Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged Brookings

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Cy Vance's Proposal to Backdoor Encrypted Devices Is Riddled With Vulnerabilities | Jus... - 0 views

www.justsecurity.org/...evices-riddled-vulnerabilities

surveillance state encryption-backdoors Vance tyranny right-to-whisper

shared by Paul Merrell on 11 Dec 15 - No Cached
  • Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.
  • Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.
  • Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.
  • ...8 more annotations...
  • Vance attempts to downplay this serious risk by asserting that anyone can use the “Find My Phone” or Android Device Manager services that allow owners to delete the data on their phones if stolen. However, this does not stand up to scrutiny. These services are effective only when an owner realizes their phone is missing and can take swift action on another computer or device. This delay ensures some period of vulnerability. Encryption, on the other hand, protects everyone immediately and always. Additionally, Vance argues that it is safer to build backdoors into encrypted devices than it is to do so for encrypted communications in transit. It is true that there is a difference in the threats posed by the two types of encryption backdoors that are being debated. However, some manner of widespread vulnerability will inevitably result from a backdoor to encrypted devices. Indeed, the NSA and GCHQ reportedly hacked into a database to obtain cell phone SIM card encryption keys in order defeat the security protecting users’ communications and activities and to conduct surveillance. Clearly, the reality is that the threat of such a breach, whether from a hacker or a nation state actor, is very real. Even if companies go the extra mile and create a different means of access for every phone, such as a separate access key for each phone, significant vulnerabilities will be created. It would still be possible for a malicious actor to gain access to the database containing those keys, which would enable them to defeat the encryption on any smartphone they took possession of. Additionally, the cost of implementation and maintenance of such a complex system could be high.
  • Privacy is another concern that Vance dismisses too easily. Despite Vance’s arguments otherwise, building backdoors into device encryption undermines privacy. Our government does not impose a similar requirement in any other context. Police can enter homes with warrants, but there is no requirement that people record their conversations and interactions just in case they someday become useful in an investigation. The conversations that we once had through disposable letters and in-person conversations now happen over the Internet and on phones. Just because the medium has changed does not mean our right to privacy has.
  • In addition to his weak reasoning for why it would be feasible to create backdoors to encrypted devices without creating undue security risks or harming privacy, Vance makes several flawed policy-based arguments in favor of his proposal. He argues that criminals benefit from devices that are protected by strong encryption. That may be true, but strong encryption is also a critical tool used by billions of average people around the world every day to protect their transactions, communications, and private information. Lawyers, doctors, and journalists rely on encryption to protect their clients, patients, and sources. Government officials, from the President to the directors of the NSA and FBI, and members of Congress, depend on strong encryption for cybersecurity and data security. There are far more innocent Americans who benefit from strong encryption than there are criminals who exploit it. Encryption is also essential to our economy. Device manufacturers could suffer major economic losses if they are prohibited from competing with foreign manufacturers who offer more secure devices. Encryption also protects major companies from corporate and nation-state espionage. As more daily business activities are done on smartphones and other devices, they may now hold highly proprietary or sensitive information. Those devices could be targeted even more than they are now if all that has to be done to access that information is to steal an employee’s smartphone and exploit a vulnerability the manufacturer was required to create.
