Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#encryption’

miiiiii

Microsoft shows off just how much data it’s collecting from Windows 10 users

January 6, 2016

Despite its continued insistence that Windows 10 isn’t spying on anyone, Microsoft has done little to convince the majority of concerned users that its latest operating system isn’t taking more data than it needs.

In order to reinforce its claim, Microsoft updated its privacy policy to clarify how and when the OS utilizes user data, but the company took two steps back this week when it published an enthusiastic blog post filled with data mined from users.

READ MORE: Sphero’s BB-8 droid toy can now be controlled with the Force

On Monday morning, Yusuf Mehdi, Corporate VP of the Windows and Devices Group, revealed that Windows 10 is now active on an astonishing 200 million devices. Its low price of “free” is clearly the primary factor contributing to its rapid growth, but it doesn’t hurt that the software is leaps and bounds more user-friendly than its predecessor.

But in order to illustrate just how popular Windows 10 has become, Microsoft felt the need to share some milestones:

People have spent over 11 billion hours on Windows 10 in December alone.
Over 44.5 billion minutes spent in Microsoft Edge across Windows 10 devices in just the last month.
Over 2.5 billion questions asked of Cortana since launch.
Around 30% more Bing search queries per Windows 10 device vs. prior versions of Windows.
Over 82 billion photos viewed within the Windows 10 Photo app.
Gaming continues to grow on Windows 10 – in 2015, gamers spent over 4 billion hours playing PC games on Windows 10.
Gamers have streamed more than 6.6 million hours of Xbox One games to Windows 10 PCs.
Admittedly, these are interesting statistics. That’s a lot of Xbox One gaming on Windows 10 PCs! But it’s easy to see why Martin Brinkmann of gHacks might find these data points troublesome.

“The statistics indicate that Microsoft may be collecting more data than initially thought,” writes Brinkmann. “While it is unclear what data is exactly collected, it is clear that the company is collecting information about the use of individual applications and programs on Windows at the very least.”

Data collection to a degree is inevitable. It happens on every connected device on the planet. What’s especially worrisome about Windows 10 is that we don’t know what’s being collected, and there’s no easy way to turn it off (if there’s even any way at all). We can only hope that while Microsoft celebrates its 2015 milestones, it looks to become more transparent in 2016.

Tags: , , , ,

windows 10

Why is Microsoft monitoring how long you use Windows 10?

January 5, 2016

The various privacy concerns surrounding Windows 10 have received a lot of coverage in the media, but it seems that there are ever more secrets coming to light. The Threshold 2 Update did nothing to curtail privacy invasion, and the latest Windows 10 installation figures show that Microsoft is also monitoring how long people are using the operating system.

This might seem like a slightly strange statistic for Microsoft to keep track of, but the company knows how long, collectively, Windows 10 has been running on computers around the world. To have reached this figure (11 billion hours in December, apparently) Microsoft must have been logging individuals’ usage times. Intrigued, we contacted Microsoft to find out what on earth is going on.

If the company has indeed been checking up on when you are clocking in and out of Windows 10, it’s not going to admit it. I asked how Microsoft has been able to determine the 11 billion hours figure. Is this another invasion of privacy, another instance of spying that users should be worried about? “I just wanted to check where this figure came from. Is it a case of asking people and calculating an average, working with data from a representative sample of people, or it is a case of monitoring every Windows 10 installation?”

You think that Microsoft — keen as it is on transparency — would be quite happy to explain how it came about the information, and why it is being collected in the first place. But no. A Microsoft spokesperson provided BetaNews with the following statement:

Thank you for your patience as I looked into this for you. Unfortunately my colleagues cannot provide a comment regarding your request. All we have to share is this Windows blog post.

Microsoft’s spying is intrusive enough to reveal how long you have been using Windows 10, but the company is not willing to be open about the collection of this data.

Cause for concern, or is this just another example of what we have come to expect from Microsoft?

