Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘ShazzleMail’

paris

Citing Paris Attack, CIA Director Criticizes Surveillance Reform Efforts

November 17, 2015

Citing Paris Attack, CIA Director Criticizes Surveillance Reform Efforts

CIA Director John Brennan said Monday he suspects the Islamic State is currently working on more terrorist plots against the West following Friday’s attack in Paris that killed at least 129 people and injured hundreds more. He also criticized new privacy protections enacted after Edward Snowden’s disclosures about U.S. government surveillance practices.

“I would anticipate that this is not the only operation ISIL has in the pipeline,” Brennan told a crowd at the Center for Strategic and International Studies. “It’s not going to content itself with violence inside of the Syrian and Iraqi borders.”

Brennan’s remarks come on the heels of a new Islamic State video released Monday proclaiming all countries playing a role in air strikes against the group in Iraq and Syria would be a target. The video specifically pinpointed Washington as in its crosshairs.

“We swear that we will strike America at its center in Washington,” says a man in the video, which surfaced on a site the Islamic State uses to post its messages. The authenticity of the video could not be immediately verified.

In his remarks, Brennan said the attacks should serve as a “wake-up call” for those misrepresenting what intelligence services do to protect innocent civilians. He cited “a number of unauthorized disclosures, and a lot of handwringing over the government’s role in the effort to try to uncover these terrorists.”

He added that “policy” and “legal” actions that have since been taken now “make our ability collectively, internationally, to find these terrorists much more challenging.” In June, President Barack Obama signed into law legislation reforming a government surveillance program that vacuumed up millions of Americans’ telephone records. Passage of the USA Freedom Act was the result of a compromise between privacy advocates and the intelligence community.

Brennan’s remarks immediately sparked criticisms from civil liberties advocates who have fought for greater privacy protections from government surveillance and now fear the Paris attacks could roll them back.

For months, FBI and other law enforcement officials have pressed Congress about needing to access encrypted communications of potential criminals or terrorists that are concealed by smartphones and messaging apps. Privacy advocates and technologists worry that providing authorities with exceptional access to phones would be exploited by hackers and make the Internet more vulnerable to security breaches. The advocates also believe U.S. spies already have intrusive surveillance capabilities that put too much power in the government’s hands.

In his speech, Brennan underscored the challenges facing intelligence services, given the numerous ways terrorists can hide their communications from law enforcement. “They have gone to school on what it is that they need to do to in order to keep their activities concealed from the authorities,” he said.

Brennan also said the United States had “strategic warning” about the terrorist attack in Paris, but did not provide details, other than to say it was “not a surprise.” He said he believed the attack was planned over “several months.”

During a press conference in Turkey, which is hosting the G-20 summit, Obama said “there were no specific mentions of this particular attack” the United States could have used before it was launched to prevent the violence.

Photo credit: Getty Images

Tags: , , , , , , ,

snow

Snowden: Democratic debate showed major shift in how I am perceived

November 9, 2015

NSA whistleblower points to ‘extraordinary change’ in attitudes as he notes that Democratic candidates for US president did not call him a traitor

Edward Snowden says he plans to attempt to vote in the 2016 election.
 Edward Snowden says he plans to attempt to vote in the 2016 election. Photograph: Alan Rusbridger for the Guardian

Edward Snowden has described the Democratic presidential debate last month as marking an “extraordinary change” in attitudes towards him.

In a lengthy interview with Sweden’s Dagens Nyheter published on Friday, Snowden said he had been encouraged by the debate between Hillary Clinton and Bernie Sanders, her main challenger for the Democratic nomination.

During the televised encounter, both candidates called for Snowden to face trial, but Sanders said he thought the NSA whistleblower had “played a very important role in educating the American people”.

That marked an important shift in the US debate over Snowden’s action, he said.

The former National Security Agency analyst said it had taken 30 years for Daniel Ellsberg, who leaked the Pentagon Papers about the Vietnam war, to shift from being described regularly as a traitor.

