There's been an awful lot of talk about “cyber pathogens” and “cyber bombs” lately from the mouths of American officials discussing terrorism, and how we will vanquish it. President Obama mentioned “cyber ops” against Islamic State terrorists in one recent address. Today, we know a little more about what was behind last week's cyber-hawkish hacking headlines.
Federal investigators have discovered major security vulnerabilities in the state health insurance websites for California, Kentucky and Vermont that could allow criminals to access sensitive personal data for hundreds of thousands of people.
The #FBIvsApple legal case may be over, but the fight over security, privacy, and the right to live free of surveillance has just begun. The Justice Department is expected to drop its legal action against Apple, possibly as soon as today, because an 'outside method' to bypass security on the San Bernardino gunman's iPhone has proven successful, a federal law enforcement official said Monday.
In a surprising turn of events, the U.S. government on Monday paused its battle with Apple over an iPhone, and what may be its greater goal of mandating “backdoors” in consumer encryption. On Monday afternoon, the Justice Department told a judge it needs a couple weeks to try 'new' ways of accessing whatever may be on the device, without Apple's help--and with an assist from unnamed experts from outside the agency.
"Everywhere they went, the attackers left behind their throwaway phones."
Buried in the New York Times story Mark poked fun at earlier for its Crypto Panic vibe, a confirmation of sorts that there's really no evidence the terrorists used crypto at all. There is lots of evidence they used throwaway burner phones to evade detection while planning mass murder. Again, no evidence encryption, none, period. This is significant because these attacks, and similar ones that followed, are at the core of an anti-encryption charm offensive by the FBI and Department of Justice, now targeted at Apple's iPhone.
Until we have stronger evidence to the contrary, it seems likely that encryption played little or no part in the Paris terrorist attacks.
Read the rest
The NYT story on the Paris attackers makes just as much (if not more) sense if you replace "encryption" with "magic" pic.twitter.com/1ATUU1fzRM— Christopher Soghoian (@csoghoian) March 20, 2016
The government of Iran claims to have obtained “thousands of pages of information” from devices used by the U.S. Navy sailors briefly detained in January.
In response to the FBI's attack on Apple's use of encryption-based security methods, some of the biggest names in technology are reported to be planning an expanded use of encryption for user data that passes through, or is stored on, their products and services.
It took a while, but FBI director Jim Comey got a little bit of the grilling he has earned in the FBI vs. Apple case. Freedom of the Press Foundation's Trevor Timm writes on today's House Judiciary Committee hearings on Capitol Hill, at which both the government and the Cupertino tech giant were represented.
The House Judiciary committee hearing today titled, “The Encryption Tightrope: Balancing Americans’ Security and Privacy” ended up being full of drama, and riveting moments of confrontation--along with a cavalcade of inept analogies for encryption and hardware security.
Author and former CIA officer Barry Eisler spoke at the Association of Former Intelligence Officers opposite ex-CIA and NSA director Michael Hayden on Monday. Below, an adaptation of his opening remarks about the importance of whistleblowers and government transparency. Eisler's new novel, "God's Eye View," inspired by the Snowden revelations, is available now on Amazon.
From the camp of two lawmakers who recently introduced Senate legislation to establish “an independent National Commission on Security and Technology Challenges,” news that Senators Mark R. Warner (D-VA) and Cory Gardner (R-CO) will join their Senate colleagues in discussing the legislation on the Senate Floor. You can watch it live, and you should. Today at 3pm ET/12pm PT.
Two lawmakers are reported to be planning to unveil details of a major encryption bill Wednesday, as the FBI's battle with Apple continues and a debate grows over what role government should play in regulating technology.
Despite zero indication the people responsible for recent terrorist attacks in Paris and San Bernardino used encryption, the FBI is launching an all-out PR war on crypto.
Now, FBI director James Comey is making tech firms that offer end-to-end encryption tools an offer they can't refuse: they should reconsider “their business model,” he said today, and instead adopt encryption techniques that let them intercept communications, and hand them over to law enforcement when asked.
Mailvelope is a browser extension that is described as the easiest way for mere mortals to send PGP-encrypted messages. Researchers at Brigham Young University brought in a group of people unfamiliar with Mailvelope and observed them try to install it and use it to send an encrypted email. Almost everyone was unable to do it. The researchers concluded that "modern PGP tools are still unusable for the masses."
From the study:
In our study of 20 participants, grouped into 10 pairs of participants who attempted to exchange encrypted email, only one pair was able to successfully complete the assigned tasks using Mailvelope. All other participants were unable to complete the assigned task in the one hour allotted to the study. This demonstrates that encrypting email with PGP, as implemented in Mailvelope, is still unusable for the masses.
Image: Wikipedia Read the rest