Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘privacy’


European Antitrust Chief Takes Swipe at Privacy Issue

January 19, 2016

MUNICH — Margrethe Vestager, the European Union’s antitrust chief, warned on Sunday that the collection of a vast amount of users’ data by a small number of tech companies like Google and Facebook could be in violation of the region’s tough competition rules.

Ms. Vestager’s comments are the latest in a growing chorus of European criticism about the privacy practices of American tech giants, many of which rely on crunching data based on people’s social media posts, online search queries and e-commerce purchases to fuel their digital advertising businesses.

The comments by Ms. Vestager, who, as the region’s top competition official, has sweeping powers to fine companies that are found to abuse their dominant market positions, show that European officials are stepping up their fight to strengthen data protection. In the European Union, an individual’s right to privacy is viewed on par with other fundamental rights like freedom of expression.

“If a few companies control the data you need to cut costs, then you give them the power to drive others out of the market,” Ms. Vestager said at the DLD conference, a gathering of digital executives and policy makers.

She said that “it’s hard to know” how much data is given up when using an online messaging service.

“But it’s a business transaction, not a free giveaway,” she continued. “As consumers, we need to be treated fairly.”

Ms. Vestager’s warning shot in the often-rancorous privacy debate comes ahead of a Jan. 31 deadline for Europe and the United States to reach a new data-sharing agreement.

The new so-called safe harbor agreement is needed after the European Court of Justice ruled last year that Europeans’ digital data was not sufficiently protected when transferred to the United States. Negotiations between the European Commission, the executive arm of the European Union, and the United States Commerce Department are continuing — though legal experts, government officials and industry watchers think that an agreement may not be reached by the end of the month.

A number of European executives echoed Ms. Vestager’s fears about how a small number of American tech companies could use their large-scale data collection to favor their own services over those of rivals. Among them was Oliver Samwer, the German entrepreneur who co-founded Rocket Internet, one of the region’s most high-profile tech companies.

“If someone like Google or Facebook has all of the data, then that’s not good,” Mr. Samwer said here on Sunday.

But for Ms. Vestager, a 47-year-old Danish politician who has garnered both fans and detractors for her ambitious competition activities, adding data protection to her portfolio could prove difficult.

She has already begun, for example, investigations into Apple’s tax practices in Ireland and has started a wide-ranging inquiry into e-commerce that analysts say could encompass the likes of Amazon, among others.

Ms. Vestager also brought antitrust charges against Google last April, saying the search giant had unfairly favored some of its digital services over those of rivals. An announcement in that case is expected in late spring, according to officials, while a separate European investigation continues into whether Google used Android, its popular mobile software, to unfairly restrict rivals from operating in the 28-member bloc.

On Sunday, Ms. Vestager denied claims that Europe was unfairly targeting American tech companies, although some executives in the United States have claimed that European officials are trying to bolster local technology companies at the expense of their large American rivals.

Ms. Vestager added that she was not against further consolidation within the industry, despite European antitrust officials’ balking at a number of recent proposed takeovers in the region’s telecommunications sector that they said would reduce competition at the consumer level. Future mergers, she said, should not reduce consumer choice and worsen market competition.

“You can’t just go out there and buy yourself a monopoly,” Ms. Vestager said.

Tags: , , ,


Apple’s Tim Cook pushes White House to take stand on encryption

January 14, 2016

It seems Apple CEO Tim Cook isn’t shy about doling out advice to the Obama administration.

Cook is reportedly unhappy with the White House’s unwillingness to take a stance on encryption, or the scrambling of emails and other messages to keep them private. According to The Intercept, he made his concerns clear to a high-level delegation of officials during a meeting in San Jose, California, last week, asking the administration to issue a statement defending the use of unbreakable encryption.

At the center of the debate is the use of back doors. These intentional openings coded into software let law enforcement officials bypass security measures and get at your data. The FBI and some administration officials argue that the tech industry should put such back doors in place so law enforcement can access communications between terrorists and protect national security. But the industry is fighting back, in part because they’re afraid hackers could exploit those same back doors.

At a meeting to discuss counterterrorism, attended by representatives from companies including Facebook, Twitter, Google, DropBox, Microsoft and LinkedIn, Cook told White House officials they should state publicly “no back doors.”

Apple did not immediately respond to a request for comment.

