Yahoo may have let the government spy on emails. Now will we embrace encryption? | Trevor Timm | Opinion | The Guardian

Finally, Yahoo’s possible betrayal of its users is another example of why whistleblowers and leaks to the press are so important. The US government considers this type of surveillance “legal” even though it shocks the conscience of many ordinary Americans and dozens of civil liberties groups have been attempting to have courts rule it illegal for years.

Fuente: Yahoo may have let the government spy on emails. Now will we embrace encryption? | Trevor Timm | Opinion | The Guardian


All Bitfinex clients to share 36% loss of assets following exchange hack | Technology | The Guardian

Bitfinex, the cryptocurrency exchange that lost $72m (£55m) to hackers last week, has told customers they will lose just over 36% of the assets they had on the platform but will be compensated for these losses with tokens of credit.

Fuente: All Bitfinex clients to share 36% loss of assets following exchange hack | Technology | The Guardian


Take that, FBI: Apple goes all in on encryption | Technology | The Guardian

The new feature is just the latest move towards more widespread encryption in consumer technology products following Apple’s standoff with the FBI earlier in 2016, in which it refused to help the agency weaken its own security processes to access information on an iPhone belonging to a terrorist. Facebook and Google both pledged support for Apple during the fight, and both are subsequently reported to be planning encrypted versions of their messaging apps.

Fuente: Take that, FBI: Apple goes all in on encryption | Technology | The Guardian


‘Crypto Wars’ timeline: A history of the new encryption debate

Encryption is finally mainstream.Government officials and technologists have been debating since the early 1990s whether to limit the strength of encryption to help the law-enforcement and intelligence communities monitor suspects’ communications. But until early 2016, this was a mostly esoteric fight, relegated to academic conferences, security agencies’ C-suites, and the back rooms of Capitol Hill.Everything changed in mid-February, when President Barack Obama’s Justice Department, investigating the terrorists who carried out the San Bernardino, California, shooting, asked a federal judge to force Apple to help the Federal Bureau of Investigation unlock one attacker’s iPhone.What followed was an unexpectedly rancorous and unprecedentedly public fight over how far the government should go to pierce and degrade commercial security technology in its quest to protect Americans from terrorism.

Fuente: ‘Crypto Wars’ timeline: A history of the new encryption debate


Snowden Debates CNN’s Fareed Zakaria on Encryption

NSA whistleblower and privacy advocate Edward Snowden took part in his first public debate on encryption on Tuesday night, facing off against CNN’s Fareed Zakaria, a journalist and author known for his coverage of international affairs.

Fuente: Snowden Debates CNN’s Fareed Zakaria on Encryption


¿Hasta qué punto son seguras las telecomunicaciones cifradas? – El Mostrador

Con la mirada puesta en la anhelada meta de la privacidad, la universalización del cifrado para la seguridad de las telecomunicaciones en internet se perfila ya como un camino sin retorno, avalado por los últimos movimientos de populares plataformas en el sector, aunque teñido de sombras.

Fuente: ¿Hasta qué punto son seguras las telecomunicaciones cifradas? – El Mostrador


Drive towards strong encryption will end

What happens when the wave of encryption rippling through the personal technology world washes up against the realities of the data economy?Most of the recent debate over the spread of encryption has centred on the implications for personal privacy and national security. Less has been said about business: in particular, what a greater use of encryption will mean for the usability of tech products and services, and for the business models that rely on capturing and extracting value from data.

