Court refuses request to force alleged hacker to divulge passwords | Technology | The Guardian

An alleged hacker fighting extradition to the US will not have to give the passwords for his encrypted computers to British law enforcement officers, following a landmark legal ruling.

Fuente: Court refuses request to force alleged hacker to divulge passwords | Technology | The Guardian


Child porn suspect jailed indefinitely for refusing to decrypt hard drives | Ars Technica

A Philadelphia man suspected of possessing child pornography has been in jail for seven months and counting after being found in contempt of a court order demanding that he decrypt two password-protected hard drives.

Fuente: Child porn suspect jailed indefinitely for refusing to decrypt hard drives | Ars Technica


La Justicia brasileña ordena de nuevo el bloqueo de WhatsApp durante 72 horas

El motivo es el incumplimiento por parte de WhatsApp de órdenes judiciales que obligan a la empresa a romper el sigilo de mensajes enviados por supuestos narcotraficantes a través de la aplicación, propiedad de Facebook

Fuente: La Justicia brasileña ordena de nuevo el bloqueo de WhatsApp durante 72 horas


‘Crypto Wars’ timeline: A history of the new encryption debate

Encryption is finally mainstream.Government officials and technologists have been debating since the early 1990s whether to limit the strength of encryption to help the law-enforcement and intelligence communities monitor suspects’ communications. But until early 2016, this was a mostly esoteric fight, relegated to academic conferences, security agencies’ C-suites, and the back rooms of Capitol Hill.Everything changed in mid-February, when President Barack Obama’s Justice Department, investigating the terrorists who carried out the San Bernardino, California, shooting, asked a federal judge to force Apple to help the Federal Bureau of Investigation unlock one attacker’s iPhone.What followed was an unexpectedly rancorous and unprecedentedly public fight over how far the government should go to pierce and degrade commercial security technology in its quest to protect Americans from terrorism.

Fuente: ‘Crypto Wars’ timeline: A history of the new encryption debate


Snowden Debates CNN’s Fareed Zakaria on Encryption

NSA whistleblower and privacy advocate Edward Snowden took part in his first public debate on encryption on Tuesday night, facing off against CNN’s Fareed Zakaria, a journalist and author known for his coverage of international affairs.

Fuente: Snowden Debates CNN’s Fareed Zakaria on Encryption


Ron Wyden vows to filibuster anti-cryptography bill / Boing Boing

Senators Richard Burr [R-NC] and Dianne Feinstein [D-CA] finally introduced their long-rumored anti-crypto bill, which will ban US companies from making products with working cryptography, mandating that US-made products have some way to decrypt information without the user’s permission.

Fuente: Ron Wyden vows to filibuster anti-cryptography bill / Boing Boing


Microsoft y Apple redoblan lucha por privacidad de datos en EEUU – El Mostrador

Si bien estos casos judiciales destacados han sumado impulso, la ofensiva del sector contra la intrusión gubernamental en la información privada de los clientes comenzó hace al menos dos años, luego de las revelaciones de Edward Snowden sobre la recolección encubierta de datos que pusieron a todos a la defensiva.

Fuente: Microsoft y Apple redoblan lucha por privacidad de datos en EEUU – El Mostrador


Obama Wants Nonexistent Middle Ground on Encryption, Warns Against “Fetishizing Our Phones”

Obama’s first extended disquisition on the contentious issue of encryption suggests he’s only been listening to one side.

Fuente: Obama Wants Nonexistent Middle Ground on Encryption, Warns Against “Fetishizing Our Phones”


When it comes to surveillance, there is everything to play for | James Ball | Comment is free | theguardian.com

When it comes to surveillance, there is everything to play for | James Ball | Comment is free | theguardian.com.

Against a backdrop of hacks and terror attacks, it’s possible that surveillance powers will be further strengthened
Man looking through binoculars
‘Major players are starting to regard privacy as a selling point: Google and others are encrypting ever more of their traffic.’ Photograph: Tom Jenkins

Looking back at 2014 from the perspective of a surveillance reformer is a short and dispiriting task: almost nothing good happened.


Apple encryption: Stop the hysteria (Opinion) – CNN.com

Apple encryption: Stop the hysteria (Opinion) – CNN.com.

