Skip to main content

Home/ Open Web/ Group items tagged incorporation

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Gary Edwards

Where should you incorporate your LLC? | VentureBeat - 0 views

venturebeat.com/...hould-you-incorporate-your-llc

corporate-governance incorporation entrepreneurship start-up-advice

shared by Gary Edwards on 16 Jul 11 - No Cached
  • Gary Edwards on 16 Jul 11
     
     What is the best state to incorporate an LLC?  I have a plan for a website in which the only source of revenue will be from ads, so the revenue stream won't be coming from a particular state. I've heard Nevada, based on their tax laws, is the best state in terms of starting a small business. Although Nevada does not levy personal, business or corporate income taxes, that doesn't automatically make it the right choice. When deciding which state to incorporate in, there are a number of things you should look at. Included among those are: State Laws regarding corporate governance......... .... Corporate costs of doing business .......... ...... Cost of doing business as a foreign company ..... .......... Creditors rights laws ........... ............ True relationship between your company and the state ... .............. Tax issues ...............
Gary Edwards

OpenGoo: Office Productivity in the Cloud « Ahlera | Words from Ahlera - 0 views

www.ahlera.com/opengoo

office20 web-office cloud-office browser-productivity opengoo feng-office conrado-vina

shared by Gary Edwards on 01 Jul 09 - Cached
  • Gary Edwards on 01 Jul 09
     
    Another great review for Conrado. Summary: OpenGoo is an open source web/Cloud office where all resources and aspects of contact and project management are linked. This includes eMail, calendar, task, schedules, time lines, notes, documents, workgroups and data. Great stuff. OpenGoo and hosted sister Feng Office are the first Web Office systems to challenge the entire Microsoft Office productivity environment. Very polished, great performance. Excellent use of URI's to replace Win32-OLE functionality. Lacks direct collaboration of Zoho and gDOCS. Could easily make up for that and more with the incorporation of Wave computing (Google). I'm wondering when Conrado will take on the vertical market categories; like Real Estate - Finance? I also think OpenGoo and Feng Office have reached the point where governments would be interested. Instead of replacing existing MSOffice desktops, migrate the project/contact management stuff to OpenGoo, and shut down the upgrade treadmill. Get into the Cloud. I suspect also that Conrado is looking carefully at Wave Computing, and the chellenge of incorporating Wave into OpenGoo.
Gary Edwards

Nebula Builds a Cloud Computer for the Masses - Businessweek - 0 views

www.businessweek.com/...-cloud-computer-for-the-masses

Cloud-Computing Cloud-Productivity-Platform Chris-Kemp OpenStack

shared by Gary Edwards on 02 Apr 13 - No Cached
  • Gary Edwards on 02 Apr 13
     
    Fascinating story about Chris Kemp of OpenStack fame, and his recent effort to commoditize Cloud Computing hardware/software systems - Nebula excerpt: "Though it doesn't look like much, (about the size of a four-inch-tall pizza box) Nebula One is the product of dozens of engineers working for two years in secrecyin Mountain View, Calif. It has attracted the attention of some of Silicon Valley's top investors. The three billionaires who made the first investment in Google-Andy Bechtolsheim, David Cheriton, and Ram Shriram-joined forces again to back Nebula One, betting that its technology will invite a dramatic shift in corporate computing that outflanks the titans of the industry. "This is an example of where traditional technology companies have failed the market," says Bechtolsheim, a co-founder of Sun Microsystems (ORCL) and famed hardware engineer. Kleiner Perkins Caufield & Byers, Comcast Ventures, and Highland Capital Partners have also backed Kemp's startup, itself called Nebula, which has raised more than $30 million. The origins of Nebula One go back to Kemp's days at NASA, which he joined in 2006 as director of strategic business development. In 2007, he became a chief information officer, making him, at 29, the youngest senior executive in the U.S. government. In 2010, he became NASA's chief technology officer. Kemp spent much his time at NASA developing more efficient data centers for the agency's various computing efforts. He and a team of engineers built the early parts of what is now known as OpenStack, software that makes it possible to control an entire data center as one computer. To see if other companies could take the idea further, Kemp made the software open source. Big players such as AT&T (T), Hewlett-Packard, IBM, and Rackspace Hosting (RAX) have since incorporated OpenStack into the cloud computing services they sell customers. Kemp had an additional idea: He wanted to use OpenStack as a way to give every company its
Paul Merrell