Fuente: Drive towards strong encryption will end


Forget Apple's fight with the FBI – our privacy catastrophe has only just begun | Technology | The Guardian

The privacy crisis is a disaster of our own making – and now the tech firms who gathered our data are trying to make money out of privacy

Fuente: Forget Apple’s fight with the FBI – our privacy catastrophe has only just begun | Technology | The Guardian


Apple gains support from tech rivals in FBI case – FT.com

ft.com > Companies >TechnologySubscribe Sign in Home World Companies Energy Financials Health Industrials Luxury 360 Media Retail & Consumer Tech Telecoms Transport By Region Tools Markets Global Economy Lex Comment Management Life & Arts March 4, 2016 2:25 amApple gains support from tech rivals in FBI caseTim Bradshaw in San Francisco Share Print Clip CommentsFBI and Apple logos©FBI/AppleAmerica’s largest technology companies have joined Apple’s fight against the government over data protection and security, in an unusual display of unity by the Silicon Valley rivals.More than a dozen motions filed on Thursday sided with Apple as it tries to resist a demand to write software that would help the FBI unlock the San Bernardino shooter’s iPhone. Civil liberties groups and IT trade associations lined up alongside dozens of law professors and cryptography experts, after Apple filed its own motion for the judicial order to be withdrawn last week.

Fuente: Apple gains support from tech rivals in FBI case – FT.com


Apple's Tim Cook defends encryption. When will other tech CEOs do so? | Trevor Timm | Opinion | The Guardian

More high-profile titans need to use their platforms to make crystal clear how important encryption is to users everywhere

Fuente: Apple’s Tim Cook defends encryption. When will other tech CEOs do so? | Trevor Timm | Opinion | The Guardian


Apple believes bill creates ‘key under doormat for bad guys’ – FT.com

Shortly after Theresa May introduced the draft Investigatory Powers bill in November to update the UK’s surveillance laws for the internet age, the home secretary met privately with Tim Cook, Apple’s chief executive. He laid out a number of

Fuente: Apple believes bill creates ‘key under doormat for bad guys’ – FT.com


Comey Calls on Tech Companies Offering End-to-End Encryption to Reconsider “Their Business Model”

The FBI director essentially wants tech companies to roll back secure encryption to something less secure that law enforcement can intercept.

Fuente: Comey Calls on Tech Companies Offering End-to-End Encryption to Reconsider “Their Business Model”


Hacker-fighting prowess on show at cyber security conference – FT.com

Hacker-fighting prowess on show at cyber security conference – FT.com.

A man types on a laptop computer in an arranged photograph taken in Tiskilwa, Illinois, U.S., on Thursday, Jan. 8, 2015. U.S. officials are discussing whether new standards should be set for government action in response to hacks like the one suffered by Sony Pictures Entertainment, such as if a certain level of monetary damage is caused or if values such as free speech are trampled, National Security Agency Director Michael Rogers said in an interview with Bloomberg News. Photographer: Daniel Acker/Bloomberg©Bloomberg

When cyber security start-ups set out their stalls at the industry‘s largest annual conference on Monday, they will be looking to show off their hacker-fighting prowess not just to buyers of security products, but also to Wall Street investors.

A new generation of cyber security companies is preparing to go public, as analysts predict a rise in security spending by boards desperate to protect themselves from becoming the next Sony Pictures, Home Depot or Target.

Dan Ives, an analyst at FBR Capital Markets, says investors will be flocking to the RSA Conference in San Francisco this week because cyber security is a $15bn-$20bn market opportunity in the next three years.

“Seven or eight years ago you could hear a pin drop at RSA,” he said. “Now it is going to be like a Bon Jovi rock concert.”

“It is the seminal event in cyber security: the new year’s eve, the wedding, the bar mitzvah,” he added.

VC funds have been flooding into cyber security, surpassing $1bn for the first time in the first quarter of 2015, according to data from private company research firm PrivCo. VC funding for security software start-ups hit $2.3bn in 2014, up more than a third from the year before. Just four years ago, less than $1bn was raised by cyber security companies for a whole year.

 


PGP creator Phil Zimmermann: 'Intelligence agencies have never had it so good' | Technology | The Guardian

PGP creator Phil Zimmermann: ‘Intelligence agencies have never had it so good’ | Technology | The Guardian.

Phil Zimmermann: 'End-to-end encryption is everywhere now: in browsers, online banking...'

 Phil Zimmermann: ‘End-to-end encryption is everywhere now: in browsers, online banking…’

The recent hack against Sony Pictures is likely to have made companies of all sizes consider upping their cybersecurity measures. Perhaps, though, it’s also a different kind of wake-up call: a reason to think less about security, and more about privacy.

