Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘security’

111915_dotcom_clinton_1280

Official: Withheld Clinton emails contain ‘operational’ intel, put lives at risk

February 2, 2016

EXCLUSIVE: Highly classified Hillary Clinton emails that the intelligence community and State Department recently deemed too damaging to national security to release contain “operational intelligence” – and their presence on the unsecure, personal email system jeopardized “sources, methods and lives,” a U.S. government official who has reviewed the documents told Fox News.

The official, who was not authorized to speak on the record and was limited in discussing the contents because of their highly classified nature, was referring to the 22 “TOP SECRET” emails that the State Department announced Friday it could not release in any form, even with entire sections redacted.

The announcement fueled criticism of Clinton’s handling of highly sensitive information while secretary of state, even as the Clinton campaign continued to downplay the matter as the product of an interagency dispute over classification. But the U.S. government official’s description provides confirmation that the emails contained closely held government secrets. “Operational intelligence” can be real-time information about intelligence collection, sources and the movement of assets.

The official emphasized that the “TOP SECRET” documents were sent over an extended period of time — from shortly after the server’s 2009 installation until early 2013 when Clinton stepped down as secretary of state.

Separately, Rep. Mike Pompeo, R-Kan., who sits on the House intelligence committee, said the former secretary of state, senator, and Yale-trained lawyer had to know what she was dealing with.

“There is no way that someone, a senior government official who has been handling classified information for a good chunk of their adult life, could not have known that this information ought to be classified, whether it was marked or not,” he said. “Anyone with the capacity to read and an understanding of American national security, an 8th grade reading level or above, would understand that the release of this information or the potential breach of a non-secure system presented risk to American national security.”

Pompeo also suggested the military and intelligence communities have had to change operations, because the Clinton server could have been compromised by a third party.

“Anytime our national security team determines that there’s a potential breach, that is information that might potentially have fallen into the hands of the Iranians, or the Russians, or the Chinese, or just hackers, that they begin to operate in a manner that assumes that information has in fact gotten out,” Pompeo said.

On ABC’s “This Week” on Sunday, one day before the Iowa caucuses, Clinton claimed ignorance on the sensitivity of the materials and stressed that they weren’t marked.

“There is no classified marked information on those emails sent or received by me,” she said, adding that “Republicans are going to continue to use it [to] beat up on me.”

Clinton was pressed in the same ABC interview on her signed 2009 non-disclosure agreement which acknowledged that markings are irrelevant, undercutting her central explanation. The agreement states “classified information is marked or unmarked … including oral communications.”

Clinton pointed to her aides, saying: “When you receive information, of course, there has to be some markings, some indication that someone down the chain had thought that this was classified and that was not the case.”

But according to national security legal experts, security clearance holders are required to speak up when classified information is not in secure channels.

“Everybody who has a security clearance has an individual obligation to protect the information,” said national security attorney Edward MacMahon Jr., who represented former CIA officer Jeffrey Sterling in the high-profile leak investigation regarding a New York Times reporter. “Just because somebody sends it to you … you can’t just turn a blind eye and pretend it never happened and pretend it’s unclassified information.”

These rules, known as the Code of Federal Regulations, apply to U.S. government employees with security clearances and state there is an obligation to report any possible breach by both the sender and the receiver of the information. The rules state: “Any person who has knowledge that classified information has been or may have been lost, possibly compromised or disclosed to an unauthorized person shall immediately report the circumstances to an official designated for this purpose.”

The Clinton campaign is now calling for the 22 “TOP SECRET” emails to be released, but this is not entirely the State Department’s call since the intelligence came from other agencies, which have final say on classification and handling.

“The State Department has no authority to release those emails and I do think that Secretary Clinton most assuredly knows that,” Pompeo said.

Meanwhile, the release of other emails has revealed more about the high-level exchange of classified information on personal accounts. Among the latest batch of emails released by the State Department is an exchange between Clinton and then-Sen. John Kerry, now secretary of state. Sections are fully redacted, citing classified information – and both Kerry and Clinton were using unsecured, personal accounts.

Further, a 2009 email released to Judicial Watch after a federal lawsuit — and first reported by Fox News — suggests the State Department ‘s senior manager Patrick Kennedy was trying to make it easier for Clinton to check her personal email at work, writing to Clinton aide Cheryl Mills a “stand-alone separate network PC is … [one] great idea.”

