Tag Archives: encryption

NSA spying ruled illegal; what’s next?

nsa logo - ILLEGALIn some ways, 2013 seems like it was yesterday, and in other ways it seems like 2013 was an eternity ago. On March 12 of that year, the US Supreme Court issued a 5-4 ruling in the case of Clapper v. Amnesty International USA that the plaintiffs lacked legal standing to sue the NSA. Justice Samuel Alito wrote in his opinion, the plaintiffs’ argument that they have the standing to challenge the program was based on a “highly speculative fear.” He also wrote they “have no actual knowledge of the Government’s … targeting practices,” and “can only speculate as to how the Attorney General and the Director of National Intelligence will exercise their discretion in determining which communications to target.” see more…

( -)-(- )comment

A pardon for Edward Snowden

snowden-pardonFor the second consecutive year, Edward Snowden appeared at South by South West in Austin, Texas, and once again, he was not able to attend in person.

Snowden, again, appeared via internet stream, this time to a select group of people from the technology and policy world.

The Verge reports, “Sunday Yokubaitis, president of online privacy company Golden Frog, described as a ‘call to arms’ for tech companies to foil spying with better privacy tools.”

Adding that “Snowden said that as policy reform lagged, companies should adopt more secure technology that could block surveillance altogether or make it too difficult to pursue en masse. A big focus was end-to-end encryption, which would mean no one (including companies) could see the contents of communications except the sender and recipient.”

One topic not discussed was in regards to the former NSA contractor: the possibility of a fair trial. see more…

( -)-(- )Comments Off on A pardon for Edward Snowden

FBI on encryption: nothing to hide, nothing to fear?

9074740413_bd2d118133_c-thumb-570x378-125862Ever since the revelations from Edward Snowden became public last year, there has been an increased interest in encryption and online privacy. This has led companies like Apple and Google to encrypt or protect their new operating systems with coding by default. The FBI isn’t happy with the news. see more…

( -)-(- )Comments Off on FBI on encryption: nothing to hide, nothing to fear?

Kim Dotcom: End government surveillance, encrypt everything

File-sharing megahero Kim Dotcom is giving massive amounts of interviews to accompany his recent launch of Mega.co.nz — the file sharing portal that’s had over a million signups in about a week.

During an interview with Russia Today, Dotcom explained his views on how to end the snooping surveillance state the U.S. government has slowly wrapped around every packet traversing the internet. He wants everyone to start encrypting their online communication:

RT :The new program, Mega, is fully encrypted, and you’re touting it as an encrypted program so that people will want to use it. Do you think this is even necessary, right now, that people need encryption on the Internet?

KD: I think it’s important for the Internet that there is more encryption. Because what I have learned since I got dragged into this case is a lot about privacy abuses, about the government spying on people. You know, the US government invests a lot of money in spy clouds: massive data centers with hundreds of thousands of hard drives storing data. And what they are storing is basically any communication that traverses through US networks. And what that means they are not spying on individuals based on a warrant anymore. They just spy on everybody, permanently, all the time. And what that means for you and for anybody is that if you are ever a target of any kind of investigation, or someone has a political agenda against you, or a prosecutor doesn’t like you, or the police wants to interpret something in a way to get you in trouble — they can use all that data, go through it with a comb and find things even though we think we have nothing to hide and have done nothing wrong. They will find something that they can nail you with and that’s why it’s wrong to have these kinds of privacy abuses, and I decided to create a solution that overtime will encrypt more and more of the internet. So we start with files, we will then move to emails, and then move to Voice-Over-IP communication. And our API [Application Programming Interface] is available to any third-party developer to also create their own tools. And my goal is, within the next five years, I want to encrypt half of the Internet. Just reestablish a balance between a person — an individual — and the state. Because right now, we are living very close to this vision of George Orwell and I think it’s not the right way. It’s the wrong path that the government is on, thinking that they can spy on everybody.

Dotcom is so confident in his website that he has already issued a cash prize challenge, saying “Let’s see what you got.” Well Ars Technica went in and told us, “here’s the problem”:

A lot of the issues with Mega’s cryptographic implementation appear to be tied with the desire to make the service as “thin” as possible, requiring only a Javascript-capable browser (preferably Chrome, according to Mega). On one hand, this means there’s no client required, and the Web browser itself functions as the application platform—this simplifies the testing and deployment of new Mega features, since all Kim Dotcom’s guys have to do is update the site’s Javascript files. It also immediately buys total cross-platform compatibility, working on any computer in (just about) any browser.

On the other hand, the documentation and implementation have no small number of weaknesses and potential exploits. The RSA key pair generation process needs to be overhauled post-haste, and there needs to be some method of backing up and modifying a user’s encryption key.

The fact that encrypted data is not a total mystery to Mega is the most troubling issue.

Troubling indeed.

Thankfully we don’t need Dotcom’s Mega to do all the work of file encryption thinking for us. There are many options available out there, such as TrueCrypt. For browser encryption (without reminding yourself to change http to https or relying on site to do it automatically), Firefox and Chrome users can head on over to the Electronic Frontier Foundation’s HTTPS Everywhere project and begin encrypting all their traffic between browser and servers with a simple (and mostly transparent) plugin/add-on. PGP email encryption is nothing new to savvy geeks, even if they still have to send plain-text e-mail to their non-techie families.

Sadly, easy universal encryption has been slow in trickling down to the masses. And even worse: Even when it finally arrives, there remains the problem of a tyrannical government potentially forcing website owners to hand over unencrypted end-point data on users (for all we know, Dotcom’s servers could be raided again, providing a treasure trove of information to the snoops).

But don’t write off cyber privacy as an unwinnable battle just yet, Kim Dotcom may just be on to something, albeit on shaky grounds.

( -)-(- )2 comments