Firms such as Facebook and Google are widely known to comply with legal requests from police and security agencies to help tackle serious crime and terrorism. Over the past few years, they’ve attempted to be more transparent about how many of these requests they receive and comply with. When it comes to encryption though, the tech industry is keen to show that it’s putting users first, and it’s been steadfast in its refusal to introduce vulnerabilities into otherwise impenetrable systems.

As for the White House, its position on encryption is less clear. Attorney General Loretta Lynch reportedly responded to Cook by saying there needed to be “balance” between privacy and national security.

The issue isn’t going away. Last September the White House decided not to seek a legislative fix to deal with the increased use of encryption by the tech industry. A Washington Post report, however, quoted an email from the US intelligence community’s top lawyer as saying the administration should be “keeping our options open.”

Tags: , , ,


January 12, 2016

It’s become impossible to talk about encryption policy without lying.

Over the last year, we’ve been talking about encryption a lot, driven by a string of speeches from FBI director James Comey. A congressman compared encryption to child pornography and apartheid, and Hillary Clinton proposed a new Manhattan-like Project initiative to settle the question of government access on a technical level. Just last week, executives from Apple, Google, and others attended a special meeting with the White House to talk about terrorism, social media, and, of course, encryption.

We’ve been having some version of this conversation for 20 years, but somehow it gets worse each time. We’re at the point where essentially all public discussion of encryption policy consists of repeating false premises back and forth, making it all but impossible to talk about what’s actually at stake.

So I’d like to start the conversation over, tackling those premises one by one. Nearly any discussion of encryption and government will include at least one of these faulty premises. If you’re a bingo player, you can probably find an FBI speech with all five. Here goes…

Terrorists are going dark

This is the opening shot to the whole terrible conversation. The FBI loves to talk about criminals and terrorists “going dark” — a scary way of saying “talking in a manner not accessible by court order.” If only Apple and Google would stop them from going so dark! The phrasing is important: “going dark” suggests they weren’t in the dark already. We used to be able to listen in, and now we can’t.

The problem is, that just isn’t true. Sometimes the “going dark” lie takes the form of a specific claim, as in the discredited reports that WhatsApp or the PlayStation network were used to plan the Paris attacks. But it’s also false in a general sense. There’s just no reason to think that the FBI is having a harder time tracking criminal activity than it did 15 years ago.

The bureau is having more warrants come back empty, sure, but that’s because there are more warrants to serve. Fifteen years ago, it would have been unthinkable to order Microsoft to turn over a private file from a personal computer, or ask Verizon for a transcript of an unflagged phone call from three months earlier. But the shift to mobile has made those records seem much more accessible. Files are all in the cloud anyway, and texts are a lot easier to store than audio. Most of what the FBI wants is already sitting on a server somewhere. The bureau feels entitled to all that data and gets angry when companies refuse. But without the technological shifts made possible by encryption — email, SMS, cloud storage, and so on — most of these warrants would never be written up in the first place.

Maybe you think the FBI should have access to all that data. Many principled people agree! If they have a warrant, it’s perfectly constitutional, which is more than you can say for the NSA. But the fact is, you’d be fighting for a massive expansion of surveillance power. Saying otherwise just starts the entire conversation out on a lie.

Tech companies aren’t cooperating with the government

This one is the lie both sides can agree on, as the FBI rushes to show how tech companies are dodging warrants and companies rush to show how far they’re willing to go to protect user privacy.

Apple is currently fighting a drug warrant that would require it to pull non-cloud messages from a user’s phone. At the same time, Microsoft is fighting a US court order for data held on servers in Ireland. They’re important cases, with US companies staring down their own government over privacy issues.

But as important as those cases are, they’re the exception to the rule. The move to the cloud really has made data more accessible, and for the most part the FBI has no trouble getting it. The right court order will still get police into your Gmail and iCloud accounts, which probably also includes your phone’s photos and chat logs. Facebook served more than 800 wiretap orders last year in the US alone. Despite all the high-profile legal pushback, the vast majority of government requests are fulfilled.

That doesn’t mean feds get everything they want. They’d like real-time PRISM-style access to everything on the network. Failing that, they’d like fewer legal challenges to court orders. You can’t always get what you want. But right now, feds are framing the debate as an all-or-nothing choice, which glosses over the huge amount of access they already have.

