Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘NSA’

csm_000_Par7505646_01_81f6fba6c8

Under Surveillance: Journalists Urged To Guard Their Data

May 30, 2016

The two most important principles for great journalism go hand in hand: first, to hold power to account, and second, to protect sources.
However, both principles are becoming increasingly challenging in light of the UK government’s attack on Freedom of Information and the expansive surveillance powers laid out in the Draft Investigatory Powers Bill.
If the UK Home Office has its way, bulk collection of metadata and content, collation of ‘bulk personal datasets’ (including innocent people’s political opinions, medical conditions, ethnicity, sexuality) and even bulk hacking, will be exercised under the new legislation. This is despite the extreme breaches of human rights law and basic democratic principles.
Journalistic principles are more important than ever if the draft bill becomes law in the United Kingdom. Equally important is for journalists to offer real source protection and adopt good information security practices.
It is thanks to great journalism, and excellent information security, that we can even have an informed debate about the surveillance state today. I’m referring, of course, to the courageous work of Glenn Greenwald and other journalists. It was their reporting on thousands of classified documents from NSA whistleblower Edward Snowden – jigsaw pieces put together over the past two and a half years – that formed an unrecognisable and frankly dystopian picture of the Western democracies we thought we knew.
Whistleblowing and journalism has forced UK intelligence agencies and government to present comprehensive legislation to parliament in form of the draft bill to clearly define the powers that have been, and currently are, exercised with dubious legality. Few expected the worst of Snowden’s revelations to be proliferated and even extended, but they have been.
The UK government made a great deal of ‘journalist protections’ in the draft bill. I spent considerable time looking for them in the 300-page document. There aren’t any. There is a draft code of practice accompanying the bill, which recommends that police and spies have ‘consideration’ when gathering data on, or intercepting, journalist-source communications. But the bill gives police and intelligence agencies the power to spy on, intercept and even hack journalists’ communications. Since when is ‘consideration’ an effective safeguard to protect a critical pillar of a free society – a free press?
Journalists rarely know when they are being spied on. Authorities need not declare their target’s job; there is no obligation to inform those wrongfully spied on; and intercept evidence is banned from the courts. Despite the near impossibility of finding out you’ve been the target of surveillance, there are increasing examples of unjustified surveillance of journalists and their sources.
Journalists who want to be able to offer source protection; who want to do serious investigative work; who want to hold power to account, must adopt information security practices. Information security is source protection in the digital age, and journalists who show an awareness, willingness and ability to adopt digital security behaviours will attract valuable sources and stories.
My top tips for journalists on protecting their data:
• Don’t offer source protection unless you are confident you can provide it. It is important to give potential sources an honest and informed evaluation of the protection you can provide them and the safety of your communications. Their livelihoods, and in some countries their lives, could be at stake.
• Information you need to understand the risks and defend against them is widely available, including this free handbook from the Centre for Investigative Journalism.
• Use encryption to securely exchange emails and to safely share important source files. Encryption wraps communications in impenetrable code, so that the content is only accessible to the intended recipient/s. It is one of the very best ways we have of securing modern communications and technologies.
• Using the Centre for Investigative Journalism handbook you can learn some simple but highly effective ways to encrypt your emails, use encrypted instant messaging and store or exchange encrypted files.
By Silkie Carlo
www.newssafety.org

Tags: , , , , , ,

snow

Snowden: Democratic debate showed major shift in how I am perceived

November 9, 2015

NSA whistleblower points to ‘extraordinary change’ in attitudes as he notes that Democratic candidates for US president did not call him a traitor

Edward Snowden says he plans to attempt to vote in the 2016 election.
 Edward Snowden says he plans to attempt to vote in the 2016 election. Photograph: Alan Rusbridger for the Guardian

Edward Snowden has described the Democratic presidential debate last month as marking an “extraordinary change” in attitudes towards him.

In a lengthy interview with Sweden’s Dagens Nyheter published on Friday, Snowden said he had been encouraged by the debate between Hillary Clinton and Bernie Sanders, her main challenger for the Democratic nomination.

During the televised encounter, both candidates called for Snowden to face trial, but Sanders said he thought the NSA whistleblower had “played a very important role in educating the American people”.

That marked an important shift in the US debate over Snowden’s action, he said.

