Encryption is finally mainstream.Government officials and technologists have been debating since the early 1990s whether to limit the strength of encryption to help the law-enforcement and intelligence communities monitor suspects’ communications. But until early 2016, this was a mostly esoteric fight, relegated to academic conferences, security agencies’ C-suites, and the back rooms of Capitol Hill.Everything changed in mid-February, when President Barack Obama’s Justice Department, investigating the terrorists who carried out the San Bernardino, California, shooting, asked a federal judge to force Apple to help the Federal Bureau of Investigation unlock one attacker’s iPhone.What followed was an unexpectedly rancorous and unprecedentedly public fight over how far the government should go to pierce and degrade commercial security technology in its quest to protect Americans from terrorism.
Si bien estos casos judiciales destacados han sumado impulso, la ofensiva del sector contra la intrusión gubernamental en la información privada de los clientes comenzó hace al menos dos años, luego de las revelaciones de Edward Snowden sobre la recolección encubierta de datos que pusieron a todos a la defensiva.
Encrypted Gmail. Transparency from mobile providers. Maybe even a legal ‘revolt’ against ‘Orwellian’ surveillance. But until we get real reform, NSA and Co may survive in the shadows
Thursday marks one year since the Guardian published the first in a series of eye-opening stories about surveillance based on documents provided by Edward Snowden. The events in the 52 weeks since have proven him to be the most significant whistleblower in American history – and have reverberated throughout the world.
But along with the changes Snowden sparked, vital questions remain about how and if the National Security Agency and its global spy apparatus will truly be reformed. Many wheels are finally in motion, but will the US Congress and the courts actually respond in a meaningful way? In truth, the second year of Snowden may be more important than the first. It’s when we’ll see if global privacy rights get protected for the better – or if mass surveillance becomes more entrenched in our laws than ever before. For now, it’s important to take stock in looking ahead to the next chapter.
Thanks to Edward Snowden, we know the apparatus of repression has been covertly attached to the democratic state. However, our struggle to retain privacy is far from hopeless
In the third chapter of his History of the Decline and Fall of the Roman Empire, Edward Gibbon gave two reasons why the slavery into which the Romans had tumbled under Augustus and his successors left them more wretched than any previous human slavery. In the first place, Gibbon said, the Romans had carried with them into slavery the culture of a free people: their language and their conception of themselves as human beings presupposed freedom. And thus, says Gibbon, for a long time the Romans preserved the sentiments – or at least the ideas – of a freeborn people. In the second place, the empire of the Romans filled all the world, and when that empire fell into the hands of a single person, the world was a safe and dreary prison for his enemies. As Gibbon wrote, to resist was fatal, and it was impossible to fly.
The power of that Roman empire rested in its leaders’ control of communications. The Mediterranean was their lake. Across their European empire, from Scotland to Syria, they pushed roads that 15 centuries later were still primary arteries of European transportation. Down those roads the emperor marched his armies. Up those roads he gathered his intelligence. The emperors invented the posts to move couriers and messages at the fastest possible speed.
Using that infrastructure, with respect to everything that involved the administration of power, the emperor made himself the best-informed person in the history of the world.
That power eradicated human freedom. “Remember,” said Cicero to Marcellus in exile, “wherever you are, you are equally within the power of the conqueror.”
The empire of the United States after the second world war also depended upon control of communications. This was more evident when, a mere 20 years later, the United States was locked in a confrontation of nuclear annihilation with the Soviet Union. In a war of submarines hidden in the dark below the continents, capable of eradicating human civilisation in less than an hour, the rule of engagement was “launch on warning”. Thus the United States valued control of communications as highly as the Emperor Augustus. Its listeners too aspired to know everything.
We all know that the United States has for decades spent as much on its military might as all other powers in the world combined. Americans are now realising what it means that we applied to the stealing of signals and the breaking of codes a similar proportion of our resources in relation to the rest of the world.
The US system of listening comprises a military command controlling a large civilian workforce. That structure presupposes the foreign intelligence nature of listening activities. Military control was a symbol and guarantee of the nature of the activity being pursued. Wide-scale domestic surveillance under military command would have violated the fundamental principle of civilian control.