That’s the belief of Phil Zimmermann – the creator of email encryption software Pretty Good Privacy (PGP), and now president and co-founder of secure communications company Silent Circle – initially expressed in a blog post, and expanded on in an interview with the Guardian.

“Sony had all kinds of things: intrusion detection, firewalls, antivirus … But they got hacked anyway. The security measures that enterprises do frequently get breached. People break in anyway: they overcome them,” says Zimmermann.

“A lot of this stuff could have been encrypted. If those emails had been encrypted with PGP or GnuPG, the hackers wouldn’t have gotten very far. Those movie scripts that they stole? They could have been encrypted too.”

Zimmermann hopes that companies will look at what happened to Sony, and use it as a spur to explore encryption as a way to protect their employees’ privacy, rather than ramping up their spending on security measures to protect their data.

“People don’t think of privacy much when they think about enterprises, but enterprise privacy is a real thing: it’s the collective privacy of everybody in the company, and the privacy of the company assets as well,” he says.

“In Sony’s case, there were emails about Hollywood actresses that got breached. That’s connected with personal privacy. I think companies retain too much information.”

If more businesses shift their thinking from security to privacy, it’ll be good news for Silent Circle, which offers technology for encrypted voice calls, video chat and messaging, as well as being a key part of the privacy-focused Blackphonesmartphone.


“No me gusta el estilo de vida de los ricos” | Tecnología | EL PAÍS

“No me gusta el estilo de vida de los ricos” | Tecnología | EL PAÍS.

El fundador de la mayor red social rusa, VKontakte, y de la mensajería instántanea Telegram, huyó de Rusia el pasado mes de abril

Pável Durov, fundador de la red social Vkontakte, en una conferencia en San Francisco el pasado 2 de diciembre. /JIM WILSON (THE NEW YORK TIMES)

Una nube de admiradores sigue a Pável Durov para hacerse una foto con él. El trato que le dan es parecido al que tendría una estrella emergente del rock. Pero el Mark Zuckerberg ruso no tiene tatuajes, ni piercings. Y viste siempre de negro, “por comodidad y para ir siempre conjuntado”, se justifica.

Este emprendedor y programador nacido en San Petersburgo en 1984 abandonó su país natal el pasado mes de abril y se encuentra ahora en San Francisco, donde se celebra esta entrevista. Se fue tras haber resistido durante meses la creciente presión de los servicios de seguridad del Kremlin para que revelara información sobre grupos de la oposición que se comunican a través de la red social VKontakte, que fundó junto a su hermano Nikolai en 2006. Le pidieron perfiles de personas implicadas en las protestas de Ucrania y no quiso colaborar. Vendió su empresa y dejó el país.

Durov, que puso en pie la mayor red social de su país, con 270 millones de usuarios, es también el creador de la mensajería instantánea Telegram, un servicio similar al de WhatsApp al que muchos usuarios migraron cuando la empresa fundada por Jan Koum y Brian Acton fue adquirida por Facebook.


El Ciudadano » “Hostil a la privacidad”: Snowden insta a deshacerse de Dropbox, Facebook y Google

El Ciudadano » “Hostil a la privacidad”: Snowden insta a deshacerse de Dropbox, Facebook y Google.

Edward Snowden ha arremetido contra Dropbox y otros servicios por ser “hostiles a la privacidad”, instando a los usuarios a que abandonen la comunicación sin cifrar y configuren la privacidad para evitar el espionaje gubernamental.

Snowden aconseja a los usuarios de internet “deshacerse” de Dropbox, ya que este servicio encripta los datos solo durante la transferencia y el almacenamiento en los servidores. El excontratista de la NSA recomienda en su lugar los servicios, por ejemplo, de SpiderOak, que codifican la información también mientras se encuentra en el ordenador.

“Estamos hablando de abandonar los programas que son hostiles a la privacidad”, señaló Snowden en una entrevista con ‘The New Yorker’.

