Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘security’


Ron Wyden on Trump’s agenda: ‘a wake-up call for potential abuse of power’

November 18, 2016

Ron Wyden is taking Donald Trump at his word.

Much of official Washington is wondering whether Trump will implement the agenda that won him the presidency. Some of Trump’s defenders, like tech investor Peter Thiel, contend that Trump should not be taken literally.
But the Democratic senator from Oregon shows no signs of interest in that discussion. As perhaps the Democratic party’s premier civil libertarian on Capitol Hill, his anticipation of the Trump administration starts from the perspective that the president-elect will govern as he campaigned: against Muslims, against immigrants, for torture, for surveillance. Wyden, from his perch on the intelligence committee, is preparing for a four-year battle.

“We’re going to have to make sure now that a political agenda doesn’t replace a set of constitutional priorities. That’s the heart of it,” Wyden said in an interview with the Guardian this week.
Wyden is one of the few national politicians who can plausibly claim to have fought national security abuses and championed civil liberties with equal vigor in the George W Bush and Barack Obama administrations. He is far more comfortable discussing policies or proposals than he is discussing personalities, opting to refer to Trump simply as the president-elect.

“You look at some of what the president-elect has to say and it certainly ought to be a wake-up call from the standpoint of potential abuse of power,” Wyden said.

A quote sticking in Wyden’s mind these days is one Trump issued in July after the Democratic National Committee hack, which US intelligence has blamed on Russia. Trump, discussing his political opponents, mused: “Honestly, I wish I had that power. I’d love to have that power.” By 20 January, it will no longer be hypothetical.

Barely a week after the election, Wyden conceded that it’s “probably early for strategy”, but he said he has early priorities for racking up wins, in order to provide privacy, cybersecurity and civil-liberties advocates with the momentum needed to take on the Trump administration.
One is to block a measure Wyden said is “still alive in the intelligence authorization” bill that would provide the FBI with powers to scour Americans’ browser history without court oversight. There, his approach is straightforward: “running the clock out” on the current Congress and “scour all these bills” to see it doesn’t get added to any other piece of legislation. But congressional inertia can cut against him as well.


On 1 December, an impending change to the federal rules of criminal procedure will vastly expand law enforcement’s ability to remotely hack suspect electronic devices, unbound by jurisdiction. Opponents have few options, as the change, known as Rule 41, will take effect if Congress “does what it does best – which is nothing”, Wyden said. “We understand our backs are against the wall.” He and his allies, including Democratic senator Chris Coons and GOP senator Mike Lee, are attempting to delay the change.

When Trump officially takes over, the stakes will escalate. Perhaps most urgent is Trump’s proposal to create a database of Muslims, which is “just light years away from what you can debate is constitutional”, Wyden said.

Live Trump cabinet picks: several key posts decided – politics live
Follow along for the latest news from the day in politics as Trump’s transition begins to fill key cabinet appointments
Read more
“I will use my opportunities on the intelligence committee, as a member of the Democratic caucus, the bully pulpit that I have, to drive that message from one end of the country to another. That would be unconstitutional,” Wyden said.

By the end of 2017 will come an epic fight against the intelligence agencies over surveillance. They will seek the renewal of an expiring legal provision, known as Section 702 of the Foreign Intelligence Surveillance Act, that permits a vast dragnet of data collection, to include Americans’ international communications.

“Our fight to reform 702 also got a lot more important as the result of the election,” Wyden said.

Similarly, he considers Trump’s call this year to boycott Apple over its encryption battle with the FBI indicative of antipathy to privacy-protective cybersecurity.

Wyden said he “will fight the Trump administration, and again, Democrats and Republicans in the Congress” who propose weakening encryption; telling Vice he would filibuster any such effort.

Unprompted, Wyden anticipates relitigating the years-old fight against torture, an issue prospectively settled under Obama, though anything but when it comes to addressing the CIA’s history. With Trump, “we’re going to have to deal with that again”. A first step he is planning will be attempting to ensure the committee’s landmark torture report isn’t destroyed – a very real possibility if it escapes legal limbo to return to a panel now controlled by report opponent Richard Burr of North Carolina.