By Bruce Schneier
October 4, 2014 — Updated 1641 GMT (0041 HKT)
It all started with a truck driver in St. Louis. Ok, if we're being honest, it all started with a Swedish engineer named Lars Magnus Ericsson and <a href='http://www.ehow.com/about_5426865_history-car-phones.html ' target='_blank'>some electrical wires</a>... but let's skip ahead a few decades. The first mobile call was made on an<a href='http://www.corp.att.com/attlabs/reputation/timeline/46mobile.html ' target='_blank'> AT&amp;T car phone</a> in 1946. But owning a car phone didn't become mainstream until the 1980s. Now <a href='http://www.cnn.com/2011/TECH/mobile/10/03/cell.phones.numbers.gallery/index.html '>85% of American adults</a> own a cell phone, and we're annoyed when we can't get service. In celebration of the <a href='http://www.cnn.com/2011/10/04/tech/mobile/apple-iphone-announcement/index.html'>iPhone 4S's release</a>, take a look back at the evolution of popular mobile phones in the U.S.

It all started with a truck driver in St. Louis. Ok, if we’re being honest, it all started with a Swedish engineer named Lars Magnus Ericsson andsome electrical wires… but let’s skip ahead a few decades. The first mobile call was made on an AT&T car phone in 1946. But owning a car phone didn’t become mainstream until the 1980s. Now 85% of American adults own a cell phone, and we’re annoyed when we can’t get service. In celebration of theiPhone 4S’s release, take a look back at the evolution of popular mobile phones in the U.S.

HIDE CAPTION
Evolution of the mobile phone
<<
<
1
2
3
4
5
6
7
8
9
10
11
>
>>

STORY HIGHLIGHTS
  • Schneier: Apple closed serious security vulnerability in the iPhone, enabling wide encryption
  • He says law enforcement overreacted in saying it is a major form of protection for criminals
  • Law enforcement always complains about encryption but is little stymied by it, he says
  • Schneier: The benefits in protecting privacy far outweigh the costs

Editor’s note: Bruce Schneier is a security technologist and the chief technology officer of Co3 Systems. The opinions expressed in this commentary are solely those of the author.

(CNN) — Last week Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone’s encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it.

From now on, all the phone’s data is protected. It can no longer be accessed by criminals, governments, or rogue employees. Access to it can no longer be demanded by totalitarian governments. A user’s iPhone data is now more secure.

To hear U.S. law enforcement respond, you’d think Apple’s move heralded an unstoppable crime wave. See, the FBI had been using that vulnerability to get into peoples’ iPhones. In the words of cyberlaw professor Orin Kerr, “How is the public interest served by a policy that only thwarts lawful search warrants?”

Bruce Schneier

Bruce Schneier

Ah, but that’s the thing: You can’t build a “back door” that only the good guys can walk through. Encryption protects against cybercriminals, industrial competitors, the Chinese secret police and the FBI. You’re either vulnerable to eavesdropping by any of them, or you’re secure from eavesdropping from all of them.

Back-door access built for the good guys is routinely used by the bad guys. In 2005, some unknown groupsurreptitiously used the lawful-intercept capabilities built into the Greek cell phone system. The same thing happened in Italy in 2006.

In 2010, Chinese hackers subverted an intercept system Google had put into Gmail to comply with U.S. government surveillance requests. Back doors in our cell phone system are currently being exploited by the FBI and unknown others.

This doesn’t stop the FBI and Justice Department from pumping up the fear. Attorney General Eric Holder threatened us with kidnappersand sexual predators.

The former head of the FBI’s criminal investigative division went even further, conjuring up kidnappers who are also sexual predators. And, of course, terrorists.

FBI Director James Comey claimed that Apple’s move allows people to place themselves beyond the law” and also invoked that now overworked “child kidnapper.” John J. Escalante, chief of detectives for the Chicago police department now holds the title of most hysterical: “Apple will become the phone of choice for the pedophile.”

It’s all bluster. Of the 3,576 major offenses for which warrants were granted for communications interception in 2013, exactly one involved kidnapping. And, more importantly, there’s no evidence that encryption hampers criminal investigations in any serious way. In 2013, encryption foiled the police nine times, up from four in 2012 — and the investigations proceeded in some other way.


Four ways Edward Snowden changed the world – and why the fight's not over | Trevor Timm | Comment is free | theguardian.com

Four ways Edward Snowden changed the world – and why the fight’s not over | Trevor Timm | Comment is free | theguardian.com.

