Italy unveils a legal proposal to regulate government hacking

Internet traffic nowadays is mostly encrypted (“HTTPS”). Thus, for a few years now, Law Enforcement Agencies (LEA) have been facing far more challenges at gathering data through the interception of connections than they used to.

Cyberarms dealer's weapons used against Mexican soda-tax activists

NSO is an Israel cyberarms dealer, which buys or researches vulnerabilities in software and then weaponizes them; claiming that these cyberweapons will only be used by democratic governments and their police forces to attacks serious criminals and terrorists -- a claim repeated by its competitors, such as Italy's Hacking Team and Gamma Group. Read the rest

This dump of Iphone-cracking tools shows how keeping software defects secret makes everyone less secure

Last month, a hacker took 900GB of data from Cellebrite, an Israeli cyber-arms dealer that was revealed to be selling surveillance and hacking tools to Russia, the UAE, and Turkey. Read the rest

After shutting down to protect user privacy, Lavabit rises from the dead

In 2013, Lavabit -- famous for being the privacy-oriented email service chosen by Edward Snowden to make contact with journalists while he was contracting for the NSA -- shut down under mysterious, abrupt circumstances, leaving 410,000 users wondering what had just happened to their email addresses. Read the rest

Whatsapp: Facebook's ability to decrypt messages is a "limitation," not a "defect"

Facebook spokespeople and cryptographers say that Facebook's decision to implement Open Whisper Systems' end-to-end cryptographic messaging protocol in such a way as to allow Facebook to decrypt them later without the user's knowledge reflects a "limitation" -- a compromise that allows users to continue conversations as they move from device to device -- and not a "defect." Read the rest

A critical flaw (possibly a deliberate backdoor) allows for decryption of Whatsapp messages -- UPDATED

Update: Be sure to read the followup discussion, which explains Facebook's point of view, that this is a deliberate compromise, and not a defect, that makes the app more usable for a wide variety of users, while putting them to little additional risk (namely, that Facebook might change its mind; or be forced to spy on its users; or suffer a security breach or internal rogue employee).

When Facebook implemented Open Whisper Systems' end-to-end encrypted messaging protocol for Whatsapp, they introduced a critical flaw that exposes more than a billion users to stealthy decryption of their private messages: in Facebook's implementation, the company can force Whatsapp installations to silently generate new cryptographic keys (without any way for the user to know about this unless a deep settings checkbox had been ticked), which gives the company the ability to decrypt user messages, including messages that have already been sent in the past.. Read the rest

Trump's NSA will be able to share its firehose of surveillance data with 16 government agencies (Thanks, Obama)

The new data-sharing rules enacted by the Obama administration will allow the NSA to lawfully share the unredacted, full take of its surveillance databases with sixteen other US government agencies -- meaning that, for example, Trump's door-to-door deportation squads could use that data to figure out who's doors to break down, and his Muslim surveillance database could bootstrap itself with NSA data. Read the rest

Germany, France and the UK are moving the EU to continuous, unaccountable, warrantless mass surveillance

Recent surveillance laws in Germany, France and the UK require online service providers to store (undoubtedly leaky and infinitely toxic) databases of everything you do online, and allow government agencies to raid these databases without accountability or meaningful oversight). Read the rest

Apple Store employees fired after accusations of snooping on customers' devices for sexual selfies and sharing them

Last October, an Apple Store in Brisbane, Australia terminated some of its employees after they were accused of searching customers' devices for sexually explicit selfies and sharing them with colleagues, rating them on a scale of 1-10. Read the rest

Free audiobook of Car Wars, my self-driving car/crypto back-door apocalypse story

Last month, Melbourne's Deakin University published Car Wars, a short story I wrote to inspire thinking and discussion about the engineering ethics questions in self-driving car design, moving beyond the trite and largely irrelevant trolley problem. Read the rest

Trump's policies on net neutrality, free speech, press freedom, surveillance, encryption and cybersecurity

Three posts from the Electronic Frontier Foundation dispassionately recount the on-the-record policies of Trump and his advisors on issues that matter to a free, fair and open internet: net neutrality; surveillance, encryption and cybersecurity; free speech and freedom of the press. Read the rest

After ACLU investigation, Twitter blocks US surveillance "fusion centers" from monitoring tool

The ACLU of Northern California recently published a leaked email showing that Dataminr -- a Twitter-monitoring company partially owned by Twitter itself -- was selling access to US domestic surveillance "fusion centers" where local, state and federal agencies pool resources to spy on their targets. Read the rest

Bruce Schneier's four-year plan for the Trump years

1. Fight the fights (against more government and commercial surveillance; backdoors, government hacking); 2. Prepare for those fights (push companies to delete those logs; remind everyone that security and privacy can peacefully co-exist); 3. Lay the groundword for a better future (figure out non-surveillance internet business models, privacy-respecting law enforcement, and limits on corporate surveillance); 4. Continue to solve the actual problems (cybercrime, cyber-espionage, cyberwar, the Internet of Things, algorithmic decision making, foreign interference in our elections). Read the rest

Car Wars: a dystopian science fiction story about the nightmare of self-driving cars

Melbourne's Deakin University commissioned me to write a science fiction story about the design and regulation of self-driving cars, inspired by my essay about the misapplication of the "Trolley Problem" to autonomous vehicles. Read the rest

UK's new surveillance law creates a national browser history with a search engine to match

The Snoopers Charter, an extreme surveillance bill that passed last week, and it's the most extensive domestic spying regime that any "democratic" country has passed, and is a potential blueprint for Orwellian surveillance elsewhere in the years to come. Read the rest

Iphones secretly send your call history to Apple's cloud, even after you tell them not to

Apple has acknowledged that its Icloud service is a weak link in its security model, because by design Apple can gain access to encrypted data stored in its customers' accounts, which means that the company can be hacked, coerced or tricked into revealing otherwise secure customer data to law enforcement, spies and criminals. Read the rest

Snowden to journalists: your best defense is legal limits on spying, not crypto

Edward Snowden videoconferenced with a journalism roundtable at Editors Lab participants at Süddeutsche Zeitung (home of the Panama Papers) about the effect of state surveillance on a free press. Read the rest

More posts