Lo mismo ocurre, en su opinión, con redes sociales como Facebook y también con Google. Snowden apunta a que son “peligrosos” y propone que la gente use otros servicios que permitan enviar mensajes cifrados como RedPhone o SilentCircle.


Apple encryption: Stop the hysteria (Opinion) – CNN.com

Apple encryption: Stop the hysteria (Opinion) – CNN.com.

By Bruce Schneier
October 4, 2014 — Updated 1641 GMT (0041 HKT)
It all started with a truck driver in St. Louis. Ok, if we're being honest, it all started with a Swedish engineer named Lars Magnus Ericsson and <a href='http://www.ehow.com/about_5426865_history-car-phones.html ' target='_blank'>some electrical wires</a>... but let's skip ahead a few decades. The first mobile call was made on an<a href='http://www.corp.att.com/attlabs/reputation/timeline/46mobile.html ' target='_blank'> AT&amp;T car phone</a> in 1946. But owning a car phone didn't become mainstream until the 1980s. Now <a href='http://www.cnn.com/2011/TECH/mobile/10/03/cell.phones.numbers.gallery/index.html '>85% of American adults</a> own a cell phone, and we're annoyed when we can't get service. In celebration of the <a href='http://www.cnn.com/2011/10/04/tech/mobile/apple-iphone-announcement/index.html'>iPhone 4S's release</a>, take a look back at the evolution of popular mobile phones in the U.S.

It all started with a truck driver in St. Louis. Ok, if we’re being honest, it all started with a Swedish engineer named Lars Magnus Ericsson andsome electrical wires… but let’s skip ahead a few decades. The first mobile call was made on an AT&T car phone in 1946. But owning a car phone didn’t become mainstream until the 1980s. Now 85% of American adults own a cell phone, and we’re annoyed when we can’t get service. In celebration of theiPhone 4S’s release, take a look back at the evolution of popular mobile phones in the U.S.

HIDE CAPTION
Evolution of the mobile phone
<<
<
1
2
3
4
5
6
7
8
9
10
11
>
>>

STORY HIGHLIGHTS
  • Schneier: Apple closed serious security vulnerability in the iPhone, enabling wide encryption
  • He says law enforcement overreacted in saying it is a major form of protection for criminals
  • Law enforcement always complains about encryption but is little stymied by it, he says
  • Schneier: The benefits in protecting privacy far outweigh the costs

Editor’s note: Bruce Schneier is a security technologist and the chief technology officer of Co3 Systems. The opinions expressed in this commentary are solely those of the author.

(CNN) — Last week Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone’s encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it.

From now on, all the phone’s data is protected. It can no longer be accessed by criminals, governments, or rogue employees. Access to it can no longer be demanded by totalitarian governments. A user’s iPhone data is now more secure.

To hear U.S. law enforcement respond, you’d think Apple’s move heralded an unstoppable crime wave. See, the FBI had been using that vulnerability to get into peoples’ iPhones. In the words of cyberlaw professor Orin Kerr, “How is the public interest served by a policy that only thwarts lawful search warrants?”

Bruce Schneier

Bruce Schneier

Ah, but that’s the thing: You can’t build a “back door” that only the good guys can walk through. Encryption protects against cybercriminals, industrial competitors, the Chinese secret police and the FBI. You’re either vulnerable to eavesdropping by any of them, or you’re secure from eavesdropping from all of them.

Back-door access built for the good guys is routinely used by the bad guys. In 2005, some unknown groupsurreptitiously used the lawful-intercept capabilities built into the Greek cell phone system. The same thing happened in Italy in 2006.

In 2010, Chinese hackers subverted an intercept system Google had put into Gmail to comply with U.S. government surveillance requests. Back doors in our cell phone system are currently being exploited by the FBI and unknown others.

This doesn’t stop the FBI and Justice Department from pumping up the fear. Attorney General Eric Holder threatened us with kidnappersand sexual predators.

The former head of the FBI’s criminal investigative division went even further, conjuring up kidnappers who are also sexual predators. And, of course, terrorists.