Encrypted Gmail. Transparency from mobile providers. Maybe even a legal ‘revolt’ against ‘Orwellian’ surveillance. But until we get real reform, NSA and Co may survive in the shadows

 

 

edward snowden illustration
During the first weeks of the Snowden revelations, it wasn’t clear legislators cared. Then public opinion changed, and now there’s a bill. Will we ever get real reform? Illustration: Kyle Bean for the Guardian

 

Thursday marks one year since the Guardian published the first in a series of eye-opening stories about surveillance based on documents provided by Edward Snowden. The events in the 52 weeks since have proven him to be the most significant whistleblower in American history – and have reverberated throughout the world.

But along with the changes Snowden sparked, vital questions remain about how and if the National Security Agency and its global spy apparatus will truly be reformed. Many wheels are finally in motion, but will the US Congress and the courts actually respond in a meaningful way? In truth, the second year of Snowden may be more important than the first. It’s when we’ll see if global privacy rights get protected for the better – or if mass surveillance becomes more entrenched in our laws than ever before. For now, it’s important to take stock in looking ahead to the next chapter.


Privacy under attack: the NSA files revealed new threats to democracy | Technology | The Guardian

Privacy under attack: the NSA files revealed new threats to democracy | Technology | The Guardian.

Thanks to Edward Snowden, we know the apparatus of repression has been covertly attached to the democratic state. However, our struggle to retain privacy is far from hopeless

US National Security Agency
The US National Security Agency threat operations centre in Fort Meade, Maryland, in 2006. Photograph: Paul Richards/AFP/Getty Images

In the third chapter of his History of the Decline and Fall of the Roman Empire, Edward Gibbon gave two reasons why the slavery into which the Romans had tumbled under Augustus and his successors left them more wretched than any previous human slavery. In the first place, Gibbon said, the Romans had carried with them into slavery the culture of a free people: their language and their conception of themselves as human beings presupposed freedom. And thus, says Gibbon, for a long time the Romans preserved the sentiments – or at least the ideas – of a freeborn people. In the second place, the empire of the Romans filled all the world, and when that empire fell into the hands of a single person, the world was a safe and dreary prison for his enemies. As Gibbon wrote, to resist was fatal, and it was impossible to fly.

The power of that Roman empire rested in its leaders’ control of communications. The Mediterranean was their lake. Across their European empire, from Scotland to Syria, they pushed roads that 15 centuries later were still primary arteries of European transportation. Down those roads the emperor marched his armies. Up those roads he gathered his intelligence. The emperors invented the posts to move couriers and messages at the fastest possible speed.

Using that infrastructure, with respect to everything that involved the administration of power, the emperor made himself the best-informed person in the history of the world.

That power eradicated human freedom. “Remember,” said Cicero to Marcellus in exile, “wherever you are, you are equally within the power of the conqueror.”

The empire of the United States after the second world war also depended upon control of communications. This was more evident when, a mere 20 years later, the United States was locked in a confrontation of nuclear annihilation with the Soviet Union. In a war of submarines hidden in the dark below the continents, capable of eradicating human civilisation in less than an hour, the rule of engagement was “launch on warning”. Thus the United States valued control of communications as highly as the Emperor Augustus. Its listeners too aspired to know everything.

We all know that the United States has for decades spent as much on its military might as all other powers in the world combined. Americans are now realising what it means that we applied to the stealing of signals and the breaking of codes a similar proportion of our resources in relation to the rest of the world.

The US system of listening comprises a military command controlling a large civilian workforce. That structure presupposes the foreign intelligence nature of listening activities. Military control was a symbol and guarantee of the nature of the activity being pursued. Wide-scale domestic surveillance under military command would have violated the fundamental principle of civilian control.

Instead what it had was a foreign intelligence service responsible to the president as military commander-in-chief. The chain of military command absolutely ensured respect for the fundamental principle “no listening here”. The boundary between home and away distinguished the permissible from the unconstitutional.

The distinction between home and away was at least technically credible, given the reality of 20th-century communications media, which were hierarchically organised and very often state-controlled.

When the US government chose to listen to other governments abroad – to their militaries, to their diplomatic communications, to their policymakers where possible – they were listening in a world of defined targets. The basic principle was: hack, tap, steal. We listened, we hacked in, we traded, we stole.

