Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Submission + - Questioning The Dispute over Key Escrow ->

Nicola Hahn writes: "The topic of key escrow encryption has once again taken center stage as former Secretary of Homeland Security Michael Chertoff has spoken out against key escrow both at this year’s Aspen Security Forum and in an op-ed published recently by the Washington Post. However the debate over cryptographic back doors has a glaring blind spot. As the trove of leaks from Hacking Team highlights, most back doors are implemented using zero-day exploits. Keep in mind that the Snowden documents reveal cooperation across the tech industry, on behalf of the NSA, to make products that were "exploitable". Hence, there are people who question whether the whole discussion over key escrow includes an element of theater. Is it, among other things, a public relations gambit, in the wake of the PRISM scandal, intended to cast Silicon Valley companies as defenders of privacy?"
Link to Original Source

Submission + - James Bamford Exposes The NSA's 9/11 Cover-Up

Nicola Hahn writes: Back in March of 2000, one of the 9/11 hijackers called Osama bin Laden’s operation center in Yemen from his apartment in San Diego. For some reason the call was never investigated. Former NSA director Michael Hayden, in an interview with Frontline, claimed that the NSA was unable to determine that the phone call had originated from San Diego. He used this same explanation to help justify the bulk phone record collection program that was implemented under Section 215 of the Patriot Act. Thanks to James Bamford and a handful of NSA whistleblowers we know that Hayden was lying. The NSA was well aware of the caller’s identity and his location. The fact that intelligence officials didn’t follow up on this raises all sorts of disturbing questions.

Submission + - Does Edward Snowden Trust Apple to Do the Right Thing?->

Nicola Hahn writes: As American lawmakers run a victory lap after passing the USA Freedom Act of 2015, Edward Snowden has published an op-ed piece which congratulates Washington on its "historic" reform. He also identifies Apple Inc. as a champion of user privacy. Snowden states:

"Basic technical safeguards such as encryption — once considered esoteric and unnecessary — are now enabled by default in the products of pioneering companies like Apple, ensuring that even if your phone is stolen, your private life remains private."

This sort of talking point encourages the perception that Apple has sided with users in the battle against mass surveillance. But there are those who question Snowden's public endorsement of hi tech monoliths. Given their behavior in the past is it wise to assume that corporate interests have turned over a new leaf and won't secretly collaborate with government spies?

Link to Original Source

Submission + - The CIA and The White House Lied about bin Laden's Assassination->

Nicola Hahn writes: The journalist who broke the story of the CIA's MHCHAOS program back in 1974 has just dropped another bombshell in the London Review of Books. According to a retired senior intelligence officer the CIA's narrative about torture playing a key role in the capture of Osama bin Laden is a fabrication fed to the public with the assistance of Hollywood executives (Zero Dark Thirty). Here's an excerpt of assertions:

"That bin Laden had been a prisoner of the ISI at the Abbottabad compound since 2006; that Kayani and Pasha knew of the raid in advance and had made sure that the two helicopters delivering the Seals to Abbottabad could cross Pakistani airspace without triggering any alarms; that the CIA did not learn of bin Laden’s whereabouts by tracking his couriers, as the White House has claimed since May 2011, but from a former senior Pakistani intelligence officer who betrayed the secret in return for much of the $25 million reward offered by the US, and that, while Obama did order the raid and the Seal team did carry it out, many other aspects of the administration’s account were false."

This puts the CIA's stance on the torture report in a whole new light. Doesn't it? Also note the role played by the Saudis, and how worried they were that bin Laden might "start talking to us about what the Saudis had been doing with al-Qaida. And they were dropping money – lots of it."

Link to Original Source

Submission + - Patriot Act Reform: Don't Crack Open the Champagne Yet->

Nicola Hahn writes: While congress considers the merits of the USA Freedom Act of 2015, a bill which revises the business records provisions of the Patriot Act, a panel of judges in a federal appeals court has just thrown a clump of sand into the gears of the global panopticon. Overturning an earlier ruling, where federal judges dismissed a lawsuit filed by the ACLU, the United States Court of Appeals for the Second Circuit has ruled that the NSA’s bulk collection of telephone metadata is illegal. Yet there are unnamed intelligence officials who would probably refer to this as “hardly a change” as there are other, more sweeping, surveillance mandates (e.g. Section 702 and Executive Order 12333) that are still legal.
Link to Original Source

Submission + - Hacking Team's Malware Is a Symptom of a Larger Problem

Nicola Hahn writes: The RSA conference is underway in San Francisco this week and a myriad of vendors are extolling the virtues of encryption-based corporate security products. Yet a series of recently published documents detail how the DEA and U.S. Army used Hacking Team’s Remote Control System (RCS) technology to subvert encryption and make off with sensitive data.

