SkypeHide promises to hide secret messages in silent Skype packets, even when authorities are listening
In Juarez, we saw fearful human beings — sources — who need to get their information into the right hands. With our packet-switching mind-set, we realized that there may be a technological workaround to the fear: Sources don’t need to physically turn to corrupt authorities, distant journalists or diffuse nonprofits, and rely on their hope that the possible benefit is worth the risk of exposing themselves.
Technology can help intermediate this exchange, like servers passing packets on the Internet. Sources don’t need to pierce their anonymity. They don’t need to trust a single person or institution. Why can’t they simply throw encrypted packets into the network and let the tools move information to the right destinations?
In a sense, we are talking about dual crowdsourcing: Citizens crowdsource incident awareness up, and responders crowdsource justice down, nearly in real time. The trick is that anonymity is provided to everyone, although such a system would know a unique ID for every user to maintain records and provide rewards. This bare-bones model could take many forms: official and nonprofit first responders, investigative journalists, whistleblowers, neighborhood watches.
I'll be interested to hear what people in Juarez, and throughout Mexico, think of the editorial. The notion that crypto, Tor, or other anonymity-aiding online tools might help peaceful observers is not a new one, and not one that activists in Mexico need outsiders to teach them about. There are plenty of smart geeks in Mexico who are well aware of the need for, and usefulness of, such tools. But Google execs speaking directly to the conflict, and how widely-available free tools might help, is a new and notable thing. Red the rest here. (thanks, @martinxhodgson)
Michael O'Hare is a public policy researcher. He teaches at UC Berkeley and specializes in the arts and the environment. He does not sound like a very threatening guy. But, since the early 1980s, Michael O'Hare has been the subject of another man's obsessive quest to find the true identity of the Zodiac Killer.
Let's be clear. Michael O'Hare is not the Zodiac Killer. He's got a pretty good alibi—namely the fact that he was nowhere near California when the murders happened. In fact, his name only entered the field because an enthusiast named Gareth Penn analyzed some of the famous Zodiac cryptograms and somehow came up with the name "Michael O". How that led Penn to O'Hare isn't exactly clear, but however it happened, Penn has spent the last 30 years telling anyone who will listen that Michael O'Hare is the Zodiac Killer.
And that has made O'Hare's life rather ... interesting. This weekend, I ran across a 2009 essay, written by O'Hare, describing his experience as the unwitting subject of somebody else's conspiracy theory. This is old, but I wanted to share it because it's such a rare perspective on this kind of thing. In the age of the Internet, it's easy to read up on conspiracy theories covering just about any topic. For most of them, you can also find extensive debunking sources. It's much less common for somebody at the center of the story to talk about what that experience has been like. Totally fascinating.
The decades since Penn fixed his sights on me have not been a living hell, much as that would spice up this story. They have been an ordinary life, punctuated by one or another flurry of fuss from Penn, sometimes involving pages of numbers (for example, the data pages from my PhD thesis) with this or that sequence picked out, circled, and "decoded" into words that fit somehow into Penn’s model of the crimes.
My favorite episode was the phone calls. Sometime in the 1980s, I started getting them at two and three in the morning. When my wife or I answered, a male voice would say something vaguely threatening like "I’m coming north, and I’m going to get you soon!" .... The calls were supposed to be transmitting coded messages via numbers—in particular, the time of the call! Apparently, Penn’s assumption was that when the average person is aroused by the phone in the middle of the night, the first thing he does, before woozily answering, is to note the time of the first ring on the digital clock he keeps by the bed—which is, of course, synchronized with the clock in the Naval Observatory. If your clock (or his) is off by just a couple of minutes, the call that was supposed to register as "2:14"—code for "Got you dead to rights this time"—will be misinterpreted as "2:16," which I think means "The Sox can’t make the playoffs without a closer." (Sadly, I’ve lost the magic decoder ring I got in exchange for cereal box tops as a child, so I can’t be sure.) The story got even better years later, when I discovered that a Penn skeptic had been calling him at home at times that figured into Penn’s theory, whereupon Penn assumed the calls came from me and "returned" them to my house, so he thought he was having a conversation with me, all in three-digit numbers.