Trump’s allies are signaling that a legal prohibition on CIA torture enacted in 2015 is not an immovable obstacle. On CNN this week, Pete Hoekstra, a former House intelligence committee chairman, said, “That’d be a process you’d have to work through with Congress, and you’d probably do it in secret and you probably wouldn’t do it through the public process.”

It remains to be seen if Wyden would have access to such secret decisions, even from his perch on the intelligence committee. The Trump administration could revert to a process of keeping the full committee from learning most intelligence practices. Wyden’s “very good relationship” with incoming ranking panel Democrat Mark Warner of Virginia will become critical to those efforts.

Yet Wyden might have had Warner’s perch. He was next in line to take the ranking membership with Dianne Feinstein’s departure, a move that would have strengthened Wyden’s opportunities for oversight over the intelligence agencies in the age of Trump enormously. Doing so would have meant he would have had to give up his position on the finance committee, and Wyden considered his potential loss of influence over healthcare, trade enforcement and technology policies too high a price – to the consternation of some of his allies outside government.

“In this horror show context, congressional oversight is more important than it has ever been before. We would have preferred Senator Wyden leave his chair on the finance committee and take the ranking chair on the intelligence committee. We need his experience, skepticism and diligence right now, and we need it badly,” said Human Rights Watch’s John Sifton.

Still, Sifton said, Wyden is “a vigorous and vocal defender of civil liberties and human rights and has worked, often thanklessly, to prevent abuses and overreach by CIA and other agencies in the intelligence community”.

While he has been able to forge coalitions with privacy-minded Republicans on discrete issues, Wyden has seen his stable of allies diminish in recent years. Mark Udall, who pushed for accountability on CIA torture, lost his 2014 re-election. Russ Feingold, the only senator to have voted against the Patriot Act, failed in his 2016 comeback bid. He can still count Rand Paul, the Kentucky Republican, as a partner on constraining surveillance.

Wyden acknowledged that “there was a hope we would have some more like-minded members in the Senate who would be here,” but he has vowed to “mobilize” should Trump govern as he campaigned.

“We are going to mobilize, both in the Congress and in the country, around core constitutional values: speech, privacy, the sanctity of the courts.”

Tags: , , ,


Drone-hacking cybersecurity boot camp launched in UK

November 3, 2016

Budding cyberspies will learn how to hack into drones and crack codes at a new cybersecurity boot camp backed by the government.
Matt Hancock, the minister for digital and culture, said students would gain the skills needed to “fight cyber-attacks” and help keep the UK safe.
The 10-week course has been “certified” by UK spy agency GCHQ.
But some security experts raised questions about the need for the course and the intent behind it.
“If I were a company, I would not hire security consultants who had been approved by GCHQ,” said Prof Ross Anderson, who leads the security group at Cambridge University’s Computer Laboratory.
“I would simply not be able trust them. GCHQ’s goal is that no-one should be able to shield themselves from surveillance, ever,” he told the BBC.
‘Skills gap’
The Cyber Retraining Academy will be operated by cybersecurity training firm Sans Institute. It will be funded as part of the government’s £1.9bn National Cybersecurity Strategy.
Sans Institute said “leading cybersecurity employers” would be able to track students’ performance throughout the course, with a view to recruiting talented individuals.
Would-be recruits must pass a series of competency tests to be considered for the boot camp, including a multiple-choice quiz before they can even submit an application.
The successful 50 candidates will attend the academy in London in 2017, and will receive two years of training condensed into 10 weeks.
Rik Ferguson of cybersecurity firm Trend Micro said the scheme could help people learn the skills to “hit the ground running” in a security-related role, but questioned why the scheme was needed.
“Employers often complain about the ‘cybersecurity skills gap’ – a gap that I would argue doesn’t exist,” he told the BBC.
“The problem is rather that employers are not looking beyond very narrowly specified certifications or degree courses in security-related subjects.
“If advertising a cyber-retraining programme as ‘drone hacking’ is going to get individuals with the right character and curiosity applying for this course, then it can only be a good thing.
“But obviously it takes more than 10 weeks, however intense, to create a well-rounded security professional.”