The former National Security Agency analyst said it had taken 30 years for Daniel Ellsberg, who leaked the Pentagon Papers about the Vietnam war, to shift from being described regularly as a traitor.

But not once in the debate had Snowden been referred to as a traitor.

Snowden, who is living in exile in Moscow after leaking tens of thousands of secret documents from the NSA and its sister agency in the UK, GCHQ, said: “I did see the debate live. It was actually extraordinarily encouraging. In 2013, they were calling for me to be hanged. They were using the word ‘traitor’ and things like ‘blood on your hands’.

“Nobody on the stage, as far as I know, used the word traitor now. In just two years, that’s an extraordinary change.”

In the debate, Clinton said that Snowden had violated US law and should face trial.

Sanders also suggested that he ought to be tried. “I think there should be a penalty to that,” he said. “But I think that education should be taken into consideration before the sentencing.”

Snowden, asked if he would vote, said he would definitely try, even if only as a symbolic gesture.

“I’ll send them my vote by mail. It’s not like it will count in a meaningful way because such a small portion of the votes come by mail. But that’s not the point; the point is the expression of it,” he said.

Snowden, who in the past supported the Republican Ron Paul, was asked if he would vote for Clinton or Donald Trump. He laughed, declining to comment on the grounds that it would be too inflammatory.

Tags: , , , , , , , ,

88e3788f-55d7-4420-adbb-3fde78baefb7-1020x612

Could a simple mistake be how the NSA was able to crack so much encryption?

October 16, 2015

Most encryption software does the high-tech equivalent of reusing passwords, and that could be how the US national security agency decrypted communications

Edward Snowden revealed the NSA's widespread surveillance regime in 2013. Now, computer scientists might finally have uncovered how the agency was able to read encrypted communications.
 Edward Snowden revealed the NSA’s widespread surveillance regime in 2013. Now, computer scientists might finally have uncovered how the agency was able to read encrypted communications. Photograph: BBC Panorama/PA

Computer scientists J Alex Halderman and Nadia Heninger argue that a common mistake made with a regularly used encryption protocol leaves much encrypted traffic open to eavesdropping from a well-resourced and determined attacker such as the US national security agency.

The information about the NSA leaked by Edward Snowden in the summer of 2013 revealed that the NSA broke one sort of encrypted communication, virtual private networks (VPN), by intercepting connections and passing some data to the agency’s supercomputers, which would then return the key shortly after. Until now, it was not known what those supercomputers might be doing, or how they could be returning a valid key so quickly, when attacking VPN head-on should take centuries, even with the fastest computers.

The researchers say the flaw exists in the way much encryption software applies an algorithm called Diffie-Hellman key exchange, which lets two parties efficiently communicate through encrypted channels.

A form of public key cryptography, Diffie-Hellman lets users communicate by swapping “keys” and running them through an algorithm which results in a secret key that both users know, but no-one else can guess. All the future communications between the pair are then encrypted using that secret key, and would take hundreds or thousands of years to decrypt directly.

But the researchers say an attacker may not need to target it directly. Instead, the flaw lies in the exchange at the start of the process. Each person generates a public key – which they tell to their interlocutor – and a private key, which they keep secret. But they also generate a common public key, a (very) large prime number which is agreed upon at the start of the process.

Since those prime numbers are public anyway, and since it is computationally expensive to generate new ones, many encryption systems reuse them to save effort. In fact, the researchers note, one single prime is used to encrypt two-thirds of all VPNs and a quarter of SSH servers globally, two major security protocols used by a number of businesses. A second is used to encrypt “nearly 20% of the top million HTTPS websites”.

The problem is that, while there’s no need to keep the chosen prime number secret, once a given proportion of conversations are using it as the basis of their encryption, it becomes an appealing target. And it turns out that, with enough money and time, those commonly used primes can become a weak point through which encrypted communications can be attacked.

In their paper, the two researchers, along with a further 12 co-authors, describe their process: a single, extremely computationally intensive “pre-calculation” which “cracks” the chosen prime, letting them break communications encrypted using it in a matter of minutes.

How intensive? For “shorter” primes (512 bits long, about 150 decimal digits), the precalcuation takes around a week – crippling enough that, after it was disclosed with the catchy name of “Logjam”, major browsers were changed to reject shorter primes in their entirety. But even for the gold standard of the protocol, using a 1024-bit prime, a precalculation is possible, for a price.

