Skip to main content

Home/ Future of the Web/ Group items matching "announces" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
7More

NSA Spying Inspires ProtonMail 'End-to-End' Encrypted Email Service | NDTV Gadgets - 0 views

gadgets.ndtv.com/...encrypted-email-service-526769 surveillance state secure-email ProtonMail
shared by Paul Merrell on 20 May 14 - No Cached
  • ne new email service promising "end-to-end" encryption launched on Friday, and others are being developed while major services such as Google Gmail and Yahoo Mail have stepped up security measures.A major catalyst for email encryption were revelations about widespread online surveillance in documents leaked by Edward Snowden, the former National Security Agency contractor."A lot of people were upset with those revelations, and that coalesced into this effort," said Jason Stockman, a co-developer of ProtonMail, a new encrypted email service which launched Friday with collaboration of scientists from Harvard, the Massachusetts Institute of Technology and the European research lab CERN.Stockman said ProtonMail aims to be as user-friendly as the major commercial services, but with extra security, and with its servers located in Switzerland to make it more difficult for US law enforcement to access.
  • "Our vision is to make encryption and privacy mainstream by making it easy to use," Stockman told AFP. "There's no installation. Everything happens behind the scenes automatically."Even though email encryption using special codes or keys, a system known as PGP, has been around for two decades, "it was so complicated," and did not gain widespread adoption, Stockman said.After testing over the past few months, ProtonMail went public Friday using a "freemium" model a basic account will be free with some added features for a paid account.
  • As our users from China, Iran, Russia, and other countries around the world have shown us in the past months, ProtonMail is an important tool for freedom of speech and we are happy to finally be able to provide this to the whole world," the company said in a blog post.Google and Yahoo recently announced efforts to encrypt their email communications, but some specialists say the effort falls short."These big companies don't want to encrypt your stuff because they spy on you, too," said Bruce Schneier, a well-known cryptographer and author who is chief technology officer for CO3 Systems."Hopefully, the NSA debate is creating incentives for people to build more encryption."Stockman said that with services like Gmail, even if data is encrypted, "they have the key right next to it if you have the key and lock next to each other, so it's pretty much useless."
  • ...3 more annotations...
  • By locating in Switzerland, ProtonMail hopes to avoid the legal woes of services like Lavabit widely believed to be used by Snowden which shut down rather than hand over data to the US government, and which now faces a contempt of court order.Even if a Swiss court ordered data to be turned over, Stockman said, "we would hand over piles of encrypted data. We don't have a key. We never see the password."
  • Lavabit founder Ladar Levison meanwhile hopes to launch a new service with other developers in a coalition known as the "Dark Mail Alliance."Levison told AFP he hopes to have a new encrypted email system in testing within a few months and widely available later this year."The goal is to make it ubiquitous, so people don't have to turn it on," he said.But he added that the technical hurdles are formidable, because the more user-friendly the system becomes, "the more susceptible it is to a sophisticated attacker with fake or spoofed key information."Levison said he hopes Dark Mail will become a new open standard that can be adopted by other email services.
  • on Callas, a cryptographer who developed the PGP standard and later co-founded the secure communications firm Silent Circle, cited challenges in making a system that is both secure and ubiquitous."If you are a bank you have to have an email system that complies with banking regulations," Callas told AFP, which could allow, for example, certain emails to be subject to regulatory or court review."Many of the services on the Internet started with zero security. We want to start with a system that is totally secure and let people dial it down."The new email system would complement Silent Circle's existing secure messaging system and encrypted mobile phone, which was launched earlier this year."If we start competing for customers on the basis of maximum privacy, that's good for everybody," Callas said.
  • Paul Merrell on 20 May 14
     
    They're already so swamped that you have to reserve your user name and wait for an invite. They say they have to add servers. Web site is at https://protonmail.ch/ "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones. It's as simple as visiting our site and logging in. There are no plugins or apps to install - simply use your favorite web browser." "ProtonMail works on all devices, including desktops, laptops, tablets, and smartphones.
5More

Leaked docs show spyware used to snoop on US computers | Ars Technica - 0 views

arstechnica.com/...-used-to-snoop-on-us-computers surveillance state Gamma-Group FinFisher zero-day-exploits Vupen-Security MSOffice MSIE Acrobat
shared by Paul Merrell on 10 Aug 14 - No Cached
  • Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
  • The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists, and activist groups. The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday. The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.
  • The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones. A price list included in the trove lists a license of the software at almost $4 million. The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer "exploits." Exploits include techniques called "zero days" for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more." Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.
  • ...2 more annotations...
  • Many of Gamma's product brochures have previously been published by the Wall Street Journal and Wikileaks, but the latest trove shows how the products are getting more sophisticated. In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user's machine, and found that it could not be blocked by most antivirus software. Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker.
  • The documents also describe a "country-wide" surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target's computer. The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak. On Reddit, a user called PhineasFisher claimed responsibility for the leak. "Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents," the user wrote. The name on the @GammaGroupPR Twitter account is also "Phineas Fisher." GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company's malware was used to target activists in Bahrain. In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.
2More

Meteor: The NeXT Web - 0 views

www.meteor.com/people html
shared by Gary Edwards on 04 Sep 14 - No Cached
  • Gary Edwards on 04 Sep 14
     