Photo credit: veronchick84 / Shutterstock

Tags: , , , , , ,

f;laksjdf;laksdjfadf

SPYING ON THE INTERNET IS ORDERS OF MAGNITUDE MORE INVASIVE THAN PHONE METADATA

January 4, 2016

When you pick up the phone, who you’re calling is none of the government’s business. The NSA’s domestic surveillance of phone metadata was the first program to be disclosed based on documents from whistleblower Edward Snowden, and Americans have been furious about it ever since. The courts ruled it illegal, and Congress let the section of the Patriot Act that justified it expire (though the program lives on in a different form as part of the USA Freedom Act).

Yet XKEYSCORE, the secret program that converts all the data it can see into searchable events like web pages loaded, files downloaded, forms submitted, emails and attachments sent, porn videos watched, TV shows streamed, and advertisements loaded, demonstrates how Internet traffic can be even more sensitive than phone calls. And unlike the Patriot Act’s phone metadata program, Congress has failed to limit the scope of programs like XKEYSCORE, which is presumably still operating at full speed. Maybe Verizon stopped giving phone metadata to the NSA, but if a Verizon engineer uploads a spreadsheet full of this metadata without proper encryption, the NSA may well get it anyway by spying directly on the cables that the spreadsheet travels over.

The outrage over bulk collection of our phone metadata makes sense:Metadata is private. Americans call suicide prevention hotlines, HIV testing services, phone sex services, advocacy groups for gun rights and for abortion rights, and the people they’re having affairs with. We use the phone to schedule job interviews without letting our current employer know, and to manage long-distance relationships. Most of us, at one point or another, have spent long hours on the phone discussing the most intimate details about our lives. There isn’t an American alive today who didn’t grow up with at least some access to a telephone, so Americans understand this well.

But Americans don’t understand the Internet yet. Bulk collection of phone metadata is, without a doubt, a violation of your privacy, but bulk surveillance of Internet traffic is orders of magnitude more invasive. People also use the Internet in all the ways they use phones — often inadvertently sharing even more intimate details through online searches. In fact, the phone network itself is starting to go over the Internet, without customers even noticing.

XKEYSCORE, as well as NSA’s programs that tap the Internet directly and feed data into it, have some legal problems: They violate First Amendment rights to freedom of association; they violate the Wiretap Act. But the biggest and most obvious concerns are with the Fourth Amendment.

The Fourth Amendment to the U.S. Constitution is short and concise:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

It means that Americans have a right to privacy. If government agents want to search you or seize your data, they must have a warrant. The warrant can only be issued if they have probable cause, and the warrant must be specific. It can’t say, “We want to seize everyone’s Internet traffic to see what’s in it.” Instead, it must say something like, “We want to seize a specific incriminating document from a specific suspect.”

But this is exactly what’s happening:

The government is indiscriminately seizing Internet traffic to see what’s in it, without probable cause. The ostensible justification is that, while tens of millions of Americans may be swept up in this dragnet, the real targets are foreigners. In a legal document called USSID 18, the NSA sets out policies and procedures that purportedly prevent unreasonable searches of data from U.S. persons.

But it doesn’t prevent, or even claim to prevent, unreasonable seizures.

Kurt Opsahl, general counsel of the Electronic Frontier Foundation, explains: “We have a fundamental disagreement with the government about whether [data] acquisition is a problem. Acquisition is a seizure and has to be compliant with the Fourth Amendment.”

If you read USSID 18 carefully, you’ll see that it appears to limit, with many exceptions, the government’s ability to intentionally collect data concerning U.S. persons. But the Department of Defense, under which the NSA operates, defines “collection” differently than most of us do. It doesn’t consider seized data as “collected” until it’s been queried by a human.

If you email your mom, there’s a good chance the NSA will intercept the message as it travels through a fiberoptic cable, such as the ones that make up the backbone of the Internet, eventually making its way to an XKEYSCORE field site. You can thwart this with encryption: either by encrypting your email (hopefully someday all parents will know how to use encrypted email), or by using email servers that automatically encrypt with each other. In the absence of such encryption, XKEYSCORE will process the email, fingerprint it and tag it, and then it will sit in a database waiting to be queried. According to the Department of Defense, this email hasn’t been “collected” until an analyst runs a query and the email appears on the screen in front of them.