Tags: , , , ,


Ethereum to Add Zcash Privacy, Says Vitalik Buterin

October 31, 2016

The power of smart contracts may be combined with absolute privacy according to a new statement by Ethereum’s founder, Vitalik Buterin.

“[Z]ero knowledge proofs are on ethereum’s roadmap and have been for over two months.” – Buterin publicly stated yesterday, before adding in a short interview for CCN that, realistically, it would take around four months to one year for Zec like privacy to be added to ethereum.

A fully private ethereum raises the prospects of a solution to one seemingly intractable blockchain problem: how do you transact privately as far as the world is concerned, while at the same time revealing to whoever you wish the exact transactions you are undertaking. Zooko Wilcox, Zcash founder and a participant in the now famous mailing list thread discussion where Nakamoto made his first public announcement, stated during a devcon2 presentation titled Zcash + Ethereum = Love, that in the past four years or so, researchers have made a discovery that allows one to transact completely privately while, at the same time, allowing others to see their transaction if they so choose.

This discovery was not available to Nakamoto, Zooko stated, therefore he was unable to use it, but now, through mathematical advancements made by researchers currently working on Zcash, it is very much possible to not only allow validators, aka miners, to be certain a transaction is valid according to stated network rules, without knowing anything about the transaction, but to also, at the same time, allow potential employees, regulators, specific customers, or anyone else, to see, and therefore be able to verify, any undertaken transaction while prohibiting all others, in any way, from gaining any information whatever, about the exchange.

Zcash, therefore, instead of providing solely anonymity, gives us a mechanism to solve a very serious problem. That is, it allows us all to use the public blockchain by not revealing anything while, at the same time, revealing everything in a way that makes it impossible to corrupt the data, to those who need to know what must, necessarily, be revealed.

In combination with smart contracts, this technology can become very powerful, allowing for incremental improvement of our current infrastructure in a way that may profoundly increase our productivity, efficiency and well-being.

This is a sentiment echoed by Buterin who stated:

“[C]ombining blockchain tech and strong privacy may well be one of the next major frontiers in secure application development.”

Privacy Down, Scalability and Usability to Go

The only problem now left is scalability, and, of course, usability. Z-knowledge proofs, the high maths that makes all this wizardry possible, use much memory and ram. Some, therefore, suggest that for ethereum this new invention should be used at a contract/project level, rather than at the protocol level itself, some otherwise.

In addressing scalability, Buterin stated that : zero knowledge proof transactions do take longer than ordinary transactions to process, “so you won’t be seeing 15 zkp transactions per second the way we do with regular ones (though if our VM improvements are good enough you may well; hard to tell at this point).” In further indicating a preference for both approaches – incorporation at the contract and protocol level – Buterin stated that “we need some precompiles for optimization.”

Regardless of whatever coders decide, ethereum’s sharding solution, whereby certain nodes validate only some transactions, creating a complex web which amounts to, effectively, all nodes validating all transactions, goes a long way towards addressing any scalability concerns. Work, therefore, has already began towards incorporating Zec like privacy on eth’s smart contracts with the skeleton code for a project Zec on Eth launched during this summer.

Furthermore, Zooko stated in his presentation that there may be a zec relay for ethereum, indicating a close collaboration between eth and zec developers. The world may, therefore, see a potent force in the combined brain power of these two grounded men: Zooko Wilcox and Vitalik Buterin.

Tags: , , , ,


China electronics firm to recall some U.S. products after hacking attack

October 24, 2016

Chinese firm Hangzhou Xiongmai Technology Co Ltd said it will recall some of its products sold in the United States after it was identified by security researchers as having made parts for devices that were targeted in a major hacking attack on Friday.