    "Writing software is too hard and it takes too long. It's time for a new way to write software - especially application software, the user-facing software we use every day to talk to people and keep track of things. This new way should be radically simple. It should make it possible to build a prototype in a day or two, and a real production app in a few weeks. It should make everyday things easy, even when those everyday things involve hundreds of servers, millions of users, and integration with dozens of other systems. It should be built on collaboration, specialization, and division of labor, and it should be accessible to the maximum number of people. Today, there's a chance to create this new way - to build a new platform for cloud applications that will become as ubiquitous as previous platforms such as Unix, HTTP, and the relational database. It is not a small project. There are many big problems to tackle, such as: How do we transition the web from a "dumb terminal" model that is based on serving HTML, to a client/server model that is based on exchanging data? How do we design software to run in a radically distributed environment, where even everyday database apps are spread over multiple data centers and hundreds of intelligent client devices, and must integrate with other software at dozens of other organizations? How do we prepare for a world where most web APIs will be push-based (realtime), rather than polling-driven? In the face of escalating complexity, how can we simplify software engineering so that more people can do it? How will software developers collaborate and share components in this new world? Meteor is our audacious attempt to solve all of these big problems, at least for a certain large class of everyday applications. We think that success will come from hard work, respect for history and "classically beautiful" engineering patterns, and a philosophy of generally open and collaborative development. " .............. "It is not a
  • Paul Merrell on 05 Sep 14
     
    "How do we transition the web from a "dumb terminal" model that is based on serving HTML, to a client/server model that is based on exchanging data?" From a litigation aspect, the best bet I know of is antitrust litigation against the W3C and the WHATWG Working Group for implementing a non-interoperable specification. See e.g., Commission v. Microsoft, No. T-167/08, European Community Court of First Instance (Grand Chamber Judgment of 17 September, 2007), para. 230, 374, 421, http://preview.tinyurl.com/chsdb4w (rejecting Microsoft's argument that "interoperability" has a 1-way rather than 2-way meaning; information technology specifications must be disclosed with sufficient specificity to place competitors on an "equal footing" in regard to interoperability; "the 12th recital to Directive 91/250 defines interoperability as 'the ability to exchange information and mutually to use the information which has been exchanged'"). Note that the Microsoft case was prosecuted on the E.U.'s "abuse of market power" law that corresponds to the U.S. Sherman Act § 2 (monopolies). But undoubtedly the E.U. courts would apply the same standard to "agreements among undertakings" in restraint of trade, counterpart to the Sherman Act's § 1 (conspiracies in restraint of trade), the branch that applies to development of voluntary standards by competitors. But better to innovate and obsolete HTML, I think. DG Competition and the DoJ won't prosecute such cases soon. For example, Obama ran for office promising to "reinvigorate antitrust enforcement" but his DoJ has yet to file its first antitrust case against a big company. Nb., virtually the same definition of interoperability announced by the Court of First Instance is provided by ISO/IEC JTC-1 Directives, annex I ("eye"), which is applicable to all international standards in the IT sector: "... interoperability is understood to be the ability of two or more IT systems to exchange information at one or more standardised interfaces
2More

Beginners in Open Source announced, call for writers | Opensource.com | [Feb 6] - 0 views

opensource.com/...beginners-open-source open source beginners call for writer contribute write deadline February 6 February 6
shared by Gonzalo San Gil, PhD. on 19 Jan 15 - No Cached
  • Gonzalo San Gil, PhD. on 19 Jan 15
     
    "If you've been watching from the sidelines and finally want to get into an open source project, this series is the place to start. Or, maybe you know someone who"
  • Gonzalo San Gil, PhD. on 19 Jan 15
     
    "If you've been watching from the sidelines and finally want to get into an open source project, this series is the place to start. Or, maybe you know someone who"
8More

Obama to propose legislation to protect firms that share cyberthreat data - The Washing... - 0 views