There are high-profile experts who believe that this sort of clandestine subversion is “perfectly reasonable” just so long as spying campaigns are carefully targeted. Yet Hacking Team’s RCS product is designed for mass deployment against hundreds of thousands of people. Hardly what could be called “targeted.” This raises important questions about the role of the private sector in mass surveillance. Some researchers would argue that mass surveillance is fundamentally driven by corporate interests. As Ed Snowden put it, “these programs were never about terrorism: they're about economic spying, social control, and diplomatic manipulation.” Cui Bono?

Submission + - Linking The War on Terror to the War on Drugs

Nicola Hahn writes: As news of the DEA’s clandestine phone record collection program emerges into public view an article published by The Atlantic highlights the links and recurring themes between the so called long war (the global war on terror) and the global war on drugs:

“Both are brutally expensive and arguably un-winnable. And in both cases, use of the word ‘war’ is a deliberate and calculated language choice. Americans are taught that a war is something an entire nation must fight, and something that requires sacrifice for the greater good. Considered in the context of government surveillance, both ‘wars’ are euphemisms for a specific kind of government rationalization.”

Indeed it’s not surprising that the word “cyberwar” has likewise been conspicuously wielded by officials in a deliberate effort to both enhance government control and channel hundreds of billions of dollars to the patronage networks of the defense industry.

Submission + - Government Spies Admit that Cyber Armageddon is Unlikely

Nicola Hahn writes: NSA director Mike Rogers spoke to a Senate Committee yesterday, admonishing them that the United States should bolster its offensive cyber capabilities to deter attacks. Never mind that deterrence is problematic if you can’t identify the people who attacked you.

In the past a speech by a spymaster like Rogers would have been laced with hyperbolic intimations of the End Times. Indeed, for almost a decade mainstream news outlets have conveyed a litany of cyber doomsday scenarios on behalf of ostensibly credible public officials. So it’s interesting to note a recent statement by the U.S. intelligence community that pours a bucket of cold water over all of this. According to government spies the likelihood of a cyber Armageddon is “remote.” And this raises some unsettling questions about our ability to trust government officials and why they might be tempted to fall back on such blatant hyperbole.

Submission + - Mass Surveillance: Can We Blame It All On The Government?

Nicola Hahn writes: Yet another news report has emerged detailing how the CIA is actively subverting low-level encryption features in mainstream hi-tech products. Responding to the story, an unnamed intelligence official essentially shrugged his shoulders and commented that “there's a whole world of devices out there, and that's what we're going to do.” Perhaps this sort of cavalier dismissal isn’t surprising given that leaked classified documents indicate that government intelligence officers view iPhone users as ‘Zombies’ who pay for their own surveillance.

The past year or so of revelations paints a pretty damning portrait of the NSA and CIA. But if you read the Intercept’s coverage of the CIA’s subversion projects carefully you’ll notice mention of Lockheed Martin. And this raises a question that hasn’t received much attention: what role does corporate America play in all of this? Are American companies simply hapless pawns of a runaway national security state? Ed Snowden has stated that mass surveillance is “about economic spying, social control, and diplomatic manipulation. They're about power.” A sympathy which has been echoed by others. Who, then, stands to gain from mass surveillance?

Submission + - Is Cyber Arms Control a Lost Cause? ->

Nicola Hahn writes: In light of a classified document regarding state-sponsored cyber ops the editorial board at the New York Times has suggested that the most constructive approach to reducing the spread of cyber threats would be to “accelerate international efforts to negotiate limits on the cyberarms race, akin to the arms-control treaties of the Cold War.”

While such advice is by all means well-intentioned there are significant differences between nuclear weapons and malware that would make treaty verification problematic. Not to mention that the history of the Cold War itself illustrates that certain countries viewed arms control treaties as an opportunity to secretly race ahead with their own covert weapons programs. Rather than take on the Sisyphean task of trying to limit the development of offensive cyber technology, why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?

Link to Original Source

Submission + - OPSEC for Activists, Because Encryption Is No Guarantee ->

Nicola Hahn writes: In the wake of the Snowden revelations strong encryption has been promoted by organizations like The Intercept and Freedom of the Press Foundation as a solution for safeguarding privacy against the encroachment of Big Brother. Even President Obama acknowledges that “there’s no scenario in which we don’t want really strong encryption.”