The researchers write that “it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year”.

“Based on the evidence we have, we can’t prove for certain that NSA is doing this. However, our proposed Diffie-Hellman break fits the known technical details about their large-scale decryption capabilities better than any competing explanation.”

There are ways around the problem. Simply using a unique common prime for each connection, or even for each application, would likely reduce the reward for the year-long computation time so that it was uneconomical to do so. Similarly, switching to a newer cryptography standard (“elliptic curve cryptography”, which uses the properties of a particular type of algebraic curve instead of large prime numbers to encrypt connections) would render the attack ineffective.

But that’s unlikely to happen fast. Some occurrences of Diffie-Hellman literally hard-code the prime in, making it difficult to change overnight. As a result, “it will be many years before the problems go away, even given existing security recommendations and our new findings”.

“In the meantime, other large governments potentially can implement similar attacks, if they haven’t already.”

Tags: , , , , , ,

151006-max-schrems-0450_180c0c2499e41629332d216d09f930e5.nbcnews-ux-320-320

Europe’s Top Court Backs Law Student in Facebook Privacy Case

October 6, 2015

LUXEMBOURG — The European Union’s highest court ruled Tuesday in favor of an Austrian law student who claims a trans-Atlantic data protection agreement doesn’t adequately protect consumers, a verdict that could have far-reaching implications for tech companies doing business in Europe.

Image: Max Schrems
Max Schrems waits for the verdict of the European Court of Justice in Luxembourg on Tuesday. JULIEN WARNAND / EPA

Max Schrems launched the case following revelations two years ago by former National Security Agency contractor Edward Snowden about the NSA’s surveillance programs.

Schrems complained to the data protection commissioner in Ireland, where Facebook has its European headquarters, that U.S. law doesn’t offer sufficient protection against surveillance of data transferred by the social media company to servers in the United States.

Irish authorities initially rejected his complaint, pointing to a 2000 decision by the EU’s executive Commission that, under the so-called “safe harbor” agreement, the U.S. ensures adequate data protection.

The agreement has allowed for the free transfer of information by companies from the EU to U.S. It has been seen as a boost to trade since, absent such a deal, swift and smooth data exchange over the Internet would be much more difficult.

Without “safe harbor,” personal data transfers are forbidden, or only allowed via costlier and more time-consuming means, under EU laws that prohibit data-sharing with countries deemed to have lower privacy standards, of which the United States is one.

On Tuesday, the European Court of Justice ruled the decision by the Commission invalid. It said that the “safe harbor” deal enables interference by U.S. authorities with fundamental rights and contains no reference either to U.S. rules to limit any such interference or to effective legal protection against it.

The court said the effect of the ruling is that the Irish data commissioner will now be required to examine Schrems’ complaint “with all due diligence.”

Once it has concluded its investigation, the authority must “decide whether … transfer of the data of Facebook’s European subscribers to the United States should be suspended on the ground that that country does not afford an adequate level of protection of personal data,” the court said in a summary of its ruling.

Image: Facebook and European Union logos
A 3D-printed Facebook logo is seen in front of the logo of the European Union in this picture illustration. DADO RUVIC / Reuters, file

Facebook said it couldn’t immediately comment.

Schrems said he hoped the ruling will be a milestone for online privacy.

“This decision is a major blow for U.S. global surveillance that heavily relies on private partners,” Schrems said in a statement. “The judgement makes it clear that U.S. businesses cannot simply aid U.S. espionage efforts in violation of European fundamental rights.”

However, he noted that the ruling doesn’t bar data transfers from the EU to the U.S., but rather allows national data protection authorities to review individual transfers.

“Despite some alarmist comments I don’t think that we will see mayor disruptions in practice,” Schrems said.

But Richard Cumbley, global head of technology, media and telecommunications at law firm Linklaters, disagreed.

“This is extremely bad news for EU-U.S. trade,” he said. “Without ‘safe harbor,’ [businesses] will be scrambling to put replacement measures in place.” 