“The emails show that the top administrator at the State Department, Patrick Kennedy, who is still there overseeing the response to all the inquiries about Hillary Clinton, was in on Hillary Clinton’s separate email network and system from the get-go,” Judicial Watch President Tom Fitton said.

Kennedy is expected to testify this month before the Republican-led Benghazi Select Committee.

Catherine Herridge is an award-winning Chief Intelligence correspondent for FOX News Channel (FNC) based in Washington, D.C. She covers intelligence, the Justice Department and the Department of Homeland Security. Herridge joined FNC in 1996 as a London-based correspondent.

Pamela K. Browne is Senior Executive Producer at the FOX News Channel (FNC) and is Director of Long-Form Series and Specials. Her journalism has been recognized with several awards. Browne first joined FOX in 1997 to launch the news magazine “Fox Files” and later, “War Stories.”

Tags: , ,

1453313199817

Parents say middle school’s anti-bullying program violated kids’ privacy

January 20, 2016

Parents of students at a Pittsburgh-area middle school were considering legal action over an anti-bullying program they say crossed the line, local news stations reported Tuesday.
During the Jan. 15 workshop, kids at West Allegheny Middle School reportedly were “grouped” based on how they answered questions about their personal lives. They were asked to identify whether they faced learning disabilities, if other people had called them “fat,” or if relatives had spent time in prison, among other questions, according to KDKA.

School board president Debbie Mirich responded, “We do stand behind the intentions of our workshop and we look forward [to] continuing our work with parents to address this very serious issue of bullying and the unintentional acts that continue to marginalize different groups of students.”

She added that the school board was not involved in running the program, but that students were never forced to answer questions.

Still, some parents argued that the workshop may have made bullying easier. “I would never expect a middle school to ask 13-year-old kids if your parents have ever been in jail, if they’re same sex, if they’re having financial issues,” Marie-Noelle Briggs told WPXI.

Parents said they were considering a class-action lawsuit but did not elaborate, KDKA adds.

Tags: , , ,

pp

European Antitrust Chief Takes Swipe at Privacy Issue

January 19, 2016

MUNICH — Margrethe Vestager, the European Union’s antitrust chief, warned on Sunday that the collection of a vast amount of users’ data by a small number of tech companies like Google and Facebook could be in violation of the region’s tough competition rules.

Ms. Vestager’s comments are the latest in a growing chorus of European criticism about the privacy practices of American tech giants, many of which rely on crunching data based on people’s social media posts, online search queries and e-commerce purchases to fuel their digital advertising businesses.

The comments by Ms. Vestager, who, as the region’s top competition official, has sweeping powers to fine companies that are found to abuse their dominant market positions, show that European officials are stepping up their fight to strengthen data protection. In the European Union, an individual’s right to privacy is viewed on par with other fundamental rights like freedom of expression.

“If a few companies control the data you need to cut costs, then you give them the power to drive others out of the market,” Ms. Vestager said at the DLD conference, a gathering of digital executives and policy makers.

She said that “it’s hard to know” how much data is given up when using an online messaging service.

“But it’s a business transaction, not a free giveaway,” she continued. “As consumers, we need to be treated fairly.”

Ms. Vestager’s warning shot in the often-rancorous privacy debate comes ahead of a Jan. 31 deadline for Europe and the United States to reach a new data-sharing agreement.

The new so-called safe harbor agreement is needed after the European Court of Justice ruled last year that Europeans’ digital data was not sufficiently protected when transferred to the United States. Negotiations between the European Commission, the executive arm of the European Union, and the United States Commerce Department are continuing — though legal experts, government officials and industry watchers think that an agreement may not be reached by the end of the month.

A number of European executives echoed Ms. Vestager’s fears about how a small number of American tech companies could use their large-scale data collection to favor their own services over those of rivals. Among them was Oliver Samwer, the German entrepreneur who co-founded Rocket Internet, one of the region’s most high-profile tech companies.

“If someone like Google or Facebook has all of the data, then that’s not good,” Mr. Samwer said here on Sunday.

