A critical flaw (possibly a deliberate backdoor) allows for decryption of Whatsapp messages -- UPDATED

Update: Be sure to read the followup discussion, which explains Facebook's point of view, that this is a deliberate compromise, and not a defect, that makes the app more usable for a wide variety of users, while putting them to little additional risk (namely, that Facebook might change its mind; or be forced to spy on its users; or suffer a security breach or internal rogue employee).

When Facebook implemented Open Whisper Systems' end-to-end encrypted messaging protocol for Whatsapp, they introduced a critical flaw that exposes more than a billion users to stealthy decryption of their private messages: in Facebook's implementation, the company can force Whatsapp installations to silently generate new cryptographic keys (without any way for the user to know about this unless a deep settings checkbox had been ticked), which gives the company the ability to decrypt user messages, including messages that have already been sent in the past.. Read the rest

Trump's NSA will be able to share its firehose of surveillance data with 16 government agencies (Thanks, Obama)

The new data-sharing rules enacted by the Obama administration will allow the NSA to lawfully share the unredacted, full take of its surveillance databases with sixteen other US government agencies -- meaning that, for example, Trump's door-to-door deportation squads could use that data to figure out who's doors to break down, and his Muslim surveillance database could bootstrap itself with NSA data. Read the rest

Why the Trump era is the perfect time to go long on freedom and short on surveillance

My new Locus column is "It’s Time to Short Surveillance and Go Long on Freedom," which starts by observing that Barack Obama's legacy includes a beautifully operationalized, professional and terrifying surveillance apparatus, which Donald Trump inherits as he assumes office and makes ready to make good on his promise to deport millions of Americans and place Muslims under continuous surveillance. Read the rest

Germany, France and the UK are moving the EU to continuous, unaccountable, warrantless mass surveillance

Recent surveillance laws in Germany, France and the UK require online service providers to store (undoubtedly leaky and infinitely toxic) databases of everything you do online, and allow government agencies to raid these databases without accountability or meaningful oversight). Read the rest

Liberty is crowdfunding a lawsuit to challenge the Snoopers Charter

Liberty UK and The Civil Liberties Trust are raising funds online to fund high-stakes litigation against the UK government over the Snoopers Charter, a mass-surveillance law that requires tech companies and telcos to retain everything you do online and hand it over to government, law enforcement, and private contractors without warrants or even minimal record-keeping. Read the rest

Apple Store employees fired after accusations of snooping on customers' devices for sexual selfies and sharing them

Last October, an Apple Store in Brisbane, Australia terminated some of its employees after they were accused of searching customers' devices for sexually explicit selfies and sharing them with colleagues, rating them on a scale of 1-10. Read the rest

Court rules against UK government's surveillance legislation

A European court has ruled that the UK cannot subject its citizens to indiscriminate data collection unless the data retained is being used solely to fight serious crime, reports the BBC.

The verdict concerns an earlier incarnation of Britain's blanket domestic surveillance plans brought to court by opponensts. It does not specifically address the recently-passed "Snooper's Charter," though experts say it will lead directly to a legal challenge against it. The charter, officially known as the Investigatory Powers Act, requires phone companies and internet providers to maintain records of users' online activity for a year.

One irony of it is that an original champion of the challenge, David Davis, is now Britain's Brexit chief: he left the case after a change of personal circumstances led to a sharp change in his principles regarding privacy.

Mr Davis, who had long campaigned on civil liberties issues, left the case after Theresa May appointed him to her cabinet in July.

Tom Watson, Labour's deputy leader, who is one of those bringing the case, said: "This ruling shows it's counter-productive to rush new laws through Parliament without a proper scrutiny."

The Home Office said it would be putting forward "robust arguments" to the Court of Appeal.

