You have the right to remain encrypted

“You have the right to remain silent.” We’ve heard the Miranda warning countless times on TV, but what good is the right to remain silent if our own cellphones testify against us? Imagine every incriminating and embarrassing secret our devices hold in the hands of prosecutors, simply because you’ve been accused of a minor crime. This is the brave new world that Attorney General Bill Barr advocated when he recently addressed the International Conference on Cyber Security and called for an end to encryption as we know it. Read the rest

EFF publishes an indispensable, plain-language guide to "cell-site simulators": the surveillance devices that track you via your phone

In 2012, the Wall Street Journal first reported on a mysterious cellphone surveillance tool being used by law-enforcement; years later, we learned that the origin of this report was an obsessive jailhouse lawyer who didn't believe that the cops had caught him the way they said they had. Read the rest

UK ISP Association, spies, censorship organsation jointly condemn Mozilla for supporting secure DNS because it breaks UK internet censorship rules

ISPs in the UK are required to censor a wide swathe of content: what began as a strictly limited, opt-in ban on depictions of the sexual abuse of children has been steadily expanded to a mandatory ban on "extreme" pornography, "terrorist content," copyright and trademark infringement, and then there's the on-again/off-again ban on all porn sites unless they keep a record of the identity of each user and the porn they request.. Read the rest

Chinese authorities are secretly installing their anti-Uyghur surveillance app on the phones of tourists to Xinjiang province

Back in 2017, Chinese authorities in Xinjiang began stopping members of the Uyghur ethnic minority and forcing them to install spyware on their phones: it marked an intensification of the country's crackdown on Uyghur's and other ethnic/religious minorities, which acquired a new technological fervor: next came the nonconsensual collection of the DNA of every person in Xinjiang, then the creation of torture camps designed to brainwash Uyghurs out of their Islamic faith, and then a full blown surveillance smart-city rollout that turned the cities of the region into open-air prisons. Read the rest

"Massive scale" intrusion into mobile carriers' networks exposed customers' location, call data for years

The security firm Cybereason says that it has identified a likely state-sponsored attack on ten global mobile phone networks that they have attributed to "the Chinese-affiliated threat actor APT10," which has been "underway for years." Read the rest

CEO of London's Serpentine Gallery resigns after Guardian investigation accuses her of being part owner of notorious cyber-arms-dealer NSO Group

The NSO Group (previously) is one of the world's most notorious cyber-arms dealers, linked to horrific human rights abuses, extrajudicial killing of human rights activists, and the dirtiest of dirty trick campaigns against its critics (and their lawyers) -- they're also accused of helping with the Saudi government's murder and dismemberment of journalist Jamal Khashoggi. Read the rest

Germany demands an end to working cryptography

Germany's Interior Minister Horst Seehofer -- a hardliner who has called for cameras at every "hot spot" in Germany -- has announced that he will seek a ban on working cryptography in Germany; he will insist that companies only supply insecure tools that have a backdoor that will allow the German state to decrypt messages and chats on demand. Read the rest

How can spies from democracies compete with spies from autocracies?

Economist international editor Edward Lucas devotes 4,000+ words in the new issue of Foreign Policy to the changing landscape of state espionage in the 21st century; it's not particularly well-organized (if there's a reason for the order in which his thoughts are laid out, I couldn't find it), but despite that, it's well worth a read, even if there's lots I don't agree with here. Read the rest

Discovering whether your Iphone has been hacked is nearly impossible thanks to Apple's walled garden

This week, we learned that the notorious Israeli cyber-arms-dealer NSO Group had figured out how hijack your Iphone or Android phone by placing a simple Whatsapp call, an attack that would work even if you don't answer the call. Read the rest

European telcos want the right to perform "deep packet inspection" on our data

[Austria's Epicentre Works is an incredibly effective European digital rights group, most famous for getting the EU's Data Retention Directive struck down; now, they're raising the alarm about a move to relax the EU's Net Neutrality rules to allow ISPs to conduct fine-grained surveillance and discrimination against services that aren't in bed with ISPs. I'm happy to provide Epicenter Works's Thomas Lohninger a space to highlight the group's efforts -Cory]

Today 45 NGOs, Academics and Companies from 15 countries released an open letter outlining the dangers of the wide-spread use of privacy invasive Deep Packet Inspection technology in the European Union. The letter is referencing the ongoing negotiations about Europes new net neutrality rules in which some telecom regulators are pushing for the legalization of DPI technology. Read the rest

Lawyer involved in suits against Israel's most notorious cyber-arms dealer targeted by its weapons, delivered through a terrifying Whatsapp vulnerability

NSO Group is a notorious Israeli cyber-arms dealer whose long trail of sleaze has been thoroughly documented by the University of Toronto's Citizen Lab (which may or may not be related to an attempt to infiltrate Citizen Lab undertaken by a retired Israeli spy); NSO has been implicated in the murder and dismemberment of the dissident Saudi journalist Jamal Khashoggi (just one of the brutal dictatorships who've availed themselves of NSO tools), and there seems to be no cause too petty for their clients, which is why their malware has been used to target anti-soda activists in Mexico. Read the rest

Zuckerberg announces a comprehensive plan for a new, privacy-focused Facebook, but fails to mention data sharing and ad targeting

Mark Zuckerberg's 3,000 word blog post about his plan to create a parallel set of Facebook services that contain long-overdue privacy protections has plenty to please both the regulators who are increasingly ready to fine the company billions and possibly even break it up, but also privacy advocates who will rightly cheer the announcement that the service will be increasing its end-to-end encryption offerings, only storing data in countries with good track records on human rights and the rule of law, and allowing users to mark some of their conversations as ephemeral, designed to be permanently deleted after a short while. Read the rest

Bowing to public pressure, Coinbase announces it will "transition out" the ex-Hacking Team cybermercenaries whose company it just bought

The cryptocurrency service Coinbase recently acquired Neutrino, a forensics startup founded by cybermercenaries who were left unemployed by the collapse of the company Hacking Team, following a dump of internal documents that revealed the company's enthusiastic and highly profitable complicity in human rights abuses by the world's most torture- and murder-happy autocrats and dictators. Read the rest

A finance industry group is pushing an intentionally broken cryptography "standard" called ETS

ETS was originally called "Enterprise TLS," implying that it was an "enterprise-grade" version of TLS, the system used to secure internet sessions (if you visit a URL that starts with "https://", it's being protected with TLS). Read the rest

This is bad: the UAE's favorite sleazeball cybermercenaries have applied for permission to break Mozilla's web encryption

Remember Darkmatter, the UAE-based cybermercenaries who worked with the beltway bandit firm Cyberpoint to recruit ex-NSA spies to infiltrate and expose dissidents, journalists, even children who opposed the despotic regime in the Emirates? (Darkmatter is also one of the least-discriminating cybermercenary bands in the world, available to help torturers, murderers and thugs hang onto power by attacking opposition movements and letting the secret police know who to arrest, torture and kill). Read the rest

Ex-NSA whistleblower says she and other US ex-spooks targeted Americans on behalf of UAE

Lori Stroud is an ex-NSA spy who also contracted with the NSA through Booz Allen, who says that after she left the NSA, she was recruited to work on Project Raven, a secret, offensive surveillance and digital attack squad working for the autocratic United Arab Emirates regime alongside other ex-US intelligence operatives, working with the knowledge and approval of the NSA. Read the rest

Toronto cops can frequently get your public transit history without a warrant

Metrolinx, the provincial agency that supplies the Presto cards used to pay for public transit rides in Toronto, has continued to hand over riders' travel history to Toronto-area cops without asking for a warrant. Read the rest

More posts