  • Vance also suggests that the US would be justified in creating such a requirement since other Western nations are contemplating requiring encryption backdoors as well. Regardless of whether other countries are debating similar proposals, we cannot afford a race to the bottom on cybersecurity. Heads of the intelligence community regularly warn that cybersecurity is the top threat to our national security. Strong encryption is our best defense against cyber threats, and following in the footsteps of other countries by weakening that critical tool would do incalculable harm. Furthermore, even if the US or other countries did implement such a proposal, criminals could gain access to devices with strong encryption through the black market. Thus, only innocent people would be negatively affected, and some of those innocent people might even become criminals simply by trying to protect their privacy by securing their data and devices. Finally, Vance argues that David Kaye, UN Special Rapporteur for Freedom of Expression and Opinion, supported the idea that court-ordered decryption doesn’t violate human rights, provided certain criteria are met, in his report on the topic. However, in the context of Vance’s proposal, this seems to conflate the concepts of court-ordered decryption and of government-mandated encryption backdoors. The Kaye report was unequivocal about the importance of encryption for free speech and human rights. The report concluded that:
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online. … States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. Additionally, the group of intelligence experts that was hand-picked by the President to issue a report and recommendations on surveillance and technology, concluded that: [R]egarding encryption, the U.S. Government should: (1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
  • The clear consensus among human rights experts and several high-ranking intelligence experts, including the former directors of the NSA, Office of the Director of National Intelligence, and DHS, is that mandating encryption backdoors is dangerous. Unaddressed Concerns: Preventing Encrypted Devices from Entering the US and the Slippery Slope In addition to the significant faults in Vance’s arguments in favor of his proposal, he fails to address the question of how such a restriction would be effectively implemented. There is no effective mechanism for preventing code from becoming available for download online, even if it is illegal. One critical issue the Vance proposal fails to address is how the government would prevent, or even identify, encrypted smartphones when individuals bring them into the United States. DHS would have to train customs agents to search the contents of every person’s phone in order to identify whether it is encrypted, and then confiscate the phones that are. Legal and policy considerations aside, this kind of policy is, at the very least, impractical. Preventing strong encryption from entering the US is not like preventing guns or drugs from entering the country — encrypted phones aren’t immediately obvious as is contraband. Millions of people use encrypted devices, and tens of millions more devices are shipped to and sold in the US each year.
  • Finally, there is a real concern that if Vance’s proposal were accepted, it would be the first step down a slippery slope. Right now, his proposal only calls for access to smartphones and devices running mobile operating systems. While this policy in and of itself would cover a number of commonplace devices, it may eventually be expanded to cover laptop and desktop computers, as well as communications in transit. The expansion of this kind of policy is even more worrisome when taking into account the speed at which technology evolves and becomes widely adopted. Ten years ago, the iPhone did not even exist. Who is to say what technology will be commonplace in 10 or 20 years that is not even around today. There is a very real question about how far law enforcement will go to gain access to information. Things that once seemed like merely science fiction, such as wearable technology and artificial intelligence that could be implanted in and work with the human nervous system, are now available. If and when there comes a time when our “smart phone” is not really a device at all, but is rather an implant, surely we would not grant law enforcement access to our minds.
  • Policymakers should dismiss Vance’s proposal to prohibit the use of strong encryption to protect our smartphones and devices in order to ensure law enforcement access. Undermining encryption, regardless of whether it is protecting data in transit or at rest, would take us down a dangerous and harmful path. Instead, law enforcement and the intelligence community should be working to alter their skills and tactics in a fast-evolving technological world so that they are not so dependent on information that will increasingly be protected by encryption.
Paul Merrell