Tags: , , , ,

AAeYhK4

Emails: Russia-linked hackers tried to access Clinton server

October 5, 2015

WASHINGTON (AP) — Russia-linked hackers tried at least five times to pry into Hillary Rodham Clinton’s private email account while she was secretary of state, emails released Wednesday show. It is unclear if she clicked on any attachment and exposed her account.

Clinton, the Democratic front-runner in the 2016 presidential race, received the infected emails, disguised as speeding tickets from New York, over four hours early the morning of Aug. 3, 2011. The emails instructed recipients to print the attached tickets. Opening the attachment would have allowed hackers to take over control of a victim’s computer.

Security researchers who analyzed the malicious software in September 2011 said that infected computers would transmit information from victims to at least three server computers overseas, including one in Russia. That doesn’t necessarily mean Russian intelligence or citizens were responsible.

Nick Merrill, a spokesman for Clinton’s Democratic presidential campaign, said: “We have no evidence to suggest she replied to this email or that she opened the attachment. As we have said before, there is no evidence that the system was ever breached. All these emails show is that, like millions of other Americans, she received spam.”

Practically every Internet user is inundated with spam or virus-riddled messages daily. But these messages show hackers had Clinton’s email address, which was not public, and sent her a fake traffic ticket from New York state, where she lives. Most commercial antivirus software at the time would have detected the software and blocked it.

The phishing attempts highlight the risk of Clinton’s unsecure email being pried open by foreign intelligence agencies, even if others also received the virus concealed as a speeding ticket from Chatham, New York. The email misspelled the name of the city, came from a supposed New York City government account and contained a “Ticket.zip” file that would have been a red flag.

Clinton has faced increasing questions over whether her unusual email setup amounted to a proper form of secrecy protection and records retention. The emails themselves — many redacted heavily before public release — have provided no shocking disclosures thus far and Clinton has insisted the server was secure.

During Clinton’s tenure, the State Department and other U.S. government agencies faced their own series of hacking attacks. U.S. counterterrorism officials have linked them to China and Russia. But the government has a large staff of information technology experts, whereas Clinton has yet to provide any information on who maintained her server and how well it was secured.

The emails released Wednesday also show a Clinton confidant urging her boss and others in June 2011 not to “telegraph” how often senior officials at the State Department relied on their private email accounts to do government business because it could inspire hackers to steal information. The discussion never mentioned Clinton’s own usage of a private email account and server.

The exchange begins with policy chief Anne-Marie Slaughter lamenting that the State Department’s technology is “so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively.” She said more funds were needed and that an opinion piece might make the point to legislators.

Clinton said the idea “makes good sense,” but her chief of staff, Cheryl Mills, disagreed: “As someone who attempted to be hacked (yes I was one), I am not sure we want to telegraph how much folks do or don’t do off state mail b/c it may encourage others who are out there.”

The hacking attempts were included in the 6,300 pages the State Department released, covering a period when U.S. forces killed Osama bin Laden and the Arab Spring rocked American diplomacy.

The former first lady and New York senator had maintained that nothing was classified in her correspondence, but the intelligence community has identified messages containing “top secret” information. Clinton had insisted that all of her work emails were being reviewed by the State Department, but Pentagon officials recently discovered a new chain of messages between Clinton and then-Gen. David Petraeus dating to her first days in office that she did not send to the State Department.

As part of Wednesday’s release, officials upgraded the classification level of portions of 215 emails, State Department spokesman John Kirby said. Almost all were “confidential,” the lowest level of classification. Three emails were declared “secret,” a mid-tier level for information that could still cause serious damage to national security, if made public.

“The information we upgraded today was not marked classified at the time the emails were sent,” Kirby stressed.

Tags: , , , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more
privacy-coins-and-bitcoin-dominance-guide
9 Important Privacy Settings for Windows 10
June 3, 2019

Matt Powell On Jun 3, 2019 At first glance, the Digital Age may seem like a wonderful thing. And ...

Read more
apple
Apple exec dismisses Google CEO’s criticism over turning privacy into a ‘luxury good’
May 29, 2019

By Jacob Kastrenakes@jake_k May 27, 2019, 12:18pm EDT Apple’s software chief, Craig Federigh...

Read more
telegram-3m
Your Privacy Is Our Business
April 30, 2019

Let us reassure you: You’re worried only because you don’t understand anything about anything. ...

Read more