But for Ms. Vestager, a 47-year-old Danish politician who has garnered both fans and detractors for her ambitious competition activities, adding data protection to her portfolio could prove difficult.

She has already begun, for example, investigations into Apple’s tax practices in Ireland and has started a wide-ranging inquiry into e-commerce that analysts say could encompass the likes of Amazon, among others.

Ms. Vestager also brought antitrust charges against Google last April, saying the search giant had unfairly favored some of its digital services over those of rivals. An announcement in that case is expected in late spring, according to officials, while a separate European investigation continues into whether Google used Android, its popular mobile software, to unfairly restrict rivals from operating in the 28-member bloc.

On Sunday, Ms. Vestager denied claims that Europe was unfairly targeting American tech companies, although some executives in the United States have claimed that European officials are trying to bolster local technology companies at the expense of their large American rivals.

Ms. Vestager added that she was not against further consolidation within the industry, despite European antitrust officials’ balking at a number of recent proposed takeovers in the region’s telecommunications sector that they said would reduce competition at the consumer level. Future mergers, she said, should not reduce consumer choice and worsen market competition.

“You can’t just go out there and buy yourself a monopoly,” Ms. Vestager said.

Tags: , , ,

GettyImages-501585832.0

January 12, 2016

It’s become impossible to talk about encryption policy without lying.

Over the last year, we’ve been talking about encryption a lot, driven by a string of speeches from FBI director James Comey. A congressman compared encryption to child pornography and apartheid, and Hillary Clinton proposed a new Manhattan-like Project initiative to settle the question of government access on a technical level. Just last week, executives from Apple, Google, and others attended a special meeting with the White House to talk about terrorism, social media, and, of course, encryption.

We’ve been having some version of this conversation for 20 years, but somehow it gets worse each time. We’re at the point where essentially all public discussion of encryption policy consists of repeating false premises back and forth, making it all but impossible to talk about what’s actually at stake.

So I’d like to start the conversation over, tackling those premises one by one. Nearly any discussion of encryption and government will include at least one of these faulty premises. If you’re a bingo player, you can probably find an FBI speech with all five. Here goes…

Terrorists are going dark

This is the opening shot to the whole terrible conversation. The FBI loves to talk about criminals and terrorists “going dark” — a scary way of saying “talking in a manner not accessible by court order.” If only Apple and Google would stop them from going so dark! The phrasing is important: “going dark” suggests they weren’t in the dark already. We used to be able to listen in, and now we can’t.

The problem is, that just isn’t true. Sometimes the “going dark” lie takes the form of a specific claim, as in the discredited reports that WhatsApp or the PlayStation network were used to plan the Paris attacks. But it’s also false in a general sense. There’s just no reason to think that the FBI is having a harder time tracking criminal activity than it did 15 years ago.

IT’S NO HARDER TO TRACK CRIMINAL ACTIVITY NOW THAN IT WAS 15 YEARS AGO
The bureau is having more warrants come back empty, sure, but that’s because there are more warrants to serve. Fifteen years ago, it would have been unthinkable to order Microsoft to turn over a private file from a personal computer, or ask Verizon for a transcript of an unflagged phone call from three months earlier. But the shift to mobile has made those records seem much more accessible. Files are all in the cloud anyway, and texts are a lot easier to store than audio. Most of what the FBI wants is already sitting on a server somewhere. The bureau feels entitled to all that data and gets angry when companies refuse. But without the technological shifts made possible by encryption — email, SMS, cloud storage, and so on — most of these warrants would never be written up in the first place.

Maybe you think the FBI should have access to all that data. Many principled people agree! If they have a warrant, it’s perfectly constitutional, which is more than you can say for the NSA. But the fact is, you’d be fighting for a massive expansion of surveillance power. Saying otherwise just starts the entire conversation out on a lie.

Tech companies aren’t cooperating with the government

This one is the lie both sides can agree on, as the FBI rushes to show how tech companies are dodging warrants and companies rush to show how far they’re willing to go to protect user privacy.

Apple is currently fighting a drug warrant that would require it to pull non-cloud messages from a user’s phone. At the same time, Microsoft is fighting a US court order for data held on servers in Ireland. They’re important cases, with US companies staring down their own government over privacy issues.

