U.S. lawmakers expected to introduce major encryption bill

L: House Homeland Security Committee Chair Michael McCaul (R-TX). R: Sen. Mark Warner (D-VA)

Two lawmakers are reported to be planning to unveil details of a major encryption bill Wednesday, as the FBI's battle with Apple continues and a debate grows over what role government should play in regulating technology.

Read the rest

To improve national security, improve crypto usability

SOC_Security_Monitors

Scout Sinclair Brody (previously) is executive director of Simply Secure, a nonprofit I volunteer for that works on impriving the usability of privacy tools so that normal people can understand and benefit from them. Read the rest

Wanting it badly isn't enough: backdoors and weakened crypto threaten the net

fantasy-639115_960_720
As you know, Apple just said no to the FBI's request for a backdoor in the iPhone, bringing more public attention to the already hot discussion on encryption, civil liberties, and whether “those in authority” should have the ability to see private content and communications -- what's referred to as “exceptional access.”[1]

NH bill would explicitly allow libraries to run Tor exit nodes

IMG_0050

Inspired by the Library Freedom Project's uncompromising bravery in the face of a DHS threat against a town library in Kilton, NH, that was running a Tor exit node to facilitate private, anonymous communication, the New Hampshire legislature is now considering a bill that would explicitly permit public libraries to "allow the installation and use of cryptographic privacy platforms on public library computers for library patrons use." Read the rest

What a serious keysigning ceremony looks like

animation (2)

In his excellent technical explainer about the Iphone decryption order, the Electronic Frontier Foundation's Joseph Bonneau discusses the actual process of cryptographically signing a new release of a major piece of Internet infrastructure like IOS. Read the rest

The first-ever tech expert on Obama's NSA advisory board is *A*W*E*S*O*M*E*

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x964

The president's NSA advisory board grew teeth in the wake of the Snowden revelations, and they have done good service in identifying the civil liberties issues raised by the NSA's program of secret mass surveillance. Read the rest

Hackers steal a hospital in Hollywood

OLYMPUS DIGITAL CAMERA

A hospital is a computer we put sick people into, so when ransomware creeps infected the hospital's IT systems and encrypted all their data, they asked for a whopping $3.6m to turn the data loose again. Read the rest

Gmail will warn you when your correspondents use unencrypted mail transport

Unencrypted Message

A basic best-practice for email servers is to use TLS (Transport Layer Security) when they connect to one another, which guards against "man in the middle" attacks that would allow attackers to read or change emails while they travel between mail-servers. Read the rest

In promoting Cybersecurity National Action Plan, White House conspicuously fails to mention encryption

crypto

The White House released an announcement today on President Obama's Cybersecurity National Action Plan. In thousands of not actually bad at all words about cybersecurity, they managed not to say the word "encryption" once.

Read the rest

Free Bitcoin textbook from Princeton

8631889823_48c97e00cf_b

The Princeton Bitcoin Book by Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller and Steven Goldfeder is a free download -- it's over 300 pages and is intended for people "looking to truly understand how Bitcoin works at a technical level and have a basic familiarity with computer science and programming." Read the rest

How to prepare to join the Internet of the dead

Online_No_One_Knows_Youre_Dead

In January 2015, security researcher and beloved, prolific geek Michael "Hackerjoe" Hamelin died in a head-on collision that also hospitalized his widow, Beth Hamelin. Read the rest

FBI's war on encryption is unnecessary because the Internet of Things will spy on us just fine

Reuters

The war on encryption waged by the F.B.I. and other intelligence agencies is unnecessary, because the data trails we voluntarily leak allow “Internet of Things” devices and social media networks to track us in ways the government can access.

That's the short version of what's in “Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” a study published today by the Berkman Center for Internet and Society at Harvard.

Read the rest

California assemblyman joins NY legislator in proposing ban on crypto for phones

001

California assemblyman Jim Cooper (D-9th) has copy-pasted New York assemblyman Matthew Titone's (D-61st) insane, reality-denying bill that bans companies from selling smartphones with working crypto on them, introducing nearly identical measures in the California legislature. Read the rest

Juniper's products are still insecure; more evidence that the company was complicit

MX480_left.png

It's been a month since Juniper admitted that its firewalls had back-doors in them, possibly inserted by (or to aid) US intelligence agencies. In the month since, Juniper has failed to comprehensively seal those doors, and more suspicious information has come to light. Read the rest

Lessig on how the economics of data-retention will drive privacy tech

Panopticon

In an interview with the WSJ's CIO blog, Lawrence Lessig proposes that the existence of cryptographic tools that allow for "zero-knowledge" data-querying, combined with the potential liability from leaks, will drive companies to retain less data on their customers. Read the rest

Payment system security is hilariously bad

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x910

In Shopshifting: The potential for payment system abuse, Karsten Nohl and Fabian Bräunlein showed attendees at Hamburg's Chaos Communications Congress just how poor the security in payment terminals is, and demonstrated several attacks that would let them harvest card numbers and PINs, make undetectable phantom charges and refunds to merchant accounts, and commit other mischief. Read the rest

Windows 10 covertly sends your disk-encryption keys to Microsoft

152101REDSchwartzWin10

There's no way to turn off the "recovery" feature that sends your disk encryption keys to Microsoft by default, without notice -- though you can (and should) ask Microsoft to forget the keys later. Read the rest

More posts