M of A - Sistani Orders Turkey Out Of Iraq - Syria Oppo-Conference Fails - 0 views

www.moonofalabama.org/...ria-oppo-conference-fails.html

war & peace Iraq Turkey invasion peace-talks Ahrar-al-Sham

shared by Paul Merrell on 14 Dec 15 - No Cached
  • After the U.S. invasion of Iraq the U.S vice consul Paul Bremer tried to install a handpicked Iraqi government.  The top Shia religious authority in Iraq, Grand Ajatollah Sistani, demanded a democratic vote. The issue was thereby decided. There was no way the U.S could have circumvented Sisitani's edict without a massive revolt by the 65% of Iraqis who are Shia and mostly follow his advice. Bremer had to fold. Now Ajatollah Sistani takes position against the Turkish invasion of Iraq: Iraq's top Shi'ite cleric, Grand Ayatollah Ali al-Sistani, called on the government on Friday to show "no tolerance" of any infringement of the country's sovereignty, after Turkey deployed heavily armed troops to northern Iraq. Sistani's spokesman, Sheikh Abdul Mehdi Karbala'i, did not explicitly name Turkey, but a row over the deployment has badly soured relations between Ankara and Baghdad, which denies having agreed to it. ... "The Iraqi government is responsible for protecting Iraq's sovereignty and must not tolerate and side that infringes upon on it, whatever the justifications and necessities," Karbalai'i said in a weekly sermon. The issue is thereby decided. Turkish troops will have to leave or will have to decisively defeat all Shia of Iraq (and Iran). If Erdogan were smart he would now order the Turkish troops stationed near Mosul to leave Iraq.
  • The Russian President Putin also increased pressure on Turkey: President Vladimir Putin on Friday ordered Russia's armed forces to act in an "extremely tough way" in Syria to protect Russian forces striking Islamic State targets there. "Any targets threatening our (military) group or land infrastructure must be immediately destroyed," Putin said, speaking at a Defence Ministry event. Note to Erdogan: Beware of funny ideas...
  • There was some Syrian opposition conference yesterday in Saudi Arabia were the Saudis tried to bribe everyone to agree on a common position. But the conference failed. Some 116 delegates took part under "international guidance" of their various sponsors. A spokesperson for the al-Qaeda aligned Ahrar al Sham, which closely cooperates with the al-Qaeda entity Jabhat al Nusra in Syria, also took part. No women were present. The conference resulted in the decision to hold another conference. The 116 delegates at the conference decided to select 33 delegates for a conference which would decide on 15 delegates to confer and maybe take part in some negotiations with the Syrian government side. The NYT's Ben Hubbard, who was there, tweeted: Ben Hubbard @NYTBen ...The meeting created yet another new opposition body, a high commission, meant to oversee negotiations. There was debate about how large it should be and what proportion should represent armed groups. Final was 32, changed after meetings to 33. Those 33 now tasked with choosing a 15 person negotiating team. So, yeah, umbrella groups making a new umbrella.
  • ...2 more annotations...
  • The political demands the conference agreed upon include non-starters for negotiations like the demand that the Syrian President Assad would leave within 6 weeks of the negotiations start. There was also this illuminating word game: Islamist delegates objected to using the word “democracy” in the final statement, so the term “democratic mechanism” was used instead, according to a member of one such group who attended the meeting. The Ahrar al-Sham delegate at the meeting signed the deal while the Ahrar al Sham bigwigs, who took not part, damned the deal and announced they were completely against it. They demand an Islamic State in Syria that would follow their militant Salafi line of believe. Hubbard again: Ben Hubbard ‏@NYTBen Re: @Ahrar_Alsham2. It's main delegate did not walk out. Before meeting ended, members not present released statement announcing withdrawal. The session's moderator said Ahrar delegate was not aware of statement by his group until later, but did sign the final communiqué. Then Ahrar members like @aleesa71 and @a_azraeel complained on Twitter, suggesting a split between military and political leaders.
  • The Saudi and Qatari Wahhabi rulers want Ahrar al Sham to be part of any future solution in Syria. They hired "western" think tanks like Brookings Doha to propagandize that Ahrar is "moderate". But Ahrar can not be "moderate" when it is fighting together with al-Qaeda and kills civilians because they are "unbelievers". It is now in an uncomfortable position. If it takes part in a peace conference with the Syrian government its Jabhat al-Nusra ally will roast it, if it doesn't take part its Saudi and Qartari financiers will fry it. Since the start of the war on Syria no unity has been achieved in the opposition of the Syrian government. The U.S., in form of the CIA head John Brennan, teamed up (again) with al-Qaeda while the State Department tried to sponsor more "moderates". The ensuing chaos continues today. To prevent further blowback from this nonsense strategy will obviously require a change towards a position that supports the Syrian government. It is doubtful that the U.S. is capable of such foresight and flexibility.
Paul Merrell

Kerry angers Israel with talk of 'binational state' | TheHill - 0 views

thehill.com/...-with-talk-of-binational-state

war & peace Israel 2-state-solution Kerry Netanyahu

shared by Paul Merrell on 08 Dec 15 - No Cached
  • Secretary of State John Kerry caused consternation in Israel when he said the nation threatens to implode if a two-state solution is not reached with Palestinians, drawing the ire of Prime Minister Benjamin Netanyahu.“Israel will not be a binational state,” Netanyahu said emphatically at the opening of his weekly cabinet meeting on Sunday, according to the Times of Israel.Kerry warned Israel that the collapse of the Palestinian Authority (PA) threatens to destabilize the nation.ADVERTISEMENT“If there is a risk that the PA could collapse — and it is in Israel’s interest for it to in fact survive, as the prime minister suggested — should more therefore not be done to sustain it?” Kerry said in a Saturday speech at the Brookings Institution in Washington, D.C., on Saturday.“The one-state solution is no solution at all for a secure, Jewish, democratic Israel living in peace. It is simply not a viable option,” he added.
  • He said a two-state solution is possible only if both sides want peace.“But in order for there to be peace, the other side must decide that they also want peace, and unfortunately that is not what we are seeing,” he said on Sunday.
Paul Merrell