WhatsApp Encryption Said to Stymie Wiretap Order - The New York Times - 0 views

www.nytimes.com/...d-to-stymie-wiretap-order.html

surveillance state encryption WhatsApp wiretapping

shared by Paul Merrell on 16 Mar 16 - No Cached
  • While the Justice Department wages a public fight with Apple over access to a locked iPhone, government officials are privately debating how to resolve a prolonged standoff with another technology company, WhatsApp, over access to its popular instant messaging application, officials and others involved in the case said. No decision has been made, but a court fight with WhatsApp, the world’s largest mobile messaging service, would open a new front in the Obama administration’s dispute with Silicon Valley over encryption, security and privacy.WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge’s wiretap order.
  • As recently as this past week, officials said, the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp’s encryption.The Justice Department and WhatsApp declined to comment. The government officials and others who discussed the dispute did so on condition of anonymity because the wiretap order and all the information associated with it were under seal. The nature of the case was not clear, except that officials said it was not a terrorism investigation. The location of the investigation was also unclear.
  • To understand the battle lines, consider this imperfect analogy from the predigital world: If the Apple dispute is akin to whether the F.B.I. can unlock your front door and search your house, the issue with WhatsApp is whether it can listen to your phone calls. In the era of encryption, neither question has a clear answer.Some investigators view the WhatsApp issue as even more significant than the one over locked phones because it goes to the heart of the future of wiretapping. They say the Justice Department should ask a judge to force WhatsApp to help the government get information that has been encrypted. Others are reluctant to escalate the dispute, particularly with senators saying they will soon introduce legislation to help the government get data in a format it can read.
Gary Edwards

Productivity on Cloud - 0 views

www.crn.in/d-Special-Focus-015Nov009.aspx

cloud-computing cloud-productivity

shared by Gary Edwards on 28 Nov 09 - Cached
  • Gary Edwards on 28 Nov 09
     
    Office suites are now taking the cloud route and offering advanced services, luring partners with smart gain  By Varun Aggarwal While all applications are moving to the cloud, there is no reason why the ubiquitous office productivity suites like MS Office or OpenOffice should stick to the desktop. Providing customers with a key set of capabilities, and a browser to aid easy access makes complete sense. Take for instance a student working on a class paper. Writing in a Web browser might aid in sharing and incorporating constructive changes, but it is a cumbersome experience as compared to using Office on his PC. But by using productivity suite online, he gets best of both worlds.  
Paul Merrell

Rich Web Client Activity Statement - 0 views

www.w3.org/Activity.html

W3C CDF

shared by Paul Merrell on 11 Nov 09 - Cached
  • The CDF Working Group remains in hibernation pending an updated implementation report. No significant Team resources are be dedicated to this Working Group, other than coordination with implementers as progress is made. Since there is currently good progress on implementation, the expectation is that these specifications will proceed to Recommendation status, and the CDF WG will be closed.
  • Paul Merrell on 11 Nov 09
     
    My initial impression is that this is not good news, that this is a further sign of W3C abandonment of XHTML. The announcement that the WG will be closed by implication means that all CDF WG projects are coming to a standstill. The CDF WICD profiles currently have no profiles developed for spreadsheets and presentations albeit feature-rich enough to serve for web display of presentations. WICD profiles are at version. 2.0, with each 2.0 profile a superset of the 1.0 profiles. They are feature-lean in comparison to desktop word processors. The Compoound Document by Incorporation Framework  is an even more immature document, not nearly ready for prime time. All of which suggests that the Compound Document by Reference Framework itself may be the only WG work product with a shot at survival. HTML 5 and browser quirks mode wins; the world loses. Blech!
Paul Merrell

Apple's New Challenge: Learning How the U.S. Cracked Its iPhone - The New York Times - 0 views

www.nytimes.com/...the-us-cracked-its-iphone.html

surveillance state Apple FBI San-Bernadino iPhone security

shared by Paul Merrell on 31 Mar 16 - No Cached
  • Now that the United States government has cracked open an iPhone that belonged to a gunman in the San Bernardino, Calif., mass shooting without Apple’s help, the tech company is under pressure to find and fix the flaw.But unlike other cases where security vulnerabilities have cropped up, Apple may face a higher set of hurdles in ferreting out and repairing the particular iPhone hole that the government hacked.The challenges start with the lack of information about the method that the law enforcement authorities, with the aid of a third party, used to break into the iPhone of Syed Rizwan Farook, an attacker in the San Bernardino rampage last year. Federal officials have refused to identify the person, or organization, who helped crack the device, and have declined to specify the procedure used to open the iPhone. Apple also cannot obtain the device to reverse-engineer the problem, the way it would in other hacking situations.
  • Paul Merrell on 31 Mar 16
     
