Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#snowden’

5535613157_499f6d4863_b

State Lawmakers Create Coalition To Overhaul Digital Privacy Laws

January 21, 2016

State lawmakers and the District of Columbia have put together a group of bills pushing for legislation to protect our digital privacy. The coalition of 16 states and D.C. say surveillance technology and a lack of regulation has given Big Brother too much power when it comes to monitoring online information.

“A bipartisan consensus on privacy rights is emerging, and now the states are taking collective action where Congress has been largely asleep at the switch,” ACLU executive director Anthony D. Romero wrote in a blog post about the move to truncate monitoring of online activity. “This movement is about seizing control over our lives. Everyone should be empowered to decide who has access to their personal information.”

It should come as no surprise that privacy advocates such as Edward Snowden are also in favor of an overhaul to digital privacy laws.

The majority of Americans are in favor of a change to laws allowing law enforcement to obtain online communications such as emails and images hosted in the cloud. However, the Email Communications Privacy Act (ECPA), passed in 1986, says the government can use digital materials older than 180 days. Now many lawmakers say times have changed and we need reform that reflects the current digital era.
Each newly introduced bill varies by state. Six states want to limit information gathered about students; three states want to limit “stingrays” or devices imitating cell towers and tracking a user’s location; and eight states would like to keep social media information out of the hands of hiring managers.
The American Civil Liberties Union, which coordinated the bipartisan initiative, outlined the most pressing concerns:

Personal data privacy
Cell phone location tracking
License plate readers
Employee data tracking
Various forms of student data tracking such as cell phones, laptops, and school-owned devices, as well as social media activities
The participating states include Alabama, Alaska, Connecticut, Hawaii, Illinois, Massachusetts, Michigan, Minnesota, Missouri, Nebraska, New Hampshire, New Mexico, New York, North Carolina, Virginia, and West Virginia, and D.C. Any change in the law in these states would affect 100 million Americans.

Tags: , , , ,

snow

Snowden: Democratic debate showed major shift in how I am perceived

November 9, 2015

NSA whistleblower points to ‘extraordinary change’ in attitudes as he notes that Democratic candidates for US president did not call him a traitor

Edward Snowden says he plans to attempt to vote in the 2016 election.
 Edward Snowden says he plans to attempt to vote in the 2016 election. Photograph: Alan Rusbridger for the Guardian

Edward Snowden has described the Democratic presidential debate last month as marking an “extraordinary change” in attitudes towards him.

In a lengthy interview with Sweden’s Dagens Nyheter published on Friday, Snowden said he had been encouraged by the debate between Hillary Clinton and Bernie Sanders, her main challenger for the Democratic nomination.

During the televised encounter, both candidates called for Snowden to face trial, but Sanders said he thought the NSA whistleblower had “played a very important role in educating the American people”.

That marked an important shift in the US debate over Snowden’s action, he said.

The former National Security Agency analyst said it had taken 30 years for Daniel Ellsberg, who leaked the Pentagon Papers about the Vietnam war, to shift from being described regularly as a traitor.

But not once in the debate had Snowden been referred to as a traitor.

Snowden, who is living in exile in Moscow after leaking tens of thousands of secret documents from the NSA and its sister agency in the UK, GCHQ, said: “I did see the debate live. It was actually extraordinarily encouraging. In 2013, they were calling for me to be hanged. They were using the word ‘traitor’ and things like ‘blood on your hands’.

“Nobody on the stage, as far as I know, used the word traitor now. In just two years, that’s an extraordinary change.”

In the debate, Clinton said that Snowden had violated US law and should face trial.

Sanders also suggested that he ought to be tried. “I think there should be a penalty to that,” he said. “But I think that education should be taken into consideration before the sentencing.”

Snowden, asked if he would vote, said he would definitely try, even if only as a symbolic gesture.

“I’ll send them my vote by mail. It’s not like it will count in a meaningful way because such a small portion of the votes come by mail. But that’s not the point; the point is the expression of it,” he said.

Snowden, who in the past supported the Republican Ron Paul, was asked if he would vote for Clinton or Donald Trump. He laughed, declining to comment on the grounds that it would be too inflammatory.

Tags: , , , , , , , ,

88e3788f-55d7-4420-adbb-3fde78baefb7-1020x612

Could a simple mistake be how the NSA was able to crack so much encryption?