www.washingtonpost.com/...4-bcfb-059ec7a93ddc_story.html surveillance state U.S. digital-privacy legislation
shared by Paul Merrell on 19 Jan 15 - No Cached
  • President Obama plans to announce legislation Tuesday that would shield companies from lawsuits for sharing computer threat data with the government in an effort to prevent cyber­attacks. On the heels of a destructive attack at Sony Pictures Entertainment and major breaches at JPMorgan Chase and retail chains, Obama is intent on capitalizing on the heightened sense of urgency to improve the security of the nation’s networks, officials said. “He’s been doing everything he can within his executive authority to move the ball on this,” said a senior administration official who spoke on the condition of anonymity to discuss legislation that has not yet been released. “We’ve got to get something in place that allows both industry and government to work more closely together.”
  • The legislation is part of a broader package, to be sent to Capitol Hill on Tuesday, that includes measures to help protect consumers and students against ­cyberattacks and to give law enforcement greater authority to combat cybercrime. The provision’s goal is to “enshrine in law liability protection for the private sector for them to share specific information — cyberthreat indicators — with the government,” the official said. Some analysts questioned the need for such legislation, saying there are adequate measures in place to enable sharing between companies and the government and among companies.
  • “We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a privacy group. “More companies need to use it, but the idea of broad legal immunity isn’t needed right now.” The administration official disagreed. The lack of such immunity is what prevents many companies from greater sharing of data with the government, the official said. “We have heard that time and time again,” the official said. The proposal, which builds on a 2011 administration bill, grants liability protection to companies that provide indicators of cyberattacks and threats to the Department of Homeland Security.
  • ...5 more annotations...
  • But in a provision likely to raise concerns from privacy advocates, the administration wants to require DHS to share that information “in as near real time as possible” with other government agencies that have a cybersecurity mission, the official said. Those include the National Security Agency, the Pentagon’s ­Cyber Command, the FBI and the Secret Service. “DHS needs to take an active lead role in ensuring that unnecessary personal information is not shared with intelligence authorities,” Jaycox said. The debates over government surveillance prompted by disclosures from former NSA contractor Edward Snowden have shown that “the agencies already have a tremendous amount of unnecessary information,” he said.
  • It would reaffirm that federal racketeering law applies to cybercrimes and amends the Computer Fraud and Abuse Act by ensuring that “insignificant conduct” does not fall within the scope of the statute. A third element of the package is legislation Obama proposed Monday to help protect consumers and students against cyberattacks. The theft of personal financial information “is a direct threat to the economic security of American families, and we’ve got to stop it,” Obama said. The plan, unveiled in a speech at the Federal Trade Commission, would require companies to notify customers within 30 days after the theft of personal information is discovered. Right now, data breaches are handled under a patchwork of state laws that the president said are confusing and costly to enforce. Obama’s plan would streamline those into one clear federal standard and bolster requirements for companies to notify customers. Obama is proposing closing loopholes to make it easier to track down cybercriminals overseas who steal and sell identities. “The more we do to protect consumer information and privacy, the harder it is for hackers to damage our businesses and hurt our economy,” he said.
  • Efforts to pass information-sharing legislation have stalled in the past five years, blocked primarily by privacy concerns. The package also contains provisions that would allow prosecution for the sale of botnets or access to armies of compromised computers that can be used to spread malware, would criminalize the overseas sale of stolen U.S. credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk people or commit identity theft, and would give courts the authority to shut down botnets being used for criminal activity, such as denial-of-service attacks.
  • The administration official stressed that the legislation will require companies to remove unnecessary personal information before furnishing it to the government in order to qualify for liability protection. It also will impose limits on the use of the data for cybersecurity crimes and instances in which there is a threat of death or bodily harm, such as kidnapping, the official said. And it will require DHS and the attorney general to develop guidelines for the federal government’s use and retention of the data. It will not authorize a company to take offensive cyber-measures to defend itself, such as “hacking back” into a server or computer outside its own network to track a breach. The bill also will provide liability protection to companies that share data with private-sector-developed organizations set up specifically for that purpose. Called information sharing and analysis organizations, these groups often are set up by particular industries, such as banking, to facilitate the exchange of data and best practices.
  • In October, Obama signed an order to protect consumers from identity theft by strengthening security features in credit cards and the terminals that process them. Marc Rotenberg, executive director of the Electronic Privacy Information Center, said there is concern that a federal standard would “preempt stronger state laws” about how and when companies have to notify consumers. The Student Digital Privacy Act would ensure that data entered would be used only for educational purposes. It would prohibit companies from selling student data to third-party companies for purposes other than education. Obama also plans to introduce a Consumer Privacy Bill of Rights. And the White House will host a summit on cybersecurity and consumer protection on Feb. 13 at Stanford University.
2More

YouTube flushes Flash for future flicks * The Register - 0 views

www.theregister.co.uk/...lushes_flash_for_future_flicks HTML5 Flash Youtube
shared by Paul Merrell on 28 Jan 15 - No Cached

  • YouTube has decided it's had enough of Adobe's perenially-p0wned Flash and will therefore now default to delivering video with the HTML5 <video> tag.

    A post by the video vault's engineering and development team says the move is now possible, and sensible, because the industry has invented useful things like adaptive bitrates, encryption, new codecs and WebRTC that make the <video> usable work in the real world.

    Those additions mean HTML5 is at least as functional – or more so – than Flash, and if YouTube detects you are running Chrome, IE 11, Safari 8 and beta versions of Firefox, it'll now deliver video using <video> and flush Flash.

    YouTube's also decided to can what it calls the “'old style' of Flash embeds and our Flash API. We encourage all embedders to use the iframe API, which can intelligently use whichever technology the client supports.”

  • YouTube seems not to care a jot that its actions are inimical to Adobe, saying it's just doing what all the cool kids – Netflix, Apple, Microsoft and its competitor Vimeo – have already done. Which is not to say that Flash is dead: those who don't run the browsers above will still get YouTube delivered by whatever technology works bes tin their environment. And that will often – perhaps too often* – be Flash. ® Bootnote * Until they get p0wned, that is: Flash is so horridly buggy that Apple has just updated its plugin-blockers to foil versions of the product prior to 16.0.0.296 and 13.0.0.264.
6More