But not once in the debate had Snowden been referred to as a traitor.

Snowden, who is living in exile in Moscow after leaking tens of thousands of secret documents from the NSA and its sister agency in the UK, GCHQ, said: “I did see the debate live. It was actually extraordinarily encouraging. In 2013, they were calling for me to be hanged. They were using the word ‘traitor’ and things like ‘blood on your hands’.

“Nobody on the stage, as far as I know, used the word traitor now. In just two years, that’s an extraordinary change.”

In the debate, Clinton said that Snowden had violated US law and should face trial.

Sanders also suggested that he ought to be tried. “I think there should be a penalty to that,” he said. “But I think that education should be taken into consideration before the sentencing.”

Snowden, asked if he would vote, said he would definitely try, even if only as a symbolic gesture.

“I’ll send them my vote by mail. It’s not like it will count in a meaningful way because such a small portion of the votes come by mail. But that’s not the point; the point is the expression of it,” he said.

Snowden, who in the past supported the Republican Ron Paul, was asked if he would vote for Clinton or Donald Trump. He laughed, declining to comment on the grounds that it would be too inflammatory.

Tags: , , , , , , , ,

art1

Surveillance bill will only ban ‘strong’ encryption

November 3, 2015

The government doesn’t want to ban encryption, but it doeswant to stop companies using ‘strong’ encryption it can’t break.

The Investigatory Powers Bill, which is due to be published Wednesday, won’t stop companies protecting data and messages by encrypting them, officials have now said. However companies will have to be able to unlock them if asked by the security agencies, according to reports — which arguably amounts to more or less the same thing.

Briefing the Telegraph, officials have said they will stop companies from using end-to-end encryption, which places a higher level of protection on data and messages than regular encryption.

End-to-end encryption allows companies to encrypt messages so they can only be opened and read by the user — for example Apple can’t read the iMessages you send, only the participants in a conversation can.

Apple’s website says its services including iMessages and FaceTime, across all of its devices, use the encryption method “so unlike other companies” it doesn’t have the ability to look through customer messages and it “wouldn’t be able to comply with a wiretap order even if we wanted to”.

The potential inclusion of the measure means Apple, Google, and other companies that use end-to-end encryption will be put at loggerheads with the government.

Officials, including Prime Minister David Cameron, have argued that companies shouldn’t be allowed to encrypt data to a level where they can’t read what it says. The argument put forward byCameron is that terrorists shouldn’t be allowed any “safe space” online where their communications can’t be access by security agencies.

A general ban on encryption has been ruled out, however, as banks and financial companies transfer encrypted data. This was supported by Baroness Shields in the House of Lords who said there is “no intention” of banning encryption but companies must be able to “decrypt that information and provide it to law enforcement in extremis”. As such, the government will seek to ensure that all encrypted information is sent in a manner that can be decrypted.

A Home Office spokesman told the Telegraph that the government wants to “find a way to work with industry” to ensures that “terrorists and criminals in order to resolve police investigations and prevent criminal acts”.

“That means ensuring that companies themselves can access the content of communications on their networks when presented with a warrant, as many of them already do for their own business purposes, for example to target advertising. These companies’ reputations rest on their ability to protect their users’ data.”

Other measures that may be included in the proposed legislation include increased legal hacking powers for security services, increased data retention, and also whether politicians or judges should sign warrants to approve surveillance.

Tags: , , , ,

88e3788f-55d7-4420-adbb-3fde78baefb7-1020x612

Could a simple mistake be how the NSA was able to crack so much encryption?

October 16, 2015

Most encryption software does the high-tech equivalent of reusing passwords, and that could be how the US national security agency decrypted communications

Edward Snowden revealed the NSA's widespread surveillance regime in 2013. Now, computer scientists might finally have uncovered how the agency was able to read encrypted communications.
 Edward Snowden revealed the NSA’s widespread surveillance regime in 2013. Now, computer scientists might finally have uncovered how the agency was able to read encrypted communications. Photograph: BBC Panorama/PA

Computer scientists J Alex Halderman and Nadia Heninger argue that a common mistake made with a regularly used encryption protocol leaves much encrypted traffic open to eavesdropping from a well-resourced and determined attacker such as the US national security agency.

