Tag Archives: encryption

A pardon for Edward Snowden

snowden-pardonFor the second consecutive year, Edward Snowden appeared at South by South West in Austin, Texas, and once again, he was not able to attend in person. Snowden, again, appeared via internet stream, this time to a select group of people from the technology and policy world. The Verge reports, “Sunday Yokubaitis, president of online privacy company Golden Frog, described as a ‘call to arms’ for tech companies to foil spying with better privacy tools.” Adding that “Snowden said that as policy reform lagged, companies should adopt more secure technology that could block surveillance altogether or make it too difficult to pursue en masse. A big focus was end-to-end encryption, which would mean no one (including companies) could see the contents of communications except the sender and recipient.”

One topic not discussed was in regards to the former NSA contractor: the possibility of a fair trial. In early March, one of Snowden’s lawyers said, “[Edward] Snowden is ready to return to the [United] States, but on the condition that he is given a guarantee of a legal and impartial trial.” Jesselyn Radack, who also works on Snowden’s legal team, says a trial under the Espionage Act—the World War I-era law that Snowden is alleged to have violated—“would not be considered fair.” Radack reportedly said, “Snowden would be amenable to coming back to the United States for the kind of plea bargain that Gen. [David] Petraeus received.”

Patreus plead guilty to a misdemeanor charge of mishandling classified material and will serve no jail time for his actions. Unlike Snowden, who gave classified documents about mass surveillance to members of the media; Petraeus gave classified info to his biographer and girlfriend, Paula Broadwell. Patreus then lied to the FBI about having given Broadwell access to the documents.

By contrast, Edward Snowden never lied about his actions, and even explained why he did it. We don’t yet know if Edward Snowden will ever be allowed to return to the United States, or if he will ever appear in a court. However, he should not have to appear in court, because he should be granted a full pardon.

I know that will not happen as long as Barack Obama is in the White House, because it was Obama’s Administration that sought espionage charges in the first place. Nor do I expect a Republican Presidentt to issue such a pardon either. Even the supposed libertarian Rand Paul has said that Snowden should spend “a few years in prison.”

It is clear that neither major party will do what is right, and will only serve to protect their own interests. Is it any wonder that both parties now have an approval rating below 40%?

( -)-(- )comment

FBI on encryption: nothing to hide, nothing to fear?

9074740413_bd2d118133_c-thumb-570x378-125862Ever since the revelations from Edward Snowden became public last year, there has been an increased interest in encryption and online privacy. This has led companies like Apple and Google to encrypt or protect their new operating systems with coding by default. The FBI isn’t happy with the news. see more…

( -)-(- )Comments Off

Kim Dotcom: End government surveillance, encrypt everything

File-sharing megahero Kim Dotcom is giving massive amounts of interviews to accompany his recent launch of Mega.co.nz — the file sharing portal that’s had over a million signups in about a week.

During an interview with Russia Today, Dotcom explained his views on how to end the snooping surveillance state the U.S. government has slowly wrapped around every packet traversing the internet. He wants everyone to start encrypting their online communication:

RT :The new program, Mega, is fully encrypted, and you’re touting it as an encrypted program so that people will want to use it. Do you think this is even necessary, right now, that people need encryption on the Internet?

KD: I think it’s important for the Internet that there is more encryption. Because what I have learned since I got dragged into this case is a lot about privacy abuses, about the government spying on people. You know, the US government invests a lot of money in spy clouds: massive data centers with hundreds of thousands of hard drives storing data. And what they are storing is basically any communication that traverses through US networks. And what that means they are not spying on individuals based on a warrant anymore. They just spy on everybody, permanently, all the time. And what that means for you and for anybody is that if you are ever a target of any kind of investigation, or someone has a political agenda against you, or a prosecutor doesn’t like you, or the police wants to interpret something in a way to get you in trouble — they can use all that data, go through it with a comb and find things even though we think we have nothing to hide and have done nothing wrong. They will find something that they can nail you with and that’s why it’s wrong to have these kinds of privacy abuses, and I decided to create a solution that overtime will encrypt more and more of the internet. So we start with files, we will then move to emails, and then move to Voice-Over-IP communication. And our API [Application Programming Interface] is available to any third-party developer to also create their own tools. And my goal is, within the next five years, I want to encrypt half of the Internet. Just reestablish a balance between a person — an individual — and the state. Because right now, we are living very close to this vision of George Orwell and I think it’s not the right way. It’s the wrong path that the government is on, thinking that they can spy on everybody.

Dotcom is so confident in his website that he has already issued a cash prize challenge, saying “Let’s see what you got.” Well Ars Technica went in and told us, “here’s the problem”:

A lot of the issues with Mega’s cryptographic implementation appear to be tied with the desire to make the service as “thin” as possible, requiring only a Javascript-capable browser (preferably Chrome, according to Mega). On one hand, this means there’s no client required, and the Web browser itself functions as the application platform—this simplifies the testing and deployment of new Mega features, since all Kim Dotcom’s guys have to do is update the site’s Javascript files. It also immediately buys total cross-platform compatibility, working on any computer in (just about) any browser.

On the other hand, the documentation and implementation have no small number of weaknesses and potential exploits. The RSA key pair generation process needs to be overhauled post-haste, and there needs to be some method of backing up and modifying a user’s encryption key.

The fact that encrypted data is not a total mystery to Mega is the most troubling issue.

Troubling indeed.

Thankfully we don’t need Dotcom’s Mega to do all the work of file encryption thinking for us. There are many options available out there, such as TrueCrypt. For browser encryption (without reminding yourself to change http to https or relying on site to do it automatically), Firefox and Chrome users can head on over to the Electronic Frontier Foundation’s HTTPS Everywhere project and begin encrypting all their traffic between browser and servers with a simple (and mostly transparent) plugin/add-on. PGP email encryption is nothing new to savvy geeks, even if they still have to send plain-text e-mail to their non-techie families.

Sadly, easy universal encryption has been slow in trickling down to the masses. And even worse: Even when it finally arrives, there remains the problem of a tyrannical government potentially forcing website owners to hand over unencrypted end-point data on users (for all we know, Dotcom’s servers could be raided again, providing a treasure trove of information to the snoops).

But don’t write off cyber privacy as an unwinnable battle just yet, Kim Dotcom may just be on to something, albeit on shaky grounds.

( -)-(- )2 comments