Proposed changes to US data collection fall short of NSA reformers' goals | US news | T... - 0 views

www.theguardian.com/...-data-collection-nsa-reformers surveillance state NSA-reform DNI Clapper voluntary-reforms
shared by Paul Merrell on 05 Feb 15 - No Cached
  • The US intelligence community has delivered a limited list of tweaks to how long it can hold information on ordinary citizens and hide secret trawls for data, responding to Barack Obama’s call for reform of its surveillance practices in the wake of revelations about NSA practices. Published by the office of the director of national intelligence, James Clapper, just six days before a recently announced visit to Washington by the German chancellor, Angela Merkel, the report is the culmination of a year-long effort to respond to revelations by whistleblower Edward Snowden.
  • But the report does not appear to address the role of telecommunications companies in collecting metadata and the use of encryption to prevent hacking, and privacy critics were quick to pounce on a year of promises with little reform to show. “It’s hard to see much ‘there’ there,” Senator Ron Wyden said in a statement. “When it comes to reforming intelligence programs and protecting Americans’ privacy, there is much, much more work to be done.” The outline from the intelligence community also appears to fall short of the legislative changes attempted by campaigners in Congress, focusing instead on measures to tighten internal guidelines and provide foreigners with some of the protections allowed for US citizens. These measures include:
  • Other measures outlined in the new report include steps to clarify the protection given to whistleblowers if they follow internal rules and a requirement that “any significant compliance incident involving personal information, regardless of the person’s nationality” be reported to Clapper.
  • ...3 more annotations...
  • Limiting how long personal data gathered from non-US citizens can be held to five years, so long as it is deemed not relevant to ongoing intelligence investigations. Asking Congress to provide some foreign nationals access to legal redress if their private information has been wilfully disclosed by US intelligence agencies. Limiting to three years how long the FBI can prevent disclosure of its surveillance activities using so-called national security letters, unless a special agent deems otherwise.
  • The official results of Obama’s call for surveillance reform also appear to have failed to address encryption. The FBI director, James Comey, and other officials have been highly critical of the use of encryption by tech companies such as Apple to protect their users’ information. Comey has argued that stronger encryption, baked in to some technology after the Snowden revelations, will aid criminals and terrorists and shut out law enforcement.
  • The intelligence report itself acknowledges that further reforms called for by the president, such as ending the collection of bulk data by the government, have not been implemented, possibly due to stalled legislative efforts in Congress.
4More

The Newest Reforms on SIGINT Collection Still Leave Loopholes | Just Security - 0 views

justsecurity.org/...lection-leave-plenty-loopholes surveillance state NSA-reform DNI Clapper voluntary-reforms
shared by Paul Merrell on 05 Feb 15 - No Cached
  • Director of National Intelligence James Clapper this morning released&nbsp;a report detailing new rules aimed at reforming the way signals intelligence is collected and stored by certain members of the United States Intelligence Community (IC). The long-awaited changes follow up on an order announced by President Obama one year ago that laid out the White House’s principles governing the collection of signals intelligence. That order, commonly known as PPD-28, purports to place limits on the use of data collected in bulk and to increase privacy protections related to the data collected, regardless of nationality. Accordingly, most of the changes presented as “new” by Clapper’s office &nbsp;(ODNI) stem directly from the guidance provided in PPD-28, and so aren’t truly new. And of the biggest changes outlined in the report, there are still large exceptions that appear to allow the government to escape the restrictions with relative ease. Here’s a quick rundown.
  • National security letters (NSLs). The report also states that the FBI’s gag orders related to NSLs expire three years after the opening of a full-blown investigation or three years after an investigation’s close, whichever is earlier. However, these expiration dates can be easily overridden by by an FBI Special Agent in Charge or a Deputy Assistant FBI Director who finds that the statutory standards for secrecy about the NSL continue to be satisfied (which at least one court has said isn’t a very high bar). This exception also doesn’t address concerns that NSL gag orders lack adequate due process protections, lack basic judicial oversight, and may violate the First Amendment.
  • Retention policy for non-U.S. persons. The new rules say that the IC must now delete information about “non-U.S. persons” that’s been gathered via signals intelligence after five-years. However, there is a loophole that will let spies hold onto that information indefinitely whenever the Director of National Intelligence determines (after considering the views of the ODNI’s Civil Liberties Protection Officer) that retaining information is in the interest of national security. The new rules don’t say whether the exceptions will be directed at entire groups of people or individual surveillance targets.&nbsp; Section 215 metadata. Updates to the rules concerning the use of data collected under Section 215 of the Patriot Act includes the requirement that the Foreign Intelligence Surveillance Court (rather than authorized NSA officials) must determine spies have “reasonable, articulable suspicion” prior to query Section 215 data, outside of emergency circumstances. What qualifies as an emergency for these purposes? We don’t know. Additionally, the IC is now limited to two “hops” in querying the database. This means that spies can only play two degrees of Kevin Bacon, instead of the previously allowed three degrees, with the contacts of anyone targeted under Section 215. The report doesn’t explain what would prevent the NSA (or other agency using the 215 databases) from getting around this limit by redesignating a phone number found in the first or second hop as a new “target,” thereby allowing the agency to continue the contact chain.
  • ...1 more annotation...
  • The report also details the ODNI’s and IC’s plans for the future, including: (1) Working with Congress to reauthorize bulk collection under Section 215. (2) Updating agency guidelines under Executive Order 12333 “to protect the privacy and civil liberties of U.S. persons.” (3) Producing another annual report in January 2016 on the IC’s progress in implementing signals intelligence reforms. These plans raise&nbsp;more questions than they answer. Given the considerable doubts about Section 215’s effectiveness, why is the ODNI pushing for its reauthorization? And what will the ODNI consider appropriate privacy protections under Executive Order 12333?
4More