The information about the NSA leaked by Edward Snowden in the summer of 2013 revealed that the NSA broke one sort of encrypted communication, virtual private networks (VPN), by intercepting connections and passing some data to the agency’s supercomputers, which would then return the key shortly after. Until now, it was not known what those supercomputers might be doing, or how they could be returning a valid key so quickly, when attacking VPN head-on should take centuries, even with the fastest computers.

The researchers say the flaw exists in the way much encryption software applies an algorithm called Diffie-Hellman key exchange, which lets two parties efficiently communicate through encrypted channels.

A form of public key cryptography, Diffie-Hellman lets users communicate by swapping “keys” and running them through an algorithm which results in a secret key that both users know, but no-one else can guess. All the future communications between the pair are then encrypted using that secret key, and would take hundreds or thousands of years to decrypt directly.

But the researchers say an attacker may not need to target it directly. Instead, the flaw lies in the exchange at the start of the process. Each person generates a public key – which they tell to their interlocutor – and a private key, which they keep secret. But they also generate a common public key, a (very) large prime number which is agreed upon at the start of the process.

Since those prime numbers are public anyway, and since it is computationally expensive to generate new ones, many encryption systems reuse them to save effort. In fact, the researchers note, one single prime is used to encrypt two-thirds of all VPNs and a quarter of SSH servers globally, two major security protocols used by a number of businesses. A second is used to encrypt “nearly 20% of the top million HTTPS websites”.

The problem is that, while there’s no need to keep the chosen prime number secret, once a given proportion of conversations are using it as the basis of their encryption, it becomes an appealing target. And it turns out that, with enough money and time, those commonly used primes can become a weak point through which encrypted communications can be attacked.

In their paper, the two researchers, along with a further 12 co-authors, describe their process: a single, extremely computationally intensive “pre-calculation” which “cracks” the chosen prime, letting them break communications encrypted using it in a matter of minutes.

How intensive? For “shorter” primes (512 bits long, about 150 decimal digits), the precalcuation takes around a week – crippling enough that, after it was disclosed with the catchy name of “Logjam”, major browsers were changed to reject shorter primes in their entirety. But even for the gold standard of the protocol, using a 1024-bit prime, a precalculation is possible, for a price.

The researchers write that “it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year”.

“Based on the evidence we have, we can’t prove for certain that NSA is doing this. However, our proposed Diffie-Hellman break fits the known technical details about their large-scale decryption capabilities better than any competing explanation.”

There are ways around the problem. Simply using a unique common prime for each connection, or even for each application, would likely reduce the reward for the year-long computation time so that it was uneconomical to do so. Similarly, switching to a newer cryptography standard (“elliptic curve cryptography”, which uses the properties of a particular type of algebraic curve instead of large prime numbers to encrypt connections) would render the attack ineffective.

But that’s unlikely to happen fast. Some occurrences of Diffie-Hellman literally hard-code the prime in, making it difficult to change overnight. As a result, “it will be many years before the problems go away, even given existing security recommendations and our new findings”.

“In the meantime, other large governments potentially can implement similar attacks, if they haven’t already.”

Tags: , , , , , ,

Vote for ShazzleMail

VOTE FOR SHAZZLEMAIL

March 25, 2015

Friends,

MeetAdvisors featured us in their blog as on of the 12 great ‪#‎startups‬ to keep your eye on! We need your help to VOTE FOR ShazzleMail!!!! No registration needed, just click the link and vote for ShazzleMail.
Protect our privacy by protecting your own!!!!

Follow the link to vote: https://shazzlemail.com/?p=1489

Tags: , , , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
main-snowden
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
ph
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more