FBI Director James Comey claimed that Apple’s move allows people to place themselves beyond the law” and also invoked that now overworked “child kidnapper.” John J. Escalante, chief of detectives for the Chicago police department now holds the title of most hysterical: “Apple will become the phone of choice for the pedophile.”

It’s all bluster. Of the 3,576 major offenses for which warrants were granted for communications interception in 2013, exactly one involved kidnapping. And, more importantly, there’s no evidence that encryption hampers criminal investigations in any serious way. In 2013, encryption foiled the police nine times, up from four in 2012 — and the investigations proceeded in some other way.


Privacy boom brings digital paranoia into the open – FT.com

Privacy boom brings digital paranoia into the open – FT.com.

High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights. http://www.ft.com/cms/s/0/f970d000-0291-11e4-a68d-00144feab7de.html#ixzz36Vcdb6PE

The growing interest in secrecy should serve as a wake-up call
Cyber crime security ID©Dreamstime

There seems to be a booming market in paranoia. The Blackphone, which went on sale in the US this week, is purpose-built for the post-Snowden era: it encrypts all of a user’s data and comes preloaded with apps designed with secrecy in mind to block “information leakage”.

Then there is Wickr, a messaging system that boasts far more robust encryption than that available on other widely used services. It raised a hefty $30m in venture capital last week.

In a telling sign of the times, the Wickr investment was led by Jim Breyer, a Silicon Valley venture capitalist best known for making a killing on Facebook. The culture of secrecy-minded companies such as Wickr is far removed from the heightened transparency that fuels Facebook’s social network.

This is still a decidedly niche market. The vast audiences of companies such as Google and Facebook have not turned away because governments have sought to penetrate their systems or because of their periodic privacy gaffes.

For most internet users, the immediate gratification of using a search engine or social network – and the advantages of bringing their “real world” identities online – far outweighs any abstract concern about notional privacy trade-offs.

But the growing interest in secrecy should come as a wake-up call. The Snowden leaks have served as a reminder of the information-gathering practices of the internet companies. “Big data” has become an industry branding nightmare, conjuring images of vast pools of private information waiting to be tapped by spies or sold to the highest bidder.

Internet companies are only just beginning to combat this conflation of illicit surveillance and commercial data gathering.

The first response has been to try to show that they are serious about taking their users’ side against overreaching governments. That has meant greater use of encryption in their networks and a more robust rejection of official requests that stop short of legally binding orders.

But it is hard to mount a convincing argument that users’ interests always come first when one of the longest-running privacy debates – about the use of cookies to track users and send targeted advertising – remains unresolved. In the US, the failure of the online advertising industry to come up with an effective “do not track” system has been an enduring reminder of the contradiction that lies at the heart of advertising-driven services.

Mobile apps have become another sore point. They usually involve a take it or leave it choice: most require users to consent to them accessing a wide array of personal information while giving little idea about how it will be used.

Trusting the companies that hold data will require a leap of faith. That explains why Apple made much of privacy at its recent developers’ conference when it revealed the digital platforms it was building for the internet of things

The Blackphone’s default settings block apps that seek to tap into things such as a user’s location and contact lists. But given the data promiscuity of the average smartphone app, anyone opting for these settings would be barred from many of the most widely used smartphone services.

The internet of things – the coming mass of smartwatches, intelligent home thermostats and other connected gadgets – is about to present a new test.

Much of the information collected by these devices will have even greater personal sensitivity. In some cases it will involve health data, gathered from fitness trackers or from sensors around the body. In others, it will include intimate details of what is happening inside users’ homes, collected through things such as security cameras and other smart monitors.

Trusting the companies that hold this data will require a leap of faith. That explains why Apple made much of privacy at its recent developers’ conference when it revealed the digital platforms it was building for the internet of things.

Its HealthKit and HomeKit are intended to become two of the data hubs of the connected physical world. They will draw information from many devices to assemble a comprehensive, deeply personal picture of their users’ lives.