US Invasion of Syria Begins | nsnbc international - 0 views

nsnbc.me/...us-invasion-of-syria-begins

war & peace U.S.-foreign-policy Syria boots-on-the-ground

shared by Paul Merrell on 31 Oct 15 - No Cached
  • As previously warned about in June of 2015, the United States has announced that it will officially begin ground operations in Syria through the use of special forces. The Washington Post in its article, “Obama seeks to intensify operations in Syria with Special Ops troops,”would report that:
  • President Obama is sending a small number of Special Operations troops to northern Syria, marking the first full-time deployment of U.S. forces to the chaotic country.  The mission marks a major shift for Obama, whose determination to defeat the Islamic State in Iraq and Syria has been balanced by an abiding worry that U.S. troops not be pulled too deeply into the in­trac­table Syrian conflict.  The latest deployment will involve fewer than 50 Special Operations advisers, who will work with resistance forces battling the Islamic State in northern Syria but will not engage in direct combat, Obama administration officials said.
  • Unfortunately for US policymakers, it is no longer only Syria that US special forces and accompanying airpower must worry about. Russia, by invitation of Damascus, is now operating militarily across Syria, including along Turkey’s border where the US has long sought to establish its “safe zones.” The US has openly committed to the invasion and occupation of Syrian territory. It does so with the intent of carving Syria up into a series of dysfunctional, weak zones to literally “deconstruct” Syria as a functioning nation-state. It is doing this unable to cite any credible threat Syria poses to US national security and without any semblance of a mandate granted by the United Nations. It also does so with the prospect of triggering direct war with nuclear-armed Russia in a region Russia is operating legally.
  • ...3 more annotations...
  • While the US claims this move is to “defeat the Islamic State (ISIS),” it is instead clearly a move to establish long-sought “buffer zones” or “safe zones” in Syria where the Syrian government can no longer operate. US airpower will also undoubtedly be used to cover these special forces, creating a defacto no-fly-zone wherever they operate. The map accompanying the Washington Post article clearly shows ISIS territory straddling the last remaining supply corridor being used to supply the terror group as well as others including Al Qaeda’s al Nusra Front from NATO-member Turkey’s territory. US special forces will likely begin operating in these areas, and zones carved out as US operations expand. The eventual outcome, if these operations are successful, will be the division and destruction of Syria as a nation-state. This is more than mere speculation – this is a conclusion drawn by signed and dated policy papers produced by the Brookings Institution, who has called for such zones since as early as 2012, but under different contrived pretexts.
  • America’s latest actions are a desperate move sought by an increasingly hysterical political and corporate-financier establishment in Washington and on Wall Street. Recent hearings conducted by the US Senate Committee on Armed Services have struggled to produce a credible response to America’s unraveling criminal conspiracy aimed at Syria, particularly in the wake of Russia’s recent intervention. The committee and witnesses brought before it, have struggled to formulate a response – however – no-fly-zones and US troops on the ground have been discussed at length. It is a poorly calculated bluff. The presence of US special forces and US airpower operating illegally in and above Syria, meant to deny Syria access to its own territory will take time to implement. The official number of US special forces being sent into Syria is said to not exceed 50. Syria and its allies could insert an equal or larger number of forces into these same areas to essentially create a “safe zone” from “safe zones.” Bringing America’s illegal actions before the UN would also be a sound measure ahead of potential confrontations with US forces operating uninvited in Syria. The premise that ISIS must be fought and defeated by striking them in Iraq and Syria is betrayed by America’s own admission that the organization has already spread far beyond the borders of either nation. ISIS is clearly not supporting itself on the limited resources found within either country. Were the US truly interested in stopping ISIS, it would strike at its sponsors in Ankara and Riyadh. Of course, it was clear, well over a year ago, that the appearance of ISIS would be used intentionally to accomplish US geopolitical objectives in both Syria and Iraq, serving as a pretext for wider, long-sought after direct Western military intervention.
  • The myth that dividing and destroying Syria while deposing its sitting government will somehow alleviate the violence in Syria and reduce the ongoing migrant crisis Europe faces, is betrayed by the fact that a similar premise used to sell intervention in Libya has only led to greater chaos in North Africa, and the creation of the migrant crisis in the first place. If the world, including Europe, seeks to prevent the spread of ISIS and the expansion of an already growing migrant crisis, stopping the United States and its partners before they create another “Libya” in the Levant must become top priority. And while it is unlikely that Europe will show any resolve in doing so, it would be hoped that Syria and its allies realize the consequences of failing now, at this juncture, and to whom’s borders the chaos will attempt to cross over into next.
« First ‹ Previous 41 - 44 of 44
Showing 20 items per page