Hackers unleashed a complex attack on the Internet through common devices like webcams and digital recorders, and cut access to some of the world’s best known websites in a stunning breach of global internet stability.

The electronics components firm, which makes parts for surveillance cameras, said in a statement on its official microblog that it would recall some of its earlier products sold in the United States, strengthen password functions and send users a patch for products made before April last year.

It said the biggest issue was users not changing default passwords, adding that, overall, its products were well protected from cyber security breaches. It said reports that its products made up the bulk of those targeted in the attack were false.

“Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too,” the company statement said.

Friday’s cyber attack alarmed security experts because it represented a new type of threat rooted in the proliferation of simple digital devices such as webcams. These often lack proper security, and hackers found a way to harness millions of them to flood a target with so much traffic that it couldn’t cope.

The main products Xiongmai is to recall are all webcam models, it said.

Tags: , , , ,


Snapchat, Skype, BBM not protecting users’ privacy, says Amnesty International

October 21, 2016

CBC News Posted: Oct 20, 2016 8:01 PM ET Last Updated: Oct 21, 2016 2:37 PM ET

More than 100 million people use Snapchat every day. Amnesty International says the service does not do enough to ensure its users’ privacy, putting its mostly young users at risk. Major messaging services like Snapchat, Skype and BlackBerry’s BBM are not taking basic steps to ensure privacy, according to Amnesty International. The organization said this failure has serious human rights repercussions since it leaves users, and particularly activists, vulnerable to spying from cybercriminals and government agencies.

“If you think instant messaging services are private, you are in for a big surprise,” Sherif Elsayed-Ali, the head of Amnesty International’s technology and human rights team, said in a news release. “Young people, the most prolific sharers of personal details and photos over apps like Snapchat, are especially at risk,” he added.
Skype does not offer encryption for its messaging at all, while Facebook Messenger does on its new ‘secret’ service. (Patrick Sison/Associated Press)

The organization conducted a privacy assessment of the most popular messaging apps in the world. Some of the other apps included in the report are Facebook’s messaging service and WhatsApp, Apple’s iMessage and Facetime, Google’s Allo, Duo and Hangouts, Tencent’s QQ and Wechat, and Telegram.

Facebook and Apple scored the highest for having the best security. China-based Tencent came in last, with Blackberry and Snapchat also bringing up the rear.
Encryption should be ‘minimum requirement’

Amnesty’s main concern with many of the services is that they do not have what’s known as end-to-end encryption set as the default.

End-to-end encryption is considered secure because only the people communicating with each other can read a message. Encryption scrambles data and therefore blocks anyone who may try to intercept or surreptitiously read a message (unless they peer over a person’s shoulder).

In some cases, like with BlackBerry, end-to-end encryption is only offered as a paid service. It’s not offered at all on Snapchat, Skype (owned by Microsoft), or on Tencent’s apps.

Amnesty says this should be considered a “minimum requirement” and not just a nice add-on for tech companies.
More than 100 million people use Snapchat every day, and two billion people use Facebook Messenger and WhatsApp.

The companies were also ranked on how transparent they are when it comes to communicating their security policies to users.

While some companies say they take security seriously, their actions say otherwise.

“Although it has a strong policy commitment towards privacy, in practice [Snapchat] does not do enough to protect its users’ privacy,” said Amnesty International.

‘Secret’ Facebook messages

Facebook scored highest because WhatsApp deploys end-to-end encryption as a default. The company also recently rolled out its new “secret” messages feature which uses end-to-end encryption. But Facebook’s Messenger, when not in “secret” mode, does not encrypt messages.

Apple also scored well because it provides encryption on iMessage and Facetime. But the Amnesty report said the company needs to do more to ensure its users know that SMS messages are less secure than iMessages, which are between two iMessage users.

Tags: , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more