THE VAST MAJORITY OF GOVERNMENT REQUESTS ARE FULFILLED
But as important as those cases are, they’re the exception to the rule. The move to the cloud really has made data more accessible, and for the most part the FBI has no trouble getting it. The right court order will still get police into your Gmail and iCloud accounts, which probably also includes your phone’s photos and chat logs. Facebook served more than 800 wiretap orders last year in the US alone. Despite all the high-profile legal pushback, the vast majority of government requests are fulfilled.

That doesn’t mean feds get everything they want. They’d like real-time PRISM-style access to everything on the network. Failing that, they’d like fewer legal challenges to court orders. You can’t always get what you want. But right now, feds are framing the debate as an all-or-nothing choice, which glosses over the huge amount of access they already have.

What the FBI wants is impossible to implement

This one comes from the other side, the groups pushing back against the FBI’s proposals. The most truthful version of this argument came in November, when some of the world’s most respected cryptographers wrote a paper in The Journal of Cybersecurity saying the FBI’s proposals were “unworkable in practice.” The paper itself is generally right, but somehow that “unworkable” phrase has transformed into the belief that what Comey is proposing is genuinely impossible, incompatible with even the most basic forms of security on the web.

The misunderstanding is so deep that when cryptographer David Chaum came out with his preferred solution last week — a so-called “backdoor with nine different padlocks on it” — it was heralded from some corners as a genuine technical breakthrough. All those techies said it couldn’t be done!

But retaining all that data isn’t technically impossible; it just opens up a huge and unnecessary security hole. It means services can’t delete anything, and whatever database holds those records is going to become target number one for attackers. Whatever system you put in place to protect that database better be absolutely flawless because it will be the first system they try to break. Security is hard enough without painting a target on your back.

(Since I keep bringing up Gmail as an example of warrant-friendly crypto, it’s worth remembering that this is exactly how the NSA attacked it, breaking into Google’s private network to pull bulk email in unencrypted form. China probably gave it a shot, too!)

SOMETIMES THE GOVERNMENT IMPLEMENTS HORRIBLE AND DESTRUCTIVE POLICIES, AND EVERYONE JUST HAS TO DEAL WITH IT
Having said that, it’s all entirely possible. It would be a huge, sustained headache for anyone in the information protection business, but no more intrusive than, say, emission regulations for cars. It would make it impossible to implement specific systems like end-to-end encryption and most forms of forward secrecy, but complementary tools like domain awareness would be relatively unaffected. It would also put US-based software at a long-term disadvantage, just like export restrictions on key length did in the ’90s. The effect would certainly be weaker security and more breaches. But not only is all that possible, it’s completely in line with US tech policy of the past 20 years. Sometimes the government implements horrible and destructive policies, and everyone just has to deal with it. That’s why this whole conversation is so important.

Which brings us to lie #4…

It’s about encryption

Of course, we’re all calling it “the encryption debate” (including me, in the title of this very post), so this one’s on all of us. The name is useful for privacy groups too because it forces feds to come out as “against encryption,” which sounds really silly to anyone who isn’t employed by the federal government.

But really the argument we’re having has nothing to do with encryption. It’s all about access.

The FBI is perfectly happy with encryption as long as all it’s doing is protecting your credit card number and making sure no one other than Google can see your email. What they don’t like is when encryption is used to lock them out — or worse, when the data they want isn’t retained at all. Put very simply, they don’t want you to be able to have a conversation on the internet that they can’t somehow monitor, given the right legal authorities. As long as you aren’t using encryption to do that, you’re just fine in the feds’ eyes. On the other side, the feds’ biggest target is protocols like Signal that don’t keep metadata logs at all.

It’s a little tricky because, as we learned in 2013, the NSA is also attacking the fundamentals of cryptography, planting vulnerabilities in random number generators to be exploited later on. But that’s a necessarily secret campaign, and it’s hard to imagine warrants ever fitting into it. What the FBI and Congress want is different, and making it happen will be less a matter of espionage than political clout.

Regulating tech companies will help us stop terrorist plots

This is the most powerful lie, the one we heard after Paris and again after San Bernardino. If only we could have found out where the terrorists were talking and listened in, the whole tragedy could have been averted. What if digging up a few crucial iMessages could have saved dozens of lives?