Second, you seem to think that we might censor a student's thesis, which is lawful and already in the public domain, simply because a powerful interest finds it inconvenient. This shows a deep misconception of what universities are and how we work. Cambridge is the University of Erasmus, of Newton, and of Darwin; censoring writings that offend the powerful is offensive to our deepest values. Thus even though the decision to put the thesis online was Omar's, we have no choice but to back him. That would hold even if we did not agree with the material! Accordingly I have authorised the thesis to be issued as a Computer Laboratory Technical Report. This will make it easier for people to find and to cite, and will ensure that its presence on our web site is permanent....A Merry Christmas to all Bankers
...Fifth, you say 'Concern was expressed to us by the police that the student was allowed to falsify a transaction in a shop in Cambridge without first warning the merchant'. I fail to understand the basis for this. The banks in France had claimed (as you did) that their systems were secure; a French TV programme wished to discredit this claim (as Newsnight discredited yours); and I understand that Omar did a No-PIN transaction on the card of a French journalist with the journalist's consent and on camera. At no time was there any intent to commit fraud; the journalist's account was debited in due course in accordance with his mandate and the merchant was paid. It is perfectly clear that no transaction was falsified in any material sense. I would not consider such an experiment to require a reference to our ethics committee. By that time the Newsnight programme had appeared and the No-PIN attack was entirely in the public domain. The French television programme was clearly in the public interest, as it made it more difficult for banks in France to defraud their customers by claiming that their systems were secure when they were not.
You complain that our work may undermine public confidence in the payments system. What will support public confidence in the payments system is evidence that the banks are frank and honest in admitting its weaknesses when they are exposed, and diligent in effecting the necessary remedies. Your letter shows that, instead, your member banks do their lamentable best to deprecate the work of those outside their cosy club, and indeed to censor it.
- Chip-and-PIN is broken - Boing Boing
- Chip and PIN terminals pwned - Boing Boing
- ATM skimmer -- could you spot it in the wild? - Boing Boing
- Boing Boing: Secure chip-and-PIN terminal hacked to play Tetris
- Shell UK abandons chip-and-pin after £1M fraud - Boing Boing
- ATM skimmers: man, these things are scary - Boing Boing
(photo: Drew Angerer/The New York Times)
In today's New York Times, the artist and cryptographer behind an enigmatic sculpture on the grounds of the CIA reveals long-awaited clues to Times reporter John Schwartz.
Kryptos,” the sculpture nestled in a courtyard of the agency’s Virginia headquarters since 1990, is a work of art with a secret code embedded in the letters that are punched into its four panels of curving copper.Sculptor Dangles Clues to Stubborn Secret in C.I.A.'s Backyard (NYT).
“Our work is about discovery — discovering secrets,” said Toni Hiley, director of the C.I.A. Museum. “And this sculpture is full of them, and it still hasn’t given up the last of its secrets.”
Not for lack of trying. For many thousands of would-be code crackers worldwide, “Kryptos” has become an object of obsession. Dan Brown has even referred to it in his novels.
The code breakers have had some success. Three of the puzzles, 768 characters long, were solved by 1999, revealing passages — one lyrical, one obscure and one taken from history. But the fourth message of “Kryptos” — the name, in Greek, means “hidden” — has resisted the best efforts of brains and computers.
And Jim Sanborn, the sculptor who created “Kryptos” and its puzzles, is getting a bit frustrated by the wait. “I assumed the code would be cracked in a fairly short time,” he said, adding that the intrusions on his life from people who think they have solved his fourth puzzle are more than he expected.
See also: Original Decoding Charts for 'Kryptos' (NYT).
In a New York Times article today by Charlie Savage, news that the Obama administration is proposing new legislation that would provide the U.S. Government with direct access to all forms of digital communication, "including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct 'peer to peer' messaging like Skype."
In other words, the U.S. Government is taking exactly the position of the UAE and the Saudis: no communications are permitted to be beyond the surveillance reach of U.S. authorities. The new law would not expand the Government's legal authority to eavesdrop -- that's unnecessary, since post-9/11 legislation has dramatically expanded those authorities -- but would require all communications, including ones over the Internet, to be built so as to enable the U.S. Government to intercept and monitor them at any time when the law permits. In other words, Internet services could legally exist only insofar as there would be no such thing as truly private communications; all must contain a "back door" to enable government officials to eavesdrop.On Twitter last night, Ryan Singel pointed out this relevant snip from a National Research Council report rejecting the idea of mandated backdoors in encryption... in 1996.
It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages.And the lack of backdoors doesn't seem to have put much of a damper on domestic surveillance, anyway:
Law enforcement officials have long warned that encryption technology allows criminals to hide their activities, but investigators encountered encrypted communications only one time during 2009's wiretaps. The state investigators told the court that the encryption did not prevent them from getting the plain text of the messages.
Read the rest
The Code Talkers took part in every assault the Marines conducted in the Pacific from 1942 to 1945. They sent thousands of messages without error on Japanese troop movements, battlefield tactics and other communications critical to the war's ultimate outcome.One of original Navajo Code Talkers dies in Arizona
Several hundred Navajos served as Code Talkers during the war, but a group of 29 that included June developed the code based on their native language. Their role in the war wasn't declassified until 1968.