In the beginning we listened to militaries and their governments. Later we monitored the flow of international trade as far as it engaged American national security interests.


NSA reform: lawmakers aim to bar agency from weakening encryption | World news | theguardian.com

NSA reform: lawmakers aim to bar agency from weakening encryption | World news | theguardian.com.

Concerned about weaknesses in USA Freedom Act, Zoe Lofgren and colleagues pushing to prevent NSA from weakening online encryption with new amendment

 

 

California congressman Zoe Lofgren
Lofgren, in debate with her colleagues last week, attempted to move the USA Freedom Act closer to its civil libertarian origins. Photograph: Carolyn Kaster/AP

 

US legislators concerned about weaknesses in a major surveillance reform bill intend to insert an amendment barring the National Security Agency from weakening the encryption that many people rely on to keep their information secure online, or exploiting any internet security vulnerabilities it discovers.

Congresswoman Zoe Lofgren, a California Democrat, told the Guardian that she and a group of colleagues want to prevent the NSA from “utilizing discovered zero-day flaws,” or unfixed software security vulnerabilities, and entrench “the duty of the NSA and the government generally not to create them, nor to prolong the threat to the internet” by failing to warn about those vulnerabilities.

Since the discovery of the Heartbleed bug afflicting web and email servers, the NSA has faced suspicions that it has exploited the vulnerability, which the agency has strenuously denied. Beyond Heartbleed, documents from whistleblower Edward Snowden have revealed that the NSA has weakened online encryption, causing consternation among technology companies as well as privacy advocates.

Lofgren intends to attach the provision to the USA Freedom Act, increasingly the consensus bill to reform surveillance in the wake of the Edward Snowden disclosures. The bill, mostly favored by civil libertarians and expected to go for a vote on the House floor as early as next week, does not include language stopping the NSA from undermining encryption.

In an indication of the difficulty legislators will face in recasting the USA Freedom Act to better protect privacy, Lofgren conceded that attaching the provision will be difficult, as House legislators do not want to upset a tenuous deal on surveillance reform by adding to the bill. She is currently seeking a parliamentarian ruling on the “germaneness” of her online security amendment in order to make it difficult for opponents to exclude it from consideration on the floor.

Lofgren said she and other civil libertarian-minded lawmakers will have limited opportunities to add amendments to the bill, and so are prioritizing measures they believe stand the best chance of winning House support.

Lofgren said she thought those would most likely include a ban on the NSA searching through its foreign-focused communications content troves for Americans’ information without a warrant; clarifying a Patriot Act prohibition on collecting Americans’ phone calls and email content; and permitting more detailed transparency for telecoms and internet companies to disclose the sorts of national-security orders they receive from the government for their customers’ data.


Lavabit acusado de desacato por entregar clave SSL impresa en 11 hojas con letra pequeña – FayerWayer

Lavabit acusado de desacato por entregar clave SSL impresa en 11 hojas con letra pequeña – FayerWayer.

(CC) Chris Preen

El servicio de correo electrónico usado por Snowden prefirió cerrar antes de entregar las claves SSL que protegían todo el tráfico web del sitio.

Hace unos meses atrás les contamos cómo Lavabit, el servicio de correo electrónico cifrado que utilizaba Edward Snowden, se vio “forzado” a cerrar por las presiones del Gobierno de Estados Unidos.

Si bien en su momento no contábamos con muchos detalles debido a la naturaleza del juicio, con el tiempo nos fuimos enterando de detalles bastante interesantes.

Por ejemplo, cuando el FBI presionó a Ladar Levison (el fundador de Lavabit) para que entregara su clave privada del protocolo SSL, éste intentó dilatar la medida entregando la clave impresa en 11 páginas con una letra de tamaño 4 (un milímetro y medio de altura).

Ahora, una corte federal de apelaciones aceptó una acusación de desacato a la autoridad contra Levison y Lavabit por entregar en ese formato la clave SSL. Según el fiscal Andrew Peterson, “la empresa trató la orden judicial como si estuviera negociando un contrato en vez de ser un requerimiento legal“.

Por su parte, Levison se defiende argumentando que “solo objeté entregar la clave SSL porque comprometería todas las comunicaciones seguras dentro y fuera de mi red, incluyendo mi propio tráfico de datos“.