The top FBI lawyer who tried to force Apple to backdoor its crypto now says working crypto is essential to public safety and national security

Jim Baker served as the FBI's general counsel from 2014 until 2017, and he presided over the the FBI's attempt to force Apple to undermine its cryptography under the rubric of investigating the San Bernadino shooters; he has long been a prominent advocate for mass surveillance, but he has had a change of heart: in a long, detailed essay on Lawfare, Baker explains why he believes that governments should not seek to introduce defects into cryptographic systems. Read the rest

BBC launches a Tor hidden service mirror to help people evade their countries' censoring firewalls

If you're in China, Iran or some other country whose national firewall blocks BBC News, you can still access it over the Tor network at bbcnewsv2vjtpsuy.onion, which mirrors the main BBC News site as well as BBC Mundo and BBC Arabic. Read the rest

Edward Snowden on the global war on encryption: "This is our new battleground"

Since the 1990s, governments around the world have waged war on working encryption, arguing that "civilians" should be limited to using crypto with known defects that allow it to be broken, so that "good guys" can chase "bad guys." Read the rest

After banning working cryptography and raiding whistleblowers, Australia's spies ban speakers from national infosec conference

Australian politics are a revolting mess of unstable governments dominated by xenophobic, climate-denying far-right oligarchs, and the only check on their power is the fact that Australian governments are so riven by internal strife and unhinged authoritarianism that they tend to collapse on a quarterly basis, triggering new elections and/or leadership contests. Read the rest

America's rotten ISPs object to encrypted DNS, argue that losing the ability to spy on your traffic puts them at a competitive disadvantage

I'm 100% in favor of pro-competitive regulation of Big Tech, and that is because I'm 100% in favor of pro-competitive regulation of all our hyper-concentrated, monopolistic industries. Read the rest

Creating a "coercion resistant" communications system

Eleanor Saitta's (previously) 2016 essay "Coercion-Resistant Design" (which is new to me) is an excellent introduction to the technical countermeasures that systems designers can employ to defeat non-technical, legal attacks: for example, the threat of prison if you don't back-door your product. Read the rest

Gawker's new owners demand right to search journalists, ban encrypted email and institute dress code

After Deadspin's Laura Wagner published an incredible, brave, detailed look at how her new private equity masters -- Jim Spanfeller/Great Hill Partners -- were running Gawker now that they'd acquired it from Univision, the company (now called "G/O Media") struck back. Read the rest

You have the right to remain encrypted

“You have the right to remain silent.” We’ve heard the Miranda warning countless times on TV, but what good is the right to remain silent if our own cellphones testify against us? Imagine every incriminating and embarrassing secret our devices hold in the hands of prosecutors, simply because you’ve been accused of a minor crime. This is the brave new world that Attorney General Bill Barr advocated when he recently addressed the International Conference on Cyber Security and called for an end to encryption as we know it. Read the rest

Fascinating, accessible guide to cryptographic attacks, from brute-force to POODLE and beyond

Ben Herzog's Cryptographic Attacks: A Guide for the Perplexed from Check Point Research is one of the clearest, most useful guides to how cryptography fails that I've ever read. Read the rest

William Barr's terrible, stupid idea to ban working crypto is slightly less terrible and stupid than earlier ideas

Proposals to ban working cryptography were all the rage in the Clinton years, but then they fell out of vogue for a decade, only to come roaring back in the form of bizarre proposals each stupider than the last, with Australia bringing home the gold in the Dumbfuck Olympics. Read the rest

The new £50 notes will feature Alan Turing (whilst HMG proposes bans on Turing complete computers AND working crypto)

The Bank of England has unveiled its new £50 notes, which had been earmarked to honour a distinguished British scientist, and which will feature Alan Turing, the WWII hero who discovered many of the foundational insights to both modern computing and cryptography, and whose work with the codebreakers of Bletchley Park are widely believed to have shortened WWII by many years and saved millions of lives. Read the rest

EFF publishes an indispensable, plain-language guide to "cell-site simulators": the surveillance devices that track you via your phone

In 2012, the Wall Street Journal first reported on a mysterious cellphone surveillance tool being used by law-enforcement; years later, we learned that the origin of this report was an obsessive jailhouse lawyer who didn't believe that the cops had caught him the way they said they had. Read the rest

UK ISP Association, spies, censorship organsation jointly condemn Mozilla for supporting secure DNS because it breaks UK internet censorship rules

ISPs in the UK are required to censor a wide swathe of content: what began as a strictly limited, opt-in ban on depictions of the sexual abuse of children has been steadily expanded to a mandatory ban on "extreme" pornography, "terrorist content," copyright and trademark infringement, and then there's the on-again/off-again ban on all porn sites unless they keep a record of the identity of each user and the porn they request.. Read the rest

Learning from Baltimore's disaster, Florida city will pay criminals $600,000 to get free of ransomware attack

The city council of Riviera Beach, Florida has voted unanimously to pay $600,000 to criminals who seized control of the city's computers through a ransomware attack, after three weeks of being locked out of the city systems (the city has also voted to spend $1m replacing its computers). Read the rest

Private Join and Compute is Google's free/open source tool to allow "mulitparty computation" of encrypted data without decryption

Private Join and Compute is a new free/open Google tool that implements the longstanding cryptographic concept of "commutative encryption," which allows untrusted parties to merge their datasets without revealing their contents to one another, do mathematical work on the data, and learn the outcome of that work without either of them seeing the underlying data. Read the rest

Germany demands an end to working cryptography

Germany's Interior Minister Horst Seehofer -- a hardliner who has called for cameras at every "hot spot" in Germany -- has announced that he will seek a ban on working cryptography in Germany; he will insist that companies only supply insecure tools that have a backdoor that will allow the German state to decrypt messages and chats on demand. Read the rest

The Chinafication of the internet continues as the UK proposes blocking any service that hosts "illegal" or "harmful" material

Last year the US Congress passed SESTA/FOSTA, an "anti-sex-trafficking bill" that has resulted in the shuttering of all the services formerly used by sex workers to vet their johns, massively increasing the personal physical risk borne by sex-workers and reinvigorating the dying pimping industry, as sex workers seek out protectors. Read the rest

More posts