When NSA seizes, in bulk, data belonging to U.S. citizens or residents, data that inevitably includes information from innocent people that the government does not have probable cause to investigate, the agency has already committed an unconstitutional “unreasonable seizure,” even if analysts never query the data about innocent U.S. persons.

The NSA has legal justifications for all their surveillance: Section 215 of the Patriot Act, now expired, was used to justify bulk collection of phone and email metadata. Section 702 of the Foreign Intelligence Surveillance Act(FISA) is currently used to justify so-called “upstream” collection, tapping the physical infrastructure that the Internet uses to route traffic across the country and around the world in order to import into systems like XKEYSCORE. Executive Order 12333, approved by President Reagan, outlines vague rules, which are littered with exceptions and loopholes, that the executive branch made for itself to follow regarding spying on Americans, which includes USSID 18.

But these laws and regulations ignore the uncomfortable truth that the Fourth Amendment requires surveillance of Americans to be targeted; it cannot be done in bulk. Americans are fighting to end bulk surveillance in dozens of lawsuits, including Jewel v. NSA, which relies on whistleblower-obtained evidence that NSA tapped the fiber optic cables that carry Internet traffic in AT&T’s Folsom Street building in San Francisco. It’s easy for the government to stall cases like this, or get them dismissed, by insisting that talking about it at all puts our national security at risk.

And, of course, let’s not forget the 6.8 billion people on Earth who are not in the United States. Article 12 of the U.N. Declaration of Human Rightsstates:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

The NSA has very few restrictions on spying on non-Americans (it must be for “foreign intelligence” or “counterintelligence” purposes, and not other purposes), despite XKEYSCORE and the bulk collection programs that feed it being an “arbitrary interference” with the privacy of such persons. NSA doesn’t even have restrictions on spying on allies, such as Germany and France.

Facebook feeds everywhere are decorated with baby pictures. When those babies are grown up and getting elected to Congress, maybe then Americans will understand how the Internet works, and that bulk surveillance of phone metadata is just a tiny sliver of the enormous “collect it all” bulk surveillance pie.

Photo: Getty

Tags: , , , , ,

featured image 4

A Secret Catalogue of Government Gear for Spying on Your Cellphone

December 18, 2015

The intercept has obtained a secret, internal U.S. government catalogue of dozens of cellphone surveillance devices used by the military and by intelligence agencies. The document, thick with previously undisclosed information, also offers rare insight into the spying capabilities of federal law enforcement and local police inside the United States.

The catalogue includes details on the Stingray, a well-known brand of surveillance gear, as well as Boeing “dirt boxes” and dozens of more obscure devices that can be mounted on vehicles, drones, and piloted aircraft. Some are designed to be used at static locations, while others can be discreetly carried by an individual. They have names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus. Within the catalogue, the NSA is listed as the vendor of one device, while another was developed for use by the CIA, and another was developed for a special forces requirement. Nearly a third of the entries focus on equipment that seems to have never been described in public before.

The Intercept obtained the catalogue from a source within the intelligence community concerned about the militarization of domestic law enforcement. (The original is here.)

A few of the devices can house a “target list” of as many as 10,000 unique phone identifiers. Most can be used to geolocate people, but the documents indicate that some have more advanced capabilities, like eavesdropping on calls and spying on SMS messages. Two systems, apparently designed for use on captured phones, are touted as having the ability to extract media files, address books, and notes, and one can retrieve deleted text messages.

Above all, the catalogue represents a trove of details on surveillance devices developed for military and intelligence purposes but increasingly used by law enforcement agencies to spy on people and convict them of crimes. The mass shooting earlier this month in San Bernardino, California, which President Barack Obama has called “an act of terrorism,” prompted calls for state and local police forces to beef up their counterterrorism capabilities, a process that has historically involved adapting military technologies to civilian use. Meanwhile, civil liberties advocates and others are increasingly alarmed about how cellphone surveillance devices are used domestically and have called for a more open and informed debate about the trade-off between security and privacy — despite a virtual blackout by the federal government on any information about the specific capabilities of the gear.