What the Hack! 56 Suspected Hackers arrested in the UK | nsnbc international - 0 views

nsnbc.me/...ted-hackers-arrested-in-the-uk UK hackers arrests
shared by Paul Merrell on 11 Mar 15 - No Cached
  • The UK National Crime Agency arrested 56 suspected hackers, including one 23-year-old male who allegedly attempted to hack his way into the U.S.’ Department of Defense in 2014. Not attempting to minimize the potential risks of hacking but how much does cyber-crime actually cost, what are the risks and what about those who hack the data of billions of internet users per day to, allegedly, “keep all of us safe?”
  • Besides the 23-year-old who allegedly attempted to hack his way into the a U.S. Department of Defense site, the other detainees allegedly were members of the hacking collectives Lizard Squad and D33DS which are being accused of fraud, money laundering and Denial of Service and Distributed Denial of Service (DOS &amp; DDOS) attacks. &nbsp;D33DS stands accused of having stolen data of some 450,000 Yahoo users. The arrests followed the recent announcement about the so-called FREAK security vulnerability that was leaving thousands of SSL sites unprotected. The arrest of the 56 hackers in the UK was reported as the National Crime Agency’s way of “sending a clear message” to the hacker community.
  • The U.S. DoD’s cyber-security functioned, obviously. A recent article by Benjamin Dean entitled “Hard Evidence: How much is cybercrime really costing us” suggests that the money spent on cyber-security per year is disproportional to the harm that is being caused by cyber-crime. Dean, who is a&nbsp;Fellow for Internet Governance and Cyber-security at the School of International and Public Affairs at Columbia University would conclude that: There are numerous competing budgetary priorities at any one time and limited funds to spend on meeting all these needs. How much money does it make sense to invest in bolstering cybersecurity, relative to the losses? …In the hysteria created in the wake of the hacks of 2014, we risk making the wrong choice simply because we don’t know what the current sums of money are being spent on.
  • ...1 more annotation...
  • Meanwhile, NSA whitleblower Edward Snowden (think about him what you want), would reveal that the NSA and the GCHQ hacked themselves into the possession of the encryption codes of the world’s largest SIM card manufacturer Gemalto. Snowden’s revelations about the NSA’s PRISM surveillance program wouldn’t come as a surprise to those who have known about the United States’ and allies mutual spying network Echelon for decades.
2More

Official Google Blog: A first step toward more global email - 0 views

googleblog.blogspot.co.uk/...-toward-more-global-email.html email Google RFC-6530
shared by Paul Merrell on 05 Aug 14 - No Cached
  • Whether your email address is firstname.lastname@ or something more expressive like corgicrazy@, an email address says something about who you are. But from the start, email addresses have always required you to use non-accented Latin characters when signing up. Less than half of the world’s population has a mother tongue that uses the Latin alphabet. And even fewer people use only the letters A-Z. So if your name (or that of your favorite pet) contains accented characters (like “José Ramón”) or is written in another script like Chinese or Devanagari, your email address options are limited. But all that could change. In 2012, an organization called the Internet Engineering Task Force (IETF) created a new email standard that supports addresses with non-Latin and accented Latin characters (e.g. 武@メール.グーグル). In order for this standard to become a reality, every email provider and every website that asks you for your email address must adopt it. That’s obviously a tough hill to climb. The technology is there, but someone has to take the first step.
  • Today we're ready to be that someone. Starting now, Gmail (and shortly, Calendar) will recognize addresses that contain accented or non-Latin characters. This means Gmail users can send emails to, and receive emails from, people who have these characters in their email addresses. Of course, this is just a first step and there’s still a ways to go. In the future, we want to make it possible for you to use them to create Gmail accounts. Last month, we announced&nbsp;the addition of 13 new languages in Gmail. Language should never be a barrier when it comes to connecting with others and with this step forward, truly global email is now even closer to becoming a reality.
6More