Instead what it had was a foreign intelligence service responsible to the president as military commander-in-chief. The chain of military command absolutely ensured respect for the fundamental principle “no listening here”. The boundary between home and away distinguished the permissible from the unconstitutional.
The distinction between home and away was at least technically credible, given the reality of 20th-century communications media, which were hierarchically organised and very often state-controlled.
When the US government chose to listen to other governments abroad – to their militaries, to their diplomatic communications, to their policymakers where possible – they were listening in a world of defined targets. The basic principle was: hack, tap, steal. We listened, we hacked in, we traded, we stole.
In the beginning we listened to militaries and their governments. Later we monitored the flow of international trade as far as it engaged American national security interests.
Concerned about weaknesses in USA Freedom Act, Zoe Lofgren and colleagues pushing to prevent NSA from weakening online encryption with new amendment
US legislators concerned about weaknesses in a major surveillance reform bill intend to insert an amendment barring the National Security Agency from weakening the encryption that many people rely on to keep their information secure online, or exploiting any internet security vulnerabilities it discovers.
Congresswoman Zoe Lofgren, a California Democrat, told the Guardian that she and a group of colleagues want to prevent the NSA from “utilizing discovered zero-day flaws,” or unfixed software security vulnerabilities, and entrench “the duty of the NSA and the government generally not to create them, nor to prolong the threat to the internet” by failing to warn about those vulnerabilities.
Since the discovery of the Heartbleed bug afflicting web and email servers, the NSA has faced suspicions that it has exploited the vulnerability, which the agency has strenuously denied. Beyond Heartbleed, documents from whistleblower Edward Snowden have revealed that the NSA has weakened online encryption, causing consternation among technology companies as well as privacy advocates.
Lofgren intends to attach the provision to the USA Freedom Act, increasingly the consensus bill to reform surveillance in the wake of the Edward Snowden disclosures. The bill, mostly favored by civil libertarians and expected to go for a vote on the House floor as early as next week, does not include language stopping the NSA from undermining encryption.
In an indication of the difficulty legislators will face in recasting the USA Freedom Act to better protect privacy, Lofgren conceded that attaching the provision will be difficult, as House legislators do not want to upset a tenuous deal on surveillance reform by adding to the bill. She is currently seeking a parliamentarian ruling on the “germaneness” of her online security amendment in order to make it difficult for opponents to exclude it from consideration on the floor.
Lofgren said she and other civil libertarian-minded lawmakers will have limited opportunities to add amendments to the bill, and so are prioritizing measures they believe stand the best chance of winning House support.
Lofgren said she thought those would most likely include a ban on the NSA searching through its foreign-focused communications content troves for Americans’ information without a warrant; clarifying a Patriot Act prohibition on collecting Americans’ phone calls and email content; and permitting more detailed transparency for telecoms and internet companies to disclose the sorts of national-security orders they receive from the government for their customers’ data.
16 Abril 2014
El servicio de correo electrónico usado por Snowden prefirió cerrar antes de entregar las claves SSL que protegían todo el tráfico web del sitio.
Si bien en su momento no contábamos con muchos detalles debido a la naturaleza del juicio, con el tiempo nos fuimos enterando de detalles bastante interesantes.
Por ejemplo, cuando el FBI presionó a Ladar Levison (el fundador de Lavabit) para que entregara su clave privada del protocolo SSL, éste intentó dilatar la medida entregando la clave impresa en 11 páginas con una letra de tamaño 4 (un milímetro y medio de altura).
Ahora, una corte federal de apelaciones aceptó una acusación de desacato a la autoridad contra Levison y Lavabit por entregar en ese formato la clave SSL. Según el fiscal Andrew Peterson, “la empresa trató la orden judicial como si estuviera negociando un contrato en vez de ser un requerimiento legal“.
Por su parte, Levison se defiende argumentando que “solo objeté entregar la clave SSL porque comprometería todas las comunicaciones seguras dentro y fuera de mi red, incluyendo mi propio tráfico de datos“.