    It would make a very interesting Freedom of Information Act case if Apple sued under that Act to force disclosure of the security hole iPhone product defect the FBI exploited. I know of no interpretation of the law enforcement FOIA exemption that would justify FBI disclosure of the information. It might be alleged that the information is the trade secret of the company that disclosed the defect and exploit to the the FBI, but there's a very strong argument that the fact that the information was shared with the FBI waived the trade secrecy claim. And the notion that government is entitled to collect product security defects and exploit them without informing the exploited product's company of the specific defect is extremely weak.  Were I Tim Cook, I would have already told my lawyers to get cracking on filing the FOIA request with the FBI to get the legal ball rolling. 
Paul Merrell

Surveillance scandal rips through hacker community | Security & Privacy - CNET News - 0 views

news.cnet.com/...-rips-through-hacker-community

surveillance state NSA NSA-blowback cloud computing mobile devices privacy

shared by Paul Merrell on 06 Aug 13 - No Cached
  • One security start-up that had an encounter with the FBI was Wickr, a privacy-forward text messaging app for the iPhone with an Android version in private beta. Wickr's co-founder Nico Sell told CNET at Defcon, "Wickr has been approached by the FBI and asked for a backdoor. We said, 'No.'" The mistrust runs deep. "Even if [the NSA] stood up tomorrow and said that [they] have eliminated these programs," said Marlinspike, "How could we believe them? How can we believe that anything they say is true?" Where does security innovation go next? The immediate future of information security innovation most likely lies in software that provides an existing service but with heightened privacy protections, such as webmail that doesn't mine you for personal data.
  • Wickr's Sell thinks that her company has hit upon a privacy innovation that a few others are also doing, but many will soon follow: the company itself doesn't store user data. "[The FBI] would have to force us to build a new app. With the current app there's no way," she said, that they could incorporate backdoor access to Wickr users' texts or metadata. "Even if you trust the NSA 100 percent that they're going to use [your data] correctly," Sell said, "Do you trust that they're going to be able to keep it safe from hackers? What if somebody gets that database and posts it online?" To that end, she said, people will start seeing privacy innovation for services that don't currently provide it. Calling it "social networks 2.0," she said that social network competitors will arise that do a better job of protecting their customer's privacy and predicted that some that succeed will do so because of their emphasis on privacy. Abine's recent MaskMe browser add-on and mobile app for creating disposable e-mail addresses, phone numbers, and credit cards is another example of a service that doesn't have access to its own users' data.
  • Stamos predicted changes in services that companies with cloud storage offer, including offering customers the ability to store their data outside of the U.S. "If they want to stay competitive, they're going to have to," he said. But, he cautioned, "It's impossible to do a cloud-based ad supported service." Soghoian added, "The only way to keep a service running is to pay them money." This, he said, is going to give rise to a new wave of ad-free, privacy protective subscription services.
  • ...2 more annotations...
  • The issue with balancing privacy and surveillance is that the wireless carriers are not interested in privacy, he said. "They've been providing wiretapping for 100 years. Apple may in the next year protect voice calls," he said, and said that the best hope for ending widespread government surveillance will be the makers of mobile operating systems like Apple and Google. Not all upcoming security innovation will be focused on that kind of privacy protection. Security researcher Brandon Wiley showed off at Defcon a protocol he calls Dust that can obfuscate different kinds of network traffic, with the end goal of preventing censorship. "I only make products about letting you say what you want to say anywhere in the world," such as content critical of governments, he said. Encryption can hide the specifics of the traffic, but some governments have figured out that they can simply block all encrypted traffic, he said. The Dust protocol would change that, he said, making it hard to tell the difference between encrypted and unencrypted traffic. It's hard to build encryption into pre-existing products, Wiley said. "I think people are going to make easy-to-use, encrypted apps, and that's going to be the future."
  • Companies could face severe consequences from their security experts, said Stamos, if the in-house experts find out that they've been lied to about providing government access to customer data. You could see "lots of resignations and maybe publicly," he said. "It wouldn't hurt their reputations to go out in a blaze of glory." Perhaps not surprisingly, Marlinspike sounded a hopeful call for non-destructive activism on Defcon's 21st anniversary. "As hackers, we don't have a lot of influence on policy. I hope that's something that we can focus our energy on," he said.
  • Paul Merrell on 06 Aug 13
     