What the FBI wants is impossible to implement

This one comes from the other side, the groups pushing back against the FBI’s proposals. The most truthful version of this argument came in November, when some of the world’s most respected cryptographers wrote a paper in The Journal of Cybersecurity saying the FBI’s proposals were “unworkable in practice.” The paper itself is generally right, but somehow that “unworkable” phrase has transformed into the belief that what Comey is proposing is genuinely impossible, incompatible with even the most basic forms of security on the web.

The misunderstanding is so deep that when cryptographer David Chaum came out with his preferred solution last week — a so-called “backdoor with nine different padlocks on it” — it was heralded from some corners as a genuine technical breakthrough. All those techies said it couldn’t be done!

But retaining all that data isn’t technically impossible; it just opens up a huge and unnecessary security hole. It means services can’t delete anything, and whatever database holds those records is going to become target number one for attackers. Whatever system you put in place to protect that database better be absolutely flawless because it will be the first system they try to break. Security is hard enough without painting a target on your back.

(Since I keep bringing up Gmail as an example of warrant-friendly crypto, it’s worth remembering that this is exactly how the NSA attacked it, breaking into Google’s private network to pull bulk email in unencrypted form. China probably gave it a shot, too!)

Having said that, it’s all entirely possible. It would be a huge, sustained headache for anyone in the information protection business, but no more intrusive than, say, emission regulations for cars. It would make it impossible to implement specific systems like end-to-end encryption and most forms of forward secrecy, but complementary tools like domain awareness would be relatively unaffected. It would also put US-based software at a long-term disadvantage, just like export restrictions on key length did in the ’90s. The effect would certainly be weaker security and more breaches. But not only is all that possible, it’s completely in line with US tech policy of the past 20 years. Sometimes the government implements horrible and destructive policies, and everyone just has to deal with it. That’s why this whole conversation is so important.

Which brings us to lie #4…

It’s about encryption

Of course, we’re all calling it “the encryption debate” (including me, in the title of this very post), so this one’s on all of us. The name is useful for privacy groups too because it forces feds to come out as “against encryption,” which sounds really silly to anyone who isn’t employed by the federal government.

But really the argument we’re having has nothing to do with encryption. It’s all about access.

The FBI is perfectly happy with encryption as long as all it’s doing is protecting your credit card number and making sure no one other than Google can see your email. What they don’t like is when encryption is used to lock them out — or worse, when the data they want isn’t retained at all. Put very simply, they don’t want you to be able to have a conversation on the internet that they can’t somehow monitor, given the right legal authorities. As long as you aren’t using encryption to do that, you’re just fine in the feds’ eyes. On the other side, the feds’ biggest target is protocols like Signal that don’t keep metadata logs at all.

It’s a little tricky because, as we learned in 2013, the NSA is also attacking the fundamentals of cryptography, planting vulnerabilities in random number generators to be exploited later on. But that’s a necessarily secret campaign, and it’s hard to imagine warrants ever fitting into it. What the FBI and Congress want is different, and making it happen will be less a matter of espionage than political clout.

Regulating tech companies will help us stop terrorist plots

This is the most powerful lie, the one we heard after Paris and again after San Bernardino. If only we could have found out where the terrorists were talking and listened in, the whole tragedy could have been averted. What if digging up a few crucial iMessages could have saved dozens of lives?

The problem is, there’s no evidence that that’s true. Hindsight investigations have found lots of tragically dropped leads in the run-up to recent attacks, but they’ve mostly been either available information that was ignored or pre-existing flags within the intelligence system. Both the Paris and San Bernardino plots seem to have been hatched in person, leaving as little online footprint as possible.

Even beyond specific attacks, there’s little evidence of ISIS and other terror groups planning attacks from US-owned tech platforms. The one private chat tool we know ISIS affiliates are using, Telegram, is based in Germany. Cracking open those channels. would be significantly more complicated than passing a US law.

That doesn’t mean that putting a backdoor in iMessage wouldn’t help catch criminals — but they wouldn’t be terrorists. Based on the cases we’ve already seen, they’re most likely to be drug dealers, trade-secret thieves, or generals cheating on their wives. In short, people who don’t expect anyone to come looking for them. Maybe you think it’s worth mandating server access to solve those cases. It’s a worthwhile conversation to have. But instead, we’re talking about terrorism and then proposing systems that would be used on run-of-the-mill domestic felonies.