The problem is, there’s no evidence that that’s true. Hindsight investigations have found lots of tragically dropped leads in the run-up to recent attacks, but they’ve mostly been either available information that was ignored or pre-existing flags within the intelligence system. Both the Paris and San Bernardino plots seem to have been hatched in person, leaving as little online footprint as possible.

THERE’S LITTLE EVIDENCE OF ISIS PLANNING ATTACKS FROM US-OWNED TECH PLATFORMS
Even beyond specific attacks, there’s little evidence of ISIS and other terror groups planning attacks from US-owned tech platforms. The one private chat tool we know ISIS affiliates are using, Telegram, is based in Germany. Cracking open those channels. would be significantly more complicated than passing a US law.

That doesn’t mean that putting a backdoor in iMessage wouldn’t help catch criminals — but they wouldn’t be terrorists. Based on the cases we’ve already seen, they’re most likely to be drug dealers, trade-secret thieves, or generals cheating on their wives. In short, people who don’t expect anyone to come looking for them. Maybe you think it’s worth mandating server access to solve those cases. It’s a worthwhile conversation to have. But instead, we’re talking about terrorism and then proposing systems that would be used on run-of-the-mill domestic felonies.

* * * * *
What would the conversation look like without these ideas? It’s hard to say. It would be less confused, and probably a lot less friendly to government interests, but I genuinely don’t know how the public would respond to the real ideas involved. Until they’ve heard them, it’s impossible to know.

There are real problems at the heart of this debate, fundamental questions of liberty and security and how technological progress can change that balance. There are questions about the deep state and how institutions like the FBI or NSA can be held accountable to the people they nominally serve. We have to come up with some sort of answer for these questions, and to do that, we need to be able to talk about what’s actually at stake. So far, we haven’t been able to.

Tags: , , ,

pp1

200 Cyber Activists Urge World Leaders to Reject Encryption ‘Back Doors’

January 11, 2016

Nearly 200 Internet and digital rights experts, companies and organizations are collectively calling on the Obama administration and other world leaders to oppose any efforts to create “back doors” to encryption.

“We urge you to protect the security of your citizens, your economy, and your government by supporting the development and use of secure communications tools and technologies, rejecting policies that would prevent or undermine the use of strong encryption, and urging other leaders to do the same,” they said in an open letter made public on Monday.

“Encryption tools, technologies, and services are essential to protect against harm and to shield our digital infrastructure and personal communications from unauthorized access.”

The letter was organized by Access Now, a digital rights group with offices in the U.S. and several other countries. Signees are from more than 40 countries and include: former CIA analyst John Kiriakou; David Kaye, U.N. Special Rapporteur for Freedom of Opinion and Expression; Iceland parliament member Birgitta Jónsdóttir; the American Civil Liberties Union; Amnesty International; and Human Rights Watch.

Nathan White, senior legislative manager at Access Now, said a copy of the letter has been delivered to Obama administration officials. While White House officials have said they are not seeking a “back door” to encrypted communications, they haven’t issued a clear policy supporting strong encryption, White said. That has led other government agencies and foreign governments — the U.K., for instance — to feel free to press ahead with legislation that would weaken encryption, he said.

“The White House needs to clarify what its policy is, because right now the lack of a policy is indicating others are able to take the lead,” White said.

On Friday, top administration security officials met with the leaders of major tech companies including Apple, Google and Facebook to discuss ways to prevent terrorists from using encryption, social media and other technologies to communicate.

“Given the way that technology works these days, there surely are ways that we can disrupt paths to radicalization, to identify recruitment patterns, and to provide metrics that allow us to measure the success of our counter-radicalization efforts,” White House press secretary Josh Earnest said ahead of the meeting

Tags: , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more
privacy-coins-and-bitcoin-dominance-guide
9 Important Privacy Settings for Windows 10
June 3, 2019

Matt Powell On Jun 3, 2019 At first glance, the Digital Age may seem like a wonderful thing. And ...

Read more
apple
Apple exec dismisses Google CEO’s criticism over turning privacy into a ‘luxury good’
May 29, 2019

By Jacob Kastrenakes@jake_k May 27, 2019, 12:18pm EDT Apple’s software chief, Craig Federigh...

Read more