    NSA as the cause of the next major disruption in the social networking service industry?  Grief ahead for Google? Note the point made that: "It's impossible to do a cloud-based ad supported service" where the encryption/decryption takes place on the client side. 
Paul Merrell

This project aims to make '404 not found' pages a thing of the past - 0 views

www.dailydot.com/...404-no-more-project

HTML mset-attribute link rot

shared by Paul Merrell on 23 Apr 14 - No Cached
  • The Internet is always changing. Sites are rising and falling, content is deleted, and bad URLs can lead to '404 Not Found' errors that are as helpful as a brick wall. A new project proposes an do away with dead 404 errors by implementing new HTML code that will help access prior versions of hyperlinked content. With any luck, that means that you’ll never have to run into a dead link again. The “404-No-More” project is backed by a formidable coalition including members from organizations like the Harvard Library Innovation Lab, Los Alamos National Laboratory, Old Dominion University, and the Berkman Center for Internet & Society. Part of the Knight News Challenge, which seeks to strengthen the Internet for free expression and innovation through a variety of initiatives, 404-No-More recently reached the semifinal stage. The project aims to cure so-called link rot, the process by which hyperlinks become useless overtime because they point to addresses that are no longer available. If implemented, websites such as Wikipedia and other reference documents would be vastly improved. The new feature would also give Web authors a way provide links that contain both archived copies of content and specific dates of reference, the sort of information that diligent readers have to hunt down on a website like Archive.org.
  • While it may sound trivial, link rot can actually have real ramifications. Nearly 50 percent of the hyperlinks in Supreme Court decisions no longer work, a 2013 study revealed. Losing footnotes and citations in landmark legal decisions can mean losing crucial information and context about the laws that govern us. The same study found that 70 percent of URLs within the Harvard Law Review and similar journals didn’t link to the originally cited information, considered a serious loss surrounding the discussion of our laws. The project’s proponents have come up with more potential uses as well. Activists fighting censorship will have an easier time combatting government takedowns, for instance. Journalists will be much more capable of researching dynamic Web pages. “If every hyperlink was annotated with a publication date, you could automatically view an archived version of the content as the author intended for you to see it,” the project’s authors explain. The ephemeral nature of the Web could no longer be used as a weapon. Roger Macdonald, a director at the Internet Archive, called the 404-No-More project “an important contribution to preservation of knowledge.”
  • The new feature would come in the form of introducing the mset attribute to the <a> element in HTML, which would allow users of the code to specify multiple dates and copies of content as an external resource. For instance, if both the date of reference and the location of a copy of targeted content is known by an author, the new code would like like this: The 404-No-More project’s goals are numerous, but the ultimate goal is to have mset become a new HTML standard for hyperlinks. “An HTML standard that incorporates archives for hyperlinks will loop in these efforts and make the Web better for everyone,” project leaders wrote, “activists, journalists, and regular ol’ everyday web users.”
Paul Merrell

Hackers Prove Fingerprints Are Not Secure, Now What? | nsnbc international - 0 views