How to Encrypt the Entire Web for Free - The Intercept - 0 views

firstlook.org/...-plans-encrypt-entire-web-free surveillance state encryption https let's-encrypt nsa-reform
shared by Paul Merrell on 25 Nov 14 - No Cached
  • If we’ve learned one thing from the Snowden revelations, it’s that what can be spied on will be spied on. Since the advent of what used to be known as the World Wide Web,&nbsp;it has been a relatively simple matter&nbsp;for network attackers—whether it’s&nbsp;the NSA, Chinese intelligence, your employer, your university, abusive partners, or teenage hackers on the same public WiFi as you—to spy on almost everything you do online. HTTPS, the technology that encrypts traffic between browsers and websites, fixes this problem—anyone listening in on that stream of data between you and, say, your Gmail window or bank’s web site would get nothing but useless random characters—but is woefully under-used. The ambitious new non-profit&nbsp;Let’s Encrypt aims to make the process of deploying HTTPS not only fast, simple, and free, but completely automatic. If it&nbsp;succeeds, the project will render&nbsp;vast regions of the internet invisible to prying eyes.
  • Encryption also prevents attackers from tampering with or impersonating legitimate websites. For example, the Chinese government censors specific pages on Wikipedia, the FBI impersonated The Seattle Times to get a suspect to click on a malicious link, and Verizon and AT&amp;T injected tracking tokens into mobile traffic without user consent. HTTPS goes a long way in preventing these sorts of attacks. And of course there’s the NSA, which relies on the limited adoption&nbsp;of HTTPS to continue to spy on the entire internet with impunity. If companies want to do one thing to meaningfully protect their customers from surveillance, it should be enabling encryption on their websites by default.
  • Let’s Encrypt, which was announced this week but won’t be ready to use until the second quarter of 2015, describes itself as “a free, automated, and open certificate authority (CA), run for the public’s benefit.” It’s the product of years of work from engineers at Mozilla, Cisco, Akamai, Electronic Frontier Foundation, IdenTrust, and researchers at the University of Michigan. (Disclosure: I used to work for the Electronic Frontier Foundation, and I was aware of Let’s Encrypt while it was being developed.) If&nbsp;Let’s Encrypt works as advertised,&nbsp;deploying HTTPS correctly and using all of the best practices will be one of the simplest parts of running a website. All it will take is running a command. Currently, HTTPS requires jumping through a variety of complicated&nbsp;hoops that certificate authorities insist on in order&nbsp;prove ownership of domain names. Let’s Encrypt&nbsp;automates this task in seconds, without requiring any human intervention, and at no cost.
  • ...2 more annotations...
  • The benefits of using HTTPS are obvious when you think about protecting secret information you send over the internet, like passwords and credit card numbers. It also helps&nbsp;protect&nbsp;information like&nbsp;what you search for in&nbsp;Google, what articles you read, what prescription medicine you take, and messages you send to colleagues, friends, and family from being monitored&nbsp;by hackers or authorities. But there are less obvious benefits as well. Websites that don’t use HTTPS are vulnerable to “session hijacking,” where attackers can take over your account even if they don’t know your password. When you download software without encryption, sophisticated attackers can secretly replace the download&nbsp;with malware that hacks your computer as soon as you try installing it.
  • The transition&nbsp;to&nbsp;a fully encrypted web won’t be immediate. After Let’s Encrypt is available to the public in 2015, each website will have to actually use it to switch over. And major web hosting companies also need to&nbsp;hop on board for&nbsp;their customers to be able to&nbsp;take advantage of it. If hosting companies start work now to integrate&nbsp;Let’s Encrypt into their services, they could offer HTTPS hosting by default at no extra cost to all their customers by the time it launches.
  • Paul Merrell on 25 Nov 14
     
    Don't miss the video. And if you have a web site, urge your host service to begin preparing for Let's Encrypt. (See video on why it's good for them.)
2More

China expands Internet backbone to improve speeds, reliability | ITworld - 0 views

www.itworld.com/...mprove-speeds-reliability.html internet China new-access-points
shared by Paul Merrell on 15 Jan 15 - No Cached
  • Even as China cuts access to some foreign online services, it is laying more fiber optic cables to improve its connection to global Internet networks.
  • China recently added seven new access points to the world’s Internet backbone, adding to the three points that connect through Beijing, Shanghai, and Guangzhou, the country’s Ministry of Industry and Information Technology announced on Monday. More good reads Google partners up for $60M undersea fiber link between Florida and Brazil Meet the 12 wealthiest people in social media China disrupts some websites linked to US content delivery network To expand its Internet backbone networks, China laid over 3,000 kilometers worth of fiber optic cable, and invested 2.9 billion yuan (US$477 million) in its construction. Driving the project were the country’s three state-owned telecom operators, which provide most of China’s Internet broadband.
3More

Thousands Join Legal Fight Against UK Surveillance - And You Can, Too - The Intercept - 1 views

firstlook.org/...-international-spying-campaign surveillance state GCHQ NSA privacy-litigation
shared by Paul Merrell on 21 Feb 15 - No Cached
  • Thousands of people are signing up to join an unprecedented legal campaign against the United Kingdom’s leading electronic surveillance agency. On Monday, London-based human rights group Privacy International launched an initiative enabling anyone across the world to challenge covert spying operations involving Government Communications Headquarters, or GCHQ, the National Security Agency’s British counterpart. The campaign was made possible following a historic court ruling earlier this month that deemed intelligence sharing between GCHQ and the NSA to have been unlawful because of the extreme secrecy shrouding it.
  • Consequently, members of the public now have a rare opportunity to take part in a lawsuit against the spying in the Investigatory Powers Tribunal, a special British court that handles complaints about surveillance operations conducted by law enforcement and intelligence agencies. Privacy International is allowing anyone who wants to participate to submit their name, email address and phone number through a page on its website. The group plans to use the details to lodge a case with GCHQ and the court that will seek to discover whether each participant’s emails or phone calls have been covertly obtained by the agency in violation of the privacy and freedom of expression provisions of the European Convention on Human Rights. If it is established that any of the communications have been unlawfully collected, the court could force GCHQ to delete them from its vast repositories of intercepted data.
  • By Tuesday evening, more than 10,000 people had already signed up to the campaign, a spokesman for Privacy International told The Intercept. In a statement announcing the campaign on Monday, Eric King, deputy director of Privacy International, said: “The public have a right to know if they were illegally spied on, and GCHQ must&nbsp;come clean on whose records they hold that they should never have had in the first place. “We have known for some time that the NSA and GCHQ have been engaged in mass surveillance, but never&nbsp;before could anyone explicitly find out if their phone calls, emails, or location histories were unlawfully shared&nbsp;between the U.S. and U.K. “There are few chances that people have to directly challenge the seemingly unrestrained surveillance&nbsp;state, but individuals now have a historic opportunity finally hold GCHQ accountable for their unlawful actions.”
4More