* * * * *
What would the conversation look like without these ideas? It’s hard to say. It would be less confused, and probably a lot less friendly to government interests, but I genuinely don’t know how the public would respond to the real ideas involved. Until they’ve heard them, it’s impossible to know.

There are real problems at the heart of this debate, fundamental questions of liberty and security and how technological progress can change that balance. There are questions about the deep state and how institutions like the FBI or NSA can be held accountable to the people they nominally serve. We have to come up with some sort of answer for these questions, and to do that, we need to be able to talk about what’s actually at stake. So far, we haven’t been able to.

Tags: , , ,


200 Cyber Activists Urge World Leaders to Reject Encryption ‘Back Doors’

January 11, 2016

Nearly 200 Internet and digital rights experts, companies and organizations are collectively calling on the Obama administration and other world leaders to oppose any efforts to create “back doors” to encryption.

“We urge you to protect the security of your citizens, your economy, and your government by supporting the development and use of secure communications tools and technologies, rejecting policies that would prevent or undermine the use of strong encryption, and urging other leaders to do the same,” they said in an open letter made public on Monday.

“Encryption tools, technologies, and services are essential to protect against harm and to shield our digital infrastructure and personal communications from unauthorized access.”

The letter was organized by Access Now, a digital rights group with offices in the U.S. and several other countries. Signees are from more than 40 countries and include: former CIA analyst John Kiriakou; David Kaye, U.N. Special Rapporteur for Freedom of Opinion and Expression; Iceland parliament member Birgitta Jónsdóttir; the American Civil Liberties Union; Amnesty International; and Human Rights Watch.

Nathan White, senior legislative manager at Access Now, said a copy of the letter has been delivered to Obama administration officials. While White House officials have said they are not seeking a “back door” to encrypted communications, they haven’t issued a clear policy supporting strong encryption, White said. That has led other government agencies and foreign governments — the U.K., for instance — to feel free to press ahead with legislation that would weaken encryption, he said.

“The White House needs to clarify what its policy is, because right now the lack of a policy is indicating others are able to take the lead,” White said.

On Friday, top administration security officials met with the leaders of major tech companies including Apple, Google and Facebook to discuss ways to prevent terrorists from using encryption, social media and other technologies to communicate.

“Given the way that technology works these days, there surely are ways that we can disrupt paths to radicalization, to identify recruitment patterns, and to provide metrics that allow us to measure the success of our counter-radicalization efforts,” White House press secretary Josh Earnest said ahead of the meeting

Tags: , , ,

windows 10

Why is Microsoft monitoring how long you use Windows 10?

January 5, 2016

The various privacy concerns surrounding Windows 10 have received a lot of coverage in the media, but it seems that there are ever more secrets coming to light. The Threshold 2 Update did nothing to curtail privacy invasion, and the latest Windows 10 installation figures show that Microsoft is also monitoring how long people are using the operating system.

This might seem like a slightly strange statistic for Microsoft to keep track of, but the company knows how long, collectively, Windows 10 has been running on computers around the world. To have reached this figure (11 billion hours in December, apparently) Microsoft must have been logging individuals’ usage times. Intrigued, we contacted Microsoft to find out what on earth is going on.

If the company has indeed been checking up on when you are clocking in and out of Windows 10, it’s not going to admit it. I asked how Microsoft has been able to determine the 11 billion hours figure. Is this another invasion of privacy, another instance of spying that users should be worried about? “I just wanted to check where this figure came from. Is it a case of asking people and calculating an average, working with data from a representative sample of people, or it is a case of monitoring every Windows 10 installation?”

You think that Microsoft — keen as it is on transparency — would be quite happy to explain how it came about the information, and why it is being collected in the first place. But no. A Microsoft spokesperson provided BetaNews with the following statement:

Thank you for your patience as I looked into this for you. Unfortunately my colleagues cannot provide a comment regarding your request. All we have to share is this Windows blog post.

Microsoft’s spying is intrusive enough to reveal how long you have been using Windows 10, but the company is not willing to be open about the collection of this data.

Cause for concern, or is this just another example of what we have come to expect from Microsoft?

Photo credit: veronchick84 / Shutterstock

Tags: , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more