nsnbc.me/...prints-are-not-secure-now-what

surveillance state OPM-computer-breach fingerprints iPhone Galaxy Android

shared by Paul Merrell on 24 Sep 15 - No Cached
  • The Office of Personnel Management (OPM) recently revealed that an estimated 5.6 million government employees were affected by the hack; and not 1.1 million as previously assumed.
  • Samuel Schumach, spokesman for the OPM, said: “As part of the government’s ongoing work to notify individuals affected by the theft of background investigation records, the Office of Personnel Management and the Department of Defense have been analyzing impacted data to verify its quality and completeness. Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million.” This endeavor expended the use of the Department of Defense (DoD), the Department of Homeland Security (DHS), the National Security Agency (NSA), and the Pentagon. Schumer added that “if, in the future, new means are developed to misuse the fingerprint data, the government will provide additional information to individuals whose fingerprints may have been stolen in this breach.” However, we do not need to wait for the future for fingerprint data to be misused and coveted by hackers.
  • Look no further than the security flaws in Samsung’s new Galaxy 5 smartphone as was demonstrated by researchers at Security Research Labs (SRL) showing how fingerprints, iris scans and other biometric identifiers could be fabricated and yet authenticated by the Apple Touch ID fingerprints scanner. The shocking part of this demonstration is that this hack was achieved less than 2 days after the technology was released to the public by Apple. Ben Schlabs, researcher for SRL explained: “We expected we’d be able to spoof the S5’s Finger Scanner, but I hoped it would at least be a challenge. The S5 Finger Scanner feature offers nothing new except—because of the way it is implemented in this Android device—slightly higher risk than that already posed by previous devices.” Schlabs and other researchers discovered that “the S5 has no mechanism requiring a password when encountering a large number of incorrect finger swipes.” By rebotting the smartphone, Schlabs could force “the handset to accept an unlimited number of incorrect swipes without requiring users to enter a password [and] the S5 fingerprint authenticator [could] be associated with sensitive banking or payment apps such as PayPal.”
  • ...1 more annotation...
  • Schlab said: “Perhaps most concerning is that Samsung does not seem to have learned from what others have done less poorly. Not only is it possible to spoof the fingerprint authentication even after the device has been turned off, but the implementation also allows for seemingly unlimited authentication attempts without ever requiring a password. Incorporation of fingerprint authentication into highly sensitive apps such as PayPal gives a would-be attacker an even greater incentive to learn the simple skill of fingerprint spoofing.” Last year Hackers from the Chaos Computer Club (CCC) proved Apple wrong when the corporation insisted that their new iPhone 5S fingerprint sensor is “a convenient and highly secure way to access your phone.” CCC stated that it is as easy as stealing a fingerprint from a drinking glass – and anyone can do it.
Paul Merrell

Google Gets Semantic - Google Blog - InformationWeek - 0 views

www.informationweek.com/...GLHOCBNWDPXQE1GHPCKH4ATMY32JVN

google acquisitions semantic Metaweb

shared by Paul Merrell on 24 Jul 10 - Cached
  • While most emerging technologies tend to happen quickly, one that has been "emerging" for a really long time is the Semantic Web. However, Google's recent acquisition of Metaweb may be the signal that the Semantic Web has finally arrived.
  • Metaweb's Freebase is definitely semantic, and the fact that Google has acquired the company could signal an increased focus on the Semantic Web within Google, something they have not always been that interested in.If Google increases the profile of Freebase, and begins incorporating more semantic technologies within their other services, it could finally offer the deep deployment that has always been missing in order for the Semantic Web to take off.
Paul Merrell

Open letter to Google: free VP8, and use it on YouTube - Free Software Foundation - 0 views

www.fsf.org/...oogle-free-on2-vp8-for-youtube

Google FSF Flash DRM VP8 open codecs

shared by Paul Merrell on 20 Feb 10 - Cached
  • Dear Google, With your purchase of On2, you now own both the world's largest video site (YouTube) and all the patents behind a new high performance video codec -- VP8. Just think what you can achieve by releasing the VP8 codec under an irrevocable royalty-free license and pushing it out to users on YouTube? You can end the web's dependence on patent-encumbered video formats and proprietary software (Flash).
  • This ability to offer a free format on YouTube, however, is only a tiny fraction of your real leverage. The real party starts when you begin to encourage users' browsers to support free formats. There are lots of ways to do this. Our favorite would be for YouTube to switch from Flash to free formats and HTML, offering users with obsolete browsers a plugin or a new browser (free software, of course). Apple has had the mettle to ditch Flash on the iPhone and the iPad -- albeit for suspect reasons and using abhorrent methods (DRM) -- and this has pushed web developers to make Flash-free alternatives of their pages. You could do the same with YouTube, for better reasons, and it would be a death-blow to Flash's dominance in web video.
  • If you care about free software and the free web (a movement and medium to which you owe your success) you must take bold action to replace Flash with free standards and free formats. Patented video codecs have already done untold harm to the web and its users, and this will continue until we stop it. Because patent-encumbered formats were costly to incorporate into browsers, a bloated, ill-suited piece of proprietary software (Flash) became the de facto standard for online video. Until we move to free formats, the threat of patent lawsuits and licensing fees hangs over every software developer, video creator, hardware maker, web site and corporation -- including you.
Paul Merrell