Yet the public record shows that over the years the NSA has honed its ability to steal encryption keys. Recent reports about the compromise of Gemalto’s network and sophisticated firmware manipulation programs by the Office of Tailored Access Operations underscore this reality.

The inconvenient truth is that the current cyber self-defense formulas being presented are conspicuously incomplete. Security tools can and will fail. And when they do, what then? It’s called Operational Security (OPSEC), a topic that hasn’t received much coverage. Until now.

Link to Original Source

Submission + - Strong Encryption Will Not Protect You from The NSA-> 2 2

Nicola Hahn writes: This past October FBI director James Comey proposed that hi-tech companies implement key escrow encryption as a way for online service providers to give law enforcement officials access to user data. However in a recent interview President Obama reassured viewers that "There's no scenario in which we don’t want really strong encryption." To an extent this echoes Ed Snowden’s assertion that “Properly implemented strong crypto systems are one of the few things that you can rely on.”

Unfortunately a report released by Moscow-based anti-virus vendor Kaspersky reveals that even strong cryptograph might not be enough. It would appear that the NSA was has poured its vast resources into hacking hardware platforms across the board, creating firmware exploits that allow U.S. spies to “capture a machine’s encryption password, store it in ‘an invisible area inside the computer’s hard drive’ and unscramble a machine’s contents.”

While these sophisticated subversion programs afford the intelligence community with an impressive array of collection tools, no doubt with more than a little help from the private sector, there are people who view this as sacrificing society’s collective security on behalf of murky clandestine objectives. In other words: it’s no accident that cyber security sucks, it’s a matter of official policy. Perhaps we should be surprised that more banks don’t get hacked?

Link to Original Source

Submission + - What Will It Take to End Mass Surveillance? ->

Nicola Hahn writes: Both the White House and the U.S. Intelligence Community have recently announced reforms to surveillance programs sanctioned under Section 215 of the Patriot Act and Section 702 of the Foreign Intelligence Surveillance Act. But do these reforms represent significant restructuring or are they just bureaucratic gestures intended to create the perception that officials are responding to public pressure?

The Executive’s own Privacy and Civil Liberties Oversight Board has written up an assessment of reform measures implemented by the government. For those who want a quick summary the Board published a fact sheet which includes a table listing recommendations made by the board almost a year ago and corresponding reforms. The fact sheet reveals that the Board’s mandate to “end the NSA’s bulk telephone records program” has not been implemented.

In other words, the physical infrastructure of the NSA’s global panopticon is still in place. In fact, it’s growing larger. So despite all of the press statements and associated media buzz very little has changed. There are people who view this as an unsettling indication of where society is headed. Ed Snowden claimed that he wanted to “trigger” a debate, but is that really enough? What will it take to tear down Big Brother?

Link to Original Source

Submission + - The Sony Incident Reveals Mass Media Groupthink->

Nicola Hahn writes: In the past several days stalwarts of the corporate media like the New York Times, Wall Street Journal, and Washington Post have all cited unnamed officials claiming that North Korea is responsible for the recent attack on Sony. They have done so with very little visible skepticism. There is one exception: Kim Zetter at Wired has decried the evidence as flimsy and vocally warns about the danger of jumping to conclusions. Surely we all remember high-ranking, ostensibly credible, officials warning about the smoking gun that comes in the form of a mushroom cloud? This underscores the ability of the agenda-setting elements of the press to frame issues and control the acceptable limits of debate. Some would even say that what’s happening reveals tools of modern social control.
Link to Original Source

Submission + - Glenn Greenwald Neglects the Lessons of Cypherpunk History->

Nicola Hahn writes: Over the course of the Snowden revelations there have been a number of high profile figures who've praised the merits of encryption as a remedy to the quandary of mass interception. Companies like Google and Apple have been quick to publicize their adoption of cryptographic countermeasures in an effort to maintain quarterly earnings. This marketing campaign has even convinced less credulous onlookers like Glenn Greenwald. For example, in a recent Intercept piece Greenwald claimed:

"It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive."

So while he concedes the role of public relations in the ongoing cyber security push Greenwald concurrently believes that encryption is a "genuine" countermeasure. In other words, what we're seeing is mostly marketing hype... except for the part about strong encryption.

With regard to the promise of encryption as a privacy cure-all, history tells a markedly different story. Guarantees of security through encryption have often proven illusory, a magic act. There are subtle currents flowing beneath the surface of the body politic and seeking refuge in a technical quick fix can be hazardous for a number of reasons.

Link to Original Source

A slow pup is a lazy dog. -- Willard Espy, "An Almanac of Words at Play"

Working...