“We’ve seen a trend in the years since 9/11 to bring sophisticated surveillance technologies that were originally designed for military use — like Stingrays or drones or biometrics — back home to the United States,” said Jennifer Lynch, a senior staff attorney at the Electronic Frontier Foundation, which has waged a legal battle challenging the use of cellphone surveillance devices domestically. “But using these technologies for domestic law enforcement purposes raises a host of issues that are different from a military context.”

MANY OF THE DEVICES in the catalogue, including the Stingrays and dirt boxes, are cell-site simulators, which operate by mimicking the towers of major telecom companies like Verizon, AT&T, and T-Mobile. When someone’s phone connects to the spoofed network, it transmits a unique identification code and, through the characteristics of its radio signals when they reach the receiver, information about the phone’s location. There are also indications that cell-site simulators may be able to monitor calls and text messages.

In the catalogue, each device is listed with guidelines about how its use must be approved; the answer is usually via the “Ground Force Commander” or under one of two titles in the U.S. code governing military and intelligence operations, including covert action.

But domestically the devices have been used in a way that violates the constitutional rights of citizens, including the Fourth Amendment prohibition on illegal search and seizure, critics like Lynch say. They have regularly been used without warrants, or with warrants that critics call overly broad. Judges and civil liberties groups alike have complained that the devices are used without full disclosure of how they work, even within court proceedings.

“Every time police drive the streets with a Stingray, these dragnet devices can identify and locate dozens or hundreds of innocent bystanders’ phones,” said Nathan Wessler, a staff attorney with the Speech, Privacy, and Technology Project of the American Civil Liberties Union.

The controversy around cellphone surveillance illustrates the friction that comes with redeploying military combat gear into civilian life. The U.S. government has been using cell-site simulators for at least 20 years, but their use by local law enforcement is a more recent development.

The archetypical cell-site simulator, the Stingray, was trademarked by Harris Corp. in 2003 and initially used by the military, intelligence agencies, and federal law enforcement. Another company, Digital Receiver Technology, now owned by Boeing, developed dirt boxes — more powerful cell-site simulators — which gained favor among the NSA, CIA, and U.S. military as good tools for hunting down suspected terrorists. The devices can reportedly track more than 200 phones over a wider range than the Stingray.

Amid the war on terror, companies selling cell-site simulators to the federal government thrived. In addition to large corporations like Boeing and Harris, which clocked more than $2.6 billion in federal contracts last year, the catalogue obtained by The Intercept includes products from little-known outfits like Nevada-based Ventis, which appears to have been dissolved, and SR Technologies of Davie, Florida, which has a website that warns: “Due to the sensitive nature of this business, we require that all visitors be registered before accessing further information.” (The catalogue obtained by The Intercept is not dated, but includes information about an event that occurred in 2012.)

The U.S. government eventually used cell-site simulators to target people for assassination in drone strikes, The Intercept has reported. But the CIA helped use the technology at home, too. For more than a decade, the agency worked with the U.S. Marshals Service to deploy planes with dirt boxes attached to track mobile phones across the U.S., the Wall Street Journal revealed.

After being used by federal agencies for years, cellular surveillance devices began to make their way into the arsenals of a small number of local police agencies. By 2007, Harris sought a license from the Federal Communications Commission to widely sell its devices to local law enforcement, and police flooded the FCC with letters of support. “The text of every letter was the same. The only difference was the law enforcement logo at the top,” said Chris Soghoian, the principal technologist at the ACLU, who obtained copies of the letters from the FCC through a Freedom of Information Act request.

The lobbying campaign was a success. Today nearly 60 law enforcement agencies in 23 states are known to possess a Stingray or some form of cell-site simulator, though experts believe that number likely underrepresents the real total. In some jurisdictions, police use cell-site simulators regularly. The Baltimore Police Department, for example, has used Stingrays more than 4,300 times since 2007.

Police often cite the war on terror in acquiring such systems. Michigan State Police claimed their Stingrays would “allow the State to track the physical location of a suspected terrorist,” although the ACLU later found that in 128 uses of the devices last year, none were related to terrorism. In Tacoma, Washington, police claimed Stingrays could prevent attacks using improvised explosive devices — the roadside bombs that plagued soldiers in Iraq. “I am not aware of any case in which a police agency has used a cell-site simulator to find a terrorist,” said Lynch. Instead, “law enforcement agencies have been using cell-site simulators to solve even the most minor domestic crimes.”