Months After Appeals Argued, NSA Cases Twist in the Wind - US News - 0 views

www.usnews.com/...ed-nsa-cases-twist-in-the-wind surveillance state NSA 215 litigation bulk-collection
shared by Paul Merrell on 15 Apr 15 - No Cached
  • Three cases that likely lay the groundwork for a major privacy battle at the U.S. Supreme Court are pending before federal appeals courts, whose judges are taking their time announcing whether they believe the dragnet collection of Americans' phone records is legal. It’s been more than five months since the American Civil Liberties Union argued against the National Security Agency program in New York, three months since legal activist Larry Klayman defended his thus far unprecedented preliminary injunction win in Washington, D.C., and two months since Idaho nurse Anna Smith’s case was heard by appeals judges in Seattle. At the district court level, judges handed down decisions about a month after oral arguments in the cases. It’s unclear what accounts for the delay. It’s possible judges are meticulously crafting opinions that are likely to receive wide coverage, or that members of the three-judge panels are clashing on the appropriate decision.
  • Attorneys involved in the cases understandably are reluctant to criticize the courts, but all express hope for speedy resolution of their fights against alleged violations of Americans’ Fourth Amendment rights.
  • Though it’s difficult to accurately predict court decisions based on oral arguments, opponents of the mass surveillance program may have reason for optimism.
  • ...1 more annotation...
  • Two executive branch review panels have found the dragnet phone program has had minimal value for catching terrorists, its stated purpose. After years of presiding over the collection and months of publicly defending it, President Barack Obama pivoted last year and asked Congress to pass legislation ending the program. A measure&nbsp;to do so failed last year.
2More

Federal Register | Request for Public Comment on Activities Under Executive Order 12333 - 0 views

www.federalregister.gov/...es-under-executive-order-12333 surveillance state PCLOB comment-request EO12333
shared by Paul Merrell on 24 Mar 15 - No Cached
  • As announced at the Privacy and Civil Liberties Oversight Board's (PCLOB) public meeting on July 23, 2014, the PCLOB is examining counterterrorism activities conducted under the Executive Order pertaining to the United States Intelligence Activities and their implications for privacy and civil liberties. As such, the PCLOB seeks public input to inform the Board's examination of activities conducted under the Executive Order.
  • Written comments may be submitted at any time prior to the closing of the comment period at 11:59 p.m. Eastern Standard Time (EST) on June 16, 2015.
5More

Bulk Collection Under Section 215 Has Ended… What's Next? | Just Security - 0 views

www.justsecurity.org/...lk-collection-ended-whats-next surveillance state NSA-reform 215 bulk-collection EO-12333
shared by Paul Merrell on 01 Dec 15 - No Cached
  • The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”
  • But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.
  • There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.
  • ...2 more annotations...
  • The US intelligence community’s broadest surveillance authorities are enshrined in Executive Order 12333, which primarily covers the interception of electronic communications overseas. The Order authorizes the collection, retention, and dissemination of “foreign intelligence” information, which includes information “relating to the capabilities, intentions or activities of foreign powers, organizations or persons.” In other words, so long as they are operating outside the US, intelligence agencies are authorized to collect information about any foreign person — and, of course, any Americans with whom they communicate. The NSA has conceded that EO 12333 is the basis of most of its surveillance. While public information about these programs is limited, a few highlights give a sense of the breadth of EO 12333 operations: The NSA gathers information about every cell phone call made to, from, and within the Bahamas, Mexico, Kenya, the Philippines, and Afghanistan, and possibly other countries. A joint US-UK program tapped into the cables connecting internal Yahoo and Google networks to gather e-mail address books and contact lists from their customers. Another US-UK collaboration collected images from video chats among Yahoo users and possibly other webcam services. The NSA collects both the content and metadata of hundreds of millions of text messages from around the world. By tapping into the cables that connect global networks, the NSA has created a database of the location of hundreds of millions of mobile phones outside the US.
  • Given its scope, EO 12333 is clearly critical to those seeking serious surveillance reform. The path to reform is, however, less clear. There is no sunset provision that requires action by Congress and creates an opportunity for exposing privacy risks. Even in the unlikely event that Congress was inclined to intervene, it would have to address questions about the extent of its constitutional authority to regulate overseas surveillance. To the best of my knowledge, there is no litigation challenging EO 12333 and the government doesn’t give notice to criminal defendants when it uses evidence derived from surveillance under the order, so the likelihood of a court ruling is slim. The Privacy and Civil Liberties Oversight Board is currently reviewing two programs under EO 12333, but it is anticipated that much of its report will be classified (although it has promised a less detailed unclassified version as well). While the short-term outlook for additional surveillance reform is challenging, from a longer-term perspective, the distinctions that our law makes between Americans and non-Americans and between domestic and foreign collection cannot stand indefinitely. If the Fourth Amendment is to meaningfully protect Americans’ privacy, the courts and Congress must come to grips with this reality.
1More

The Linux Foundation Launches First Linux-Based Civil Infrastructure Project - 0 views

www.linuxfoundation.org/...nux-based-civil-infrastructure Civil Infrastructure Project civil infrastructure projec citizens people world wefareLinux-Based The Linux Foundation launch first
shared by Gonzalo San Gil, PhD. on 05 Apr 16 - No Cached
  • Gonzalo San Gil, PhD. on 05 Apr 16
     