It also explains why chief executive Tim Cook broke with his normal tempered delivery to pour scorn on Google’s Android mobile operating system, quoting an article describing it as a “toxic hellstew of vulnerabilities”. Apple, with its reputation for managing a controlled, “closed” system, may start in a stronger position in this new world than Google, with its preference for more open platforms.

For now, convenience still trumps paranoia when it comes to the use of everyday digital services. But without a concerted effort to address the proliferating privacy issues, that won’t be something that can always be taken for granted.

Richard Waters is the Financial Times’ West Coast Editor

 


Four ways Edward Snowden changed the world – and why the fight's not over | Trevor Timm | Comment is free | theguardian.com

Four ways Edward Snowden changed the world – and why the fight’s not over | Trevor Timm | Comment is free | theguardian.com.

Encrypted Gmail. Transparency from mobile providers. Maybe even a legal ‘revolt’ against ‘Orwellian’ surveillance. But until we get real reform, NSA and Co may survive in the shadows

 

 

edward snowden illustration
During the first weeks of the Snowden revelations, it wasn’t clear legislators cared. Then public opinion changed, and now there’s a bill. Will we ever get real reform? Illustration: Kyle Bean for the Guardian

 

Thursday marks one year since the Guardian published the first in a series of eye-opening stories about surveillance based on documents provided by Edward Snowden. The events in the 52 weeks since have proven him to be the most significant whistleblower in American history – and have reverberated throughout the world.

But along with the changes Snowden sparked, vital questions remain about how and if the National Security Agency and its global spy apparatus will truly be reformed. Many wheels are finally in motion, but will the US Congress and the courts actually respond in a meaningful way? In truth, the second year of Snowden may be more important than the first. It’s when we’ll see if global privacy rights get protected for the better – or if mass surveillance becomes more entrenched in our laws than ever before. For now, it’s important to take stock in looking ahead to the next chapter.


Has the NSA’s mass spying made life easier for digital criminals? | Technology | theguardian.com

Has the NSA’s mass spying made life easier for digital criminals? | Technology | theguardian.com.

In flooding the internet with malware, and by increasing wariness of data sharing, the NSA’s actions have had a negative impact on the fight against cybercrime

A man hands out 'RSA sold us out' ribbons near Moscone West for the badges of people attending the RSA conference.
A man hands out ‘RSA sold us out’ protest ribbons near Moscone West to people attending the RSA conference. Photograph: Steve Rhodes/Demotix/Corbis

Thousands of the world’s security professionals, mostly of them middle-aged white males, gathered in San Francisco last week for the annual RSA Conference.

Traditionally, it’s the time of year vendors hawk their gear in halls containing a perturbing whiff of ammonia, research announcements provide relief from the festival of commerce, and government mandarins hobnob with corporate types – all with the implied intent to work together to protect people’s data.

Yet 2014’s event was always going to be a bit different. RSA, the security company hosting the event, had to defend itself against criticism over an alleged $10m deal with the National Security Agency (NSA) to include flawed encryption in its products.

The company’s chief, Art Coviello, outright denied any wrongdoing, saying RSA was only following advice given by the US government’s National Institute of Standards and Technology (NIST).

RSA’s excuses have convinced some onlookers, others remain sceptical. But the organisation that took far more flak this week was the NSA itself, which had its own booth on the trade floor, albeit a considerably plainer one than the surrounding neon-clad stalls of commercial firms.

There was one criticism, amid the understandable ire around the damage done to global privacy, which stood out: that the NSA’s mass spying had perversely made life easier for digital criminals.

Data sharing in danger

Cross-border data-sharing mechanisms – a critical part in both online and non-internet crime investigations – have come under threat since the Edward Snowden leaks. Even though information-sharing deals covering banking and airline passenger data just about survived calls to suspend them, the Snowden files have caused problems for collaboration between public and private bodies.

The heightened tensions lie not between law enforcement agencies, but between police and other organisations that potentially hold valuable information for investigations. “The impact is more [with] third parties giving more consideration to sharing their data with agencies or other departments,” said Charlie McMurdie, formerly the head of the defunct Metropolitan Police Central e-Crime Unit and now senior crime adviser at PricewaterhouseCoopers.

