compromise their cryptographic security in order to assist in wiretaps. The proposal is given passing mention in a senate submission from the AG's office, where it is referenced as "intelligibility orders" that would allow "law enforcement, anti-corruption and national security agencies" to secure orders under which providers like Google, Facebook and Yahoo would have to escrow their cryptographic keys with the state in order to facilitate mass surveillance.

Edward Snowden referenced this possibility in his SXSW remarks, pointing out that any communications that are decrypted by service providers are vulnerable to government surveillance, because governments can order providers to reveal their keys. This is why Snowden recommended the use of "end-to-end" security, where only the parties in the discussion -- and not the software vendor -- have the ability to spy on users.

The "intelligibility order" is the same kind of order that led to the shutdown of Lavabit, the secure email provider used by Snowden, whose creator shut the service down rather than compromising his users' security.

Read the rest

Kickstarting an Arduino-based Enigma machine

ST Geotronics have exanded their Instructables project for building your own Arduino-based Enigma and turned it into a Kickstarter. $40 gets you some boards you can kit-bash with; $125 gets you the full kit; $300 gets you the whole thing, beautifully made and fully assembled.

The Open Enigma Project (Thanks, Tina!)

EFF's HTTPS Everywhere + Firefox = most secure mobile browser

Peter from the Electronic Frontier Foundation writes, "Over at EFF, we just released a version of our HTTPS Everywhere extension for Firefox for Android. HTTPS Everywhere upgrades your insecure web requests to HTTPS on many thousands of sites, and this means that Firefox on Android with HTTPS Everywhere is now by far the most secure browser against dragnet surveillance attacks like those performed by the NSA, GCHQ, and other intelligence agencies."

I installed it today.

Read the rest

Cryptocurrency soap


Liz writes, "I bet you never wished before that you had handmade soap with a glider from Conway's Game of Life, a doge, or the bitcoin logo on it. It's twee. It's vaguely punk rock. It's cryptocurrency soap!"

David Cameron: TV crime dramas prove we need mass warrantless electronic surveillance

UK Conservative Prime Minister David Cameron says that ISPs and phone companies should be required to store records of every click you make, every conversation you have, and every place you physically move through. He says that communications companies should be required to make it impossible to keep your communications from being eavesdropped in, with mandatory back-doors.

He says we need this law because "TV crime dramas illustrated the value of monitoring mobile data."

Remember the Snooper's Charter, the 2012 UK Conservative plan to require ISPs and phone companies to retain the records of all your calls and movements, and make them available to police and government without a warrant? Home Secretary Theresa May proposed an unlimited budget to pay ISPs to help spy on you, and called people who opposed this "conspiracy theorists" and said the only people who need freedom from total, continuous surveillance were "criminals, terrorists and paedophiles."

The Snooper's Charter was killed by a rebellion from Libdem MPs, who rejected the plan. Now it's back, just as the public are starting to have a debate about electronic spying thanks to NSA whistleblower Edward Snowden, who revealed the extent to which our online habits are already illegally surveilled by government spies. Let's hope that the Snowden revelations -- and the US government's admission that mass spying never caught a terrorist or foiled a terrorism attempt -- strangles this Cameron brainchild in its cradle.

Read the rest

Bitcloud: Bitcoin-like "distributed autonomous corporations" that replace Youtube, Facebook, etc


Some Bitcoin enthusiasts have announced a new project called Bitcloud. The idea is something like the old Mojo Nation P2P architecture, in which individual Internet users perform tasks for each other -- routing, storage, lookups, computation -- in exchange for very small payments.

The Bitcloud protocol uses Bitcoin-style accounting to allocate those microtransfers, along with Bitcoin-style proof-of-work (they call it "proof-of-bandwidth") and the authors suggest that the potential for profit by individual members will create enough capacity to replace a large number of centralized commercial services ("Youtube, Dropbox, Facebook, Spotify, ISPs") with "distributed autonomous corporations," that obviate the need for centralized control in order to supply anonymous, robust, free services to the public.