    "By Linux_Foundation - April 4, 2016 - 3:57pm Civil Infrastructure Platform to provide software building blocks that support reliable transportation, power, oil and gas, and health care infrastructure"
1More

Facebook's New 'Supreme Court' Could Revolutionize Online Speech - Lawfare - 0 views

www.lawfareblog.com/ld-revolutionize-online-speech censorship Facebook moderation-appeals
shared by Paul Merrell on 20 Nov 18 - No Cached
  • The Supreme Court of Facebook is about to become a reality. When Facebook CEO Mark Zuckerberg first mentioned the idea of an independent oversight body to determine the boundaries of acceptable speech on the platform—“almost like a Supreme Court,” he said—in an April 2018 interview with Vox, it sounded like an offhand musing.&nbsp; But on Nov. 15, responding to a New York Times article documenting how Facebook’s executives have dealt with the company’s scandal-ridden last few years, Zuckerberg published a blog post announcing that Facebook will “create a new way for people to appeal content decisions to an independent body, whose decisions would be transparent and binding.” Supreme Court of Facebook-like bodies will be piloted early next year in regions around the world, and the “court” proper is to be established by the end of 2019, he wrote.
4More

Facebook blasted by US and UK lawmakers - nsnbc international | nsnbc international - 0 views

nsnbc.me/...blasted-by-us-and-uk-lawmakers Facebook security Cambridge-Analytics
shared by Paul Merrell on 19 Mar 18 - No Cached
  • Lawmakers in the United States and&nbsp;the United Kingdom&nbsp;are calling on Facebook chief executive Mark Zuckerberg to explain how the names, preferences and other information from tens of millions of users ended up in the hands of&nbsp;the Cambridge Analytica data analysis firm.
  • After Facebook cited data privacy policies violations and announced that it was suspending the Cambridge Analytica data analytics firm also&nbsp;tied to the Trump campaign, new revelations have emerged.&nbsp;On Saturday, reports revealed that Cambridge Analytica, used a feature once available to Facebook app developers to collect information on some 270,000 people. In the process,&nbsp;the company, which was, at the time, handling U.S. President Donald Trump’s presidential campaign, gained access to&nbsp;data on tens of millions of their Facebook “friends” and that it wasn’t clear at all if any of these people had given explicit permission for this kind of sharing. Facebook’s Deputy General Counsel Paul Grewal said in a statement, “We will take legal action if necessary to hold them responsible and accountable for any unlawful behavior.”
  • The social media giant also added that it was continuing to investigate the claims. According to reports, Cambridge Analytica worked for the failed presidential campaign of U.S. Senator Ted Cruz and then for the presidential campaign of Donald Trump.&nbsp;Federal Election Commission records reportedly show that Trump’s campaign hired Cambridge Analytica in June 2016 and paid it more than $6.2 million. On its website, the company says that it “provided the Donald J. Trump for President campaign with the expertise and insights that helped win the White House.” Cambridge Analytica also mentions that it uses “behavioral microtargeting,” or combining analysis of people’s personalities with demographics, to predict and influence mass behavior.&nbsp; According to the company, it has data on 220 million Americans, two thirds of the U.S. population. Cambridge Analytica&nbsp;says it has worked on other campaigns in the United States and other countries, and it is funded by Robert Mercer, a prominent supporter of politically conservative groups.
  • ...1 more annotation...
  • Facebook&nbsp;stated that it suspended Cambridge Analytica and its parent group Strategic Communication Laboratories (SCL) after receiving reports that they did not delete information about Facebook users that had been inappropriately shared. For months now, both the companies have been embroiled in investigations in Washington and London but the recent demands made by lawmakers focused explicitly on Zuckerberg, who has not testified publicly on these matters in either nation.
1More

Was Destructive 'Slingshot' Malware Deployed by the Pentagon? | The American Conservative - 0 views

www.theamericanconservative.com/...lware-deployed-by-the-pentagon war & peace cyberwar malware Slingshot Kapersky
shared by Paul Merrell on 23 Mar 18 - No Cached
  • Earlier this March, cyber-security firm Kaspersky Labs released information on a newly discovered, highly advanced piece of malware dubbed&nbsp;Slingshot. The malware targeted Latvian-made Internet&nbsp;routers popular in the Middle East, Africa, and Southeast Asia. Kaspersky’s reports reveal that the malware had been active since at least 2012, and speculates that it was government-made, owing to its sophistication and its use of novel techniques rarely seen elsewhere. Those investigating the matter further have drawn the conclusion that Slingshot was developed by the U.S. government, with some reports&nbsp;quoting former officials as connecting it to the Pentagon’s JSOC special forces. For those following the cyber security and malware sphere, this is a huge revelation, putting the U.S. government in the hot seat for deploying cyber attacks that harm a much greater range of innocent users beyond their intended targets. Kaspersky’s own findings note that the code was written in English, using a driver flaw to allow the implanting of various types of spyware. Among those mentioned by Moscow-based Kaspersky was an implant named “GOLLUM,” which notably was mentioned in&nbsp;one of the leaked Edward Snowden documents. Further findings suggest that Slingshot had common code with only two other known pieces of software, both malwares, which were attributed to the NSA and CIA, respectively, by analysts. Though various U.S. agencies are all denying comment, things are clearly pointing uncomfortably in their direction.
« First ‹ Previous 181 - 200 of 218 Next ›
Showing 20 items per page