Read the rest

Trump's policies on net neutrality, free speech, press freedom, surveillance, encryption and cybersecurity

Three posts from the Electronic Frontier Foundation dispassionately recount the on-the-record policies of Trump and his advisors on issues that matter to a free, fair and open internet: net neutrality; surveillance, encryption and cybersecurity; free speech and freedom of the press. Read the rest

What every website knows about you

This website shows you all the data any website you visit can find out about you: your location, operating system, browser plugins, previously visited web page, local and public IP, service provider, social media networks you are logged into, devices on your local network, and more. The site also shows you how to hide any of this information that you don't want to reveal. Read the rest

Bruce Schneier's four-year plan for the Trump years

1. Fight the fights (against more government and commercial surveillance; backdoors, government hacking); 2. Prepare for those fights (push companies to delete those logs; remind everyone that security and privacy can peacefully co-exist); 3. Lay the groundword for a better future (figure out non-surveillance internet business models, privacy-respecting law enforcement, and limits on corporate surveillance); 4. Continue to solve the actual problems (cybercrime, cyber-espionage, cyberwar, the Internet of Things, algorithmic decision making, foreign interference in our elections). Read the rest

Snowden on fake news, Twitter features, and the rule of law

Edward Snowden's Periscope interview with Jack Dorsey -- hosted by the Pardon Snowden campaign ranged over a lot of territory, including the special problems of metadata surveillance (metadata can be "more intrusive" than content "because it can be understood at scale"); asymmetry in privacy (where "an increasing imbalance of power" arises between citizens, with no privacy, and officials with all the privacy: "We can't even see their tax-returns"); the problems of relying on the rule of law in a "global context" where surveillance crosses borders and jurisdictions; and fake news, which Snowden thinks can't be solved by asking Google to be a "referee" but rather when "We talk and we share and we point out what is true." Read the rest

William Gibson on individual privacy, governmental secrecy and the future of history

In a thoughtful New York Times editorial, science fiction giant William Gibson mediates on the difference between the privacy that individuals have and deserve, the privacy that governments assert ("What does it mean, in an ostensible democracy, for the state to keep secrets from its citizens?"), and what this will mean for the historians of the future. Read the rest

The latest generation of chatbot toys listen to your kids 24/7 and send their speech to a military contractor

Last year's Hello Barbie chatbot toy sent all your kid's speech to cloud servers operated by Mattel and its tech partner, but only when your kid held down Barbie's listen button -- new chatbot toys like My Friend Cayla and the i-Que Intelligent Robot are in constant listening mode -- as is your "OK Google" enabled phone, your Alexa-enabled home mic, and your Siri-enabled Ios device -- and everything that is uttered in mic range is transmitted to Nuance, a company that makes text-to-speech tech (you probably know them through their Dragon-branded tools), and contracts to the US military. Read the rest

The Snoopers Charter gives these 48 organisations unlimited, secret access to all UK browsing history

With the passage of the Snoopers Charter earlier this month, the UK has become the most-surveilled "democratic" state in the world, where service providers are required to retain at least a year's worth of their customers' browsing history and make it searchable, without a warrant, to a variety of agencies -- and no records are kept of these searches, making it virtually impossible to detect petty vendetta-settling, stalking, or systemic abuses (including selling access to criminals, foreign governments, and institutionalised racism). Read the rest

The Snoopers Charter is now law in the UK: "extreme surveillance" rules the land

Britain's love-affair with mass surveillance began under the Labour government, but it was two successive Conservative governments (one in coalition with the Liberal Democrats, who are nominally pro-civil liberties) who took Tony Blair's mass surveillance system and turned it into a vicious, all-powerful weapon. Now, their work is done. Read the rest

How to defend your digital rights: street protest edition

The Electronic Frontier Foundation's Digital Security Tips for Protesters builds on its indispensable Surveillance Self Defense guide for protesters with legal and technical suggestions to protect your rights, your data, and your identity when protesting. Read the rest

Your user data is secretly sent to China through a backdoor on some U.S. Android phones

Included for free with some Android phones: “a backdoor that sends all your text messages to China every 72 hours.”

Read the rest

More posts