The idea is an interesting thought-experiment, at least. The idea of "agorics" -- using market forces to allocate resources on the Internet -- is an old one, and I remain skeptical that this produces optimal outcomes. That's because its proponents seem to treat market efficiency as axiomatic ("everyone knows markets work, and that's why we should make them the basis of network resource allocation") and their proposals are substantially weakened if you don't accept the efficient market hypothesis.

Read the rest

Blackphone: a privacy-oriented, high-end, unlocked phone

http://vimeo.com/84167384

Blackphone is a secure, privacy-oriented mobile phone company co-founded by PGP inventor Phil Zimmerman. It integrates a lot of the privacy functionality of Zimmerman's Silent Circle, which makes Android-based privacy tools (secure calls, messaging, storage and proxies). Blackphone also runs Android, with a skin that switches on all the security stuff by default. The company is based in Switzerland, whose government privacy rules are better than most. The phone itself is a high-end, unlocked GSM handset. No info on pricing yet, but pre-orders open in late February. I'm interested in whether the sourcecode for the Blackphone stack will be free, open, auditable and transparent. If it is, I will certainly order one of these for myself and report here on its performance.

Read the rest

Snake: crowdfunding an encrypted, easy-to-use social network

Riccardo sez, "Snake is an end-to-end encrypted social network running in a browser (standard Web page or plugin) or as a mobile application. We already have a prototype but we are launching a crowdfunding campaign to make it real, and we need your help! Our aim is to make it easy for *everyone* to have one-to-one and many-to-many secure communications, using an interface similar to classic social networks such as Facebook."

Read the rest

Hackers vs the NSA in 1986

Emmanuel Goldstein from 2600 Magazine sez, "It shouldn't be that surprising, but Volume Three of The Hacker Digest contains all kinds of news items and articles concerning the National Security Agency, its attempts to control encryption, and the threat of surveillance. This was the hacker world of 1986."

Read the rest

Bletchley's cybersecurity exhibit will not mention Edward Snowden; McAfee's sponsorship blamed

Bletchley Park's historical exhibit on cybersecurity will not mention Edward Snowden -- possibly the most significant figure in the world of contemporary cybersecurity -- because its corporate sponsor, McAfee, has prohibited them from doing so. A collection of MPs and other government figures have written to Bletchley Park museum to urge them to reconsider. As the Tory MP Dominic Raab says, "Either it's a history exhibition or it's not."

The omission raises disturbing questions about the integrity of Bletchley Park as an independent historical institution, and of the quality of oversight it receives from its board. If the McAfee sponsorship came with the kind of strings attached that prohibited neutral exploration of relevant, even crucial, factual material, it's a sponsorship that never should have been accepted.

I have a letter from the Friends of Bletchley Park on my desk at the office, and I was planning on renewing my membership when I got back from the holidays. This has made me rethink my support of the institution, and now I'm not so sure. I certainly hope that Bletchley reconsiders this decision and upholds its reputation as an institution committed to integrity and education.

Read the rest

Queen Elizabeth pardons Turing (but not the 50,000 other gay men the law unjustly criminalised)


Alan Turing has received a pardon under the "Royal Prerogative of Mercy by the Queen," 61 years after he was "chemically castrated" by court order as punishment for homosexuality. Less than two years of forced hormone treatments drove him to suicide at the age of 41. The pardon came at the request of the government's justice secretary. It's a wonderful vindication of Turing.

But I agree with Turing's biographer Dr Andrew Hodges, who says that the idea of a pardon for Turing establishes the principal that "a sufficiently valuable individual should be above the law which applies to everyone else." In my view, the Queen should have pardoned every man and woman persecuted under the cruel and unjust law that ruined so many lives.

But I'll take Turing. For now. And if Stephen Fry gets his wish and we get Turing on a bank note, I'll frame one and hang it in my office.

Read the rest