The Intercept is not publishing information on devices in the catalogue where the disclosure is not relevant to the debate over the extent of domestic surveillance.

The Office of the Director of National Intelligence declined to comment for this article. The FBI, NSA, and U.S. military did not offer any comment after acknowledging The Intercept’s written requests. The Department of Justice “uses technology in a manner that is consistent with the requirements and protections of the Constitution, including the Fourth Amendment, and applicable statutory authorities,” said Marc Raimondi, a Justice Department spokesperson who, for six years prior to working for the DOJ, worked for Harris Corp., the manufacturer of the Stingray.

WHILE INTEREST FROM local cops helped fuel the spread of cell-site simulators, funding from the federal government also played a role, incentivizing municipalities to buy more of the technology. In the years since 9/11, the U.S. has expanded its funding to provide military hardware to state and local law enforcement agencies via grants awarded by the Department of Homeland Security and the Justice Department. There’s been a similar pattern with Stingray-like devices.

“The same grant programs that paid for local law enforcement agencies across the country to buy armored personnel carriers and drones have paid for Stingrays,” said Soghoian. “Like drones, license plate readers, and biometric scanners, the Stingrays are yet another surveillance technology created by defense contractors for the military, and after years of use in war zones, it eventually trickles down to local and state agencies, paid for with DOJ and DHS money.”

In 2013, the Florida Department of Law Enforcement reported the purchase of two HEATR long-range surveillance devices as well as $3 million worth of Stingray devices since 2008. In California, Alameda County and police departments in Oakland and Fremont are using $180,000 in Homeland Security grant money to buy Harris’ Hailstorm cell-site simulator and the hand-held Thoracic surveillance device, made by Maryland security and intelligence company Keyw. As part of Project Archangel, which is described in government contract documents as a “border radio intercept program,” the Drug Enforcement Administration has contracted with Digital Receiver Technology for over $1 million in DRT surveillance box equipment. The Department of the Interior contracted with Keyw for more than half a million dollars of “reduced signature cellular precision geolocation.”

Information on such purchases, like so much about cell-site simulators, has trickled out through freedom of information requests and public records. The capabilities of the devices are kept under lock and key — a secrecy that hearkens back to their military origins. When state or local police purchase the cell-site simulators, they are routinely required to sign non-disclosure agreements with the FBI that they may not reveal the “existence of and the capabilities provided by” the surveillance devices, or share “any information” about the equipment with the public.

Indeed, while several of the devices in the military catalogue obtained by The Intercept are actively deployed by federal and local law enforcement agencies, according to public records, judges have struggled to obtain details of how they work. Other products in the secret catalogue have never been publicly acknowledged and any use by state, local, and federal agencies inside the U.S. is, therefore, difficult to challenge.

“It can take decades for the public to learn what our police departments are doing, by which point constitutional violations may be widespread,” Wessler said. “By showing what new surveillance capabilities are coming down the pike, these documents will help lawmakers, judges, and the public know what to look out for as police departments seek ever-more powerful electronic surveillance tools.”

Sometimes it’s not even clear how much police are spending on Stingray-like devices because they are bought with proceeds from assets seized under federal civil forfeiture law, in drug busts and other operations. Illinois, Michigan, and Maryland police forces have all used asset forfeiture funds to pay for Stingray-type equipment.

“The full extent of the secrecy surrounding cell-site simulators is completely unjustified and unlawful,” said EFF’s Lynch. “No police officer or detective should be allowed to withhold information from a court or criminal defendant about how the officer conducted an investigation.”

JUDGES HAVE BEEN among the foremost advocates for ending the secrecy around cell-site simulators, including by pushing back on warrant requests. At times, police have attempted to hide their use of Stingrays in criminal cases, prompting at least one judge to throw out evidence obtained by the device. In 2012, a U.S. magistrate judge in Texas rejected an application by the Drug Enforcement Administration to use a cell-site simulator in an operation, saying that the agency had failed to explain “what the government would do with” the data collected from innocent people.