“This can have a negative impact on law enforcement ability to respond to or progress investigations, but on the positive side [this] has also made third parties think more about where their data exists, security and sharing protocols, which isn’t a bad thing.”

A recent European Commission report on trust between the US and the EU following the leaks last year said: “Information sharing is … an essential component of EU-US security cooperation, critically important to the common goal of preventing and combating serious crime and terrorism. However, recent revelations about US intelligence collection programmes have negatively affected the trust on which this cooperation is based. In particular, it has affected trust in the way personal data is processed.”

Discussions are ongoing about an umbrella agreement covering law enforcement data sharing, with much talk of the need to ensure safeguards are in place, with “strict conditions”.

The US government has already seen the impact. In response to a Guardian question on the effect of Snowden’s revelations on data sharing, Phyllis Schneck, the chief cybersecurity official at the US Department of Homeland Security, said the government body’s partners were “feeling it”.


Exclusive: Secret contract tied NSA and security industry pioneer | Reuters

Exclusive: Secret contract tied NSA and security industry pioneer | Reuters.

A National Security Agency (NSA) data gathering facility is seen in Bluffdale, about 25 miles (40 km) south of Salt Lake City, Utah, December 16, 2013. Jim Urquhart/REUTERS

A National Security Agency (NSA) data gathering facility is seen in Bluffdale, about 25 miles (40 km) south of Salt Lake City, Utah, December 16, 2013. Jim Urquhart/

CREDIT: REUTERS

(Reuters) – As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

 

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.


$10m NSA contract with security firm RSA led to encryption 'back door' | World news | theguardian.com

$10m NSA contract with security firm RSA led to encryption ‘back door’ | World news | theguardian.com.

• Flawed formula enabled agency to crack into products

• RSC and NSA decline to comment

  • theguardian.com
RSA
An RSA SecurID dongle used for internet VPN tunnelling. Photograph: Chris Helgren/Reuters

As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the National Security Agency arranged a secret $10m contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Documents leaked by the former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers, to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.

Undisclosed until now was that RSA received $10m in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.


Twitter adds more security to thwart predators – and government agencies | Technology | The Observer

Twitter adds more security to thwart predators – and government agencies | Technology | The Observer.

Company joins Google and Facebook in using ‘perfect forward secrecy’ to protect data of its 218 million users
Lady Gaga

Lady Gaga has the third most followed Twitter account Photograph: Henry Lamb/Photowire/BEI/REX

Twitter has announced a significant increase in its data security as it moves to protect users from attacks by the “apex predators” of theinternet.

An internal team of security engineers has spent several months implementing “perfect forward secrecy”, which adds an extra layer of security to the widely used https encryption deployed by banks online, by retailers and, increasingly, consumer web services.

Google, Facebook, Dropbox and Tumblr have all implemented forward secrecy already, and LinkedIn is understood to be introducing it in 2014.

Users may not immediately notice any difference, other than a barely perceptible time lag as they use the service across desktop, mobile and through third-party services, but for Twitter the move asserts its credentials as a company fiercely protective of its users’ data.

That data includes not only messages that users choose to publish publicly, but also direct, private messages, protected tweets and data on what users say, who they comment on and who else they read. Collectively, large datasets, such as those of Twitter’s 218 million users, can be analysed to identify connections between people, locations and interests.

Announcing the new implementation, which has been running as a trial since 21 October, a detailed post on Twitter’s engineering blog encouraged other sites to “defend and protect the users’ voice” by implementing https and forward secrecy.


Silent Circle claims major companies not declaring data breaches | Technology | theguardian.com

Silent Circle claims major companies not declaring data breaches | Technology | theguardian.com.

The company which shut its secure email over privacy concerns says corporate customers have admitted regular data breaches

generic keyboard pic/email key
Secure communications providers Silent Circle claim corporate customers have admitted regular data breaches

Major companies are failing to disclose data security breaches, a secure communications company has claimed.