NEC announces video checking technology - News - PC Authority - 0 views

www.pcauthority.com.au/...video-checking-technology.aspx

video DRM Mpeg7

shared by Paul Merrell on 11 May 10 - Cached
  • NEC has announced that its video content identification technology has been incorporated in the upcoming Mpeg 7 video standard The technology creates a signature that is compared against one from the original file to determine whether the video has been altered. According to NEC this will allow the owners of the video to automatically "detect illegal copies" and "prevent illegal upload of video content" without their consent. NEC claims that each frame has its own signature, meaning that even minute changes to the file such as adding subtitles, watermarks or dogtags, and of course cutting out adverts, will alter the overall signature of the video.
Paul Merrell

NIST releases 'historic' final version of Special Publication 800-53 -- Government Comp... - 0 views

gcn.com/...se-of-800-53-rev-3-080309.aspx

NIST security government information systems

shared by Paul Merrell on 05 Aug 09 - Cached
  • The National Institute of Standards and Technology has collaborated with the military and intelligence communities to produce the first set of security controls for all government information systems, including national security systems. The controls are included in the final version of Special Publication 800-53, Revision 3 “Recommended Security Controls for Federal Information Systems and Organizations,” released Friday. NIST called the document historic. “For the first time, and as part of the ongoing initiative to develop a unified information security framework for the federal government and its contractors, NIST has included security controls in its catalog for both national security and non-national security systems,” the agency said. “The updated security control catalog incorporates best practices in information security from the United States Department of Defense, Intelligence Community and Civil agencies, to produce the most broad-based and comprehensive set of safeguards and countermeasures ever developed for information systems.”
Paul Merrell

Google waving goodbye to Gears, hello to HTML5 [Updated] | Technology | Los Angeles Times - 0 views

latimesblogs.latimes.com/...google-gears.html

Google Gears HTML 5 Chrome

shared by Paul Merrell on 02 Dec 09 - Cached
  • As Google prepares to release its first beta version of Chrome for the Mac (a developer preview has been available for months), the company is letting the sun set on its Gears project. "We are excited that much of the technology in Gears, including offline support and geolocation APIs, are being incorporated into the HTML5 spec as an open standard supported across browsers, and see that as the logical next step for developers looking to include these features in their websites," wrote a Google spokesman in an e-mail. That's great, but HTML5 isn't ready yet, and commercially available browsers don't support it.
Paul Merrell

The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle - 0 views

firstlook.org/...great-sim-heist

surveillance state NSA GCHQ SIM-card-keys mobile-devices decryption

shared by Paul Merrell on 20 Feb 15 - No Cached
  • AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data. The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania. In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”
  • With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
  • Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”
  • ...2 more annotations...
  • According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto. Additionally, the spy agency targeted unnamed cellular companies’ core networks, giving it access to “sales staff machines for customer information and network engineers machines for network maps.” GCHQ also claimed the ability to manipulate the billing servers of cell companies to “suppress” charges in an effort to conceal the spy agency’s secret actions against an individual’s phone. Most significantly, GCHQ also penetrated “authentication servers,” allowing it to decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network. A note accompanying the slide asserted that the spy agency was “very happy with the data so far and [was] working through the vast quantity of product.”
  • The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”
  • Paul Merrell on 20 Feb 15
     
    Remember all those NSA claims that no evidence of their misbehavior has emerged? That one should never take wing again. Monitoring call content without the involvement of any court? Without a warrant? Without probable cause?  Was there even any Congressional authorization?  Wiretapping unequivocally requires a judicially-approved search warrant. It's going to be very interesting to learn the government's argument for this misconduct's legality. 
Paul Merrell

NSA Director Finally Admits Encryption Is Needed to Protect Public's Privacy - 0 views

www.mintpressnews.com/...213028

surveillance state encryption NSA Comey

shared by Paul Merrell on 25 Jan 16 - No Cached
  • NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress
  • Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
  • At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.
  • ...2 more annotations...
  • Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”
  • Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
1 - 17 of 17
Showing 20 items per page