Law enforcement has responded with some limited forms of transparency. In September, the Justice Department issued new guidelines for the use of Stingrays and similar devices, including that federal law enforcement agencies using them must obtain a warrant based on probable cause and must delete any data intercepted from individuals not under investigation.

Contained within the guidelines, however, is a clause stipulating vague “exceptional circumstances” under which agents could be exempt from the requirement to get a probable cause warrant.

“Cell-site simulator technology has been instrumental in aiding law enforcement in a broad array of investigations, including kidnappings, fugitive investigations, and complicated narcotics cases,” said Deputy Attorney General Sally Quillian Yates.

Meanwhile, parallel guidelines issued by the Department of Homeland Security in October do not require warrants for operations on the U.S. border, nor do the warrant requirements apply to state and local officials who purchased their Stingrays through grants from the federal government, such as those in Wisconsin, Maryland, and Florida.

The ACLU, EFF, and several prominent members of Congress have said the federal government’s exceptions are too broad and leave the door open for abuses.

“Because cell-site simulators can collect so much information from innocent people, a simple warrant for their use is not enough,” said Lynch, the EFF attorney. “Police officers should be required to limit their use of the device to a short and defined period of time. Officers also need to be clear in the probable cause affidavit supporting the warrant about the device’s capabilities.”

In November, a federal judge in Illinois published a legal memorandum about the government’s application to use a cell-tower spoofing technology in a drug-trafficking investigation. In his memo, Judge Iain Johnston sharply criticized the secrecy surrounding Stingrays and other surveillance devices, suggesting that it made weighing the constitutional implications of their use extremely difficult. “A cell-site simulator is simply too powerful of a device to be used and the information captured by it too vast to allow its use without specific authorization from a fully informed court,” he wrote.

He added that Harris Corp. “is extremely protective about information regarding its device. In fact, Harris is so protective that it has been widely reported that prosecutors are negotiating plea deals far below what they could obtain so as to not disclose cell-site simulator information. … So where is one, including a federal judge, able to learn about cell-site simulators? A judge can ask a requesting Assistant United States Attorney or a federal agent, but they are tight-lipped about the device, too.”

The ACLU and EFF believe that the public has a right to review the types of devices being used to encourage an informed debate on the potentially far-reaching implications of the technology. The catalogue obtained by The Intercept, said Wessler, “fills an important gap in our knowledge, but it is incumbent on law enforcement agencies to proactively disclose information about what surveillance equipment they use and what steps they take to protect Fourth Amendment privacy rights.”

Tags: , , , , ,

featured image 3

Privacy hawks turn to White House in encryption fight

December 14, 2015

Privacy advocates are leaning on the White House to counter lawmakers’ renewed efforts to pass encryption-piercing legislation in the wake of the terror attacks in Paris and San Bernardino, Calif.

Despite a lack of direct evidence the technology played a role in either incident, lawmakers continue to use both deadly plots to promote a bill that would force companies to decrypt data upon request.

The tactic has left technologists and privacy advocates frustrated, even outraged.

In a meeting with privacy and civil liberties groups on Thursday, the Obama administration said it was preparing to issue an updated stance on encryption policy in the coming weeks, giving the pro-encryption community hope it might have a new ally in its fight.

“I’m very hopeful and the White House has been very receptive,” said Kevin Bankston, director of New America’s Open Technology Institute, who attended the sit-down with top White House cybersecurity and technology officials.

The White House is the one force in government that digital rights advocates believe has the power to shut down the what they see as damaging and distracting battles over a technology they say is necessary and inevitable.

“My concern is we’re going to be arguing this every few years unless there’s a definitive statement from the White House,” Bankston said.

Since the deadly attacks, major Silicon Valley players such as Apple and Google have been under intense pressure from Congress and law enforcement to allow investigators some form of guaranteed access to encrypted data.

As a result, privacy advocates say several types of useful encryption have become vilified with little reason. 

“I’m frustrated by this cynical, opportunistic playbook where the intelligence community sits poised to take advantage of whatever tragedy comes along,” Bankston said, “even if the facts on the ground have nothing to do with it.”