The co-founder of Silent Circle, which closed its secure email service over concerns that it could not guarantee users’ privacy from government-mandated surveillance, claimed that corporate users have admitted data breaches that have not been disclosed to shareholders.

“We’re like digital priests,” said Mike Janke, chief executive of the service. “Everybody calls us, or comes to our office, and tells us just every dirty thing that’s going on.

“I sat and spoke with the chief information officer of a Fortune 500 company, and he’s telling me that they’re not reporting 80% of their data breaches. And I’m going, ‘there’s a law against that’.

“Customers of ours disclose that they’re being breached, weekly, and they don’t disclose it to shareholders.”


US and UK spy agencies defeat privacy and security on the internet | World news | The Guardian

US and UK spy agencies defeat privacy and security on the internet | World news | The Guardian.

• NSA and GCHQ unlock encryption used to protect emails, banking and medical records
• $250m-a-year US program works covertly with tech companies to insert weaknesses into products
• Security experts say programs ‘undermine the fabric of the internet’

Computer screen data

Through covert partnerships with tech companies, the spy agencies have inserted secret vulnerabilities into encryption software. Photograph: Kacper Pempel/Reuters

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees thatinternet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.

Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.


Email service used by Snowden shuts itself down, warns against using US-based companies

http://www.theguardian.com/commentisfree/2013/aug/09/lavabit-shutdown-snowden-silicon-valley

Edward Snowden: ‘Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren’t fighting for our interests the same way’

Lavabit

The front page of Lavabit announces to its users its decision to shut down rather than comply with ongoing US surveillance orders Photo: Lavabit

A Texas-based encrypted email service recently revealed to be used by Edward Snowden – Lavabit – announced yesterday it was shutting itself down in order to avoid complying with what it perceives as unjust secret US court orders to provide government access to its users’ content. “After significant soul searching, I have decided to suspend operations,” the company’s founder, Ladar Levinson, wrote in a statement to users posted on the front page of its website. He said the US directive forced on his company “a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.” He chose the latter.

CNET’s Declan McCullagh smartly speculates that Lavabit was served “with [a] federal court order to intercept users’ (Snowden?) passwords” to allow ongoing monitoring of emails; specifically: “the order can also be to install FedGov-created malware.” After challenging the order in district court and losing – all in a secret court proceeding, naturally – Lavabit shut itself down to avoid compliance while it appeals to the Fourth Circuit.


Lavabit privacy row: second email service closes 'to prevent spying'

http://www.theguardian.com/technology/2013/aug/09/lavabit-email-edward-snowden-shuts-down

Withdrawal comes after apparent pressure on Lavabit to allow US government access to encrypted messages on its servers

Lavabit Encrypted Email Service

Lavabit was apparently under pressure to grant US government access to its encrypted servers. Photograph: Alex Milan Tracy/NurPhoto/Corbis

Two American companies which provided encrypted email services – one to the NSA fugitive Edward Snowden – have abruptly shut down the service, apparently following US government pressure to let it read users’ messages.

Lavabit, which is believed to have been used by Snowden and which claimed to have 350,000 customers, closed after apparently rejecting a US government court order to cooperate in surveillance on its customers by allowing some form of access to the encrypted messages on its servers.

Its founder Ladar Levison wrote on the company’s website: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.”


El miedo al ‘caso Snowden’ atenaza a las empresas de correo electrónico seguro

 

http://tecnologia.elpais.com/tecnologia/2013/08/09/actualidad/1376034844_279355.html

Dos servicios de mensajería cifrados cierran en menos de 24 horas

La carta publicada en lugar de la página de Lavabit.

Dos empresas que ofrecen a sus clientes servicios cifrados de correo electrónico —que permiten la transferencia de información de forma segura —han dejado de operar voluntariamente en menos de 24 horas. El motivo ofrecido a los clientes es el mismo: el miedo a que la onda expansiva de las filtraciones de Edward Snowden las alcance de lleno.