October 16, 2015

Most encryption software does the high-tech equivalent of reusing passwords, and that could be how the US national security agency decrypted communications

Edward Snowden revealed the NSA's widespread surveillance regime in 2013. Now, computer scientists might finally have uncovered how the agency was able to read encrypted communications.
 Edward Snowden revealed the NSA’s widespread surveillance regime in 2013. Now, computer scientists might finally have uncovered how the agency was able to read encrypted communications. Photograph: BBC Panorama/PA

Computer scientists J Alex Halderman and Nadia Heninger argue that a common mistake made with a regularly used encryption protocol leaves much encrypted traffic open to eavesdropping from a well-resourced and determined attacker such as the US national security agency.

The information about the NSA leaked by Edward Snowden in the summer of 2013 revealed that the NSA broke one sort of encrypted communication, virtual private networks (VPN), by intercepting connections and passing some data to the agency’s supercomputers, which would then return the key shortly after. Until now, it was not known what those supercomputers might be doing, or how they could be returning a valid key so quickly, when attacking VPN head-on should take centuries, even with the fastest computers.

The researchers say the flaw exists in the way much encryption software applies an algorithm called Diffie-Hellman key exchange, which lets two parties efficiently communicate through encrypted channels.

A form of public key cryptography, Diffie-Hellman lets users communicate by swapping “keys” and running them through an algorithm which results in a secret key that both users know, but no-one else can guess. All the future communications between the pair are then encrypted using that secret key, and would take hundreds or thousands of years to decrypt directly.

But the researchers say an attacker may not need to target it directly. Instead, the flaw lies in the exchange at the start of the process. Each person generates a public key – which they tell to their interlocutor – and a private key, which they keep secret. But they also generate a common public key, a (very) large prime number which is agreed upon at the start of the process.

Since those prime numbers are public anyway, and since it is computationally expensive to generate new ones, many encryption systems reuse them to save effort. In fact, the researchers note, one single prime is used to encrypt two-thirds of all VPNs and a quarter of SSH servers globally, two major security protocols used by a number of businesses. A second is used to encrypt “nearly 20% of the top million HTTPS websites”.

The problem is that, while there’s no need to keep the chosen prime number secret, once a given proportion of conversations are using it as the basis of their encryption, it becomes an appealing target. And it turns out that, with enough money and time, those commonly used primes can become a weak point through which encrypted communications can be attacked.

In their paper, the two researchers, along with a further 12 co-authors, describe their process: a single, extremely computationally intensive “pre-calculation” which “cracks” the chosen prime, letting them break communications encrypted using it in a matter of minutes.

How intensive? For “shorter” primes (512 bits long, about 150 decimal digits), the precalcuation takes around a week – crippling enough that, after it was disclosed with the catchy name of “Logjam”, major browsers were changed to reject shorter primes in their entirety. But even for the gold standard of the protocol, using a 1024-bit prime, a precalculation is possible, for a price.

The researchers write that “it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year”.

“Based on the evidence we have, we can’t prove for certain that NSA is doing this. However, our proposed Diffie-Hellman break fits the known technical details about their large-scale decryption capabilities better than any competing explanation.”

There are ways around the problem. Simply using a unique common prime for each connection, or even for each application, would likely reduce the reward for the year-long computation time so that it was uneconomical to do so. Similarly, switching to a newer cryptography standard (“elliptic curve cryptography”, which uses the properties of a particular type of algebraic curve instead of large prime numbers to encrypt connections) would render the attack ineffective.

But that’s unlikely to happen fast. Some occurrences of Diffie-Hellman literally hard-code the prime in, making it difficult to change overnight. As a result, “it will be many years before the problems go away, even given existing security recommendations and our new findings”.

“In the meantime, other large governments potentially can implement similar attacks, if they haven’t already.”

Tags: , , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
20190323_fbd001
Big tech faces competition and privacy concerns in Brussels
March 25, 2019

And the sector may be the better for it Print edition | Briefing Mar 23rd 2019 | PARIS Around 19 ...

Read more
telegram-3m
Telegram gets 3M new signups during Facebook apps’ outage
March 19, 2019

Natasha Lomas@riptari / 5 days ago Messaging platform Telegram claims to have had a surge in signup...

Read more
privacy-coins-and-bitcoin-dominance-guide
Apple tied to new privacy website, suggesting future security marketing
March 6, 2019

The iPhone maker, which makes privacy a selling point for its devices, appears to be gearing up for ...

Read more
images-1
US legal eagle: Well done, you bought privacy compliance tools. Doesn’t mean you comply with anything
February 25, 2019

From California state regs to Europe's GDPR: It's all just a 'veneer of protection' By Rebecca Hi...

Read more
imrs
Give To Get: Sensing, Tracking And Your Privacy
February 11, 2019

226 viewsFeb 10, 2019, 06:00pm By Tracy Brower: I write about the changing nature of work, workers ...

Read more