On Capitol Hill this week, FBI Director James Comey portrayed claims that companies cannot crack their own encrypted data, even under court order, as a business decision, not a technological imperative. 

Among them, Apple argues the company itself is incapable of getting at the encrypted data on its latest operating system.

“There are plenty of companies today that provide secure services to their customers and still comply with court orders,” Comey told the Senate Judiciary Committee on Wednesday. “This is not a technical issue, it is a business model question.”

Lawmakers have picked up on this message, using it to lambast Silicon Valley.

“Here’s my message to Silicon Valley: Change your business model tomorrow,” Sen. Lindsey Graham (R-S.C.), who is running for president, said Wednesday on Fox News.

Joe Hall, chief technologist with the Center for Democracy and Technology (CDT), which was also represented at the White House meeting, called this language “really infuriating.”

“What that shows is a misunderstanding of why one would choose to secure either a given communication or a device,” he added.

Providing “easy-to-use, mass market cybersecurity tools” keeps American tech firms competitive in the global marketplace and help secure broad swaths of data from rapidly expanding cyber crime syndicates and overseas cyber spies, Hall said.

Congress has long “been on the warpath,” he added, to get companies and individuals to adopt this type of secure technology. 

Yet suddenly, increasingly common forms of securing data and messages, such as end-to-end encryption and full-disk encryption, are under attack.

With end-to-end encryption, a digital message — an email, or iMessage, for instance — is only visible to the sender and receiver. Full-disk encryption allows people to lock down all information on a hard drive. 

During his Wednesday testimony, Comey told lawmakers that one of the shooters in the Garland, Texas, attack on a contest to draw a cartoon of the Prophet Mohammed exchanged 109 of encrypted messages with overseas terrorists.

“We have no idea what he said, because those messages were encrypted,” he said.

Investigators have not produced similar examples for the suspects in Paris and San Bernardino, although ABC News reported the couple behind the San Bernardino shootings had digital devices with “some form of encryption,” citing two unnamed U.S. officials.

Still, these details have fueled those calling for a policy that would ensure government access to secured data.

Sens. Richard Burr (R-N.C.) and Dianne Feinstein (D-Calif.) have vowed to offer legislation that would compel companies to comply with court orders seeking encrypted messages. 

“I think this world is really changing in terms of people wanting the protection and wanting law enforcement, if there is conspiracy going on over the Internet, that that encryption ought to be able to be pierced,” Feinstein said Wednesday.

But technologists and civil society groups say such a bill would essentially amount to a ban on manufacturing or selling devices with features such as end-to-end or full-disk encryption.

The result, they insist, would be a world in which everyday people are more vulnerable to data breaches and dissidents are more exposed to repressive government spies. 

In response, these encryption advocates have turned their hopes to the White House.

“The White House has to look at those comments and what may result from where the senators are headed and start to take a proactive stance in regards to that,” said Amie Stepanovich, U.S. policy manager at digital rights advocate Access, who attended Thursday’s White House meeting. 

“We need somebody in a position of power to take leadership on this issue,” she added.

Privacy hawks have seen positive movement from the White House over the past year. 

For months, the administration was investigating legislative options and technological mandates that would allow law enforcement its desired access to data on encrypted devices. Ultimately, the White House decided to back away, for the time being, from any mandate.

Following Thursday’s meeting, attendees praised the administration’s ongoing attention to the issue.

“They really wanted to listen to our opinions and the research that we were able to bring in,” Stepanovich said.

But the White House can’t drag its feet forever, privacy advocates agreed. 

They see the administration’s current encryption stance as “no stance.” The position is allowing Congress and law enforcement to continue down potentially destructive paths that would undermine security, encryption advocates said.

A full-throated endorsement of robust encryption methods, such as end-to-end encryption and full-disk encryption, can cut off that path, they said.

“It could be a game-changer,” Bankston said. “I think it would help us put to bed this debate that’s been raging for well over a year.”

“We can move on and start having a more productive conversation about how law enforcement and the tech community can adapt to a world where encryption is common,” he added.

Tags: , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
main-snowden
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
ph
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more