In the New York Times, a report based on documents leaked by Edward Snowden says the National Security Agency is "winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications." — Read the rest
The NSA's AURORAGOLD program — revealed in newly released Snowden docs — used plundered internal emails to compromise nearly every mobile carrier in the world, and show that the agency had planned to introduce vulnerabilities into future improvements into mobile security.
Daniel Bernstein, the defendant in the landmark lawsuit that legalized cryptography (over howls of protest from the NSA) engages in a thought-experiment about how the NSA might be secretly undermining crypto through sabotage projects like BULLRUN/EDGEHILL.
crypto stays insecure [PDF/Daniel J Bernstein]
(via O'Reilly Radar)
For me, the most under-reported, under-appreciated element of the Snowden leaks is the BULLRUN/EDGEHILL program, through which the NSA and GCHQ spend $250,000,000/year sabotaging information security. In a great Wired story, Andy Greenberg analyzes former NSA chief Keith Alexander's defense of the stockpiling of vulnerabilities to attack "bad guys." — Read the rest
Australian Simon Gittany murdered his girlfriend, Lisa Harnum, after an abusive relationship that involved his surveillance of her electronic communications using off-the-shelf spyware marketed for purposes ranging from keeping your kids safe to spotting dishonest employees. As Rachel Olding writes in The Age, surveillance technology is increasingly a factor in domestic violence, offering abusive partners new, thoroughgoing ways of invading their spouses' privacy and controlling them. — Read the rest
In my latest Guardian column, What happens with digital rights management in the real world?, I explain why the most important fact about DRM is how it relates to security and disclosure, and not how it relates to fair use and copyright. — Read the rest
The NSA-O-Matic generates eerily plausible leaked NSA programs at the click of a mouse, including non-denial denials from NSA shills and spokesjerks. For example "STUMPVIEW, a searchable database that bugs conversations within earshot of laptop microphones. Senator Dianne Feinstein assured the public that the program discards information as soon it is determined to be irrelevant." — Read the rest
The maintainers of the security-conscious FreeBSD operating system have declared that they will no longer rely on the random number generators in Intel and Via's chips, on the grounds that the NSA likely has weakened these opaque hardware systems in order to ease surveillance. — Read the rest
Ruth from the Open Rights Group sez, "With the huge amount of evidence leaked by Edward Snowden on surveillance by the NSA and the GCHQ, the Open Rights Group has compiled a list of the top 6 points that everyone should know about how their rights have been violated. — Read the rest
Speaking at a presentation in DC, Bruce Schneier nailed the strategic cost of allowing the NSA to sabotage Internet security through BULLRUN: it has cost the US government all credibility as a contributor to Internet governance. The total depraved indifference to everyday Internet users displayed in the sabotage program means that the era of the US being seen as the best steward for the health and integrity of the net has come to a close. — Read the rest
UK prime minister David Cameron has threatened to get a court order against the Guardian if it continues to publish the Snowden leaks. He accused the Guardian of having a "lah-di-dah, airy-fairy view" about the dangers of leaks, and said the if the paper didn't voluntarily censor itself out of a sense of "social responsibility" he would seek court injunctions against it. — Read the rest
Huawei, the Chinese electronics giant that was accused of being "a security risk" in a paper by the House Intelligence Committee (its chair, Mike Rogers [R-MI], said "find another vendor if you care about your intellectual property, if you care about your consumers' privacy, and you care about the national security of the United States of America") has come out swinging in a new cybersecurity paper. — Read the rest
The Electronic Frontier Foundation's Cindy Cohn and Trevor Timm look at the NSA's Bullrun program, through which the US and UK governments have spent $250M/year sabotaging computer security. Cindy is the lawyer who argued the Bernstein case, which legalized civilian access to strong cryptography — in other words, it's her work that gave us all the ability to communicate securely online. — Read the rest
On the Cryptography mailing list, John Gilmore (co-founder of pioneering ISP The Little Garden and the Electronic Frontier Foundation; early Sun employee; cypherpunk; significant contributor to GNU/Linux and its crypto suite; and all-round Internet superhero) describes his interactions with the NSA and several obvious NSA stooges on the IPSEC standardization working groups at the Internet Engineering Task Force. — Read the rest